Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Forbes recommends tools for journalists

Michael Rogers michael at briarproject.org
Mon Dec 24 12:46:45 PST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/12/12 23:25, Eric S Johnson wrote:
>> Secure deletion is a problem we could solve in software, by
>> encrypting the data and then destroying the key to render the
>> data unrecoverable, *if* we had a few bytes of persistent,
>> erasable storage in which to store the key. (Storing the key on
>> the SSD itself doesn't work, because then we can't securely
>> delete the key.)
>> 
>> I'm not aware of any suitable storage on current smartphones or 
>> personal computers
> 
> Isn't this exactly how the iOS (v4+) can be remotely "wiped" in a
> couple seconds? Everything's encrypted, so deleting the key ...
> 
> Or are we saying the iOS's storage of the key is insecure?

A quick follow-up on this: iOS 4 and 5 store the encryption key for
the data partition in a special effaceable area of the SSD. The flash
translation layer, which maps logical to physical blocks, is
implemented in software, and thus the data partition can be securely
deleted when the device is wiped, by erasing the physical blocks of
the effaceable area.

However, secure deletion is all or nothing: if the device is wiped
before the adversary gains access to it, no data can be recovered. But
if the adversary gains access before the device is wiped, the device
can be booted with a custom ramdisk that can dump the contents of the
data partition - presumably including any deleted/overwritten data
left behind by the flash translation layer, since the custom ramdisk
can use its own software FTL to read the physical blocks.

That's not the end of the story: individual files within the data
partition can be further encrypted with keys derived from a
combination of a device-specific UID key and the user's passcode. Even
with a custom ramdisk, decrypting those files requires a brute force
attack on the passcode, which is slow because the device doesn't allow
direct access to the UID key and thus the brute force attack must be
run on the device itself.

TL;DR: wiping the device securely deletes everything, but if the
device isn't wiped, deleted data that wasn't protected by the passcode
can be recovered, and deleted data that was protected by the passcode
may be recoverable by brute forcing the passcode or learning it from
the user.

Source:
http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQ2L81AAoJEBEET9GfxSfMWzMH/0gjaOxitGgQnpq0tULWJe+9
+/i6vMlnFuLvPbVeYbV732hC89wGbxIks68hBc0eDCm5/rfnXH9AaCUpOlfQ+dlv
fgnrvFfbe+3hW1uHKo0R6fmx+/HUINW0UOxqaDn9hcIMbS+5J8mtuDpB8M8RwoWq
Y0q8LWZJfG8QojaMVTnTic+J8E4mde6sgFAvRGPhGz1ZoUZDxwgcEbsU25J949ZX
64K3pP6GM8/l/i0tQJzJDFEkLTKgRfa7nrXbX068pAXVbqsoOzTl7Qzl2T9q6fOk
B+zdI8hSv291OEQ20Bf7FHlEKWwG9mKEQWWJk+OaghmDsAr8j8lAZKNB4eh5t7M=
=N9sd
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list