Motorola PTS Information Manual
advertisement
Motorola MC75A Enterprise Digital Assistant
Motorola PTS Information Manual
Version:
Date:
Authors:
Document ID:
Rev. A
15-AUG-2011
J. Weissman
00-M708-PTS1
Document History
Version
Date
Change
Author
1.0
24-JUL-2011
Initial Version
J. Weissman
1.1
05-AUG-2011
Various Edits
J. Weissman
1.2
12-AUG-2011
Added Suggested
Security Protocols
J. Weissman
A
15-AUG-2011
Released Version
J. Weissman
Motorola Solutions
Page 1
Motorola MC75A Enterprise Digital Assistant
Table of Contents
1 Platform Boundary ..................................................................................................................................... 3
1.1 Platform Description ........................................................................................................................... 3
1.2 System Block Diagram ......................................................................................................................... 4
2 Platform Use .............................................................................................................................................. 5
2.1 Separation between Applications ....................................................................................................... 5
3 Vendor Vulnerability Assessment Measures ............................................................................................. 6
3.1 Process Measures ............................................................................................................................... 6
3.2 Vendor Vulnerability Assessment Measures Scope............................................................................ 6
3.3 Vendor Vulnerability Assessment Measures Distribution .................................................................. 6
3.3.1 Distribution Process ..................................................................................................................... 6
3.3.2 Maintenance Releases ................................................................................................................. 6
3.3.3 Emergency Releases..................................................................................................................... 7
3.3.4 Customer Responsibilities ............................................................................................................ 7
4 Default Configuration................................................................................................................................. 7
4.1 Other links for IP configuration........................................................................................................... 8
4.1.1 TCP/IPv4 Configurable Registry Settings...................................................................................... 9
4.1.2 TCP/IP Security ............................................................................................................................. 9
4.2 Configuration Security ........................................................................................................................ 9
5 Key Management ....................................................................................................................................... 9
5.1 Default Certificates (IPSP1) ................................................................................................................. 9
5.2 Cryptography Security and Key Sharing ............................................................................................ 10
6 Random number generator (IPSP 2) ........................................................................................................ 11
Chart 286................................................................................................................................................. 11
7 Recommended Security Practices............................................................................................................ 12
7.1 Security Management Schemes........................................................................................................ 12
7.2 User Responsibilities ......................................................................................................................... 13
7.3 Additional Security Recommendations............................................................................................. 13
Motorola Solutions
Page 2
Motorola MC75A Enterprise Digital Assistant
1 Platform Boundary
1.1 Platform Description
The hardware, software and firmware that make up the platform are:
- Microsoft Windows Mobile 6.5 Professional CE OS 5.2.23137 (Build 23137.5.3.9)
- Motorola Software Package, including:
o MSP (7.0.58)
o Other Motorola supplied Software
- MC75 hardware
- DCR7X00-200R Chip-and-Pin Card Reader
Motorola Solutions
Page 3
Motorola MC75A Enterprise Digital Assistant
1.2 System Block Diagram
SSL Tunnel
(Data transferred by
encrypted TLS tunnel)
Internet
SSL Tunnel
(Data transferred by
encrypted TLS tunnel)
MSP Interfaces
Sensitive Data
Protection
Financial
Application
PLATFORM
IPSec VPN
Cabinet and
Application
Installer
Device
Enrollment
MSP
SSL
SOFTWARE
Hardware Interface Layer
LCD Display
Touch Panel
Bar Code
Scanner
LAN/WAN
Radios
Bluetooth Radio
GPS Radio
CPU: Marvell Technology Group PXA320 (806MHz)
Memory: 256MB RAM, 1GB FLASH
Mobile Computer Hardware (CPU, Memory, and Major Subsystems)
LCD Display
Keyboard
Magnetic
Stripe Reader
Smartcard
Reader
CPU: MAXIM-IC USIP High-Performance, Secure, 32-Bit MIPS Microcontroller
with built-in memory and I/O interfaces
DCR7X00-200R Hardware (CPU, Memory, and Major Subsystems)
Motorola Solutions
Page 4
Motorola MC75A Enterprise Digital Assistant
2 Platform Use
2.1 Separation between Applications
The separation between financial applications and other applications are described in the below
documentation from the Microsoft OEM documentation:
Drivers and Process Address Spaces
In Windows Mobile, all processes share a single virtual memory address space with the
kernel and various other parts of the OS. Each process resides in its own 32 MB slot, and
slots are protected from each other and from the kernel.
