developing secure applications for windows phone
DESCRIPTION
An introductory presentation on building blocks that can be used to increase the security of a Windows (Phone) 8 and 8.1 app.TRANSCRIPT
![Page 1: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/1.jpg)
Developing secure
applications for
Windows Phone
SecureApps user group meeting
12/11/2014
![Page 2: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/2.jpg)
2
Overview
• Introduction
o Windows on mobile devices
o Windows (Phone) 8.1 architecture
o Silverlight-based vs. WinRT-based apps
• WP 8.1 security
o Boot
o AppContainer
o App distribution
o Secure data storage
o Secure credential storage
• Demo
![Page 3: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/3.jpg)
3
Intro: Windows on mobile devices
Windows CE architecture Windows NT architecture
• Low-resource devices
• Limited (security) feature set
• e.g. Windows Mobile, Pocket PC,
Windows Phone 7, Zune
• Desktops and servers
• Rich (security) feature set
• e.g. Windows Server, Windows Vista,
Windows 7
3 trends
• More powerful smartphones and tablets
• ARM-based SoCs became prominent
• Microsoft wants to unify both families
Windows 8 and 8.1
Windows Phone 8 and 8.1
![Page 4: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/4.jpg)
4
Intro: Windows (Phone) 8.1 architecture
![Page 5: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/5.jpg)
5
Intro: Silverlight-based vs. WinRT-based apps
• Different APIs
• Different XAML variants
• Different application lifecycles
• Incompatible
Silverlight apps Windows Runtime apps
Goal Backwards compatibility
with WP7
Unified app model for all
devices
Code reusability None (only phones) Across devices
• 8: partly
• 8.1: fully
![Page 6: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/6.jpg)
6
WP 8.1 security: boot
• Secure boot
o Only certified boot
loaders
o TPM-backed
o Root of trust: Microsoft
• Trusted boot
o Boot loader verifies
kernel
o Kernel verifies startup
components
• Measured boot (optional)
exchange of boot log with
attestation server
![Page 7: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/7.jpg)
7
WP 8.1 security: AppContainer
• Low-privilege sandbox
o Only access to isolated
app storage
o No networking
o No sensors
• More required?
o Declare capabilities in
Package.appxmanifest
o Windows Store vetting
imposes least-privilege
![Page 8: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/8.jpg)
8
WP 8.1 security: app distribution
… No sideloading
Windows Store apps Line-of-business apps
Target audience General public Company employees
Distribution channel Windows Store • Company portal
• Only MDM-enrolled
devices
Vetted by 3rd party? Yes, Microsoft No
![Page 9: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/9.jpg)
9
WP 8.1 security: data storage
Bitlocker
• Full filesystem encryption
• TPM protects encryption key
• Extra factors (or combination): - None
- USB startup key
- PIN
WP 8 WP 8.1
Encryption by
default?
No, initiated by user or MDM Yes
External storage
encrypted?
• No, won’t decrypt on other
devices
• No apps installed on SD
card
Yes, subpartition for app
data
![Page 10: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/10.jpg)
10
WP 8.1 security: data storage
Data Protection API (DPAPI)
• 2 API calls: 1 to encrypt, 1 to decrypt
• Key material managed by OS
o Master Key
• 512 bytes of random data (stored encrypted)
• encryption key = PBKDF24000(Windows password)
o Session key
• derived from master key and 16 random bytes
• random bytes stored unprotected with ciphertext
• No hardware backing
![Page 11: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/11.jpg)
11
WP 8.1 security: credential storage
Credential Locker
• Storage of triplet:
(resourceID, user name, password)
• Protected by DPAPI
• OS-enforced app isolation
• Namespace Windows.Security.Credentials
![Page 12: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/12.jpg)
12
WP 8.1 security: credential storage
Certificate and private key storage
• Import of PKCS#12 store
• 2 modes
o CertificateEnrollmentManager
• App-specific store
o UserCertificateEnrollmentManager
• User-specific store
• Sharing between apps possible
• User consent required
• Capability required: sharedUserCertificates
• Namespace Windows.Security.Cryptography.Certificates
![Page 13: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/13.jpg)
13
WP 8.1 security: credential storage
Virtual Smartcards
• TPM-emulated smartcards
• Functionally identical to regular cards
• Creation by:
o app, with user control (unmanaged)
o MDM (managed)
• Namespace: Windows.Devices.SmartCards
• Windows 8.1+ only
• APDUs currently only via Win32 API
![Page 14: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/14.jpg)
14
WP 8.1 security: certificate trust
Root certificate,
not website certificate
No reliance on system trust store
Only hardware-backed certificates
![Page 15: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/15.jpg)
15
Demo: PhoneShopper
Scenario
• Physical store
• Phone as replacement for
scanning device
• Support for checkout
• Support for loyalty points
![Page 16: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/16.jpg)
16
Demo: PhoneShopper
PhoneShopper Shop Server
• JSON over HTTPS
• Client X509 authentication
• App trust store with
exclusive trust
• Secure certificate storage
![Page 17: Developing secure applications for Windows Phone](https://reader034.vdocument.in/reader034/viewer/2022052622/5594de271a28ab80328b46b6/html5/thumbnails/17.jpg)
17
Q&A