Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Iphone 5s Touch ID Security
1.
2. T o u c h I D i s t h e f i n g e r p r i n t s e n s i n g s y s t e m b u i l t i n t o i P h o n e 5 s ,
m a k i n g s e c u r e a c c e s s t o t h e d e v i c e f a s t e r a n d e a s i e r . T o u c h I D
c a n b e t r a i n e d t o r e c o g n i z e u p t o f i v e d i f f e r e n t f i n g e r s . Wi t h o n e
f i n g e r e n r o l l e d , t h e c h a n c e o f a r a n d o m m a t c h wi t h s o m e o n e e l s e
i s 1 i n 5 0 , 0 0 0 . T o u c h I D s e n s o r i s o n l y 1 7 0 m i c r o n s t h i n , n o t m u c h
t h i c k e r t h a n a h u m a n h a i r . T h i s h i g h - r e s o l u t i o n 5 0 0 p p i s e n s o r c a n
r e a d e x t r e m e l y f i n e d e t a i l s o f y o u r f i n g e r p r i n t .
3. There are two kinds of processors, application processor (A7) and Secure Enclave.
What is Secure Enclave?
A coprocessor fabricated in the Apple A7 chip, has its OWN secure boot and personalized
software update, encrypted memory and hardware random number generator.
What does Secure Enclave do?
• It provides all cryptographic operations for Data Protection key management and
maintains the integrity of Data Protection.
• it is also responsible for processing fingerprint data, determining if there is a match, and
enabling access or purchase on behalf of the user.
• (The 88-by-88-pixel, 500-ppi raster scan is temporarily stored in encrypted memory within
the Secure Enclave while being vectorized for analysis, and then it’s discarded after.
SECURE ENCLAVE
4. How Secure Enclave communicate with app processor?
• Communication is isolated to an interrupt-driven mailbox and shared memory data. buffers
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID), not known
to Apple, not accessible to other parts of the system.
• Note that this UID is NOT SAME with that fused into application processor. Create an
ephemeral key tangled with UID to encrypt Secure Enclave’s portion of the device’s memory
space.
• Data saved to file system by Secure Enclave is encrypted with a key tangled with UID and an
anti-replay counter.
• Utilizes System Software Authorization to ensure the integrity of its software and prevent
downgrade.
5. How Touch ID unlocks iPhone 5s
On devices with an A7 processor, the Secure Enclave holds the cryptographic class keys for Data
Protection.
When a device locks, the keys for Data Protection class Complete are discarded, and files and
keychain items in that class are inaccessible until the user unlocks the device by entering their
passcode.
6. • On iPhone 5s with Touch ID turned on, the keys are not discarded when the device locks;
instead, they’re wrapped with a key that is given to the Touch ID subsystem.
• When a user attempts to unlock the device, if Touch ID recognizes the user’s fingerprint, it
provides the key for unwrapping the Data Protection keys and the device is unlocked.
• This process provides additional protection by requiring the Data Protection and Touch ID
subsystems to cooperate in order to unlock the device.
7. Encryption/Decryption
• Every iOS device has a dedicated AES 256 crypto engine built into the DMA path
between the flash storage and main system memory, making file encryption highly
efficient.
• Along with the AES engine, SHA-1 is implemented in hardware, further reducing
cryptographic operation overhead.
8. Spoofing Fingerprints
The iPhone 5s's fingerprint sensor does not only Appear to Provide no additional
protection, its use even under mines other security mechanisms. Fingerprints are not fit
for secure local user authentication as long as spoofs ("fake fingers") can be produced
from synthesis pervasive copies.
The decrypted class keys are only held in memory, so they’re lost if the device is rebooted.
Additionally, as previously described, the Secure Enclave will discard the keys after 48 hours
or 5 failed Touch ID recognition attempts.
Decrypted
9. Prevention
Fingerprint spoof prevention would better be based on intrinsic errors in the spoof-creation
process or on fingerprint features not present in latent prints (and become much harder to steal).
Examples of such spoof-detection features are air bubbles contained in the glue often used for
spoofs (white dots in left image) and minute details that are visible through a fingerprint sensor
but not in a latent print (black dots in right image).
Even by just comparing the density of white vs. black dots, sensors would challenge hackers to
Improve Their spoofing techniques.