IT tutorials
 
Mobile
 

Windows Phone 7 Advanced Programming Model : Encryption Services

1/5/2013 5:16:40 PM
- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

A mobile device no matter what operating system or platform is inherently insecure. A mobile device is not locked safely in a server room within a secure data center like a web server. A mobile device is easily misplaced or stolen. For just about any computing platform, loss of physical control is loss of security. Therefore, it is important to minimize storing sensitive data on a mobile device.

However, there are scenarios in which it is convenient to store sensitive data on a device. As an example, a user would never use a video player application that requires the user to memorize and enter a long key to unlock DRM'd content. It is a risk management challenge that weighs the benefits and inconvenience provided by any given security solution. This section in the MSDN documentation provides a detailed overview of balancing security with convenience:

http://msdn.microsoft.com/en-us/library/ff402533(v=VS.92).aspx

In the next few sections, I provide an overview of the capabilities available in the Windows Phone 7 platform.

1. Secure Sockets Layer

Many mobile applications transfer data to and from the server-side of a mobile application solution. In cases where sensitive data must be transported always use Secure Sockets Layer (SSL) to protect data in transit. This link lists SSL root certificates that ship on Windows Phone 7:

http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).aspx

Once sensitive data is on the device, use available encryption services on the platform to secure the data. Windows Phone 7 supports the following cryptographic algorithms:

  • AES

  • HMACSHA1

  • HMACSHA256

  • Rfc2898DeriveBytes

  • SHA1

  • SHA256

The next covers how to use these algorithms to securely store data on Windows Phone 7.

2. Securely Encrypting Data

The UI takes some data to encrypt, a password and salt to perform the encryption, and then a couple of TextBlocks to show the encrypted data as well as results from decrypting.

The Application Bar is enabled with four buttons:

  • Encrypt Data

  • Decrypt Data

  • Save to Isolated Storage

  • Load from Isolated Storage

All the UI data fields and event methods have corresponding properties on the MainViewModel class. The encryption operations are actually performed on MainViewModel properties with data binding bringing the results to the UI. Figure 1 shows the UI layout.

Figure 1. EncryptData project UI

The following using statements are added to the MainViewModel class to provide the necessary access for stream-based processing and encryption:

using System.IO;
using System.IO.IsolatedStorage;
using System.Security.Cryptography;
using System.Text;

In addition to the ViewModel data fields backing the UI MainPage.xaml View, four additional methods are added to MainViewModel:

  • EncryptData

  • DecryptData

  • SaveEncryptedDataToIsolatedStorage

  • LoadEncryptedDataFromIsolatedStorage

Each method performs the task described by the method name. These four methods are accessed via the Application Bar buttons in the View as shown in Listing 1.

Example 1. MainPage.Xaml.cs Code File
using System.Windows;
using System.Windows.Controls;
using EncryptingData.ViewModel;
using Microsoft.Phone.Controls;

namespace EncryptingData
{
  public partial class MainPage : PhoneApplicationPage
  {
    MainViewModel vm;
    // Constructor
    public MainPage()
    {
      InitializeComponent();
      vm = this.DataContext as MainViewModel;
    }

    private void EncryptAppBarBtn_Click(object sender, System.EventArgs e)
    {
      vm.EncryptData();
    }

    private void DecryptAppBarBtn_Click(object sender, System.EventArgs e)
    {
      vm.DecryptData();
    }

    private void SaveIsoAppBarBtn_Click(object sender, System.EventArgs e)
    {
      vm.SaveEncryptedDataToIsolatedStorage();
    }

    private void LoadIsoAppBarBtn_Click(object sender, System.EventArgs e)
    {
      vm.LoadEncryptedDataFromIsolatedStorage();
    }

    private void PasswordBox_LostFocus(object sender,
      System.Windows.RoutedEventArgs e)
    {
      if (((PasswordBox)sender).Password.Length < 8)
        MessageBox.Show("Salt Value must be at least eight characters.",

					  

"Minimum Length Error",MessageBoxButton.OK);
    }
  }
}

The four encryption related methods in MainViewModel code are shown in Listing 2.

