iOS 4: Data protection, hardware encryption and other insight

For quite a while I’ve been trying to figure out the whole truth about hardware encryption, data protection and keychain protection on iOS4 in combination with iPhone 3GS, iPhone 4 or iPad.

Starting with iPhone 3GS a hardware encryption chip is build into the device. Great! But what does it mean to me as a developer? How can I make use of all of this encrypting and masquerading?

First off, one needs to understand how all the encryption business works on iOS devices.

Best thing to do is to watch Episode 209: “Securing Application Data” from Apple’s WWDC 2010 conference (http://developer.apple.com/videos/wwdc/2010/) – note that you have to be a registered iOS developer to access the videos.

Next, navigate to http://anthonyvance.com/blog/forensics/ios4_data_protection/ and read the infos there.

Then understand the iOS devices’ different folders by going through this document 

Now you’re set.

For me a few questions remained unanswered even after watching the video and reading dozens of articles on the web. I will try to answer them now as good as I can using my findings:

  1. The keychain allows defining a class “available when unlocked, this  device only” which prevents a keychain record from getting transferred  to another device using backup/restore. To my understanding there is  nothing similar for files, or is there? How can I prevent FILE data being restored on another device?
  2. NSData allows storing files with protection and NSFileManager allows changing the security class of an existing file. I wonder if there are any disadvantages if I first store the file unencrypted and the use NSFileManager to change the class?
  3. If the user does not specify a PIN or passcode, there does not seem to be real protection. Does that mean, data is encrypted using the device key only, as introduced with the 3GS?
  4. If I change my PIN, what has to be re-encrypted by the OS? All of the encrypted files?
  5. Is there evidence that a PIN/or password protected device’s content  which was protected using the “protect always” has been successfully  hacked?
  6. My device contains files which are stored in encrypted format. If  now I make a backupof my device in iTunes and do not select to encrypt  and password protect that backup, are my backed up files still which were encrypted on the device still secure?

Continue reading

Advertisements

iOS: Store passwords in the keychain using MonoTouch / Xamarin.iOS

I have just updated this post a bit. Storing a password now supports data encryption. This means you can specify when the stored password is accessible (e.g. only if the device is unlocked).

After searching the web a lot I could not find a resource providing examples on how to store a password securely on an iOS device. StackOverflow.com pointed me to the iOS’s KeyChain and I found this example which does the magic using ObjectiveC:https://github.com/ldandersen/scifihifi-iphone/

As I want to give the community something back I offer a MonoTouch implementation inspired by to code referenced above for download here.

My code contains three static methods:

/// <summary>
/// Deletes a username/password record.
/// </summary>
/// <param name="sUsername">the username to query. May not be NULL.</param>
/// <param name="sService">the service description to query. May not be NULL.</param>
/// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns>
public static SecStatusCode DeletePasswordForUsername ( string sUsername, string sService )
/// <summary>
/// Sets a password for a specific username.
/// </summary>
/// <param name="sUsername">the username to add the password for. May not be NULL.</param>
/// <param name="sPassword">the password to associate with the record. May not be NULL.</param>
/// <param name="sService">the service description to use. May not be NULL.</param>
/// <param name="eSecAccessible">defines how the keychain record is protected</param>
/// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns>
public static SecStatusCode SetPasswordForUsername ( string sUsername, string sPassword, string sService, SecAccessible eSecAccessible )

/// <summary>
/// Gets a password for a specific username.
/// </summary>
/// <param name="sUsername">the username to query. May not be NULL.</param>
/// <param name="sService">the service description to use. May not be NULL.</param>
/// <returns>
/// The password or NULL if no matching record was found.
/// </returns>
public static string GetPasswordForUsername ( string sUsername, string sService )

You can find the demo project on Github: https://github.com/Krumelur/iOSPasswordStorage