Windows Phone 8 Security Deep Dive Phone 8 Security deep dive David Hernie Technical Evangelist...
Transcript of Windows Phone 8 Security Deep Dive Phone 8 Security deep dive David Hernie Technical Evangelist...
Microsoft Corporation
October 2012
Windows Phone 8
Security deep dive
David Hernie
Technical Evangelist
Microsoft Belux Office
All large screen, dual-core, LTE and NFC
Nokia Lumia 920
4.5”, PureMotion display,
PureView OIS camera
Nokia City lens, Nokia music
streaming, Wireless charging
Nokia Lumia 820
4.3”, ClearBlack display, Carl
Zeiss lens
Snap on back cover, Wireless
charging, Nokia City lens,
Nokia music streaming
Samsung ATIV S
4.8”, HD super AMOLED
display
NFC Tap-to-send,
Samsung Family Story
HTC 8X
4.3”, Gorilla Glass 2 display,
ultra-wide angle camera lens
Built-in Beats Audio, built-in
amp
Shared Windows Core
A shared core brings enterprise-class
computing to mobile devices
NT Kernel runs on Windows 8, Windows RT, Windows Phone 8,
Windows 8 Embedded, and Windows Server 2012
Running reliably on 1.3 billion computing devices
Consumers now have greater choice in form-factor, apps, and
experiences
Developers can rapidly develop for multiple platforms at a much
lower cost due to a high level of code reuse
Hardware manufacturers can now innovate and differentiate their
offerings while enjoying their fastest time-to-market ever
Three different ecosystems
Platform + Google
Services
Open source enabling
anything
Varies by
device
Integrated
experiences
Structured to optimize
experience
Consistent with
extensibility
Integrated software
and hardware
Apple controlled
vertical
Apple
defined
Strategy
Ecosystem
Experience
Agenda
Data protection Prevent unauthorized access to data stored
System integrity prevent malware from taking control
Access control & Device Mgmt Provide secure access to device
Security goals What is this all about?
App platform security architecture and recommendations
Remediation What if something goes wrong
Security Goals
Business policy compliance
User first – Great experiences – What’s the impact
End user safety, not always aware .. Tools to protect
Developer trust
Secure Boot
Secure Boot helps prevent malware from being installed on the phone
Secure Boot helps ensure the integrity of the entire Operating System
Secure Boot implementation is provided by SoC Two phases:
pre-UEFI boot loaders to initialize the hardware
UEFI secure boot helps ensure integrity of UEFI applications and Windows OS
Secure boot process
Firmware
boot
loaders
OEM UEFI
applications
Windows
Phone boot
manager
Power On
Windows
Phone 8 OS
boot
Windows
Phone 8
update OS
boot Boot to
flashing
mode SoC Vendor
OEM
MSFT http://www.uefi.org/specs/
Trusted Pre boot loader
No secure boot bypass for users Secure flashing required
During manufacturing Provisioning the hash of the public key used to sign the initial boot loaders
+ numbers of unique keys
Blow appropriate fuses – read only
Provisioning of the UFEI key databases
Secure UEFI Boot Loader
Platform Key – Master key PK Once PK is provisioned the UEFI environment is “enabled”
Can be used to sign updates to KEK
All about Keys
Allowed and Forbidden Signature Database – DB/DBX Controls what images can be loaded
Contains forbidden keys
Secure Boot Variable – Secure Boot Policy SBP controls certain aspects of boot
Sequence
Code Signing
All Windows Phone 8 binaries must have digital
signatures signed by Microsoft to run Microsoft and marketplace apps had digital signatures
Different from WP7, OEM binaries will be signed by Microsoft
With the control of every layers, it becomes very
complicate to integrate a non-certify process or a
custom build.
Windows Phone 7 Application security model
Dynamic Build
Fixed Permissions
Chamber Types
TBC for the Kernel & Drivers LPC for apps • Elevated right for OS component • Standard right are created ad-hoc base
on capabilities
Expressed in application manifest Disclosed on Marketplace Defines app’s security boundary on phone
Chamber Model (Sandbox)
Capabilities
Capabilities
Still in the process of identifying capabilities
WP7 capabilities Video and Still capture; Video and Still capture ISV; Microphone; Location
Services; Sensors; Media Library; Push Notifications; Web Browser
Component; Add Ringtone; Place Phone Calls; Owner Identity; Phone
Identity; Xbox LIVE; Interop Services; Networking; File Viewer; Appointments;
Contacts; Debug; Networking Admin
Additional WP8 capabilities – capabilities for VxD http://create.msdn.com/en-us/education/documentation
Windows Phone 8 Application security model
Dynamic Build (LPC)
WP8 chambers are built on the Windows security infrastructure
TBC for the kernel
LPC for all
• Apps
• OS components
• Drivers
It reduces the attack surfaces
Internet Explorer 10 for Windows Phone
Faster and safer browsing
Run in the Least privilege sandbox
One of the fastest HTML5 browsers
Locked down and no plug-ins
Real time anti-phishing protection with SmartScreen
Filter
Device encryption
Full internal storage encryption
to protect information Build on Windows BitLocker architecture
Encryption is available for all phones and is turned on
with policy by IT professionals
No user experience or pre-boot PIN entry
All internal storage is encrypted
Removable SD card not encrypted but can be
managed
Information Rights Management (IRM)
Helps prevent intellectual property
from being leaked
Protects emails and documents on the phone from
unauthorized distribution
Easy to deploy on Exchange Server and SharePoint
Active Directory Rights Management supports all your
Mobile Information Management (MIM) needs
Security takeaways
Secure boot turned on
Security model for applications
All binaries are signed
Device encryption on
Device access must be controlled!
Control access to device and applications
App and device management with Mobile Device Management For app distribution and access policy management
Exchange ActiveSync with Exchange Server and Office 365 for email and device management Widely used for mobile email and access policy management
Simple password
Alphanumeric password
Minimum password length
Minimum password complex characters
Password expiration
Password history
Device wipe threshold
Inactivity timeout
IRM enabled
Remote device wipe
Device encryption (new)
Disable removable storage card (new) Remote update of business apps (new)
Remote or local un-enroll (new)
(NA)
EAS Server configured policy values
Query installed enterprise app
Device name
Device ID
OS platform type
Firmware version
OS version
Device local time
Processor type
Device model
Device manufacturer
Device processor architecture
Device language
MDM Enterprise policies + Reporting
2. Signing Tools
3. Private App Catalog
1. Registration
1. Develop App
2. Package and sign
1. Device Enrollment
2. Get apps
4. Create device Token
3. Cert and
Enterprise ID
Registration
1. Enterprise registers with App Hub
2. Enterprise downloads app tools
3. Microsoft notifies CA of pending
enterprise registration
4. CA checks that vetting is complete,
and generates a certificate for
enterprise
IT organization App Hub
Enterprise Application Management Across Platforms
Windows phone 8 supports multiple organizations tokens
Remediate
Remote and local wipe Admin initiated or end user initiated
Windowsphone.live.com (Demo)
Windows update OTA only
Application revocation Marketplace and enterprise apps
App sandboxing
Robust security helps to protect information
Secure boot
Code signing
Device encryption
5 – 6 – 7 MARCH 2013 Kinepolis Antwerp
3 days full of fascinating technical sessions for
developers and IT professionals.
www.techdays.be
The information herein is for informational
purposes only an represents the current view of
Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond
to changing market conditions, it should not be
interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the
date of this presentation.
© 2012 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION
IN THIS PRESENTATION.