developing secure applications for windows phone
Post on 02-Jul-2015
331 Views
Preview:
DESCRIPTION
TRANSCRIPT
Developing secure
applications for
Windows Phone
SecureApps user group meeting
12/11/2014
2
Overview
• Introduction
o Windows on mobile devices
o Windows (Phone) 8.1 architecture
o Silverlight-based vs. WinRT-based apps
• WP 8.1 security
o Boot
o AppContainer
o App distribution
o Secure data storage
o Secure credential storage
• Demo
3
Intro: Windows on mobile devices
Windows CE architecture Windows NT architecture
• Low-resource devices
• Limited (security) feature set
• e.g. Windows Mobile, Pocket PC,
Windows Phone 7, Zune
• Desktops and servers
• Rich (security) feature set
• e.g. Windows Server, Windows Vista,
Windows 7
3 trends
• More powerful smartphones and tablets
• ARM-based SoCs became prominent
• Microsoft wants to unify both families
Windows 8 and 8.1
Windows Phone 8 and 8.1
4
Intro: Windows (Phone) 8.1 architecture
5
Intro: Silverlight-based vs. WinRT-based apps
• Different APIs
• Different XAML variants
• Different application lifecycles
• Incompatible
Silverlight apps Windows Runtime apps
Goal Backwards compatibility
with WP7
Unified app model for all
devices
Code reusability None (only phones) Across devices
• 8: partly
• 8.1: fully
6
WP 8.1 security: boot
• Secure boot
o Only certified boot
loaders
o TPM-backed
o Root of trust: Microsoft
• Trusted boot
o Boot loader verifies
kernel
o Kernel verifies startup
components
• Measured boot (optional)
exchange of boot log with
attestation server
7
WP 8.1 security: AppContainer
• Low-privilege sandbox
o Only access to isolated
app storage
o No networking
o No sensors
• More required?
o Declare capabilities in
Package.appxmanifest
o Windows Store vetting
imposes least-privilege
8
WP 8.1 security: app distribution
… No sideloading
Windows Store apps Line-of-business apps
Target audience General public Company employees
Distribution channel Windows Store • Company portal
• Only MDM-enrolled
devices
Vetted by 3rd party? Yes, Microsoft No
9
WP 8.1 security: data storage
Bitlocker
• Full filesystem encryption
• TPM protects encryption key
• Extra factors (or combination): - None
- USB startup key
- PIN
WP 8 WP 8.1
Encryption by
default?
No, initiated by user or MDM Yes
External storage
encrypted?
• No, won’t decrypt on other
devices
• No apps installed on SD
card
Yes, subpartition for app
data
10
WP 8.1 security: data storage
Data Protection API (DPAPI)
• 2 API calls: 1 to encrypt, 1 to decrypt
• Key material managed by OS
o Master Key
• 512 bytes of random data (stored encrypted)
• encryption key = PBKDF24000(Windows password)
o Session key
• derived from master key and 16 random bytes
• random bytes stored unprotected with ciphertext
• No hardware backing
11
WP 8.1 security: credential storage
Credential Locker
• Storage of triplet:
(resourceID, user name, password)
• Protected by DPAPI
• OS-enforced app isolation
• Namespace Windows.Security.Credentials
12
WP 8.1 security: credential storage
Certificate and private key storage
• Import of PKCS#12 store
• 2 modes
o CertificateEnrollmentManager
• App-specific store
o UserCertificateEnrollmentManager
• User-specific store
• Sharing between apps possible
• User consent required
• Capability required: sharedUserCertificates
• Namespace Windows.Security.Cryptography.Certificates
13
WP 8.1 security: credential storage
Virtual Smartcards
• TPM-emulated smartcards
• Functionally identical to regular cards
• Creation by:
o app, with user control (unmanaged)
o MDM (managed)
• Namespace: Windows.Devices.SmartCards
• Windows 8.1+ only
• APDUs currently only via Win32 API
14
WP 8.1 security: certificate trust
Root certificate,
not website certificate
No reliance on system trust store
Only hardware-backed certificates
15
Demo: PhoneShopper
Scenario
• Physical store
• Phone as replacement for
scanning device
• Support for checkout
• Support for loyalty points
16
Demo: PhoneShopper
PhoneShopper Shop Server
• JSON over HTTPS
• Client X509 authentication
• App trust store with
exclusive trust
• Secure certificate storage
17
Q&A
top related