Apple details Touch ID and Secure Enclave tech in new security white paper

Posted:
in iPhone edited March 2014
An iOS security white paper published by Apple on Wednesday offers a deeper understanding of the company's Touch ID fingerprint sensing system and the so-called "Secure Enclave" found in the A7 SoC, both of which were introduced with the iPhone 5s.

Touch ID


The security document (PDF link) details a number of iOS hardware and software security protocols, including new information outlining how Touch ID and the Secure Enclave work together to keep user data safe. First spotted by TechCrunch, the white paper was published to Apple's "iPhone in Business" website.

According to the paper, the A7's Secure Enclave is actually a coprocessor built into Apple's latest system-on-a-chip design. With a secure boot sequence and software update mechanism separate from the application processor, the component is responsible for "all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised."
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
As for Touch ID, Apple notes the iPhone 5s-only technology reads fingerprints from any angle and continuously "learns" a user's fingerprint over time. The paper explains that the sensor expands the stored fingerprint map with each consecutive use by adding newly identified overlapping nodes.

When a user's finger contacts the capacitive steel ring surrounding the home button, the Touch ID sensor performs an 88-by-88-pixel, 500-ppi raster scan that is "temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis." The system is sensitive enough that the chance of a random match for one finger is 1 in 50,000.

Once processing and analysis is complete, the data is discarded and is never sent to iCloud, iTunes or Apple.

Explaining how the two technologies work together, Apple says data from the Touch ID module is transferred to the A7 chip via a peripheral interface bus and is subsequently forwarded to the Secure Enclave for decryption.

The application processor cannot read the raw Touch ID data, however, as it is encrypted and protected with a unique session key generated based on a shared key built into the fingerprint sensor and Secure Enclave. Session key exchange uses advanced encryption standard (AES) key wrapping on both ends and AES-CCM transport encryption to provide randomized key generation and enhanced protection.

Touch ID


Unlocking the iPhone 5s is a slightly different process, but uses the same shared secret and data protection key mechanisms:
On iPhone 5s with Touch ID turned on, the keys are not discarded when the device locks; instead, they're wrapped with a key that is given to the Touch ID subsystem. When a user attempts to unlock the device, if Touch ID recognizes the user's fingerprint, it provides the key for unwrapping the Data Protection keys and the device is unlocked. This process provides additional protection by requiring the Data Protection and Touch ID subsystems to cooperate in order to unlock the device.
Decryption keys are stored in memory, meaning the data will be deleted if a device is rebooted. This explains why users must re-enter their password when purchasing an item from the App Store or iTunes. Adding further protection, the Secure Enclave jettisons these keys after 48 hours or five failed Touch ID attempts.

Describing a Touch ID use case in purchasing digital content, Apple explains:
When users choose to authorize a purchase, authentication tokens are exchanged between the device and store. The token and nonce are held in the Secure Enclave. The nonce is signed with a Secure Enclave key shared by all devices and the iTunes Store.
Apple previously detailed a similar shared secret method of authentication in a patent filing pertaining to retail purchases.

The remainder of the white paper focuses on overall iOS security protocols with special attention given to app security layers.

«13

Comments

  • Reply 1 of 47
    With a secure boot sequence and software update mechanism separat from the application processor...

    I'm glad it is separat! Keeps hot food hot and cold foods cold. ;)
  • Reply 2 of 47
    solipsismxsolipsismx Posts: 19,566member
    Coincidence this white paper of a clearly superiour solution has come out right after Samsung introduces their S5 with a fingerprint sensor?
  • Reply 3 of 47
    chipsychipsy Posts: 287member

    I must say that a lot of thought went into this, it's a very well executed security measure. As it is described in the article I wouldn't say it's unhackable but it certainly is VERY difficult (actually the use of AES which is not without its flaws might be the biggest issue). But I think it's safe to say that the fingerprint fooling 'hack' is a lot easier than the software/hardware hack. Which says a lot.

