Archive for the ‘ Security ’ Category

Windows Phone Mango – Encrypt Data

Windows Phone 7 Mango has focused on the end consumer market. The phrase “Put people first” is something we have seen in all of Microsoft’s Windows Phone 7 Mango promotions. The market place is filling up with apps targeting the common user, so for most applications encryption has not been super important, although more and more enterprise apps and data sensitive apps are coming and protecting your data is key in many scenarios.

Saving data in a phone’s isolated storage is not secure, there is a tool that comes with the SDK that enables you to list, copy and replace files and directories in isolated storage. You can read about how to use the tool at MSDN. There is an excellent tool that allows the developers to do a lot more with their applications, like uninstalling developer XAPs, get detailed device information, browse the Isolated Storage, copy phones local SQL CE DB to your PC to extract and change data and so on, all this through a really nice UI. Get your hands on the Windows Phone Power Tools at CodePlex.

image

This article will go through the basics in how you encrypt/decrypt sensitive and confidential data such as username, password, PIN code etc. using the Data Protection API (DPAPI) to prevent anyone from accessing your data using tools like the isolated storage explorer.

DPAPI

Encrypting the data will not increase the security if the decryption key resides on the phone, no matter how well the key is hidden. DPAPI solves the problem of explicitly generating and storing a cryptographic key by using the user and phone credentials to encrypt and decrypt data.  This means that the only place where you can decrypt your encrypted data is on the phone itself !

ProtectedData class

You can use the ProtectedData class that provides you access to DPAPI through Protect and Unprotect methods. On a Windows Phone device, every application gets its own decryption key when the application executes for the first time. Calls to Protect and Unprotect methods will implicitly use the decryption key and make sure all data remains secure and private to the application.

Protect – Use this method to encrypt your data
Unprotect – Use this method to decrypt your data

I have created a CryptoUtils class that enables you to encrypt and decrypt strings to isolated storage.

 public static class CryptoUtil
    {
        /// <summary>
        /// Encrypt a string and store it in the phone's isolated storage
        /// </summary>
        /// <param name="value"></param>
        /// <param name="path"></param>
        public static void EncryptAndStore(string value, string path)
        {
            // Convert the string to a byte[].
            byte[] PinByte = Encoding.UTF8.GetBytes(value);

            // Encrypt the string by using the Protect() method.
            byte[] ProtectedBytes = ProtectedData.Protect(PinByte, null);

            // Store the encrypted string in isolated storage.
            CryptoUtil.WriteProtectedStringToFile(ProtectedBytes, path);

        }

        /// <summary>
        /// Decrypt a string that is stored in the phone's isolated storage in the provided path
        /// </summary>
        /// <param name="path"></param>
        /// <returns></returns>
        public static string DecryptString(string path)
        {
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
            {
                if (!file.FileExists(path)) return string.Empty;
            }
            // Retrieve the string from isolated storage.
            byte[] ProtectedPinByte = CryptoUtil.ReadStringFromFile(path);

            // Decrypt the string by using the Unprotect method.
            byte[] PinByte = ProtectedData.Unprotect(ProtectedPinByte, null);

            // Convert the PIN from byte to string and display it in the text box.
            return Encoding.UTF8.GetString(PinByte, 0, PinByte.Length);
        }

        private static void WriteProtectedStringToFile(byte[] strinData, string path)
        {
            // Create a file in the application's isolated storage.
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
            {
                IsolatedStorageFileStream writestream = new IsolatedStorageFileStream(path, System.IO.FileMode.Create, System.IO.FileAccess.Write, file);

                // Write stringData to the file.
                Stream writer = new StreamWriter(writestream).BaseStream;
                writer.Write(strinData, 0, strinData.Length);
                writer.Close();
                writestream.Close();
            }
        }

        private static byte[] ReadStringFromFile(string path)
        {
            // Access the file in the application's isolated storage.
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
            {
                IsolatedStorageFileStream readstream = new IsolatedStorageFileStream(path, System.IO.FileMode.Open, FileAccess.Read, file);

                // Read the PIN from the file.
                Stream reader = new StreamReader(readstream).BaseStream;
                byte[] pinArray = new byte[reader.Length];

                reader.Read(pinArray, 0, pinArray.Length);
                reader.Close();
                readstream.Close();

                return pinArray;
            }
        }
    }

Conclusions

It is really easy to use DPAPI with Protect and Unprotect methods and if you create a CryptoUtils class that can be easily used in all of your applications there is no excuses not to do it :)

Note: If you want to encrypt large amount of data and the data is stored in the local database on the phone, then encrypting the entire database is a better options. See my next post about encypting Local DB.

