Chain secure boot, code signing, and security of all the runtime process helps to ensure only trusted code and applications can run on the device features The Power Of Encryption and Data Protection IOS. iOS has additional encryption and data protection features to protect user data, even in cases where other parts security infrastructure has been compromised (for example, the device with unauthorized modification). This provides important benefits for users and IT administrators, protecting personal and company information at any time and provide methods for instant and complete remote device wipe in case of theft or loss.
Hardware security features
In mobile devices, the speed and power efficiency is very important. cryptographic operations very complex and can introduce performance or battery life problems if not designed and implemented with these priorities in mind.
Each device has a dedicated iOS AES crypto engine 256 is built to track DMA between the flash storage and a main system memory, create a file encryption very efficient.
Unique device ID (UID) and group ID of the device (GID) is AES 256-bit key fused (UID) or compiled (GID) to the processors during the application and Secure Enclave manufacturing.
No software or firmware can be read directly; they only can see The result of the encryption or decryption operation performed by a dedicated machine AES implemented in silicon using the UID or GID as a key. In addition, the Secure Enclave UID and GID can only be used by the AES engine dedicated to safe Enclave.
UID is unique to each device and is not recorded by Apple or suppliers.
The Gids are common to all processors in the device class (eg, all devices use Apple A8 processor), and used for non-critical tasks such as security provides software and restore the system during installation. Integrating this key into silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. UIDs and GIDs are also not available via JTAG or other debugging interface.
UID allows data to be cryptographically bound to a particular device. For example, Key protect the file system hierarchy including UID, so if the memory chip physically moved from one device to another, the file can not be accessed. UID not other identifier associated with the device.
In addition to the UID and GID, all other cryptographic keys are created by the system random number generator (RNG) using an algorithm based CTR_DRBG. system entropy resulting from variations at boot time, and in addition to interrupt time after the device has booted. Button in the Secure Enclave generated using her true hardware random number generator based on some ring oscillator posts treated with CTR_DRBG.
Safely remove the key stored is just as important as their produce. this is especially challenging to do it on a flash storage, in which the wear-leveling can mean multiple copies Data needs to be removed. To solve this problem, special features include iOS devices for secure deletion of data called Effaceable Storage. This feature access the underlying storage technologies (eg, NAND) to directly address and remove a small amount blocks at a very low level.
This is a fraction of the features The Power Of Encryption and Data Protection IOS
0 comments:
Post a Comment