Apple’s Penchant for Consumer Security

on April 18, 2016

At a security “deep dive” at Apple on Friday, executives went into depth on Apple security philosophy and technological approach to the matter. I’ve sat through many technology company’s technical briefings but never one from Apple which went deeper on custom silicon solutions than I had seen before. I’ll weave some technical tidbits I learned into this article but there was a theme which came up that struck me. More than a handful of times, presenters used the phrase “balancing security with ease of use”.

This seemed to be a key phrase and philosophy that is driving Apple’s thinking. The more I thought about it, the more it made sense in light of so many other security issues that exist in corporate, government, and other high-security environments where computers are used. You can build Fort Knox-level security into a personal computer but it would come at the expense of user experience — and oftentimes does. Apple is attempting something that seems unprecedented at an industry level. To bring industry leading security but do so by actually enhancing the user experience. Prior to Touch ID for example, many organizations required eight, and sometimes longer, PIN numbers. Imagine entering that many numbers every time you pick up your smartphone. To emphasize this point, Apple shared a great statistic: their average users unlocks their phones 80 times a day. Other reports state people look at their phones upwards of 130 times a day but those are less of the average and more the heavier users. Regardless, the simple act of logging into our phone via a secure form of login like passcodes or fingerprints is now taken for granted in much of Apple’s ecosystem when, just a few years ago, anyone could have stolen my phone and have access to my personal information. Here again, Apple shared that 89% of their users with a Touch ID-capable device have set it up and use it. In our own consumer study of iPhone owners, we learned 85% of respondents said they use either Touch ID or a pin to log in to their iOS device. Again, this seems unprecedented given where we were in consumer security just a few years ago. Touch ID is a clear example of enhanced security and enhanced user experience. It is difficult to objectively argue that logging in to our devices with Touch ID is not only faster, more natural, and more efficient than the old swipe to log in but it is also inherently more secure.

After sitting through the technical explanations of how Apple has specifically designed the interplay of custom silicon like the A-series processors, iOS, and the Secure Enclave coprocessor, I came to the realization that, while I knew the iPhone was a secure device, I really had no idea just how secure it actually is. It can’t be overstated how essential Apple’s custom designed silicon is to the security of iOS products. For example, in a Mac, running software designed by Apple but using a main CPU and GPU made by Intel/AMD/Nvidia, they have put security measures in place including encrypting the entire storage disk. However, with the custom A-series processors, custom designed secure enclave co-processor, and custom designed iOS, Apple is able to encrypt every single file on your iOS device, not just the entire disk.

Secure Enclave: A Security Designed Coprocessor

I came away from this discussion with a much greater appreciation of the Secure Enclave. Some details on this product are outlined in Apple’s Security White Paper, but we were given a bit more depth at this briefing. Yet I still desire a great deal more technical details should we be able to acquire them at some point. From the white paper, here is some detail on the Secure Enclave:

The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

The Secure Enclave uses encrypted memory and includes a hardware random number generator. Its microkernel is based on the L4 family, with modifications by Apple. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

There is a great deal of security “magic” that happens in the Secure Enclave but this co-processors sits at the heart of Apple’s encryption techniques. Everything from booting up securely to individual file level encryption runs through the secure enclave. This means someone can’t hack into just part of my phone and get some of the data. It is all protected and encrypted. A hacker needs my passcode or she gets nothing. There is no middle ground. Apple’s security designed ecosystem runs through a series of trusted chains with the secure enclave at the center. It is a deep system of trust built from the silicon up.

The Security Battle

What I find most interesting about Apple’s story around security is how it goes much deeper than a feature. While security, in this case, could be perceived as a feature, my read on what Apple is doing is going a step beyond simply making security a feature and making it a priority. It is a deep guiding philosophy to which Apple appears to be unwaveringly dedicated. In an age where billions of consumers are now using computers more often than they ever did at any point in history, it is clear we are in a new era of consumer computing being led by smartphones. Looking back historically at the efforts of hackers in the PC era, one can only imagine it would be magnitudes worse in this era with more people online than ever. Some may argue Apple is emphasizing and picking this battle when consumers really don’t care much about security and privacy. The big debate about how much consumers care about security is certainly a valid one. What I appreciate about Apple’s efforts is they are making it so consumers don’t have to care. Apple is simply doing it anyway and going out of their way to ensure consumers have the best security possible at the moment and making secure environments the default while also enhancing the user experience. Which is not only the way it should be, but it is the right thing to do.