Happy Coding!!

Customers first questions on WP7 solution

The first few questions I got when proposing a WP7 solution for a customer was:

  1. How long does it take to create a PoC (proof of concept) application
  2. Security, how do we assure a secure connection to our network, since the application is intended for the companies employees only, is it secure? and how do we make it secure?
  3. Can we somehow deploy our application to our employees mobile phones only or do we need to use the public marketplace?
  4. What happens if an employee looses his/her phone, do we then have a possible security breach?

Below you have a short summary on my answers to the customer.

  1. PoC.
    So development time when introducing a new platform is of course something the customer is always keen on knowing. It all depends on how many integration points you have, how many screens etc. But to give the customer a hunch of what it takes in development effort in WP7 compared to other platforms I refered to the WP7 application called TrueCaller.How long did it take to implement TrueCaller application on different platforms?

    • iPhone: 4 months
    • Android: 3 months
    • Windows Phone 7: 3 weeks!!!
    • Symbian: 4 months

    Conclusion, it is a lot faster to develop WP7 application  compared to other platforms and the development tools are very good and you use same technologies that the developers already know. (Original post where I found this)

  2. Security.
    In this case the customer wants to run the application only on employee phones. To make this as secure as possible you should use company specific certificates so that it will only be possible to access the company specific environments if you have the correct certificate. This common authentication works in conjunction with the Microsoft Exchange ActiveSync (EAS) protocol. We talked about chambers, capabilities, sandbox and application deployment. This is a large topic so I think I will write a separate blog about Windows Phone Security later on.
  3. Deployment.
    As for now, the only way to deploy a WP7 application on a phone is through the public marketplace. Enterprises will probably not like this since they want the possibility to deploy their applications on employee phones only and not make them accessible to the whole world. So hopefully Microsoft will make a change to this soon, there are rumors out there (as usual) that Microsoft is already on this and will later give companies the possibility to install their applications on their employees phones without going through the marketplace. Companies will have the possibility to use a Private Marketplace. But if this is true we just need to wait and see.
  4. Lost phone.
    If you lose your phone, you can actually remotely access it and ring, lock, erase or show your lost phone on a map! All this on the windowsphone.live.com site.

There are a lot of benefits for customers with existing applications to create WP7 applications, they open a new world of possible revenues. Connect with the customer on the “three screens”, extend their experience from mobile to web or any other screen using “the same source code”. If done right only the UI implementation is different between the screens, and even in the UI it’s possible to create re-usable code.

So what are you all waiting for? Lets start filling the Market Place with good quality apps!

Bypassing the Authenticode Signature Check on Startup

 

Authenticode verification will hurt startup time. I recently experienced this on a customer project. The initial startup time to show some parts of the UI took way to long first time accessing them. The WPF application is accessed through Citrix which also affects the startup performance for assemblies that needs to be verified.

Authenticode-signed assemblies need to be verified with the CA.  This verification can be time intensive, as it can require hitting the network several times to download up to date certificate revocation lists, and also to ensure that there is a full chain of valid certificates on the way to a trusted root.  This can, as in our case, end up in several seconds delay while that assembly is being loaded. Worst case for us was almost 30 sec for some client setups.

To get rid of this issue you can either install the CA certificate on the client machine or avoid using Authenticode when possible. We know that our application doesn’t need the Publisher evidence so we can do the following.

In .NET Framework 3.5 there is a configuration option that allows bypassing the Authenticode verification.  This can be done by adding adding the following lines to the .exe.config file:

<configuration>
        <runtime>
              <generatePublisherEvidence enabled="false"/>
       </runtime>
</configuration>

More information is available here as well as on this blog.

KB936707 discuss how you can also enable this in .NET Framework 2.0

%d bloggers like this: