windows phone 8 security deep dive
DESCRIPTION
More info on http://www.techdays.beTRANSCRIPT
![Page 1: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/1.jpg)
Windows Phone 8Security deep dive
@DavidHernieTechnical EvangelistMicrosoft Belux
![Page 2: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/2.jpg)
Agenda
Data protectionPrevent unauthorized access to data
System integrityPrevent malware from taking
control
Access control & App MgmtProvide secure access to device
Security goalsWhat is this all about?
App platform securityArchitecture and recommendations
RemediationWhat if something goes wrong?
![Page 3: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/3.jpg)
All large screen, dual-core, LTE and NFC
Nokia Lumia 9204.5”, PureMotion display, PureView OIS camera
Nokia City lens, Nokia musicstreaming, Wireless charging
Nokia Lumia 8204.3”, ClearBlack display, Carl Zeiss lens
Snap on back cover, Wireless charging, Nokia City lens, Nokia music streaming
Samsung ATIV S4.8”, HD super AMOLED display
NFC Tap-to-send, Samsung Family Story
HTC 8X4.3”, Gorilla Glass 2 display, ultra-wide angle camera lens
Built-in Beats Audio, built-in amp
![Page 4: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/4.jpg)
Security Goals
Business complianceEnterprise .. Policy .. Management
User first Great users experiences .. What’s the impact
End user safety Not always aware .. Tools to protect
Developer trustCreate apps .. Trustable platform
![Page 5: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/5.jpg)
New WP8 security controls
Secure Boot helps prevent malware from being installed on the phone
Secure Boot helps ensure the integrity of the entire Operating System
Secure Boot implementation is provided by SoCTwo phases:
pre-UEFI secure boot loaders to initialize the hardwareUEFI secure boot helps ensure integrity of OS
![Page 6: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/6.jpg)
Secure UEFI
Secure boot process
Firmware boot loaders
OEM UEFI applications
Windows Phone boot manager
Power On
Windows Phone 8 OS boot
Windows Phone 8 update OS boot
Boot to flashing modeSoC Vendor
OEM
MSFT http://www.uefi.org/specs/
Secure pre Boot loeader
![Page 7: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/7.jpg)
Signed pre-boot loader
No secure boot bypass for usersSecure flashing is required
During manufacturing Pre boot is securely signedAdd public key used to sign the initial boot loaders+ numbers of unique & common keys per deviceBlow appropriate fuses – read only
Every phone gets unique keyEncryption, …
![Page 8: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/8.jpg)
Secure UEFI Boot Loader
Platform Key – Master key Once PK is provisioned the UEFI environment is “enabled”
be used to sign updates
All about keys
Allowed and Forbidden Signature Database – DB/DBX
Controls what images can be loaded Contains forbidden keys – can be updatedSupports only signed componentsSecure boot policy
Boot Sequence
![Page 9: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/9.jpg)
Code Signing
All Windows Phone 8 binaries must have digital signatures signed by Microsoft
OS components and Apps have a digital signatures
Different from WP7, OEM binaries are signed by Microsoft
With the control of every layers, it
becomes very difficult to integrate a
custom build.
![Page 10: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/10.jpg)
Windows Phone 7 Application security model
Least Privilege Chamber (LPC)
Trusted Computing Base (TCB)
Elevated Rights
Standard Rights
DynamicBuild
FixedPermissions
ChamberTypes
For the Kernel & Drivers <- risk
For OS component and cross OS apps like music – expose to multiple apps
Created ad-hoc for apps based on
Expressed in application manifestDisclosed on MarketplaceDefines app’s security boundary on phone
Chamber security Model (Sandbox)
Capabilities
![Page 11: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/11.jpg)
Capabilities
WP7 capabilities
Capabilities are detected during ingestion and overwrite what you specified during development.
WP8 capabilities• You are responsible for specifying the correct capabilities that are
used by your application in the AppManifest before submitting your app to the Store
![Page 12: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/12.jpg)
Windows Phone 8 Application security model
Least Privilege Chamber (LPC)
Trusted Computing Base (TCB)
DynamicBuild(LPC)
WP8 chambers are built on the Windows security infrastructureTBC for the kernelLPC for all• Apps• OS components• Drivers
The attack surface becomes smaller
![Page 13: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/13.jpg)
Internet Explorer 10 for Windows Phone
Fast and safe browsing
Run in the Least privilege sandboxCannot access data in the phone’s file system or access information from other applications in memory.