Memory Access Permissions
Processes map into different virtual addresses. For a driver/app to access the memory of
another process, it must be able to unlock the permissions for those address spaces.
Although the details of the virtual-to-physical mapping are device-dependent in Windows
Mobile, the basic layout tends to be the same from one device to another. Accessing the
address space of an application can be complicated when a device driver creates a thread
because access to process address spaces is set on a thread-by-thread basis. Each thread
has a 32-bit mask, one bit per process, which describes the process a thread can access.
A thread can call the SetProcPermissions function to modify the permission mask, which
controls the thread's access to each process address space. The same thread can call the
GetCurrentPermissions function to get the mask field for current permissions, so that the
permissions can be reset when the thread has accessed the process data.
By default, the operating system does not run in full-kernel mode, thus you cannot
assume that driver threads run in kernel mode. However, there might be situations where
you need to enter full-kernel mode.
SetProcPermissions is a Trusted API, and only can be called by trusted applications.
Details on the Trusted API’s are in:
http://msdn.microsoft.com/en-us/library/ms924486.aspx
Motorola Solutions
Page 5
Motorola MC75A Enterprise Digital Assistant
3 Vendor Vulnerability Assessment Measures
3.1 Process Measures
1. Motorola relies on the “Coordinated Vulnerability Disclosure at Microsoft”. This is documented
in the accompanying document Coordinated Vulnerability Disclosure at Microsoft document.
2. Motorola periodically receives information from Microsoft and has a procedure in place to act
upon this information. This procedure is shown in the accompanying document Motorola
Maintenance Release Process.
3. As shown in in the flowchart in the Maintenance Release Process document., Motorola Release
candidate Test and Validation is performed, followed by performing Motorola LTK testing and
NSTL Certification assessment
4. In addition, Motorola pro-actively periodically checks information from Microsoft on a specific
website and uses the Motorola Maintenance Release Process in place to act upon this
information, as well as public domain search on vulnerabilities on this Windows Mobile Version
and build.
5. Motorola also engages external independent testing laboratories to scope, evaluate, and test
configurations for vulnerability assessments.
3.2 Vendor Vulnerability Assessment Measures Scope
The PTS approval is only valid for the platform containing the IP, Link Layer, IP/Security protocols and IP
services as provided by Motorola.
3.3 Vendor Vulnerability Assessment Measures Distribution
3.3.1 Distribution Process
The distribution process is as follows:
Motorola provides alerts to customer through the Motorola Customer Response Center. Customers
may also sign up for email alerts of issues, as well as extra cost service contracts, where Motorola will
provide telephone alerts to customers. This is accomplished by the customer going to the Motorola
Support Web site
http://support.symbol.com/support/supportcentral/supportcentral.do?id=m1
and on the right side, click on “Support Central Subscriptions”.
3.3.2 Maintenance Releases
Motorola provides releases of software for mobile computers on a 6-month cycle. This software
includes a full roll-up of all Microsoft and Motorola outstanding fixes, as well as any planned new
functionality. The software is available for download from the Motorola Support Web site
http://support.symbol.com/support/supportcentral/supportcentral.do?id=m1
and type in the mobile computer model number or name in the search box.
Motorola Solutions
Page 6
Motorola MC75A Enterprise Digital Assistant
3.3.3 Emergency Releases
When Microsoft or Motorola determine a fix is classified as “Severe” or “Critical”, these fixes are made
immediately available to customers through the support site. These are found on the Motorola Support
Web site
http://support.symbol.com/support/supportcentral/supportcentral.do?id=m1
and on the right side, click on “Product Hot Fixes”.
3.3.4 Customer Responsibilities
It is the responsibility of each Motorola customer to go to the Motorola Support Web site
http://support.symbol.com/support/supportcentral/supportcentral.do?id=m1
and download the appropriate update, based on the customers need. Motorola does not maintain a
“push” mechanism for software updates. The download of a software update is at the discretion of
each customer.
