Introduction Every iOS device combines software, hardware, and services designed to work together for maximum security and a transparent user experience iOS protects not only the device and its data at rest, but the entire ecosystem, including everything users do locally, on networks, and with key Internet services. iOS and iOS devices provide advanced security features, and yet they’re also easy to use. 1
Security architecture diagram of iOS provides a visualoverview of the different technologies discussed in thisdocument.Security architecture diagram 2
iOS Security1. System security: The integrated and secure software and hardware that are the platform for iPhone, iPad, and iPod touch.2. Encryption and data protection: The architecture and design that protects user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it3. App security: The systems that enable apps to run securely and without compromising platform integrity4. Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.5. Apple Pay: Apple’s implementation of secure payments.6. Internet services: Apple’s network-based infrastructure for messaging, syncing, and backup.7. Device controls: Methods that allow management of iOS devices, prevent unauthorized use, and enable remote wipe if a device is lost or stolen.8. Privacy controls: Capabilities of iOS that can be used to control access to Location Services and user data. 3
1. System security Secure boot chain Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware. This secure boot chain helps ensure that the lowest levels of software aren’t tampered with. 4
System Software AuthorizationApple regularly releases software updates toaddress emerging security concerns and alsoprovide new features; these updates areprovided for all supported devicessimultaneously. Users receive iOS updatenotifications on the device and throughiTunes, and updates are delivered wirelessly,encouraging rapid adoption of the latestsecurity fixes. The startup process describedabove helps ensure that only Apple-signedcode can be installed on a device. To preventdevices from being downgraded to olderversions that lack the latest security updates,iOS uses a process called System SoftwareAuthorization. If downgrades were possible,an attacker who gains possession of a devicecould install an older version of iOS andexploit a vulnerability that’s been fixed in thenewer version. 5
Secure Enclave 6
Search
Read the Text Version
- 1 - 6
Pages:
