2014.11 asfws

ON THE SECURITY OF THE ICLOUD KEYCHAIN

Andrey BelenkoviaForensics

ICLOUD

• Introduced in 2011

• iOS 5 and OS X 10.7

• 320M accounts (July 2013)

ICLOUD

ICLOUD STORAGE

ICLOUD KEYCHAIN

MOTIVATION

http://support.apple.com/kb/HT4865

http://support.apple.com/kb/HT4865

ICLOUD KEYCHAIN

• Introduced in 2013

• iOS 7.0.3 and OS X 10.9

• Two different services:

• iCloud Keychain Sync

• iCloud Keychain (Escrow and) Recovery

INTERCEPTING COMMS

iCloud.com certificate is not pinned

FIRST STEPS

FIRST STEPSGET /authenticate

AppleID, password

FIRST STEPS

DsID, mmeAuthToken, fmipAuthToken

GET /authenticate

AppleID, password

FIRST STEPS


GET /authenticate

AppleID, password

GET /get_account_settings

AppleID, password

FIRST STEPS


GET /authenticate

AppleID, password

Account informationAccount settings

GET /get_account_settings

AppleID, password

ACCOUNT SETTINGS

ACCOUNT SETTINGS

ACCOUNT SETTINGS

SETUP

THE BIG PICTUREescrowproxy.icloud.comkeyvalueservice.icloud.com

THE BIG PICTURE

Keychain (encrypted)

Keybag (encrypted)

escrowproxy.icloud.comkeyvalueservice.icloud.com

THE BIG PICTURE


Keybag (encrypted)


Keychain sync

THE BIG PICTURE


Keybag (encrypted)


Master Secret

Keychain sync

KEY-VALUE STORE• Not new

• Many apps use it to keep in sync across devices

• iCloud Keychain uses two stores:• com.apple.security.cloudkeychainproxy3

• Syncing between devices

• com.apple.sbd3 (securebackupd3)• Restore if no other devices

ICLOUD KEYCHAIN SYNCcom.apple.security.cloudkeychainproxy3

Sign(usrPwd, Bpub)

Sign(Bpriv, (Apub, Bpub))

Sign(Apriv, Apub)Sign(userPwd, Apub)

Sign(Apriv, (Apub, Bpub))Sign(userPwd, (Apub, Bpub))

KEY-VALUE STOREcom.apple.sbd3

Key Description

com.apple.securebackup.enabled Is Keychain data saved in KVS?

com.apple.securebackup.record Keychain records, encrypted

SecureBackupMetadata iCSC complexity, timestamp, country

BackupKeybag Keybag protecting Keychain records

BackupUsesEscrow Is keybag password escrowed?

BackupVersion Version, currently @“1”

BackupUUID UUID of the backup

ESCROW PROXY• New, designed to store precious secrets

• MFA to recover escrowed data

• Must be signed into iCloud

• Must provide 6-digit code sent via SMS

• Must prove knowledge of iCSC via SRP

• Data destroyed after ~10 failed attempts

• User-Agent: com.apple.lakitu (iOS/OS X)

DATA ESCROWescrowproxy.icloud.com

keyvalueservice.icloud.com

DATA ESCROWescrowproxy.icloud.com


iCloud Security Code1234

DATA ESCROW

Backup KeybagKey 1Key 2Key 3

escrowproxy.icloud.com



DATA ESCROW





Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb

AES-GCM256 bit

Encrypted Keychain

DATA ESCROW

Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4






AES-GCM256 bit

Encrypted Keychain

DATA ESCROW







AES-GCM256 bit

Encrypted Keychain

AES-Wrap KeysRFC 3394

Encrypted Keybag

DATA ESCROW


PBKDF2SHA-256 x 10’000

AES-CBC256 bit






AES-GCM256 bit

Encrypted Keychain


Encrypted Keybag

DATA ESCROW



AES-CBC256 bit






AES-GCM256 bit

Encrypted Keychain


Encrypted Keybag

DATA RECOVERYescrowproxy.icloud.com








DATA RECOVERYPBKDF2

SHA-256 x 10’000

AES-CBC256 bit




DATA RECOVERY



AES-CBC256 bit




DATA RECOVERY



AES-CBC256 bit





Encrypted Keybag

DATA RECOVERY



AES-CBC256 bit






Encrypted Keybag

DATA RECOVERY



AES-CBC256 bit





AES-GCM256 bit

Encrypted Keychain


Encrypted Keybag

DATA RECOVERY



AES-CBC256 bit






AES-GCM256 bit

Encrypted Keychain


Encrypted Keybag

DATA RECOVERY


DATA RECOVERY/get_records

List of escrowed recordsescrowproxy.icloud.com


List of escrowed records

/get_sms_targets

List of phone numbers




/get_sms_targets


/generate_sms_challenge

OK




/get_sms_targets



OK

/srp_init [DsID, A, SMS CODE]

