or Connect
AppleInsider › Forums › Mobile › iPhone › Cryptographic certification could lead to wider iPhone use in government
New Posts  All Forums:Forum Nav:

Cryptographic certification could lead to wider iPhone use in government

post #1 of 16
Thread Starter 
Apple's iPhone might see wider adoption in government use, thanks to the recent validation of a cryptographic module for iOS.

crypto
via NIST Computer Security Division


Last week saw the National Institute of Standards and Technology's Computer Security Division granting FIPS 140-2 certification (via TUAW) to Apple iOS CoreCrypto Kernel Module v3.0. The Division tested the cryptographic module on an iPhone 4, iPhone 4S, and iPad running iOS 6.0.

"Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest," the division's report reads.

The iOS module met Level 1 of Federal Information Processing Standard 140-2, the lowest level of security, as it has no required physical security components beyond the standard production-grade iPhone components.

FIPS approval could open a path to wider adoption of the iPhone in government operations. The Department of Defense is said to be close already to approving devices running iOS 6 for use within its operations after conducting its own separate evaluation of the technology.
post #2 of 16

It's been possible to compile OpenSSL for iOS ever since Apple released the iPhone SDK (even without CoreCrypto), which means apps have been able to generate strong encryption keys for a long time now.

 
Reply
 
Reply
post #3 of 16
So the government doesn't want anyone listening to their phone calls?
Oh, the sad, sad irony.
post #4 of 16
@auxio The problem with compiling OpenSSL for iOS is that it doesn't allow the same level of compatibility using CoreCrypto does. CoreCrypto is built-in and can operate at a level OpenSSL can't (third-party apps have forced sandboxing). Just because OpenSSL has approved algorithms doesn't mean OpenSSL used within iOS has been approved. Checking http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm shows it hasn't. FIPS 140-2 certifies the operating modules within specific devices. Government agencies are required to abide by these certifications. OpenSSL with iOS does not appear to be certified, therefore, it doesn't pass government requirements.

Specific third-party applications that implement OpenSSL within iOS can be FIPS certified but this is done on a product by product basis. Now that half of the iOS CoreCrypto package has been certified, third-party applications can be written to use CoreCrypto and not have to go through FIPS certification. This means a lot to application developers and government users.
post #5 of 16
Quote:
Originally Posted by rob53 View Post

Specific third-party applications that implement OpenSSL within iOS can be FIPS certified but this is done on a product by product basis. Now that half of the iOS CoreCrypto package has been certified, third-party applications can be written to use CoreCrypto and not have to go through FIPS certification. This means a lot to application developers and government users.

 

Ah, I see.  Thanks for the clarification.

 

Given that the OpenSSL codebase is largely identical on all platforms, and open source, I'm surprised that it's not easier to just certify a given version of it on a number of platforms.  So that, if someone uses that version in their app, they simply need to prove it in order to be certified.

 

But anyways, looks like CoreCrypto is the way to go if/when I drop older iOS support in my apps.

 
Reply
 
Reply
post #6 of 16
Quote:
Originally Posted by rob53 View Post

Just because OpenSSL has approved algorithms doesn't mean OpenSSL used within iOS has been approved. Checking http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm shows it hasn't.

 

I checked http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747 and it seems that the OpenSSL FIPS module has been approved on iOS 5 (as well as a number of other platforms).

 
Reply
 
Reply
post #7 of 16
If I remember correctly, OpenSSL is, will or might be deprecated as of OS X 10.8/10.9 in favor of CoreCrypto, at least for cryptographic processes. I know CDSA was deprecated in 10.8. This used to be Apple's preferred cryptographic engine. CoreCrypto was developed first in iOS then was moved to OSX. OpenSSL does a lot of things but having a common Apple-built and maintained cryptographic kernel/engine makes a whole lot more sense going forward. Apple rarely uses open-source packages intact. They need to add all the hooks into the rest of OSX. OpenSSL delivered with OSX has always been behind in revisions. Apple stopped trying to patch Java in their Java JRE, relying on Oracle to fix all bugs and when they didn't shutting off browser access to try and protect users. I believe they are doing something similar with OpenSSL. If someone wants to use it, they have to compile it, something 99% of Apple's user base will never attempt.

