Apple "Find My" Key Rotation

cn flag

Apple's Find My technology is described in this Wired article and explains how Apple, or other third parties, are not able to decrypt location data. It mentions how the keys are rotated every hour:

That public key frequently changes, "rotating" periodically to a new number. Thanks to some mathematical magic, that new number doesn't correlate with previous versions of the public key, but it still retains its ability to encrypt data such that only your devices can decrypt it. Apple refused to say just how often the key rotates. But every time it does, the change makes it that much harder for anyone to use your Bluetooth beacons to track your movements.

What is this "mathematical magic"? Does Apple detail this further anywhere, or has the protocol been detailed by anyone else? Does the new key encrypt the old key or some information about it, or is there a more involved KDF or Hierarchical Deterministic derivation involved?

sa flag

You are right that KDF functionalities are used. See this paper here, specifically section 6.1. This article is specifically about vulnerabilities in Apple's offline FindMy application, which was broken and used to track people with bluetooth tracker devices. According to this link from Apple the two use the same method to "roll" keys.

Initially, each owner device generates a private–public key pair $(d_0, p_0)$ on the NIST P-224 curve and a 32-byte symmetric key $SK_0$ that together form the master beacon key. Those keys are never sent out.

This approach makes device tracking hard by regularly changing the contents of the BLE advertisements. In particular, OF uses the concept of rolling keys that can be deterministically derived if one knows the initial input keys $(d_0, p_0)$ and $SK_0$ but are otherwise unlinkable.

It uses the ANSI X.963 KDF with SHA-256 and a generator $G$ of the NIST P-224 curve:

$$ SK_i=KDF(SK_{i-1},"update",32) $$ updates the secret key which is 32 bytes long.

$$ (u_i,v_i)=KDF(SK_i,"diversify",72) $$ derives the anti-tracking keys $u_i,v_i$ from the new symmetric key, each 36 bytes long.

$$ d_i=(d_0\ast u_i)+v_i,\quad p_i=d_i\ast G $$ create the advertisement key pair using the anti-tracking keys and the master beacon key $d_0.$ When the device goes missing and cannot connect to WiFi or mobile network it starts transmitting the derived public key $p_i$ for a limited period of time in a bluetooth payload.

The apple doc also suggests the keys are rolled every 15 minutes or so.

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.