How Secure is Apple's new Touch ID?

Sep 17, 2013 - by Dan Jones

Taken from Quora.com

en·clave noun \ˈen-ˌklāv, ˈän-ˌklāv\
: A group that is set off from a larger population by its characteristic or behavior.

A Seven Year Apple Odyssey That Ended At The Enclave

With the September 10th, 2013 announcement [1] of the iPhone 5s and the Touch ID fingerprint technology, Apple has moved the world quite a leap forward with security and a magical way to gain instant access to our iPhones.  This was a rather long journey for Apple that I know will bear fruit for the next 10 years.

I have been tracking the notion that Apple would deploy fingerprint scanners since 2008 [2] and was rather certain that I would one day see Apple release what is now known as Touch ID.  Over the years many very educated and perhaps well known people in the tech world would discount the entire range of logical premises Apple would base this product on.  Some of that view changed after the summer of 2012 when Apple acquired AuthenTec.  At that point some of the payment startups I was advising began to finally take note.  Some however hoped if they ignore me and perhaps Apple, this would all just go away (this was actually said out loud by a founder no less).

Back in 2008 when I first saw the Apple patent that literally sent me back into my chair and yelled out [2] as I saw the future in one image in that patent application.  However I began to wonder how would Apple secure such an important piece of biometric data.  Working in the payment card business for over 30 years and in particular with the encryption requirements for PIN numbers, I knew that there could be no software only solution for this problem.  Thus I always knew that there would be a need for a segregated area to encase this data in hardware. Did not guess it would be poetically called an Enclave. 

The World Of The Secure Enclave

In the torrent of the billions of words already written about Touch ID very, very few people have really understood just how revolutionary this really is.   Apple not only has developed one of the most accurate mass produced biometric security devices, they have also solved critical problems with how the data from this device will be encrypted, stored and secured. Apple Calls this the Secure Enclave and it is a relatively new concept. 



TouchID

Illustration of the iPhone Secure Enclave.

iPhone Gets Help From Extra ARMs

The iPhone 5s uses the ARMv8 based processor (known as A7 by Apple) designed by ARM Limited[3] and Apple.  The A7 uses a 64-bit processor architecture as opposed to the 32-bit processor architecture of the older iPhones.  This is a rather large gain in raw processor horsepower but it will not be fully useful for quite sometime as code recompiles will be needed to allow apps to uses the performance gain.  We will begin to see some specialized apps that are 5s only at some future date as backward compiles may not make sense. Apple is also using the M7, a companion core to the A7 and will control accelerometer, gyroscope and compass and other not so obvious things.

The A7 Was Built For High Security

The amazing thing about ARM and the way they build components is that they are hyper responsive to the needs of the companies that will use their products.  ARM has been the choice for just about all smartphone for this and quite a number of reasons.

There are numerous reasons Apple moved to the A7 processor.  One reason is the hardware requirements of Touch ID.  To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture.  

About three years ago ARM began to look into this very issue. and through a number of partnerships created what is now known as TrustZone/SecurCore [4]. TrustZone technology is tightly integrated into the A7 processor and extends throughout the system via the AMBA AXI bus and specific TrustZone System IP blocks. This system approach means that it is possible to secure peripherals such as secure memory, crypto blocks, keyboard, screen and sensors to ensure they can be protected from software attack. 

Back in April, 3rd 2012 I did take note that ARM was forming a partnership with Gemalto and Giesecke & Devrientto [5] to create secure payment devices but did not yet make the Apple fingerprint scanner connection I have had in my mind since 2008:



“The new venture will focus on improving security for smart connected devices by developing a Trusted Execution Environment (TEE) based on the established ARM® TrustZone® security technology. This common, secure environment for software execution will utilize advanced hardware security coupled with industry standard software interfaces, such as those from the GlobalPlatform industry association.

...

Devices with a TEE will provide consumers with more secure, user-friendly experiences that simplify and speed up how they interact with their digital world. This will enable them to use their smart, connected devices more frequently to access an increasing range of applications and services in a secure way. This includes mobile payment, enterprise productivity and mobile banking applications, as well as online commerce and premium content services.