I am not an Apple representative so please confirm what I am saving with your ADC contact.
post #8 of 16
I wonder if this would open an iPod-touch-based platform for loading crypto-keys into aircraft? That's be a huge step up from what they use now.
post #9 of 16
Quote:
Originally Posted by rob53 View Post

If I remember correctly, OpenSSL is, will or might be deprecated as of OS X 10.8/10.9 in favor of CoreCrypto, at least for cryptographic processes. I know CDSA was deprecated in 10.8. This used to be Apple's preferred cryptographic engine. CoreCrypto was developed first in iOS then was moved to OSX. OpenSSL does a lot of things but having a common Apple-built and maintained cryptographic kernel/engine makes a whole lot more sense going forward. Apple rarely uses open-source packages intact. They need to add all the hooks into the rest of OSX. OpenSSL delivered with OSX has always been behind in revisions. Apple stopped trying to patch Java in their Java JRE, relying on Oracle to fix all bugs and when they didn't shutting off browser access to try and protect users. I believe they are doing something similar with OpenSSL. If someone wants to use it, they have to compile it, something 99% of Apple's user base will never attempt.

I am not an Apple representative so please confirm what I am saving with your ADC contact.

 

Application developers are able to compile it and link it into their apps (most end users don't know/care whether an app uses OpenSSL or CoreCrypto under the hood).  Which also allows you to stay current and not rely on Apple for updates.

 

And given that all of the cryptographic algorithms are built right in to OpenSSL with very little reliance on what the operating system itself provides, it's near impossible for Apple to deprecate it unless they remove their UNIX/POSIX layer (highly unlikely given how much they market the strength and security a UNIX foundation provides for OS X).

 

The big benefit of using OpenSSL over CoreCrypto is that I can create an iOS app which, say, encrypts network traffic, and if I've been smart about how I do it, reuse that same encryption functionality on OS X, Windows, Android, Linux, etc.  Whereas, with CoreCrypto, you only get iOS and OS X out of the deal.  However, if it means potential app sales into government agencies with less hassle, porting the iOS version to use CoreCrypto shouldn't be too hard.

 
Reply
 
Reply
post #10 of 16
Quote:
Originally Posted by tyler82 View Post

So the government doesn't want anyone listening to their phone calls?
Oh, the sad, sad irony.

Where's the irony?
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #11 of 16
Quote:
Originally Posted by dasanman69 View Post

Where's the irony?

One could argue it's hypocrisy but it's hard to see how it's opposite of what one would expect. And I'm not sure I'd argue it's hypocrisy as citizens are also allowed to take measures to establish privacy via cryptography.
Edited by SolipsismX - 5/7/13 at 4:34pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #12 of 16
Quote:
Originally Posted by SolipsismX View Post

One could argue it's hypocrisy but it's hard to see how it's opposite of what one would expect. I'm not sure it's hypocrisy as citizens are also allowed to take measures to establish privacy via cryptography.

You'd think the OP considers the U.S government like the Stasi.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #13 of 16
Quote:
Originally Posted by Alexis View Post

I wonder if this would open an iPod-touch-based platform for loading crypto-keys into aircraft? That's be a huge step up from what they use now.

Oh c'mon, who doesn't love the old KYK-13? It sure beats the KOI-18 and EZ-Loader.
post #14 of 16
Dang. Doesn't include iPhone 5.
post #15 of 16
Quote:
Originally Posted by plovell View Post

Dang. Doesn't include iPhone 5.

Not necessarily. iOS6 was approved and that runs on iPhone5. The CoreCrypto Kernel module was tested on iPhone4s (the latest model available when module submitted for approval). Page 9 of the security policy states: "There are no hardware components within the cryptographic module boundary." To me this means iOS6 was all that was approved and anything that runs iOS6 is approved.

 

see cert #1944 http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm

post #16 of 16

Nah. The approval specifically calls out iPhone 4 and 4S. The certification is valid only for the hardware/software combo.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Cryptographic certification could lead to wider iPhone use in government
AppleInsider › Forums › Mobile › iPhone › Cryptographic certification could lead to wider iPhone use in government