PINDROP BLOG

Apple to Detail iOS 10 Security at Black Hat

Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week.

The company’s head of security engineering and architecture will present a talk that outlines the functionality of the mechanisms, including HomeKit, the company’s smart home controller, and iCloud Keychain, which stores users’ critical security data, such as passwords and payment information. The talk will also go into detail on some existing technologies, such as Secure Enclave, but the focus will be on the new additions in iOS 10, which is due later this year.

“HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user’s home, the ability to unlock a user’s Mac from an Apple Watch, and the user’s passwords and credit card information, respectively,” the description of the talk by Ivan Kristic says.

“We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.”

The company typically says very little publicly about the security underpinnings of iOS.

This is the second time an Apple security engineer has given such a talk, with the first one coming in 2012. The company typically says very little publicly about the security underpinnings of iOS or OS X, preferring to keep as much information as possible private. The 2012 talk didn’t deliver much in the way of detail, and was essentially just a reading of the company’s public white paper on iOS security. Kristic’s upcoming talk appear to be a step in a different direction, giving some insight into new security defenses rather than explaining existing ones.

In addition to the details on HomeKit and, Auto Unlock, and iCloud Keychain, Kristic will talk about the role that the Secure Enclave Processor in the iPhone plays in its cryptographic operations.

“Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor,” the description says.

Kristic will speak on Thursday afternoon on the second day of the Black Hat briefings.