No plug-insReal time anti-phishing protection SmartScreen Filter
![Page 14: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/14.jpg)
Device EncryptionFull internal storage encryption to protect information
Build on Windows BitLocker architecture (TPM 2.0)Encryption is always onNot manageable or pre-boot PIN entry All internal storage is encryptedSD card not encrypted but can be managed
![Page 15: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/15.jpg)
Data Leak Prevention (DLP)
Information Rights Management (IRM) Helps prevent intellectual property from being leaked
Protects emails and documents on the phone from unauthorized distributionSupportExchange Server and SharePointActive Directory Rights Management supports all your Mobile Information Management (MIM) needs
![Page 16: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/16.jpg)
Security takeaways
Secure boot turned onSecurity model for applicationsAll binaries are signedDevice encryption on
Device access must be controlled!
![Page 17: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/17.jpg)
Device management choice
Enterprise App and device management with System Center Mobile Device ManagementFor app distribution and access policy management
Exchange ActiveSync with Exchange Server and Office 365 for email and config managementWidely used for mobile email and access policy management
![Page 18: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/18.jpg)
Mobile device policy and reporting
Simple passwordAlphanumeric passwordMinimum password lengthMinimum password complex charactersPassword expirationPassword historyDevice wipe thresholdInactivity timeoutIRM enabledRemote device wipeDevice encryption (new)Disable removable storage card (new) Remote update of business apps (new)Remote or local un-enroll (new)
(NA)
EAS
Server configured policy valuesQuery installed enterprise app Device name Device IDOS platform typeFirmware versionOS versionDevice local timeProcessor typeDevice modelDevice manufacturerDevice processor architectureDevice language
MDM Enterprise policies MDM Reporting
![Page 19: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/19.jpg)
2. Signing Tools
1. Registration 1. Device Enrollment
2. Get apps3. Cert and Enterprise ID
Registration1. Enterprise registers @ Dev
center2. Enterprise downloads app tools3. Geotrust checks that vetting is
complete, and generates a certificate for enterprise
IT departDev Center
Enterprise Application Management
No need to publish itSupports multiple organizations tokens
Development & deployment1. Develop Corp App2. Sign package with enterprise
Certificate3. Integrate in Corp app catalog4. Generate tokens to side load5. Deploy by mail, Corp hub ..
![Page 20: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/20.jpg)
Enterprise app ingestion
Enterprise apps are not submitted to Marketplace for ingestion App ingestion in enterprise catalog is owned and managed exclusively by IT
IT is responsible for the quality of enterprise apps IT is responsible for any impact on the overall experience on the phone
Use the Windows Phone Marketplace Test Kit to evaluate appsEnterprise app capabilities are the same as a public apps
Capabilities are enforced on the phone at app install timeSandbox still thereIf app uses the location capability, would suggest to add an option to disable it
![Page 21: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/21.jpg)
WP7 Phones enterprise app deployment
1.Submit you app to me marketplace2.Mark as hidden3.Email a Deep Link (IRM)4.User downloads and install the app5.Advice – Add a User Authentication
Enterprise app installation works only for enrolled phones
![Page 22: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/22.jpg)
Unmanaged Phones enterprise app deployment (BYOD)
1.Enterprise IT signs the XAP2.Email a link with the app enrollment token (IRM)3.User downloads and install the app enrollment
token4.User navigates via web to the enterprise app
store or via a client app5.App is downloaded and installed on the phone6.Advice – Add a User Authentication
Enterprise app installation works only for enrolled phones
![Page 23: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/23.jpg)
Managed Phones Enterprise App management
Managed by MDM
1.The phone initiates enrollment with MDM2.MDM provisions certificates and sends the app
enrollment token to the phone3.IT can decide to push only one App, 4.Advice – push a discovery app that provides
access to apps in the enterprise store5.User always decides to install Apps6.Automatic update or remove Apps ones enrolled
with the enterprise
![Page 24: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/24.jpg)
Company Hub as private marketplace
![Page 25: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/25.jpg)
Remediate
Remote and local wipeAdmin initiated or end user initiated
Windowsphone.live.com (Demo)
Windows updateOTA only - not manageable by IT
Application revocationMarketplace and enterprise apps
![Page 26: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/26.jpg)
App sandboxingLeast privilege, secure chambers model is applied to operating system services, inbox apps, and store apps
Marketplace developer validation, app certification, and malware scanningAssures apps can be trusted and helps protect against malware
Robust security helps to protect informationSecure boot
Complete boot sequence is securedAssures operating system integrity and know state, helps protect against
malwareCode signingAll code is signedMaking sure only known and trusted software components can
execute
Device encryptionAlways-on, hardware assisted, and accelerated, full internal storage encryption
![Page 27: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/27.jpg)
5 – 6 – 7 MARCH 2013Kinepolis Antwerp3 days full of fascinating technical sessions for developers and IT professionals.www.techdays.be
![Page 28: Windows Phone 8 Security Deep Dive](https://reader035.vdocuments.site/reader035/viewer/2022062319/554f4f9cb4c905423f8b5131/html5/thumbnails/28.jpg)
The information herein is for informational purposes only an represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
© 2012 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.