Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Menu
Menu
A Few Thoughts on Cryptographic
Engineering
Ma hew Green in Apple January 16, 2018January 18, 2018 1,486 Words
Last week Apple made an announcement describing changes to the iCloud service
(h ps://support.apple.com/en-us/HT208352) for users residing in mainland China.
Beginning on February 28th, all users who have
specified China as their country/region will
have their iCloud data transferred to the GCBD
(h ps://english.gzdata.com.cn/) cloud services
operator in Guizhou, China.
Apple has strong data privacy and security protections in place and no backdoors will be created
into any of our systems”
That sounds nice. But what, precisely, does it mean? If Apple is storing user data on Chinese
services, we have to at least accept the possibility that the Chinese government might wish
to access it — and possibly without Apple’s permission. Is Apple saying that this is
technically impossible?
This is a question, as you may have guessed, that boils down to encryption.
Unfortunately there are many different answers to this question, depending on which part of
iCloud you’re talking about, and — ugh — which definition you use for “encrypt”. The
dumb answer is the one given in the chart on the right: all iCloud data probably is
encrypted. But that’s the wrong question. The right question is: who holds the key(s)?
However, there is a wrinkle. You see, iCloud isn’t entirely an Apple service, not even here in
the good-old U.S.A. In fact, the vast majority of iCloud data isn’t actually stored by Apple at
all. Every time you back up your phone, your (encrypted)
Good question!
You see, it’s entirely possible that the new Chinese cloud stores will perform the same task
that Amazon AWS, Google, or Microsoft do in the U.S. That is, they’re storing encrypted
blobs of data that can’t be decrypted without first contacting the iCloud mothership back in
the U.S. That would at least be one straightforward reading of Apple’s announcement, and
it would also be the most straightforward mapping from iCloud’s current architecture and
whatever it is Apple is doing in China.
Of course, this interpretation seems hard to swallow. In part this is due to the fact that some
of the new Chinese regulations appear to include guidelines
(h p://www.pillarlegalpc.com/en/news/wp-content/uploads/2017/06/Pillar-Legal-China-
Regulation-Watch-China-to-Strengthen-Regulatory-Oversight-of-Cloud-Services-2017-06-
16.pdf) for user monitoring. I’m no lawyer, and certainly not an expert in Chinese law — so
I can’t tell you if those would apply to backups. But it’s at least reasonable to ask whether
Chinese law enforcement agencies would accept the total inability to access this data
without phoning home to Cupertino, not to mention that this would give Apple the ability
to instantly wipe all Chinese accounts. Solving these problems (for China) would require
Apple to store keys as well as data in Chinese datacenters.
The critical point is that these two interpretations are not compatible. One implies that Apple is
simply doing business as usual. The other implies that they may have substantially
weakened the security protections of their system — at least for Chinese users.
And here’s my problem. If Apple needs to fundamentally rearchitect iCloud to comply with
Chinese regulations, that’s certainly an option. But they should say explicitly and
unambiguously what they’ve done. If they don’t make things explicit, then it raises the
possibility that they could make the same changes for any other portion of the iCloud
infrastructure without announcing it.
It seems like it would be a good idea for Apple just to clear this up a bit.
You said there was an exception. What about iCloud
Keychain?
I said above that there’s one place where iCloud passes the mud puddle test. This is Apple’s
Cloud Key Vault (h ps://www.schneier.com/blog/archives/2016/09/apples_cloud_ke.html),
which is currently used to implement iCloud Keychain (h ps://support.apple.com/en-
us/HT204085). This is a special service that stores passwords and keys for applications,
using a much stronger protection level than is used in the rest of iCloud. It’s a good model
for how the rest of iCloud could one day be implemented.
The critical thing is that the “anyone” mentioned above includes even Apple themselves. In
short: Apple has designed a key vault that even they can’t be forced to open. Only
customers can get their own keys.
What’s strange about the recent Apple announcement is that users in China will apparently
still have access to (h ps://support.apple.com/en-us/HT208352) iCloud Keychain. This
means that either (1) at least some data will be totally inaccessible to the Chinese
government, or (2) Apple has somehow weakened the version of Cloud Key Vault deployed
to Chinese users. The la er would be extremely unfortunate, and it would raise even deeper
questions about the integrity of Apple’s systems.
Probably there’s nothing funny going on, but this is an example of how Apple’s vague (and
imprecise) explanations make it harder to trust their infrastructure around the world.
Unfortunately, the problem with Apple’s disclosure of its China’s news is, well, really just a
version of the same problem that’s existed with Apple’s entire approach to iCloud.
Where Apple provides overwhelming detail about their best security systems (file
encryption, iOS, iMessage
(h ps://www.apple.com/business/docs/iOS_Security_Guide.pdf)), they provide
distressingly li le technical detail about the weaker links like iCloud encryption. We know
that Apple can access and even hand over iCloud backups
(h ps://www.theverge.com/2016/2/22/11093798/apple- i-encryption-fight-icloud-san-
bernardino) to law enforcement. But what about Apple’s partners? What about keychain
data? How is this information protected? Who knows.
This vague approach to security might make it easier for Apple to brush off the security
impact of changes like the recent China news (“look, no backdoors!”) But it also confuses
the picture, and calls into doubt any future technical security improvements that Apple
might be planning to make in the future. For example, this article from 2016 claims that
Apple is planning stronger overall encryption for iCloud
(h ps://9to5mac.com/2016/02/25/apple-working-on-stronger-icloud-backup-encryption-and-
iphone-security-to-counter- i-unlock-requests/). Are those plans scrapped? And if not, will
those plans fly in the new Chinese version of iCloud? Will there be two technically different
versions of iCloud? Who even knows?
And at the end of the day, if Apple can’t trust us enough to explain how their systems work,
then maybe we shouldn’t trust them either.
Notes:
* This is actually just a guess. Apple could also outsource their key storage to a third-party
provider, even though this would be dumb.
** A big caveat here is that some iCloud backup systems use convergent encryption
(h ps://en.wikipedia.org/wiki/Convergent_encryption), also known as “message locked
encryption”. The idea in these systems is that file encryption keys are derived by hashing
the file itself. Even if a cloud storage provider does not possess encryption keys, it might be
able to test if a user has a copy of a specific file. This could be problematic. However, it’s not
really clear from Apple’s documentation if this a ack is feasible. (Thanks to RPW
(h ps://twi er.com/esizkur) for pointing this out.)
Menu