Windows Mobile Security - Local Data Storage

2/5/2011 5:05:10 PM
Windows Mobile supports storing information in the device’s nonvolatile memory and on external flash memory cards, if they are available. The data in nonvolatile memory will persist until the device is hard reset or cold booted. Developers have several options available for storage encryption.

Files and Permissions

Files can be stored in either the Object Store, internal flash memory, or on external flash memory cards. Because there are no users, there are no file-level permissions. However, some files can be written only by processes running at the Privileged level. These files are marked with the SYSTEM file attribute and include system files or sensitive device configuration data. All files are readable by all processes, regardless of privilege level. Most of the user’s data, including Outlook and application data, is accessible to all applications running on the device.

Much like its desktop counterparts, Windows Mobile has a registry that contains device configuration information. The registry is laid out as a tree structure with each node called a key. Each node can have multiple named values. There are several possible data types for values, and they are what hold the actual configuration data. The tree’s root nodes are hives. The two main hives are HKEY_LOCAL_MACHINE (HKLM) and HKEY_CURRENT_USER (HKCU). HKLM holds device-wide configuration, and HKCU holds user-specific information. It doesn’t make much sense to have HKCU on a Windows Mobile device because there is only one user; still, it exists.

The entire registry is readable by all applications, so it is not possible to hide data within the registry. However, certain locations can only be updated by Privileged processes. These locations include device configuration information that either mobile operators don’t want users to update or that could be leveraged by malicious applications to elevate to Privileged level. For example, certificate stores are in the registry and should not be updated by applications running at the Normal privilege level. The write permissions on the registry keys are checked when the application calls one of the update registry APIs: RegSetValueEx, RegCreateKeyEx, RegDeleteKey, or RegDeleteValue.

The following keys are only accessible when running at Privileged level:

Registry KeysDescription
HKLM\CommContains common configuration information for the device. The communication components are configured here. Also contains the certificate stores.
HKLM\DriversConfiguration information for drivers. Each driver has a unique node containing its settings. Blocked from Normal processes because misconfigured drivers would compromise the security of the device.
HKLM\HARDWAREUsed as a lookup for drivers implementing a certain device class (for example, the touchscreen driver).
HKLM\InitDevice initialization information. Used to get the device up and running. Contains the path to the registry file; overwriting this would lead to loading of malicious registry data.
HKLM\ServicesConfiguration information for long-lived services that run on the device.
HKLM\SYSTEMSystem-wide configuration information related to the base OS.
HKLM\WDMDriversWindows Driver Model (WDM) drivers. These drivers conform to the WDM conventions that outline how to write compatible drivers.
HKLM\SecuritySecurity-related policies that define the privilege levels and security components, such as certificate enrollment policies.
HKCU\SecuritySecurity policies specific to this user.
HKLM\LoaderConfigures the device loader.

Stolen Device Protections

As mentioned earlier, Windows Mobile devices can be locked with a PIN that, if misentered, will cause the device to wipe itself. Any data on removable storage cards will not be wiped. Windows Mobile 6 adds support for encrypting data on removable storage cards. Enterprise device administrators can also wipe data remotely by pushing out policy through Exchange. When the device syncs, it will receive the wipe policy and delete all non-storage card data.

Structured Storage

Windows Mobile 6 includes Microsoft Compact SQL Server 3.5 as part of the OS ROM image. Compact SQL Server is a full relational database engine and is file based (SDF files). Users connect to the database using a standard SQL connection string, and the database is manageable using SQL Management Studio.

SQL Server 3.5 supports password-based database encryption and integrity protection. The entire database file is encrypted using AES 128 and integrity protected using SHA-1. To enable encryption, include “Password=password” in the database connection string. The responsibility for managing the password is placed on the application developer, and the encryption option must be specified at database creation time.

Encrypted and Device Secured Storage

Windows Mobile does not support encryption of the entire device. However, encryption of removable storage cards is supported starting in Windows Mobile 6. Protection of on-device data is provided by prohibiting access to the device unless the proper unlock code is specified. All data is wiped from the device when a hard reset or cold boot is performed, which is the only way to bypass the PIN. Therefore, the data is protected while the device is running. An attacker could hack the hardware to gain access to in-memory data, a sophisticated attack which is not currently mitigated.

Encryption of removable cards works by generating a key and storing that key in memory using the Data Protection API (DPAPI), a technology that will be discussed shortly. The key is erased upon hard reset, and the card is only usable in that particular device. The encryption algorithm used by default is AES 128, although RC4 may be used as well. When files are transferred to a desktop PC from the device, they are decrypted before transfer.

Data Protection API (DPAPI)

DPAPI is a technology ported from the Windows desktop OS. It includes two APIs: CryptProtectData, for encrypting data, and CryptUnprotectData, for decrypting data. Multiple keys can be used to encrypt data: the SYSTEM key and the USER key. Both keys are generated by the device automatically and stored in kernel memory. If the device is hard reset, both keys will be lost and the data cannot be decrypted. Only Privileged applications can use the SYSTEM key. DPAPI uses AES 128 for encryption and SHA-1 for integrity protection. Applications using DPAPI protect the data using CryptProtectData and receive back an encrypted blob; the application is responsible for storing the blob.

Because DPAPI only has two keys, there is no way to prevent one application from decrypting another application’s data. Therefore, all applications running at Normal level can unprotect all blobs protected with the USER key. Regardless, DPAPI provides a good technology for storing data securely on a device. Users unable to run arbitrary code or only able to browse the file system and registry will be unable to decrypt DPAPI-protected data.

Crypto API

Windows Mobile includes a subset of the Crypto API (CAPI), a general-purpose cryptographic API. With the CryptXXX series of functions, CAPI provides symmetric and asymmetric encryption support, one-way hash functions, and HMAC support. Developers can use these functions to perform advanced encryption operations.

CAPI also includes the CertXXX collection of functions for manipulating certificates and performing certificate operations. CAPI is very powerful and reasonably documented, so developer have a good option available when performing cryptographic operations.

  •  Windows Mobile Security - Permissions and User Controls
  •  Windows Phone 7 Development : Using a WebBrowser Control to Display Web Content
  •  Windows Phone 7 Development : Adding a WebBrowser Control
  •  Programming the Mobile Web : Content Delivery (part 3)
  •  Programming the Mobile Web : Content Delivery (part 2) - File Delivery
  •  Programming the Mobile Web : Content Delivery (part 1) - Defining MIME Types
  •  iPhone Application Development : Using Switches, Segmented Controls, and Web Views (part 3)
  •  iPhone Application Development : Using Switches, Segmented Controls, and Web Views (part 2)
  •  iPhone Application Development : Using Switches, Segmented Controls, and Web Views (part 1)
  •  iPhone Application Development : Using Advanced Interface Objects and Views - User Input and Output
  •  Windows Phone 7 Development : Wiring Up Events to an Application Bar ( part 2)
  •  Windows Phone 7 Development : Wiring Up Events to an Application Bar ( part 1) - Reacting to Add Button Events
  •  Adding an Application Bar to a Windows Phone 7 Application (part 3) - Adding an Application Bar Using Managed Code
  •  Adding an Application Bar to a Windows Phone 7 Application (part 2) - Adding a Local Application Bar Using XAML & Adding Menu Items
  •  Adding an Application Bar to a Windows Phone 7 Application (part 1) - Adding Images for Use with Application Bar Buttons & Adding a Global Application Bar Using XAML
  •  iPhone Application Development : Creating and Managing Image Animations and Sliders (part 3) - Finishing the Interface
  •  iPhone Application Development : Creating and Managing Image Animations and Sliders (part 2) - Adding an Image View
  •  iPhone Application Development : Creating and Managing Image Animations and Sliders (part 1)
  •  iPhone Application Development : User Input and Output
  •  Windows Phone 7 : Using Accelerometer Data to Move a Ball
    Top 10
    Fujifilm XF1 - The Stylish Shooter
    Nikon 1 V2 - Still Fast and Handles Better
    Asustor AS-604T 4-Bay NAS Review (Part 3)
    Asustor AS-604T 4-Bay NAS Review (Part 2)
    Asustor AS-604T 4-Bay NAS Review (Part 1)
    Toshiba Satellite U925t Review (Part 3)
    Toshiba Satellite U925t Review (Part 2)
    Toshiba Satellite U925t Review (Part 1)
    iBall Andi 4.5H - Pretty In White
    The HTC Butterfly - Full HD In 5 Inches Only
    Most View
    Windows 8 Special (Part 2)
    Visual Studio 2010 : Understanding Solutions and Projects (part 1)
    Record Onscreen Action In Windows
    Programming .NET Security : Hashing Algorithms Explained
    A brief history of transforming robots (Part 2)
    Zalman F1-Series 240GB - New star SSD
    The Small Screen Revolution (Part 1)
    Learn How Too... Work Faster Than Ever With Windows 8 (Part 1)
    The Xperia T - Remarkable In How Unremarkable It Is (Part 1)
    Caching User Controls
    Stay Safe On Public Hotspots
    LG 42LM660T - Slick, Good Looking ‘Cinema Screen’
    .NET Components : Configuring Permissions
    Programming with DirectX : View Transformations
    New Year Gift Guide 2013 (Part 2)
    Apple Macbook Pro With Retina Display
    Chord QuteHD – Digital-to-analogue Converter
    Windows Server 2003 : Extending IPSec Operations, Designing IPSec Policies to Meet Secure Communications Needs
    Toshiba Satellite L850-F31R Notebook - Books & Covers
    iphone Programming : Integrating Your Application - Application Preferences