October 2012

Windows Phone 8
Security deep dive

David Hernie
Technical Evangelist
Microsoft Belux Office

Microsoft Corporation
 All large screen, dual-core, LTE and NFC

Nokia Lumia 920 Nokia Lumia 820 Samsung ATIV S HTC 8X

4.5, PureMotion display, 4.3, ClearBlack display, Carl 4.8, HD super AMOLED 4.3, Gorilla Glass 2 display,
PureView OIS camera Zeiss lens display ultra-wide angle camera lens

Nokia City lens, Nokia music Snap on back cover, Wireless NFC Tap-to-send, Built-in Beats Audio, built-in
streaming, Wireless charging charging, Nokia City lens, Samsung Family Story amp
Nokia music streaming
Shared Windows Core
A shared core brings enterprise-class
computing to mobile devices
NT Kernel runs on Windows 8, Windows RT, Windows Phone 8,
Windows 8 Embedded, and Windows Server 2012
Running reliably on 1.3 billion computing devices
Consumers now have greater choice in form-factor, apps, and
experiences
Developers can rapidly develop for multiple platforms at a much
lower cost due to a high level of code reuse
Hardware manufacturers can now innovate and differentiate their
offerings while enjoying their fastest time-to-market ever
Three different ecosystems

Platform + Google Integrated Integrated software

Strategy Services experiences and hardware

Open source enabling Structured to optimize Apple controlled

Ecosystem anything experience vertical

Varies by Consistent with Apple

Experience device extensibility defined
Agenda
Security goals
What is this all about?
System integrity
prevent malware from taking control
App platform security
architecture and recommendations
Data protection
Prevent unauthorized access to data stored
Access control & Device Mgmt
Provide secure access to device
Remediation
What if something goes wrong
Security Goals

User first Great experiences Whats the impact

End user safety, not always aware .. Tools to protect
Developer trust
Business policy compliance
Secure Boot

Secure Boot helps ensure the integrity of the entire

Operating System
Secure Boot implementation is provided by SoC
Two phases:
pre-UEFI boot loaders to initialize the hardware
UEFI secure boot helps ensure integrity of UEFI applications and Windows OS

Secure Boot helps prevent malware from being

installed on the phone
Secure boot process
Power On
Windows
Phone 8 OS
Firmware Windows
OEM UEFI boot
boot Phone boot
applications
loaders manager
Windows
Phone 8
update OS
Boot to boot
flashing
SoC Vendor mode
OEM
MSFT http://www.uefi.org/specs/
Trusted Pre boot loader

During manufacturing
Provisioning the hash of the public key used to sign the initial boot loaders
+ numbers of unique keys
Blow appropriate fuses read only
Provisioning of the UFEI key databases

No secure boot bypass for users

Secure flashing required
Secure UEFI Boot Loader
All about Keys
Platform Key Master key PK
Once PK is provisioned the UEFI environment is enabled
Can be used to sign updates to KEK
Allowed and Forbidden Signature Database DB/DBX
Controls what images can be loaded
Contains forbidden keys

Secure Boot Variable Secure Boot Policy

SBP controls certain aspects of boot
Sequence
Code Signing

All Windows Phone 8 binaries must have digital

signatures signed by Microsoft to run
Microsoft and marketplace apps had digital signatures
Different from WP7, OEM binaries will be signed by Microsoft

With the control of every layers, it becomes very

complicate to integrate a non-certify process or a
custom build.
Windows Phone 7 Application security model

Chamber Model (Sandbox)

TBC for the Kernel & Drivers
Fixed
Permissions LPC for apps
Chamber Elevated right for OS component
Types
Standard right are created ad-hoc base
on capabilities

Capabilities
Expressed in application manifest
Dynamic
Build Disclosed on Marketplace
Defines apps security boundary on phone
Capabilities

Still in the process of identifying capabilities

WP7 capabilities
Video and Still capture; Video and Still capture ISV; Microphone; Location
Services; Sensors; Media Library; Push Notifications; Web Browser
Component; Add Ringtone; Place Phone Calls; Owner Identity; Phone
Identity; Xbox LIVE; Interop Services; Networking; File Viewer; Appointments;
Contacts; Debug; Networking Admin

Additional WP8 capabilities capabilities for VxD

http://create.msdn.com/en-us/education/documentation
Windows Phone 8 Application security model

WP8 chambers are built on the

Windows security infrastructure
TBC for the kernel
LPC for all
Apps
OS components
Dynamic Drivers
Build
(LPC)

It reduces the attack surfaces

Internet Explorer 10 for Windows Phone

Faster and safer browsing

Run in the Least privilege sandbox
One of the fastest HTML5 browsers
Locked down and no plug-ins
Real time anti-phishing protection with SmartScreen
Filter
Device encryption

Full internal storage encryption

to protect information
Build on Windows BitLocker architecture
Encryption is available for all phones and is turned on
with policy by IT professionals
No user experience or pre-boot PIN entry
All internal storage is encrypted
Removable SD card not encrypted but can be
managed
Information Rights Management (IRM)
Helps prevent intellectual property
from being leaked
Protects emails and documents on the phone from
unauthorized distribution
Easy to deploy on Exchange Server and SharePoint
Active Directory Rights Management supports all your
Mobile Information Management (MIM) needs
Security takeaways

Secure boot turned on

Security model for applications
All binaries are signed
Device encryption on
Device access must be controlled!
Security is combination of

Technology Process

Users
Control access to device and applications

Exchange ActiveSync with Exchange Server and

Office 365 for email and device management
Widely used for mobile email and access policy management

App and device management with Mobile Device

Management
For app distribution and access policy management
EAS MDM Enterprise policies + Reporting
Simple password Server configured policy values
Alphanumeric password Query installed enterprise app
Minimum password length Device name
Minimum password complex characters Device ID
Password expiration OS platform type
Password history Firmware version
Device wipe threshold OS version
Inactivity timeout Device local time
(NA) IRM enabled Processor type
Remote device wipe Device model
Device encryption (new) Device manufacturer
Disable removable storage card (new) Device processor architecture
Remote update of business apps (new) Device language
Remote or local un-enroll (new)
Simplifying Management Across Platforms

Devices & Platforms

Single admin
console

Windows Intune
Enterprise Application Management Across Platforms
App Hub IT organization

1. Registration 1. Device Enrollment

2. Signing Tools 2. Get apps

3. Cert and
Enterprise ID
Registration
1. Enterprise registers with App Hub 1. Develop App
2. Enterprise downloads app tools
3. Microsoft notifies CA of pending 2. Package and sign
enterprise registration 3. Private App Catalog
4. CA checks that vetting is complete,
and generates a certificate for 4. Create device Token
enterprise

Windows phone 8 supports multiple organizations tokens

Company Hub as private marketplace
Remediate

Remote and local wipe

Admin initiated or end user initiated
Windowsphone.live.com (Demo)
Windows update
OTA only

Application revocation
Marketplace and enterprise apps
Robust security helps to protect information
Secure boot

Code signing

App sandboxing

Device encryption
5 6 7 MARCH 2013
Kinepolis Antwerp
3 days full of fascinating technical sessions for
developers and IT professionals.

www.techdays.be
The information herein is for informational
purposes only an represents the current view of
Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond
to changing market conditions, it should not be
interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the
date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION

IN THIS PRESENTATION.

2012 Microsoft Corporation.

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.