Re: [Fed-Talk] iOS File Erase question
Re: [Fed-Talk] iOS File Erase question
- Subject: Re: [Fed-Talk] iOS File Erase question
- From: "Marcus, Allan B" <email@hidden>
- Date: Fri, 12 Dec 2014 23:35:02 +0000
- Thread-topic: [Fed-Talk] iOS File Erase question
On flash storage you generally cannot overwrite specific files due to
wear-leveling.
--
Thanks,
Allan Marcus
Chief IT Architect
Los Alamos National Laboratory
505-667-5666
email@hidden
If you always do what you always did, you will always get what you always
got. [Albert Einstein]
On 12/12/14, 2:39 PM, "Beatty, Daniel D CIV NAVAIR, 474300D"
<email@hidden> wrote:
>Greetings Allen,
>You make a good point. I think a good practice for military grade
>software would be to zero out the freed up space. Unfortunately, I
>don¹t know if there is a best practices implementation that allows this
>kind of thing (the proverbial clean the lent from the dryer when you are
>done, even when you are in a laundry mat).
>
>V/R,
>
>Daniel Beatty, Ph.D.,
>IEEE Certified Software Development Professional (CSDP)
>Computer Scientist
>Code 474300D
>1 Administration Circle. M/S 1109
>China Lake, CA 93555
>email@hidden
>(760)939-7097
>
>
>
>
>
>-----Original Message-----
>From: fed-talk-bounces+daniel.beatty=email@hidden
>[mailto:fed-talk-bounces+daniel.beatty=email@hidden] On
>Behalf Of Marcus, Allan B
>Sent: Friday, December 12, 2014 12:53 PM
>To: Shawn A. Geddis
>Cc: Fed Talk
>Subject: Re: [Fed-Talk] iOS File Erase question
>
>Thanks Shawn.
>
>
>I got all that, but what is not explained explicitly is what happen if
>you delete one file, not erase all content and settings. If I erase a
>file on my Mac (or PC), the inode directory entry is removed, but the
>content is still there and can be ³undeleted². In iOS, what happens if a
>file (or mail message) is deleted? Is the inode entry removed? Is the
>per-file key deleted from Effaceable Storage? If the key is removed, can
>it be recovered or recalculated, or is that key gone forever and
>therefore no way to access the file?
>
>--
>Thanks,
>
>Allan Marcus
>Chief IT Architect
>Los Alamos National Laboratory
>505-667-5666
>email@hidden
>
>If you always do what you always did, you will always get what you always
>got. [Albert Einstein]
>
>From: "Shawn A. Geddis" <email@hidden>
>Date: Friday, December 12, 2014 at 10:20 AM
>To: Allan Marcus <email@hidden>
>Cc: Fed Talk <email@hidden>
>Subject: Re: [Fed-Talk] iOS File Erase question
>
>
>
> On Dec 12, 2014, at 11:26 AM, Marcus, Allan B <email@hidden> wrote:
> From what I understand, each file in iOS is encrypted with its own key,
>then wrapped in a series of additional keys based on protection class and
>tied to the hardware key. I understand how a device reset destroys the
>keys and the data on the device is rendered unrecoverable. What I¹m
>trying to understand is how a ³file² erase works. I cannot find any
>information about that in the iOS security guide.
>
>
> Is there any documentation on what happens if a user deletes a file (or
>an app, which deletes all the associated files)? What about one message
>from mail? Is each message store in one file?
>
>
>
> Allan,
>
>
> Here is a brief attempt to explain what you ask about and what others
>may not understand, but have not asked.
>
>
> If you carefully read pg10 of the iOS Security document, you will
>understand how this is done for each level of the key hierarchy and more
>specifically for the per-file key you ask about:
>
>
>
> Architecture overview
>
> Every time a file on the data partition is created, Data Protection
>creates a new 256-bit key (the ³per-file² key) and gives it to the
>hardware AES engine, which uses the key to encrypt the file as it is
>written to flash memory using AES CBC mode. The initialization vector
>(IV) is calculated with the block offset into the file, encrypted with
>the SHA-1 hash of the per-file key.
>
> The per-file key is wrapped with one of several class keys, depending
>on the circumstances under which the file should be accessible. Like all
>other wrappings, this is performed using NIST AES key wrapping, per RFC
>3394. The wrapped per-file key is stored in the file¹s metadata.
>
> When a file is opened, its metadata is decrypted with the file system
>key, revealing the wrapped per-file key and a notation on which class
>protects it. The per-file key is unwrapped with the class key, then
>supplied to the hardware AES engine, which decrypts the file as it is
>read from flash memory.
>
> The metadata of all files in the file system is encrypted with a random
>key, which is created when iOS is first installed or when the device is
>wiped by a user. The file system key is stored in Effaceable Storage.
>Since it¹s stored on the device, this key is not used to maintain the
>confidentiality of data; instead, it¹s designed to be quickly erased on
>demand (by the user, with the ³Erase all content and settings² option, or
>by a user or administrator issuing a remote wipe command from a mobile
>device management (MDM) server, Exchange ActiveSync, or iCloud). Erasing
>the key in this manner renders all files cryptographically inaccessible.
>
> The content of a file is encrypted with a per-file key, which is
>wrapped with a class key and stored in a file¹s metadata, which is in
>turn encrypted with the file system key. The class key is protected with
>the hardware UID and, for some classes, the user¹s passcode. This
>hierarchy provides both flexibility and performance. For example,
>changing a file¹s class only requires rewrapping its per-file key, and a
>change of passcode just rewraps the class key.
>
>
>
> On pg 9 sidebar, you will can also read the following:
>
> Erase all content and settings
>
> The ³Erase all content and settings² option in Settings obliterates all
>the keys in Effaceable Storage, rendering all user data on the device
>cryptographically inaccessible. Therefore, it¹s an ideal way to be sure
>all personal information is removed from a device before giving it to
>somebody else or returning it for service. Important: Do not use the
>³Erase all content and settings² option until the device has been backed
>up, as there is no way to recover the erased data.
>
>
>
>
>
>
>
> The iOS Security document can be found from multiple paths with some of
>those being
>
>
>
> http://www.apple.com/privacy/privacy-built-in/
> http://www.apple.com/ipad/business/it/security.html
> http://www.apple.com/iphone/business/it/security.html
>
>
>
>
>
> The current version of the document (October 2014; iOS 8.1 or later) can
>be found here directly here:
>
> http://images.apple.com/business/docs/iOS_Security_Guide_Oct_2014.pdf
>
>
>
>
>
>
>
> Hopefully, this highlights the sentences that clearly articulate what
>you need.
>
>
> - Shawn
> _____________________________
> Shawn Geddis
> Security and Certifications Engineer
> • Platform Security / CoreOS
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden