Mobile Device Protocol
description
Transcript of Mobile Device Protocol
![Page 1: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/1.jpg)
Mobile Device Protocol
Sunil Vallamkonda11/19/2012
![Page 2: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/2.jpg)
Previous topics
• Security: AAA RADIUS, IPSec etc.• Virtualization• Cloud Technologies
Contact: [email protected]
![Page 3: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/3.jpg)
Discussion
• Introduction• Concepts• Trends• Q&A
Do not cover:• Protocol Specifications• Vendor details• Certificates
![Page 4: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/4.jpg)
Background
• Has existed by vendors: MS update, Sicap• Client-Server based technology.• Application protocol.• Brings features as:
o Updates: remote configuration/provision, backup.oMonitor: license, troubleshoot and diagnose.o Accounting: logging and reportingo Tracking: GPS and bread crumb mapping.
![Page 5: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/5.jpg)
History
![Page 6: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/6.jpg)
Approaches
• Vendor specific: Smart Message text, NOK-ERIC OTA, etc.
• OMA groups: CD, inter-op, DM, etc. • Models: SaaS, On-site, mixed.• BYOD: Hybrid employee/corporate mix.
![Page 7: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/7.jpg)
Vendors• APPLE: APNS• Android: Google: C2DM• Air-watch: ActiveSync• Black berry: Push
Availability:- Specs- APIs- Implementation- Reference deployments
![Page 8: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/8.jpg)
Vendors (contd)
![Page 9: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/9.jpg)
Competition
![Page 10: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/10.jpg)
BYOD
• From recent AT&T survey: “40% of small business employees use smartphones for work and two-thirds use tablets…:
• BYOD survey: (source: Ponemon Institute): 51% of Organizations lose data through mobile devices.
![Page 11: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/11.jpg)
IPCU
![Page 12: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/12.jpg)
Challenges
• Centrally Manage• Security: BYOD identity, access rights, privileges, etc.• Scalability: Apps, Devices, Users.• Complexity: Policies• Vendor Variances: iOS, Android, ActiveSync,
Windows Phone, Black berry etc.• Enterprises: requirements and use case life cycles.• Roles, multi-tenants.• Compliances !
![Page 13: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/13.jpg)
Process
![Page 14: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/14.jpg)
Packet
![Page 15: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/15.jpg)
Check-in
![Page 16: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/16.jpg)
Pkt Trace
![Page 17: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/17.jpg)
Trace (contd)
![Page 18: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/18.jpg)
Push Notification
• Device needs to have match three items in order for a push notification to trigger an MDM response, viz;
• The Device Token (without which the notification will never reach the device), and
• the Push Magic token (without which the MDM client will just discard the notification).
• Finally, the “Subject Name / User ID” field in the push notification certificate used to sign the notification must match the “Topic” field in the MDM profile.
![Page 19: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/19.jpg)
Schema
![Page 20: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/20.jpg)
Device-MDM
![Page 21: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/21.jpg)
Notif (contd)
![Page 22: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/22.jpg)
Command sequence
![Page 23: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/23.jpg)
Commands
First, Device must make persistent connection to APNS Server. Then for every MDM server command:
![Page 24: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/24.jpg)
plist
![Page 25: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/25.jpg)
iOS MDM commands
![Page 26: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/26.jpg)
plist
![Page 27: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/27.jpg)
plist response
![Page 28: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/28.jpg)
Device Lock
![Page 29: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/29.jpg)
iOS security model
![Page 30: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/30.jpg)
iOS Keybag
![Page 31: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/31.jpg)
Example: File key wrapping (iOS)
![Page 32: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/32.jpg)
Sample: Evil Maid attack
![Page 33: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/33.jpg)
Specs
• For PUSH: Apple: gateway.push.apple.com port 2195
• Devices: TCP port 5223• MDM port: defined by MDM profile
![Page 34: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/34.jpg)
MDM limitations• User can terminate MDM relationship.• Multi-user model not supported.• Jailbreak cannot be detected.• Location service not available.• App features very minimal.• Security: command auth optional, accepts any cert with
trusted root, etc.• Malware install attacks: push webclip, etc., DoS Attacks.• Delays and bugs and etc.• MDM profile issues…
![Page 35: Mobile Device Protocol](https://reader036.fdocuments.in/reader036/viewer/2022081515/56816724550346895ddbaebe/html5/thumbnails/35.jpg)
References• http://www.openmobilealliance.org/• http://developer.apple.com/• http://zdnet.com• http://www.interpidusgroup.com/• http://developers.google.com/• http://enterpriseios.com• http://ey.com• http://samsung.com• http://google.com• http://microsoft.com• http://shmoocon.org/