AndroidiOSWindows MobileSymbian ?RIM (Blackberry)?

Common Mobile OS

The good

The bad (challenges) must support different hardware

(phones, netbooks, GoogleTV, cameras, Google glass…)

built on top of Linux kernel apps largely written in Java (Apache Harmony) open source

version proliferation(Cupcake, Donut, Éclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat …)

application piracy

legal issues

Security a priority in the software life cycle

Mandatory app sandbox

Application signing

Other

each process is a subject & has its own ID safe mode ensures the system partition is read-only the API includes common encryption ciphers

the kernel intercepts common software vuls (buffer overflow, integer overflow, heap corruption, format string errors) hardware-based Never eXecute

user consulted to grant permission to new app

every application must be signed with a public key

CA not required and no CA verification is currently performed

iOSiOSLayers of Security

secure boot process

secure system install/upgrade

app security

runtime protections

file encryption

passcode security

support for network security standards

iOSiOSSecure Boot Process

1) run boot program (integrity guaranteed by ROM)

2) Remaining system code is signed by Apple

3) Recovery to iTunes if necessary

Boot Program

ApplePublicKey

iOSiOSSystem install/upgrade

iOSiOS

app security

provided software (Mail, Safari, etc.) signed by Apple

other apps from registered developers are signedApple supplies certificates to registered developers.

firms can use Apple service for in-house only software

runtime protections

each app has its own home directory for files

most processes run in a non-privileged mode

all OS code is in read-only memory

processes are assigned to random memory locations

iOSiOSfile encryption

crypto engine for AES-256 and SHA-1

There is also a random numbergenerator using interrupt timing.

Each file encrypted with _________ key

Each file's metadata includes wrapped per-file key and class key encrypted with ____________ key

UID | GIDUID | GID

Each per-file key is wrapped (encrypted) with _________ key

Each class key is encrypted with UID (and possibly a passcode)

iOSiOS

passcode security

The passcode is "tangled with UID

Passcode checking ________ to 80 msec.

iOSiOSsupport for network standards

secure low-level protocols (SSL, TLS)

secure higher-level VPN (L2TP, PPTP)

wi-fi via 128-bit AES encryption

…and many others