Selain membawa perubahan yang cukup radikal buat pengguna iPhone di Eropa, Apple juga membawa perubahan yang cukup besar untuk pengguna iMessage — implementasi teknologi Quantum Security.
Melalui penjelasan mereka di halaman Security Research, Apple menegaskan bahwa iMessage “memiliki properti keamanan terkuat dari semua protokol perpesanan skala besar di dunia.”.
Jadi Apple telah menerapkan post-quantum cryptography level 3 (PQ3), yang digunakan untuk mengamankan kunci awal dan pertukaran pesan yang sedang berjalan, dengan kemampuan untuk memulihkan keamanan kriptografi percakapan dengan cepat dan otomatis saat terancam.
Berikut contoh kasus dari Apple tentang mekanisme cara kerja teknologi keamanan quantum di iMessage:
When Alice’s device instantiates a new session with Bob’s device, her device queries the IDS server for the key bundle associated with Bob’s device. The subset of the key bundle that contains the device’s authentication key and versioning information is validated using Contact Key Verification. The device then validates the signature covering the encryption keys and timestamps, which attests that the keys are valid and have not expired.
Alice’s device can then use the two public encryption keys to share two symmetric keys with Bob. The first symmetric key is computed through an ECDH key exchange that combines an ephemeral encryption key from Alice with Bob’s registered P-256 public key. The second symmetric key is obtained from a Kyber key encapsulation with Bob’s post-quantum public key.
To combine these two symmetric keys, we first extract their entropy by invoking HKDF-SHA384-Extract twice — once for each of the keys. The resulting 48-byte secret is further combined with a domain separation string and session information — which includes the user’s identifiers, the public keys used in the key exchange, and the encapsulated secret — by invoking HKDF-SHA384-Extract again to derive the session’s initial keying state. This combination ensures that the initial session state cannot be derived without knowing both of the shared secrets, meaning an attacker would need to break both algorithms to recover the resulting secret, thus satisfying our hybrid security requirement.
Kenapa Fitur Ini Sangat Penting?
Penerapan fitur keamanan terhadap quantum computing merupakan langkah yang visioner dari Apple. Karena mengatasi serangan dari komputer berbasis kuantum akan menjadi hal yang penting di masa depan.
Karena kerap kali iMessage digunakan ketika hacker melakukan serangan, contoh yang paling terkenal adalah alat sadap Pegasus dari NSO Group.
iOS 17.4 sudah tersedia untuk publik dan bisa kamu dapatkan sekarang dengan mengunjungi halaman Software Update di Settings.
