Apple’s Touch ID, A7 Secure Enclave Detailed in iOS Security Document
Today, Apple posted an updated security document as a PDF on its ‘iPhone in Business’ site, which details the inner working of both Touch ID and the “Security Enclave” built into Apple’s 64-bit A7 processor.
Apple first debuted Touch ID along with the iPhone 5S in September 2013, and it has faced scrutiny over privacy confers from both users and government officials. The company has previously offered few details on how Secure Enclave — the partition/coprocessor within the A7 chip that stores data collected by Touch ID in a more secure location — actually works.
The company has assured users that the coprocessor only stores data from the fingerprint, as opposed to the actual images. According to the updated security document, Secure Enclave uses a secure boot process that ensures that it is separate software is both signed and verified by Apple.
All of Secure Enclaves function can operate independently from the rest of the phone’s software, even if the kernel is compromised. The coprocessor contains a unique ID which is inaccessible to the other parts of the system and unknown to Apple, preventing anyone from accessing the data which is stored within it.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
Secure Enclave takes the data collected from Touch ID and is used to determine a successful match and then enable the device to unlock or allow the user to complete an iTunes or App Store transaction. The A7 processor actually collects the data from the Touch ID sensor, but it is unable to read it since it is encrypted. The Secure Enclave is the only part of the device that can decrypt the data.
Communication between the A7 and the Touch ID sensor takes place over a serial peripheral interface bus. The A7 forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
In the updated document Apple also details how the fingerprint reader works. The company reiterated that no third-parties will be able to access Touch ID and fingerprint information.
Touch ID authentication and the data associated with the enrolled fingerprints are not available to other apps or third parties.
Apple confirms that fingerprint data is never sent to Apple or backed up to iTunes or iCloud. If you are interested in how Touch ID and Secure Enclave work together to allow users to unlock their iPhones, the document is well worth a read.