How Should I Secure a SQLite Database in iOS?

Question

I'm developing a healthcare iOS app. I'd like my users' data to be encrypted so if their iPhone is stolen, the thief won't be able to access their health info. The rightful owner SHOULD be able to access their information (so different than this question).

I'm considering using SQLCipher to encrypt the entire DB, and putting the SQLCipher password in Keychain.

Is this a good technique?

Also, do I understand correctly that--since everything is on the device--a determined hacker will be able to break in no matter what?

Answer 1

Aim for two-factor encryption: you should encrypt the DB as described, but require the user to enter in a password each time they launch the application. The DB's key would be a hash of the password, salted with a nonce. Store the password salt in the keychain.

A determined hacker could could get to the encrypted SQLite database through filesystem access. If they were able to break the keychain encryption, they would easily be able to crack the database, but by requiring a password (or passphrase) from the user, it helps against that attack.

Answer 2

I think that your solution make sens. It gives quite good security and keep your app simple to use.

The main thing you are geting with keychain is that the user backups are secured because keychain content isn't backed up with iphone. (But I guess you know that already)

But this is huge security plus as the potential hacker will have to get physical access to the iphone. Moreover if the iphone is blocked by pin it is likely that the only quick way to get the data out is to physically access the flash memory of the device which isn't the easiest thing to do.

To be honest I don't believe that users will use your app if you force them to enter long passwords. And if you let them use any password their like, hackers will be able to break the database encryption using dictionary attack.