2 2 MOBILE FORENSICS Nella Computer Forensics, le evidenze che vengono acquisite sono dispositivi statici di massa; questa significa che possiamo ottenere la stessa immagine (bit stream) ogni volta. Nella Mobile Forensics tutti dispositivi possono essere considerati come dispositivi dinamici salvo particolari modalità di acquisizione (fisica).
3 3 IPHONE ENCRYPTION Data Protection File System Encryption SECURE ENCLAVE (5S) UID (256 bit)
4 4 FILE SYSTEM ENCRYPTION File System Encryption: since iphone 3GS*, Apple offers 256-bit AES encoding hardware-based encryption to protect all data on the device. Disk encryption was designed to accomplish one thing: Instantaneous remote wipe. Disk wiping work by simply erasing the 256-bit AES key used to encrypt the data (EMF, Dkey and BAG1 Key).
5 5 DATA PROTECTION Data Protection: Apple develop a new encryption scheme that has the primary advantage of using the user s passcode or password to derive a key that is used to encrypt data on the device. When the phone is locked or turned off, the key is immediately erased, making data secured on the device inaccessible. Data protection is a feature available for devices that offer hardware encryption, including iphone 3GS and later, all ipad models, and ipod touch (3rd generation and later).
6 6 File System Encryption (EMF) DATA ENCRYPTION Data Protection FILE Contenuto del file criptato con una chiave unica. La chiave viene criptata con una CLASS KEY e inserita nei metadati del file. I Metadati sono criptati con una File System Key La CLASS KEY è protetta da un HARDWARE UID e dalla password dell utente. (ES Dkey per la maggior parte dei file)
7 7 File System Encryption (EMF) DATA ENCRYPTION Data Protection Ogni file è criptato con una chiave diversa. La chiave che cripta il file è criptata con la chiave del DATA PROTECTION. Il risultato delle criptazione della chiave che cripta il file viene salvato nei metadati del file. Il metadato che descrive il file viene criptato con la chiave di criptazione del File System.
8 8 WIPE AREA (Effaceable Storage) NAND BLOCK1 DATA ENCRYPTION: FILE SYSTEM ENCRYPTION File System encryption protects the raw File System. If you were to remove and dump the contents of the NAND chip inside an ios device, you d find that the entire File System portion of the NAND is encrypted. The encryption key used to encrypt the DATA USER File System is named EMF stored into the block 1 of the NAND. NAND BLOCK 16 TO (END-15) https://code.google.com/p/iphone-dataprotection/wiki/encryptionkeys
9 9 NAND BLOCK1 DATA ENCRYPTION: FILE SYSTEM ENCRYPTION Starting from iphone 3GS, idevices contain a cryptographic chip that performs hardware encryption of the filesystem. The NAND chip is a flash memory organized as the following: Block 1 : contains the following encryption keys: EMF : used to encrypt the DATA PARTITION. Dkey: used to encrypt the master key of the protection class "NSFileProtectionNone" (the majority of files) BAG1: used with the passcode to produce the encryption keys for the other master keys (for files like Mails...). Block 16 to (END-15): contains the HFS+ filesystem. NAND BLOCK 16 TO (END-15) https://code.google.com/p/iphone-dataprotection/wiki/encryptionkeys
10 10 NAND BLOCK1 DATA ENCRYPTION: FILE SYSTEM ENCRYPTION EMF and Dkey keys are automatically extracted from Block 1 of the NAND in order to decrypt the the HFS+ filesystem Data Partition. UID key: hardware key (256 bit) embedded in the application processor AES engine, unique for each device. This key is not accessible by the CPU. The UID is also not available via JTAG or from any kind of debug interface. NAND BLOCK 16 TO (END-15) https://code.google.com/p/iphone-dataprotection/wiki/encryptionkeys
11 11 DATA ENCRYPTION: PROTECTION CLASS This technology is designed with mobile devices in mind, taking into account the fact that they may always be turned on and connected to the Internet, and may receive phone calls, text, or s at any time. Data Protection allows a device to respond to events such as incoming phone calls without decrypting sensitive data and downloading new information while locked. These individual behaviours are controlled on a per-file basis by assigning each file to a class, as described in the Classes section later in document. ios Security October 2012
12 12 (24/09/2014) DATA ENCRYPTION: PROTECTION CLASS Data protection is available for devices that offer hardware encryption, including iphone 3GS and later, all ipad models, and ipod touch (3rd generation and later). Enable data protection by configuring a passcode for your device.
