2014.11 asfws

transcript

ON THE SECURITY OF THE ICLOUD KEYCHAIN

Andrey BelenkoviaForensics

ICLOUD

• Introduced in 2011

• iOS 5 and OS X 10.7

• 320M accounts (July 2013)

ICLOUD

ICLOUD STORAGE

ICLOUD KEYCHAIN

MOTIVATION

http://support.apple.com/kb/HT4865

ICLOUD KEYCHAIN

• Introduced in 2013

• iOS 7.0.3 and OS X 10.9

• Two different services:

• iCloud Keychain Sync

• iCloud Keychain (Escrow and) Recovery

INTERCEPTING COMMS

iCloud.com certificate is not pinned

FIRST STEPS

FIRST STEPSGET /authenticate

AppleID, password

FIRST STEPS

DsID, mmeAuthToken, fmipAuthToken

GET /authenticate

AppleID, password

FIRST STEPS

GET /authenticate

AppleID, password

GET /get_account_settings

AppleID, password

FIRST STEPS

GET /authenticate

AppleID, password

Account informationAccount settings

GET /get_account_settings

AppleID, password

ACCOUNT SETTINGS

THE BIG PICTUREescrowproxy.icloud.comkeyvalueservice.icloud.com

THE BIG PICTURE

Keychain (encrypted)

Keybag (encrypted)

escrowproxy.icloud.comkeyvalueservice.icloud.com

THE BIG PICTURE

Keybag (encrypted)

Keychain sync

THE BIG PICTURE

Keybag (encrypted)

Master Secret

Keychain sync

KEY-VALUE STORE• Not new

• Many apps use it to keep in sync across devices

• iCloud Keychain uses two stores:• com.apple.security.cloudkeychainproxy3

• Syncing between devices

• com.apple.sbd3 (securebackupd3)• Restore if no other devices

ICLOUD KEYCHAIN SYNCcom.apple.security.cloudkeychainproxy3

Sign(usrPwd, Bpub)

Sign(Bpriv, (Apub, Bpub))

Sign(Apriv, Apub)Sign(userPwd, Apub)

Sign(Apriv, (Apub, Bpub))Sign(userPwd, (Apub, Bpub))

KEY-VALUE STOREcom.apple.sbd3

Key Description

com.apple.securebackup.enabled Is Keychain data saved in KVS?

com.apple.securebackup.record Keychain records, encrypted

SecureBackupMetadata iCSC complexity, timestamp, country

BackupKeybag Keybag protecting Keychain records

BackupUsesEscrow Is keybag password escrowed?

BackupVersion Version, currently @“1”

BackupUUID UUID of the backup

ESCROW PROXY• New, designed to store precious secrets

• MFA to recover escrowed data

• Must be signed into iCloud

• Must provide 6-digit code sent via SMS

• Must prove knowledge of iCSC via SRP

• Data destroyed after ~10 failed attempts

• User-Agent: com.apple.lakitu (iOS/OS X)

DATA ESCROWescrowproxy.icloud.com

keyvalueservice.icloud.com

DATA ESCROWescrowproxy.icloud.com

iCloud Security Code1234

DATA ESCROW

Backup KeybagKey 1Key 2Key 3

escrowproxy.icloud.com

DATA ESCROW

Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb

AES-GCM256 bit

Encrypted Keychain

DATA ESCROW

Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4

AES-GCM256 bit

Encrypted Keychain

DATA ESCROW

AES-GCM256 bit

Encrypted Keychain

AES-Wrap KeysRFC 3394

Encrypted Keybag

DATA ESCROW

PBKDF2SHA-256 x 10’000

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

DATA ESCROW

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

DATA RECOVERYescrowproxy.icloud.com

DATA RECOVERYPBKDF2

SHA-256 x 10’000

AES-CBC256 bit

DATA RECOVERY

AES-CBC256 bit

DATA RECOVERY

AES-CBC256 bit

Encrypted Keybag

DATA RECOVERY

AES-CBC256 bit

Encrypted Keybag

DATA RECOVERY

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

DATA RECOVERY

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

DATA RECOVERY

DATA RECOVERY/get_records

List of escrowed recordsescrowproxy.icloud.com

List of escrowed records

/get_sms_targets

List of phone numbers

/get_sms_targets

/generate_sms_challenge

/get_sms_targets

/srp_init [DsID, A, SMS CODE]

