Are we using FIPS certified encryption libraries on Windows Phone 8

StackOverflow https://stackoverflow.com//questions/25003110

  •  20-12-2019
  •  | 
  •  

Вопрос

Per this link, Windows Phone 8 received the FIPS 140-2 validation on the following modules:

  • Kernel Mode Cryptographic Primitives Library (CNG.SYS)
  • Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
  • Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
  • Enhanced Cryptographic Provider (RSAENH.DLL)
  • Boot Manager
  • BitLocker Windows OS Loader (WINLOAD)
  • Code Integrity (CI.DLL)
  • BitLocker Windows Resume (WINRESUME)
  • BitLocker Dump Filter (DUMPFVE.SYS)

However the challenge for us is how to map this to code which we are writing at Windows Phone 8 so that we could tell our customer that we are using FIPS validated libraries for encryption.

The main thing for us is the SQLCE database where we are using isolated storage (local folder) with a password to protect it: Local database connection strings for Windows Phone 8

From the above article, we could see this:

The database is encrypted using AES-128 and the password is hashed using SHA-256.

However is database encrypted with FIPS 140-2 validated libraries mentioned at first link? Somehow there are no documents at internet to make such connection.

This is not specifically a crypto question, so I didn't ask at cryptography site

Thanks very much in advance.

Это было полезно?

Решение

Per this link, Windows Phone 8 received the FIPS 140-2 validation...

That link is to a ZDnet article, and there's nothing official about :)

You need to reference NIST's Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules. There's a couple of validated modules from Microsoft on the page.

Take a look at Certificate 1899 issued to Microsoft Corporation in 2013. Following the Security Policy for FIPS 140-2 Validation for Certificate 1899, it appears the platform is providing validated cryptography IF BitLocker is engaged.

But, if you can't control the use of BitLocker....

However the challenge for us is how to map this to code which we are writing at Windows Phone 8 so that we could tell our customer that we are using FIPS validated libraries for encryption.

See Information for Software Developers. According to the page, you have to use the BCRYPTPRIMITIVES (bcryptprimitives.dll). If you use the algorithms in accordance with the security policy, then you can claim the use of FIPS validated cryptography under Certificate 1892. There's a separate security policy for Certificate 1892: Security Policy for FIPS 140 - 2 Validation.

Certificate 1892's security policy list the functions you need to use to claim use of FIPS 140-2 validated cryptography. They include:

  • BCryptCreateHash
  • BCryptDecrypt
  • BCryptDeriveKey
  • BCryptDestroyHash
  • BCryptDestroyKey
  • BCryptDestroySecret
  • ...

However is database encrypted with FIPS 140-2 validated libraries mentioned at first link? Somehow there are no documents at internet to make such connection.

The database is likely not encrypted. Microsoft provides the data security at a lower level in the stack via BitLocker. Its no different than Apple providing Data Protection APIs that perform the encryption further down the stack.

While the database can use IsolatedStorage, it appears that its not FIPS validated per this Stack Overflow question: FIPS-compliant Isolated Storage in WinXP?. A lot may have changed, so its best to look at the binaries under depends.exe to ensure they are calling the BCrypt* functions (see next).

To verify the database's use of approved functions, you can dump the executable with something like Dependency Walker 2.2. You should see the approved functions if the database is encrypting. But like I said, I suspect the database is not using them and it expects BitLocker to handle data encryption.

If you need an encrypted database at the application level, then you probably need something like SQLCipher. The twist with SQLCipher is that is uses OpenSSL to provide the cryptography, and not Windows CNG. You can probably port SQLCipher to use CNG, though.

You can't use OpenSSL on Windows Phone and Windows RT at the moment because the platforms have not been validated. In the future, you may be able to do so.

So your choice for database level encryption is likely going to be SQLCipher with Windows CNG. On the good side, its better than trying to do FIPS on Windows Mobile. The crypto was severely crippled on those platforms. For example, Diffie-Hellman was limited to 1024 bits, and AES was limited to AES-128.

One last thing about platforms... You need to ensure the platform has been validated. The platform consists of an operating system and hardware like processor (and sometimes a board). Its not enough to cite an operating system like Windows Phone 8.

For example, according to Certificate 1892's Security Policy for FIPS 140 - 2 Validation, Windows Phone 8 was validated with a Qualcomm Snapdragon S4 in Thumb-2 mode (luckily it omits the board). If you have a Windows Phone 8 platform that's not using the Snapdragon S4, then its not using validated cryptography.

Другие советы

The AES-128 algorithm is FIPS 140-2 compliant. According to the link you provided, Microsoft implemented AES in RSAENH.DLL. Does that help?

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top