iCloud Data Security

Posted by on March 23rd, 2012 | 3 Comments ยป

iCloud is a fantastic service for synchronizing photos, documents, notes and more between your Macs and IOS devices. But before your personal data can be pushed to your devices, the content has to be stored somewhere. In the case of iCloud, your data is stored on Apple’s servers. So should you feel confident that your digital life is safe and secure in Apple’s data center? Based on Apple’s article on iCloud security, the answer seems to be a qualified “yes.”

When dealing with information security, we talk about data in motion and data at rest. When data travels across the internet, it’s in motion. When data is stored on a hard drive, it’s at rest. Based on Apple’s article, iCloud data is transmitted over the internet using SSL. This is a well-proven standard to encrypt data in motion. On Apple’s servers, it seems that all data is stored encrypted, except for music, email, and notes. Unencrypted data would be much easier for a hacker or rogue Apple employee to steal. So think twice about storing your Swiss bank account numbers in notes if you use iCloud.

Apple hasn’t publicly disclosed the encryption and authentication algorithms used with iCloud. Until this information becomes public, industries that require strong security and data privacy will likely pass on using iCloud.

« OS X Server value
Open Directory Magic Triangle »

3 Comments

  1. Tom says:

    Dan,

    Do you happen to know what key they use to encrypt the data in iCloud? I would imagine if you can access iCloud from any device you own, it must be based on your iCloud password, in which case the data is only as secure as the passphrase you use. Most people dont use very secure passwords. One problem I’ve always had with Apple’s implementation of cryptography is their insistence on using the user’s authentication password as the encryption password. This results in negative effects such as discouraging the use of cryptographically strong passwords, which users would have to enter each time they allow a process to escalate privileges. There should be a user’s authentication password, which is separate from the encryption password.

    But anyway I digress, I’m thinking of using iCloud, do you happen to have any specifics on how the encryption keys are generated that encrypt the data on iCloud? I’m thinking a good way to do that would be to generate a key on the user’s local computer and encrypt all data with that prior to sending it to iCloud. Problem would be recovery of the data if your mac goes kaput or if you are on a new device trying to sync with iCloud. I’ve been thinking about using iCloud but wanted more info on the security protocols, if you have any insight would be helpful.

    Tom

  2. Dan says:

    Unfortunately, the Apple has omitted key details regarding iCloud security from its iCloud security article. Chris Foresman at Ars Technica has written good investigative articles about iCloud security which cover these issues:
    http://arstechnica.com/apple/news/2012/03/how-safe-is-icloud-data-ars-investigates.ars
    http://arstechnica.com/apple/news/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy.ars

    It seems that the many of the implementation details are based on rumors or speculation. We do know a couple of tidbits though.The Ars article indicates that user data was retrieved from Apple’s server already decrypted. (I.e. The crypto operations are being performed on Apple’s servers or filesystem.) We also know, based on Apple’s article, that a token is used for authentication to iCloud. This token is presumably derived from the Apple ID password. Apple doesn’t say whether this token plays a role in encrypting the data on Apple’s servers. One of the security experts cited in the Ars article stated that iCloud data is not encrypted on a per-user basis. Unless Apple states otherwise, this is the assumption iCloud users should make. It should also be assumed that Apple can decrypt your personal data.

    Incidentally, Apple has beefed up the password complexity requirements for Apple IDs:
    http://support.apple.com/kb/HT4232
    Apple doesn’t force users to change their passwords, so readers should reset their Apple ID passwords if not already compliant with the new complexity standard. Avoiding words in the dictionary and personal information (names, birthdays, etc.) is always advised.

  3. Tom says:

    Actually that’s even worse than I speculated…. if the data is not even encrypted on something derived from your computer/you but by apple and Apple has access to it, that’s pretty lame.

    Security through obscurity doesn’t work. That’s another thing apple seems to need to learn about security. Good systems have their mechanisms, algorithms, even source code if possible, open and freely inspectible, the secrecy of any of these things is never a reliable basis for security, and transparency allows inspection/discovery of systematic problems and thus their correction.

    For online data storage/backup, I personally continue to favor JungleDisk as the data is encrypted on a user-provided password and even those hosting the data do not have access to the key.

    Anyway thanks for the info.