How Data Encryption Works on iPhone
Far from satisfying governments, smartphone encryption is under attack from all sides. Indeed, it prevents investigators from accessing data from phones that could advance certain cases. The recent refusal of Tim Cook to access the order of the magistrates in order to come to the aid of the FBI is the occasion to interest us in the operation of the encryption of the iPhone.
The encryption used on iPhones has made a lot of noise in recent days. In question, an order from the American justice which compels Apple to help the FBI to access the iPhone 5C of one of the authors of the San Bernadino massacre in the United States. In an open letter, Tim Cook, the CEO of Apple, declared that he could not submit to the court's decision, both for reasons of protection of the privacy of its users and of system security.
If the investigators are reassembled against the encryption of cell phones from the Apple brand, it is because it proves to be terribly effective in preventing access to data. First and foremost, Apple smartphones have a secure boot sequence that prevents any code tampering on the device.
Among other things, the firm has implemented a series of protections, both hardware and software, which complicates the task of people who wish to recover information on a device. In this case, the protection that irritates the investigators the most is the automatic erasure of the device after ten incorrect codes.
By encrypting a document, we want to make it impossible for anyone who does not have the decryption key to understand it. (Encrypted letter from Gabriel de Luetz d'Aramon).
Hardware security
Since iOS 8.0, Apple claims that it simply cannot extract data from an iPhone. All files on the phone are encrypted, using 256-bit keys called UID (a unique and random identifier specific to each device) and GID (an identifier common to an entire class of processor used for tasks that do not present a major risk to system security).
Apple, iOS Security Guide
The firm uses a system it calls Secure Enclave — a cryptographic coprocessor built into the SoC (System on Chip, or the hardware root of a device) — that protects keys at the hardware level. To quote Comex, a famous hacker in the jailbreak scene, "The UID key lives in hardware, you can ask the encryption engines to encrypt or decrypt the key, but you can't ask for the key itself."
The algorithm used by Apple's encryption engine is AES 256 (for Advanced Encryption Standard). To date, this has never been broken and exhaustive (bruteforce) research is the only solution for attackers. The “brute force” attack consists of testing all possible combinations of passwords one by one. Of course, when you only have ten tries, trying every combination turns out to be absolutely ineffective — unless of course you're the luckiest man in the world.
The biggest obstacle to implementing hardware-based security on phones until now has been the impact of encryption and decryption on overall system performance and battery power. But on iOS, to keep the system running smoothly, Apple tells us in its security guide that the encryption engine "is located in the DMA path between Flash storage and system memory."
Concretely, the unique machine identifier means that the data is linked to a specific device. For example, if the device's memory chips were to be transferred to another device, the data would remain inaccessible.
Software protection
In addition to hardware protection, iOS incorporates a battery of protection measures for files stored on the device. Important applications like Messages, Mail, Calendar, Contacts, Photos and Health, as well as all third-party applications are, on a device running on a version higher than iOS 7.0, protected by an API called Data Protection.
All files created on the device are given a 256-bit key. A class is assigned to each key depending on the nature of the file, in order to know when it must be accessible. When the device is locked, the file keys are cleared from memory and encrypted files can no longer be read — until the device is unlocked again.
If this seems abstract to you, it is possible to illustrate this explanation with a small experiment. To do this, you will need to take a second phone and, if you haven't already done so, save its number in your directory. Then turn off your iPhone and turn it back on, but don't unlock it. Then call your iPhone using the other phone. You will have noticed that only the phone number appears, and not the name assigned to the contact.
Schematically, each time a user creates a file, the system encrypts it and gives it a specific key. The file key is itself encrypted with one of the four key classes offered by the API. The encrypted key is stored in the metadata of the file, itself encrypted by the key of the file system, itself encrypted by the hardware protection.
Apple, iOS Security Guide
Let's summarize
The protection offered by Apple on recent iPhones is tough: without the password, it is virtually impossible for an attacker to access files on the device. It should be understood as "impossible" in the current state of the art. Indeed, according to Apple's iOS security guide, cracking the password with bruteforce would currently take just over five years for a six-character alphanumeric code.
What's more, delays are implemented at the software level (up to 1 hour) and hardware (from 80 ms to 5 seconds on the most recent models) to space out the time between password attempts. That is to say, even if a user does not activate the erase option after 10 tries, it would still be necessary to manually enter each code on the screen for an extremely long time.
Apple, iOS Security Guide
To effectively protect your data, the first necessity is therefore to use a good password – but this generally applies to all places where sensitive files are stored. A complex password can certainly be binding insofar as you unlock your phone several times a day; but the most recent models overcome this constraint thanks to the fingerprint sensor (Touch ID).
In the event that the theft of an iPhone could put you in danger, you must have the good reflex to turn it off. Indeed, some files are decrypted after the first unlocking: if we take the example of the contact, after the first unlocking, the name of the contact appears, even when the phone is locked. In addition, turning off the phone prevents the attacker from using the fingerprint of the owner without his knowledge to unlock the device because the first start necessarily requires entering a code.
Finally, setting up a strong password on iCloud and enabling two-factor authentication will also be useful in preventing an attacker from accessing cloud-saved files. In the specific case of the iPhone 5C of the killer of San Bernadino, it could be that the device can still be unlocked by Apple since it does not have a Secure Enclave.
More apple news
Related Articles