4 Default Configuration
The following links shows the default configuration of the TCP/IP stack
http://msdn.microsoft.com/en-us/library/aa922356.aspx
http://msdn.microsoft.com/en-us/library/aa915651.aspx
Changes from these default values can been in reginit.ini file
[HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms]
"IpEnableRouter"=dword:0
; disable routing of packet between
networks
"TcpWindowSize"=dword:8000 ; use 32K for advertised TCP receive
window
"EnableDHCP"=dword:1
; get IP address from DHCP server
[HKEY_LOCAL_MACHINE\Comm\RNDISFN1\Parms\TcpIp]
"AutoCfg"=dword:0
;Rndis (USB) does not use AutoIP
"EnableDHCP"=dword:0
;Rndis (USB) does not
use DHCP
"Subnetmask"="255.255.255.0"
WiFi configuration
[HKEY_LOCAL_MACHINE\Comm\JEDI10_1\Parms\TcpIp]
;"EnableDHCP"=dword:1
;"IpAddress"="192.168.1.50"
;"Subnetmask"="255.255.255.0"
; Number of retries for obtaining IP address from DHCP server
"DhcpRetryDialogue"=dword:FFFFFFFF
"DhcpMaxRetry"=dword:1
; Enable DHCP client auto configuration
"AutoCfg"=dword:1
Motorola Solutions
Page 7
Motorola MC75A Enterprise Digital Assistant
;Initial delay in milliseconds between sending DHCP packets
"DhcpInitDelayInterval"=dword:0
Bluetooth IP configuration
[HKEY_LOCAL_MACHINE\Comm\BTPAN1\Parms\TcpIp]
"EnableDHCP"=dword:0
"DefaultGateway"=dword:0
"UseZeroBroadcast"=dword:0
"IpAddress"="192.168.0.1"
"SubnetMask"="255.255.255.0"
[HKEY_LOCAL_MACHINE\Comm\BTPAN1\Parms]
"ProtocolsToBindTo"=multi_sz:"NOT","NDISUIO"
"AdapterType"="NAP"
"ServiceId"="{00001116-0000-1000-8000-00805f9b34fb}"
"FriendlyName"="Network Access Point"
"Description"="Bluetooth NAP Service"
"AcceptConnections"=dword:1
"MaxConnections"=dword:1
"PublishSdpOnBoot"=dword:1
[HKEY_LOCAL_MACHINE\Comm\SWGobiUSBNDIS1\Parms\Tcpip]
"DefaultGateway"="0.0.0.0"
"Subnetmask"="0.0.0.0"
"IpAddress"="0.0.0.0"
"EnableDHCP"=dword:1
"AutoInterval"=dword:1
"DhcpRetryDialogue"=dword:3
"DhcpMaxRetry"=dword:3
DHCP Options
; Enable network quarentine support
[HKEY_LOCAL_MACHINE\Comm\TcpIp\Parms\DhcpSendOptions]
; DHCP Option: Vendor ID == "Microsoft Windows CE"
"60"=hex:3C,15,4D,69,63,72,6F,73,6F,66,74,20,57,69,6E,64,6F,77,73,20,4
3,45,0
Temporary IPv6 Address
;===================================;
; Disable Temporary IPv6 address;
;===================================;
[HKEY_LOCAL_MACHINE\Comm\Tcpip6\Parms\GlobalParams]
"UseTemporaryAddresses"=dword:0
4.1 Other links for IP configuration
Motorola Solutions
Page 8
Motorola MC75A Enterprise Digital Assistant
4.1.1 TCP/IPv4 Configurable Registry Settings
http://msdn.microsoft.com/en-us/library/aa922356.aspx
4.1.2 TCP/IP Security
http://msdn.microsoft.com/en-us/library/aa922625.aspx
4.2 Configuration Security
To ensure the default configuration is secure, Motorola performs the steps outlined in the Vendor
Vulnerability Assessment Measures section above, prior to release.
5 Key Management
5.1 Default Certificates (IPSP1)
Motorola uses the Windows Mobile Device Security Model. For more information, please see:
http://msdn.microsoft.com/en-us/library/bb416353.aspx and the “See Also” sections from this page.
The Motorola device is released from production with the Security Level set to Security Off. Upon
customer request, the mobile computer can be set to any other security level.
Motorola adds a small number of dedicated secure execution certificates to the Microsoft configuration.
