2014.11 asfws
DESCRIPTION
sTRANSCRIPT
![Page 1: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/1.jpg)
ON THE SECURITY OF THE ICLOUD KEYCHAIN
Andrey BelenkoviaForensics
![Page 2: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/2.jpg)
ICLOUD
• Introduced in 2011
• iOS 5 and OS X 10.7
• 320M accounts (July 2013)
![Page 3: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/3.jpg)
ICLOUD
![Page 4: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/4.jpg)
ICLOUD STORAGE
![Page 5: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/5.jpg)
ICLOUD KEYCHAIN
![Page 7: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/7.jpg)
ICLOUD KEYCHAIN
• Introduced in 2013
• iOS 7.0.3 and OS X 10.9
• Two different services:
• iCloud Keychain Sync
• iCloud Keychain (Escrow and) Recovery
![Page 8: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/8.jpg)
INTERCEPTING COMMS
iCloud.com certificate is not pinned
![Page 9: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/9.jpg)
FIRST STEPS
![Page 10: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/10.jpg)
FIRST STEPSGET /authenticate
AppleID, password
![Page 11: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/11.jpg)
FIRST STEPS
DsID, mmeAuthToken, fmipAuthToken
GET /authenticate
AppleID, password
![Page 12: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/12.jpg)
FIRST STEPS
DsID, mmeAuthToken, fmipAuthToken
GET /authenticate
AppleID, password
GET /get_account_settings
AppleID, password
![Page 13: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/13.jpg)
FIRST STEPS
DsID, mmeAuthToken, fmipAuthToken
GET /authenticate
AppleID, password
Account informationAccount settings
GET /get_account_settings
AppleID, password
![Page 14: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/14.jpg)
ACCOUNT SETTINGS
![Page 15: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/15.jpg)
ACCOUNT SETTINGS
![Page 16: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/16.jpg)
ACCOUNT SETTINGS
![Page 17: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/17.jpg)
SETUP
![Page 18: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/18.jpg)
THE BIG PICTUREescrowproxy.icloud.comkeyvalueservice.icloud.com
![Page 19: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/19.jpg)
THE BIG PICTURE
Keychain (encrypted)
Keybag (encrypted)
escrowproxy.icloud.comkeyvalueservice.icloud.com
![Page 20: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/20.jpg)
THE BIG PICTURE
Keychain (encrypted)
Keybag (encrypted)
escrowproxy.icloud.comkeyvalueservice.icloud.com
Keychain sync
![Page 21: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/21.jpg)
THE BIG PICTURE
Keychain (encrypted)
Keybag (encrypted)
escrowproxy.icloud.comkeyvalueservice.icloud.com
Master Secret
Keychain sync
![Page 22: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/22.jpg)
KEY-VALUE STORE• Not new
• Many apps use it to keep in sync across devices
• iCloud Keychain uses two stores:• com.apple.security.cloudkeychainproxy3
• Syncing between devices
• com.apple.sbd3 (securebackupd3)• Restore if no other devices
![Page 23: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/23.jpg)
ICLOUD KEYCHAIN SYNCcom.apple.security.cloudkeychainproxy3
Sign(usrPwd, Bpub)
Sign(Bpriv, (Apub, Bpub))
Sign(Apriv, Apub)Sign(userPwd, Apub)
Sign(Apriv, (Apub, Bpub))Sign(userPwd, (Apub, Bpub))
![Page 24: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/24.jpg)
KEY-VALUE STOREcom.apple.sbd3
Key Description
com.apple.securebackup.enabled Is Keychain data saved in KVS?
com.apple.securebackup.record Keychain records, encrypted
SecureBackupMetadata iCSC complexity, timestamp, country
BackupKeybag Keybag protecting Keychain records
BackupUsesEscrow Is keybag password escrowed?
