Example: air traffic controller

iOS Security Guide - iOS 11 - apple.com

IOS SecurityiOS 20182iOS Security | November 2018 ContentsPage 5 IntroductionPage 6 System SecuritySecure boot chainSystem Software Authorization Secure EnclaveOS Integrity Protection Touch IDFace IDPage 15 Encryption and Data ProtectionHardware Security featuresFile Data ProtectionPasscodesData Protection ClassesKeychain data protectionKeybagsPage 25 App SecurityApp code signingRuntime process securityExtensionsApp GroupsData protection in appsAccessoriesHomeKitSiriKitHealthKitRe playKitSecure notesShared notesApple WatchPage 39 Network Security TLS VPN Wi-Fi Bluetooth Single sign-on AirDrop securityWi-Fi password sharing Page 47 apple PayApple Pay componentsHow apple Pay uses the Secure ElementHow apple Pay uses the NFC controllerCredit, debit, and prepaid card provisioningPayment authorizationTransaction-specific dynamic Security code3iOS Security | November 2018 Paying with credit and debit cards in storesPaying with credit and debit cards within a

Introduction Apple designed the iOS platform with security at its core. When we set out to create the best possible mobile platform, we drew from decades of experience

Tags:

  Apple

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of iOS Security Guide - iOS 11 - apple.com

1 IOS SecurityiOS 20182iOS Security | November 2018 ContentsPage 5 IntroductionPage 6 System SecuritySecure boot chainSystem Software Authorization Secure EnclaveOS Integrity Protection Touch IDFace IDPage 15 Encryption and Data ProtectionHardware Security featuresFile Data ProtectionPasscodesData Protection ClassesKeychain data protectionKeybagsPage 25 App SecurityApp code signingRuntime process securityExtensionsApp GroupsData protection in appsAccessoriesHomeKitSiriKitHealthKitRe playKitSecure notesShared notesApple WatchPage 39 Network Security TLS VPN Wi-Fi Bluetooth Single sign-on AirDrop securityWi-Fi password sharing Page 47 apple PayApple Pay componentsHow apple Pay uses the Secure ElementHow apple Pay uses the NFC controllerCredit, debit, and prepaid card provisioningPayment authorizationTransaction-specific dynamic Security code3iOS Security | November 2018 Paying with credit and debit cards in storesPaying with credit and debit cards within appsPaying with credit and debit cards on the webContactless passesApple Pay CashTransit cardsStudent ID cardsSuspending, removing, and erasing cardsPage 58 Internet Services apple IDiMessage Business ChatFaceTimeiCloudiCloud KeychainSiriSafari Suggestions, Siri Suggestions in Search, Lookup, #images, News app.

2 And News widget in non-News countriesSafari Intelligent Tracking PreventionPage 74 User Password ManagementApp access to saved passwordsAutomatic strong passwordsSending passwords to other people or devicesCredential provider extensionsPage 77 Device ControlsPasscode protectioniOS pairing modelConfiguration enforcementMobile device management (MDM)Shared iPadApple School ManagerApple Business ManagerDevice EnrollmentApple Configurator 2 SupervisionRestrictionsRemote wipeLost ModeActivation LockScreen TimePage 85 Privacy ControlsLocation ServicesAccess to personal dataPrivacy policyPage 86 Security Certifications and ProgramsISO 27001 and 27018 certificationsCryptographic validation (FIPS 140-2)Common Criteria Certification (ISO 15408)Commercial Solutions for Classified (CSfC)

3 Security configuration guides4iOS Security | November 2018 Page 88 apple Security BountyPage 89 ConclusionA commitment to securityPage 90 Glossary Page 93 Document Revision History 5iOS Security | November 2018 apple designed the iOS platform with Security at its core. When we set out to create the best possible mobile platform, we drew from decades of experience to build an entirely new architecture. We thought about the Security hazards of the desktop environment, and established a new approach to Security in the design of iOS. We developed and incorporated innovative features that tighten mobile Security and protect the entire system by default.

4 As a result, iOS is a major leap forward in Security for mobile iOS device combines software, hardware, and services designed to work together for maximum Security and a transparent user experience. iOS protects not only the device and its data at rest, but the entire ecosystem, including everything users do locally, on networks, and with key internet and iOS devices provide advanced Security features, and yet they re also easy to use. Many of these features are enabled by default, so IT departments don t need to perform extensive configurations. And key Security features like device encryption aren t configurable, so users are unable to disable them by mistake.

5 Other features, such as Face ID, enhance the user experience by making it simpler and more intuitive to secure the document provides details about how Security technology and features are implemented within the iOS platform. It will also help organizations combine iOS platform Security technology and features with their own policies and procedures to meet their specific Security document is organized into the following topic areas: System Security : The integrated and secure software and hardware that are the platform for iPhone, iPad, and iPod touch. Encryption and data protection: The architecture and design that protects user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it.

6 App Security : The systems that enable apps to run securely and without compromising platform integrity. Network Security : Industry-standard networking protocols that provide secure authentication and encryption of data in transmission. apple Pay: apple s implementation of secure payments. Internet services: apple s network-based infrastructure for messaging, syncing, and backup. User password management: Password restrictions and access to passwords from other authorized sources. Device controls: Methods that allow management of iOS devices, prevent unauthorized use, and enable remote wipe if a device is lost or stolen. Privacy controls: Capabilities of iOS that can be used to control access to Location Services and user data.

7 Security Certifications and programs: Information on ISO certifications, Cryptographic validation, Common Criteria Certification, and commercial solutions for classified (CSfC).IntroductionDevice KeyGroup KeyApple Root CertificateCrypto EngineKernelOS PartitionSecureEnclaveSecureElementUser Partition(Encrypted)Data ProtectionClassApp SandboxFile SystemSoftwareHardware and FirmwareSecurity architecture diagram of iOS provides a visual overview of the different technologies discussed in this Security | November 2018 System Security is designed so that both software and hardware are secure across all core components of every iOS device. This includes the boot-up process, software updates, and Secure Enclave.

8 This architecture is central to Security in iOS, and never gets in the way of device tight integration of hardware, software, and services on iOS devices ensures that each component of the system is trusted, and validates the system as a whole. From initial boot-up to iOS software updates to third-party apps, each step is analyzed and vetted to help ensure that the hardware and software are performing optimally together and using resources boot chainEach step of the startup process contains components that are cryptographically signed by apple to ensure integrity and that proceed only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware.

9 This secure boot chain helps ensure that the lowest levels of software aren t tampered an iOS device is turned on, its application processor immediately executes code from read-only memory known as Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the apple Root CA public key, which is used to verify that the iBoot bootloader is signed by apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by apple . When the iBoot finishes its tasks, it verifies and runs the iOS kernel.

10 For devices with an A9 or earlier A-series processor, an additional Low-Level Bootloader (LLB) stage is loaded and verified by the Boot ROM and in turn loads and verifies failure of the Boot ROM to load LLB (on older devices) or iBoot (on newer devices) results in the device entering DFU mode. In the case of a failure in LLB or iBoot to load or verify the next step, startup is halted and the device displays the connect to iTunes screen. This is known as recovery mode. In either case, the device must be connected to iTunes through USB and restored to factory default Boot Progress Register (BPR) is used by the Secure Enclave to limit access to user data in different modes and is updated before entering the following modes: Recovery Mode: Set by iBoot on devices with apple A10, S2, and newer system on chip (SoCs) DFU Mode.


Related search queries