July 27, 2012, 10:52 AM — A top Apple security guru Thursday presented an in-depth view into the security architecture for iOS, the basis of iPhones and iPad tablets, underscoring the complex certificate-based encryption framework Apple has adopted.
Our attitude is security is an architecture, said Apple platform security manager Dallas De Atley, adding, Its not something you sprinkle over your code when its done.
MORE BLACK HAT: Which do you trust less with your data, the U.S. government or Google?
SLIDESHOW: Quirkiest Black Hat security conference moments
In a description of how secure boot processes work, De Atley pointed out that firmware in each iOS device is digitally signed by Apple as part of the manufacturing process. But thats just the start of a certificate encryption-based system Apple uses to try and prevent its products from becoming exploited if vulnerabilities are discovered and need to be remedied. Encryption is also embedded to enable users to take advantage of classes of encryption on their devices, according to De Atley.
By hitting a lock button, users can ensure their mail messages are encrypted at rest on the device, said De Attley. Files can also be automatically encrypted and not opened until a user enters a passcode.
The encryption classes include Complete Protection, where a passcode is required to decrypt; Protected with First Unlock, which De Atley said works like full-disk encryption on the desktop; and lastly, simply No Protection from the encryption mechanism if thats whats desired.
He said Apple has made additional efforts, including entangling the passcode with the devices unique identifier to try and deter attackers from making brute-force attacks. Other safeguards include enabling the device to automatically wipe after 10 failed attempts to enter a passcode.
The cryptography for this is fairly complicated, said DeAtley about the iOS design, which also includes the concept of a keybag that lives on the device all the time for maintaining Class keys.
Apple has built encryption based on the 256-bit Advanced Encryption standard and the Secure Hash Algorithm into its processors. De Atley said neither Apple nor the manufacturers know the unique identifier, a safeguard he says makes sure the user has maximum protection. Apple maintains a global key as a top control point.
