350 likes | 481 Views
Mobile Device Protocol. Sunil Vallamkonda 11/19/2012. Previous topics. Security: AAA RADIUS, IPSec etc. Virtualization Cloud Technologies Contact: sunil_vall@yahoo.com. Discussion. Introduction Concepts Trends Q&A Do not cover: Protocol Specifications Vendor details Certificates.
E N D
Mobile Device Protocol Sunil Vallamkonda 11/19/2012
Previous topics • Security: AAA RADIUS, IPSec etc. • Virtualization • Cloud Technologies Contact: sunil_vall@yahoo.com
Discussion • Introduction • Concepts • Trends • Q&A Do not cover: • Protocol Specifications • Vendor details • Certificates
Background • Has existed by vendors: MS update, Sicap • Client-Server based technology. • Application protocol. • Brings features as: • Updates: remote configuration/provision, backup. • Monitor: license, troubleshoot and diagnose. • Accounting: logging and reporting • Tracking: GPS and bread crumb mapping.
Approaches • Vendor specific: Smart Message text, NOK-ERIC OTA, etc. • OMA groups: CD, inter-op, DM, etc. • Models: SaaS, On-site, mixed. • BYOD: Hybrid employee/corporate mix.
Vendors • APPLE: APNS • Android: Google: C2DM • Air-watch: ActiveSync • Black berry: Push Availability: • Specs • APIs • Implementation • Reference deployments
BYOD • From recent AT&T survey: “40% of small business employees use smartphones for work and two-thirds use tablets…: • BYOD survey: (source: Ponemon Institute): 51% of Organizations lose data through mobile devices.
Challenges • Centrally Manage • Security: BYOD identity, access rights, privileges, etc. • Scalability: Apps, Devices, Users. • Complexity: Policies • Vendor Variances: iOS, Android, ActiveSync, Windows Phone, Black berry etc. • Enterprises: requirements and use case life cycles. • Roles, multi-tenants. • Compliances !
Push Notification • Device needs to have match three items in order for a push notification to trigger an MDM response, viz; • The Device Token (without which the notification will never reach the device), and • the Push Magic token (without which the MDM client will just discard the notification). • Finally, the “Subject Name / User ID” field in the push notification certificate used to sign the notification must match the “Topic” field in the MDM profile.
Commands First, Device must make persistent connection to APNS Server. Then for every MDM server command:
Specs • For PUSH: Apple: gateway.push.apple.com port 2195 • Devices: TCP port 5223 • MDM port: defined by MDM profile
MDM limitations • User can terminate MDM relationship. • Multi-user model not supported. • Jailbreak cannot be detected. • Location service not available. • App features very minimal. • Security: command auth optional, accepts any cert with trusted root, etc. • Malware install attacks: push webclip, etc., DoS Attacks. • Delays and bugs and etc. • MDM profile issues…
References • http://www.openmobilealliance.org/ • http://developer.apple.com/ • http://zdnet.com • http://www.interpidusgroup.com/ • http://developers.google.com/ • http://enterpriseios.com • http://ey.com • http://samsung.com • http://google.com • http://microsoft.com • http://shmoocon.org/