12 security levels in Windows Phone 8 using the example of Lumia 1520
C coming, Habr!
On the eve of the New Year, it has become a good tradition for many to sum up and make ratings based on the IT events of the outgoing year. We decided not to follow these trends, but we could not refrain from drawing up lists.
')
So, meet: 12 reasons why the new Lumia 1520 and other Nokia smartphones on Windows Phone 8 are truly secure smartphones.
1. Nokia Lumia 1520, like other devices on Windows Phone 8, meet Microsoft’s strict hardware requirements, i.e. to the components of the smartphone. This significantly reduces the possibility of hacking at the hardware level, and on the other hand, it makes it much easier to work with applications for programmers and end users.
2. The Lumia 1520 and any other device on Windows Phone 8 has a Trusted Platform Module (TPM) version 2.0 chip installed.
It is a crypto processor in which cryptographic keys are stored to protect information and is a fundamental element of the device’s security system.
3. The Nokia Lumia 1520 uses the extensible UEFI Secure Boot firmware interface, which can be called the new BIOS of this decade. Any UEFI Secure Boot layer, including the firmware itself, bootloader, kernel, and kernel extensions, has a cryptographic signature. Thanks to the automatic detection of signatures, the system will not allow the download to continue if any of the layers has been replaced by an attacker.
4. Cryptographic encryption of signatures is not limited to UEFI Secure Boot - the entire operating system and each application uses digital signatures to protect the smartphone from external infiltrations.
5. All updates for Nokia Lumia 1520 and for other devices of the line are available only from Nokia and Microsoft. In addition, all additions and fixes in the services responsible for the security of the system comply with the strict standards of Nokia and Microsoft Security Response Center.
6. Nokia Lumia smartphones on Windows Phone 8 allow locking with alphanumeric and complex passwords.
7. The internal memory of the Lumia 1520 and other Nokia devices on Windows Phone can be fully encrypted using BitLocker technology. Moreover, the BitLocker key itself is issued by the TPM 2.0 chip only if two conditions are met:
- the device successfully passes the process of secure boot UEFI Secure Boot;
- the data storage itself (physically) is located in the device.
This means that it is possible to get data from encrypted storage only from the device itself. The scenario with connecting the internal memory to another operating system or to another device on Windows Phone 8 is not possible. BitLocker technology helps minimize the possibility of offline penetration, especially if the device is locked using a complex password.
8. Each Windows Phone 8 application works in its own isolated “chamber” (chamber), including the system applications of the OS itself.
In other words, each application gets access only to those resources that it needs to complete the tasks. The application will not be able to reset the restriction of access rights, and also will not be able to interact with other applications through direct communication or through the cloud. In addition, it will not be able to access the cache of the memory, data or keyboard of another application.
How it works? Each application has a certain marker that tells the operating system that the application uses this or that functionality. For example, the Navigator application announces that it uses a location service and Internet access. When installing such an application, the operating system will generate a “camera” based on the announced capabilities. And if, suddenly, during the operation, the application tries to access the media library, access will be instantly limited.
9. The native browser in Nokia Lumia 1520 runs in a virtual sandbox (this process is also called sandboxing). Windows Phone 8 uses the default version of Internet Explorer 10 with built-in anti-phishing filters and specially disabled plugin support.
The sandbox principle itself works for other applications, and several rules apply here. Applications cannot communicate with each other. The file system structure is hidden from applications, all I / O operations are limited to isolated storage (Isolated storage). Each application has its own isolated storage, and access to it is restricted only by this application.
10. Separately, it is worth mentioning data protection in applications: Windows Phone 8 provides an additional level of encryption thanks to the Data Protection API. Intelligent technology uses the data entropy on the device to automatically generate new keys. This, in turn, speaks of a standardized system for generating, storing, and managing cryptographic keys. Each application gets its unique key when it is first launched.
11. However, even the highest level of encryption will not be able to protect the device authorized by the user from the exchange (intentional and not intentional) of data with unverified sources. That is why the rights management system (IRM) is a critical component of the security system of Windows Phone 8 smartphones. By the way, Windows Phone 8 is the only platform for smartphones with an integrated IRM rights management system that effectively prevents data leaks.
12. Finally, the synchronization of Nokia Lumia smartphone data on Windows Phone 8 with most cloud services, such as Office 365 and Exchange and SharePoint servers, uses SSL 3.0 protocol with AES 128 or 256 encryption.
