Successfully reported this slideshow.
Your SlideShare is downloading. ×
Loading in …3

Check these out next

1 of 28 Ad

More Related Content

Slideshows for you (20)

Similar to Windows Phone 8 Security Deep Dive (20)


More from Microsoft Developer Network (MSDN) - Belgium and Luxembourg (20)

Windows Phone 8 Security Deep Dive

  1. 1. Windows Phone 8 Security deep dive @DavidHernie Technical Evangelist Microsoft Belux
  2. 2. Agenda Security goals What is this all about? System integrity Prevent malware from taking control App platform security Architecture and recommendations Data protection Prevent unauthorized access to data Access control & App Mgmt Provide secure access to device Remediation What if something goes wrong?
  3. 3. All large screen, dual-core, LTE and NFC Nokia Lumia 920 Nokia Lumia 820 Samsung ATIV S HTC 8X 4.5”, PureMotion display, 4.3”, ClearBlack display, Carl 4.8”, HD super AMOLED 4.3”, Gorilla Glass 2 display, PureView OIS camera Zeiss lens display ultra-wide angle camera lens Nokia City lens, Nokia music Snap on back cover, Wireless NFC Tap-to-send, Built-in Beats Audio, built-in streaming, Wireless charging charging, Nokia City lens, Samsung Family Story amp Nokia music streaming
  4. 4. Security Goals User first Great users experiences .. What’s the impact End user safety Not always aware .. Tools to protect Developer trust Create apps .. Trustable platform Business compliance Enterprise .. Policy .. Management
  5. 5. New WP8 security controls Secure Boot helps ensure the integrity of the entire Operating System Secure Boot implementation is provided by SoC Two phases: pre-UEFI secure boot loaders to initialize the hardware UEFI secure boot helps ensure integrity of OS Secure Boot helps prevent malware from being installed on the phone
  6. 6. Secure boot process Power On Windows Firmware Windows Phone 8 OS OEM UEFI boot boot Phone boot applications loaders manager Windows Phone 8 update OS Boot to boot flashing SoC Vendor mode OEM MSFT
  7. 7. Signed pre-boot loader During manufacturing Pre boot is securely signed Add public key used to sign the initial boot loaders + numbers of unique & common keys per device Blow appropriate fuses – read only Every phone gets unique key Encryption, … No secure boot bypass for users Secure flashing is required
  8. 8. Secure UEFI Boot Loader All about keys Platform Key – Master key Once PK is provisioned the UEFI environment is “enabled” be used to sign updates Allowed and Forbidden Signature Database – DB/DBX Controls what images can be loaded Contains forbidden keys – can be updated Supports only signed components Secure boot policy Boot Sequence
  9. 9. Code Signing All Windows Phone 8 binaries must have digital signatures signed by Microsoft OS components and Apps have a digital signatures Different from WP7, OEM binaries are signed by Microsoft With the control of every layers, it becomes very difficult to integrate a custom build.
  10. 10. Windows Phone 7 Application security model Chamber security Model (Sandbo Fixed For the Kernel & Drivers <- risk Permissions Chamber For OS component and cross OS apps like Types music – expose to multiple apps Capabilities Created ad-hoc for apps based on Dynamic Build Expressed in application manifest Disclosed on Marketplace Defines app’s security boundary on phone
  11. 11. Capabilities WP7 capabilities  Capabilities are detected during ingestion and overwrite what you specified during development. WP8 capabilities • You are responsible for specifying the correct capabilities that are used by your application in the AppManifest before submitting your app to the Store
  12. 12. Windows Phone 8 Application security model WP8 chambers are built on the Windows security infrastructure TBC for the kernel LPC for all • Apps • OS components Dynamic • Drivers Build (LPC) The attack surface becomes smaller
  13. 13. Internet Explorer 10 for Windows Phone Fast and safe browsing Run in the Least privilege sandbox Cannot access data in the phone’s file system or access information from other applications in memory. No plug-ins Real time anti-phishing protection SmartScreen Filter
  14. 14. Device Encryption Full internal storage encryption to protect information Build on Windows BitLocker architecture (TPM 2.0) Encryption is always on Not manageable or pre-boot PIN entry All internal storage is encrypted SD card not encrypted but can be managed
  15. 15. Data Leak Prevention (DLP) Information Rights Management (IRM) Helps prevent intellectual property from being leaked Protects emails and documents on the phone from unauthorized distribution SupportExchange Server and SharePoint Active Directory Rights Management supports all your Mobile Information Management (MIM) needs