  • Reply 4 of 47
    solipsismxsolipsismx Posts: 19,566member
    chipsy wrote: »
    I must say that a lot of thought went into this, it's a very well executed security measure. As it is described in the article I wouldn't say it's unhackable but it certainly is VERY difficult (actually the use of AES which is not without its flaws might be the biggest issue). But I think it's safe to say that the fingerprint fooling 'hack' is a lot easier than the software/hardware hack. Which says a lot.

    I'm sure Apple is aware of the limitations. I think their short-term intention was to get people who normally never use a 4-digit PIN to secure their device to have some security. I think this nails it in one of the few examples of increased security actually being more of a convenience than the previous method.

    I've even enabled the complex passcode option so I get the full keyboard when I restart my iPhone 5S. And even if one doesn't want to go that route but would instead just use the dial pad with a longer (or shorter) PIN they can do that too by enabling the complex passcode option. Previously, when you enabled that option and only used numbers you would still get the QWERTY keyboard on screen.
  • Reply 5 of 47
    Quote:
    Originally Posted by SolipsismX View Post



    Coincidence this white paper of a clearly superiour solution has come out right after Samsung introduces their S5 with a fingerprint sensor?



    I posed the question about how Samsung plans to secure the fingerprint data on this site yesterday, and I've seen similar questions popping up on other articles about the Galaxy S5. Samsung has made a big deal out of having their fingerprint reader available to third party apps, including an announced alliance with PayPal. But, they have not made any details available concerning security. Features like showing the fingerprint scan on-screen as you swipe might add flashiness, but it certainly doesn't give me any confidence in how well Samsung might have secured the fingerprint data.

     

    The iOS security paper does a good job of explaining the steps that Apple has taken to secure the fingerprint data using Secure Enclave.  It burnishes Apple's message that it takes fingerprint data security seriously, and muddies the waters a bit over what security shortcuts Samsung might be taking in filling out its feature checklist.

     

    But, I think the timing of the paper (which was actually dated February 14) is actually more in line with the iOS 7.0.6 release, and the fallout from the SSL vulnerability.  TechCrunch spotted it today, but who knows when Apple actually posted the paper to their website.

  • Reply 6 of 47
    chipsychipsy Posts: 287member
    Quote:

    Originally Posted by SolipsismX View Post





    I'm sure Apple is aware of the limitations. I think their short-term intention was to get people who normally never use a 4-digit PIN to secure their device to have some security. I think this nails it in one of the few examples of increased security actually being more of a convenience than the previous method.



    I've even enabled the complex passcode option so I get the full keyboard when I restart my iPhone 5S. And even if one doesn't want to go that route but would instead just use the dial pad with a longer (or shorter) PIN they can do that too by enabling the complex passcode option. Previously, when you enabled that option and only used numbers you would still get the QWERTY keyboard on screen.

    I'm sure they are, and let's be honest nothing will ever be 100% secure. But I must say I'm impressed by the measures they took. It's very well thought out and executed.

  • Reply 7 of 47

    The NSA hates this

  • Reply 8 of 47
    maestro64maestro64 Posts: 5,043member

    This is why the apple solution will work better than the solution which were out before this and the new Samsung me too solution. We all know that Samsung did not build in a processor to make their solution work they are using the same processor that does everything else and when it is busy dealing with android overhead it will not respond and let you unlock the phone.

  • Reply 9 of 47
    maestro64maestro64 Posts: 5,043member

    Security depend on who you are trying to keep out. If you are trying to keep the ever day person out what they did works, if you have enough knowledge, resource and time, you are getting in. Remember 128 bit encryption was good enough and required lots of time and computing power to krack it. But when computer got faster it does not take as long using the pure brute force method.

  • Reply 10 of 47
    chipsychipsy Posts: 287member
    Quote:
    Originally Posted by Maestro64 View Post

     

    Security depend on who you are trying to keep out. If you are trying to keep the ever day person out what they did works, if you have enough knowledge, resource and time, no you are getting in. Remember 128 bit encryption was good enough and required lots of time and computing power to krack it. But when computer got faster it does not take as long using the pure brute force method.




