Embed Size (px)
Citation preview
1. Introduction
Mobile devices are becoming a common platform for users to connect to the Internet. They are slowly replacing a notebooks with the ability to surf the internet, email, and edit documents on top of the fact it is still a phone. In todays world everyone has a cell phone an by putting multiple features on the same device it is eliminating the need to carry a full notebook for most tasks. With these advancements, there are also challenges. These devices are creating new issues in network security because the architecture and operating systems on them are very different then what is traditionally used. This report focuses on the iPhone since it revolutionized this industry, and many applications are developed for it.
The iPhone will be the phone at the front of these security issues. There were 13.7 million iPhones sold in 2008, and it is expected to be the most common smart phone in the coming years. Google reports that it receives fifty times more search requests from iPhones than any other mobile device. Wireless data is also thirty times higher on the iPhone. Businesses are recognizing the iPhone as a common web-browsing device but with that comes the issues of key management. RSA has announced that the iPhone will be used as a SecurID authenticator for enterprise applications. This announcement shows how serious companies are in allowing the iPhone to be viewed on the same level as a computer with its network capabilities.
Another issue is the ability to install custom applications from the web, and the need to confirm and trust the application sources is an issue. The Keychain provides a system to store code signatures that can be checked to ensure the safety of the application being installed. Currently all applications that go to the Apple App store must have code signatures. The Apple Developers SDK forces the signature to be present before the code is put on the iPhone for any purpose including development. This does cause a problem when an iPhone is jail broken and installs software from other sources. In the end it will always be up to the user to determine what should be installed and what should not. However, if a common system was used like the Keychain to check, even users installing third party software from the Internet would be less likely to be harmed from it.
The need for key management is one of the most important issues facing mobile security, and Apple uses the Keychain as a viable source to solve this problem. The Keychain is a way for the iPhone to store passwords, accounts, keys, and certificates. This paper is going to show examples using Apple’s Keychain and how it can be used to solve mobile security issues.
1
Nichlos Bufmack and Ryan Thomas
CS-691 Summer 2009
iPhone Security: Understanding the Keychain
2. Analysis
The approach to mobile security is similar to the one with current computer systems. The approaches are authentication services, keys, and certificates. The idea is to implement all of these security features, but they must do it in a fashion that uses low computation and low power. These standards need to be adopted, however, developers are creating custom mechanisms. This is a fairly large issue because there is no common management, which results in security holes. The iPhone has the ability to solve these issues on this platform because it is uniform unlike other mobile platforms such as the Google Android based phones.
The iPhone has a great path to mobile security based on the platform itself. iPhone OS 3.0 is actually based on Mac OS X, which allows it to implement security features that are similar to the OS. Apply uses the iPhone Keychain which is similar to the Keychain built into OS X. Everyone has a login, system, and system store Keychain. Additional Keychains are built but one must be the default. Each item in the Keychain becomes categorized allowing applications quick lookup of certificates or keys.
The Keychain can be used for security by acting as an intermediary agent presenting authentication credentials on behalf of a user, service, or application. This provides robust storage for this information to help secure web applications. To secure the information inside the Keychain, all tokens are encrypted.
The Keychain supports X.509 certificate storage, RSA encryption, key storage, and use. Root certificates are also stored, enabling verification of certificate chains. The iPhone development library provides SDK calls to all of the Keychain's functions, so it is up to the developer to secure his or her own application; however, Apple has gone to great lengths to make this as
easy and accessible as it can be.
This system allows the application developer to implement code signing and publisher verification. This would allow the user to verify any installation of a web-based application and would help insure the user is not installing a harmful program on their device. The developer must take the extra effort, but the Apple SDK has the necessary calls to the Keychain to easily implement this. This is a consumer selling point that will pay off once there are more iPhone exploits that consumers want to avoid.
3. Design
An example of how to implement an iPhone Keychain is described in the code attached. It should be noted that the code attached and the complete class contained in the project directory (KeyChainUtility) requires the Security framework .
The class is presented as a static class. One could change it to a non-static class without too much effort. Conversely, one could finish out the singleton design pattern if such was desired.
As presented, the interface includes only 3 methods:
• getPasswordForUsername – which returns the password for a given username
• storeUsername – which stores the users name, optionally updating the password
• deleteItemForUsername – which deletes the keychain item for the user
The implementer should note that the security token stored in the Keychain requires a service binding. In a typical application using this code, the application's name can be the service binding.
2
Those unfamiliar with Apple conventions should take note of the fact that each method has an NSError parameter. Errors with operations can be found by examining this after the method has executed.
The code presented will compile and run on the iPhone simulator and on an iPhone device with the code taking into account the differences between iPhone OS versions.
The example attached does not showcase the entire use of the Keychain. For other uses and methods the implementer should focus on the Apple SDK documentation for implementation details.
4. Future Directions
The Apple Keychain is currently not a requirement for applications to take advantage of. One major feature of code signing that was discussed is forced, however. When applications are installed on iPhones, Apple forces its developers to generate a signature for their code. However, many of the ideas discussed are to help avoid future exploits.
Currently there are not many exploits that are out there harming iPhones or their users. There are some, though, and it is becoming an issue. The iPhone has the ability to go anywhere since it has built in wireless. There is nothing stopping a hacker from targeting the iPhone as the next big challenge and create exploits for it. The iPhone is still a relatively new platform along with mobile browsers in general. In addition to the iPhone, Android, Palm, and Blackberry are becoming standard phones. The Mozilla foundation is releasing Fennec, which is the mobile version of Firefox. There are going to be exploits, and users will want the ability for secure web browsing.
The Keychain for the iPhone and similar systems for the other platforms are trying to create
unified standards. These are deterrents for potential hackers, and the sooner they are in place the sooner it will become a less enticing target.
Standards need to be set, and currently there are none. This paper focused on the iPhone. Apple has introduced a mechanism to allow for secure browsing. For developers it is up to them to implement them in their current applications, but there is the potential Apple could make it a standard, and not allow installations unless security is implemented using the Keychain.
6. Conclusion
The iPhone Keychain is a viable solution to mobile security using the iPhone. The idea of the Keychain is not unique to Apple or mobile devices. Ubuntu has the keyring, and Microsoft uses ActiveDirectory to accomplish the same thing.
There are issues with allowing developers to use their own system. A developer can implement all of the same security features using OpenSSL. This does cause a few issues. First, the developer must be trusted to create a security solution that is acceptable. The second issue is nothing stops multiple developers from creating their own standards. This will lead to inconsistent security for applications and stability issues for everyone using an iPhone.
The Keychain helps unify the entire iPhone system and gives the developers a standard way to handle certificates. It is clear that mobile devices that use the Internet and install applications on mobile devices through the Internet is here to stay. They are expected to continue to grow in use and security will continue to grow as an issue. By allowing the devices to become more like notebooks, developers are forced to look at all the same security features consumers would want on their
3
laptops.
It is important that there is a unified security system, and a unified way to digitally sign code. The increase of applications that use mobile phones, and the increase in installing them from the Internet also forces unified security features, and the Apple Keychain is a good current solution, but it must continue to evolve and should become the uniform standard for all key management on the iPhone platform.
8. References
[1] Apple Developer Connection. http://apple.developer.com
[2] RSA Announces New RSA SecurID(R) Software Token for iPhone July 22, 2009. Bedford Mass PRNewswirehttp://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=ind_focus.story&STORY=/www/story/07-22-2009/0005064205&EDATE=
[3] Talukder, Asoke and Roopa Yavagal. 2006. Mobile Computing. New York: McGraw-Hill Professional
4
Appendix A
5
6
7
8
9
10
11
12
13
14
15
