“Technologies the company has adopted,” says the new report, “protect Apple customers' content so well that in many situations it's impossible for law enforcement to perform forensic examinations of devices seized from criminals. Most significant is the increasing use of encryption...”
The encryption is strong enough to reawaken the great debate of the 1990’s ‘crypto wars’. Which is more important: society’s privacy or law enforcement’s ability to protect society? The earlier debate was won by civil liberties campaigners, perhaps because as time progressed the fear that criminals would use sophisticated encryption to protect themselves did not materialize. The reason, suggests the report, is that the key management issue was never really solved: “Cryptography, for all its power, provides no security unless the keys used to lock the data remain secret.”
Before iOS, cryptography was designed for business. Key management has never been easy. But iOS has been designed for consumers, and its use on iOS is both easy and efficient. The key, literally, is its use of an AES key, which is unique to each system and unknown to anyone outside of the device. Key management is performed automatically by the device itself. "Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be accessed only by the AES engine,” says an Apple security paper from May this year.
What this means in practice is that encrypted data can only be unencrypted while the device is running. If the device is turned off, the keys disappear from memory and the data is protected by AES – an encryption algorithm strong enough to be designated by the NSA as suitable for storing top secret data. Once a device is powered down, access to the data can only be obtained by getting passed Apple’s log-on PIN system in order to reload the AES key. Before the iPhone 3GS this was easy enough. A four digit PIN could be brute-forced in just 13 minutes.
“However, if the user chooses a six-digit PIN,” says the report, “the maximum time required would be 22 hours; a nine-digit PIN would require 2.5 years, and a 10-digit pin would take 25 years. That's good enough for most corporate secrets – and probably good enough for most criminals as well.” Using brute force to decrypt AES-protected data without reloading the key would be impossible. “The algorithm is so strong that no computer imaginable for the foreseeable future – even a quantum computer – would be able to crack a truly random 256-bit AES key.”