    Exactly right. That's what I stated in an earlier post as well. The AES encryption probably is its weakest point. Nothing will ever be 100% secure but I must say that I am rather impressed by the measures Apple took here.

  • Reply 10 of 47
    sflocalsflocal Posts: 6,092member
    Quote:

    Originally Posted by SolipsismX View Post



    Coincidence this white paper of a clearly superiour solution has come out right after Samsung introduces their S5 with a fingerprint sensor?



    I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.

  • Reply 12 of 47
    dreyfus2dreyfus2 Posts: 1,072member
    Quote:

    Originally Posted by sflocal View Post

     

    I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.


     

    A fingerprint scanning solution that requires two hands, a pretty exact motion and still fails more often than not will not be used after day one. Can't get more secure than that.

  • Reply 13 of 47
    chipsychipsy Posts: 287member
    Quote:

    Originally Posted by sflocal View Post

     



    I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.


    At first Apple also didn't detail their security measures either so don't know if that is an indication of bad security persé. I know they said that it was encrypted and secured locally but no further details were given. I guess if PayPal agreed to the integration it will be 'secure enough' but if it goes as far as this I have no idea...

  • Reply 14 of 47
    solipsismxsolipsismx Posts: 19,566member
    maestro64 wrote: »
    Security depend on who you are trying to keep out. If you are trying to keep the ever day person out what they did works, if you have enough knowledge, resource and time, no you are getting in. Remember 128 bit encryption was good enough and required lots of time and computing power to krack it. But when computer got faster it does not take as long using the pure brute force method.
    chipsy wrote: »

    Exactly right. That's what I stated in an earlier post as well. The AES encryption probably is its weakest point. Nothing will ever be 100% secure but I must say that I am rather impressed by the measures Apple took here.

    Is that really a concern when the path for the 256-bit AES is so short? Wouldn't one already have to have access to the device and have it apart to even begin to grab any of the encrypted data being sent between the Touch ID sensor and secure enclave? I'd think there would be better and fasters ways to get access to someone's phone. Even a social hack solution to get access to someone's iCloud contacts, calendar, emails, iPhone backups, etc. seems like it would be easier and could be done from a half-a-world away.

    sflocal wrote: »
    I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.

    Has Samsung stated that their fingerprint sensor adds security or did they only tout it as a convenience feature, or worse, just state it as a feature.


    edit: If they are allowing PayPal and other apps to use it in lieu of a password that's proof enough to me they are pushing this as a security feature, not just a convenience feature.
  • Reply 15 of 47
    dreyfus2dreyfus2 Posts: 1,072member
    Quote:

    Originally Posted by Chipsy View Post

     

    I guess if PayPal agreed to the integration it will be 'secure enough' but if it goes as far as this I have no idea...


     

    Well, without saying it's not (no idea), that is not really conclusive. Yes, ideally third party clients will not have any access to the finger print data, but just call an API that returns a token, or releases a stored account password from whatever the keychain is called in Android when a matching print is being supplied.

     

    For a payment solution provider this is not about fingerprint security, it is about authentication and in how far a solution is more or less secure than a simple password. Fulfilling that requirement does not say anything about the security of the fingerprint on the device. And that is really the critical point, as you can always change a password, but have a limited supply of fingers.

  • Reply 16 of 47
    chipsychipsy Posts: 287member
    Quote:

    Originally Posted by SolipsismX View Post







    Is that really a concern when the path for the 256-bit AES is so short? Wouldn't one already have to have access to the device and have it apart to even begin to grab any of the encrypted data being sent between the Touch ID sensor and secure enclave? I'd think there would be better and fasters ways to get access to someone's phone. Even a social hack solution to get access to someone's iCloud contacts, calendar, emails, iPhone backups, etc. seems like it would be easier and could be done from a half-a-world away.

    Has Samsung stated that their fingerprint sensor adds security or did they only tout it as a convenience feature, or worse, just state it as a feature.





    edit: If they are allowing PayPal and other apps to use it in lieu of a password that's proof enough to me they are pushing this as a security feature, not just a convenience feature.



