iOS Encryption

 

 
SoS Logo

iOS Encryption

 

The proliferation and increased capability of “smartphones” have also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to Apple’s iOS operating system. The work was presented over a period of several years.



P. Teufl, T. Zefferer, C. Stromberger, and C. Hechenblaikner, “iOS Encryption Systems: Deploying iOS Devices in Security-Critical Environments,” Security and Cryptography (SECRYPT), 2013 International Conference on, Reykjavik, Iceland, 2013, pp. 1-13. doi: (not provided)
Abstract: The high usability of smartphones and tablets is embraced by consumers as well as the private and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are the encryption systems, which are deployed in most current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered by the security officer. As the first part in a series of papers, this work analyzes the deployment of the iOS platform and its encryption systems within a security-critical context from a security officer’s perspective. Thereby, the different sub-systems, the influence of the developer, the applied configuration, and the susceptibility to various attacks are analyzed in detail. Based on these results we present a workflow that supports the security officer in analyzing the security of an iOS device and the installed applications within a security-critical context. This workflow is supported by various tools that were either developed by ourselves or are available from other sources.
Keywords: Context; Encryption; Malware; Mobile handsets; Bring-Your-Own-Device; Encryption; Mobile Device Management; Mobile Devices; Risk Analysis; Security Analysis; Smartphone Security; iOS (ID#: 16-10834)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7223165&isnumber=7223120

 

I. B. Cioc, M. Jurian, I. Lita, and R. M. Teodorescu, “A Method for Increasing Security in Electronic Communication Services Based on Text Messages Communication,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. AE-23-AE-26. doi:10.1109/ECAI.2015.7301181
Abstract: This paper presents a method used for increasing the security of sending text messages using public text communication services like email and SMS. It uses text encryption before sending the message through email or mobile phone (SMS), so, even the message is received and viewed by another unauthorized person, it cannot be understood. The application was implemented in LabVIEW and can be used for sending encrypted text email between two or more users, using public email services. For encryption, the proposed application uses text encryption methods like symmetrical and asymmetrical encryption, using private encryption key or private and public encryption key. For sending encrypted SMS using this application, the text message must be previously encrypted, and then the encrypted message will be copied to the text window of the application for sending SMS running on the mobile phone. A similar application can be also developed for mobile phones with operating systems like android, iOS, windows mobile, etc. This application can be used also with any text message service, like Yahoo Messenger, Facebook messenger, etc.
Keywords: operating systems (computers); private key cryptography; public key cryptography; smart phones; social networking (online); text analysis; LabVIEW; SMS; Yahoo Messenger; android; asymmetrical encryption; electronic communication services security;email; facebook messenger; iOS; mobile phones; operating systems; private encryption key; public encryption key; public text communication services; symmetrical encryption; text encryption methods; text messages; text window; windows mobile; Electronic mail; Encryption; Servers; Smart phones; text encription/decription; text message communication (ID#: 16-10835)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301181&isnumber=7301133

 

P. Teufl, A. Fitzek, D. Hein, A. Marsalek, A. Oprisnik, and T. Zefferer, “Android Encryption Systems,” Privacy and Security in Mobile Systems (PRISMS), 2014 International Conference on, Aalborg, 2014, pp. 1-8. doi:10.1109/PRISMS.2014.6970599
Abstract: The high usability of smartphones and tablets is embraced by consumers as well as the corporate and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform-selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are encryption systems, which are available in the majority of current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered when deploying mobile devices in security-critical environments. As the second part in a series of papers (the first part was on iOS), this work analyzes the deployment of the Android platform and the usage of its encryption systems within a security-critical context. For this purpose, Android’s different encryption systems are assessed and their susceptibility to different attacks is analyzed in detail. Based on these results a workflow is presented, which supports deployment of the Android platform and usage of its encryption systems within security-critical application scenarios.
Keywords: Android (operating system); cryptography; data protection; smart phones; Android encryption systems; Android platform deployment analysis; Apple; Blackberry; Google; Microsoft; RIM; attack susceptibility; consumer-oriented devices; data protection; device backups; iOS; mobile device sector; mobile devices; nonconsumer area; platform-selection process; security features; security-critical application scenarios; security-critical context; security-critical environments; smart phones; tablets; Androids; Encryption; Humanoid robots; Smart phones (ID#: 16-10836)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6970599&isnumber=6970591

 

M. S. Ahmad, N. E. Musa, R. Nadarajah, R. Hassan, and N. E. Othman, “Comparison Between Android and iOS Operating System in Terms of Security,” Information Technology in Asia (CITA), 2013 8th International Conference on, Kota Samarahan, 2013, pp. 1-4. doi:10.1109/CITA.2013.6637558
Abstract: This paper compares between android and iPhone Operating System (iOS) mobile operating systems (MOS) that available in the market which is more specific on the security issue. These issues are reportedly the concern of not only the mobile customers but also the software developers. In achieving security requirements, the MOS developers need to know how to achieve the criteria. The security requirements for MOS are Application Sandboxing, Memory Randomization, Encryption, Data Storage Format and Built-in Antivirus. Application sandboxing enforces permissions, privileges, directories, entitlements and kernel access for a mobile app. Memory randomization ensures that the memory regions of mobile application as well as system shared libraries are all randomized at device and application start-up. Encryption is performed on disk or filer/folder level and also at the interprocess communication level. It is difficult to speak in favor or against the android or the iOS operating system in terms of better security. The way of using the device plays a major role in determining the security level. In terms of storage, all data are stored in Data Storage Format. Data can be stored at internal storage or external storage. To protect the MOS from virus attacks, antivirus need to be installed for increasing security areas.
Keywords: cryptography; mobile computing; operating systems (computers); storage management; Android operating system; application sandboxing; built-in antivirus; data storage format; encryption; filer-folder level; iOS operating system; iPhone operating system; interprocess communication level; memory randomization; mobile application; mobile operating systems; security issue; security requirements; Androids; Encryption; Humanoid robots; Mobile communication; Operating systems; Smart phones; Android; MOS; iOS (ID#: 16-10837)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6637558&isnumber=6637544

 

Z.-Y. Cheah, Y. S. Lee, T.-Y. The, and J. J. Chin, “Simulation of a Pairing-Based Identity-Based Identification Scheme in IOS,” 2015 IEEE International Conference on Signal and Image Processing Applications (ICSIPA), Kuala Lumpur, 2015, pp. 298-303. doi:10.1109/ICSIPA.2015.7412208
Abstract: Pairing-based cryptography have begun to draw attention ever since the work of Boneh and Franklin in 2001 proposing the first identity-based encryption scheme using bilinear pairings. In 2010, Tan et al. developed a pairing library that has running times that is as competitive as Pairing-Based Crypto (PBC) library. However, since Tan et al’s pairing library was written in Java, it was not known to work for other platforms such as iOS. In this work, we adapt Tan et al’s Java library for iOS through the implementation of a pairing-based identity-based identification (IBI) scheme.
Keywords: Java; cryptography; iOS (operating system); IBI scheme; IOS; Java library; PBC library; bilinear pairings; identity-based encryption scheme; pairing-based crypto library; pairing-based cryptography; pairing-based identity-based identification scheme; Encryption; Identity-based encryption; Java; Libraries; Servers (ID#: 16-10838)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7412208&isnumber=7412141

 

A. Shortall and M. A. Hannan Bin Azhar, “Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms,” 2015 Sixth International Conference on Emerging Security Technologies (EST), Braunschweig, Germany, 2015, pp. 13-17. doi:10.1109/EST.2015.16
Abstract: Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.
Keywords: Data mining; Forensics; Mobile communication; Operating systems; Oxygen; Smart phones; Android; Forensic tools; Live data forensics; Mobile forensics; WhatsApp forensics; Windows Phone; iOS (ID#: 16-10839)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7429264&isnumber=7429252

 

K. Naito, K. Mori, H. Kobayashi, K. Kamienoo, H. Suzuki, and A. Watanabe, “End-to-End IP Mobility Platform in Application Layer for iOS and Android OS,” Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, Las Vegas, NV, 2014, pp. 92-97. doi:10.1109/CCNC.2014.6866554
Abstract: Smartphones are a new type of mobile devices that users can install additional mobile software easily. In the almost all smartphone applications, client-server model is used because end-to-end communication is prevented by NAT routers. Recently, some smartphone applications provide real time services such as voice and video communication, online games etc. In these applications, end-to-end communication is suitable to reduce transmission delay and achieve efficient network usage. Also, IP mobility and security are important matters. However, the conventional IP mobility mechanisms are not suitable for these applications because most mechanisms are assumed to be installed in OS kernel. We have developed a novel IP mobility mechanism called NTMobile (Network Traversal with Mobility). NTMobile supports end-to-end IP mobility in IPv4 and IPv6 networks, however, it is assumed to be installed in Linux kernel as with other technologies. In this paper, we propose a new type of end-to-end mobility platform that provides end-to-end communication, mobility, and also secure data exchange functions in the application layer for smartphone applications. In the platform, we use NTMobile, which is ported as the application program. Then, we extend NTMobile to be suitable for smartphone devices and to provide secure data exchange. Client applications can achieve secure end-to-end communication and secure data exchange by sharing an encryption key between clients. Users also enjoy IP mobility which is the main function of NTMobile in each application. Finally, we confirmed that the developed module can work on Android system and iOS system.
Keywords: Android (operating system); IP networks; client-server systems; cryptography; electronic data interchange; iOS (operating system); real-time systems; smart phones; Android OS; IPv4 networks; IPv6 networks; Linux kernel; NAT routers; NTMobile; OS kernel; application layer; client-server model; encryption key; end-to-end IP mobility platform; end-to-end communication; iOS system; network traversal with mobility; network usage; real time services; secure data exchange; smartphones; transmission delay; Authentication; Encryption; Manganese; Relays; Servers (ID#: 16-10840)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866554&isnumber=6866537

 

I. Mohamed and D. Patel, “Android vs iOS Security: A Comparative Study,” Information Technology – New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, pp. 725-730. doi:10.1109/ITNG.2015.123
Abstract: The massive adoption of mobile devices by individuals as well as by organizations has brought forth many security concerns. Their significant abilities have resulted in their permeating use while correspondingly increasing their attractiveness as targets for cybercriminals. Consequently, mobile device vendors have increasingly focused on security in their design efforts. However, present security features might still be insufficient to protect users’ assets. In this paper, factors that influence security within the two leading mobile platforms, Android and iOS, are presented and examined to promote discussion while studying them under one umbrella. We consider various factors that influence security on both platforms, such as application provenance, application permissions, application isolation, and encryption mechanisms.
Keywords: Android (operating system); cryptography; iOS (operating system); mobile computing; mobile handsets; organisational aspects; Android security; application isolation; application permissions; application provenance; cybercriminals; design efforts; encryption mechanisms; iOS security; mobile device vendors; organizations; security features; Androids; Encryption; Google; Humanoid robots; Mobile communication; Mobile handsets; Android; Application store; Mobile Platform; Security; iOS (ID#: 16-10841)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113562&isnumber=7113432

 

L. Gomez-Miralles and J. Arnedo-Moreno, “Lockup: A Software Tool to Harden iOS by Disabling Default Lockdown Services,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 718-723. doi:10.1109/3PGCIC.2015.57
Abstract: Smartphones and mobile devices nowadays accompany each of us in our pockets, holding vast amounts of personal data. The iOS platform has gained popularity in the last years, in particular in enterprise deployments, due to its supposed higher level of security. Recent research has pinpointed a number of mechanisms that are being abused today in order to compromise the security of iOS devices. In this paper, we present Lockup, a proof of concept tool that applies various mitigation measures in order to protect iOS devices against those attacks.
Keywords: iOS (operating system); mobile computing;s ecurity of data; smart phones; software tools; iOS device security; iOS platform; lockdown service; lockup; mobile device; smartphone; software tool; Computers; Data mining; Encryption; Mobile communication; Software tools; Universal Serial Bus; Apple; Hardening; Privacy; Security; iOS; iPad; iPhone (ID#: 16-10842)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424656&isnumber=7424499

 

S. Adibi, “Comparative Mobile Platforms Security Solutions,” Electrical and Computer Engineering (CCECE), 2014 IEEE 27th Canadian Conference on, Toronto, ON, 2014, pp. 1-6. doi:10.1109/CCECE.2014.6900963
Abstract: Mobile platform security solution has become especially important for mobile computing paradigms, due to the fact that increasing amounts of private and sensitive information are being stored on the smartphones’ on-device memory or MicroSD/SD cards. This paper aims to consider a comparative approach to the security aspects of the current smartphone systems, including: iOS, Android, BlackBerry (QNX), and Windows Phone.
Keywords: mobile computing; security of data; Android; BlackBerry; QNX; Windows Phone; comparative mobile platforms; iOS; mobile computing paradigm; mobile platform security solution; private information; sensitive information; smart phone; Androids; Encryption; Kernel; Mobile communication; Smart phones (ID#: 16-10843)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6900963&isnumber=6900900

 

Y.-D. Lin, J. Voas, A. Pescapè, and P. Mueller, “Communications and Privacy Under Surveillance,” in Computer, vol. 49, no. 3, pp. 10-13, Mar. 2016. doi:10.1109/MC.2016.65
Abstract: Legislation has not kept up with the many innovation leapfrogs that characterize computing technology. The recent legal tangle between the US Federal Bureau of Investigation and Apple about installing back doors in iOS for surveillance brings concerns about sensing, surveillance, privacy, security, secrecy, communication, and trust to the forefront of users’ minds.
Keywords: Internet; cryptography; encryption; privacy; security; surveillance (ID#: 16-10844)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7433344&isnumber=7433333
 


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.