IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

Slides:



Advertisements
Similar presentations
User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
Advertisements

McAfee One Time Password
3SKey 3SKey.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Digital Certificate Installation & User Guide For Class-2 Certificates.
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
1 Integrating ISA Server and Exchange Server. 2 How works.
Offsite Backups. The purpose of this Startup Guide is to familiarize you with Own Web Now's Offsite Backup offering and show you how to purchase, deploy.
Certificate and Key Storage Tokens and Software
Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Windows XP tests at DESY Henner Bartels W2K HTASC Coordination Committee CERN, December 3 rd – 4 th.
Presentation By Deepak Katta
CAEL 5012 Rich Internet Applications. What you need For this part of the course you will need access to a server with PHP and MYSQL which will be supplied.
Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Adding Multimedia Extensions to X.509 Certificates Nicholis Bufmack CS 525 – Spring 2008.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.
The Basics  Operating systems (OS) can help computer users do many things, like managing and manipulating files and folders.  Operating systems also.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Trusted Computing Platform Alliance
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
QuickBooks, hosted by Reckon Online Catie Cotcher.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Visualizing Technology© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation To Accompany Chapter 6 System Software.
Martin Nicolay SyncML Client for c´man Framework for Symbian devices
© Paradigm Publishing Inc. 4-1 OPERATING SYSTEMS.
Ryan Hemmy.  The ultimate goal is to create a single efficient and lightweight program that both unifies features of existing programs and offers unique.
How do I use my Ebooks? Nursing 100 Fall So what’s so great about an Ebook? They are inexpensive Environmentally friendly Lighter to carry Offer.
SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.
Introduction TO Network Administration
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Secure Mobile Development with NetIQ Access Manager
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
2Operating Systems  Program that runs on a computer  Manages hardware resources  Allows for execution of programs  Acts as an intermediary between.
Secure, verifiable online voting 29 th June 2016.
CLOUDENTIFY.
 itunes is a kind of media player, media library and a online radio broadcaster and it is developed by the Apple inc.  Through the itunes user can.
Security and Encryption
Holy Quran Application
CS691 M2009 Semester Project PHILIP HUYNH
The Internet of Things (IoT)
Enterprise Single Sign-On
Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.
APPLE TWO STEP VERIFICATION CHANGE PHONE NUMBER Please read the following presentation on any help on Apple two step verification change phone number.
CS691 M2009 Semester Project PHILIP HUYNH
CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov
A mobile single sign-on system
Public Key Infrastructure from the Most Trusted Name in e-Security
Two factor Authentication
Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14 Presented by: Mike Hendrick VP Product Sequitur Labs.
PLANNING A SECURE BASELINE INSTALLATION
Writing for Cloud Tools, Process, & D
Presentation transcript:

iPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009

Presentation Outline Mobile security issues The iPhone KeyChain Authentication Certificate storage Code signing and publisher verification Final Comments References

Mobile Security Issues: The Problem Mobile devices can connect to the internet. This brings with it the same problems as more traditional computing. Additionally, more and more mobile devices allow users to download and install custom applications. With both issues in mind, the developer must have a clear security solution in mind while simultaneously considering issues of limited processing power and memory.

Mobile Security Issues: The Problem (continued) Traditional approach includes authentication services, keys, and certificates, as well as traditional shared key encryption. Different developers using custom mechanisms leads to potential security gaps and management problems. Most efficient approach is to have a shared repository for security tokens and a API for interfacing with the token library.

The iPhone Keychain 13.7 million iPhones sold in 2008 iPhone OS is based on the Mac OS X Security is handled by the Security Framework The storage for passwords, accounts, certificates, and keys is called the Keychain. On the Mac, the Keychain can be easily accessed to add, delete, and modify security tokens.

The iPhone Keychain (continued)

Security tokens are stored by Keychain Keychains allow security tokens to be stored in logical groupings Everyone has a login, system, and system store Keychain One Keychain must be the default. This is the first place an application usually looks for a security token. Within a Keychain, tokens are categorized.

Authentication The Keychain can act as a simple password/username repository keyed on the application or service. The Keychain can also act as an intermediary agent presenting authentication credentials on behalf of a user, service, or application. Authentication tokens within the Keychain are encrypted.

Certificate Storage The Keychain supports X.509 certificate storage. RSA encryption Key storage and use Many helper functions exist to ease development Root certificates are stored enabling verification of certificate chains.

Code Signing and Publisher Verification Code signing allows a software publisher to sign code for installation. Users of the software can then validate the identity of the publisher before installation. Useful for controlling proliferation of malware. Signing is based on presentation of a developer's certificate. Extra steps for Apple developers if they want to test on a device!

Final Comments The Keychain API is powerful and robust, but may be daunting to the novice. Those familiar with the OpenSSL library will have an easier time of it. In fact, it's easy to port algorithms from OpenSSL to the Keychain API. Implementations are somewhat different from platform to platform: what works on the Mac may need to be modified slightly for the iPhone.

References Apple Developer Connection. Talukder, Asoke and Roopa Yavagal Mobile Computing. New York: McGraw-Hill Professional