1 / 35

Mobile Device Protocol

Mobile Device Protocol. Sunil Vallamkonda 11/19/2012. Previous topics. Security: AAA RADIUS, IPSec etc. Virtualization Cloud Technologies Contact: sunil_vall@yahoo.com. Discussion. Introduction Concepts Trends Q&A Do not cover: Protocol Specifications Vendor details Certificates.

jaimie
Download Presentation

Mobile Device Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Device Protocol Sunil Vallamkonda 11/19/2012

  2. Previous topics • Security: AAA RADIUS, IPSec etc. • Virtualization • Cloud Technologies Contact: sunil_vall@yahoo.com

  3. Discussion • Introduction • Concepts • Trends • Q&A Do not cover: • Protocol Specifications • Vendor details • Certificates

  4. Background • Has existed by vendors: MS update, Sicap • Client-Server based technology. • Application protocol. • Brings features as: • Updates: remote configuration/provision, backup. • Monitor: license, troubleshoot and diagnose. • Accounting: logging and reporting • Tracking: GPS and bread crumb mapping.

  5. History

  6. Approaches • Vendor specific: Smart Message text, NOK-ERIC OTA, etc. • OMA groups: CD, inter-op, DM, etc. • Models: SaaS, On-site, mixed. • BYOD: Hybrid employee/corporate mix.

  7. Vendors • APPLE: APNS • Android: Google: C2DM • Air-watch: ActiveSync • Black berry: Push Availability: • Specs • APIs • Implementation • Reference deployments

  8. Vendors (contd)

  9. Competition

  10. BYOD • From recent AT&T survey: “40% of small business employees use smartphones for work and two-thirds use tablets…: • BYOD survey: (source: Ponemon Institute): 51% of Organizations lose data through mobile devices.

  11. IPCU

  12. Challenges • Centrally Manage • Security: BYOD identity, access rights, privileges, etc. • Scalability: Apps, Devices, Users. • Complexity: Policies • Vendor Variances: iOS, Android, ActiveSync, Windows Phone, Black berry etc. • Enterprises: requirements and use case life cycles. • Roles, multi-tenants. • Compliances !

  13. Process

  14. Packet

  15. Check-in

  16. Pkt Trace

  17. Trace (contd)

  18. Push Notification • Device needs to have match three items in order for a push notification to trigger an MDM response, viz; • The Device Token (without which the notification will never reach the device), and • the Push Magic token (without which the MDM client will just discard the notification). • Finally, the “Subject Name / User ID” field in the push notification certificate used to sign the notification must match the “Topic” field in the MDM profile.

  19. Schema

  20. Device-MDM

  21. Notif (contd)

  22. Command sequence

  23. Commands First, Device must make persistent connection to APNS Server. Then for every MDM server command:

  24. plist

  25. iOS MDM commands

  26. plist

  27. plist response

  28. Device Lock

  29. iOS security model

  30. iOSKeybag

  31. Example: File key wrapping (iOS)

  32. Sample: Evil Maid attack

  33. Specs • For PUSH: Apple: gateway.push.apple.com port 2195 • Devices: TCP port 5223 • MDM port: defined by MDM profile

  34. MDM limitations • User can terminate MDM relationship. • Multi-user model not supported. • Jailbreak cannot be detected. • Location service not available. • App features very minimal. • Security: command auth optional, accepts any cert with trusted root, etc. • Malware install attacks: push webclip, etc., DoS Attacks. • Delays and bugs and etc. • MDM profile issues…

  35. References • http://www.openmobilealliance.org/ • http://developer.apple.com/ • http://zdnet.com • http://www.interpidusgroup.com/ • http://developers.google.com/ • http://enterpriseios.com • http://ey.com • http://samsung.com • http://google.com • http://microsoft.com • http://shmoocon.org/

More Related