Personal data defence
The hive of activity that keeps your biometric data safe
Apple’s Secure Enclave appeared as a hardware feature in 2013’s iPhone 5s, but the technologies behind it first surfaced in 2008. In that year, Apple filed a patent for user authentication by fingerprint recognition, illustrating an iPhone unlock screen as an example. Around the same time, ARM, the British chip designer, published a white paper outlining what would become TrustZone, a feature that allows sensitive data to be stored securely within a processor chip, protected by hardware–level encryption. These would form the two key ingredients of Touch ID, and then Face ID.
Both companies knew this stuff was going to be important, and by 2012 ARM went on to form partnerships to build online payment systems into mobile devices, while Apple acquired AuthenTec, a fingerprint scanning specialist. The iPhone 5s arrived in September 2013 with the Touch ID fingerprint sensor in the Home button. Inside, the A7 chip at its heart, jointly designed by Apple and ARM, was the first 64–bit processor in a mobile device and incorporated a Secure Enclave (aka TrustZone) so that biometric data would be locked away from everything else, never available to other software, and never stored on Apple servers.
This means you can record your fingerprint, using it to unlock the device or authorize a contactless or online transaction without fear that this process will be hacked. What goes into the Secure Enclave stays only within itself. And it’s the same for iPhone X’s Face ID.
Within these wa lls
The word ‘enclave’ might suggest an empty room or box. It makes more sense
to think of it in the sociological sense of an area inhabited by people with their own distinctive culture and industry. The Secure Enclave is a hive of activity — a processor in its own right, with access to its own memory and resources. A bit like a medieval castle, it’s able to communicate with the outside world, but has everything it needs within its walls.
It’s this self–sufficiency that makes the Secure Enclave the superior form of data security. Your software keychain, for example, stores private keys for various services on your Mac and iOS devices in encrypted form, so you can access them when needed by providing your administrator credentials to decrypt the keys. The catch is that at the point when a key is extracted, it has to be passed to the app or website you’re trying to supply it to, and necessarily appears unencrypted in system memory, if only for a moment. That makes all sorts of security compromises theoretically possible.
The Secure Enclave’s fundamental principle, by contrast, is that nothing sensitive ever goes in or out. Behind the scenes, it communicates with iOS or macOS through a secure mailbox that only accepts limited types of messages. A process can ask the Secure Enclave to create a private key, and it will, but it won’t be revealed. The process then asks it to encrypt data using that key, to generate public keys from it, or to verify cryptographic signatures; or in the case of processes accessing Touch ID or Face ID, it will simply issue a code verifying that the user has been authenticated, or not. All processing happens in the Secure Enclave.
Device specific
Keys generated in a device’s Secure Enclave are valid only on that device. That’s why if you break your iPhone, replace it, and restore all your data, you’ll still have to register your fingerprints or face with Touch ID or Face ID once again. Your biometrics can never be uploaded from the Secure Enclave to iCloud or transferred to another device. A Secure Enclave takes any secret to its grave.
Of course, there’ll always be hackers trying to get around any security measure. To thwart attempts to bypass Touch ID or Face ID, your device will stop responding to biometric unlocks after it’s been restarted, or after it’s been idle for 48 hours. Instead, it’ll require your passcode. That’s to limit the time someone can spend trying to falsely match your face or fingerprint.