Windows Phone 8Security deep dive@DavidHernieTechnical EvangelistMicrosoft Belux
Agenda  Security goals      What is this all about?  System integrity       Prevent malware from taking control  App platf...
All large screen, dual-core, LTE and NFCNokia Lumia 920                Nokia Lumia 820                  Samsung ATIV S    ...
Security Goals  User first      Great users experiences .. What’s the impact  End user safety      Not always aware .. Too...
New WP8 security controls  Secure Boot helps ensure the integrity of the  entire Operating System  Secure Boot implementat...
Secure boot processPower On                                                   Windows Firmware                            ...
Signed pre-boot loader  During manufacturing      Pre boot is securely signed      Add public key used to sign the initial...
Secure UEFI Boot Loader  All about keys  Platform Key – Master key      Once PK is provisioned the UEFI environment is “en...
Code Signing   All Windows Phone 8 binaries must have digital   signatures signed by Microsoft       OS components and App...
Windows Phone 7 Applicationsecurity model                   Chamber security Model (Sandbo    Fixed          For the Kerne...
Capabilities   WP7 capabilities    Capabilities are detected during ingestion and overwrite what you specified     during...
Windows Phone 8 Applicationsecurity model                         WP8 chambers are built on                         the Wi...
Internet Explorer 10 for Windows Phone              Fast and safe browsing                  Run in the Least privilege san...
Device Encryption               Full internal storage               encryption to protect               information       ...
Data Leak Prevention (DLP)                 Information Rights Management                 (IRM) Helps prevent intellectual ...
Security takeaways   Secure boot turned on   Security model for applications   All binaries are signed   Device encryption...
Device management choice  Exchange ActiveSync with Exchange Server  and Office 365 for email and config  management  Widel...
Mobile device policy and reportingEA S MDM Enterprise policies                         MDM Reporting          Simple pas...
Enterprise Application Management                   1. Registration                        1. Device Enrollment           ...
Enterprise app ingestion  Enterprise apps are not submitted to Marketplace for ingestion  App ingestion in enterprise cata...
WP7 Phones enterprise appdeployment    1.Submit you app to me marketplace    2.Mark as hidden    3.Email a Deep Link (IRM)...
Unmanaged Phones enterprise appdeployment (BYOD)    1.Enterprise IT signs the XAP    2.Email a link with the app enrollmen...
Managed Phones Enterprise Appmanagement    Managed by MDM    1.The phone initiates enrollment with MDM    2.MDM provisions...
Company Hub as private marketplace
Remediate  Remote and local wipe  Admin initiated or end user initiated  Windowsphone.live.com (Demo)  Windows update  OTA...
Robust security helps to protect information   Secure boot       Complete boot sequence is secured       Assures operating...
5 – 6 – 7 MARCH 2013Kinepolis Antwerp3 days full of fascinating technical sessions fordevelopers and IT professionals.    ...
The information herein is for informational                      interpreted to be a commitment on the part ofpurposes onl...
Upcoming SlideShare
Loading in …5
×

Windows Phone 8 Security Deep Dive

6,461 views

Published on

More info on http://www.techdays.be

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,461
On SlideShare
0
From Embeds
0
Number of Embeds
1,080
Actions
Shares
0
Downloads
116
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Windows Phone 8 Security Deep Dive