This white paper written by ARM in 2008 really shows just how much the A7 is being designed for mobile payments [6]:



“6.2.2 Mobile Payment

Many embedded devices are now storing a large amount of user data, including sensitive information such as synchronised email, mobile banking details, andmobile payment credentials. This user data can be protected, requiring the entry of passcode before it can be used, however once unlocked it is vulnerable to any weakness in the underlying software environment.

Migrating the data storage, data manipulation, and even the passcode entry, into the Secure world makes sense for many applications that make use of user data. While all of these use cases have subtly different assets, they all share a similar security requirements. For the purposes of this example, Gadget2008 will use mobile payment which has stricter requirements than most of the other use cases.”

How Does The Secure Enclave Work?

It turns out this was the perfect convergence for the synergy needed to allow Apple to move forward with TouchID. Apple has customized a highly optimized version of TrustZone and created what is now known Secure Enclave.  Of course Apple will likely never release the details of what they do in the custom hardware for number of reasons. Thus I will speak directly of TrustZone and extrapolate to Secure Enclave.   

The security of the TrustZone system is achieved by partitioning all of the hardware and software resources so that they exist in one of two worlds - the Secure world for the security subsystem or the Normal world for everything else. The TrustZone-enabled AMBA3 AXI bus fabric ensures that Normal world components do not access Secure world resources, enabling construction of a strong perimeter boundary between the two. 



TouchID - Partitions

Hardware Architecture of TrustZone.

This design places the sensitive resources in the Secure world, and implements robust software running on the secure processor cores, can protect assets against many possible attacks, including those which are normally difficult to secure.  By separating security sensitive peripherals through hardware this will limit the number of sub-systems that need to go through security evaluation. The two virtual processors context switch via a processor mode called monitor mode when changing the currently running virtual processor. 



TouchID - Partitions again

Software Architecture of TrustZone

The A7 Is Optimized For Secure Mobile Payments

Thus we can really see just how deep the security runs in DNA of the A7 processor.  The deep level hardware based secure architecture is rather rock solid.  It would require a rather large magnitude of hardware hacking to even attempt access to the data stored in the Secure Enclave.  

Now one could argue that this is all well and good for the device itself, but what about the Internet?  It turns out the data needed to activate systems in the cloud will be best described as a token via the Internet.  This is exactly how Apple will active iTunes and App Store purchases.  And in the future some retail payment card transactions [7].



TouchID - ARM

ARM Limited’s Webpage devoted to ARM product use cases in payments.

Additional Security 

To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (example full battery drain) or hasn’t been unlocked for 48 hours. This is a genius feature that is meant to set a time limit for criminals if try to find a way to circumvent the fingerprint scanner.

Huge Developer Opportunity

Apple has wisely restricted very, very limited access to Touch ID and does not have any APIs available for developers.  In fact Apple has removed the iCloud Keychain from the most recent developer build of iOS 7.  I can only publicly say this has a lot of reasons that will be very clear in the next few months.  The technology is now limited to just two use cases, device unlock and iTunes and App Store purchases.  Of course this was not the limited intent of this technology and there will be full developer API access at some point, perhaps not in some areas that Apple will limit as they want to be the sole provider in those areas.  

There are dozens of applications and use cases on the roadmap and I am certain a developer economy will build around this amazing technology.  One that is very clear is retail payments and Apple will have quite a number of unique ways they will solve real problems for merchants and iPhone users.  I can say this aspect of Touch ID will be more magical then what we have seen thus far.  There will be connections to iBeacons and the amazing technology Apple just acquired through Passif.

Touch ID Is Paradigm Changing

Apple has taken a very slow and methodical approach with the release of Touch ID.  We can see that there was a tremendous amount of amazing work that has gone into this project.  All of this convergence took over seven years of very hard work. It includes many patent applications, the acquisition of AuthenTec, the selection of the A7 processor and the integration of the TrustZone suite all baked together into what we now know as Touch ID. 

This has been a long journey that has only just been made public and I am rather certain that Steve Jobs would be quite proud.



_____
[1] http://www.quora.com/Apple-Septe...
[2] Apple, September 9th 2008 to September 10th, 2013: The Death Of The Password. by Brian Roemmele on Accepting Payment Cards
[3] The Architecture For The Digital World
[4] TrustZone - ARM
[5] ARM, Gemalto and Giesecke & Devrient Form Joint Venture To
[6] Page on Arm
[7] Mobile Payments - ARM