Upload
phamdiep
View
214
Download
0
Embed Size (px)
Citation preview
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Manoranjan Mohanty
March 27, 2018
iOS DEVICE AND APP TRUST
EVALUATION
Lecture 13b
COMPSCI 702
Security for Smart-Devices
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
iOS SECURITY: MAIN TOPICS
▪ Introduction to iOS security
▪ iOS device and app trust evaluation
▪ Address Space Layout Randomisation (ASLR)
▪ iOS sandboxing
▪ iOS encryption
▪ Enterprise security in iOS
▪ iOS jailbreaking
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
iOS APP DEVELOPMENT LIFECYCLE
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
HOW DOES iOS VERIFY A TRUSTED
APP?
Code Signing - Mandatory ▪ Only Apps signed by Apple (or by someone
who has been certified by Apple) are installed
▪ The device checks certificate and signature
before running the app
▪ App code and memory continually checked as
it runs
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
VERIFYING SIGNING ON THE RUN
▪ When an executable is loaded
– The signature is loaded and checked in kernel
▪ Is it in the static trust cache?
- No – calls a function to check the signature
▪ Apps with the device– Do not have to have a signature
– The binary’s hash is stored in the iOS kernel in the static
trust cache
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
VERIFYING SIGNING
▪ Two jobs
– Verifying the signer
– Verifying integrity of the App (code)
▪ Digital signature– Public key cryptography
▪ (public key, private key) pair
▪ signer encrypts using private key
– Hashing
▪ message (App) digest
▪ hashes of two different Apps are different
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
DIGITALLY SIGNED
App Developer
Apple (review and sign) iOS (verify signature)
H = Hash (App) D = Dec (S, PubKey)
S = Enc (H, PvtKey) H’ = Hash (App)
D = H’ ?
S = Signature
App
S
App
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
iOS APP TESTING
▪ If signing is always required, how can an app
developer test or debug a newly developed
app?
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
APPLE PROVIDED CERTIFICATES
▪ App development – developer certificate
▪ App distribution – distribution certificate
Certify that Alice holds private key of the
public key to be used by Bob’s iPhone (iOS)
Alice Apple
Cert Req.
Verification.
Certificate of Pub Key.
Certificate = Pub Key (Message) +
Apple’s Digital Signature
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
iOS APP DEVELOPMENT: XCODE
▪ Developers can develop apps using Xcode
– An IDE provided by Apple
– Current version 9.2, released in Dec 2017
– To have the app signed by Apple - deployment
– Or to run it on a device requires a provisioning profile to be
installed on the device for that app – development and
testing
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
WHAT IS A PROVISIONING PROFILE?
▪ An XML property list (plist)– Which app
▪ App ID – some random characters followed by the
company ID and app name
– Which devices
▪ Each device has a Unique Device ID (UDID)
- Usually a 40-char HEX string
– developer certificate
– entitlements
▪ It configures a device to allow the execution of
signed code– Installed on a device only if the device ID is in the profile
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
ENTITLEMENTS
▪ Profiles also include entitlements– Adding policies regarding what an app can do
– Or allow debugging
▪ Apple can add entitlements to limit functionality
▪ Stored in a property list
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
TEAM PROVISIONING PROFILES
Source: developer.apple.com
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
14
iOS APP DEVELOPMENT
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
15
VALIDATING A
PROVISIONING PROFILE
▪ The signing certificate is signed by Apple
– It is called “Apple iPhone OS Provisioning Profile Signing”
▪ The certificate signing chain is no longer than three
links
– Development
▪ Developer – Apple Worldwide Developer Relations
CA – Apple Root CA
– Deployment on app store
▪ Apple iPhone OS Application Signing – Apple
iPhone CA – Apple Root CA
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
16
APPLE DEVELOPER PROGRAM:
TEAM ROLES
▪ Team agent
▪ Team admin
▪ Team member
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
17
TEAM AGENT
▪ Legally responsible for the team
▪ Acts as the initial primary contact with Apple
▪ Can invite team members and change the
access level of any other team member
▪ There is only one team agent
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
18
TEAM ADMIN
▪ Can set the privilege levels of other team
members– Except the team agent
▪ Manages all assets used to sign your apps– Either during development or when your team is ready to
distribute an app
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
19
TEAM MEMBER
▪ Can create her development certificate
▪ Register a device connected to her Mac
▪ Create a development provisioning profile
using Xcode
▪ Cannot register devices
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
20
APPLE DEVELOPER PROGRAM:
ROLES AND PRIVILEGES
Privilege Team
agent
Team
admin
Team
member
Accept legal agreements ✓ × ×
Renew membership ✓ × ×
Create Developer ID certificates ✓ × ×
Invite members and assign roles ✓ ✓ ×
Create distribution certificates ✓ ✓ ×
Create development provisioning profiles ✓ ✓ ✓
Source: developer.apple.com
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
21
MEMBERSHIP TYPES
▪ Individuals– Apple Developer Program
▪ 99 USD per membership year
▪ Organisations– Apple Developer Program
▪ 99 USD per membership year
– Apple Developer Enterprise Program
▪ 299 USD per membership year
▪ Educational Institutions– iOS Developer University Program
▪ Free
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
22
MEMBERSHIP BENEFITS
Resources
Sign in with
Apple ID
Individual Organisation Enterprise
Program
Xcode Developer Tools ✓ ✓ ✓ ✓
Test on Device ✓ ✓ ✓ ✓
App Store Distribution ✓ ✓
In-house App Distribution ✓
Team Management ✓ ✓
App Analytics ✓ ✓
Cost Free 99 USD 99 USD 299 USD
Source: developer.apple.com
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
23
APP STORE DEPLOYMENT
▪ Apple certifies and signs the app bundle
(executable, resources, etc.)– App ID
– No device information
– Trust is based on Apple’s certificate
▪ iOS ships with root anchors for certificate chains
▪ Because Apple checks the app before distribution, it
acts like an antivirus program
– That is why, there is no need for anti-virus apps in iOS
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
24
CERTIFICATE REVOCATION
▪ Apple supports revocation through
– Certificate Revocation List (CRL)
▪ Go to server and get a list of revoked certificates
– Or Online Certificate Status Protocol (OCSP)
▪ A server tells if a certificate is still valid
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
25
SIDELOADING IN iOS
▪ Developers can release open-source apps outside of
the App Store
▪ Interested users can use the open-source app
– Open the app code in Xcode
– Compile and run it on their own devices
– This way, it is possible to completely bypass the App Store
▪ Somewhat similar to Android
– Sideloading apps from unknown sources
– A bit more complex because sideloading requires a physical
connection and a Mac running Xcode
▪ Actually, its main purpose is for developers to test their
own software on real hardware
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
26
TO BE CONTINUED
▪ See the next lecture
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
27
Questions?
Thanks for your attention!
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
28
RESOURCES
▪ White Paper on iOS Security
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
[MUST READ]
▪ iOS Hacker’s Handbook
Charlie Miller, Dionysus Blazarkis, Dino Dai Zovi, Stefan
Esser,Vincenzo Iozzo, Ralf-Philipp Weinmann
John Wiley & Sons, Inc., 2012
▪ Apple iOS
https://www.apple.com/ios/
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
29
RESOURCES (2)
▪ When Malware Goes Mobile
http://www.sophos.com/en-us/security-news-trends/security-
trends/malware-goes-mobile/why-ios-is-safer-than-android.aspx
▪ Android vs. Apple iOS Security Showdown
http://pittsburgh.issa.org/Archives/Android-vs-iOS-MayUpdate.pdf
▪ Android vs. iOS
http://www.diffen.com/difference/Android_vs_iOS