Slide title

In CAPITALS

50 pt

Slide subtitle

32 pt

Manoranjan Mohanty

March 27, 2018

iOS DEVICE AND APP TRUST

EVALUATION

Lecture 13b

COMPSCI 702

Security for Smart-Devices

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

2

iOS SECURITY: MAIN TOPICS

▪ Introduction to iOS security

▪ iOS device and app trust evaluation

▪ Address Space Layout Randomisation (ASLR)

▪ iOS sandboxing

▪ iOS encryption

▪ Enterprise security in iOS

▪ iOS jailbreaking

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

3

iOS APP DEVELOPMENT LIFECYCLE

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

4

HOW DOES iOS VERIFY A TRUSTED

APP?

Code Signing - Mandatory ▪ Only Apps signed by Apple (or by someone

who has been certified by Apple) are installed

▪ The device checks certificate and signature

before running the app

▪ App code and memory continually checked as

it runs

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

5

VERIFYING SIGNING ON THE RUN

▪ When an executable is loaded

– The signature is loaded and checked in kernel

▪ Is it in the static trust cache?

- No – calls a function to check the signature

▪ Apps with the device– Do not have to have a signature

– The binary’s hash is stored in the iOS kernel in the static

trust cache

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

6

VERIFYING SIGNING

▪ Two jobs

– Verifying the signer

– Verifying integrity of the App (code)

▪ Digital signature– Public key cryptography

▪ (public key, private key) pair

▪ signer encrypts using private key

– Hashing

▪ message (App) digest

▪ hashes of two different Apps are different

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

7

DIGITALLY SIGNED

App Developer

Apple (review and sign) iOS (verify signature)

H = Hash (App) D = Dec (S, PubKey)

S = Enc (H, PvtKey) H’ = Hash (App)

D = H’ ?

S = Signature

App

S

App

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

8

iOS APP TESTING

▪ If signing is always required, how can an app

developer test or debug a newly developed

app?

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

9

APPLE PROVIDED CERTIFICATES

▪ App development – developer certificate

▪ App distribution – distribution certificate

Certify that Alice holds private key of the

public key to be used by Bob’s iPhone (iOS)

Alice Apple

Cert Req.

Verification.

Certificate of Pub Key.

Certificate = Pub Key (Message) +

Apple’s Digital Signature

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

10

iOS APP DEVELOPMENT: XCODE

▪ Developers can develop apps using Xcode

– An IDE provided by Apple

– Current version 9.2, released in Dec 2017

– To have the app signed by Apple - deployment

– Or to run it on a device requires a provisioning profile to be

installed on the device for that app – development and

testing

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

11

WHAT IS A PROVISIONING PROFILE?

▪ An XML property list (plist)– Which app

▪ App ID – some random characters followed by the

company ID and app name

– Which devices

▪ Each device has a Unique Device ID (UDID)

- Usually a 40-char HEX string

– developer certificate

– entitlements

▪ It configures a device to allow the execution of

signed code– Installed on a device only if the device ID is in the profile

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

12

ENTITLEMENTS

▪ Profiles also include entitlements– Adding policies regarding what an app can do

– Or allow debugging

▪ Apple can add entitlements to limit functionality

▪ Stored in a property list

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

13

TEAM PROVISIONING PROFILES

Source: developer.apple.com

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

14

iOS APP DEVELOPMENT

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

15

VALIDATING A

PROVISIONING PROFILE

▪ The signing certificate is signed by Apple

– It is called “Apple iPhone OS Provisioning Profile Signing”

▪ The certificate signing chain is no longer than three

links

– Development

▪ Developer – Apple Worldwide Developer Relations

CA – Apple Root CA

– Deployment on app store

▪ Apple iPhone OS Application Signing – Apple

iPhone CA – Apple Root CA

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

16

APPLE DEVELOPER PROGRAM:

