encryp’on, security, and privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · examples l incorrectly padding...
TRANSCRIPT
![Page 1: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/1.jpg)
Encryp'on,Security,andPrivacyStevenM.Bellovin
h9ps://www.cs.columbia.edu/~smb
![Page 2: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/2.jpg)
Disclaimer
EverythingIsayismyopinionalone,anddoesnotrepresenttheopinionofanyUSgovernmentagency.
smb
2
![Page 3: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/3.jpg)
The“GoingDark”Debatel Formanyyears,theNSAandtheFBIhaveworriedaboutthespreadofcryptographyinthecivilianworld
l Ontheotherhand,encryp'onisnecessarytoprotectAmericancomputersanddata
l Isthereaproblem?Ifso,isacompromisepossible?
smb
3
![Page 4: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/4.jpg)
It’sanOldDebatel Accordingtosomereports,theneedforcivilianencryp'onwasrecognizedin1972whentheSovietseavesdroppedonUSgrainnego'ators
l IBMproposedthe“Lucifer”cipher,with112-bitkeys
l AYerrefinement,thekeysizewas64bits.NSAwanted48instead,toaidintheira9acks;IBMandtheNSAcompromisedon56bits
l IsthereawaytobalancetheneedtoprotectAmericaninforma6onwiththeneedoflawenforcementandintelligenceagenciesto(lawfully)intercepttraffic.Isthereevenaproblem?
smb
4
![Page 5: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/5.jpg)
CryptographyisHardl Mostnon-governmentcryptographersopposemodifyingencryp'onsystemstopermitgovernmentaccess
l Why?Becausecryptographyishardintherealworld
l Real-worldcryptosystemsarefarmorecomplexthanhigh-levelexamples—andthecomplexityleadstotrouble
smb
5
![Page 6: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/6.jpg)
CryptographicProtocolsl Whendoingencryp'on,youneedaprotocol—astylizedsetofmessagesanddataformats
l Gefngthesewrongcanresultinsecurityproblems
l Theveryfirstacademicpaperonthesubject(NeedhamandSchroeder,1978)endedwithawarning:“Finally,protocolssuchasthosedevelopedherearepronetoextremelysubtleerrorsthatareunlikelytobedetectedinnormalopera'on.Theneedfortechniquestoverifythecorrectnessofsuchprotocolsisgreat,andweencouragethoseinterestedinsuchproblemstoconsiderthisarea.”
l Theywereright—asimpleflawintheirdesignwentunno'cedfor18years
smb
6
![Page 7: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/7.jpg)
Examplesl Incorrectlypaddingashortmessagetomatchtheencryp'onalgorithm’srequirementshasresultedinsecurityflaws
l Notauthen'ca'ngeveryencryptedmessagehasresultedinflaws.(Thatwastheessen'alflawrecentlyfoundinApple’siMessageprotocol.)
l Omifngsequencenumbersfromencryptedmessageshasresultedinflaws
l Theexistenceofolder,“exportable”algorithmsinthekeyandalgorithmnego'a'onprotocolhasresultedinflaws
l Tryingtoprovidean“addi'onaldecryp'onkey”forthegovernmenthasresultedinflaws
smb
7
![Page 8: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/8.jpg)
HistoricalExample:TheWorldWarIIEnigmaMachine
Photo:publicdomainsmb
8
![Page 9: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/9.jpg)
HistoricalExample:TheWorldWarIIEnigmaMachine
Youselecttheproperrotors
Photo:publicdomainsmb
9
![Page 10: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/10.jpg)
HistoricalExample:TheWorldWarIIEnigmaMachine
Adjusttherotorstotheir“groundsefng”
Photo:publicdomainsmb
10
![Page 11: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/11.jpg)
HistoricalExample:TheWorldWarIIEnigmaMachine
Settheplugboard
Photo:BobLord,viaWikiMediaCommonssmb
11
![Page 12: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/12.jpg)
HistoricalExample:TheWorldWarIIEnigmaMachine
Photo:PaulHudson,viaFlickr
• Pickthreerandomle9ersandencryptthemtwice,andsendthosesixle9ersasthestartoftheencryptedmessage
• Resettherotorstothosethreele9ers
smb
12
![Page 13: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/13.jpg)
WhatCouldGoWrong?l Sendingthesame,simplemessageeverydaywasafatalflaw
l Pickingnon-randomle9erswasafatalflaw
l Sendingamessageconsis'ngofnothingbutthele9er“L”wasafatalflaw
l Encryp'ngthethreele9erstwicewasafatalflaw
smb
13
![Page 14: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/14.jpg)
TheThreeLe9ersl Imaginethat“XJM”wasencryptedto“AMRDTJ”
l ThecryptanalystsrealizedthatAandDrepresentedthesamele9er,MandTwerethesame,andRandJwerethesame
l Thisgaveawayvaluablecluestotherotorwiringandtherotororder!
