Security

All posts tagged Security

Windows Phone 7: If at first you don’t succeed …

Posted by Rob Tiffany on October 20, 2010
Posted in: Windows Phone 7. Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment

Written by: J. Gerry Purdy
10/20/2010  clip_image001[6]

clip_image002[6]

You have to hand it to Microsoft.   They have certainly fulfilled the old saying, “If at first you don’t succeed, try, try again.”  Microsoft has had a number of previous attempts to build a successful operating system for the mobile market with WinPad, Windows Mobile and Win CE.  These efforts – simply because they were Microsoft – generated some market presence but nowhere near the market share achieved by major players such as RIM (BlackBerry), Apple (iPhone) and Google (Android).

clip_image003[6]

I thought it was poignant when Rob Tiffany, Mobility Architect at Microsoft, told me at CTIA that Microsoft went back to the drawing board to develop a new mobile OS from the ground up.  Steve Ballmer, Microsoft CEO, introduced Windows Phone 7 on Monday, Oct. 11 at a press conference in New York.

The reviews on Windows Phone 7 (WP7) have generally been positive.  I appeared on Brian Sullivan’s show on FoxBusiness to explain why I thought Microsoft would succeed with WP7, especially in the enterprise space.

One of the most important changes that WP7 provides over past Windows Mobile efforts is a re-architecture of the user interface.   Microsoft abandoned the desktop metaphor of the Start menu driving a list of applications.   While that was acceptable on the desktop, it wasn’t well-received in the mobile environment.

There are a number of user interface and technical innovations that WP7 brings to the mobile market, including:

 

  • New platform – WP7 is not an enhancement to previous Windows mobile efforts. It’s developed from the ‘ground up’ – no more forcing people to go through the Windows Start menu. It was designed to provide users with easy access to the information they want and need.

clip_image004[6]

  • Active tiles – users can decide what’s important to them and allocate tiles to give them the information they need, e.g. a tile for messaging, a tile for social, a tile for news, etc. Take a look at the sample home screen on a sample WP7 phone.  It shows a number of Active Tiles that are user defined to make the initial images on the phone’s start up screen comfortable and personal to the user.
  • Panoramas – with panoramas, you swipe left and right to get more information.  This is a new user paradigm much like flip/scroll has become in the iPhone and Android for looking through lists by swiping up and down. This allows you to swipe left and right – a very cool concept. Take a look at the wide panoramas below.  Notice that the phone image at the top can sweep to the right to cover all the information about a topic and the sweep back to the left.  This allows applications to present a lot of information that appears the way the eye looks at the world – in a panoramic fashion.  Vertical scrolling is good for lists where panoramas are good for showing more of one kind of information such as a photo or image or set of items in a group.
  • Apps – Microsoft has created solid development tools to make it easy for (consumer and enterprise) developers to build exciting apps, e.g. extending X-Box for gaming, etc. and then publishing them in the Windows Phone Marketplace.

 

clip_image005[6]

 

Phones will be produced using WP7 by Samsung, HTC, LG and Dell.  I suspect that Motorola may follow along as well in 2011.  Windows Phones will be distributed through AT&T Mobility and T-Mobile in the US at first and then via Verizon and Sprint  in 2011.  Some Windows Phones will have integrated keyboards and others will be touch screen only.  For example, the Samsung Omnia 7 incorporates a Super AMOLED screen, a 4-inch display, 5-mp camera with HD video and support of Xbox Live gaming and media content.

 

Microsoft has implemented multiple processes in the first rendition of Windows Phone which allows each app to switch back and forth.  Some developers may need full-scale multi-tasking for background operation which Microsoft will likely support at some future time.  They store the last place the user was in an application and then re-store it back when the app is re-launched to give the feel of being multi-tasking.  But, Microsoft wanted to make sure the first version was solid and, therefore, they deferred true multi-tasking to a later version.

 

Microsoft has made WP7 work well for both consumers and enterprise.  Consumers get a good user experience right out of the box that they can then personalize with Live Tiles.  Consumers will also get a streaming music service based on Microsoft’s Zune efforts.

 

I believe that WP7 will be received well in the enterprise for a number of reasons, including:

 

  • Microsoft Office. Right out of the box, WP7 will support opening and editing Word, Excel and PowerPoint files in a mobile edition of MS Office.
  • Outlook. Because Outlook is included as well, enterprise users who already are using Exchange/Outlook will get a friendly, familiar user interface for email. 
  • OneNote.  This is a note taking application that has seen very little adoption in the desktop but may find a much larger following in WP7 especially when joined with sharing of notes from a meeting with co-workers.
  • Security. Microsoft has invested a great deal of effort ‘under the covers’ to incorporate end to end security to make sure that enterprise IT professionals will be comfortable deploying WP7.
  • Enterprise Development.  Microsoft has provided the same development tools that many enterprises have used to create mobile applications.