TEAM ROLES

▪ Team agent

▪ Team admin

▪ Team member

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

17

TEAM AGENT

▪ Legally responsible for the team

▪ Acts as the initial primary contact with Apple

▪ Can invite team members and change the

access level of any other team member

▪ There is only one team agent

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

18

TEAM ADMIN

▪ Can set the privilege levels of other team

members– Except the team agent

▪ Manages all assets used to sign your apps– Either during development or when your team is ready to

distribute an app

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

19

TEAM MEMBER

▪ Can create her development certificate

▪ Register a device connected to her Mac

▪ Create a development provisioning profile

using Xcode

▪ Cannot register devices

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

20

APPLE DEVELOPER PROGRAM:

ROLES AND PRIVILEGES

Privilege Team

agent

Team

admin

Team

member

Accept legal agreements ✓ × ×

Renew membership ✓ × ×

Create Developer ID certificates ✓ × ×

Invite members and assign roles ✓ ✓ ×

Create distribution certificates ✓ ✓ ×

Create development provisioning profiles ✓ ✓ ✓

Source: developer.apple.com

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

21

MEMBERSHIP TYPES

▪ Individuals– Apple Developer Program

▪ 99 USD per membership year

▪ Organisations– Apple Developer Program

▪ 99 USD per membership year

– Apple Developer Enterprise Program

▪ 299 USD per membership year

▪ Educational Institutions– iOS Developer University Program

▪ Free

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

22

MEMBERSHIP BENEFITS

Resources

Sign in with

Apple ID

Individual Organisation Enterprise

Program

Xcode Developer Tools ✓ ✓ ✓ ✓

Test on Device ✓ ✓ ✓ ✓

App Store Distribution ✓ ✓

In-house App Distribution ✓

Team Management ✓ ✓

App Analytics ✓ ✓

Cost Free 99 USD 99 USD 299 USD

Source: developer.apple.com

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

23

APP STORE DEPLOYMENT

▪ Apple certifies and signs the app bundle

(executable, resources, etc.)– App ID

– No device information

– Trust is based on Apple’s certificate

▪ iOS ships with root anchors for certificate chains

▪ Because Apple checks the app before distribution, it

acts like an antivirus program

– That is why, there is no need for anti-virus apps in iOS

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

24

CERTIFICATE REVOCATION

▪ Apple supports revocation through

– Certificate Revocation List (CRL)

▪ Go to server and get a list of revoked certificates

– Or Online Certificate Status Protocol (OCSP)

▪ A server tells if a certificate is still valid

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

25

SIDELOADING IN iOS

▪ Developers can release open-source apps outside of

the App Store

▪ Interested users can use the open-source app

– Open the app code in Xcode

– Compile and run it on their own devices

– This way, it is possible to completely bypass the App Store

▪ Somewhat similar to Android

– Sideloading apps from unknown sources

– A bit more complex because sideloading requires a physical

connection and a Mac running Xcode

▪ Actually, its main purpose is for developers to test their

own software on real hardware

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

26

TO BE CONTINUED

▪ See the next lecture

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

27

Questions?

Thanks for your attention!

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

28

RESOURCES

▪ White Paper on iOS Security

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[MUST READ]

▪ iOS Hacker’s Handbook

Charlie Miller, Dionysus Blazarkis, Dino Dai Zovi, Stefan

Esser,Vincenzo Iozzo, Ralf-Philipp Weinmann

John Wiley & Sons, Inc., 2012

▪ Apple iOS

https://www.apple.com/ios/

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

29

RESOURCES (2)

▪ When Malware Goes Mobile

http://www.sophos.com/en-us/security-news-trends/security-

trends/malware-goes-mobile/why-ios-is-safer-than-android.aspx

▪ Android vs. Apple iOS Security Showdown

http://pittsburgh.issa.org/Archives/Android-vs-iOS-MayUpdate.pdf

▪ Android vs. iOS

http://www.diffen.com/difference/Android_vs_iOS

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

30

ACKNOWLEDGEMENT

▪ Some of the slides are based on the

presentation shared by Muhammad Rizwan

Asghar, thanks to him!