Understanding the cryptography features of Apple’s ‘Find My’ protocol.

at
Categories
Tags

 

 

In June 2019, at the Worldwide Developers Conference (WWDC), Apple announced a new iOS and OSX feature called ‘Find My.’ Combining the features of Find My iPhone and Find My Friends into a single application. The summarized steps below are a description of how the protocol functions.

1. With at least two Apple devices, the user’s Apple devices create a shared private key communicated among them via end-to-end encryption.

2. Each pair of devices periodically creates a new secret key and public key pair using a deterministic algorithm applied to the previous secret key. This is also referred to as rotation of keys.

3. If Find My is enabled on a device, it emits its current public key via Bluetooth and other Apple devices nearby can pick up on the broadcast.

4. A device that has picked up a public key will then check its own location, encrypt the location using the public key, and upload this to Apple’s servers along with a hash of the public key.

5. With a different Apple device, a user can then query Apple’s servers with hashes of the public keys it has used to get the encrypted location associated with the hashed public key.

6. Using the original secret key, the user can decrypt and get the location of their lost device.
Read the description of the Find My protocol in the 2021 Apple’s Platform Security Manual (p. 139 – 142) https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
Read the article explaining further detail of the protocol by The Wired
(https://www.wired.com/story/apple-find-my-cryptography-bluetooth/)
The questions below, consider potential attackers to include someone who has stolen the user’s device, other users who have Apple devices, and Apple employees with Find My database access.
Answer the following questions:
1.) In step 2, why are the public keys periodically updated? What security properties are provided by updating the public key?
2.) For the encryption in step 4, what security properties must the encryption algorithm have for this to be secure?
3.) Can you come up with ways to attack the Find My protocol even assuming that the cryptographic primitives used in the protocol are secure? Some ideas worth considering are who are the trusted parties/ devices in the protocol, and who generates what data in this protocol.

Sample Solution

n a group can alter one’s perception of other individuals, with this effect extending to both ingroup and outgroup members (Hackel, Looser, & Van Bavel, 2014). This includes having a skewed, positive outlook toward one’s ingroup members while inhibiting the extension of empathy and mind perception toward outgroup members (Hackel et al., 2014). Mind perception is the process of attributing a mind to another entity, and is an important mechanism for determining what is not only capable of agency (i.e., taking autonomous actions), but is also capable of feeling emotions, pain, and suffering and thus being afforded empathy (Gray, Gray, & Wegner, 2007).

Group membership can alter one’s perceptions of others in a number of ways. One such way is that membership in a group promotes a positive bias towards members of one’s ingroup over members of an outgroup (Lazerus, Ingbretsen, Stolier, Freeman, & Cikara, 2016; Tanis & Postmes, 2005; Van Bavel, Swencionis, O’Connor, & Cunningham, 2012b; Ziegler & Burger, 2011). Indeed, ingroup membership has been found to promote greater memory for ingroup faces (Van Bavel et al., 2012b). Furthermore, Tanis and Postmes (2005) found that participants afforded greater trust to anonymous individuals when they were told they were ingroup members. Lazerus and colleagues (2016) showed that individuals have a positivity bias when judging the emotional expression of ingroup members that did not emerge for outgroup members. Ziegler and Burger (2011) noted that ingroup membership can alter the amount of cognitive resources afforded to processing individuating information about an ingroup member versus an outgroup member depending on a target’s success (or failure) and the respondent’s mood.

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?