Example 2. Methods from MainViewModel.cs Code File
public void EncryptData()
{
  using (AesManaged aes = new AesManaged())
  {
    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(Password,
      Encoding.UTF8.GetBytes(SaltValue), 10000);
    aes.Key = rfc2898.GetBytes(32);
    aes.IV = rfc2898.GetBytes(16);
    using (MemoryStream memoryStream = new MemoryStream())
    {
      using (CryptoStream cryptoStream = new CryptoStream(memoryStream,
        aes.CreateEncryptor(), CryptoStreamMode.Write))
      {
        //Encrypt Data with created CryptoStream
        byte[] secret = Encoding.UTF8.GetBytes(DataToEncrypt);
        cryptoStream.Write(secret, 0, secret.Length);
        cryptoStream.FlushFinalBlock();
        aes.Clear();
        //Set values on UI thread
        Deployment.Current.Dispatcher.BeginInvoke(() =>
        {
          EncryptedData = Convert.ToBase64String(memoryStream.ToArray());
        });
      }
    }
  }
}

public void DecryptData()
{
  MemoryStream memoryStream = null;

  using (AesManaged aes = new AesManaged())
  {
    //Generate Key and IV values for decryption
    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(Password, Encoding.UTF8.GetBytes(SaltValue), 10000);
    aes.Key = rfc2898.GetBytes(32);
    aes.IV = rfc2898.GetBytes(16);

    using (memoryStream = new MemoryStream())
    {
      using (CryptoStream cryptoStream =
        new CryptoStream(memoryStream, aes.CreateDecryptor(),
                          CryptoStreamMode.Write))

					  

{
        //Decrypt Data
        byte[] secret = Convert.FromBase64String(EncryptedData);
        cryptoStream.Write(secret, 0, secret.Length);
        cryptoStream.FlushFinalBlock();
        byte[] decryptBytes = memoryStream.ToArray();
        aes.Clear();
        //Update values on UI thread
        Deployment.Current.Dispatcher.BeginInvoke(() =>
        {
          DecryptedData = Encoding.UTF8.GetString(decryptBytes, 0, decryptBytes.Length);
        });
      }
    }
  }
}

public void SaveEncryptedDataToIsolatedStorage()
{
  //Save secret to Application Settings
  if (EncryptedData != "")
  {
    if (IsolatedStorageSettings.ApplicationSettings.Contains(StorageKeyName))
    {
      IsolatedStorageSettings.ApplicationSettings[StorageKeyName] =
        EncryptedData;
    }
    else
    {
      IsolatedStorageSettings.ApplicationSettings.Add(
        StorageKeyName, EncryptedData);
    }
  }
}

public void LoadEncryptedDataFromIsolatedStorage()
{
  //Retrieve secret from Application Settings
  if (IsolatedStorageSettings.ApplicationSettings.Contains(StorageKeyName))
  {
    Deployment.Current.Dispatcher.BeginInvoke(() =>
    {
      EncryptedData =
        IsolatedStorageSettings.ApplicationSettings[StorageKeyName].ToString();
    });
  }
  else
  {
    Deployment.Current.Dispatcher.BeginInvoke(() =>
    {
      EncryptedData = "";
    });
  }
}

					  

The code generates a Key for AES based on the Password and Salt values provided by the user. The Rfc2898DeriveBytes class is used to generate the HMACSHA1 random number (iteration count of 1,000) for the AES Key and IV values. What's handy with implementing encryption via the ViewModel is that it is easily reusable. The MainViewModel class has zero dependencies on UI.

One other item to note is that this section demonstrates the only truly secure means to encrypt data, because it requires a password by the user. This is because the initial release of the Windows Phone Developer Tools does not include access to a secure key store. This is a frequently requested feature by developers so I would bet that it is one of the first features to be added to the next release of the tools.

 
Others
 
- Debugging Android Applications : Eclipse Java Editor (part 5) - Traceview
- Debugging Android Applications : Eclipse Java Editor (part 4) - Android Debug Bridge, Dalvik Debug Monitor Service
- Debugging Android Applications : Eclipse Java Editor (part 3) - Logcat
- Debugging Android Applications : Eclipse Java Editor (part 2) - The Debugger
- Debugging Android Applications : Eclipse Java Editor (part 1) - Java Errors
- iphone Programming : Using Sensors - Using the Digital Compass
- iphone Programming : Using Sensors - The Core Location Framework
- iPhone SDK 3 : SDK and IDE Basics
- Bluetooth on the iPad : Pairing with a Bluetooth Device
- Personalize & Secure Your iPad : How to Secure Your iPad with a Passcode
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS