Why Device Lock PIN/Password must be configured with Windows Mobile 6.1 Device Encryption

June 23, 2008

Share on LinkedInShare on Facebookvia@entmobile+1Save on DeliciousDigg Thishttp://www.enterprisemobile.com/blog/Share via email

It is a well know fact that a lot of enteprise IT pros require data encryption for mobile devices.  The Windows Mobile operating system has included support for the Data Protection API (DPAPI) since Windows Mobile 2003.  And DPAPI forms the basis for Windows Mobile file encryption used with removable storage cards (Windows Mobile 6.0) and main memory (Windows Mobile 6.1). 

DPAPI provides easy-to-use functions for encryption and decryption.  A number of applications use DPAPI.  The thing that makes DPAPI easy to use for developers is that they don’t have to wite all the key generation and key management code that typically goes with any encryption solution.  DPAPI uses a master key that is stored in the memory of the device.  When an application calls DPAPI, the same master key is used to generate symmetric keys for all encryption and decryption operations.  In this way, the application does not have to generate or manage the encryption key used.  For a thorough description of DPAPI see the MSDN article covering Windows Data Protection

Of course, this begs the question, “How is the master key protected?” The master key is encrypted itself at the time it is generated.  And, it is decrypted at system boot time.  It must be decrypted for use during boot in case an encrypted file is loaded during the boot process. The key used to decrypt the master key is derived from a password and used during boot.  In Windows Mobile, there are 2 master keys, the “user” master key and the “system” master key.  The “system” master key is encrypted using a key derived from the system “password” which is a mixture of system information.  The “user” master key is typically derived from a user password. 

The “user” master key is considered more secure then the “system” master key because the entropy used to encrypt it includes information only the user knows (i.e., their password).  The “system” master key is more flexible though because the system does not need to go get input from the user.

The “user” master key on WM 6.1 is derived from the Windows Mobile device lock PIN or password that is entered by the user during device boot.  Therefore, when you enable encryption on a device, the user must configure a PIN/Password, if not already configured. 

Note that the encryption of data written to storage cards in Windows Mobile 6.0 and later also uses DPAPI, but with the “system” master key rather then the “user” master key.  This is a lot less of an issue for removable storage card encryption then for main memory file encryption.  The primary attack on the “system” master key requires access to the system used to create it and typically,the attack on the removable storage card is mounted from a different computer that the lost or stolen removable storage card is inserted into.

btw, the default encryption algorithm used since Windows Mobile 6.0 for DPAPI is AES-128.  Prior to Windows Mobile 6.0, DPAPI utilized RC4.

Dave Field, CISSP, MCP
Device Management and Security Architect
Enterprise Mobile, Inc.

7 Responses to “Why Device Lock PIN/Password must be configured with Windows Mobile 6.1 Device Encryption”

  1. derek says:

    Does this mean the you can now encrypt files on the main memory of a PDA running WM6.1 ?

  2. csaintamant says:

    Correct, you can now implement encryption of main memory on WM6.1 devices.

  3. Helmut says:

    For encrypting Mobile 6.1 devices; a LAP (Mirosofts LAP) has to set the logon password to enable the encryption mechanism.

    If you replace the original LAP (after encryptins some file) it is not possible to access the encrypted data any longer.

    Which functionality must my own LAP implement (which OS function must be called) to tell the entered PIN to the system?

    … Helmut

  4. dfield says:

    Hello Helmut,
    The device encryptioin feature in WM 6.1 was built to work only with the built-in PIN/Password LAP. I confirmed this with the Microsoft Windows Mobile Product Group. Support for encryption of the user master key by a custom LAP is unsupported. Sorry about that.

  5. Helmut says:

    Thats very bad because we want to use our own LAP and support the builtin encryption. Even Microsofts support will not “let us know” how to do it.

    But i am quite sure that a LAP has to set the LAP_CAPABILITIES_MASTER_KEY flag on initialisation and handle the following VeryUser in the correct way ….

    If you have any additional information about this, it would be nice you let me know.

    Regards …. Helmut

  6. Bill says:

    In addition to Windows Mobile 6.1, is the PIN used to protect
    the user’s DPAPI key in Windows Mobile 5 and 6 as well?

    There are some worrying posts on MSDN that suggest it isn’t:

    http://social.msdn.microsoft.com/Forums/en-US/netfxcompact/thread/5ce5ed3e-85c0-41f6-b5db-c57b42a9a51b

    Since DPAPI works transparently, there isn’t an easy way for ISVs
    to verify this behavior.

    Can someone from Microsoft confirm how DPAPI works with the PIN
    in these older versions?

    Thanks!

  7. dfield says:

    Hello Bill,
    WinMob 6.1 introduced the ability to encrypt the user master key for DPAPI using the dlock pin/password for entropy. Previous to this release, the master key was encrypted in the same way that the system master key was, with syste entropy. The conventional security wisdom is that this means if someone has the master key encryption algorithm, they could reverse engineer and figure out the encryption key because there is no random data such as data only known to the user injected into the algorithm.

    Hope this helps.

Leave a Reply