How Apple can safely comply with Court Orders
In a press release dated 02/16/2016, Apple reveals the details of how the United States government asked them to unlock an iPhone related to the San Bernardino shooting case.
And I quote,
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
Apple uses a multi-tiered encryption scheme on all its newer phones, and while the iPhone in question lacks the “secure enclave” hardware security device, there is a possibility of randomly guessing the 4 digit pincode, and one of the FBI’s suggestions is to allow the repeated guessing of the pin code on this particular phone (to bypass the system’s limit on the number of tries).
The problem with disabling the protection against repeated attempts is that such a solution is difficult to constrain to one particular iPhone, like apple says in their release.
However, there is solution entirely based in cryptography, that would keep Apple customers safe but at the same time let the FBI access terrorists’ iPhones.
A Solution -
The possible solution to this problem makes use of the following:
- Public Key Cryptography
- Private keys stored in hardware, and performing decryption without the private key leaving hardware
- Hardware based private keys issued to 7 or more trusted Apple execs “Apple Trustees”. These keys should sign a piece of given text upon fingerprint authorization of the owner.
- A “master” asymmetric key-pair, with the public key (“Master Public Key”) sent to all iPhones as an update, and the private key stored in a “Shared Decryption Device” at Apple HQ (next point).
- The “Shared Decryption Device” is a piece of hardware that uses a chip like Atmel’s ATECC508 to decrypt data, but only when authorized. The public keys of the 7 Apple Trustees are known to this device, and it only decrypts data when, say, 5 out of seven signatures are present within a time interval of x minutes.
The modified encryption scheme would go something like this:
- Upon generation of encryption keys for use on the iPhone, immediately encrypt the encryption keys with the “Master Public Key”.
- Send the encrypted encryption keys to Apple (this data is useless even if intercepted).
When the FBI wants to catch a terrorist, Apple can now do the following:
- Retrieve the encrypted encryption keys for the iPhone in question
- Bring together 5 out of 7 Apple Trustees, the Shared Decryption Device, and the data to be decrypted
- All Apple Trustees issue a signature, and these signatures are verified by the shared decryption device. Upon success, the encryption keys of the terrorist’s iPhone are revealed.
Because this method relies on cryptography (and hence the mathematics of large numbers), this encryption is difficult/impossible to break, and at the same time, Apple is able to protect their regular customers.
For additional security, the Master Public Key can also be stored in the the phone’s hardware security enclave (for iPhones yet to be manufactured).