Ios Encryption

iOS Encryption

Table of Contents iOS Encryption – iOS 8 ...... 2

Windows Phone (WP) Encryption -1 ...... 4

Windows Phone (WP) Encryption -2 ...... 5

Notices ...... 7

Page 1 of 7 iOS Encryption – iOS 8

iOS Encryption – iOS 8

Added an “always on VPN” feature • When connected to a Wi-Fi network, the VPN is automatically enabled. • Added support for “per-message” S/MIME — Users can sign and encrypt by default or selectively sign / encrypt individual messages. • Activation Lock (Introduced in iOS 7) — Enabled automatically when “Find My iPhone” is turned on — Apple ID and password are required to o Turn off “Find My iPhone” o Erase the device o Reactivate & reuse device — Check Activation Lock Status at https://www.icloud.com/activationlock/

**026 Mark Williams: One of the security features that is available to us on Windows phones is VPN technology. Traditionally, communication devices did not allow for secure communications. It relied on users to say we're going to enable these things as an afterthought. But the users had to know to do that. Well, Apple has said we're going to secure the device for you a little bit. So, the VPN feature within iOS is always on by default. And so, when my phone connects to a Wi-Fi network, when my phone-- when I send emails, for example, that VPN technology is going to protect my communication over that Wi-Fi, over

Page 2 of 7 that wireless network and prevent eavesdropping and modification of my data.

Now, another feature that we have is activation lock. Theft of smartphones has been a booming area of crime over the last couple of years. So, as a matter of fact, we saw a number of different reports on the news where someone's walking down the street. And they get mugged only for their phone because these phones are very expensive devices. And they bring a lot of money on the resale market. And so, in order to dissuade theft of our mobile devices, activation lock is basically the idea that if I lose my phone or if my phone gets stolen, we can have the "Find My iPhone" turned on. And that helps me to find it and possibly recover it if I lose it. But if it is stolen from me, then if prevents other people from activating that phone and being able to use it themselves.

Activation lock is a simple tool to prevent somebody from stealing or utilizing your phone.

Page 3 of 7 Windows Phone (WP) Encryption -1

Windows Phone (WP) Encryption -1

Windows performs device encryption using AES with a 128 bit key using BitLocker technology. Apps and data can be stored on a removable SD card. • Storing apps on removable storage is new with Windows 8.1. • Apps are stored on an encrypted partition by default. • User content (photos and videos) is stored in an unencrypted partition allowing the content to be accessed if the card is in another device.

**027 Windows phone supports encryption. Windows phone uses the BitLocker technology, which uses AES, advanced encryption standard. It uses a hundred and twenty-eight bit key to encrypt the entire Windows phone disk. Not only can I encrypt the internal storage, I also can do some encryption of the removable SD card storage as well.

With Windows 8.1, Microsoft has given us the ability of storing not only data on the SD card, but also apps on the SD card. So, that's a new feature. Apps when they're stored on the SD card, that's what gets encrypted for us. The data itself,

Page 4 of 7 while stored on the SD card, is left in plain text. Again, it needs to be left in plain text so that other apps can use it, and so I can move that data, such as my pictures, from one device to another device by transferring that SD card.

Windows Phone (WP) Encryption -2

TLS/SSL is supported by default. • Provides communication encryption S/MIME is supported by default. • Provides email encryption Supports Information Rights Management • It is currently the only phone that does so by default.

**028 When we use Windows phones, again, like Apple, Microsoft is giving us a lot more security feature and functionality built into it, so VPN technology. And Microsoft has given us the ability to use Secure Socket Layer VPNs, TLS VPNs. They are supported by default. So, again, the users don't have to, as an

Page 5 of 7 afterthought, turn on security. It's automatically happening for us.

Same thing when I send email using my Windows phone. S/MIME, secure S/MIME is enabled by default and supported by default on the S phone.

And then, something that currently Microsoft is the only one doing, it's information rights management has been enabled by default on the Windows phone. Information rights management is the idea of we're going to make sure that copy-written information, data that is protected under various copyright laws, it's going to be secured. And we're going to restrict the transfer and use of that using IRM technologies.

Page 6 of 7 Notices

Notices

© 2015 Carnegie Mellon University This material is distributed by the Software Engineering Institute (SEI) only to course attendees for their own individual study. Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or used in any other manner without requesting formal permission from the Software Engineering Institute at [email protected]. This material was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The U.S. government's rights to use, modify, reproduce, release, perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial Items clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained in the above identified contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce the disclaimers contained on this slide. Although the rights granted by contract do not require course attendance to use this material for U.S. government purposes, the SEI recommends attendance to ensure proper understanding. THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL, MERCHANTABILITY, AND/OR NON-INFRINGEMENT). CERT ® is a registered mark owned by Carnegie Mellon University.

Page 7 of 7