(It is confusing sometimes because in Jan 2007, Symbol Technologies [the actual manufacturer of the
mobile computer] was acquired by Motorola. Certain certificates still carry the Symbol name).
Please search for:
[HKEY_CURRENT_USER\Software\Symbol\Security]
in reginit.ini, and then scroll down to see the certificates.
Upon customer request, for financial applications for example, the Security Level can be set to
Mobile2Market locked. In this mode, the only software which will run on the factory default
configuration is any Microsoft software, and any Motorola software.
Default certificates from Motorola (Symbol) and Microsoft are not used for financial transactions. The
financial application software provider must also provide the certificates required by their software.
Once these certificates are validated, they are signed with the Motorola key and are inserted into the
certificate store.
Once the financial application certificates are inserted into the certificate store, and the financial
application is signed with the financial application certificate, then financial application will be able to
run with the Motorola and Microsoft software when the mobile computer Security Level is set to
Mobile2Market locked.
Motorola Solutions
Page 9
Motorola MC75A Enterprise Digital Assistant
5.2 Cryptography Security and Key Sharing
The following information is taken from:
http://msdn.microsoft.com/en-us/library/aa922824.aspx
Cryptography Security
A version of this page is also available for
Windows Embedded CE 6.0 R3
4/8/2010
CryptoAPI handles credentials and other assets that unauthorized users can access. The
following list summarizes the best practices for protecting these assets.
Best Practices
Call CryptGetKeyParam to get key length
Your application should verify the key length of the encryption algorithm before using the default service provider.
This ensures that the application is using the correct provider. The application can delete or reset the default
provider for a device by changing the registry or by calling CryptSetProviderEx. Avoid using CryptSetProviderEx,
except as a part of the administrative setup of a device. CryptSetProviderEx affects the behavior of applications
that rely on the default behavior of CryptoAPI.
Check certificate status
Applications calling CryptoAPI must check the certificate status retrieved by certain cryptography functions. This
will prevent an attacker from using a key pair or certificate that has been revoked to sign digital data. Possible
certificate statuses are defined for the CERT_TRUST_STATUS structure.
Protect private keys and user credentials
CryptoAPI stores private keys and applications store user credentials on each device. To prevent hackers from
tampering with private keys and/or extracting the user credentials, you must implement a device locking capability
that requires a password to access the device when it is powered on. Also, for optimum protection, you can use a
smart card to store private keys and use the Smart Card CSP. Implementing proper device protection mechanisms
is crucial to the safety of private keys and user credentials.
Do not create your own random number generator
Use CryptGenRandom to generate random data.
Protect application data
To protect sensitive information and to prevent data tampering, use CryptProtectData and CryptUnprotectData.
When appropriate, the application should obtain an additional password or other secret data from the user, and
then use pOptionalEntropy to supply the information to CryptProtectData and CryptUnprotectData
Motorola Solutions
Page 10
Motorola MC75A Enterprise Digital Assistant
6 Random number generator (IPSP 2)
The random numbers are generated according to NIST SP 800-22 or an equivalent standard. The
certification is taken from this web site:
http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html
These implementations are validated as conforming to the various Random Number Generators
(RNG) as specified and approved in FIPS 186-2, Digital Signature Standard (DSS), ANSI
X9.62-1998, Public Key Cryptography for the Financial Services Industry: Elliptic Curve
Digital Signature Algorithm (ECDSA), and ANSI X9.31-1998, Digital Signatures Using
Reversible Public Key Cryptography for the Financial Services Industry (rDSA) using tests
described in The Random Number Generator Validation System (RNGVS). The testing is handled
by NVLAP-accredited Cryptographic Module Testing (CMT) laboratories.
NIST has made every attempt to provide complete and accurate information about the
implementations described in the following list. It is the responsibility of the vendor to notify
NIST of any necessary changes to its contact information and implementation description.
Microsoft does not specify which Arm processor to use with WM 6.5 AKUs. The below chart is taken
from http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html :
Chart 286
286 Microsoft
Windows CE and
Corporation Windows Mobile
One
Enhanced
Microsoft
Cryptographic
Way
Provider
Redmond,
(RSAENH)
WA 980526399
Version
USA
5.04.17228
-Klorida
Miraj
TEL: 425421-5229
-Katharine
Holdsworth
TEL: 425706-7923
Motorola Solutions
ARMv4i w/ 3/14/2007 FIPS 186-2
Windows
[ (x-Original); (SHA-1) ]
Mobile 6;
"Microsoft Windows CE
ARMv4i w/
and Windows Mobile
Windows
Enhanced Cryptographic
Mobile 6.1;
Provider (RSAENH) is a
ARMv4i w/
general-purpose, softwareWindows
based, cryptographic
Mobile 6.5
module for Windows CE
and Windows Mobile. It
can be dynamically linked
into applications by
software developers to
permit the use of generalpurpose cryptography."
