Version | Date | Comment |
---|---|---|
1.0 | 2013-10-21 | Initial Release |
1.1 | 2014-01-12 | Typographical changes and additional clarifications in application notes. Removed assignment from FCS_TLS_EXT.1 and limited testing to those ciphersuites in both FCS_TLS_EXT.1 and FCS_TLS_EXT.2. |
2.0 | 2015-09-14 |
Included changes based on Technical Rapid Response Team Decisions. Clarified many requirements and assurance activities. Mandated objective requirements:
Included hardware-isolated REK and key storage selections. Allowed key derivation by REK. Clarified FTP_ITC_EXT.1 and added FDP_UPC_EXT.1. Mandated HTTPS and TLS for application use. (FDP_UPC_EXT.1) Removed Dual_EC_DRBG as an approved DRBG. Adopted new TLS requirements. Mandated TSF Wipe upon authentication failure limit and required number of authentication failures be maintained across reboot. Clarified Management Class. Included more domain isolation discussion and tests. Updated Audit requirements and added Auditable Events table. Added SFR Category Mapping Table. Updated Use Case Templates. Moved Glossary to Introduction. |
3.0 | 2015-09-17 | Included changes based on Technical Rapid Response Team Decisions. Clarified many requirements and assurance activities. Mandated objective requirements:
Added SFRs to support BYOD Use Case BYOD Use Case Updated key destruction SFR |
3.1 | 2017-04-05 | Included changes based on Technical Rapid Response Team Decisions and incorporated Technical Decisions. Modified biometric requirements:
FCS_STG_EXT.2.2 - Modified to require long term trusted channel key material be encrypted by an approved method. FIA_UAU_EXT.1.1 - Modified to allow the long term trusted channel key material to be available prior to password being entered at start-up. |
1. Introduction
1.2. Scope of Document
1.3. Intended Readership
1.4. Glossary
1.5. TOE Overview
1.6. TOE Usage
3. Security Problem Definition
3.1. Threats
3.2. Assumptions
3.3. Organizational Security Policy
4.1. Security Objectives for the TOE
4.2. Security Objectives for the Operational Environment
4.3. Security Objectives Rationale
5.1. Security Fundamental Requirements
5.1.1. Class: Security Audit (FAU)
5.1.2. Class: Cryptographic Support (FCS)
5.1.3. Class: User Data Protection (FDP)
5.1.4. Class: Identification and Authentication (FIA)
5.1.5. Class: Security Management (FMT)
5.1.6. Class: Protection of the TSF (FPT)
5.1.7. Class: TOE Access (FTA)
5.1.8. Class: Trusted Path/Channels (FTP)
5.2. Security Assurance Requirements
5.2.1. Class ASE: Security Target
5.2.2. Class ADV: Development
5.2.3. Class AGD: Guidance Documentation
5.2.4. Class ALC: Life-cycle Support
5.2.5. Class ATE: Tests
5.2.6. Class AVA: Vulnerability Assessment
Appendix A: Optional Requirements
Appendix B: Selection-Based Requirements
Appendix C: Objective Requirements
Appendix D: Entropy Documentation And Assessment
Appendix E: Acronyms
Appendix F: Use Case Templates
Appendix G: Initialization Vector Requirements for NIST-Approved Cipher Modes
Appendix H: Biometric Derivation and Examples
Appendix I: References
Appendix J: Acknowledgements
Adaptive (template) | Authentication templates that evolve with each sample that is verified and introduced into the biometrics database or gallery. |
Address Space Layout Randomization (ASLR) | An anti-exploitation feature, which loads memory mappings into unpredictable locations. ASLR makes it more difficult for an attacker to redirect control to code that they have introduced into the address space of a process or the kernel. |
Administrator | The Administrator is responsible for management activities, including setting the policy that is applied by the enterprise on the Mobile Device. This administrator is likely to be acting remotely and could be the Mobile Device Management (MDM) Administrator acting through an MDM Agent. If the device is unenrolled, the user is the administrator. |
Assurance | Grounds for confidence that a TOE meets the SFRs [CC]. |
Authentication Template | A digital representation of an individual’s distinct characteristics, representing information extracted from a biometric sample. Such templates are used during biometric authentication and verification as the basis for comparison. Unlike enrollment templates, these templates can be adaptive. |
Auxiliary Boot Modes | Auxiliary boot modes are states in which the device provides power to one or more components to provide an interface that enables an unauthenticated user to interact with either a specific component or several components that exist outside of the device’s fully authenticated, operational state. |
Biometric Authentication Factor (BAF) | Authentication factor, which uses biometric sample, matched to a biometric authentication template to help establish identity. |
Biometric Data | Digital data created during a biometric process. It encompasses raw sensor observations, biometric samples, models, templates, and/or similarity scores, among other data. This data is used to describe the information collected during an enrollment, verification, or identification process, but does not apply to end user information such as user name, password (unless tied to the biometric modality), demographic information, and authorizations. |
Biometric Sample | Information or computer data obtained from a biometric sensor device or captured from an individual to the sensor. |
Biometric System | Multiple individual components (such as sensor, matching algorithm, and result delay) that combine to make a fully operational system. A biometric system is automated and capable of:
|
Common Criteria (CC) | Common Criteria for Information Technology Security Evaluation. |
Common Application Developer | Application developers (or software companies) often produce many applications under the same name. Mobile devices often allow shared resources by such applications where otherwise resources would not be shared. |