BackupVersion Version, currently @“1”
BackupUUID UUID of the backup
![Page 25: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/25.jpg)
ESCROW PROXY• New, designed to store precious secrets
• MFA to recover escrowed data
• Must be signed into iCloud
• Must provide 6-digit code sent via SMS
• Must prove knowledge of iCSC via SRP
• Data destroyed after ~10 failed attempts
• User-Agent: com.apple.lakitu (iOS/OS X)
![Page 26: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/26.jpg)
DATA ESCROWescrowproxy.icloud.com
keyvalueservice.icloud.com
![Page 27: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/27.jpg)
DATA ESCROWescrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 28: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/28.jpg)
DATA ESCROW
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 29: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/29.jpg)
DATA ESCROW
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
AES-GCM256 bit
Encrypted Keychain
![Page 30: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/30.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
AES-GCM256 bit
Encrypted Keychain
![Page 31: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/31.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
AES-GCM256 bit
Encrypted Keychain
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 32: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/32.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
AES-GCM256 bit
Encrypted Keychain
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 33: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/33.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
AES-GCM256 bit
Encrypted Keychain
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 34: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/34.jpg)
DATA RECOVERYescrowproxy.icloud.com
keyvalueservice.icloud.com
![Page 35: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/35.jpg)
DATA RECOVERYescrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 36: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/36.jpg)
DATA RECOVERYescrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 37: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/37.jpg)
DATA RECOVERYPBKDF2
SHA-256 x 10’000
AES-CBC256 bit
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 38: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/38.jpg)
DATA RECOVERY
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
![Page 39: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/39.jpg)
DATA RECOVERY
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 40: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/40.jpg)
DATA RECOVERY
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 41: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/41.jpg)
DATA RECOVERY
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
AES-GCM256 bit
Encrypted Keychain
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 42: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/42.jpg)
DATA RECOVERY
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
escrowproxy.icloud.com
keyvalueservice.icloud.com
iCloud Security Code1234
AES-GCM256 bit
Encrypted Keychain
AES-Wrap KeysRFC 3394
Encrypted Keybag
![Page 43: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/43.jpg)
DATA RECOVERY
escrowproxy.icloud.com
![Page 44: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/44.jpg)
DATA RECOVERY/get_records
List of escrowed recordsescrowproxy.icloud.com
![Page 45: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/45.jpg)
DATA RECOVERY/get_records
List of escrowed records
/get_sms_targets
List of phone numbers
escrowproxy.icloud.com
![Page 46: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/46.jpg)
DATA RECOVERY/get_records
List of escrowed records
/get_sms_targets
List of phone numbers
/generate_sms_challenge
OK
escrowproxy.icloud.com
![Page 47: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/47.jpg)
DATA RECOVERY/get_records
List of escrowed records
/get_sms_targets
List of phone numbers
/generate_sms_challenge
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]
escrowproxy.icloud.com
![Page 48: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/48.jpg)
DATA RECOVERY/get_records
List of escrowed records
/get_sms_targets
List of phone numbers
/generate_sms_challenge
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]
/recover [UUID, DsID, M, SMS CODE]
[IV, AES-CBC(KSRP, Escrowed Record)]
escrowproxy.icloud.com
![Page 49: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/49.jpg)
SECURE REMOTE PASSWORD • Zero-knowledge password proof scheme
• Combats sniffing/MITM
• One password guess per connection attempt
• Password verifier is not sufficient for impersonation
• Escrow Proxy uses SRP-6a
![Page 50: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/50.jpg)
Key Negotiation
a ← randomA ← g^a
b ← randomB ← kv + g^b
u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)
S ← (Av^u) ^ bK ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A
SALT, B
M
H(A, M, K)
Password verifier:
SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)
Agreed-upon parameters:
H – one-way hash functionN, g – group parametersk ← H(N, g)
![Page 51: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/51.jpg)
Key Negotiation
a ← randomA ← g^a
b ← randomB ← kv + g^b
u ← H(A, B) u ← H(A, B)x ← H(SALT, Password)S ← (B - kg^x) ^ (a + ux)K ← H(S)
S ← (Av^u) ^ bK ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A, SMS CODE
SALT, B
M, SMS CODE
H(A, M, K)
Password verifier:
SALT ← randomx ← H(SALT,Password)v ← g^x (mod N)
Agreed-upon parameters:
H – SHA-256N, g – RFC 5054 w. 2048-bit groupk ← H(N, g)
![Page 52: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/52.jpg)
ESCROW PROXY COMMANDS
Endpoint Description
get_club_cert Obtains some certificate for a userenroll Escrows a record and returns phoneToken
get_records Lists escrowed recordsget_sms_targets Lists phone numbers used for verification
generate_sms_challenge Sends SMS challengesrp_init First step of SRP protocolrecover Second step of SRP protocol
alter_sms_target Given a phoneToken, changes phone number used for verification
![Page 53: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/53.jpg)
ALTER_SMS_TARGET
• Changes phone number used for verification
• Stricter authentication: requires AppleID password
• Authentication token won’t work
• Requires phoneToken returned at escrow time
• iOS 8 finally exposes this in the UI
![Page 54: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/54.jpg)
ESCROW RECORD
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
iCloud Security Code1234
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
AES-GCM256 bit
AES-Wrap KeysRFC 3394
escrowproxy.icloud.com
keyvalueservice.icloud.com
Encrypted Keychain
Encrypted Keybag
![Page 55: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/55.jpg)
ESCROW RECORD
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
iCloud Security Code1234
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
escrowproxy.icloud.com
![Page 56: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/56.jpg)
ESCROW RECORD
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
iCloud Security Code1234
PBKDF2SHA-256 x 10’000
AES-CBC256 bit
escrowproxy.icloud.com
EscrowRecord ← AES-CBC(Key, RandomPassword)
Key ← PBKDF2-SHA256(iCSC, 10’000)
![Page 57: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/57.jpg)
ESCROW RECORDEscrowRecord ← AES-CBC(Key, RandomPassword)
Key ← PBKDF2-SHA256(iCSC, 10’000)
This is stored by AppleThis is 4 digits by default
For default settings access is totally feasible!
