Cryptography Reference
In-Depth Information
provides the so called keychain mechanisms: These allow for data encryption
specific for each applications installed on the device [Apple10, Jaquith10, HS10].
10.2.3 Windows Mobile
The Windows Phone is the successor of the Windows Mobile operating system.
While the latter is considered to be the business version for Microsoft Windows
powered devices, Windows Phone aims for the consumer market. Unfortunately,
the amount of information on Windows Phone 7 is very limited and it appears that
Microsoft decided to reduce the number of available security features. As such,
Windows Phone 7 does not support on-device data encryption. We therefore focus
on the security concepts of Windows Mobile 6 (WM) in the sequel.
WM applications are packed in so called cabinet (CAB) files. There are numerous
alternatives for implementing WM applications: Developers have multiple choices,
starting from Native Visual C++, over managed code which can be integrated in
the .NET Compact Framework, to server-side code which can be used in combi-
nation with Microsoft's Internet Explorer.
Policies in WM describe if unsigned attachments received on a WM powered
phone are accepted. The default behaviour is to prevent applications with invalid
signatures from being executed. An additional policy or a user interaction which
asks for the appropriate privileges can change overwrite this. Signed applications
are executed and can even become privileged applications if their signature stems
from a trusted authority. Depending on the device policy, an application can carry
additionally permissions.
WM defines three classes of permissions for applications: privileged, normal, and
blocked. These classes resemble APIs the application has access. Privileged
applications carry the highest set of permission: they can write to protected areas
of the registry and full access to the file system is granted. Normal applications are
not able to call so-called “trusted” APIs. Additionally, such applications are not
able to write to protected areas of the registry and will not get write access to
system files or to the system certificate store. Finally, blocked applications are not
allowed to execute at all.
WM does of course support the installation of third-party applications:
Mobile2Market is a marketing program which offers a certification authority and
signature verification services to distribute software for being installed on
Windows Mobile. Unsigned applications distributed by Mobile2Market will not
run on WM.
Finally, it is also possible to completely lock the mobile phone. In this state, WM
does not allow the installation of any Mobile2Market applications. However, OEM,
Mobile Operator, or Enterprise certificates are available to allow modifications of
core functions.
Search WWH ::
Custom Search