Cryptographyishard…
smb
14
![Page 15: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/15.jpg)
AProposedCompromise:Addi'onalDecryp'onKeysl Genericname:“excep'onalaccess”
l (Avoidsthevaluejudgmentimplicitincallingita“backdoor”,a“frontdoor”,a“goldenkey”)
l Oneproposal:Anyencryp'onsystemshouldprovideanaddi6onaldecryp6onkey,accessibleunderproperlegalsafeguards
l Firstinstan'atedintheClipperChip(1993),specialhardwarethatimplementedathen-classifiedencryp'onalgorithm(Skipjack)l Ithadanunexpectedflawintheexcep'onalaccessmechanism…
smb
15
![Page 16: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/16.jpg)
SystemandPolicyProblemsl Howdoyouprotectthesecretkeynecessarytousethisfeature?
l Howdoyouprotectitagainstamajorintelligenceagency?
l Howdoyouprotecttheprocessagainstrou'niza'onofaccess?l Manha9analonehas200phonestheDAwantstodecrypt;SacramentoCountyhas80
l Thereareundoubtedlythousandsmoreacrossthecountrytodayl Willpeopledotherightthingwhenit’ssomethingtheydoeveryday,repeatedly?Hint:“rulebookslowdowns”workbecausenormally,peopledon’tfolloweverylastrule…
smb
16
![Page 17: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/17.jpg)
WhichCountriesCanDecrypt?l Whohastherighttothedecryp'onkey?
l Wherethedevicewassold?
l Wherethedeviceisnow?l Doesanewkeygetinstalledattheborder?Howcanthatbedonesecurely?l Twice,I’vebeeninonecountrybutmyphonewastalkingtoacelltowerinanotheracrosstheborder
l Theci'zenshipoftheowner?Howdoestheencryp'oncodeknow?
l Willcountriestrusteachother?Notlikely…
smb
17
![Page 18: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/18.jpg)
Interna'onalEconomicsl Whataboutforeign-madecryptography?
l Themajorityofencryp'onproductsaredevelopedabroadl Thelast'mecryptowasanissue,inthe1990s,thelossofbusinesstonon-UScompanieswasamajorfactorinlooseningexportrestric'ons
l Whatnon-USbuyerswillwantAmericansoYwareifthecryptohasanexcep'onalaccessfacilityaccessibletotheFBIandtheNSA?l In1997,theSwedishparliamentwasnotamusedtolearnthatthey’dpurchasedasystemtowhichtheNSAhadthekeys
l WhatwilltheStateDepartmentsaytoChinawhenitwantsitsownaccess?
