EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation
M anagement T ools C ommunications & M essaging Device Update Agent Software Update Services Live Communications Server Exchange Server Internet Security and Acceleration Server Speech Server Image Update L ocation S ervices M ultimedia MapPoint DirectX Windows Media Visual Studio 2005 D evelopment T ools MFC 8.0, ATL 8.0 Win32 N ative M anaged S erver S ide L ightweight R elational SQL Server 2005 Express EditionEDB D ata P rogramming M odel D evice B uilding T ools D evice B uilding T ools H ardware/ D rivers Windows XP DDK Windows Embedded Studio Platform Builder OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers SQL Server 2005SQL Server 2005 Mobile Edition ASP.NET Mobile ControlsASP.NET.NET Compact Framework.NET Framework Microsoft Operations Manager Systems Management Server
Introduction Microsoft committed to helping you meet your security goals Secure Devices Secure Applications Demonstrate rich set of security features Share best practices, processes, tools
Code Execution Security Questions Control over code execution Control over code rights Answer Windows CE Trust Model Every exe/dll assigned trust level Trust level 0 – Don’t run 1 – Run normal (restricted rights) 2 – Run trusted
Code Execution Security Normal mode (restricted rights) Protected registry keys (write) Protected system files Protected API’s You can extend trusted boundary How does OS determine trust level? It does not; You do Implement secure loader Trust based on signatures
Code Execution Security
Secrets Storing secrets in software is DIFFICULT It’s best to not store the secret itself Think of key hierarchies Leverage secure storage in hardware Whom are you protecting the secret from ? ‘Normal’ processes on same device Theft of offline storage (CF card) Communication network User
Data Protection API (DPAPI) APICryptProtectDataCryptUnProtectData Easy to use Don’t have to create or manage keys Highly leveraged by OS components Does not deal with storage System flag support Restrict access to trusted code Can provide additional entropy (application specific information)
Data Protection API (DPAPI)
Data Protection API
Local Authentication – LASS Local Authentication Sub-System / Device Lock Applications can request user verification using configured device locking mechanism Ability to set simple policies via registry Prompt if 5 minutes has expired since last successful authentication Modular Device Lock mechanism with support for plug-ins Password / PIN plug-in Smart Card plug-in Fingerprint plug-in
Local Authentication LASS
Local Authentication
Writing Secure Code General best practices E.g.: Buffer overflow Good reference Writing Secure Code, Second Edition Michael Howard, David LeBlanc Windows CE specific best practices E.g.: Check trust level of caller Platform Builder Docs – Security Best practices section for each feature Defect detection tool PREFast Detect errors by static analysis
PREFast
Network Authentication
Credential Management Credential Manager (Credman) Higher level abstraction Simplified management Improved security Better user experience thro sharing Credential Characteristics Type Domain, Plaintext, Certificate, Custom Target WebSiteA, WebSiteB, FileShareC UserPasswordFlags Sensitive (prompt user before read) Trusted (only trusted callers can read) Persist in registry / memory
Credential Manager
Credman + SSPI integration
Credman + SSPI Integration
Features We Looked At Secure Loader (Trust model) DPAPI (Secret protection) LASS (Local Authentication) Tools (PREFast) SSPI (Network Authentication) Credential Manager (User credentials)
More Features Cryptography - CAPI1.0 3DES,AES,SHA,MD5,RSA PKI - CAPI2.0 CertificatesSmartcards 2 Factor authentication Secure Hardware Network security IPSECVPNWireless Component security Web Server, Bluetooth etc
Summary Windows CE platform has a rich set of security features Microsoft committed to helping you Build Secure Devices Develop Secure Applications Talk to us. We love to hear from you. Speaker cabana – Next 3 hours Can setup informal meetings. If interested mention in session feedback.
Related sessions EMB423 – Creating a trusted environment for windows CE 5.0 EMB320 – Windows CE 5.0 Boot Loader Security CLI320 – Security and device configuration for developers in windows mobile ENT313 – Panel discussion : Inside windows mobile security ENT312 – Mobile security – Its not an oxymoron ENT315 – Windows mobile platform security drilldown for the enterprise
While At MEDC 2005… Fill out an evaluation for this session Randomly selected instant WIN prizes! Randomly selected instant WIN prizes! Use real technology in a lab Instructor led Reef E/F & Breakers L Self-paced Reef B/C Self-paced Reef B/C Visit the Microsoft Product Pavilion in the Exhibit Hall Shorelines B in the Exhibit Hall Shorelines B
After The Conference… Develop Build InstallBuildJoin Install Enter Enter Join Full-featured trial versions of Windows CE and/or Windows XP Embedded Cool stuff & tell us about it: msdn.microsoft.com/embedded/community msdn.microsoft.com/embedded/community Windows Embedded Partner Program: Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2 Mobile2Market Contest and win up to $25000: mobile2marketcontest.com mobile2marketcontest.com Microsoft Solutions Partner Program: partner.microsoft.com partner.microsoft.com
Tools & Resources msdn.microsoft.com/ embedded microsoft.public. windowsxp.embedded windowsce.platbuilder windowsce.platbuilder windowsce.embedded.vc windowsce.embedded.vc blogs.msdn.com/ mikehall Windows CE 5.0 Eval Kit Windows XP Embedded Eval Kit msdn.microsoft.com/ mobility microsoft.public. pocketpc.developer smartphone.developer dotnet.framework.compactframework blogs.msdn.com/ windowsmobile vsdteam netcfteam Windows Mobile 5.0 Eval Kit Websites Newsgroups Blogs Tools Build Develop
Questions? Ganapathy Raman
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.