Encryption of session in MultipeerConnectivity framework for iOS

Question

I am working on iOS multipeer framework and I am pretty happy with it. I am sharing some senstive data so have to do the encryption. When we create the session we get three options:

self.session = [[MCSession alloc] initWithPeer:self.myPeerID
                              securityIdentity:nil 
                          encryptionPreference:MCEncryptionRequired];

1. MCEncryptionNone
2. MCEncryptionOptional

3. MCEncryptionRequired

   I read the Apple guide but couldn't find much info about it. If I pass MCEncryptionRequired, does someone know what kind of encryption it does? Thanks.

Answer 1

Alban Diquet analysed the framework's communications and documented his results in this BlackHat presentation. From page 58:

MCEncryptionRequired With Authentication:


• DTLS with mutual authentication:
• Each peer sends their certificate and validate the other side’s certificate
• RSA & EC-DSA TLS Cipher Suites
• 30 cipher suites supported in total including PFS cipher suites.!
• In practice, TLS_RSA_WITH_AES_256_CBC_SHA256 is always negotiated, which doesn’t provide PFS

From page 61:

MCEncryptionRequired Without Authentication: 


• DTLS with Anonymous TLS Cipher Suites No certificates exchanged
• “Anon" AES TLS cipher suites:
  • TLS_DH_anon_WITH_AES_128_CBC_SHA,
  • TLS_DH_anon_WITH_AES_256_CBC_SHA,
  • TLS_DH_anon_WITH_AES_128_CBC_SHA256,
  • TLS_DH_anon_WITH_AES_256_CBC_SHA256