User:Muneerp
'Comparing Security Specifications Between Iphone, Android and Windows Phone 8 (WP8) '
By Muneer Al Qalaloeh
1. Introduction Since mobile phone invention in 1973 it never happened that the competitions between phone mobile companies reached the level like what happened in this past few years. In the last 15 years new operating systems of mobile came and other vanished. We saw some companies allied together other disengaged and other companies disappear from mobile market. If we analyze the mobile market we will see that there are three factor control the value of each mobile and its operating system, and they are: Mobile Security, how its Manufacture and the Applications which available from the mobile company or third party developers. In this paper I will discuss the mobile security and I will touch three aspects of mobile security and they are: File System, Encryption and Communication and Network Security.
2. Files System
2.1 Widows Phone 8 (WP8) Windows Phone 8 supports NTFS (new technology file system )file system . windows first used NTFS in windows NT 3.1 in 1993 and then it commonly used after windows XP when most storage device exceed 32 Gbyte. It is better than FAT in security but it takes more space and it deals with large files (>64 Kbyte)
NTFS has several technical improvements over FAT and HPFS (High Performance File System), such as improved support for metadata, and the use of advanced data structures to improve performance, reliability, and disk space utilization, plus additional extensions, such as security access control lists (ACL) and file system journaling
2.2 Android Since Android 2.3 Gingerbread android was started using EXT4 (fourth extended file system) and android meet Linux . EXT4 developed between 2003-2006. Android use the ext4 file system third-party application developers. The ext4 file system can support volumes with sizes up to 1 Exabyte (EB=1018 byte) and files with sizes up to 16 Terabytes (TB=1012). Extents replace the traditional block mapping scheme used by ext2 and ext3. An extent is a range of contiguous physical blocks, improving large file performance and reducing fragmentation. A single extent in ext4 can map up to 128 MB of contiguous space with a 4 KB block size. Before that most Android devices out there are using YAFFS (Yet Another Flash File System), which is a file system specifically designed for flash storage. Its problem is that it’s single-threaded – that is, it won’t see a performance boost on those rumored dual-core droids that so often grace our news section lately.
2.3 Iphone In Iphone It's HFSX. (Hierarchical File System extended). HFS+ was introduced with the January 19, 1998 release of Mac OS 8.1 HFS Plus permits filenames up to 255 UTF-16 characters in length, and n-forked files similar to NTFS, though until recently, almost no systems software takes advantage of forks other than the data fork and resource fork. HFS Plus also uses a full 32-bit allocation mapping table, rather than HFS’s 16 bits. This was a serious limitation of HFS, meaning that no disk could support more than 65,536 allocation blocks under HFS. When disks were small, this was of little consequence, but as larger-capacity drives became available, it meant that the smallest amount of space that any file could occupy (a single allocation block) became excessively large, wasting significant amounts of space.
2.4 File System Conclusion The newest version of file system is ext4 between 2003 – 2006 for android then HFSX iphone 1998 and then NTFS WP8 1993. All of them deal with large block the most block size taken by HFSX 64 kbyte, NTFS 64 kbyte then ext4 4 kbyte. Most phones use small file size and small partition size (< 64 Gbyte). Due to the above ext4 android become first then HFSX Iphone and the last NTFS windows 8 then (Windows phone 8 became the last because it is also the oldest one)
3. Encryption3.1 WP8 WP8 use BitLocker encryption. BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista, Windows 7, and with Pro and Enterprise editions of Windows 8 desktop operating systems, as well as the server platforms, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption-specific security not provided by AES. Also, if configured, bitlocker is able to encrypt using a 256 bit key. There is no file encryption for memory card but it can be encrypted through third party application. 3.2 Android The default android device encryption in 4.0.4 ICS (ice cream sandwich 4) (AES-CBC 128Bit)( Advanced Encryption Standard- Cipher Block Chaining) AES with 128-bit keys provides adequate protection for classified information up to the SECRET level. Similarly, ECDH and ECDSA using the 256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-256 provide adequate protection for classified information up to the SECRET level. Until the conclusion of the transition period defined in CNSSP-15, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level.
AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384 are required to protect classified information at the TOP SECRET level. Since some products approved to protect classified information up to the TOP SECRET level will only contain algorithms with these parameters, algorithm interoperability between various products can only be guaranteed by having these parameters as options.
The Cipher Block Chaining (CBC) mode has been approved for use in IKE and IKEv2 as well as IEEE 802.11. NIST Special Publication 800-38A, Recommendations for Block Cipher Modes of Operation - Methods and Techniques, contains an application independent description of CBC. RFC 3602 and RFC 6379 describe the use of CBC with IPsec. As WP8 there is no file encryption for memory card but it can be encrypted through third party application.
3.3 Iphone
Every iOS device has a dedicated AES 256-bit crypto engine built in that is used to encrypt all data on the device at all times
Symmetric Key Encryption and Digest generation is handled by the CommonCrypto API set. The CryptoExercise sample brings both of these APIs together through a network service, discoverable via Bonjour, that performs a "dummy" cryptographic protocol between devices found on the same subnet.
Application developers have access to encryption APIs that they can use to further protect their data. It can be symmetrically encrypted using proven methods such as AES, RC4(Rivest Cipher 4), or 3DES(Triple Data Encryption Standard).
As WP8 and android there is no file encryption for memory card but it can be encrypted through third party application.
3.4 Conclusion Of Encryption All phones (WP8 , Android and Iphone ) use the same basic encryption method AES 128 and 256 bit, and all have no option to encrypt internal memory card unless there is third party encryption. So all the phones are equal in encryption.