Critical Security Parameter (CSP) | Security-related information whose disclosure or modification can compromise the security of a cryptographic module and/or authentication system. |
Data | Program/application or data files that are stored or transmitted by a server or Mobile Device (MD). |
Data Encryption Key (DEK) | A key used to encrypt data-at-rest. |
Developer Modes | Developer modes are states in which additional services are available to a user in order to provide enhanced system access for debugging of software. |
Encrypted Software Keys | These keys are stored in the main file system encrypted by another key and can be changed and sanitized. |
Enrolled state | The state in which the Mobile Device is managed with active policy settings from the administrator. |
Enrollment (Biometrics) | The process of collecting a biometric sample from an end user, converting it into an enrollment and/or authentication template, and storing it in the biometric system’s database. If an enrollment template is generated, it is used during the enrollment process for later comparison to other enrollment templates already stored. If there are multiple enrollment templates, they may be fused, averaged, or otherwise, in order to create authentication templates, which are used for later comparison in verification. |
Enrollment Template | A digital representation of an individual’s distinct characteristics, representing information extracted from a biometric sample. Such templates are generated during the enrollment process and utilized in various ways (including averaging, fusion, etc.) in order to generate an authentication template. |
Enterprise Applications | Applications that are provided and managed by the enterprise. |
Enterprise Data | Enterprise data is any data residing in the enterprise servers, or temporarily stored on Mobile Devices to which the Mobile Device user is allowed access according to security policy defined by the enterprise and implemented by the administrator. |
Ephemeral Keys | These keys are stored in volatile memory. |
False Accept Rate (FAR) | A statistic used to measure biometric performance when operating in verification, defined as the percentage of times a system produces a false accept, which occurs when an individual is incorrectly matched to another individual’s existing biometric. For example, Mallory claims to be Alice and the system verifies the claim. |
False Reject Rate (FRR)FRR | A statistic used to measure biometric performance in verification, defined as the percentage of times the system produces a false reject. A false reject occurs when an individual is not matched to his or her own existing biometric template. For example, John claims to be John, but the system incorrectly denies the claim. |
(Biometric) Feature(s) | Distinctive mathematical characteristic(s) derived from a biometric sample, used to generate enrollment or authentication templates. |
File Encryption Key (FEK) | A DEK used to encrypt a file or a directory when File Encryption is used. FEKs are unique to each encrypted file or directory. |
Hardware-Isolated Keys | The Rich OS can only access these keys by reference, if at all, during runtime. |
Hybrid Authentication | A hybrid authentication factor is one where a user has to submit a combination of biometric sample and PIN or password with both to pass and without the user being made aware of which factor failed, if either fails. |
Immutable Hardware Key | These keys are stored as hardware-protected raw key and cannot be changed or sanitized. |
Key Chaining | The method of using multiple layers of encryption keys to protect data. A top layer key encrypts a lower layer key, which encrypts the data; this method can have any number of layers. |
Key Encryption Key (KEK) | A key used to encrypt other keys, such as DEKs or storage that contains keys. |
Liveness Detection | A technique used to ensure that the biometric sample submitted is from an end user. A liveness detection method can help protect the system against some types of spoofing attacks. |
Locked State | Powered on but most functionality is unavailable for use. User authentication is required to access functionality. |
Mobile Device (MD) | A device which is composed of a hardware platform and its system software. The device typically provides wireless connectivity and may include software for functions like secure messaging, email, web, VPN connection, and VoIP (Voice over IP), for access to the protected enterprise network, enterprise data and applications, and for communicating to other Mobile Devices. |
Mobile Device Management (MDM) | Mobile device management (MDM) products allow enterprises to apply security policies to mobile devices. This system consists of two primary components: the MDM Server and the MDM Agent. |
MDM Agent | The MDM Agent is installed on a Mobile Device as an application or is part of the Mobile Device’s OS. The MDM Agent establishes a secure connection back to the MDM Server controlled by the administrator. |
Minutia Point | Friction ridge characteristics that are used to individualize a fingerprint image. Minutia are the points where friction ridges begin, terminate, or split into two or more ridges. In many fingerprint systems, the minutia points are compared for recognition purposes. |
Mobile Device User (User) | The individual authorized to physically control and operate the Mobile Device. Depending on the use case, this can be the device owner or an individual authorized by the device owner. |
(Biometric) Modality | A type or class of biometric system, such as fingerprint recognition, facial recognition, iris recognition, voice recognition, signature/sign, and others. |
Mutable Hardware Key | These keys are stored as hardware-protected raw key and can be changed or sanitized. |
NIST Fingerprint Image Quality (NFIQ) | A machine-learning algorithm that reflects the predictive positive or negative contribution of an individual sample to the overall performance of a fingerprint matching system.
NFIQ 1.0 scores are calculated on a scale from 1 to 5, where NFIQ = 1 indicates high quality samples and NFIQ = 5 indicates poor quality samples [NFIQ 1.0]. NFIQ 2.0 scores are calculated on a scale from 0 to 100, where NFIQ = 0 indicates poor quality samples and NFIQ = 100 indicates high quality samples [NFIQ 2.0]. |
Operating System (OS) | Software, which runs at the highest, privilege level and can directly control hardware resources. Modern Mobile Devices typically have at least two primary operating systems: one, which runs on the cellular baseband processor and one, which runs on the application processor. The OS of the application processor handles most user interaction and provides the execution environment for apps. The OS of the cellular baseband processor handles communications with the cellular network and may control other peripherals. The term OS, without context, may be assumed to refer to the OS of the application processor. |
Password Authentication Factor | A type of authentication factor requiring the user to provide a secret set of characters to gain access. |
PIN | A PIN factor is a set of numeric or alphabetic characters that may be used in addition to a biometric factor to provide a hybrid authentication factor. At this time it is not considered as a standalone authentication mechanism. |
Presentation Attack Detection (PAD) | A technique used to ensure that the biometric sample submitted is from an end user. A presentation attack detection method can help protect the system against some types of spoofing attacks. |
Powered Off State | The device has been shut down such that no TOE function can be performed. |
Protection Profile (PP) | An implementation-independent set of security requirements for a category of products. |
Protected Data | Protected data is all non-TSF data, including all user or enterprise data. Protected data includes all keys in software-based secure key storage. Some or all of this data may be considered sensitive data as well. |
Rich Operating System (Rich OS) | This term is a synonym used to refer to the primary operating system of the application processor defined above under “Operating System (OS)”. This term is used to distinguish the primary operating system from an operating system executing in a smaller, isolated execution environment that may be present on the processor. |
Root Encryption Key (REK) | A key tied to the device used to encrypt other keys. |
Security Assurance Requirement (SAR) | A requirement to assure the security of the TOE. |
Sensitive data | Sensitive data shall be identified in the TSS section of the Security Target (ST) by the ST author. Sensitive data is a subset or all of the Protected data. Sensitive data may include all user or enterprise data or may be specific application data such as emails, messaging, documents, calendar items, and contacts. Sensitive data is protected while in the locked state (FDP_DAR_EXT.2). Sensitive data must minimally include some or all keys in software-based key storage. |
Security Functional Requirement (SFR) | A requirement for security enforcement by the TOE. |
Software Keys | The Rich OS access the raw bytes of these keys during runtime. |
Security Target (ST) | A set of implementation-dependent security requirements for a specific product. |
Target of Evaluation (TOE) | A set of software, firmware, and/or hardware possibly accompanied by guidance. [CC] |
(Biometric) Template | A digital representation of an individual’s distinct characteristics, representing information extracted from a biometric sample. This PP further defines enrollment templates and authentication templates. |
Threshold | A user setting for biometric systems operating in verification. Thresholds are also used in enrollment if enrollment templates are created and compared to each other. The acceptance or rejection of biometric data in verification is dependent on the match score falling above or below the threshold. The threshold is adjustable so that the biometric system can be more or less strict, depending on the requirements of any given biometric application. |
TOE Security Functionality (TSF) | A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the SFRs. [CC] |
TOE Summary Specification (TSS) | A description of how a TOE satisfies the SFRs in a ST. |
Trust Anchor Database | A list of trusted root Certificate Authority certificates. |
TSF Data | Data for the operation of the TSF upon which the enforcement of the requirements relies. |
Unenrolled state | The state in which the Mobile Device is not managed. |
Unlocked State | Powered on and device functionality is available for use. Implies user authentication has occurred (when so configured). |
Verification (Biometrics) | A task where the biometric system attempts to confirm an individual’s claimed identity by comparing a submitted sample to one or more previously enrolled authentication templates. |
Threat, Assumption, or OSP | Security Objectives | Rationale |
T.EAVESDROP | O.COMMS, O.CONFIG, O.AUTH | The threat T.EAVESDROP is countered by O.COMMS as this provides the capability to communicate using one (or more) standard protocols as a means to maintain the confidentiality of data that are transmitted outside of the TOE.The threat T.EAVESDROP is countered by O.CONFIG as this provides a secure configuration of the mobile device to protect data that it processes.The threat T.EAVESDROP is countered by O.AUTH as this provides authentication of the endpoints of a trusted communication path. |
