Hi Folks,
I'm wondering if anyone has experience/feedback to integrating the Secure Enclaves in their projects to handle/secure sensitive data.
A few questions that I am struggling with are...
-
In iOS; What trusted mechanisms can be use for background service process isolation?
-
How can I use hardware backed keys for symmetric encryption of data at rest (in disk)
-
What inter process communication mechanisms can I use?
I understand that SecureEnclave does not support all the cryptography I might need for a specific use case. But I still want to separate application run-time from a permissions & isolated environment where I then choose to handle the sensitive material and perform cryptographic operations. Not as secure as if the enclave natively supported it, but since I can't run custom code in it, I want to be as close to that as possible using the standard isolation OS Mechanisms.
Any thoughts?
Thanks,
In iOS; What trusted mechanisms can be use for background service process isolation?
Let’s start by defining “background service process isolation”. It sounds like you want to structure your product so that:
-
It’s composed of multiple processes.
-
Those processes communicate via some IPC mechanism.
-
One process manages a secret that’s not available to other processes.
Is that right?
If so, iOS has no affordance for that. You trip over at the first step. iOS apps cannot be broken up into multiple processes [1].
Note On macOS we have a great way to handle this, namely XPC services, but that’s not supported on iOS. It would be great, IMO, if we supported this an iOS. Your use case is a perfect example of where it’d be helpful. I encourage you to file an enhancement request for XPC services to be supported on iOS, describing how it would help your product. Please post your bug number, just for the record.
How can I use hardware backed keys for symmetric encryption of data at rest
The SE does not support symmetric encryption. Standard practice here is to encrypt your bulk data with a symmetric key and then either:
-
Store the symmetric key in the keychain, using an access level that prevents it from being used by any other hardware
-
Encrypt the symmetric key with an SE-protected asymmetric key
I recommend that you review Apple Platform Security, which has more details about how these mechanisms actually work.
What inter process communication mechanisms can I use?
None [2]. See my answer to your first question.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] An iOS app can include other executables, known as app extensions, but those are run by the system under specific circumstances. There’s no general-purpose way to start a helper process.
[2] Well, on modern versions of iOS you have a wide suite of IPC APIs including XPC. The issue here isn’t the IPC APIs per se, but rather starting another process to talk to in the first place.