On the eve of the New Year, it has become a good tradition for many to sum up and make ratings based on the IT events of the outgoing year. We decided not to follow these trends, but we could not refrain from drawing up lists.
')
So, meet: 12 reasons why the new Lumia 1520 and other Nokia smartphones on Windows Phone 8 are truly secure smartphones.
1. Nokia Lumia 1520, like other devices on Windows Phone 8, meet Microsoft’s strict hardware requirements, i.e. to the components of the smartphone. This significantly reduces the possibility of hacking at the hardware level, and on the other hand, it makes it much easier to work with applications for programmers and end users.
2. The Lumia 1520 and any other device on Windows Phone 8 has a Trusted Platform Module (TPM) version 2.0 chip installed.
It is a crypto processor in which cryptographic keys are stored to protect information and is a fundamental element of the device’s security system.
3. The Nokia Lumia 1520 uses the extensible UEFI Secure Boot firmware interface, which can be called the new BIOS of this decade. Any UEFI Secure Boot layer, including the firmware itself, bootloader, kernel, and kernel extensions, has a cryptographic signature. Thanks to the automatic detection of signatures, the system will not allow the download to continue if any of the layers has been replaced by an attacker.
4. Cryptographic encryption of signatures is not limited to UEFI Secure Boot - the entire operating system and each application uses digital signatures to protect the smartphone from external infiltrations.
5. All updates for Nokia Lumia 1520 and for other devices of the line are available only from Nokia and Microsoft. In addition, all additions and fixes in the services responsible for the security of the system comply with the strict standards of Nokia and Microsoft Security Response Center.
6. Nokia Lumia smartphones on Windows Phone 8 allow locking with alphanumeric and complex passwords.
7. The internal memory of the Lumia 1520 and other Nokia devices on Windows Phone can be fully encrypted using BitLocker technology. Moreover, the BitLocker key itself is issued by the TPM 2.0 chip only if two conditions are met:
- the device successfully passes the process of secure boot UEFI Secure Boot;
- the data storage itself (physically) is located in the device.
This means that it is possible to get data from encrypted storage only from the device itself. The scenario with connecting the internal memory to another operating system or to another device on Windows Phone 8 is not possible. BitLocker technology helps minimize the possibility of offline penetration, especially if the device is locked using a complex password.
8. Each Windows Phone 8 application works in its own isolated “chamber” (chamber), including the system applications of the OS itself.
In other words, each application gets access only to those resources that it needs to complete the tasks. The application will not be able to reset the restriction of access rights, and also will not be able to interact with other applications through direct communication or through the cloud. In addition, it will not be able to access the cache of the memory, data or keyboard of another application.
How it works? Each application has a certain marker that tells the operating system that the application uses this or that functionality. For example, the Navigator application announces that it uses a location service and Internet access. When installing such an application, the operating system will generate a “camera” based on the announced capabilities. And if, suddenly, during the operation, the application tries to access the media library, access will be instantly limited.
9. The native browser in Nokia Lumia 1520 runs in a virtual sandbox (this process is also called sandboxing). Windows Phone 8 uses the default version of Internet Explorer 10 with built-in anti-phishing filters and specially disabled plugin support.
The sandbox principle itself works for other applications, and several rules apply here. Applications cannot communicate with each other. The file system structure is hidden from applications, all I / O operations are limited to isolated storage (Isolated storage). Each application has its own isolated storage, and access to it is restricted only by this application.
10. Separately, it is worth mentioning data protection in applications: Windows Phone 8 provides an additional level of encryption thanks to the Data Protection API. Intelligent technology uses the data entropy on the device to automatically generate new keys. This, in turn, speaks of a standardized system for generating, storing, and managing cryptographic keys. Each application gets its unique key when it is first launched.
11. However, even the highest level of encryption will not be able to protect the device authorized by the user from the exchange (intentional and not intentional) of data with unverified sources. That is why the rights management system (IRM) is a critical component of the security system of Windows Phone 8 smartphones. By the way, Windows Phone 8 is the only platform for smartphones with an integrated IRM rights management system that effectively prevents data leaks.
12. Finally, the synchronization of Nokia Lumia smartphone data on Windows Phone 8 with most cloud services, such as Office 365 and Exchange and SharePoint servers, uses SSL 3.0 protocol with AES 128 or 256 encryption.
Source: https://habr.com/ru/post/207898/
All Articles