Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to...
Transcript of Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to...
![Page 1: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/1.jpg)
iOS SecurityData protection
January 17, Tokyo iOS Meetup
![Page 2: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/2.jpg)
What is?It is a feature to protect data “at rest” and to make offline attacks difficult.
iOS 4 DATA PROTECTION 101https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf
![Page 3: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/3.jpg)
Architecture
iOS Security October 2014https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
![Page 4: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/4.jpg)
Data Protection classes
![Page 5: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/5.jpg)
Data Protection classes
Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class.
Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent ItBy Jonathan Zdziarski
![Page 6: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/6.jpg)
Data Protection classesNSFileProtectionComplete
![Page 7: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/7.jpg)
Data Protection classesNSFileProtectionComplete
The class key is protected with a key derived from the user passcode and the device UID. Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked.
![Page 8: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/8.jpg)
Data Protection classesNSFileProtectionComplete
The class key is protected with a key derived from the user passcode and the device UID. Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked.
An AES 256-bit key fused into the application processor during manufacturing.Is unique to each device and is not recorded by Apple or any of its suppliers.
![Page 9: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/9.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
![Page 10: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/10.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.
![Page 11: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/11.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.
Used to write files while the device is locked, e.g., downloading a file in the background.
![Page 12: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/12.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.
Used to write files while the device is locked, e.g., downloading a file in the background.
Uses ECDH.
![Page 13: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/13.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.
Used to write files while the device is locked, e.g., downloading a file in the background.
Uses ECDH.Why?
![Page 14: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/14.jpg)
Data Protection classesNSFileProtectionCompleteUnlessOpen
The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.
Used to write files while the device is locked, e.g., downloading a file in the background.
Uses ECDH.Why? Higher security (more security per bit)
Less resources
![Page 15: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/15.jpg)
Data Protection classesNSFileProtectionCompleteUntilFirstUserAuthentication
![Page 16: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/16.jpg)
Data Protection classesNSFileProtectionCompleteUntilFirstUserAuthentication
Same as NSFileProtectionComplete but the key remains in memory after the device has been locked.
![Page 17: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/17.jpg)
Data Protection classesNSFileProtectionNone
The class key is protected only with the UID.
![Page 18: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/18.jpg)
How it works?
![Page 19: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/19.jpg)
How it works?
● Hierarchy of cryptographic keys
![Page 20: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/20.jpg)
How it works? - Why a hierarchy?
![Page 21: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/21.jpg)
How it works? - Why a hierarchy?
Flexibility and performance
![Page 22: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/22.jpg)
How it works? - Why a hierarchy?
Flexibility and performance
● Changing the passcode just rewraps the classes keys
![Page 23: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/23.jpg)
How it works? - Why a hierarchy?
Flexibility and performance
● Changing the passcode just rewraps the classes keys
● Wiping the device is just deleting the system key
![Page 24: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/24.jpg)
How it works? - Why a hierarchy?
![Page 25: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/25.jpg)
How it works?
● Hierarchy of cryptographic keys
● File system support
![Page 26: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/26.jpg)
How it works?
● Hierarchy of cryptographic keys
● File system support
● AES engine (hardware)
![Page 27: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/27.jpg)
How it works? - Creating a file
encrypt (file, perFileKey)AES engine
File
Fileencrypted
perFilekey
![Page 28: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/28.jpg)
How it works? - Creating a file
encrypt (file, perFileKey)AES engine
File
Fileencrypted
Class key
![Page 29: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/29.jpg)
How it works? - Creating a file
encrypt (file, perFileKey)AES engine
File
Fileencrypted
Metadata
Class key
![Page 30: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/30.jpg)
How it works? - Creating a file
encrypt (file, perFileKey)AES engine
File
Fileencrypted
Fileencrypted
Metadata
Class key
![Page 31: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/31.jpg)
How it works? - Reading a file
Fileencrypted
Metadata
Class key
![Page 32: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/32.jpg)
How it works? - Reading a file
Fileencrypted
Metadata
Class key System key
![Page 33: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/33.jpg)
How it works? - Reading a file
Fileencrypted
Metadata
Class key System key
Metadata
Class key
![Page 34: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/34.jpg)
How it works? - Reading a file
Fileencrypted
Metadata
Class key System key
Metadata
Class key
decrypt (file, perFileKey)AES engine
![Page 35: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/35.jpg)
How it works? - Reading a file
Fileencrypted
Metadata
Class key System key
Metadata
Class key
decrypt (file, perFileKey)AES engine
File
![Page 36: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/36.jpg)
Keychain and Data Protection
![Page 37: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/37.jpg)
Keychain and Data Protection
The keychain is implemented as a SQLite database stored on the file system.