smb
18
![Page 19: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/19.jpg)
TheCostofCompliancel Ifbreakingencryp'onistoocheap,itisbadforsociety:“theordinarychecksthatconstrainabusivelawenforcementprac'ces[are]:‘limitedpoliceresourcesandcommunityhos'lity.’”(USv.Jones,615F.3d544(2012),Sotomayor,concurring)
l Ifit‘stooexpensiveforthevendor,itinhibitsinnova'on
l Codecomplexityisalsoacostandsecurityproblem
l (Asforecast,CALEAcomplianceindeedledtosecurityproblems)
smb
19
![Page 20: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/20.jpg)
AppleversustheFBI:SanBernadinol WhenSyedFarookdiedinashootout,theFBIfoundacounty-ownediPhoneinhiscar
l Thecountygaveconsenttoasearch,theFBIhadawarrant—butthephonewaslocked(withsomedataencrypted)andmighteraseeverythingifthePINwasenteredincorrectly10'mes
l MagistrateJudgePymorderedAppletoproducesoYwarethatwouldallowunlimitedguesses,withaprovisiontoenterthemrapidly
l Appleobjected
smb
20
![Page 21: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/21.jpg)
It’sNotAboutThisOnePhonel ThereisgoodreasontobelievetheFBIwillfindnothingofinterestonthisphone
l Buildingtheinfrastructuretounlockthissinglephoneis'me-consumingandexpensive—butoncethecodeexists,itbecomeseasytounlockothers
l AppleandtheFBIbothknowthis.l TheFBIwantsaprecedentsetinwhatseemslikeanidealcasel Appleisafraidofexactlythathappening
smb
21
![Page 22: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/22.jpg)
Costl Applees'matesthatitwouldtake3-10person-monthstoproducethecode
l Myown,independentes'mateisquitecompa'blewiththeirsl AlliPhonecodemustbe“digitallysigned”,usingacryptographickeypossessedbyApple
l This,though,isthecosttoproducethefirstcopyofthesoYware,forthisonephone.Eachsubsequentversionwouldbeverycheap
l IfthesoYwareisnotlockedtoonephone,itwillbecomeatargetofothergovernments
l Ifitislockedtoonephone,youhavetherou'niza'onproblem
smb
22
![Page 23: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/23.jpg)
CompelledSpeech?l Iscomputercode“speech”undertheFirstAmendment,orisitpurelyfunc'onal?
l The2nd,6th,and9thCircuitshavesaidcodecanbespeech(9thCircuitopinionwithdrawn)l Inallthreecases,thecodewaslinkedtoanpoli'calissue
l Applehasexpressedanopinionthatbackdoorsareethicallywrong.Cantheybecompelledto“say”somethingtheydon’tbelieve?
l Whataboutthedigitalsignature?l Isthatmerelyafunc'onalaccesscontrolmechanism?l OrisitApple’sa9esta'onthatthecodemeetstheirstandards?l TheirappstorepoliciesandsignedappshavebeenamajorreasonwhyiOShasmuchbe9er
securitythanAndroid
smb
23
![Page 24: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/24.jpg)
SubpoenaingtheCodeandSigningKeyl TheFBIhasindicatedthatifApplewon’thelpitunlockthephone,itwillsubpoenathecodeandsigningkey
l Canthecodebesubpoenaed?Probably,butproducingausablecopyofthecodebaseandbuildenvironmentisfarfromeasy
l Thesigningkey?l There’ss'llthecompelledspeechissuel Applemaynotbeabletoturnitover—bestprac'cesdictatekeepingsuchkeysina“HardwareSecurityModule”(HSM)
l ThewholepointofanHSMistopreventdisclosureofamajorsigningkey!
smb
24
![Page 25: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/25.jpg)
TheiCloudBackupl Farook’sphonewasbackeduptoApple’siCloudaboutsixweeksbeforetheshoo'ng
l iCloudbackupsarenotencryptedl Customerswanttorecovertheirdata,evenifthey’veforgo9entheirPINl Apple’sthreatmodelislossofadevice,nothackingofiCloud
l Whatwasdonewiththephoneduringthosesixweeks?l AnFBIerrorpreventedthemfromforcinganewbackup
l Someappshavedatathatis(deliberately)notbackedup
l But—Appleknowsexactlywhichappsareonthephone,andhencewhattheycando,wherethemetadatamightbe,etc.Statementsbylawenforcementsuggesttheythinktheoddsonfindingusefulinforma'onarelow.
smb
25
![Page 26: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/26.jpg)
AppleandPrivacyl Ideological:TimCookstronglybelievesinprivacy
l Healsobelievesinspeakingoutinthefaceofinjus'ce—asachild,hetriedtointerveneinaKlancross-burning
l Peoplestorelotsofsensi'vedataontheirphones(“Moderncellphonesarenotjustanothertechnologicalconvenience.Withalltheycontainandalltheymayreveal,theyholdformanyAmericans“theprivaciesoflife.”Rileyv.California,134S.Ct.2473(2014))
l Marke'ng:Privacyisadis'nguisherfromGoogle,whichearnsitsrevenuefromusers‘personaldata
l Alloftheabove?Probably.