![Page 58: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/58.jpg)
ESCROW RECORD• Offline iCSC guessing is possible
• Almost instant recovery [for default settings]
• iCSC decrypts keybag password
• Keybag password unlocks keybag keys
• Keybag keys decrypt Keychain items
![Page 59: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/59.jpg)
Apple, or other adversary with access to stored data, can near-instantly decrypt “master” password and consequently decrypt backed up
iCloud Keychain records
(for default settings)
![Page 60: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/60.jpg)
BUT CAN APPLE ACCESS STORED DATA?
![Page 61: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/61.jpg)
HARDWARE SECURITY MODULE
• Apple claims it uses HSMs for storing escrowed data
• Impossible to verify from outside
![Page 62: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/62.jpg)
SETUP
![Page 63: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/63.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
iCloud Security Codecorrect horse battery staple PBKDF2
SHA-256 x 10’000
AES-CBC256 bit
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
AES-GCM256 bit
AES-Wrap KeysRFC 3394
escrowproxy.icloud.com
keyvalueservice.icloud.com
Encrypted Keychain
Encrypted Keybag
![Page 64: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/64.jpg)
COMPLEX ICSC
• Mechanics are the same as with simple iCSC
• Offline password recovery attack is still possible, although pointless if password is complex enough
![Page 65: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/65.jpg)
SETUP
![Page 66: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/66.jpg)
DATA ESCROW
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
AES-GCM256 bit
AES-Wrap KeysRFC 3394
keyvalueservice.icloud.com
Encrypted Keychain
Encrypted Keybag
AES-CBC256 bit
iCloud Security Codecorrect horse battery staple PBKDF2
SHA-256 x 10’000
escrowproxy.icloud.com
![Page 67: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/67.jpg)
DATA ESCROWRandom Password
BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
AES-GCM256 bit
AES-Wrap KeysRFC 3394
keyvalueservice.icloud.com
Encrypted Keychain
Encrypted Keybag
![Page 68: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/68.jpg)
RANDOM ICSC
Escrow Proxy is not used
![Page 69: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/69.jpg)
SETUP
![Page 70: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/70.jpg)
DATA ESCROW
keyvalueservice.icloud.com
escrowproxy.icloud.com
Random PasswordBL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Keychain PasswordsyMa9ohCJtzzcVhE7sDVoCnb
Backup KeybagKey 1Key 2Key 3
AES-GCM256 bit
AES-Wrap KeysRFC 3394
Encrypted Keychain
Encrypted Keybag
AES-CBC256 bit
iCloud Security Codecorrect horse battery staple PBKDF2
SHA-256 x 10’000
![Page 71: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/71.jpg)
DATA ESCROW
keyvalueservice.icloud.com
escrowproxy.icloud.com
![Page 72: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/72.jpg)
NO ICSC
Escrow Proxy is not used
Keychain is not backed up
![Page 73: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/73.jpg)
ATTACK SURFACEiCloud Keychain Services
Master Password Escrow iCloud Keychain Backup iCloud Keychain Sync
No iCloud Security Code
Random iCloud Security Code
Complex iCloud Security Code
Simple iCloud Security Code (default)
![Page 74: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/74.jpg)
CONCLUSIONS
![Page 75: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/75.jpg)
CONCLUSIONS
• Trust your vendor but verify his claims
• Never use simple iCloud Security Code
• Overall, iCloud Keychain is reasonably well engineered
![Page 76: 2014.11 asfws](https://reader034.vdocument.in/reader034/viewer/2022051016/559ef80a1a28abdd768b468c/html5/thumbnails/76.jpg)
Q & A