![Page 38: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/38.jpg)
Keychain and Data Protection
The keychain is implemented as a SQLite database stored on the file system.
There is only one database; the security daemon determines which keychain items each process or app can access.
![Page 39: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/39.jpg)
Keychain and Data Protection
![Page 40: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/40.jpg)
Keychain and Data Protection
The default is kSecAttrAccessibleAfterFirstUnlock .
![Page 41: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/41.jpg)
Keychain and Data Protection
The default is kSecAttrAccessibleAfterFirstUnlock .
I recommend using kSecAttrAccessibleWhenUnlocked as default and only if necessary changing it for individual keys that are need in the background.
![Page 42: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/42.jpg)
Keychain and Data ProtectionNSMutableDictionary *attributes = [[NSMutableDictionary alloc] init];//...[attributes setObject:(__bridge id)kSecAttrAccessibleWhenUnlocked
forKey:(__bridge id)kSecAttrAccessible];
![Page 43: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/43.jpg)
What if data protection is not used?Install the Gmail app.
![Page 44: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/44.jpg)
What if data protection is not used?Install the Gmail app. Read some emails.
![Page 45: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/45.jpg)
What if data protection is not used?Install the Gmail app. Read some emails.Lock the device (non-jailbroken).
![Page 46: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/46.jpg)
What if data protection is not used?Install the Gmail app. Read some emails.Lock the device (non-jailbroken).Browse the device (iFunBox, Xcode).
![Page 47: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/47.jpg)
What if data protection is not used?
![Page 48: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/48.jpg)
How to enable Data Protection in our apps?
![Page 49: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/49.jpg)
How to enable Data Protection in our apps?
S i m p l e !
![Page 50: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/50.jpg)
How to enable Data Protection in our apps? - Xcode
![Page 51: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/51.jpg)
How to enable Data Protection in our apps?
project.pbxproj
9C201A441827FB6F60CC6872 = {DevelopmentTeam = 9XFDAR3CTM;SystemCapabilities = {
com.apple.DataProtection = {enabled = 1;
};};
};
![Page 52: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/52.jpg)
How to enable Data Protection in our apps? - App ID
![Page 53: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/53.jpg)
Sum up
![Page 54: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/54.jpg)
Sum up
● What is data protection
![Page 55: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/55.jpg)
Sum up
● What is data protection● How it works
![Page 56: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/56.jpg)
Sum up
● What is data protection● How it works● What is the keychain?
![Page 57: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/57.jpg)
Sum up
● What is data protection● How it works● What is the keychain?● What if data protection is not used?
![Page 58: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/58.jpg)
Sum up
● What is data protection● How it works● What is the keychain?● What if data protection is not used?● How to enable it in our apps
![Page 59: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/59.jpg)
Q&A, Discussion
![Page 60: Data Protection-iOS Meetup · Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and](https://reader035.fdocuments.in/reader035/viewer/2022071220/605a7a81758c1a2bae71c0f6/html5/thumbnails/60.jpg)
Further reading● iOS Security https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
● iOS 4 DATA PROTECTION 101 https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf
● Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent it http://www.amazon.co.jp/Hacking-Securing-iOS-Applications-Hijacking/dp/1449318746/ref=sr_1_1?ie=UTF8&qid=1420987300&sr=8-1&tag=tabisty-22&keywords=Hacking+and+Securing+iOS+Applications+Stealing+Data%2C+Hijacking+Software%2C+and+How+to+Prevent+It
● Diffie-Hellman key exchange http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
● A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/