T.NETWORK | O.COMMS, O.CONFIG, O.AUTH | The threat T.NETWORK is countered by O.COMMS as this provides the capability to communicate using one (or more) standard protocols as a means to maintain the confidentiality of data that are transmitted outside of the TOE.The threat T.NETWORK is countered by O.CONFIG as this provides a secure configuration of the mobile device to protect data that it processes.The threat T.NETWORK is countered by O.AUTH as this provides authentication of the endpoints of a trusted communication path. |
T.PHYSICAL | O.STORAGE, O.AUTH | The threat T.PHYSICAL is countered by O.STORAGE as this provides the capability to encrypt all user and enterprise data and authentication keys to ensure the confidentiality of data that it stores.The threat T.PHYSICAL is countered by O.AUTH as this provides the capability to authenticate the user prior to accessing protected functionality and data. |
T.FLAWAPP | O.COMMS, O.CONFIG, O.AUTH, O.INTEGRITY, O.PRIVACY | The threat T.FLAWAPP is countered by O.COMMS as this provides the capability to communicate using one (or more) standard protocols as a means to maintain the confidentiality of data that are transmitted outside of the TOE.The threat T.FLAWAPP is countered by O.CONFIG as this provides the capability to configure and apply security policies to ensure the Mobile Device can protect user and enterprise data that it may store or process.The threat T.FLAWAPP is countered by O.AUTH as this provides the capability to authenticate the user and endpoints of a trusted path to ensure they are communicating with an authorized entity with appropriate privileges.The threat T.FLAWAPP is countered by O.INTEGRITY as this provides the capability to perform self-tests to ensure the integrity of critical functionality, software/firmware and data has been maintained.The threat T.FLAWAPP is countered by O.PRIVACY as this provides separation and privacy between user activities. |
T.PERSISTENT | O.INTEGRITY, O.PRIVACY | The threat T.PERSISTENT is countered by O.INTEGRITY as this provides the capability to perform self-tests to ensure the integrity of critical functionality, software/firmware and data has been maintained.The threat T.PERSISTENT is countered by O.PRIVACY as this provides separation and privacy between user activities. |
A.CONFIG | OE.CONFIG | The operational environment objective OE.CONFIG is realized through A.CONFIG. |
A.NOTIFY | OE.NOTIFY | The operational environment objective OE.NOTIFY is realized through A.NOTIFY. |
A.PRECAUTION | OE.PRECAUTION | The operational environment objective OE.PRECAUTION is realized through A.PRECAUTION. |
Requirement | Auditable Events | Additional Audit Record Contents |
FAU_GEN.1 | None. | |
FAU_STG.1 | None. | |
FAU_STG.4 | None. | |
FCS_CKM_EXT.1 | [selection: generation of a REK, None]. | No additional information. |
FCS_CKM_EXT.2 | None. | |
FCS_CKM_EXT.3 | None. | |
FCS_CKM_EXT.4 | None. | |
FCS_CKM_EXT.5 | [selection: Failure of the wipe, None]. | No additional information. |
FCS_CKM_EXT.6 | None. | |
FCS_CKM.1 | [selection: Failure of key generation activity for authentication keys, None]. | No additional information. |
FCS_CKM.2(*) | None. | |
FCS_COP.1(*) | None. | |
FCS_IV_EXT.1 | None. | |
FCS_SRV_EXT.1 | None. | |
FCS_STG_EXT.1 | Import or destruction of key. | Identity of key. Role and identity of requestor. |
[selection: Exceptions to use and destruction rules, No other events] | ||
FCS_STG_EXT.2 | None. | |
FCS_STG_EXT.3 | Failure to verify integrity of stored key. | Identity of key being verified. |
FDP_DAR_EXT.1 | [selection: Failure to encrypt/decrypt data, None]. | No additional information. |
FDP_DAR_EXT.2 | Failure to encrypt/decrypt data. | No additional information. |
FDP_IFC_EXT.1 | None. | |
FDP_STG_EXT.1 | Addition or removal of certificate from Trust Anchor Database. | Subject name of certificate. |
FIA_PMG_EXT.1 | None. | |
FIA_TRT_EXT.1 | None. | |
FIA_UAU_EXT.1 | None. | |
FIA_UAU.5 | None. | |
FIA_UAU.7 | None. | |
FIA_X509_EXT.1 | Failure to validate X.509v3 certificate. | Reason for failure of validation. |
FMT_MOF_EXT.1 | None. | |
FPT_AEX_EXT.1 | None. | |
FPT_AEX_EXT.2 | None. | |
FPT_AEX_EXT.3 | None. | |
FPT_JTA_EXT.1 | None. | |
FPT_KST_EXT.1 | None. | |
FPT_KST_EXT.2 | None. | |
FPT_KST_EXT.3 | None. | |
FPT_NOT_EXT.1 | [selection: Measurement of TSF software, None]. | [selection: Integrity verification value, No additional information]. |
FPT_STM.1 | None. | |
FPT_TST_EXT.1 | Initiation of self-test. | [selection: Algorithm that caused the failure, none] |
Failure of self-test. | ||
FPT_TST_EXT.2(1) | Start-up of TOE. | No additional information. |
[selection: Detected integrity violation, none] | [selection: The TSF code file that caused the integrity violation, No additional information] | |
FPT_TUD_EXT.1 | None. | |
FTA_SSL_EXT.1 | None. |
Requirement | Auditable Events | Additional Audit Record Contents |
FAU_SAR.1 | None. | |
FAU_SEL.1 | All modifications to the audit configuration that occur while the audit collection functions are operating. | No additional Information. |
FCS_CKM_EXT.7 | None. | |
FCS_CKM_EXT.8 | None. | |
FCS_DTLS_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. |
FCS_HTTPS_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. [selection: User’s authorization decision, No additional information]. |
FCS_RBG_EXT.1 | Failure of the randomization process. | No additional information. |
FCS_RBG_EXT.2 | None. | |
FCS_RBG_EXT.3 | None. | |
FCS_SRV_EXT.2 | None. | |
FCS_TLSC_EXT.1 | Establishment/termination of a TLS session. | Non-TOE endpoint of connection. |
Failure to establish a TLS session. | Reason for failure. | |
Failure to verify presented identifier. | Presented identifier and reference identifier. | |
FCS_TLSC_EXT.2 | None. | |
FCS_TLSC_EXT.3 | None. | |
FDP_ACF_EXT.1 | None. | |
FDP_ACF_EXT.2 | None. | |
FDP_ACF_EXT.3 | None. | |
FDP_BCK_EXT.1 | None. | |
FDP_BLT_EXT.1 | None. | |
FDP_PBA_EXT.1 | None. | |
FDP_UPC_EXT.1 | Application initiation of trusted channel. | Name of application. Trusted channel protocol. Non-TOE endpoint of connection. |
FIA_AFL_EXT.1 | Excess of authentication failure limit. | Authentication factor used. |
FIA_BLT_EXT.1 | User authorization of Bluetooth device. | User authorization decision. Bluetooth address and name of device. Bluetooth profile. Identity of local service. |
User authorization for local Bluetooth service. | ||
FIA_BLT_EXT.2 | Initiation of Bluetooth connection. | Bluetooth address and name of device. |
Failure of Bluetooth connection. | Reason for failure. | |
FIA_BLT_EXT.3 | Duplicate connection attempt. | BD_ADDR of connection attempt |
FIA_BLT_EXT.4 | None. | |
FIA_BLT_EXT.5 | None. | |
FIA_BLT_EXT.6 | None. | |
FIA_BMG_EXT.1 | None. | |
FIA_BMG_EXT.2 | None. | |
FIA_BMG_EXT.3 | None. | |
FIA_BMG_EXT.4 | None. | |
FIA_BMG_EXT.5 | None. | |
FIA_BMG_EXT.6 | None. | |
FIA_UAU_EXT.2 | Action performed before authentication. | No additional information. |
FIA_UAU.6 | User changes Password Authentication Factor. | No additional information. |
FIA_UAU_EXT.4 | None. | |
FIA_X509_EXT.2 | Failure to establish connection to determine revocation status. | No additional information. |
FIA_X509_EXT.3 | None. | |
FIA_X509_EXT.4 | Generation of Certificate Enrollment Request. | Issuer and Subject name of EST Server. Method of authentication. Issuer and Subject name of certificate used to authenticate. Content of Certificate Request Message. |
Success or failure of enrollment. | Issuer and Subject name of added certificate or reason for failure. | |
Update of EST Trust Anchor Database | Subject name of added Root CA. | |
FIA_X509_EXT.5 | None. | |
FMT_SMF_EXT.1 | [selection: Initiation of policy update, none]. | [selection: Policy name, none]. |
[selection: Change of settings, none] | [selection: Role of user that changed setting, Value of new setting, none]. | |
[selection: Success of failure of function, none] | [selection: Role of user that performed function, Function performed, Reason for failure, none]. | |
Initiation of software update. | Version of update. | |
Initiation of application installation or update. | Name and version of application. | |
FMT_SMF_EXT.2 | [selection: Unenrollment, Initiation of unenrollment, none] | [selection: Identity of administrator Remediation action performed, failure of accepting command to unenroll, none] |
FMT_SMF_EXT.3 | None. | |
FPT_AEX_EXT.4 | None. | |
FPT_AEX_EXT.5 | None. | |
FPT_AEX_EXT.6 | None. | |
FPT_AEX_EXT.7 | None. | |
FPT_BBD_EXT.1 | None. | |
FPT_BLT_EXT.1 | None. | |
FPT_NOT_EXT.2 | None. | |
FPT_TST_EXT.2(2) | [selection: Detected integrity violation, none] | [selection: The TSF code file that caused the integrity violation, No additional information] |
FPT_TST_EXT.3 | None. | |
FPT_TUD_EXT.2 | Success or failure of signature verification for software updates. | No additional information. |
Success or failure of signature verification for applications. | No additional information. | |
FPT_TUD_EXT.3 | None. | |
FPT_TUD_EXT.4 | None. | |
FTA_TAB.1 | None. | |
FTP_BLT_EXT.1 | None. | |
FTP_BLT_EXT.2 | None. | |
FTP_ITC_EXT.1 | Initiation and termination of trusted channel. | Trusted channel protocol. Non-TOE endpoint of connection. |
Data Fields | Notations | |
SP 800-108 | SP 800-56C | |
Pseudorandom function | PRF | PRF |
Counter length | r | r |
Length of output of PRF | h | h |
Length of derived keying material | L | L |
Length of input values | I_length | I_length |
Pseudorandom input values I | K1 (key derivation key) | Z (shared secret) |
Pseudorandom salt values | n/a | s |
Randomness extraction MAC | n/a | MAC |
# Input: PT, IV, Key for i = 1 to 1000: if i == 1: CT[1] = AES-CBC-Encrypt(Key, IV, PT) PT = IV else: CT[i] = AES-CBC-Encrypt(Key, PT) PT = CT[i-1]
Data Level | Protection Required |
TSF Data | TSF data does not require confidentiality, but does require integrity protection (FPT_TST_EXT.2(1)). |
Protected Data | Protected data is encrypted while powered off. (FDP_DAR_EXT.1) |
Sensitive Data | Sensitive data is encrypted while in the locked state, in addition to while powered off. (FDP_DAR_EXT.2) |
Management Function |
FMT_ SMF_ EXT.1 |
FMT_ MOF_ EXT.1.1 |
Admin | FMT_ MOF_ EXT.1.2 |
pwd. configure password policy:
|
M | - | M | M |
2. configure session locking policy:
|
M | - | M | M |
3. enable/disable the VPN protection:
[selection:
b. on a per-app basis, c. on a per-group of applications processes basis, d. no other method] |
M | O | O | O |
4. enable/disable [assignment: list of all radios] | M | O | O | O |
5. enable/disable
[assignment: list of audio or visual collection devices] :
[selection:
b. on a per-app basis, c. on a per-group of applications processes basis, d. no other method] |
M | O | O | O |
6. transition to the locked state | M | - | M | - |
7. TSF wipe of protected data | M | - | M | - |
8. configure application installation policy by
[selection:
a. restricting the sources of applications, b. specifying a set of allowed applications based on [assignment: application characteristics] (an application whitelist), c. denying installation of applications] |
M | - | M | M |
9. import keys/secrets into the secure key storage | M | O | O | - |
