June 23, 2008
It is a well know fact that a lot of enteprise IT pros require data encryption for mobile devices. The Windows Mobile operating system has included support for the Data Protection API (DPAPI) since Windows Mobile 2003. And DPAPI forms the basis for Windows Mobile file encryption used with removable storage cards (Windows Mobile 6.0) and main memory (Windows Mobile 6.1).
DPAPI provides easy-to-use functions for encryption and decryption. A number of applications use DPAPI. The thing that makes DPAPI easy to use for developers is that they don’t have to wite all the key generation and key management code that typically goes with any encryption solution. DPAPI uses a master key that is stored in the memory of the device. When an application calls DPAPI, the same master key is used to generate symmetric keys for all encryption and decryption operations. In this way, the application does not have to generate or manage the encryption key used. For a thorough description of DPAPI see the MSDN article covering Windows Data Protection
Of course, this begs the question, “How is the master key protected?” The master key is encrypted itself at the time it is generated. And, it is decrypted at system boot time. It must be decrypted for use during boot in case an encrypted file is loaded during the boot process. The key used to decrypt the master key is derived from a password and used during boot. In Windows Mobile, there are 2 master keys, the “user” master key and the “system” master key. The “system” master key is encrypted using a key derived from the system “password” which is a mixture of system information. The “user” master key is typically derived from a user password.
The “user” master key is considered more secure then the “system” master key because the entropy used to encrypt it includes information only the user knows (i.e., their password). The “system” master key is more flexible though because the system does not need to go get input from the user.
The “user” master key on WM 6.1 is derived from the Windows Mobile device lock PIN or password that is entered by the user during device boot. Therefore, when you enable encryption on a device, the user must configure a PIN/Password, if not already configured.
Note that the encryption of data written to storage cards in Windows Mobile 6.0 and later also uses DPAPI, but with the “system” master key rather then the “user” master key. This is a lot less of an issue for removable storage card encryption then for main memory file encryption. The primary attack on the “system” master key requires access to the system used to create it and typically,the attack on the removable storage card is mounted from a different computer that the lost or stolen removable storage card is inserted into.
btw, the default encryption algorithm used since Windows Mobile 6.0 for DPAPI is AES-128. Prior to Windows Mobile 6.0, DPAPI utilized RC4.
Dave Field, CISSP, MCP
Device Management and Security Architect
Enterprise Mobile, Inc.