iPhone data protection in depth - Sogeti ESEC Lab

More documents

Recommendations

Info

IntroductionData protectionStorage encryptioniTunes BackupsConclusionIntroductionEffaceable areaHFS Content ProtectionHFSExplorerData WipeiPhone storageIntroduction• iPhone 3GS and below use NOR + NAND memory• Newer devices only use NAND (except iPad 1)• NAND encryption done by DMA controller (CDMA)• Software Flash Translation Layer (FTL)• Bad block management, wear levelling• Only applies to filesystem areaNAND terminology• Page : read/write unit• Block : erase unitiPhone data protection in depth 30/59
IntroductionData protectionStorage encryptioniTunes BackupsConclusionIntroductionEffaceable areaHFS Content ProtectionHFSExplorerData WipeFilesystem encryptionAlgorithm• AES in CBC mode• Initialization vector depends on logical block number• Hardcoded key for system partition (f65dae950e906c42b254cc58fc78eece)• 256 bit key for data partition (EMF key)IV computationvoid iv_for_lbn ( unsigned long lbn , unsigned long *iv){for ( int i = 0; i < 4; i ++){if(lbn & 1)lbn = 0 x80000061 ^ ( lbn >> 1);elselbn = lbn >> 1;iv[i] = lbn ;}}iPhone data protection in depth 31/59
Page 6 and 7: iOS 4Data protectionIntroductionDat
Page 8 and 9: IntroductionData protectionStorage
Page 15 and 16: Class keys identifiersIntroductionD
Page 19 and 20: KeychainIntroductionData protection
Page 25 and 26: Bruteforce attackIntroductionData p
Page 29: PlanIntroductionData protectionStor
Page 37 and 38: Effaceable areaIntroductionData pro
Page 41 and 42: HFS Content ProtectionIntroductionD
Page 47 and 48: PlanIntroductionData protectionStor
Page 51 and 52: Database formatIntroductionData pro
Page 53 and 54: Backup keychainIntroductionData pro
Page 55 and 56: PlanIntroductionData protectionStor
Page 59: IntroductionData protectionStorage

iPhone data protection in depth - Sogeti ESEC Lab

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?