04/02/08: Add New OE and
update the vendor
information;
10/14/09: Add new tested
OES;
Page 11
Motorola MC75A Enterprise Digital Assistant
Here is the portion of reginit.ini showing device is using RSAENH.
[HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider\Microsoft Base
Cryptographic Provider v1.0]
"Image Path"="\\Windows\\rsaenh.dll"
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider\Microsoft Enhanced
Cryptographic Provider v1.0]
"Image Path"="\\Windows\\rsaenh.dll"
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider\Microsoft Enhanced
RSA and AES Cryptographic Provider]
"Image Path"="\\Windows\\rsaenh.dll"
"Type"=dword:00000018
; set the Enhanced provider to be the default RSA provider
[HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider Types\Type 001]
"Name"="Microsoft Enhanced Cryptographic Provider v1.0"
; use the following to make the base provider the default
;"Name"="Microsoft Base Cryptographic Provider v1.0"
; set the Enhanced provider to be the default AES Provider
;#define PROV_RSA_AES
24
[HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider Types\Type 024]
"Name"="Microsoft Enhanced RSA and AES Cryptographic Provider"
7 Recommended Security Practices
7.1 Security Management Schemes
The MC75A offers many security management schemes. There are a number of which are no longer
considered secure, but remain in the software for backward compatibility for older applications.
Motorola Mobile Computer supports several different cipher suites with the RSA key exchange:
AES and SHA-1 Message Authentication. Advanced Encryption Standard (AES) ciphers have a
fixed block size of 128-bits, and the keys can be either 128-bit or 256-bit. There are 3.4 x 10^38
possible 128-bit keys and 1.1 x 10^77 possible 256-bit keys. There are more possible keys than
any other cipher, making AES the strongest cipher supported by SSL. These cipher suites are
FIPS-compliant.
Triple DES and SHA-1 Message Authentication. Triple DES (Data Encryption Standard) is the
second-strongest cipher supported by SSL, but it is not as fast as RC4. Triple DES uses a key three
Motorola Solutions
Page 12
Motorola MC75A Enterprise Digital Assistant
times as long as the key for standard DES. Because the key size is so large, there are
approximately 3.7 * 10^50 possible keys. This cipher suite is FIPS-compliant.
The key size of the RSA key must be 1024 bits in size.
Suggested security protocols: SSL.
For financial transactions and platform management, the security protocol SSL/TLS must be used. The
following conditions hold and are required:
use SSL version 3 and TLS version 1.0 or higher
do not change reginit with regard to PCT
use the recommendations as provided by Microsoft for the use of SSL in the below link:
http://technet.microsoft.com/en-us/library/cc182303.aspx
7.2 User Responsibilities
Incorrect configuration or protocol selection can make secure systems vulnerable to attack. It is the
responsibility of the user to configure the settings correctly.
In addition, the installation of rogue or unknown root certificates can provide a “gateway” to rogue
application installation. In a standard unlocked configuration, users are able to add any root certificates.
This is not a recommended practice, and users are cautioned about accepting root certificates from
unknown sources, no matter how “valid” they may appear. It is the user’s responsibility to ensure
compliance with this guideline.
7.3 Additional Security Recommendations
NetBIOS names are used to support services that require NetBIOS. Windows 2000, Windows XP, and all
newer versions of Windows use DNS names for most functions, but a NetBIOS name resolution method
must exist on any network with computers that are running earlier versions of windows or for
applications that still depend on NetBIOS names.
To increase mobile computer security, it is recommended that the user disable NetBIOS. Instructions for
disabling NetBIOS, and other security recommendations can be found at:
http://msdn.microsoft.com/en-us/library/cd273772-db96-46ab-96d7-ff95683c173c(v=WS.10)
Motorola Solutions
Page 13