[UUID, DsID, SALT, B]

/get_sms_targets

/srp_init [DsID, A, SMS CODE]

[UUID, DsID, SALT, B]

/recover [UUID, DsID, M, SMS CODE]

[IV, AES-CBC(KSRP, Escrowed Record)]

SECURE REMOTE PASSWORD • Zero-knowledge password proof scheme

• Combats sniffing/MITM

• One password guess per connection attempt

• Password verifier is not sufficient for impersonation

• Escrow Proxy uses SRP-6a

Key Negotiation

a ← randomA ← g^a

b ← randomB ← kv + g^b

u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)

S ← (Av^u) ^ bK ← H(S)

Key Verification

M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)

(Aborts if M is invalid)

SALT, B

H(A, M, K)

Password verifier:

SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)

Agreed-upon parameters:

H – one-way hash functionN, g – group parametersk ← H(N, g)

Key Negotiation

a ← randomA ← g^a

b ← randomB ← kv + g^b

u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)

S ← (Av^u) ^ bK ← H(S)

Key Verification

M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)

(Aborts if M is invalid)

ID, A, SMS CODE

SALT, B

M, SMS CODE

H(A, M, K)

Password verifier:

SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)

Agreed-upon parameters:

H – SHA-256N, g – RFC 5054 w. 2048-bit groupk ← H(N, g)

ESCROW PROXY COMMANDS

Endpoint Description

get_club_cert Obtains some certificate for a userenroll Escrows a record and returns phoneToken

get_records Lists escrowed recordsget_sms_targets Lists phone numbers used for verification

generate_sms_challenge Sends SMS challengesrp_init First step of SRP protocolrecover Second step of SRP protocol

alter_sms_target Given a phoneToken, changes phone number used for verification

ALTER_SMS_TARGET

• Changes phone number used for verification

• Stricter authentication: requires AppleID password

• Authentication token won’t work

• Requires phoneToken returned at escrow time

• iOS 8 finally exposes this in the UI

ESCROW RECORD

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

ESCROW RECORD

AES-CBC256 bit

ESCROW RECORD

AES-CBC256 bit

EscrowRecord ← AES-CBC(Key, RandomPassword)

Key ← PBKDF2-SHA256(iCSC, 10’000)

ESCROW RECORDEscrowRecord ← AES-CBC(Key, RandomPassword)

Key ← PBKDF2-SHA256(iCSC, 10’000)

This is stored by AppleThis is 4 digits by default

For default settings access is totally feasible!

ESCROW RECORD• Offline iCSC guessing is possible

• Almost instant recovery [for default settings]

• iCSC decrypts keybag password

• Keybag password unlocks keybag keys

• Keybag keys decrypt Keychain items

Apple, or other adversary with access to stored data, can near-instantly decrypt “master” password and consequently decrypt backed up

iCloud Keychain records

(for default settings)

BUT CAN APPLE ACCESS STORED DATA?

HARDWARE SECURITY MODULE

• Apple claims it uses HSMs for storing escrowed data

• Impossible to verify from outside

DATA ESCROW

iCloud Security Codecorrect horse battery staple PBKDF2

SHA-256 x 10’000

AES-CBC256 bit

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

COMPLEX ICSC

• Mechanics are the same as with simple iCSC

• Offline password recovery attack is still possible, although pointless if password is complex enough

DATA ESCROW

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

AES-CBC256 bit

SHA-256 x 10’000

DATA ESCROWRandom Password

BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

RANDOM ICSC

Escrow Proxy is not used

DATA ESCROW

AES-GCM256 bit

Encrypted Keychain

Encrypted Keybag

AES-CBC256 bit

SHA-256 x 10’000

DATA ESCROW

NO ICSC

Escrow Proxy is not used

Keychain is not backed up

ATTACK SURFACEiCloud Keychain Services

Master Password Escrow iCloud Keychain Backup iCloud Keychain Sync

No iCloud Security Code

Random iCloud Security Code

Complex iCloud Security Code

Simple iCloud Security Code (default)

CONCLUSIONS

• Trust your vendor but verify his claims

• Never use simple iCloud Security Code

• Overall, iCloud Keychain is reasonably well engineered

THANK YOU!

abelenko@viaforensics.com@abelenko

2014.11 asfws

Technology