Wireless & Mobile Security Flashcards Preview

CS6035 IIS > Wireless & Mobile Security > Flashcards

Flashcards in Wireless & Mobile Security Deck (10):
1

How is wireless security different from wired security

Both have the same security threads. The difference is that the threads are more wireless security because there's no physical protection

2

Where is the iOS AES-256 crypto engine? in what form? in hardware or software?

in the form of 256 bit master keys burned directly into silicon hardware and can only be accessed by the crypto engine

3

Where is the iOS AES-256 crypto engine? in what form? in hardware or software?

in the form of 256 bit master keys burned directly into silicon hardware and can only be accessed by the crypto engine which is also hardware

4

what happens that makes iOS have a trusted bootchain

from the start of boot, in the BootROM in read-only memory in hardware, it has a CA public key and makes sure the next stage loader has the correct key in order to read from the BootROM.

5

how are data files securely stored in iOS?

each file gets assigned a class key and based on that class key's, a file can be read or not. the encryption of the file uses AES and CBC. the key's file is encrypted using the class key. there is also a per file system key. 3 keys different keys are used, and do not include the hardware or passcode key. File is stored in flash memory

6

What happens at runtime for apple's executable code, including purchased apps?

at runtime, code signature checks are performed on the code before it can be executed to make sure it hasn't been tampered with

7

What hoops do you have to jump through to be able to be an iOS app developer?

apple will verify your identity and issue you a certificate before you can sell on their apple store.
All apps have to pass reviewed and signed by Apple

8

how does iOS use ASLR

when an app is run, it's randomly assigned a location in memory including randomly arranging its heap, dynamic libraries, stack, etc.

9

how does iOS prevent W^X?

makes sure stack is not-executable and code is not-writable

10

In Android, apps are self-signed by developers. Why sign at all?

To facilitate