 

Personally, I would have preferred if Microsoft had made a further separation from Windows by calling the new platform Microsoft Phone (with different version numbers) so that they could then have Windows 7 (for desktop and laptops) and then Phone 7 without the reference to Windows (for phones).

 

As for the tablet arena, most firms are leveraging the personal user interfaces and environments from the mobile world for tablets.  Apple has done this by using iOS from the iPhone with enhancements in the iPad (rather than using the Mac desktop OS).  A number of tablets (including the Samsung Galaxy TAB) are using Google’s Android mobile OS.  Thus, it seems likely to me that Microsoft will eventually develop a version of Windows Phone that they might dub Windows Tablet to support larger screens, gestures and the application Windows Phone Marketplace in the tablet arena.

 

I think RIM should be worried with the introduction of Windows Phone. The BlackBerry user interface has not changed much in the past 10 years.  BlackBerry devices are rock solid and work well but don’t provide the ‘sex appeal’ provided in Apple’s iOS or Google’s Android.  Also, Microsoft has great relationships with enterprise IT. They make it easy for enterprises to roll out Windows Phone instead of just BlackBerry phones. It will be interesting to see how RIM responds to Windows Phone over time.

 

Overall, Microsoft is back in the game with Windows Phone 7.  I look forward to spending some time with a Windows Phone and getting some hands-on experience.  In the end, it’s the users and enterprises that vote with their pocketbook, but it seems highly likely that Microsoft will earn significant market share over the next few years as they evolve Windows Phone.  Kudos to the Microsoft team to give the mobile world another good user experience.

We’ll look back on the mobile market 20-30 years from now and see how important it was to provide a number of different user interfaces and then to see how customers declare what they like the most.  

 

Written By:

clip_image006[6]

J. Gerry Purdy, Ph.D.
Principal Analyst
Mobile & Wireless
MobileTrax LLC
gerry.purdy@mobiletrax.com
404-406-5309

Don’t forget to Encrypt your Windows Phone 7 Data

Posted by Rob Tiffany on July 2, 2010
Posted in: Windows Phone 7. Tagged: , , , , , , , , , , , , , , , , , , , . 19 comments

Encryption

Whether you’re targeting Mobile Line of Business apps for the Enterprise or B2C apps for consumers, ensuring that sensitive data is encrypted is a must.  These days, I can’t have a serious discussion with a CIO unless I can assure her that my mobile device can protect data-in-transit and data-at-rest.  You already know that Windows Phone 7 secures data-in-transit via SSL whether you’re using Internet Explorer or calling a Web Service from a Silverlight app.  What you may not know is how it covers the other bases.  A quick look over at http://msdn.microsoft.com/en-us/library/ff402533(v=VS.92).aspx lists the following cryptographic algorithms supported by Windows Phone OS 7.0:

  • AES
  • HMACSHA1
  • HMACSHA256
  • Rfc2898DeriveBytes
  • SHA1
  • SHA256

I thought I’d take some of these algorithms for a spin by building a sample app using Microsoft Visual Studio 2010 Express for Windows Phone.  All I really wanted to do is use the Advanced Encryption Standard (AES) for symmetric key encryption to encrypt and decrypt some data so I could save it to Isolated Storage.  Doing this would definitely check the security checkboxes of Microsoft’s customers and ISVs.

Above are screenshots of the simple app I created.  A TextBox is used to enter the data to be encrypted by AES.  Below that, a PasswordBox control is used to enter a password that works in conjunction with Rfc2898DeriveBytes and HMACSHA1 + a Salt value to create a key.  Keep in mind that you must enter more than 8 characters to create a valid Salt value.  I don’t necessarily expect you to understand PBKDF2 Password-Based Cryptography.  Tapping the Encrypt button calls the Encrypt() method which uses Silverlight’s AesManaged class to create a Key and an Initialization Vector (IV) to perform the crypto magic and display the resulting Base64 encrypted data in the Encrypted data TextBox.  Tapping the Decrypt button does the reverse by calling the Decrypt() method to unscramble the data and display the resulting data in the Decrypted data TextBox.

I also threw some buttons on there to save the newly encrypted data to Isolated Storage as an ApplicationSetting.  As shown in the screenshot above, tapping the Save to Isolated Storage button will save the encrypted data locally.  The best way to test the Retreive from Isolated Storage button is to first close the app, then restart it, and then tap the button.  It will place the saved information in the Encrypted data TextBox.  From there, just enter the password and salt you used before and the text you’re looking for will appear in the Decrypted data TextBox. 

Let’s take a look at some code. 

You’ll need to include the following using statements to get started:

using System.IO;
using System.IO.IsolatedStorage;
using System.Security.Cryptography;
using System.Text;

The Encrypt() method below takes the data you want to encrypt as well as a password and salt value as arguments.  It uses the AesManaged object with the default values of a 256-bit key size and 128-bit block size.  With the help of your supplied password, the encryption key is created using the Rfc2898DeriveBytes object with a dash of Salt.  When creating the pseudo-random number needed to derive a key, the default number of iterations specified by the Password-Based Cryptography Specification (RFC 2898) is 1,000.  On the advice of some of our top security experts, I bumped that value up to 10,000 to make this harder to crack.  The next thing to note is both the AES key and IV have their values assigned from the Rfc289DeriveBytes object containing the base key.  Keep in mind that you don’t want to use a static IV and that’s why it’s good to have it derived from your unique password, salt, plus 10,000 iterations to create pseudo-randomness.  One other thing to note is that the biggest performance hit you’ll experience in running this code  comes from when you call the GetBytes(int) method of the Rfc2898DeriveBytes object which initializes a new instance of HMAC each time.  If you need to encrypt multiple strings or other types of data, you should pull the Rfc2898DeriveBytes objects out of the Encrypt method and just pass in a pre-created Key and IV so that each call doesn’t have to perform this expensive initialization over and over again.  Finally, the MemoryStream and CryptoStream objects work with the AesManaged object to convert your supplied data into an encrypted array of Bytes.  I convert that array into a Base64 string that you can display on the screen, cache in memory, or save to Isolated Storage.

private void btnEncrypt_Click(object sender, RoutedEventArgs e)
{
    try
    {
        txtEncryptedData.Text = Encrypt(txtDataToEncrypt.Text, txtPassword.Password, txtSalt.Password);
    }
    catch (CryptographicException cryptEx)
    {
        MessageBox.Show(cryptEx.Message, "Encryption Error", MessageBoxButton.OK);
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message, "General Error", MessageBoxButton.OK);
    }
}
 
public string Encrypt(string dataToEncrypt, string password, string salt)
{
    AesManaged aes = null;
    MemoryStream memoryStream = null;
    CryptoStream cryptoStream = null;
    try
    {
        //Generate a Key based on a Password and HMACSHA1 pseudo-random number generator
        //Salt must be at least 8 bytes long
        //Use an iteration count of at least 1000
        Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt), 10000);

        //Create AES algorithm
        aes = new AesManaged();
        //Key derived from byte array with 32 pseudo-random key bytes
        aes.Key = rfc2898.GetBytes(32);
        //IV derived from byte array with 16 pseudo-random key bytes
        aes.IV = rfc2898.GetBytes(16);

        //Create Memory and Crypto Streams
        memoryStream = new MemoryStream();
        cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);

        //Encrypt Data
        byte[] data = Encoding.UTF8.GetBytes(dataToEncrypt);
        cryptoStream.Write(data, 0, data.Length);
        cryptoStream.FlushFinalBlock();

        //Return Base 64 String
        return Convert.ToBase64String(memoryStream.ToArray());
    }
    finally
    {
        if (cryptoStream != null)
            cryptoStream.Close();

        if (memoryStream != null)
            memoryStream.Close();

        if (aes != null)
            aes.Clear();
    }
}

 

As you can see below, the Decrypt() method looks remarkably similar to the Encrypt() method except that it does just the opposite.  It accepts your AES-encrypted Base64 data plus a password and salt value as parameters to the method.  The big difference is in the CryptoStream where you have the AesManaged object call CreateDecryptor() instead of CreateEncryptor().  This does the trick and then I convert the unencrypted Byte array into a string.