  1. 1. Windows Phone 8Security deep dive@DavidHernieTechnical EvangelistMicrosoft Belux
  2. 2. Agenda Security goals What is this all about? System integrity Prevent malware from taking control App platform security Architecture and recommendations Data protection Prevent unauthorized access to data Access control & App Mgmt Provide secure access to device Remediation What if something goes wrong?
  3. 3. All large screen, dual-core, LTE and NFCNokia Lumia 920 Nokia Lumia 820 Samsung ATIV S HTC 8X4.5”, PureMotion display, 4.3”, ClearBlack display, Carl 4.8”, HD super AMOLED 4.3”, Gorilla Glass 2 display,PureView OIS camera Zeiss lens display ultra-wide angle camera lensNokia City lens, Nokia music Snap on back cover, Wireless NFC Tap-to-send, Built-in Beats Audio, built-instreaming, Wireless charging charging, Nokia City lens, Samsung Family Story amp Nokia music streaming
  4. 4. Security Goals User first Great users experiences .. What’s the impact End user safety Not always aware .. Tools to protect Developer trust Create apps .. Trustable platform Business compliance Enterprise .. Policy .. Management
  5. 5. New WP8 security controls Secure Boot helps ensure the integrity of the entire Operating System Secure Boot implementation is provided by SoC Two phases: pre-UEFI secure boot loaders to initialize the hardware UEFI secure boot helps ensure integrity of OS Secure Boot helps prevent malware from being installed on the phone
  6. 6. Secure boot processPower On Windows Firmware Windows Phone 8 OS OEM UEFI boot boot Phone boot applications loaders manager Windows Phone 8 update OS Boot to boot flashingSoC Vendor modeOEMMSFT http://www.uefi.org/specs/
  7. 7. Signed pre-boot loader During manufacturing Pre boot is securely signed Add public key used to sign the initial boot loaders + numbers of unique & common keys per device Blow appropriate fuses – read only Every phone gets unique key Encryption, … No secure boot bypass for users Secure flashing is required
  8. 8. Secure UEFI Boot Loader All about keys Platform Key – Master key Once PK is provisioned the UEFI environment is “enabled” be used to sign updates Allowed and Forbidden Signature Database – DB/DBX Controls what images can be loaded Contains forbidden keys – can be updated Supports only signed components Secure boot policy Boot Sequence
  9. 9. Code Signing All Windows Phone 8 binaries must have digital signatures signed by Microsoft OS components and Apps have a digital signatures Different from WP7, OEM binaries are signed by Microsoft With the control of every layers, it becomes very difficult to integrate a custom build.
  10. 10. Windows Phone 7 Applicationsecurity model Chamber security Model (Sandbo Fixed For the Kernel & Drivers <- risk Permissions Chamber For OS component and cross OS apps like Types music – expose to multiple apps Capabilities Created ad-hoc for apps based on Dynamic Build Expressed in application manifest Disclosed on Marketplace Defines app’s security boundary on phone
  11. 11. Capabilities WP7 capabilities  Capabilities are detected during ingestion and overwrite what you specified during development. WP8 capabilities • You are responsible for specifying the correct capabilities that are used by your application in the AppManifest before submitting your app to the Store
  12. 12. Windows Phone 8 Applicationsecurity model WP8 chambers are built on the Windows security infrastructure TBC for the kernel LPC for all • Apps • OS components Dynamic • Drivers Build (LPC) The attack surface becomes smaller
  13. 13. Internet Explorer 10 for Windows Phone Fast and safe browsing Run in the Least privilege sandbox Cannot access data in the phone’s file system or access information from other applications in memory. No plug-ins Real time anti-phishing protection SmartScreen Filter
  14. 14. Device Encryption Full internal storage encryption to protect information Build on Windows BitLocker architecture (TPM 2.0) Encryption is always on Not manageable or pre-boot PIN entry All internal storage is encrypted SD card not encrypted but can be managed
  15. 15. Data Leak Prevention (DLP) Information Rights Management (IRM) Helps prevent intellectual property from being leaked Protects emails and documents on the phone from unauthorized distribution SupportExchange Server and SharePoint Active Directory Rights Management supports all your Mobile Information Management (MIM) needs
  16. 16. Security takeaways Secure boot turned on Security model for applications All binaries are signed Device encryption on Device access must be controlled!
