Cryptographic certification could lead to wider iPhone use in government
Apple's iPhone might see wider adoption in government use, thanks to the recent validation of a cryptographic module for iOS.
Last week saw the National Institute of Standards and Technology's Computer Security Division granting FIPS 140-2 certification (via TUAW) to Apple iOS CoreCrypto Kernel Module v3.0. The Division tested the cryptographic module on an iPhone 4, iPhone 4S, and iPad running iOS 6.0.
"Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest," the division's report reads.
The iOS module met Level 1 of Federal Information Processing Standard 140-2, the lowest level of security, as it has no required physical security components beyond the standard production-grade iPhone components.
FIPS approval could open a path to wider adoption of the iPhone in government operations. The Department of Defense is said to be close already to approving devices running iOS 6 for use within its operations after conducting its own separate evaluation of the technology.
Last week saw the National Institute of Standards and Technology's Computer Security Division granting FIPS 140-2 certification (via TUAW) to Apple iOS CoreCrypto Kernel Module v3.0. The Division tested the cryptographic module on an iPhone 4, iPhone 4S, and iPad running iOS 6.0.
"Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest," the division's report reads.
The iOS module met Level 1 of Federal Information Processing Standard 140-2, the lowest level of security, as it has no required physical security components beyond the standard production-grade iPhone components.
FIPS approval could open a path to wider adoption of the iPhone in government operations. The Department of Defense is said to be close already to approving devices running iOS 6 for use within its operations after conducting its own separate evaluation of the technology.
Comments
It's been possible to compile OpenSSL for iOS ever since Apple released the iPhone SDK (even without CoreCrypto), which means apps have been able to generate strong encryption keys for a long time now.
Oh, the sad, sad irony.
Specific third-party applications that implement OpenSSL within iOS can be FIPS certified but this is done on a product by product basis. Now that half of the iOS CoreCrypto package has been certified, third-party applications can be written to use CoreCrypto and not have to go through FIPS certification. This means a lot to application developers and government users.
Quote:
Originally Posted by rob53
Specific third-party applications that implement OpenSSL within iOS can be FIPS certified but this is done on a product by product basis. Now that half of the iOS CoreCrypto package has been certified, third-party applications can be written to use CoreCrypto and not have to go through FIPS certification. This means a lot to application developers and government users.
Ah, I see. Thanks for the clarification.
Given that the OpenSSL codebase is largely identical on all platforms, and open source, I'm surprised that it's not easier to just certify a given version of it on a number of platforms. So that, if someone uses that version in their app, they simply need to prove it in order to be certified.
But anyways, looks like CoreCrypto is the way to go if/when I drop older iOS support in my apps.
Quote:
Originally Posted by rob53
Just because OpenSSL has approved algorithms doesn't mean OpenSSL used within iOS has been approved. Checking http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm shows it hasn't.
I checked http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747 and it seems that the OpenSSL FIPS module has been approved on iOS 5 (as well as a number of other platforms).
I am not an Apple representative so please confirm what I am saving with your ADC contact.
Quote:
Originally Posted by rob53
If I remember correctly, OpenSSL is, will or might be deprecated as of OS X 10.8/10.9 in favor of CoreCrypto, at least for cryptographic processes. I know CDSA was deprecated in 10.8. This used to be Apple's preferred cryptographic engine. CoreCrypto was developed first in iOS then was moved to OSX. OpenSSL does a lot of things but having a common Apple-built and maintained cryptographic kernel/engine makes a whole lot more sense going forward. Apple rarely uses open-source packages intact. They need to add all the hooks into the rest of OSX. OpenSSL delivered with OSX has always been behind in revisions. Apple stopped trying to patch Java in their Java JRE, relying on Oracle to fix all bugs and when they didn't shutting off browser access to try and protect users. I believe they are doing something similar with OpenSSL. If someone wants to use it, they have to compile it, something 99% of Apple's user base will never attempt.
I am not an Apple representative so please confirm what I am saving with your ADC contact.
Application developers are able to compile it and link it into their apps (most end users don't know/care whether an app uses OpenSSL or CoreCrypto under the hood). Which also allows you to stay current and not rely on Apple for updates.
And given that all of the cryptographic algorithms are built right in to OpenSSL with very little reliance on what the operating system itself provides, it's near impossible for Apple to deprecate it unless they remove their UNIX/POSIX layer (highly unlikely given how much they market the strength and security a UNIX foundation provides for OS X).
The big benefit of using OpenSSL over CoreCrypto is that I can create an iOS app which, say, encrypts network traffic, and if I've been smart about how I do it, reuse that same encryption functionality on OS X, Windows, Android, Linux, etc. Whereas, with CoreCrypto, you only get iOS and OS X out of the deal. However, if it means potential app sales into government agencies with less hassle, porting the iOS version to use CoreCrypto shouldn't be too hard.
Where's the irony?
One could argue it's hypocrisy but it's hard to see how it's opposite of what one would expect. And I'm not sure I'd argue it's hypocrisy as citizens are also allowed to take measures to establish privacy via cryptography.
You'd think the OP considers the U.S government like the Stasi.
Oh c'mon, who doesn't love the old KYK-13? It sure beats the KOI-18 and EZ-Loader.
Quote:
Originally Posted by plovell
Dang. Doesn't include iPhone 5.
Not necessarily. iOS6 was approved and that runs on iPhone5. The CoreCrypto Kernel module was tested on iPhone4s (the latest model available when module submitted for approval). Page 9 of the security policy states: "There are no hardware components within the cryptographic module boundary." To me this means iOS6 was all that was approved and anything that runs iOS6 is approved.
see cert #1944 http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm
Nah. The approval specifically calls out iPhone 4 and 4S. The certification is valid only for the hardware/software combo.