10. destroy imported keys/secrets and [selection: no other keys/secrets, [assignment: list of other categories of keys/secrets] ] in the secure key storage | M | O | O | - |
11. import X.509v3 certificates into the Trust Anchor Database | M | - | M | O |
12. remove imported X.509v3 certificates and [selection: no other X.509v3 certificates, [assignment: list of other categories of X.509v3 certificates] ] in the Trust Anchor Database | M | O | O | - |
13. enroll the TOE in management | M | M | - | - |
14. remove applications | M | - | M | O |
15. update system software | M | - | M | O |
16. install applications | M | - | M | O |
17. remove Enterprise applications | M | - | M | - |
18. configure the Bluetooth trusted channel:
[selection:
c. change the Bluetooth device name (separately for BR/EDR and LE), d. provide separate controls for turning the BR/EDR and LE radios on and off, e. allow/disallow additional wireless technologies to be used with Bluetooth, f. disable/enable Advertising (for LE), g. disable/enable the Connectable mode (for BR/EDR and LE), h. disable/enable the Bluetooth services and/or profiles available on the device (for BR/EDR and LE), i. specify minimum level of security for each pairing (for BR/EDR and LE), j. configure allowable methods of Out of Band pairing (for BR/EDR and LE), k. no other Bluetooth configuration] |
M | O | O | O |
19. enable/disable display notification in the locked state of:
[selection:
a. email notifications, b. calendar appointments, c. contact associated with phone call notification, d. text message notification, e. other application-based notifications, f. all notifications] |
M | O | O | O |
20. enable data-at rest protection | M | O | O | O |
21. enable removable media’s data-at-rest protection | M | O | O | O |
22. enable/disable location services:
[selection:
b. on a per-app basis, c. on a per-group of applications processes basis, d. no other method] |
M | O | O | O |
23. Enable/disable the use of [selection: Biometric Authentication Factor, Hybrid Authentication Factor] | M | O | O | O |
24. enable/disable all data signaling over [assignment: list of externally accessible hardware ports] | O | O | O | O |
25. enable/disable [assignment: list of protocols where the device acts as a server] | O | O | O | O |
26. enable/disable developer modes | O | O | O | O |
27. enable/disable bypass of local user authentication | O | O | O | O |
28. wipe Enterprise data | O | O | O | - |
29. approve [selection: import, removal] by applications of X.509v3 certificates in the Trust Anchor Database | O | O | O | O |
30. configure whether to establish a trusted channel or disallow establishment if the TSF cannot establish a connection to determine the validity of a certificate | O | O | O | O |
31. enable/disable the cellular protocols used to connect to cellular network base stations | O | O | O | O |
32. read audit logs kept by the TSF | O | O | O | - |
33. configure [selection: certificate, public-key] used to validate digital signature on applications | O | O | O | O |
34. approve exceptions for shared use of keys/secrets by multiple applications | O | O | O | O |
35. approve exceptions for destruction of keys/secrets by applications that did not import the key/secret | O | O | O | O |
36. configure the unlock banner | O | - | O | O |
37. configure the auditable items | O | - | O | O |
38. retrieve TSF-software integrity verification values | O | O | O | O |
39. enable/disable
[selection:
|
O | O | O | O |
40. enable/disable backup of [selection: all applications, selected applications, selected groups of applications, configuration data] to [selection: locally connected system, remote system] | O | O | O | O |
41. enable/disable
[selection:
|
O | O | O | O |
42. approve exceptions for sharing data between [selection: application, groups of application] | O | O | O | O |
43. place applications into application groups based on [assignment: enterprise configuration settings] | O | O | O | O |
44. Unenroll the TOE from management | O | O | O | O |
45. Enable/disable the Always On VPN protection | O | O | O | O |
46. Revoke Biometric template | O | O | O | O |
47. [assignment: list of other management functions to be provided by the TSF] | O | O | O | O |
Assurance Class | Assurance Components |
Security Target (ASE) | Conformance claims (ASE_CCL.1) |
Extended components definition (ASE_ECD.1) | |
ST introduction (ASE_INT.1) | |
Security objectives for the operational environment (ASE_OBJ.1) | |
Stated security requirements (ASE_REQ.1) | |
Security Problem Definition (ASE_SPD.1) | |
TOE summary specification (ASE_TSS.1) | |
Development (ADV) | Basic functional specification (ADV_FSP.1) |
Guidance Documents (AGD) | Operational user guidance (AGD_OPE.1) |
Preparative procedures (AGD_PRE.1) | |
Life Cycle Support (ALC) | Labeling of the TOE (ALC_CMC.1) |
TOE CM coverage (ALC_CMS.1) | |
Timely Security Updates (ALC_TSU_EXT) | |
Tests (ATE) | Independent testing – sample (ATE_IND.1) |
Vulnerability Assessment (AVA) | Vulnerability survey (AVA_VAN.1) |
Acronym | Meaning |
---|---|
AEAD | Authenticated Encryption with Associated Data |
AES | Advanced Encryption Standard |
ANSI | American National Standards Institute |
AP | Application Processor |
API | Application Programming Interface |
ASLR | Address Space Layout Randomization |
BAF | Biometric Authentication Factor |
BP | Baseband Processor |
BR/EDR | (Bluetooth) Basic Rate/Enhanced Data Rate |
CA | Certificate Authority |
CBC | Cipher Block Chaining |
CCM | Counter with CBC-Message Authentication Code |
CCMP | CCM Protocol |
CMC | Certificate Management over Cryptographic Message Syntax (CMS) |
