Windows Phone 8 Security deep dive

Microsoft Corporation October 2012

Windows Phone 8 Security deep dive

David Hernie

Technical Evangelist

All large screen, dual-core, LTE and NFC

Nokia Lumia 920

4.5”, PureMotion display, PureView OIS camera Nokia City lens, Nokia music streaming, Wireless charging

Nokia Lumia 820

4.3”, ClearBlack display, Carl Zeiss lens

Snap on back cover, Wireless charging, Nokia City lens, Nokia music streaming

Samsung ATIV S

4.8”, HD super AMOLED display

NFC Tap-to-send, Samsung Family Story

HTC 8X

4.3”, Gorilla Glass 2 display, ultra-wide angle camera lens Built-in Beats Audio, built-in amp

Shared Windows Core

A shared core brings enterprise-class computing to mobile devices

NT Kernel runs on Windows 8, Windows RT, Windows Phone 8, Windows 8 Embedded, and Windows Server 2012

Running reliably on 1.3 billion computing devices

Consumers now have greater choice in form-factor, apps, and experiences

Developers can rapidly develop for multiple platforms at a much lower cost due to a high level of code reuse

Hardware manufacturers can now innovate and differentiate their offerings while enjoying their fastest time-to-market ever

Three different ecosystems

Platform + Google Services

Open source enabling anything Varies by device Integrated experiences Structured to optimize experience Consistent with extensibility Integrated software and hardware Apple controlled vertical Apple defined Strategy Ecosystem Experience

Agenda

Data protection

Prevent unauthorized access to data stored

System integrity

prevent malware from taking control

Access control & Device Mgmt

Provide secure access to device

Security goals

What is this all about?

App platform security

architecture and recommendations

Remediation

Security Goals

Business policy compliance

User first – Great experiences – What’s the impact End user safety, not always aware .. Tools to protect Developer trust

Secure Boot

Secure Boot helps prevent malware from being installed on the phone

Secure Boot helps ensure the integrity of the entire Operating System

Secure Boot implementation is provided by SoC

Two phases:

pre-UEFI boot loaders to initialize the hardware

Secure boot process Firmware boot loaders OEM UEFI applications Windows Phone boot manager Power On Windows Phone 8 OS boot Windows Phone 8 update OS boot Boot to flashing mode SoC Vendor OEM MSFT _{http://www.uefi.org/specs/}

Trusted Pre boot loader

No secure boot bypass for users

Secure flashing required

During manufacturing

Provisioning the hash of the public key used to sign the initial boot loaders + numbers of unique keys

Blow appropriate fuses – read only

Secure UEFI Boot Loader

Platform Key – Master key PK

Once PK is provisioned the UEFI environment is “enabled” Can be used to sign updates to KEK

All about Keys

Allowed and Forbidden Signature Database – DB/DBX

Controls what images can be loaded Contains forbidden keys

Secure Boot Variable – Secure Boot Policy

SBP controls certain aspects of boot Sequence

Code Signing

All Windows Phone 8 binaries must have digital signatures signed by Microsoft to run

Microsoft and marketplace apps had digital signatures

Different from WP7, OEM binaries will be signed by Microsoft

With the control of every layers, it becomes very complicate to integrate a non-certify process or a custom build.

Windows Phone 7 Application security model Dynamic Build Fixed Permissions Chamber Types

TBC for the Kernel & Drivers LPC for apps

• Elevated right for OS component

• Standard right are created ad-hoc base

on capabilities

Expressed in application manifest Disclosed on Marketplace

Defines app’s security boundary on phone

Chamber Model (Sandbox)

Capabilities

Still in the process of identifying capabilities WP7 capabilities

Video and Still capture; Video and Still capture ISV; Microphone; Location Services; Sensors; Media Library; Push Notifications; Web Browser

Component; Add Ringtone; Place Phone Calls; Owner Identity; Phone

Identity; Xbox LIVE; Interop Services; Networking; File Viewer; Appointments; Contacts; Debug; Networking Admin

Additional WP8 capabilities – capabilities for VxD

Windows Phone 8 Application security model

Dynamic Build (LPC)

WP8 chambers are built on the Windows security infrastructure

TBC for the kernel LPC for all

• Apps

• OS components • Drivers

Internet Explorer 10 for Windows Phone

Faster and safer browsing

One of the fastest HTML5 browsers Locked down and no plug-ins

Real time anti-phishing protection with SmartScreen Filter

Device encryption

Full internal storage encryption

to protect information

Build on Windows BitLocker architecture

Encryption is available for all phones and is turned on with policy by IT professionals

No user experience or pre-boot PIN entry All internal storage is encrypted

Removable SD card not encrypted but can be managed

Information Rights Management (IRM) Helps prevent intellectual property

from being leaked

Protects emails and documents on the phone from unauthorized distribution

Easy to deploy on Exchange Server and SharePoint Active Directory Rights Management supports all your Mobile Information Management (MIM) needs

Security takeaways

Secure boot turned on

Security model for applications

All binaries are signed

Device encryption on

Process

Security is combination of

Technology

Control access to device and applications

App and device management with Mobile Device Management

For app distribution and access policy management

Exchange ActiveSync with Exchange Server and Office 365 for email and device management

Simple password

Alphanumeric password Minimum password length

Minimum password complex characters Password expiration

Password history Device wipe threshold Inactivity timeout IRM enabled

Remote device wipe Device encryption (new)

Disable removable storage card (new) Remote update of business apps (new) Remote or local un-enroll (new)

        (NA)                 EAS

Server configured policy values Query installed enterprise app Device name

Device ID

OS platform type Firmware version OS version

Device local time Processor type Device model

Device manufacturer

Device processor architecture Device language

Simplifying Management Across Platforms

Devices & Platforms

Windows Intune

Single admin console

2. Signing Tools

3. Private App Catalog

1. Registration

1. Develop App

2. Package and sign

1. Device Enrollment

2. Get apps

4. Create device Token

3. Cert and Enterprise ID

Registration

1. Enterprise registers with App Hub 2. Enterprise downloads app tools 3. Microsoft notifies CA of pending

enterprise registration

4. CA checks that vetting is complete, and generates a certificate for enterprise

IT organization App Hub

Enterprise Application Management Across Platforms

Remediate

Remote and local wipe

Admin initiated or end user initiated Windowsphone.live.com (Demo)

Windows update

OTA only

Application revocation

App sandboxing

Robust security helps to protect information

Secure boot Code signing

5 – 6 – 7 MARCH 2013

Kinepolis Antwerp

3 days full of fascinating technical sessions for developers and IT professionals.

The information herein is for informational purposes only an represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be

interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

© 2012 Microsoft Corporation.

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.