Презентация на тему Cracking and Analyzing Apple iCloud

Презентация на тему Презентация на тему Cracking and Analyzing Apple iCloud, предмет презентации: Разное. Этот материал содержит 38 слайдов. Красочные слайды и илюстрации помогут Вам заинтересовать свою аудиторию. Для просмотра воспользуйтесь проигрывателем, если материал оказался полезным для Вас - поделитесь им с друзьями с помощью социальных кнопок и добавьте наш сайт презентаций ThePresentation.ru в закладки!

Слайды и текст этой презентации

Слайд 1
Текст слайда:

Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage

CanSecWest 2013
Vladimir Katalov, ElcomSoft Co. Ltd.

Слайд 2
Текст слайда:

The need for iOS forensics

More than 5 years on the market
7 iPhones, 5 iPods, 5 iPads
320+ million iPhones, 280+ million iPods, 120+ million iPads sold worldwide
“Smart devices” – they do carry a lot of sensitive data
Corporate deployments are increasing

Слайд 3
Текст слайда:

iOS data protection

Device passcode
Protect unauthorized access to the device
Bypassing is not enough (used in encryption)
Disk encryption
System-wide storage for sensitive data (keys, passwords etc)
Data is encrypted

Слайд 4
Текст слайда:

iOS forensics

Logical acquisition (iTunes backups)
Physical acquisition
iCloud backups and storage

Слайд 5
Текст слайда:

iOS forensics
- logical acquisition

“Ask” device to produce backup
Device must be unlocked (by passcode or iTunes)
Device may produce encrypted backup
Limited amount of information

Слайд 6
Текст слайда:

iOS forensics
- physical acquisition

Boot-time exploit to run unsigned code

Device lock state isn’t relevant, can bruteforce passcode
Can get all information from the device

Слайд 7
Текст слайда:

iOS Data Protection

Every iOS device contains secure AES engine with two embedded keys:
GID – shared by all devices of same “family”
UID – unique per device
Newer devices have additional UID+ key
There is no known way to extract GID or UID

Слайд 8
Текст слайда:

iOS data protection (cont-d)

Content grouped by accessibility requirements:
Available only when device is unlocked
Available after first device unlock (and until power off)
Always available
Each protection class has a master key
Master keys are protected by device key and passcode
Protected master keys form system keybag
New keys created during device restore

Слайд 9
Текст слайда:

iOS 4+ passcode

Passcode is used to compute passcode key
Computation is tied to hardware key (UID/UID+)
Same passcode will yield different passcode keys on different devices!
Passcode key is required to unlock most keys from the system keybag
Most files are protected with NSProtectionNone and don’t require a passcode
Most keychain items are protected with ...WhenUnlocked or ...AfterFirstUnlock and require a passcode

Слайд 10
Текст слайда:

iOS 4+ passcode (cont-d)

Passcode-to-Key transformation is slow
Offline brute-force currently is not possible
Requires extracting UID/UID+ key
On-device bruteforce is slow
2 p/s on iPhone 3G, 7 p/s on iPad
System keybag contains hint on password complexity

Слайд 11
Текст слайда:

iOS 4+ passcode (cont-d)

Слайд 12
Текст слайда:

iOS 5 Keychain

SQLite3 DB, all columns are encrypted Available protection classes
kSecAttrAccessibleWhenUnlocked (+ ...ThisDeviceOnly)
kSecAttrAccessibleAfterFirstUnlock (+ ...ThisDeviceOnly)
kSecAttrAccessibleAlways (+ ...ThisDeviceOnly)
Random key for each item (AES)
Item key is protected with corresponding protection class master key

Слайд 13
Текст слайда:

iOS 5 Storage

Only User partition is encrypted
Available protection classes:
Per-file random encryption key
File key protected with master key is stored in extended attributes (pretty much like Microsoft EFS)
No protection class - partition key is used
File system metadata and unprotected files
Transparent encryption and decryption (same as pre-iOS 4)

Слайд 14
Текст слайда:


Introduced in Oct 2011
Introduced with iOS 5
Successor to MobileMe, .Mac, iTools
5 GB free storage
Up to 50 GB paid storage
Over 125 million users in April 2012

Слайд 15
Текст слайда:

iCloud services

Слайд 16
Текст слайда:

iCloud Control Panel

Слайд 17
Текст слайда:

iPhone backup - why?

