Windows Phone 8 Security deep dive Microsoft Corporation Office All large screen, dual-core, LTE and NFC Nokia Lumia 920 4.5”, PureMotion display, PureView OIS camera Nokia City lens, Nokia music streaming, Wireless charging Nokia Lumia 820 4.3”, ClearBlack display, Carl Zeiss lens Snap on back cover, Wireless charging, Nokia City lens, Nokia music streaming Samsung ATIV S 4.8”, HD super AMOLED display NFC Tap-to-send, Samsung Family Story HTC 8X 4.3”, Gorilla Glass 2 display, ultra-wide angle camera lens Built-in Beats Audio, built-in amp Shared Windows Core A shared core brings enterprise-class computing to mobile devices NT Kernel runs on Windows 8, Windows RT, Windows Phone 8, Windows 8 Embedded, and Windows Server 2012 Running reliably on 1.3 billion computing devices Consumers now have greater choice in form-factor, apps, and experiences Developers can rapidly develop for multiple platforms at a much lower cost due to a high level of code reuse Hardware manufacturers can now innovate and differentiate their offerings while enjoying their fastest time-to-market ever Three different ecosystems Platform + Google Services Open source enabling anything Varies by device Integrated experiences Structured to optimize experience Consistent with extensibility Integrated software and hardware Apple controlled vertical Apple defined Strategy Ecosystem Experience Agenda Data protection Prevent unauthorized access to data stored System integrity prevent malware from taking control Access control & Device Mgmt Provide secure access to device Security goals What is this all about? App platform security architecture and recommendations Remediation What if something goes wrong Security Goals Business policy compliance User first – Great experiences – What’s the impact End user safety, not always aware .. Tools to protect Developer trust Secure Boot Secure Boot helps prevent malware from being installed on the phone Secure Boot helps ensure the integrity of the entire Operating System Secure Boot implementation is provided by SoC Two phases: pre-UEFI boot loaders to initialize the hardware UEFI secure boot helps ensure integrity of UEFI applications and Windows OS Secure boot process Firmware boot loaders OEM UEFI applications Windows Phone boot manager Power On Windows Phone 8 OS boot Windows Phone 8 update OS boot Boot to flashing mode SoC Vendor OEM MSFT http://www.uefi.org/specs / Trusted Pre boot loader No secure boot bypass for users Secure flashing required During manufacturing Provisioning the hash of the public key used to sign the initial boot loaders + numbers of unique keys Blow appropriate fuses – read only Provisioning of the UFEI key databases Secure UEFI Boot Loader Platform Key – Master key PK Once PK is provisioned the UEFI environment is “enabled” Can be used to sign updates to KEK All about Keys Allowed and Forbidden Signature Database – DB/DBX Controls what images can be loaded Contains forbidden keys Secure Boot Variable – Secure Boot Policy SBP controls certain aspects of boot Sequence Code Signing All Windows Phone 8 binaries must have digital signatures signed by Microsoft to run Microsoft and marketplace apps had digital signatures Different from WP7, OEM binaries will be signed by Microsoft With the control of every layers, it becomes very complicate to integrate a non-certify process or a custom build. Windows Phone 7 Application security model Dynamic Build Fixed Permissions Chamber Types TBC for the Kernel & Drivers LPC for apps • Elevated right for OS component • Standard right are created ad-hoc base on capabilities Expressed in application manifest Disclosed on Marketplace Defines app’s security boundary on phone Chamber Model (Sandbox) Capabilities Capabilities Still in the process of identifying capabilities WP7 capabilities Video and Still capture; Video and Still capture ISV; Microphone; Location Services; Sensors; Media Library; Push Notifications; Web Browser Component; Add Ringtone; Place Phone Calls; Owner Identity; Phone Identity; Xbox LIVE; Interop Services; Networking; File Viewer; Appointments; Contacts; Debug; Networking Admin Additional WP8 capabilities – capabilities for VxD http://create.msdn.com/en-us/education/documentation Windows Phone 8 Application security model Dynamic Build (LPC) WP8 chambers are built on the Windows security infrastructure TBC for the kernel LPC for all • Apps • OS components • Drivers It reduces the attack surfaces Internet Explorer 10 for Windows Phone Faster and safer browsing Run in the Least privilege sandbox One of the fastest HTML5 browsers Locked down and no plug-ins Real time anti-phishing protection with SmartScreen Filter Device encryption Full internal storage encryption to protect information Build on Windows BitLocker architecture Encryption is available for all phones and is turned on with policy by IT professionals No user experience or pre-boot PIN entry All internal storage is encrypted Removable SD card not encrypted but can be managed Information Rights Management (IRM) Helps prevent intellectual property from being leaked Protects emails and documents on the phone from unauthorized distribution Easy to deploy on Exchange Server and SharePoint Active Directory Rights Management supports all your Mobile Information Management (MIM) needs Security takeaways Secure boot turned on Security model for applications All binaries are signed Device encryption on Device access must be controlled! Process Security is combination of T echnology Users Control access to device and applications App and device management with Mobile Device Management For app distribution and access policy management Exchange ActiveSync with Exchange Server and Office 365 for email and device management Widely used for mobile email and access policy management