Storage card wipe and encryption – What’s the deal?


In Windows Mobile 6 we added the ability to encrypt the storage card of a Windows Mobile device as well as wipe it remotely.

The encryption can either be enabled by the user or enforced through an Exchange 2007 policy. 

The encryption of the storage card uses AES 128.  

So let me explain more…

Storage Card Encryption

Firstly the encryption does tie the Storage card to the device.   The encryption is tied to a unique ID created upon Hard Reset of the device. You cannot move the encrypted card to another device without first decrypting the card.

When the card is encrypted a key is placed on the device itself and the data on the card is encrypted.

This is important as many existing solutions (particularly on other platforms) store the key and data in the same place… so if you have the device you have everything you need to decrypt the data (all you need is time :) )

Storage Card Remote Wipe

Now if you do initiate a remote wipe what happens is that the card is erased and the key removed from the device. 

This gets over two major concerns/hurdles.

1) What if someone pulls the storage card quickly from the device stopping it being erased. Well it doesn’t matter as the key is removed.

2) What happens if the storage card has the HW write lock disable enabled.. well again the key from the device is removed so the data is useless.

How many times do you overwrite the data on the Storage card?  

One question I sometimes get from security teams is how many times we overwrite the data.  This is mainly a confusion from PC Hard Drive encryption.  There is no need for multiple writes of data on flash drives.  The need for multiple writes on hard disks is due to the fact that traditional hard disk heads can skip, and thus jump over sectors, and not wipe them…so multiple overwrites can ensure each sector is hit.

Why don’t you encrypt the device?

The #1 followup question I always get is why we don’t encrypt the data on the device itself…

Well once the mobile device is accessed via the device-lock or power-on password, all the data on the device is accessible to the user whether it is encrypted at rest or not.

The weakest link is the SD card external memory which, if not encrypted, can be accessed by any device or computer that can read SD cards.

By encrypting the SD card, the weak link is made strong and the data on that card can only be accessed by the paired device after the device-lock PIN or password has been correctly entered.


Comments (21)
  1. DanITman says:

    I’m glad they added this in the new version of WM and Exchange 2007.  I remember when MS released the video of that guy in that Taxi and he left phone in the Taxi.  They called the system admin to have him remotely wipe the device so everything was safe.  I was always thinking that it didn’t make much sense because the chances are a large power point would have been stored on the memory card defeating the purpose of the remote wipe :)

  2. Eagle117 says:

    How will recovery work?  Is there something like a EFS recovery agent to access an SD card if it is removed from the device and the key on the device is lost? Or a way to prevent the SD card from being wiped and staying encrypted until setup by the user again?

    In the last week I’ve had two users wipe their phones after they forgot their PIN 8 times.  Associating it with ActiveSync and getting their data back isn’t a big deal but if they lost 2 GB worth of an SD card that they wanted secure, I would have more trouble since there isn’t a good way to backup an SD card.

  3. MSDNArchive says:

    Eagle117 – Unfortunately there isn’t a recovery mechanism that I’m aware of.

  4. Fergus says:

    I suppose the main question is "What encryption technology/How easy to crack"?

    I have a customer who wants to use very sensitive data on WM devices and if there was any chance it could end up in the public domain they’d get their balls chewed.

  5. JasperM says:

    So, lets see a quick consumer type scenario, since that is mainly who I work with…Customer gets device (WM6), they decide to be cute and encrypt all the photos of their cats, or sensitive business data.  If the device decides to die (an OEM would say this never happens, it must be customer abuse, haha) the customer can access the data on another WM 6 device so long as they have the unique ID?

    Re-reading the article, it seems that the user does not have access to the unique ID on the WM device, correct?

    "You cannot move the encrypted card to another device without first decrypting the card."

    Would lead me to believe there is no way of exporting the key to another device, or a way of storing it on the exchange server? I can see scenarios like this causing a nightmare for support.

    -JasperM

  6. MSDNArchive says:

    Fergus – we use AES 128 bit encryption so the time to crack is a long long time.. if at all…

    Jasper – Understand your concerns however being able to export the key and hold it in other places does present a security risk as well.

  7. In Windows Mobile 6 Microsoft added the ability to encrypt the storage card of a Windows Mobile device

  8. JasperM says:

    "The encryption is tied to a unique ID created upon Hard Reset of the device."

    Does this mean a new unique ID is created for every hard reset?  Would this mean, if you had a card encrypted before a hard reset, that since a new unique ID was created, the same card could not be read due to the hard reset and creation of a new unique ID?

    Do you know of any white papers that deal with the storage encryption?

    -JasperM

  9. Nino.Mobile says:

    Software / Hardware Loke has a very handy WM5/WM6 feature guide CoolSmartPhone.com is reporting that

  10. andy says:

    QUOTE:"This is important as many existing solutions (particularly on other platforms) store the key and data in the same place… so if you have the device you have everything you need to decrypt the data (all you need is time :) )"

    … applying that same principal to the way WM stores Exchange credentials on the device for direct push … doesn’t that also suggest that it is only a matter of time before someone can decrypt a user’s exchange password on the device?

    I wouldn’t want to rely on the device never needing to be hard reset / replaced. In addition to the scenarios given above, I’ve had several devices lock during the boot phase and the only way out is a hard reset. In this scenario that would be ‘goodbye data’.

  11. MSDNArchive says:

    Andy – the Exchange password is stored hashed double encrypted on the device using 128-bit RC4 encryption so I think it’d take a VERY long time for someone to decrypt…. if ever….

  12. JasperM says:

    Storage Card encryption uses AES 128, according the whitepapers previously posted, and WPA2 uses 128 and 256 bit keys for wifi encryption.

    Here is additional information I found from a US government website:

    http://csrc.nist.gov/CryptoToolkit/aes/aesfact.html

    Approximately how big are the AES key sizes?

         The AES specifies three key sizes: 128, 192 and 256 bits. In decimal terms, this means that there are approximately:

    3.4 x 10^38 possible 128-bit keys;

    6.2 x 10^57 possible 192-bit keys; and

    1.1 x 10^77 possible 256-bit keys.

    In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 10^16 possible DES keys. Thus, there are on the order of 10^21 times more AES 128-bit keys than DES 56-bit keys.

    # What is the chance that someone could use the "DES Cracker"-like hardware to crack an AES key?

    In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.

    Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2^55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.

    -JasperM

  13. scyost says:

    @JasperM: A new key is generated after a cold boot, so if you hard reset the device, the files are unreadable. (it has to be like that, we don’t want it to be that easy to get into the encrypted storage card of a stolen device+card)

    @Eagle: One method to migitate the pin recovery risk is to use the OWA password reset feature that’s in WM6. Users can log into their OWA account and get a recovery code which is used to reset the password on the device. This will preserve the encrypted files.

  14. MSDNArchive says:

    JasperM – love it :) I had been using those numbers in some MEDC presentations last year…. I think most people’s device contents will have little value in 149 trillion years 😉

  15. breadtan says:

    Wiping issue on Flash Vs PC Harddisk (HDD)

    – I thought the wiping is to make the erased content unrecoverable hence the DoD standards for the wiping sequences. Rather than it is due to the placement of the head but still in a way it does help and I do agree too.

    – For Flash memory, does it require those wiping standards too? It is still storing non-volatile data like HDD, or am I wrong

    Regards

    BT

  16. My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one

  17. My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one

  18. RSS It All says:

    My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one

  19. My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one

  20. A lot of discussions within IT organizations are about security, and how the approved security policies

  21. A lot of discussions within IT organizations are about security, and how the approved security policies

Comments are closed.