Tuesday, April 5, 2011

iPhone Data Security

iPhone Data Security
Data security for the iPhone Application should be considered during storage on the iPhone and also during transit over the network.

Data protection during storage.
By default all the data (FDE – Full Disk Encryption) on the iPhone is encrypted using AES encryption algorithm. The key for the same is stored in the iPhone. This feature was introduced in iPhone 3GS and is based on the hardware based encryption. This feature was introduced to enable instantaneous wipeout of the data on the iPhone. By wiping out the key used for the encryption on the iPhone rather than overwriting every bit on the iPhone device, the data on the iPhone was made unusable.

The key used for encrypting the data on the iPhone is not encrypted. There were scenarios where people with knowledge of iPhone and encryption were able to retrieve the key from the iPhone and decrypt all the data on the iPhone (http://www.zdziarski.com/blog/?p=516). This was the weakness with the data encryption using FDE in iPhone 3GS.

With the release of iOS 4 Apple introduced Data Protection feature, a substantial improvement in the security design of iPhone. A combination of the Device Key, User Passcode Key, File System Key and File Key are used to protect the data on the iPhone. This can be called TFA (Two Factor Authentication). TFA is based on ‘what you know’ and ‘what you have’. In case of the Data Protection feature, ‘what you know’ is the User Passcode key and ‘what you have’ are the remaining keys.

The User Passcode Key is dynamically generated from the Passcode when the User enters the Passcode to unlock the device. The User Passcode key is wiped out when the device is locked.
If an iPhone is lost and a hacker is able to access the data on the iPhone, he/she won’t be able to decrypt the data on the iPhone because the User Passcode key is dynamically generated from the Passcode and is not there on the iPhone.

Some of the limitations of the Data Protection feature are
1.Hardware encryption should be supported in the iPhone device.

2.For users who are upgrading from iOS 3 to iOS 4 the Data Protection feature is not available. To make this feature available, the device has to be restored.


3.Application files are individually encrypted in Data Protection feature, so the developer has to implement Data Protection API’s in the application, otherwise the data is not protected in the iPhone.

When Data Protection is enabled on a device, for greater security the application can mark a file as protected.


More information about the Data Protection features and the limitations can be found at
http://developer.apple.com/videos/wwdc/2010/ (Session 209 - Securing Application Data.mov)

Data protection during transit
Secure access to private networks is supported on iOS 4 using Cisco IPSec, L2TP over IPSec, Juniper, F5, and Cisco SSL VPN, and PPTP virtual private network protocols. SSL VPN requires an app from F5 Networks, Cisco, or Juniper Networks to be installed on the iPhone. These applications are Junos Pulse from Jupiter, Cisco AnyConnect from Cisco and F5 BIG-IP Edge Client from F5 which can be downloaded for free from the Apple AppStore.

  • Junos Pulse - http://itunes.apple.com/us/app/junos-pulse/id381348546
  • Cisco AnyConnect - http://itunes.apple.com/us/app/cisco-anyconnect/id392790924
  • F5 Big IP Edge Client - http://itunes.apple.com/us/app/f5-big-ip-edge-client/id411062210
VPN connection can be established on-demand (for certificate based authentication like Cisco IPSec). For VPN on-demand the domains which require VPN connection should be specified in the configuration profile by using the iPhone Configuration Utility or using one of the 3 applications mentioned above and the VPN connection is automatically established while establishing a connection to that particular domain.

For non-certificate based authentication like RSA SecureID and CryptoCard, the configurations for the VPN connection (like the VPN Server, Login details, Protocol) should be specified in the configuration profile using the iPhone Configuration Utility or using one of the 3 applications mentioned above and then the connection should be established before the application tries to establish a connection to a domain which requires VPN connection.

When an iPhone uses VPN then the entire tunnel need not be encrypted. If the entire tunnel is encrypted then it caused unnecessary load on the VPN Server. Split Tunneling can be used to allow only certain traffic to pass through the VPN tunnel. Based on the VPN Server used the appropriate settings have to be done on the VPN Server and the iPhone also should be enabled for Split Tunneling in the VPN Settings.


Although there are applications from Cisco, Juniper and F5 which can establish VPN connections, the VPN API is not documented by Apple. So, it’s not possible to check if a VPN connection is established or not when the application is launched. So, a regular check for a connection to a particular domain has to be done and the user should be prompted to establish a connection and then launch the application.

iPhone Configuration Utility
Configuration profiles are XML files that contain device security policies and restrictions, VPN configuration information, Wi-Fi settings, email and calendar accounts, and authentication credentials that permit iPhone, iPod touch, and iPad to work with enterprise systems.

Configuration profiles can be easily installed on devices connected to a computer via USB using iPhone Configuration Utility or by distributing profiles through email and webpage.
Configuration profiles can be encrypted and signed, which lets you restrict their use to a specific device and prevents anyone from changing the settings that a profile contains. You can also mark a profile as being locked to the device, so once installed, it can be removed only by wiping the device of all data, or optionally, by entering a Passcode.

iPhone Configuration Utility lets you easily create, encrypt and install configuration profiles, track and install provisioning profiles and authorized apps, and capture device information, including console logs.


No comments:

Post a Comment