  16. 16. Security takeaways Secure boot turned on Security model for applications All binaries are signed Device encryption on Device access must be controlled!
  17. 17. Device management choice Exchange ActiveSync with Exchange Server and Office 365 for email and config management Widely used for mobile email and access policy management Enterprise App and device management with System Center Mobile Device Management For app distribution and access policy management
  18. 18. Mobile device policy and reporting EA S MDM Enterprise policies MDM Reporting   Simple password Server configured policy values   Alphanumeric password Query installed enterprise app   Minimum password length Device name   Minimum password complex characters Device ID   Password expiration OS platform type   Password history Firmware version   Device wipe threshold OS version   Inactivity timeout Device local time  (NA) IRM enabled Processor type   Remote device wipe Device model   Device encryption (new) Device manufacturer  Disable removable storage card (new) Device processor architecture  Remote update of business apps (new) Device language  Remote or local un-enroll (new)
  19. 19. Enterprise Application Management 1. Registration 1. Device Enrollment IT depart Dev Center 2. Signing Tools 2. Get apps 3. Cert and Enterprise ID Registration Development & deployment 1. Enterprise registers @ Dev center 1. Develop Corp App 2. Enterprise downloads app tools 2. Sign package with enterprise 3. Geotrust checks that vetting is Certificate complete, and generates a 3. Integrate in Corp app catalog certificate for enterprise 4. Generate tokens to side load 5. Deploy by mail, Corp hub .. No need to publish it Supports multiple organizations tokens
  20. 20. Enterprise app ingestion Enterprise apps are not submitted to Marketplace for ingestion App ingestion in enterprise catalog is owned and managed exclusively by IT IT is responsible for the quality of enterprise apps IT is responsible for any impact on the overall experience on the phone Use the Windows Phone Marketplace Test Kit to evaluate apps Enterprise app capabilities are the same as a public apps Capabilities are enforced on the phone at app install time Sandbox still there If app uses the location capability, would suggest to add an option to disable it
  21. 21. WP7 Phones enterprise app deployment 1.Submit you app to me marketplace 2.Mark as hidden 3.Email a Deep Link (IRM) 4.User downloads and install the app 5.Advice – Add a User Authentication Enterprise app installation works only for enrolled phones
  22. 22. Unmanaged Phones enterprise app deployment (BYOD) 1.Enterprise IT signs the XAP 2.Email a link with the app enrollment token (IRM) 3.User downloads and install the app enrollment token 4.User navigates via web to the enterprise app store or via a client app Enterprise app installation works only for enrolled phones 5.App is downloaded and installed on the phone 6.Advice – Add a User Authentication
  23. 23. Managed Phones Enterprise App management Managed by MDM 1.The phone initiates enrollment with MDM 2.MDM provisions certificates and sends the app enrollment token to the phone 3.IT can decide to push only one App, 4.Advice – push a discovery app that provides access to apps in the enterprise store 5.User always decides to install Apps 6.Automatic update or remove Apps ones enrolled with the enterprise
  24. 24. Company Hub as private marketplace
  25. 25. Remediate Remote and local wipe Admin initiated or end user initiated (Demo) Windows update OTA only - not manageable by IT Application revocation Marketplace and enterprise apps
  26. 26. Robust security helps to protect information Secure boot Complete boot sequence is secured Assures operating system integrity and know state, helps protect against malware Code signing All code is signed Making sure only known and trusted software components can execute App sandboxing Least privilege, secure chambers model is applied to operating system services, inbox apps, and store apps Marketplace developer validation, app certification, and malware scanning Assures apps can be trusted and helps protect against malware Device encryption Always-on, hardware assisted, and accelerated, full internal storage encryption
  27. 27. 5 – 6 – 7 MARCH 2013 Kinepolis Antwerp 3 days full of fascinating technical sessions for developers and IT professionals.
  28. 28. The information herein is for informational interpreted to be a commitment on the part of purposes only an represents the current view of Microsoft, and Microsoft cannot guarantee the Microsoft Corporation as of the date of this accuracy of any information provided after the presentation. Because Microsoft must respond date of this presentation. to changing market conditions, it should not be MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.