Apple iOS Encryption

Apple has announced that with iOS8, which was made available to the public on September 17, Apple no longer stores the encryption key of the device so that the device can be unlocked by law enforcement. This encryption architecture is important for the corporate reader to understand, to help protect corporate assets.

So I thought I would look at iOS7 Apple device encryption and see if I could explain to you how it works. Then in another post we can compare that with iOS8, to see what has changed.

The first thing that is odd, is reading the security architecture documents Apple says that with iOS7 they already do not store the device unique ID (UID) which is printed on the silicon processor along with the device group ID (GID) and Apple’s root certificate when the phone is manufactured. In addition to encrypting data files on the phone, this layout makes sure that Apple’s iOS cannot run on any device not manufactured by Apple. Apple says that “the GID is common to all processors in a class of devices…,” which could seem to suggest that the only thing unique about your particular phone or tablet is the UID and they do not keep a copy of that, so how do they hand that over to the police?

Apple calls its technology to encrypt on its flash memory storage Data Protection. Apple devices use flash memory for storage.

File metadata is encrypted on the device by a key calculated from a random number chosen when iOS is first installed. When the user wipes the phone, this erases the metadata key thus rendering all files unreadable, without actually erasing the files. Because the iPad and iPhone use flash storage, it could be necessary to erase more than one copy of the file system key, since with flash storage there is memory fatigue which causes data to be written more once to ensure integrity, plus to update data with flash storage the operating system writes a new copy of that and marks the old data as stale. There is no update as with magnetic disk. Apple’s technology for managing storage and to make sure all of the keys are wiped when needed is called Effaceable Storage.

All the files on the iPhone are store with a device protection class, which ramps up depending on the sensitivity of the data. The files are encrypted on a per-file basis. Some device protection classes use the passcode (entered by the user) to encrypt the file together with the UID. So do not. That means some files can be decrypted without having the user entered their passcode.

Apple’s passcode is either a 4 digit alphanumeric string enter when the user unlocks the phone or a number generated from the thumbprint reader as in the iPhone 5S. A thumbprint can create a much longer password than 4 digits because the pattern of ridges on the thumb can create a number longer than 4 characters. To make attacking the device by brute force practically impossible, Apple’s algorithm to verify the password is designed to wait an additional 80 milliseconds to each time someone enters the wrong passcode. So it is a geometric progression of 80 milliseconds raised to some power. Entering all possible 4 character combinations (There are 36^4 of those.) would take 5 1/2 years.

I do not remember the name of the product, but a German company has developed a $5 million system that they sell to espionage services to hack cell phones. They say they cannot hack the iPhone 5.