    There is no doubt that a social hack is easier than this one. I guess you didn't read my first post as I described the security as not unhackable but VERY difficult and the fingerprint fooling 'hack' as the much easier solution (which says a lot, as it was not easy by any means). I was just confirming that in this configuration the AES encryption is the weakest point, the point you could attack if you get access to it.

  • Reply 17 of 47
    Quote:
    Originally Posted by SolipsismX View Post





    I'm sure Apple is aware of the limitations. I think their short-term intention was to get people who normally never use a 4-digit PIN to secure their device to have some security. I think this nails it in one of the few examples of increased security actually being more of a convenience than the previous method.

    To me, the simplicity of TouchID is its strongest suit, and this convenience has dramatically increased the proportion of iPhone owners securing their devices (if we believe the surveys of iPhone 5s owners). As an example, I use my phone with a car mount for streaming iTunes Match in the car.  TouchID allows me to unlock the phone in one step without taking my eyes off the road.  If not for TouchID, I very well might have chosen not to secure my phone, because no way would I want to constantly enter a passcode while driving. 

     

    Even if TouchID's level of security was no better than a four-digit PIN, it would still be a major improvement for the iOS ecosystem simply because so many more people actually use it.  I suspect that Apple has much bigger plans for TouchID, which would explain why they have taken so many steps to secure the fingerprint data.

     

    Quote:

    Originally Posted by sflocal


     


     I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.


     

    Recall how the tech press howled when they found that TouchID could be fooled using a pristine finger print and "several hours and ... over a thousand dollars worth of equipment including a high resolution camera and laser printer"?  Considering how half-baked so many of Samsung's much-touted "innovations" turn out in real world usage, I don't have a lot of confidence in their approach being secure enough to gain a foothold with mobile payments, especially since I don't think the API would be used by other Android phones. 

     

    If it was just a more convenient substitute for passcodes or gestures, compromising the fingerprint data wouldn't be as big a deal.  But, Samsung plans to use this with PayPal payments and third party mobile apps, so we're talking about some serious security needs.  Are they up to the task?  We'll find out soon enough. That is IF the tech press chooses to scrutinize Samsung as closely as they do with Apple.

  • Reply 18 of 47
    Quote:

    Originally Posted by sflocal View Post

     



    I'm curious why Samsung hasn't stepped-up (manned-up) and explain to us how "secure" their fingerprint scanning solution is.  I'll bet that Samsung simply half-a$$ed their solution just to get their S5 into market.  Expect it to be broken or compromised soon.


     

    I expect that the finger-print sensor will cease to work in short order, making it another whoop-de-doo at sales and a whoops after a few months of use... further distancing Samsung from Apple, but in the wrong direction. :D

  • Reply 19 of 47
    chipsychipsy Posts: 287member
    Quote:
    Originally Posted by dreyfus2 View Post

     

     

    Well, without saying it's not (no idea), that is not really conclusive. Yes, ideally third party clients will not have any access to the finger print data, but just call an API that returns a token, or releases a stored account password from whatever the keychain is called in Android when a matching print is being supplied.

     

    For a payment solution provider this is not about fingerprint security, it is about authentication and in how far a solution is more or less secure than a simple password. Fulfilling that requirement does not say anything about the security of the fingerprint on the device. And that is really the critical point, as you can always change a password, but have a limited supply of fingers.


    What you say could be perfectly right. I assume that PayPal would take into account that if the fingerprint was stolen it could be used for unauthorized transactions (and therefor be also a problem for them). Giving them reason to also be concerned by the storage of the fingerprint on the device itself. We won't know that until the security is fully detailed (but that took a while for Apple as well).

     

    Your last sentence really is a problem of fingerprint scanners used for security in general.

  • Reply 20 of 47
    Quote:

    Originally Posted by Chipsy View Post

     

    I guess if PayPal agreed to the integration it will be 'secure enough' but if it goes as far as this I have no idea...


     

    PayPal may have required Samsung's management to post a bond that can be used if the security is breached, due to poor design or not.

Sign In or Register to comment.