4. Communications and Network Security 4.1 WP8 In wp8 .the .following wireless communications are available • Wi-Fi Direct: it is available but files transfer over is not available. • Bluetooth: it is available for files and devices • NFC (near-field communication): Direct file transfer is available. There’s no menu to open, application to launch, or pairing needed. Just touch one phone to another, and then tap to send. • SSH Secure Shell (SSH): It is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2. It is available in WP8 but through third party • VPN Virtual Private Networks : it is often used within organizations to allow you to communicate private information securely over a public network. It is not available for WP8 • OpenVPN not available in WP8 • Connection with Microsoft: Microsoft can’t access files in WP8.
4.2 Android In Android .the .following wireless communications are available • Wi-Fi Direct : Android us Wi-Fi Direct to print on-the-go, share data, sync files and more with two compatible Wi-Fi direct devices. • Bluetooth : It is available for both files and devices .Android 4.0 also introduces built-in support for connecting to Bluetooth Health Device Profile (HDP) devices. With support from third-party apps, users can connect to wireless medical devices and sensors in hospitals, fitness centers, homes, and elsewhere. • NFC : Direct file transfer over through NFC is also available in Android. • SSH : Its available in Android • VPN: The Android platform has an outstanding built-in VPN connection tool that allows you to connect to PPTP VPNS, L2TP VPNs, L2TP/IPSec PSK VPNs, and L2TP/IPSec CRT VPNs • OpenVPN: its available in Android but with third party • Connection with Google: Google can’t access files in any Android phones
4.3 Iphone In Iphone .the .following wireless communications are available • Wi-Fi Direct: it is available but files transfer over is not available. • Bluetooth : Its available for devices, but for files transfer its available just through third application party like (iBluetooth). • NFC: No Direct file transfer over. • SSH: Like Android it is also available in Iphone. • VPN: VPN in Iphone let you access your work email on iOS devices. VPN works over both Wi-Fi and cellular data network connections • OpenVPN: like WP8 its not available in Iphone. • Connection with Apple: Data stored on iCloud is accessible by Apple
4.4 Conclusion Communications And Network Security
The main vulnerabilities in communication is Bluetooth and Wi-Fi. So in this type of communication Iphone is first then WP8 and then Android, but I will put WP8 in the first because Bluetooth available in Iphone through third party application. Android will be the last because it let numerous of devices to connect with Android devices in different types of communications. NFC is secure file transfer its available in WP8 and Android but not in Iphone. SSH is essential in Iphone and Android but in WP8 its available through third party. VPN is not available in WP8 but available in Iphone and Android where OpenVPN is just available in Android. So Over all in Communication and network security WP8 come first Iphone second and Android third (Android is the last because of Bluetooth, Wi-fi files transfer and OpenVPN) .
5. Overall Conclusion All three Phones have advantage and disadvantages in security. In Encryption they are equal and in file systems there are a few of difference between them. The main aspect that makes the biggest difference is in Communication and network security. We saw in Android very welcomed operating systems, it gives users a lot of options to communicate with other devices or sent files or share resources. But This specifications for android may increase the risks of intrusions. Android should increase the security to control the wide options of connecting other devices and files transfer. In the other hand Iphone has limit options in transfer files or communicate with other devices even NFC and Bluetooth are not allowed for files transfer in Iphone. So how Iphone share files with other devices!. And even Iphone doesn’t have Bluetooth transfer files, other application can let Iphone share files with protocols from their own, like iBluetooth or Celeste. Also Apple can access data inside user phone if they are in icloud area. So Iphone limit the access of its phone through other devices this improve the security, but users need more flexible device communication. Iphone should create very safe mean to transfer files between devices.
Microsoft is new in Phone OS but WP8 reached the highest criteria of mobile OS. It balanced between the Communications ability of the phone and the security risks. The main disadvantage of WP8 is file system, Microsoft still use NTFS. Microsoft should develop a new file system for mobiles .
If the security of the phone OS is the main issue of succeeding any phone product, then WP8 will gain more success, Android will disappear and Iphone will suffer to survive.
References
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]
- ^ [1] fhttp://en.wikipedia.org/wiki/Windows_Phone_8
- ^ [2] http://en.wikipedia.org/wiki/NTFS
- ^ [3] http://en.wikipedia.org/wiki/Wikipedia:Please_clarify
- ^ [4] http://support.apple.com/kb/ht1424
- ^ [5] http://developer.android.com/about/versions/android-4.0-highlights.html
- ^ [6] http://www.techrepublic.com/blog/smartphones/connect-to-a-pptp-vpn-from-your-android-phone/2145
- ^ [7] http://arstechnica.com/information-technology/2010/12/ext4-filesystem-hits-android-no-need-to-fear-data-loss/
- ^ [8] http://blog.gsmarena.com/android-2-3-gingerbread-uses-ext4-file-system-promises-better-dual-core-performance/
- ^ [9] http://en.wikipedia.org/wiki/Ext4
- ^ [10] http://en.wikipedia.org/wiki/HFS_Plus
- ^ [11] http://en.wikipedia.org/wiki/Windows_Phon8
- ^ [12] http://blogs.tieto.com/enterprisemobility/2012/07/17/windows-phone-8-security-deep-dive/
- ^ [13] http://security.stackexchange.com/questions/28998/android-device-encryptionhttp://www.nsa.gov/ia/programs/suiteb_cryptography/
- ^ [14] http://www.apple.com/iphone/business/it-center/security.html
- ^ 15] http://stackoverflow.com/questions/6276595/about-commoncrypto-on-iphone-sdk-can-it-generate-rsa-keys-and-encryt-decrypt
- ^ [16] http://www.getceleste.com/