[Cryptography] Yes, Apple is correct
Viktor Dukhovni
cryptography at dukhovni.org
Sun Feb 21 21:37:08 EST 2016
> On Feb 21, 2016, at 4:20 PM, John Levine <johnl at iecc.com> wrote:
>
> Why guess, when Apple has published a detailed description of it?
>
> https://www.apple.com/business/docs/iOS_Security_Guide.pdf
>
> Every iphone has a unique UID burned into the hardware at the time the
> phone was manufactured. The UID is not visible to software, it can
> only be used as an AES key. See the document for more details.
Well, the UID is not the IMEI, and in particular, quoting from the
document:
Each Secure Enclave is provisioned during fabrication with its
own UID (Unique ID) that is not accessible to other parts of the
system and is not known to Apple. When the device starts up, an
ephemeral key is created, entangled with its UID, and used to
encrypt the Secure Enclave’s portion of the device’s memory space.
In particular it seems that it is not possible to write software tied
to a particular UID, since nobody knows the UID. The IMEI is likely
outside the security boundary (still a guess, no mention of the IMEI
in that document).
This is all at first glance, so could be entirely bogus, apologies if
I'm not paying close enough attention to detail.
--
Viktor.
More information about the cryptography
mailing list