[UUID, DsID, SALT, B]




/get_sms_targets



OK

/srp_init [DsID, A, SMS CODE]

[UUID, DsID, SALT, B]

/recover [UUID, DsID, M, SMS CODE]

[IV, AES-CBC(KSRP, Escrowed Record)]


SECURE REMOTE PASSWORD • Zero-knowledge password proof scheme

• Combats sniffing/MITM

• One password guess per connection attempt

• Password verifier is not sufficient for impersonation

• Escrow Proxy uses SRP-6a

Key Negotiation

a ← randomA ← gâ

b ← randomB ← kv + g^b

u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)

S ← (Avû) ^ bK ← H(S)

Key Verification

M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)

(Aborts if M is invalid)

ID, A

SALT, B

M

H(A, M, K)

Password verifier:

SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)

Agreed-upon parameters:

H – one-way hash functionN, g – group parametersk ← H(N, g)

Key Negotiation

a ← randomA ← gâ

b ← randomB ← kv + g^b

u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)

S ← (Avû) ^ bK ← H(S)

Key Verification

M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)

(Aborts if M is invalid)

ID, A, SMS CODE

SALT, B

M, SMS CODE

H(A, M, K)

Password verifier:

SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)

Agreed-upon parameters:

H – SHA-256N, g – RFC 5054 w. 2048-bit groupk ← H(N, g)

ESCROW PROXY COMMANDS

Endpoint Description

get_club_cert Obtains some certificate for a userenroll Escrows a record and returns phoneToken

get_records Lists escrowed recordsget_sms_targets Lists phone numbers used for verification

generate_sms_challenge Sends SMS challengesrp_init First step of SRP protocolrecover Second step of SRP protocol

alter_sms_target Given a phoneToken, changes phone number used for verification

ALTER_SMS_TARGET

• Changes phone number used for verification

• Stricter authentication: requires AppleID password

• Authentication token won’t work

• Requires phoneToken returned at escrow time

• iOS 8 finally exposes this in the UI

ESCROW RECORD




AES-CBC256 bit



AES-GCM256 bit




Encrypted Keychain

Encrypted Keybag

ESCROW RECORD




AES-CBC256 bit


ESCROW RECORD




AES-CBC256 bit


EscrowRecord ← AES-CBC(Key, RandomPassword)

Key ← PBKDF2-SHA256(iCSC, 10’000)

ESCROW RECORDEscrowRecord ← AES-CBC(Key, RandomPassword)

Key ← PBKDF2-SHA256(iCSC, 10’000)

This is stored by AppleThis is 4 digits by default

For default settings access is totally feasible!

ESCROW RECORD• Offline iCSC guessing is possible

• Almost instant recovery [for default settings]

• iCSC decrypts keybag password

• Keybag password unlocks keybag keys

• Keybag keys decrypt Keychain items

Apple, or other adversary with access to stored data, can near-instantly decrypt “master” password and consequently decrypt backed up

iCloud Keychain records

(for default settings)

BUT CAN APPLE ACCESS STORED DATA?

HARDWARE SECURITY MODULE

• Apple claims it uses HSMs for storing escrowed data

• Impossible to verify from outside

SETUP

DATA ESCROW


iCloud Security Codecorrect horse battery staple PBKDF2

SHA-256 x 10’000

AES-CBC256 bit



AES-GCM256 bit




Encrypted Keychain

Encrypted Keybag

COMPLEX ICSC

• Mechanics are the same as with simple iCSC

• Offline password recovery attack is still possible, although pointless if password is complex enough

SETUP

DATA ESCROW




AES-GCM256 bit



Encrypted Keychain

Encrypted Keybag

AES-CBC256 bit


SHA-256 x 10’000


DATA ESCROWRandom Password

BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4



AES-GCM256 bit



Encrypted Keychain

Encrypted Keybag

RANDOM ICSC

Escrow Proxy is not used

SETUP

DATA ESCROW






AES-GCM256 bit


Encrypted Keychain

Encrypted Keybag

AES-CBC256 bit


SHA-256 x 10’000

DATA ESCROW



NO ICSC

Escrow Proxy is not used

Keychain is not backed up

ATTACK SURFACEiCloud Keychain Services

Master Password Escrow iCloud Keychain Backup iCloud Keychain Sync

No iCloud Security Code

Random iCloud Security Code

Complex iCloud Security Code

Simple iCloud Security Code (default)

CONCLUSIONS

CONCLUSIONS

• Trust your vendor but verify his claims

• Never use simple iCloud Security Code

• Overall, iCloud Keychain is reasonably well engineered

Q & A

THANK YOU!

[email protected]@abelenko

Technology

2014.11 asfws