iOS Encryption Systems - Deploying iOS Devices in Security-critical Environments

Peter Teufl, Thomas Zefferer, Christof Stromberger, Christoph Hechenblaikner

2013

Abstract

The high usability of smartphones and tablets is embraced by consumers as well as the private and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are the encryption systems, which are deployed in most current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered by the security officer. As the first part in a series of papers, this work analyzes the deployment of the iOS platform and its encryption systems within a security-critical context from a security officer’s perspective. Thereby, the different sub-systems, the influence of the developer, the applied configuration, and the susceptibility to various attacks are analyzed in detail. Based on these results we present a workflow that supports the security officer in analyzing the security of an iOS device and the installed applications within a security-critical context. This workflow is supported by various tools that were either developed by ourselves or are available from other sources.

References

  1. Apple (2012). iOS Security. Technical Report May, Apple Inc.
  2. Bedrune, J.-B. and Sigwald, J. (2011). iPhone data protection in depth. Technical report, Sogeti / ESEC.
  3. Belenko, A. and Sklyarov, D. (2011). Evolution of iOS Data Protection and iPhone Forensics : from iPhone OS to iOS 5.
  4. Chen, Y. C. Y. and Ku, W.-S. K. W.-S. (2009). SelfEncryption Scheme for Data Security in Mobile Devices.
  5. Foresman, C. (2012). Apple holds the master decryption key when it comes to iCloud security, privacy, http://arstechnica.com/apple/2012/04/apple-holdsthe-master-key-when-it-comes-to-icloud-securityprivacy/.
  6. Goodin, D. (2013). After leaving users exposed, Apple fully HTTPS-protects iOS App Store, http:// arstechnica.com/security/2013/03/after-leavingusers-exposed-apple-finally-https-protects-ios-appstore/.
  7. Heider, J. and Khayari, R. E. (2012). iOS Keychain Weakness FAQ - Further Information on iOS Password Protection.
  8. Hoog, A. and Strzempka, K. (2011). iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress.
  9. Infosec Institute (2012a). Forensic analysis of iPhone backups, http://www.exploit-db.com/wp-content/themes/ exploit/docs/19767.pdf. Technical report.
  10. Infosec Institute (2012b). iPhone Forensics Analysis of iOS 5 backups, http://resources.infosecinstitute.com/ ios-5-backups-part-1/. Technical report, Infosec Institute.
  11. Kaliski, B. (2000). PKCS #5: Password-Based Cryptography Specification Version 2.0.
  12. Pandya, V. R. (2008). IPHONE SECURITY ANALYSIS. Journal of Information Security, 1(May):74-87.
  13. Paul, M., Chauhan, N. S., and Saxena, A. (2011). A security analysis of smartphone data flow and feasible solutions for lawful interception.
  14. Shurui, L. S. L., Jie, L. J. L., Ru, Z. R. Z., and Cong, W. C. W. (2010). A Modified AES Algorithm for the Platform of Smartphone.
  15. Zovi, D. A. D. (2011). Apple iOS 4 Security Evaluation.
Download


Paper Citation


in Harvard Style

Teufl P., Zefferer T., Stromberger C. and Hechenblaikner C. (2013). iOS Encryption Systems - Deploying iOS Devices in Security-critical Environments . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 170-182. DOI: 10.5220/0004526201700182


in Bibtex Style

@conference{secrypt13,
author={Peter Teufl and Thomas Zefferer and Christof Stromberger and Christoph Hechenblaikner},
title={iOS Encryption Systems - Deploying iOS Devices in Security-critical Environments},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={170-182},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004526201700182},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - iOS Encryption Systems - Deploying iOS Devices in Security-critical Environments
SN - 978-989-8565-73-0
AU - Teufl P.
AU - Zefferer T.
AU - Stromberger C.
AU - Hechenblaikner C.
PY - 2013
SP - 170
EP - 182
DO - 10.5220/0004526201700182