CPU | Central Processing Unit |
CRL | Certificate Revocation List |
CSP | Critical Security Parameters |
DAR | Data At Rest |
DEK | Data Encryption Key |
DEP | Data Execution Prevention |
DH | Diffie-Hellman |
DNS | Domain Name System |
DSA | Digital Signature Algorithm |
DTLS | Datagram Transport Layer Security |
EAP | Extensible Authentication Protocol |
EAPOL | EAP Over LAN |
ECDH | Elliptic Curve Diffie Hellman |
ECDSA | Elliptic Curve Digital Signature Algorithm |
EEPROM | Electrically Erasable Programmable Read-Only Memory |
EST | Enrollment over Secure Transport |
FIPS | Federal Information Processing Standards |
FM | Frequency Modulation |
FQDN | Fully Qualified Domain Name |
GCM | Galois Counter Mode |
GPS | Global Positioning System |
GPU | Graphics Processing Unit |
HDMI | High Definition Multimedia Interface |
HMAC | Keyed-Hash Message Authentication Code |
HTTPS | HyperText Transfer Protocol Secure |
IEEE | Institute of Electrical and Electronics Engineers |
IP | Internet Protocol |
IPC | Inter-Process Communication |
IPsec | Internet Protocol Security |
KEK | Key Encryption Key |
LE | (Bluetooth) Low Energy |
LTE | Long Term Evolution |
MD | Mobile Device |
MDM | Mobile Device Management |
MMI | Man-Machine Interface |
MMS | Multimedia Messaging Service |
NFC | Near Field Communication |
NIST | National Institute of Standards and Technology |
NX | Never Execute |
OCSP | Online Certificate Status Protocol |
OID | Object Identifier |
OS | Operating System |
OTA | Over the Air |
PAE | Port Access Entity |
PBKDF | Password-Based Key Derivation Function |
PMK | Pairwise Master Key |
PP | Protection Profile |
PTK | Pairwise Temporal Key |
RA | Registration Authority |
RBG | Random Bit Generator |
REK | Root Encryption Key |
ROM | Read-only memory |
RSA | Rivest Shamir Adleman Algorithm |
SHA | Secure Hash Algorithm |
SMS | Short Messaging Service |
SPI | Security Parameter Index |
SSH | Secure Shell |
SSID | Service Set Identifier |
ST | Security Target |
TLS | Transport Layer Security |
TOE | Target of Evaluation |
TSF | TOE Security Functionality |
TSS | TOE Summary Specification |
URI | Uniform Resource Identifier |
USB | Universal Serial Bus |
USSD | Unstructured Supplementary Service Data |
VPN | Virtual Private Network |
Wi-Fi | Wireless Fidelity |
XCCDF | eXtensible Configuration Checklist Description Format |
XTS | XEX (XOR Encrypt XOR) Tweakable Block Cipher with Ciphertext Stealing |
Requirement | Action |
FCS_STG_EXT.1.4 | Do not select “the user.” |
FMT_MOF_EXT.1.2 Function 4 | Assign GPS. |
FMT_MOF_EXT.1.2 Function 25 | Include in ST. Assign personal Hotspot connections (if feature exists). |
FMT_MOF_EXT.1.2 Function 36 | Include in ST. |
FMT_MOF_EXT.1.2 Function 39 | Include in ST. Select “USB Mass storage mode.” |
FMT_MOF_EXT.1.2 Function 41 | Include in ST. Select “USB tethering.” |
FMT_SMF_EXT.1.1 Function 4 | Assign GPS. |
FMT_SMF_EXT.1.1 Function 25 | Include in ST. Assign personal Hotspot connections (if feature exists). |
FMT_SMF_EXT.1.1 Function 36 | Include in ST. |
FMT_SMF_EXT.1.1 Function 39 | Include in ST. Select “USB Mass storage mode.” |
FMT_SMF_EXT.1.1 Function 41 | Include in ST. Select both options. |
FPT_BBD_EXT.1.1 | Include in ST. |
FPT_TST_EXT.2.1(2) | Include in ST and Select “all executable code stored in mutable media.” |
FPT_TUD_EXT.4.1 | Include in ST. |
FTA_TAB.1.1 | Include in ST. |
Requirement | Action |
FCS_CKM.1.1 | Select RSA with key size of 3072 or select ECC schemes. |
FCS_CKM.2.1(1) | Select ECC schemes, if ECC schemes are selected in FCS_CKM.1.1. |
FCS_CKM.2.1(2) | Select “RSA schemes” or select “ECC schemes that meet NIST SP 800-56A”. |
FCS_CKM_EXT.1.1 | If “symmetric” is selected then “256 bits” must be selected. If “asymmetric” is selected and RSA scheme is selected in FCS_CKM.1.1 then “128 bits” can be selected. If “asymmetric” is selected and ECC scheme is selected in FCS_CKM.1.1, then “192 bits” can be selected. |
FCS_CKM_EXT.2.1 | Select 256 bits. |
FCS_CKM_EXT.3.1 | If asymmetric KEKs is selected and RSA scheme is selected in FCS_CKM.1.1 then assign 128 bits security strength. If asymmetric KEKs is selected and ECC scheme is selected in FCS_CKM.1.1 then assign 192 bits security strength. If symmetric KEKs is selected, select 256 bit security strength. |
FCS_COP.1.1(1) | Select 256 bits. |
FCS_COP.1.1(2) | Select SHA-384. |
FCS_COP.1.1(3) | Assign a key size of 3072 for RSA or select ECDSA schemes. |
FCS_COP.1.1(5) | Select 256 bits. |
FCS_RBG_EXT.1.2 | Select 256 bits. |
FCS_STG_EXT.1.1 | Select mutable hardware. |
FCS_TLSC_EXT.1.1 | Select TLS_RSA_WITH_AES_256_GCM_SHA384 or TLS_ECDHE_ECDSA_WITH AES_256_GCM_SHA384. |
FCS_TLSC_EXT.2.1 | Select secp384r1, if included in ST (if ECC schemes are selected in FCS_CKM.1.1). |
FDP_DAR_EXT.1.2 | Select 256 bits. |
FIA_X509_EXT.2.1 | Select at least IPsec. |
FIA_X509_EXT.2.2 | Select either “allow the administrator to choose...” or “not accept the certificate”. |
FIA_X509_EXT.5.1 | Include in ST. Select “Common Name”, “Organization”, & “Organizational Unit”. |
FIA_X509_EXT.5.1 | Include in ST. |
FMT_MOF_EXT.1.2 Function 3 | Include in ST. |
FMT_MOF_EXT.1.2 Function 4 | Assign all radios on TSF. |
FMT_MOF_EXT.1.2 Function 5 | Assign all audio or visual collection devices on TSF. |
FMT_MOF_EXT.1.2 Function 20 | Include in ST. |
FMT_MOF_EXT.1.2 Function 22 | Include in ST. |
FMT_MOF_EXT.1.2 Function 44 | Include in ST. |
FMT_MOF_EXT.1.2 Function 45 | Include in ST (if IPsec is selected in FTP_ITC_EXT.1). |
FMT_SMF_EXT.1.1 Function 12 | Assign all X.509v3 certificates in the Trust Anchor Database. |
