« CDPSE:ISACAのプライバシーに係るエンジニアの新しい資格 | Main | Tropic Trooperが台湾、フィリピンの政府、軍、医療機関等の物理的に分離されたネットワークをターゲットにUSBフェリー攻撃 by Trendmicro »


NISTIR 8196 Security Analysis of First Responder Mobile and Wearable Devices




・2020.05.11 NISTIR 8196 Security Analysis of First Responder Mobile and Wearable Devices


・(補足資料)Security Research Portfolio (from NIST's Public Safety Communications Research Division) (other)

Public safety practitioners utilizing the forthcoming Nationwide Public Safety Broadband Network (NPSBN) will have smartphones, tablets, and wearables at their disposal. Although these devices should enable first responders to complete their missions, any influx of new technologies will introduce new security vulnerabilities. This document analyzes the needs of public safety mobile devices and wearables from a cybersecurity perspective, specifically for the fire service, emergency medical service (EMS), and law enforcement. To accomplish this goal, cybersecurity use cases were analyzed, previously known attacks against related systems were reviewed, and a threat model was created. The overarching goal of this work is to identify security objectives for these devices, enabling jurisdictions to more easily select and purchase secure devices and industry to design and build more secure public safety devices.

Table of Contents

1 Introduction
 1.1 Purpose
 1.2 Scope
 1.3 Previous Work
 1.4 Document Structure
 1.5 Document Conventions

2 Technology Overview
 2.1 Land Mobile Radio Technology
 2.2 Cellular Technology
 2.3 Wearable Technology

3 Related Standards and Guidance
 3.1 Association of Public-Safety Communications Officials
 3.2 Department of Homeland Security
 3.3 FirstNet Public Safety Advisory Committee (PSAC)
 3.4 National Public Safety Telecommunications Council
 3.5 Public Safety Communications Research
 3.6 NIST Information Technology Laboratory
 3.7 National Telecommunications and Information Administration

4 Study Methodology
 4.1 Preliminary Research
 4.2 Public Safety Input
 4.3 Security Analysis and Objectives Development

5 Use Cases for Public Safety Mobile and Wearable Device Security
 5.1 Use Case Development Methodology
 5.2 Use Case Structure
 5.3 Mobile Device Use Cases
 5.4 Wearable Device Use Cases
 5.5 Mobile Application Use Cases

6 Documented Attacks on Public Safety Systems
 6.1 Threat Source Type Descriptions
 6.2 Adversarial Attacks
 6.3 Structural and environmental incidents

7 Threat Analysis
 7.1 Threat Analysis Methodology
 7.2 Threats to Public Safety Mobile Devices
 7.3 Threats to Public Safety Wearable Devices
 7.4 Areas Warranting Further Scrutiny

8 Security Objectives
 8.1 Availability
 8.2 Ease of Management
 8.3 Interoperability
 8.4 Isolation
 8.5 Confidentiality
 8.6 Authentication
 8.7 Integrity
 8.8 Device and Ecosystem Health

9 Conclusions


1 Introduction

The Middle Class Tax Relief and Job Creation Act of 2012 created the First Responder Network Authority (FirstNet), an independent agency under the Department of Commerce’s National Telecommunications and Information Administration (NTIA) [1]. FirstNet has a mission to develop, build, and operate the country's first Nationwide Public Safety Broadband Network (NPSBN). The NPSBN will enable first responders to begin using modern communications devices for public safety activities. These devices will replace or complement land mobile radio (LMR) handsets, and entirely new categories of devices will be introduced. This influx of new technology will fundamentally alter how first responders communicate and access public safety resources and data. While these new communications technologies will undoubtedly assist first responders, they will also need to be secured against threats to device and communication security to which members of public safety may be unaccustomed.

First responders will not only need modern voice communication technology but also sensors and other wearable devices to properly perform their duties. Wearables are a subset of Internet of Things (IoT) technology physically affixed to a human’s body or clothing. Often a dedicated device with a single purpose, wearables and sensors can provide beneficial functions such as authentication, heart rate monitoring, video recording, hands-free communication, or location tracking. Wearables can provide critical information and improved usability, all without interfering with the first responder’s typical workflow. These devices also bring unique threats that the larger security community is still learning how to properly address. Securing mobile devices and wearables targeted for public safety will keep first responders and their data secure.

In addition to utilizing the NPSBN, these mobile devices and wearables can be part of a network dedicated to an individual, otherwise known as a Personal Area Network (PAN). PANs can be used as a communications network to transmit information between public safety smartphones, tablets, sensors, and wearable devices. Often operating within a short physical radius, PANs use a completely different set of wireless networking protocols than cellular or LMR devices such as WiFi or Bluetooth. The security interactions between these devices and protocols need to be understood to ensure public safety activities are not adversely affected.

