iOS 钥匙串安全
我们希望使用 iPhone 上的证书来对 MS Exchange Sync 进行身份验证。我们不确定如何实施安全概念来保护此证书。
例如,如果没有启用 ScreenLock,是否可以在 iPhone 上获得“完全”钥匙串访问? (或使用越狱的 iPhone)。
有人有这方面的链接吗?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Fraunhofer 关于 iOS 钥匙串安全性的研究:
据我所知,iOS 有两个级别的加密钥匙扣用途。第一级使用锁屏密码作为加密密钥。第二级使用由设备生成并存储在设备上的密钥。
弗劳恩霍夫的研究人员已经找到了绕过第二层的方法。这是“更容易”绕过的级别,因为加密密钥存储在设备上。因此,在 iOS4 上,他们的方法仅适用于不使用 kSecAttrAccessibleWhenUnlocked 或 kSecAttrAccessibleWhenUnlockedThisDeviceOnly 的钥匙串条目,因为这些条目驻留在内存中,并且第一级已解密 - 即使手机已锁定。
底线:
如果必须存储敏感数据,最好使用自己的加密。并且不要将密钥存储在设备上。
编辑:
有许多新闻文章引用了弗劳恩霍夫研究并向读者保证不会除非他们的设备被盗,否则不用担心,因为这种攻击只能通过物理访问设备来完成。
我有点怀疑。研究人员通过物理访问手机进行测试的事实似乎只是简化问题的一种方法,而不是一种限制。这是他们对解密钥匙串条目所做的描述:
使用过ijilbreak.me 的人都知道,越狱不需要对设备进行物理访问。理论上,修改 Jailbreak.me 代码并让它自动执行以下操作应该很简单:
所以再次要小心你放在钥匙串中的内容。
Fraunhofer's study on iOS keychain security:
From what I can tell, there are two levels of encryption that the iOS keychain uses. The first level uses the lock screen passcode as the encryption key. The second level uses a key generated by and stored on the device.
Fraunhofer's researchers have figured out how to get around the second level. This is the "easier" level to get around, since the encryption key is stored on the device. So on iOS4, their method only works with keychain entries which do NOT use kSecAttrAccessibleWhenUnlocked or kSecAttrAccessibleWhenUnlockedThisDeviceOnly, because those entries reside in memory with the first level decrypted--even when the phone is locked.
Bottom line:
If you must store sensitive data, better use your own encryption. And don't store the key on the device.
Edit:
There are numerous news articles which cite the Fraunhofer study and reassure their readers not to worry unless their devices are stolen, because this attack can only be done with physical access to the device.
I'm somehow doubtful. The fact the researchers did their tests with physical access to the phone seems to have just been a way to simplify the problem, as opposed to being a limitation. This is their description of what they did to decrypt the keychain entries:
As anyone who has used jailbreak.me knows, jailbreaking does not require physical access to the device. Theoretically it should be trivial to modify the jailbreak.me code and have it automate the following:
So once again, be cautious about what you put in the keychain.
通常,钥匙串是存储此类证书的推荐方式。然而,人们发现越狱可以用来绕过钥匙串的安全性(文章)。
Normally, the keychain would be the recommended way to store such a certificate. However, it has been discovered that jailbreaking can be used to bypass the security of the keychain (article).
Franhofer 对 iPhone 钥匙串的安全性进行了研究:
http://www .sit.fraunhofer.de/Images/sc_iPhone%20Passwords_tcm501-80443.pdf
Franhofer did a study on the safety of the iPhone Keychain :
http://www.sit.fraunhofer.de/Images/sc_iPhone%20Passwords_tcm501-80443.pdf
我可以回答你的部分问题,但由于另一部分仍然未知,我对这个问题进行投票,因为我也渴望知道答案。
我可以回答的部分是:“如果没有启用屏幕锁,应用程序可以获得完整的钥匙串访问权限”。不,每个应用程序在 iPhone 上都有自己的钥匙串区域,这意味着应用程序只能访问自己的秘密。这些秘密并未针对应用程序本身锁定,因此无法对应用程序本身隐藏钥匙串条目。总结一下:应用程序可以读取自己的条目,而不能读取其他条目。
但我有兴趣知道越狱设备上会发生什么。设备越狱后,所有应用程序的钥匙串是否都会暴露?
I can answer part of your question, but since the other part is still unknown, I'm voting the question up as I'm also eager to know the answer.
The part that I can answer is: 'can an app get full keychain access if no screenlock is enabled'. No, every app has its own keychain area on the iphone, which means an app can only get access to its own secrets. These secrets are not locked for the app itself, so there's no way to hide the keychain entries from the app itself. So to summarize: an app can read its own entries, and no other entries.
What I'm interested to know though is what happens on jailbroken devices. Are the keychains of all apps exposed once a device has a jailbreak?