private void btnDecrypt_Click(object sender, RoutedEventArgs e)
{
    try
    {
        txtDecryptedData.Text = "";
        txtDecryptedData.Text = Decrypt(txtEncryptedData.Text, txtPassword.Password, txtSalt.Password);
    }
    catch (CryptographicException cryptEx)
    {
        MessageBox.Show(cryptEx.Message, "Decryption Error", MessageBoxButton.OK);
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message, "General Error", MessageBoxButton.OK);
    }
}
 
public string Decrypt(string dataToDecrypt, string password, string salt)
{
    AesManaged aes = null;
    MemoryStream memoryStream = null;

    try
    {
        //Generate a Key based on a Password and HMACSHA1 pseudo-random number generator
        //Salt must be at least 8 bytes long
        //Use an iteration count of at least 1000
        Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt), 10000);

        //Create AES algorithm
        aes = new AesManaged();
        //Key derived from byte array with 32 pseudo-random key bytes
        aes.Key = rfc2898.GetBytes(32);
        //IV derived from byte array with 16 pseudo-random key bytes
        aes.IV = rfc2898.GetBytes(16);

        //Create Memory and Crypto Streams
        memoryStream = new MemoryStream();
        CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write);

        //Decrypt Data
        byte[] data = Convert.FromBase64String(dataToDecrypt);
        cryptoStream.Write(data, 0, data.Length);
        cryptoStream.FlushFinalBlock();

        //Return Decrypted String
        byte[] decryptBytes = memoryStream.ToArray();

        //Dispose
        if (cryptoStream != null)
            cryptoStream.Dispose();

        //Retval
        return Encoding.UTF8.GetString(decryptBytes, 0, decryptBytes.Length);
    }
    finally
    {
        if (memoryStream != null)
            memoryStream.Dispose();

        if (aes != null)
            aes.Clear();
    }
}

 

Please keep a few things in mind when encrypting data on the Windows Phone 7 platform.  The OS Does Not include framework support for storing your passwords and salt values securely nor does it come with any kind of built-in key management.  This means the only way to ensure your encrypted data is actually secure is to  never store your password, salt value or keys on the phone.  As shown in my example, I require you to enter a password and a salt value each time you want to encrypt or decrypt data.  I do not attempt to save those cleartext values anywhere in the system because there is no secure way to store them.  One other thing to think about is that the cleartext password and salt value you entered on the screen can remain in memory at least until the next garbage collection.  If you see an app in the Windows Phone Marketplace that allows you to cache your credentials or keys locally for convenience, be aware that these are Not Secure solutions because everything a hacker needs to get at your data is right there in the code or in Isolated Storage.  The only place to store your password and salt is in your head.  It’s not that big a deal.  Your bank’s website makes you enter your credentials each time to ensure the security of your financial data, so this is something you’re already accustomed to. 

Beyond the two Crypto methods above, I created a pair of methods to save and load your encrypted ApplicationSettings to Isolated Storage as shown below:

private void btnSave_Click(object sender, RoutedEventArgs e)
{
    try
    {
        SaveState("EncryptedValue", txtEncryptedData.Text);
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message, "Save Error", MessageBoxButton.OK);
    }
} 
 
public void SaveState(string Name, string Value)
{
    if (Value != "")
    {
        if (IsolatedStorageSettings.ApplicationSettings.Contains(Name))
        {
            IsolatedStorageSettings.ApplicationSettings[Name] = Value;
        }
        else
        {
            IsolatedStorageSettings.ApplicationSettings.Add(Name, Value);
        }
    }
} 
 
private void btnRetreive_Click(object sender, RoutedEventArgs e)
{
    try
    {
        txtEncryptedData.Text = LoadState("EncryptedValue");
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message, "Load Error", MessageBoxButton.OK);
    }
}
 
public string LoadState(string Name)
{
    if (IsolatedStorageSettings.ApplicationSettings.Contains(Name))
    {
        return IsolatedStorageSettings.ApplicationSettings[Name].ToString();
    }
    else
    {
        return "";
    }
} 

As you can see from the code samples above, encrypting the sensitive data you use in your Windows Phone 7 apps is completely within your reach.  This is just one of many managed crypto examples to give you an idea on how to get started.  Many more are waiting for you on MSDN.  When you combine this with the following security elements:

  • Apps are tested, digitally signed and securely delivered via the Windows Phone Marketplace
  • No side-loading of potentially insecure apps
  • SSL for data in transit
  • Managed apps run inside secure sandbox
  • Apps have private, inaccessible Isolated Storage
  • Exchange Policies including PIN lock enforcement + Remote wipe  

It’s clear that Windows Phone 7 has an excellent app security story that’s not only good for consumers, but also means that this mobile app platform is prime-time ready for the Secure Enterprise.

Keep coding,

Rob