|
Well, again, I can't be sure, and you can't verify without reverse engineering the chip. But that's not how PUFs work. The whole point of a "physical unclonable function" is that it's not just a set of bits that can be programmed to an arbitrary value; it's a part of a circuit which, based on physical characteristics of the apparatus, deterministically generates a response to a given challenge. The idea is that there is no such list for the PUF internal values--they're not controllable, and it would be extremely difficult to read their internal state without destroying the chip. Making lists would be very awkward: according to the Apple iOS Security Guide[1], the KDF takes 80ms per passcode attempt. So, generating a list of PUF outputs for all 10,000 4-digit numeric passcode would take Apple ~14 minutes--and it must be done on each device. So, it's theoretically possible that Apple spends 14 minutes per device making a list of PUF outputs given all 4-digit numeric passcodes. However, a user who uses any other passcode would be completely unaffected (except having the search space reduced by 10,000), and I consider it highly unlikely that Apple can afford 14 minutes per device just for potential nefarious use given the volumes they produce. Also, note that almost all other keys are 'tangled' with the output of the PUF, so a PRNG failure is not likely to cause predictable keys, depending on the failure mode and what PUF stimuli Apple records. Of course, this is all a moot point, as none of this is verifiable (at least, to me and you). [1]: https://www.apple.com/ipad/business/docs/iOS_Security_Feb14.... |
"Unique ID (UID) - A 256-bit AES key that’s burned into each processor at manufacture. It cannot be read by firmware or software, and is used only by the processor’s hardware AES engine. To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon. The UID is not related to any other identifier on the device including, but not limited to, the UDID." - https://www.apple.com/ipad/business/docs/iOS_Security_Feb14....
> "To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon."
This is not true if the UID is generated in some way that allows pilfering by the manufacturer.
> So, generating a list of PUF outputs for all 10,000 4-digit numeric passcode would take Apple ~14 minutes--and it must be done on each device.
The threat model here is not Apple, but the manufacturer. In this case the options I mentioned earlier would allow very fast attacks that could be launched selectively at target devices later on.
> Of course, this is all a moot point, as none of this is verifiable (at least, to me and you).
Definitely not verifiable of falsifiable by you or by me. I would suggest however that the claims and reputation of the Secure Enclave is not deserved. Finally, in crypto, skepticism is a feature.