1.1 Purpose

Public safety has unique needs regarding the security of their mobile devices and wearable technology. First Responders use this technology under unique stress, and devices must be specifically designed to operate in those conditions. Commercial-off-the-shelf (COTS) devices may not be able to withstand extreme temperatures and other elements of hazardous environments. Public safety also handles more sensitive data (e.g., patient information, law enforcement data) than the typical commercial user. The overarching goal of this work is to identify security objectives for public safety mobile and wearable devices, enabling jurisdictions to more easily select and purchase secure devices and device manufacturers to design and develop them. The specific contributions of this document include the:

  • Collection of public safety use cases, which are then analyzed for relevant cybersecurity consideration
  • Identification of previous attacks to similar public safety systems to inform this effort
  • Threat modeling activities to understand the necessary technical security capabilities of public safety devices
  • Development of security objectives

Established security objectives can provide a reference for those developing public safety communication devices and wearables. Likewise, those within a public safety jurisdiction charged with purchasing equipment can use these objectives when making purchase decisions.

1.2 Scope

This research effort focuses primarily on public safety mobile and wearable devices and the communication between those devices. For instance, when securing broadband networks, the management and operation of cellular networks are out of scope. While an entire class of devices exists under the IoT umbrella, this document solely focuses on wearable IoT devices that may be used by public safety. Additionally, mobile applications that ship with a public safety smartphone are considered in scope as they are often required to perform typical public safety activities, such as voice communication. Backend services and the communication paths utilized by these mobile applications (to include data transmission from an application to supporting infrastructure) are in scope. Finally, first responders work in a variety of disciplines. This Interagency Report (IR) is focused on the fire service, emergency medical services (EMS), and law enforcement (LE).

1.3 Previous Work

Readers are highly encouraged to first read NIST Interagency Report (NISTIR) 8080, Usability and Security Considerations for Public Safety Mobile Authentication [8] and NISTIR 8135, Identifying and Categorizing Data Types for Public Safety Mobile Applications [2]. NISTIR 8080 analyzes usability issues pertaining to the use of various authentication technologies, including wearable devices. Interviews were conducted to understand the context for how these wearable devices can be used by public safety professionals, and that information is included within the report. NISTIR 8135 explores the categorization of public safety information types for public safety applications, obtained through a public workshop. It is also useful as a foundation for the threat analysis activities explored later in this document.

1.4 Document Structure

The document is organized into the following major sections:

  • Section 2 provides an overview of LMR, Long-Term Evolution LTE, and wearable technology;
  • Section 3 outlines the methodology used for this research;
  • Section 4 reviews applicable guidance and programs affecting public safety technology;
  • Section 5 details use cases for public safety mobile devices and wearables;
  • Section 6 identifies known threats to applicable public safety systems;
  • Section 7 defines a threat analysis of mobile and wearable devices;
  • Section 8 explores security objectives for public safety technology; and
  • Section 9 contains conclusions and explores future research areas.

The document also contains appendices with supporting material:

  • Appendix A defines selected acronyms and abbreviations used in this publication, and
  • Appendix B contains a list of references used in the development of this document.

1.5 Document Conventions

The term mobile device is used to refer to a modern smartphone running a full-fledged operating system (OS). Please refer to NIST Special Publications (SP) 800-124 Guidelines for Managing the Security of Mobile Devices in the Enterprise for additional information on defining mobility [4]. Mobile devices generally have cellular service, but not always. Tablets are traditionally larger than mobile devices, run a full-fledged OS, and are typically assumed to lack cellular service unless otherwise noted. The term LMR handset refers to a handheld communication device broadly used by public safety officials in the field today. LMR handsets do not generally have cellular capabilities. The term wearable, or wearable device, refers to a small device that may or may not have a full-fledged OS. Wearables are generally assumed to lack cellular service and rely on short-range wireless protocols like WiFi or Bluetooth, but this is not always the case.






« CDPSE:ISACAのプライバシーに係るエンジニアの新しい資格 | Main | Tropic Trooperが台湾、フィリピンの政府、軍、医療機関等の物理的に分離されたネットワークをターゲットにUSBフェリー攻撃 by Trendmicro »


Post a comment

(Not displayed with comment.)

Comments are moderated, and will not appear on this weblog until the author has approved them.

« CDPSE:ISACAのプライバシーに係るエンジニアの新しい資格 | Main | Tropic Trooperが台湾、フィリピンの政府、軍、医療機関等の物理的に分離されたネットワークをターゲットにUSBフェリー攻撃 by Trendmicro »