  17. 17. Device management choice Exchange ActiveSync with Exchange Server and Office 365 for email and config management Widely used for mobile email and access policy management Enterprise App and device management with System Center Mobile Device Management For app distribution and access policy management
  18. 18. Mobile device policy and reportingEA S MDM Enterprise policies MDM Reporting   Simple password Server configured policy values   Alphanumeric password Query installed enterprise app   Minimum password length Device name   Minimum password complex characters Device ID   Password expiration OS platform type   Password history Firmware version   Device wipe threshold OS version   Inactivity timeout Device local time  (NA) IRM enabled Processor type   Remote device wipe Device model   Device encryption (new) Device manufacturer  Disable removable storage card (new) Device processor architecture  Remote update of business apps (new) Device language  Remote or local un-enroll (new)
  19. 19. Enterprise Application Management 1. Registration 1. Device Enrollment IT depart Dev Center 2. Signing Tools 2. Get apps 3. Cert and Enterprise ID Registration Development & deployment 1. Enterprise registers @ Dev center 1. Develop Corp App 2. Enterprise downloads app tools 2. Sign package with enterprise 3. Geotrust checks that vetting is Certificate complete, and generates a 3. Integrate in Corp app catalog certificate for enterprise 4. Generate tokens to side load 5. Deploy by mail, Corp hub .. No need to publish it Supports multiple organizations tokens
  20. 20. Enterprise app ingestion Enterprise apps are not submitted to Marketplace for ingestion App ingestion in enterprise catalog is owned and managed exclusively by IT IT is responsible for the quality of enterprise apps IT is responsible for any impact on the overall experience on the phone Use the Windows Phone Marketplace Test Kit to evaluate apps Enterprise app capabilities are the same as a public apps Capabilities are enforced on the phone at app install time Sandbox still there If app uses the location capability, would suggest to add an option to disable it
  21. 21. WP7 Phones enterprise appdeployment 1.Submit you app to me marketplace 2.Mark as hidden 3.Email a Deep Link (IRM) 4.User downloads and install the app 5.Advice – Add a User Authentication Enterprise app installation works only for enrolled phones
  22. 22. Unmanaged Phones enterprise appdeployment (BYOD) 1.Enterprise IT signs the XAP 2.Email a link with the app enrollment token (IRM) 3.User downloads and install the app enrollment token 4.User navigates via web to the enterprise app store or via a client app Enterprise app installation works only for enrolled phones 5.App is downloaded and installed on the phone 6.Advice – Add a User Authentication
  23. 23. Managed Phones Enterprise Appmanagement Managed by MDM 1.The phone initiates enrollment with MDM 2.MDM provisions certificates and sends the app enrollment token to the phone 3.IT can decide to push only one App, 4.Advice – push a discovery app that provides access to apps in the enterprise store 5.User always decides to install Apps 6.Automatic update or remove Apps ones enrolled with the enterprise
  24. 24. Company Hub as private marketplace
  25. 25. Remediate Remote and local wipe Admin initiated or end user initiated Windowsphone.live.com (Demo) Windows update OTA only - not manageable by IT Application revocation Marketplace and enterprise apps
  26. 26. Robust security helps to protect information Secure boot Complete boot sequence is secured Assures operating system integrity and know state, helps protect against malware Code signing All code is signed Making sure only known and trusted software components can execute App sandboxing Least privilege, secure chambers model is applied to operating system services, inbox apps, and store apps Marketplace developer validation, app certification, and malware scanning Assures apps can be trusted and helps protect against malware Device encryption Always-on, hardware assisted, and accelerated, full internal storage encryption
  27. 27. 5 – 6 – 7 MARCH 2013Kinepolis Antwerp3 days full of fascinating technical sessions fordevelopers and IT professionals. www.techdays.be
  28. 28. The information herein is for informational interpreted to be a commitment on the part ofpurposes only an represents the current view of Microsoft, and Microsoft cannot guarantee theMicrosoft Corporation as of the date of this accuracy of any information provided after thepresentation. Because Microsoft must respond date of this presentation.to changing market conditions, it should not beMICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATIONIN THIS PRESENTATION.© 2012 Microsoft Corporation.All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

×