Слайд 18
Текст слайда:

Mission: impossible :)

Слайд 19
Текст слайда:

iCloud backup - what

Messages (including iMessages)
Application data
Device settings
Camera roll (photos and videos)
Visual voicemails
Purchases (music, movies, TV, apps, books)
Home screen arrangement

Слайд 20
Текст слайда:

iCloud backup - when

Backup runs daily when device is:
Connected to the Internet over Wi-Fi
Connected to a power source
Can force backup
[Settings] | [iCloud] | [Storage & Backup] | [Back Up Now]

Слайд 21
Текст слайда:

iCloud backup - how

Слайд 22
Текст слайда:

iCloud CP: backups

Слайд 23
Текст слайда:

iCloud backup protocol flow

Dynamic: endpoints depend on Apple ID
Built on Google Protocol Buffers (mostly)
Files are split into chunks
Apple provides file-to-chunks mapping, chunk encryption keys, and full request info to 3rd-party storage provider (Amazon/Microsoft)
Encryption key depends on chunk data (deduplication?)

Слайд 24
Текст слайда:

iCloud backup protocol flow (cont-d)


List of backups


OTA backup keybag


File manifest


File auth tokens


Info about containers of chunks for "les (FileGroups)

Request containers of chunks (FileGroups)

Containers of chunks

Слайд 25
Текст слайда:

iCloud encryption

Data stored at 3rd-party storage providers is encrypted
Apple has encryption keys to that data
Few files are further encrypted using keys from OTA backup keybag
Keychain items are encrypted using keys from OTA backup keybag
Need key 0x835 (securityd) to decrypt most keys from OTA backup keybag

Слайд 26
Текст слайда:

iCloud backups - summary

There is no user-con"gurable encryption for iCloud backups
iCloud backups are stored in Microsoft and Amazon clouds in encrypted form
Apple holds encryption keys and thus have access to data in iCloud backups
If Apple stores 0x835 keys then it can also have access to Keychain data (i.e. passwords)
Apple may have legal obligations to do this (e.g. LE)

Слайд 27
Текст слайда:

Find My Phone

Слайд 28
Текст слайда:

FindMyPhone protocol

Слайд 29
Текст слайда:

FindMyPhone - demo output

Слайд 30
Текст слайда:

iCloud documents

Слайд 31
Текст слайда:

iCloud CP: documents

Слайд 32
Текст слайда:

Get files from iCloud

To get list of files

Authentication request (with given AppleID & password). Client gets mmeAuthToken in return; which, in order, is used to create authentication token (together with dsid). dsid (Destination Signaling IDentifier) is an unique ID assigned to the user when registering at iCloud.com.

Request to get AccountSettings. Client gets an URL (ubiquityUrl) with an address to get UUID (unique user identifier), file list, info on file tokens and for authorization.

Request to get file list (POST). Output (for every file):

file name
file id
parent folder id
last change time
access rights

To download given file

Request to get file token (using file id, checksum and aliasMap).

Authorization request. Returns information on file chunks and containers. Output: container list (with URLs) and chunk information.

Слайд 33
Текст слайда:

Files in iCloud

Слайд 34

Слайд 35
Текст слайда:

iCloud docs: demo output

Слайд 36
Текст слайда:

Possible usage

Backups in iCloud
near-realtime acquisition (SMS, iMessage, mail, call logs)
browse backup data without actual device
download only data of specific type (need further work)
Find My Phone
keep track
using Google Maps (or whatever)
enter/leave some are
2+ devices
Documents in iCloud
open from 3rd party apps
track changes
download unsupported document data


Слайд 37
Текст слайда:


Balance between security, privacy and convenience
iCloud security risks
Use additional encryption
Need further work (contacts, calendar, mode documents, converting documents, partial backup download, decrypting keychain, photo stream, 3rd party apps data: 1Password etc)

Слайд 38
Текст слайда:

Thank you!

Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage

CanSecWest 2013
Vladimir Katalov, ElcomSoft Co. Ltd.

Facebook: ElcomSoft
Twitter: @elcomsoft

Обратная связь

Если не удалось найти и скачать презентацию, Вы можете заказать его на нашем сайте. Мы постараемся найти нужный Вам материал и отправим по электронной почте. Не стесняйтесь обращаться к нам, если у вас возникли вопросы или пожелания:

Email: Нажмите что бы посмотреть 

Что такое ThePresentation.ru?

Это сайт презентаций, докладов, проектов, шаблонов в формате PowerPoint. Мы помогаем школьникам, студентам, учителям, преподавателям хранить и обмениваться учебными материалами с другими пользователями.

Для правообладателей