FMT_SMF_EXT.1.1 Function 19 | Select “f. all notifications”. |
FMT_SMF_EXT.1.1 Function 24 | Include in ST. Assign at least USB. |
FMT_SMF_EXT.1.1 Function 25 | Include in ST. Assign all protocols where the TSF acts as a server. |
FMT_SMF_EXT.1.1 Function 31 | Include in ST. |
FMT_SMF_EXT.1.1 Function 36 | Include in ST. |
FMT_SMF_EXT.2.1 | Select “wipe of protected data”, “wipe of sensitive data”, “alert the administrator”. |
FAU_SAR.1.1 | Include in ST. |
FAU_SAR.1.2 | Include in ST. |
FAU_SEL.1.1 | Include in ST. Select “event type”, “success of auditable security events”, and “failure of auditable security events”. |
FCS_SRV_EXT.2.1 | Include in ST. |
FPT_AEX_EXT.5.1 | Include in ST. |
FPT_AEX_EXT.5.2 | Include in ST. |
FPT_AEX_EXT.7.1 | Include in ST. |
FPT_BBD_EXT.1.1 | Include in ST. |
FTA_TAB.1.1 | Include in ST. |
Requirement | Action |
FMT_SMF_EXT.1.1 Function 3 | Select “b. on a per-app basis”, “c. on a per-groups of application basis” or both |
FMT_SMF_EXT.1.1 Function 5 | Select “b. on a per-app basis”, “c. on a per-groups of application basis” or both |
FMT_SMF_EXT.1.1 Function 17 | Include in ST. |
FMT_SMF_EXT.1.1 Function 28 | Include in ST. |
FMT_SMF_EXT.1.1 Function 44 | Include in ST (M-M-) |
FMT_SMF_EXT.2.1 | Select “Remove Enterprise Applications” |
FDP_ACF_EXT.1.2 | Select “Groups of Applications” |
FDP_ACF_EXT.2.1 | Include in ST. |
Cipher Mode | Reference | IV Requirements |
Electronic Codebook (ECB) | SP 800-38A | No IV |
Counter (CTR) | SP 800-38A | “Initial Counter” shall be non-repeating. No counter value shall be repeated across multiple messages with the same secret key. |
Cipher Block Chaining (CBC) | SP 800-38A | IVs shall be unpredictable. Repeating IVs leak information about whether the first one or more blocks are shared between two messages, so IVs should be non-repeating in such situations. |
Output Feedback (OFB) | SP 800-38A | IVs shall be non-repeating and shall not be generated by invoking the cipher on another IV. |
Cipher Feedback (CFB) | SP 800-38A | IVs should be non-repeating as repeating IVs leak information about the first plaintext block and about common shared prefixes in messages. |
XEX (XOR Encrypt XOR) Tweakable Block Cipher with Ciphertext Stealing (XTS) | SP 800-38E | No IV. Tweak values shall be non-negative integers, assigned consecutively, and starting at an arbitrary non-negative integer. |
Cipher-based Message Authentication Code (CMAC) | SP 800-38B | No IV |
Key Wrap and Key Wrap with Padding | SP 800-38F | No IV |
Counter with CBC-Message Authentication Code (CCM) | SP 800-38C | No IV. Nonces shall be non-repeating. |
Galois Counter Mode (GCM) | SP 800-38D | IV shall be non-repeating. The number of invocations of GCM shall not exceed 2^32 for a given secret key unless an implementation only uses 96-bit IVs (default length). |
False Error Rate | False error rates, 90% confidence, c = 0.95 | Number of errors (rounded) | Number of test subjects needed |
1% (1:100) | 1% ± 0.95% | 3 | 297 |
0.1% (1:1000) | 0.1% ± 0.095% | 3 | 2995 |
0.01% (1:10000) | 0.01% ± 0.0095% | 3 | 29977 |
0.001% (1:100000) | 0.001% ± 0.00095% | 3 | 299797 |
0.0001% (1:1000000) | 0.0001% ± 0.000095% | 3 | 2997998 |
False Error Rate | False error rates, 90% confidence, c = 0.95 | Number of errors (rounded) | Number of test subjects needed |
1% (1:100) | 1% ± 0.95% | 3 | 297/ND |
0.1% (1:1000) | 0.1% ± 0.095% | 3 | 2995/ND |
0.01% (1:10000) | 0.01% ± 0.0095% | 3 | 29977/ND |
0.001% (1:100000) | 0.001% ± 0.00095% | 3 | 299797/ND |
0.0001% (1:1000000) | 0.0001% ± 0.000095% | 3 | 2997998/ND |
False Error Rate | False error rates, 90% confidence, c = 0.95 | Number of errors (rounded) | Number of test subjects needed |
1% (1:100) | 1% ± 0.95% | 3 | 25 |
0.1% (1:1000) | 0.1% ± 0.095% | 3 | 78 |
0.01% (1:10000) | 0.01% ± 0.0095% | 3 | 246 |
0.001% (1:100000) | 0.001% ± 0.00095% | 3 | 776 |
0.0001% (1:1000000) | 0.0001% ± 0.000095% | 3 | 4450 |
False Error Rate | False error rates, 90% confidence, c = 0.95 | Number of errors (rounded) | Number of test subjects needed |
10% (1:10) | 10% ± 9.5% | 3 | 27 |
5% (1:20) | 5% ± 4.75% | 3 | 57 |
2% (1:50) | 2% ± 1.9% | 3 | 147 |
1% (1:100) | 1% ± 0.95% | 3 | 297 |
Identifier | Title |
---|---|
[CC] | Common Criteria for Information Technology Security Evaluation -
|
[CEM] | Common Evaluation Methodology for Information Technology Security - Evaluation Methodology, CCMB-2012-09-004, Version 3.1, Revision 4, September 2012. |
[NFIQ 1.0] | NIST Fingerprint Image Quality and relation to PIV, Tabassi, Elham.NIST Information Technology Laboratory, 2005. Retrieved June 13, 2015. |
[NFIQ 2.0] | Biometric Quality: The push towards zero error biometrics., Tabassi, Elham et al. International Biometrics Performance Conference (IBPC), 2016. Retrieved May 30, 2016. |
[IBPC] | On security evaluation of fingerprint recognition systems-- IBPC Presentation., Henniger, Scheuermann, and Kniess.International Biometric Performance Testing Conference (IBPC), 2010. Retrieved June 12, 2015. |
[ISO 19989] | , ISO/IEC NP 19989: Evaluation of presentation attack detection for biometrics International Organization for Standardization (ISO), 2014. |
[ANSI 409.1] | ANSI/CITS 409.1-2005. Biometrics Performance Testing and Reporting—Part 1: Principles and Findings.” Annex B. ANSI/CITS, 2005. |
[NIST] | The NIST speaker recognition evaluation—Overview, methodology, systems, results, perspective, Doddington, Przybocki, Martin, and Reynolds. Speech Communication 31: Elsevier, 2000, Retrieved June 10, 2015. |
[BROWN] | Interval Estimation for a Binomial Proportion.Brown, Cai, and DasGupta. |