13 13 DATA ENCRYPTION: PROTECTION CLASS HIGHT METADATI FILE EMF + F(Bag1 key + Passcode) LOW EMF + Dkey ios Security October 2012
14 14 DATA ENCRYPTION: PROTECTION CLASS NSFileProtectionComplete. The class key is protected with a key derived from the user passcode and the device UID. The decrypted class key is discarded, rendering all data in this class inaccessible until the user enters the passcode again or unlocks the device using Touch ID. NSFileProtectionCompleteUnlessOpen. Some files may need to be written while the device is locked. A good example of this is a mail attachment downloading in the background. NSFileProtectionCompleteUntilFirstUserAuthentication. This class behaves in the same way as Complete Protection, except that the decrypted class key is not removed from memory when the device is locked. NSFileProtectionNone. This class key is protected only with the UID, and is kept in Effaceable Storage. This is the default class for all files not otherwise assigned to a Data Protection class. ios Security February 2014
15 15 CRIPTAZIONE: PROTECTION CLASS
16 16 DATA ENCRYPTION: PROTECTION CLASS When a Protection Class is used each individual file is encrypted with a unique key. When any file on the File System is deleted, the unique key for that file is discarded, which make the file unrecoverable. File system s wiping consists of rewriting the EMF, Dkey and BAG1 Key. Files deletion consists of deleting the associated Key (cprotect).
17 17 DATA ENCRYPTION: KEYBAGS The keys for services and keychain Data Protection classes are collected and managed in keybags. ios uses the following keybags: System: is where the wrapped class keys used in normal operation of the device are stored. Backup: is created when an encrypted backup is made by itunes and stored on the computer to which the device is backed up. Escrow: is used for itunes syncing and Mobile Device Management (MDM). This keybag allows itunes to back up and sync without requiring the user to enter a passcode, and it allows an MDM server to remotely clear a user s passcode. It is stored on the computer that s used to sync with itunes, or on the MDM server that manages the device. icloud: is similar to the Backup keybag. ios Security February 2014
APPLICATION SECURITY OVERVIEW Users have access to additional layers of security that are controlled and determined by the company s ICE administrator. These are designed to ensure company policies are
Apple Deployment Programs Apple ID for Students: Parent Guide As a parent or guardian, you want the best learning environment for your student. One that makes learning relevant for each student and allows
GO!NotifyLink ActiveSync Solution for ios Devices User Guide GO!NotifyLink ActiveSync Solution for ios Devices: iphone, ipod touch, ipad, ipad mini What s in this document This document: Lists software
BEST PRACTICES FOR A COLLECTION OF AN IOS MOBILE DEVICE by Richard A. Rodney As the use of ios devices continues to proliferate in the business space, they present some unique challenges when data must
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
HomeBudget Anishu, Inc. Overview Data Import User Guide HomeBudget supports import of OFX/QFX 1,2 formatted financial transactions from bank and credit card accounts. There are two methods to import data:
Exchange / Outlook Microsoft Exchange/Outlook offers employees the opportunity to access their email anywhere at anytime through Web Access. Changes made through the Exchange Server will be shared to the
Installation and Upgrade Guide Copyright Statement Copyright Acronis International GmbH, 2002-2014. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis International
OS X Support Essentials 10.10 Exam Preparation Guide Updated January 2015 1 Contents About This Guide... 3 Exam Details... 4 Recommended Exam Preparation... 4 Part One: Installation and Configuration...
Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and
Track Fleet Personnel / Vehicles with a Mobile Device Users with access to the GPS Fleet Tracker mobile app on iphone and Android can now enable a tracking session on their smartphone, turning their phone
CCC Technologies, Inc. 700 Nicholas Blvd., Suite 300 Elk Grove Village, IL 60007 877.282.9227 www.ccctechnologies.com Online Backup Solution Features Introduction Computers are the default storage medium
User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written
www.css-security.com 425.216.0720 WHITE PAPER Microsoft Windows (RMS) provides authors and owners the ability to control how they use and distribute their digital content when using rights-enabled applications,
Bosch Video Management System Device Replacement Guide en Technical Note Bosch Video Management System Table of Contents en 3 Table of contents 1 Introduction 4 2 System overview 4 2.1 Hardware requirements
LogMeIn Backup Getting Started Guide Contents Getting Started with LogMeIn Backup...3 About LogMeIn Backup...3 How does LogMeIn Backup Work, at-a-glance?...3 About Security in LogMeIn Backup...3 LogMeIn
G DATA TechPaper #0273 Mobile Device Management G DATA Application Development TechPaper_#0273_2015_04_21 Contents 1. 2. 3. 4. Introduction... 3 Mobile devices in the enterprise... 3 2.1. Benefits... 4
Remote Data Backup Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and expensive method for
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
1221 John Q. Hammons Drive Madison, WI 53717 P.O. Box 44966, Madison, WI 53717 P: 608.826.2400 TF: 800.366.9091 F: 608.831.4243 www.sva.com Introduction Computers are the default storage medium for most
VMware/Hyper-V Backup Plug-in User Guide COPYRIGHT No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying,
By Kunjan Shah, Principal Consultant, McAfee Foundstone Professional Services Table of Contents Tip 1: Enable Passcode Lock on Your iphone 3 Tip 2: Disable Features that Could Be Accessed Without Entering
A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password
Citi Secure Email Program Receiving Secure Email from Citi For External Customers and Business Partners Protecting the privacy and security of client information is a top priority at Citi. Citi s Secure
Setting up WeMo is incredibly simple. All you need is: Your WeMo Switch and WeMo Motion An appliance you'd like to control iphone, ipod Touch or ipad Wi-Fi Router Using your ios device, open the App Store,