smb
26
![Page 27: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/27.jpg)
It’sNotPrivacy,It’sSecurityl Phonesholdalotofsensi'veinforma'on(passwords,bankaccountnumbers,emailaccountaccess,etc.)
l ThedeclineofBlackberryandtheriseof“BringYourOwnDevice”(BYOD)meansthatcorporatedataisonphones,too
l Phonesareareusedasauthen'catorsfornetworklogin,some'mesinplaceofhardwaretokens
l ImagineanAmericanbusinessexecu'vecrossingtheborderintoacountrywithanoppressivegovernment—andthatgovernmentcanunlockthephone…
smb
27
![Page 28: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/28.jpg)
WhereAreWe?l Thiscasemaybemoot,buttheissuewillariseagain
l NewsreportssuggestthatAppleisgoingtostrengthentheirsecuritymechanisms
l There’sbeennothorough,publicdiscussionoftheextenttowhichlawenforcementaccesstometadatacansubs'tuteforaccesstocontentl Somehavecalledthis“thegoldenageofsurveillance”
l ThedebatehasoYenbeenlawyersandpolicymakersversustechnologists—andtheytalkpasteachotherl Weneedpeoplewhospeakbothlanguages!
smb
28
![Page 29: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/29.jpg)
FurtherReadingl HaroldAbelson,RossAnderson,StevenM.Bellovin,JoshBenaloh,Ma9Blaze,WhiuieldDiffie,
JohnGilmore,Ma9hewGreen,SusanLandau,PeterG.Neumann,RonaldL.Rivest,JeffreyI.Schiller,BruceSchneier,MichaelA.Specter,andDanielJ.Weitzner.Keysunderdoormats:Manda'nginsecuritybyrequiringgovernmentaccesstoalldataandcommunica'ons.JournalofCybersecurity,1(1),September2015.h9p://cybersecurity.oxfordjournals.org/content/early/2015/11/17/cybsec.tyv009
l HalAbelson,RossAnderson,StevenM.Bellovin,JoshBenaloh,Ma9Blaze,WhiuieldDiffie,JohnGilmore,PeterG.Neumann,RonaldL.Rivest,JeffreyI.Schiller,andBruceSchneier.Therisksofkeyrecovery,keyescrow,andtrustedthird-partyencryp'on,May1997.h9ps://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf
l SusanLandau,Tes'mony,Hearingon“TheEncryp'onTightrope:BalancingAmericans’SecurityandPrivacy”,JudiciaryCommi9ee,UnitedStatesHouseofRepresenta'ves,March1,2016.h9ps://judiciary.house.gov/wp-content/uploads/2016/02/Landau-Wri9en-Tes'mony.pdf
smb
29
![Page 30: Encryp’on, Security, and Privacysmb%c2%a0%c2%a0%c2%a0%c2%a0… · Examples l Incorrectly padding a short message to match the encryp’on algorithm’s requirements has resulted](https://reader036.vdocuments.net/reader036/viewer/2022081615/5fd592ed99f18c782d72fed3/html5/thumbnails/30.jpg)
HowiPhoneEncryp'onWorksl Arandom,256-bitnumber(the“UUID”)ismanufacturedintothephone’sprocessor,andisn’teasilyretrievablefromoutside
l WhenaPINisentered,thePINandtheUUIDarecombinedtoforma“key-encryp'ngkey”(KEK)viaaprocessthatmusttakeabout80milliseconds
l TheKEKisusedtoencryptthe“data-encryp'ngkey”(DEK)
l TheDEKisusedtoencrypt(certain)dataonthephone
l TheDEKsareuselesswithouttheKEK,buttheKEKcanonlybecalculated(a)usingthePIN,and(b)usingtheUUIDnotvisibleexternally
l NeweriPhonesdokey-handlinginaspecial,secureareaoftheprocessor
smb
30