Laura Arribas Vodafone WAC 6th ETSI Security Workshop January ETSI, Sophia Antipolis, France

Size: px

Start display at page:

Download "Laura Arribas Vodafone WAC 6th ETSI Security Workshop January ETSI, Sophia Antipolis, France"

Mildred Smith
5 years ago
Views:

1 Security in WAC Laura Arribas Vodafone WAC 6th ETSI Security Workshop January ETSI, Sophia Antipolis, France

2 The largest wholesale applications platform Money Developers WAC Application Retail Retail Stores Retail Stores End End Users Users End Users Applications What is WAC? A platform which provides a retail shop with wholesale access to applications A driver of web technology for mobile (widget technology) A community which is open to all, but governed by leading operators A support community for developers An opportunity to enable a true cross platform and cross retail store ecosystem for applications

3 WAC evolution Available now 1.1 Q Waikiki evolution Waikiki Public review Q Beta Final Q Q WAC demo devices for MWC 2011 Continued evolution DAP & WebApps etc.

4 Operation of the WAC Security AC ~ The WAC Security AC has cross-working group remit and addresses end-to-end security aspects ~ Involvement ~ Master security document reference bible for WAC security ~ Like SG.07 in GSMA Security Group ~ Threats document ~ Work in progress ~ WAC 1.0 Security specification: based on JIL ~ already available: ~ WAC Waikiki specification: Security and Privacy ~ ~ Native apps ~ Network APIs ~

5 What are we trying to protect from? Money driven Attacker sends SMS/MMS (or calls) to premium rate numbers Web app generates data traffic w/o user s knowledge Pi Privacy breach Attacker reads data stored in the device (and transmits to server) Attacker reads data entered by the user (and transmits to server) Integrity breach Exploits vulnerabilities Attacker encrypts or deletes content in the terminal and requires money for decryption/restoration Attacker sends messages with victim as sender (SMS, s) Malicious code in widgets Using bugs in the OS or WRT or vulnerabilities by design Risk of apps being ripped off Unauthorized access to source code to forward/copy widget code Repackaging of safe applications as malware

6 WAC Security main components (1) ~ Authentication of the various SW components ~ AppStore Server and Clients ~ Download over HTTPS with EV server certificate validation ensures integrity of the widget package ~ Client certificate ensures that WAC-certified AppStores do not provide widgets to non-wac-certified clients ~ Web Run-Time (WRT) ~ WAC-recognised client certificate unique to WRT product and version ensures that t a WAC-certified client is being used ~ Widget ~ Unrecognised: author s identity cannot be verified by WAC (self-signed or no author signature) ~ Recognised: valid author signature belonging to a WAC- recognised identity

7 WAC Security main components (2) ~ Signed vs. Unsigned ~ WAC-signed: distributor signature signed by WAC or a WAC member ~ Unsigned: no signature or distributor signature not validated ~ Secure-by-default preference to enable the installation of unsigned widgets ~ Widget revocation ~ Based on Online Certificate Status Protocol (OCSP) ~ Revocation status checks upon widget installation and widget instantiation ~ Widget protection ~ Secure storage to protect widget resources from being viewed, exported, modified, or otherwise accessed by other applications on the device, or by the user ~ Widget sharing by URI

8 WAC Security main components (3) ~ Control access to APIs ~ Effective access control by implementation of a security framework with flexible security policies ~ Mapping of APIs with device capabilities ~ Support for different Trust Domains ~ Prompting framework based on Trust Domains ~ For all APIs (WAC and non-wac) ~ Default Policy ~ Control access to network resources ~ Widget accesing resources external to the widget package ~ Access controlled via W3C WARP spec + security policies

9 WAC Security main components (4) ~ Privacy ~ Widgets will have descriptive metadata with information for the user on: content and services provided by the widget ~ Developer will provide this metadata info prior to or during widget upload ~ Minimization of privacy-sensitive information exposed through APIs ~ Looking at W3C work on this topic ~ Child protection ~ Password-controlled Parental mode ~ Password-controlled facility for a user-managed list of restricted URIs ~ Password-controlled facility for a user-managed list of restricted content and application types ~ Recommended default restricted-access list

10 Ongoing and Future work ~ Network APIs ~ Endorsement of GSMA OneAPI ~ Operator Billing - most requested API ~ Other APIs include ~ Location ~ Messaging ~ Currently working on making it securely available to long-tail of widget developers ~ Current recommendation: OAuth ~ Native Apps ~ Further solutions for Widget protection ~

11 Q&A Page 11

12 Thank You! WAC 2010

13 Backup slides Page 13

14 WAC general information Board Directors Board Observers Sponsors Operators Associates

15 Why Did We Create WAC? WAC general information Increase the overall market for mobile applications Encouraging open standardized technologies Enabling distribution of mobile applications through multiple channels Encouraging guse of Network APIs

16 Business model WAC general information WAC is a not for profit organisation WAC provides services to it s customers Developers Retail application stores Free and paid for WAC application distribution With optional operator billing Other business models are under development Revenue share set by retail application store Within certain boundaries Developer sets applications price and defines target operators

17 WAC objectives WAC general information To provide a service for developers To get applications to huge marketplace Simplify operator engagement To provide a service to retail application stores Stimulating more and better applications Driving the usage of applications across devices Leverage web technology and enable cross platform applications Scale Stimulate the developer community Support for cross platform technology

18 WAC technology WAC general information Web W b standards t d d Device APIs Security Policy technology Network APIs Extensibility Compliance

19 WAC-recognised identities 1.WAC-assigned individual 2.WAC-verified identity domain identity 3.Extended validation domain identity Developer uses uses cert to this author-sign cert to sign widgets widgets 1. Developer registers w/ 1. Developer WAC w/ proof of identity registers + w/ proof WAC of w/ domain proof of ownership identity 2. WAC assigns a developer ID WAC Developer Portal WAC PublisherID CA 2. WAC performs does *not** domain need to verification perform + id domain checks verification

Risk of apps being ripped-off (1) Classics

20 Risk of apps being ripped-off (1) Classics com/ $2.99 Classics: Jane Austin By Diego Dominguez Ferrera, Ukilabs $2.99 Source: case of the app store ripoff

21 Risk of apps being ripped-off (2) "The guy stole our art, our lines, even our name, and I think it's obvious he's trying to piggy back on our success, riding on top of our stolen assets, " Phill Ryu told Ars. "We feel violated, and we're a little worried this will continue happening as more apps flood the store. " incidents like this make the App Store look a bit like amateur hour Source: case of the app store ripoff

Mobile Devices prioritize User Experience

Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile