Microsoft Corporation

October 2012

Windows Phone 8

Security deep dive

David Hernie

Technical Evangelist

Microsoft Belux Office

All large screen, dual-core, LTE and NFC

Nokia Lumia 920

4.5”, PureMotion display,

PureView OIS camera

Nokia City lens, Nokia music

streaming, Wireless charging

Nokia Lumia 820

4.3”, ClearBlack display, Carl

Zeiss lens

Snap on back cover, Wireless

charging, Nokia City lens,

Nokia music streaming

Samsung ATIV S

4.8”, HD super AMOLED

display

NFC Tap-to-send,

Samsung Family Story

HTC 8X

4.3”, Gorilla Glass 2 display,

ultra-wide angle camera lens

Built-in Beats Audio, built-in

amp

Shared Windows Core

A shared core brings enterprise-class

computing to mobile devices

NT Kernel runs on Windows 8, Windows RT, Windows Phone 8,

Windows 8 Embedded, and Windows Server 2012

Running reliably on 1.3 billion computing devices

Consumers now have greater choice in form-factor, apps, and

experiences

Developers can rapidly develop for multiple platforms at a much

lower cost due to a high level of code reuse

Hardware manufacturers can now innovate and differentiate their

offerings while enjoying their fastest time-to-market ever

Three different ecosystems

Platform + Google

Services

Open source enabling

anything

Varies by

device

Integrated

experiences

Structured to optimize

experience

Consistent with

extensibility

Integrated software

and hardware

Apple controlled

vertical

Apple

defined

Strategy

Ecosystem

Experience

Agenda

Data protection Prevent unauthorized access to data stored

System integrity prevent malware from taking control

Access control & Device Mgmt Provide secure access to device

Security goals What is this all about?

App platform security architecture and recommendations

Remediation What if something goes wrong

Security Goals

Business policy compliance

User first – Great experiences – What’s the impact

End user safety, not always aware .. Tools to protect

Developer trust

Secure Boot

Secure Boot helps prevent malware from being installed on the phone

Secure Boot helps ensure the integrity of the entire Operating System

Secure Boot implementation is provided by SoC Two phases:

pre-UEFI boot loaders to initialize the hardware

UEFI secure boot helps ensure integrity of UEFI applications and Windows OS

Secure boot process

Firmware

boot

loaders

OEM UEFI

applications

Windows

Phone boot

manager

Power On

Windows

Phone 8 OS

boot

Windows

Phone 8

update OS

boot Boot to

flashing

mode SoC Vendor

OEM

MSFT http://www.uefi.org/specs/

Trusted Pre boot loader

No secure boot bypass for users Secure flashing required

During manufacturing Provisioning the hash of the public key used to sign the initial boot loaders

+ numbers of unique keys

Blow appropriate fuses – read only

Provisioning of the UFEI key databases

Secure UEFI Boot Loader

Platform Key – Master key PK Once PK is provisioned the UEFI environment is “enabled”

Can be used to sign updates to KEK

All about Keys

Allowed and Forbidden Signature Database – DB/DBX Controls what images can be loaded

Contains forbidden keys

Secure Boot Variable – Secure Boot Policy SBP controls certain aspects of boot

Sequence

Code Signing

All Windows Phone 8 binaries must have digital

signatures signed by Microsoft to run Microsoft and marketplace apps had digital signatures

Different from WP7, OEM binaries will be signed by Microsoft

With the control of every layers, it becomes very

complicate to integrate a non-certify process or a

custom build.

Windows Phone 7 Application security model

Dynamic Build

Fixed Permissions

Chamber Types

TBC for the Kernel & Drivers LPC for apps • Elevated right for OS component • Standard right are created ad-hoc base

on capabilities

Expressed in application manifest Disclosed on Marketplace Defines app’s security boundary on phone

Chamber Model (Sandbox)

Capabilities

Capabilities

Still in the process of identifying capabilities

WP7 capabilities Video and Still capture; Video and Still capture ISV; Microphone; Location

Services; Sensors; Media Library; Push Notifications; Web Browser

Component; Add Ringtone; Place Phone Calls; Owner Identity; Phone

Identity; Xbox LIVE; Interop Services; Networking; File Viewer; Appointments;

Contacts; Debug; Networking Admin

Additional WP8 capabilities – capabilities for VxD http://create.msdn.com/en-us/education/documentation

Windows Phone 8 Application security model

Dynamic Build (LPC)

WP8 chambers are built on the Windows security infrastructure

TBC for the kernel

LPC for all

• Apps

• OS components

• Drivers

It reduces the attack surfaces

Internet Explorer 10 for Windows Phone

Faster and safer browsing

Run in the Least privilege sandbox

One of the fastest HTML5 browsers

Locked down and no plug-ins

Real time anti-phishing protection with SmartScreen

Filter

Device encryption

Full internal storage encryption

to protect information Build on Windows BitLocker architecture

Encryption is available for all phones and is turned on

with policy by IT professionals

No user experience or pre-boot PIN entry

All internal storage is encrypted

Removable SD card not encrypted but can be

managed

Information Rights Management (IRM)

Helps prevent intellectual property

from being leaked

Protects emails and documents on the phone from

unauthorized distribution

Easy to deploy on Exchange Server and SharePoint

Active Directory Rights Management supports all your

Mobile Information Management (MIM) needs

Security takeaways

Secure boot turned on

Security model for applications

All binaries are signed

Device encryption on

Device access must be controlled!

Process

Security is combination of

Technology

Users

Control access to device and applications

App and device management with Mobile Device Management For app distribution and access policy management

Exchange ActiveSync with Exchange Server and Office 365 for email and device management Widely used for mobile email and access policy management

Simple password

Alphanumeric password

Minimum password length

Minimum password complex characters

Password expiration

Password history

Device wipe threshold

Inactivity timeout

IRM enabled

Remote device wipe

Device encryption (new)

Disable removable storage card (new) Remote update of business apps (new)

Remote or local un-enroll (new)

(NA)

EAS Server configured policy values

Query installed enterprise app

Device name

Device ID

OS platform type

Firmware version

OS version

Device local time

Processor type

Device model

Device manufacturer

Device processor architecture

Device language

MDM Enterprise policies + Reporting

Simplifying Management Across Platforms

Devices & Platforms

Windows Intune

Single admin

console

2. Signing Tools

3. Private App Catalog

1. Registration

1. Develop App

2. Package and sign

1. Device Enrollment

2. Get apps

4. Create device Token

3. Cert and

Enterprise ID

Registration

1. Enterprise registers with App Hub

2. Enterprise downloads app tools

3. Microsoft notifies CA of pending

enterprise registration

4. CA checks that vetting is complete,

and generates a certificate for

enterprise

IT organization App Hub

Enterprise Application Management Across Platforms

Windows phone 8 supports multiple organizations tokens

Company Hub as private marketplace

Remediate

Remote and local wipe Admin initiated or end user initiated

Windowsphone.live.com (Demo)

Windows update OTA only

Application revocation Marketplace and enterprise apps

App sandboxing

Robust security helps to protect information

Secure boot

Code signing

Device encryption

5 – 6 – 7 MARCH 2013 Kinepolis Antwerp

3 days full of fascinating technical sessions for

developers and IT professionals.

www.techdays.be

The information herein is for informational

purposes only an represents the current view of

Microsoft Corporation as of the date of this

presentation. Because Microsoft must respond

to changing market conditions, it should not be

interpreted to be a commitment on the part of

Microsoft, and Microsoft cannot guarantee the

accuracy of any information provided after the

date of this presentation.

© 2012 Microsoft Corporation.

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION

IN THIS PRESENTATION.