NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices

こんにちは、丸山満彦です。

NISTがモバイルデバイス・ウェアラブルデバイスを対象としたファーストレスポンダーのためのセキュリティガイドの意見募集をしていますね。11月30日までです。

● NIST - ITL

・2020.09.28 (publication) NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices

・[PDF] NISTIR 8235 (Draft)

---

Announcement

Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as smartphones, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also introduce new security vulnerabilities to their work environment. To investigate this impact, the security objectives identified in NIST Interagency Report (NISTIR) 8196, Security Analysis of First Responder Mobile and Wearable Devices, were used to scope the analysis of public safety mobile and wearable devices and the current capabilities that meet those security objectives. The ultimate goal of this effort is to provide guidance that enables jurisdictions to select and purchase secure devices and assist industry to design and build secure devices tailored to the needs of first responders.

 

Abstract

Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as smartphones, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also introduce new security vulnerabilities to their work environment. To investigate this impact, the security objectives identified in NIST Interagency Report (NISTIR) 8196, Security Analysis of First Responder Mobile and Wearable Devices, were used to scope the analysis of public safety mobile and wearable devices and the current capabilities that meet those security objectives. The ultimate goal of this effort is to provide guidance that enables jurisdictions to select and purchase secure devices and assist industry to design and build secure devices tailored to the needs of first responders.

---

 

■ 参考

● NIST -ITL 
・2020.05.11 (publcation) NISTIR 8196 Security Analysis of First Responder Mobile and Wearable Devices

● まるちゃんの情報セキュリティ気まぐれ日記
・2020.05.16 NISTIR 8196 Security Analysis of First Responder Mobile and Wearable Devices

 

 

---

Executive Summary

Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. This can lead to massive data leaks and abusive data collection for users and businesses.

Blockchain technology has enabled a new software paradigm for managing digital ownership in partial- or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Fundamental to this representation is that users have the ability to directly control token custody in digital wallets through public-key cryptography and to interact with one another in a peer-to-peer manner. Blockchain networks provide secure transaction reconciliation, linkage, and storage in consolidated, integrity-protected distributed ledgers. They form mutually operated record-keeping execution environments or virtual machines that are either application-specific, offering limited instruction sets, or general purpose, allowing smart contract execution.

These programming environments make it possible to issue tokens that represent programmable digital assets, the ownership of which is cryptographically verifiable, and to develop services to help manage them. Tokens meant to act as interchangeable units represent digital coins. Those meant to act as uniquely identifiable objects represent nonfungible assets. Protocols primarily use fungible tokens (i.e., digital coins) to build incentive and governance models for permissionless peer-to-peer networks, represent existing fungible assets, or derive new ones based on them.

Tokens can also be self-contained and use blockchain-based storage for status updates. They enable authentication and authorization methods that can be used to provide additional features for blockchain-based tokens as well as to build identity and supply chain management systems.

Open standards for token data models have been developed that define operations at the protocol level for token creation and supply/lifecycle management and at the user level for individual token transfers. These models have different capabilities and scopes, which additional token management protocols can complement while allowing for separation of concerns.

Users can securely store the private keys associated with the accounts that hold their tokens in their own wallets or entrust key storage to third-party custodians that are independent from token issuers. Smart contract vaults can enable tailored account management models with additional security and recovery features while externally maintaining persistent blockchain addresses.

Operations modify the state of the ledger by way of transactions submitted to the blockchain, which provides reconciliation but requires making tradeoffs between decentralization, scalability, and security. Parallel transaction processing and off-chain scaling schemes have been developed to increase transaction throughput. State channels and sidechains allow transaction processing to be offloaded away from the root blockchain. By attaching agreed-upon and self-enforceable conditions to deposit contracts, tokens can be exchanged with one another while users remain in control of the private keys at all times. Blockchain bridging schemes allow for the portability of tokens and oracles across blockchains as well as hub-and-spoke architectures using different types of intermediary systems. Permissions and viewability restrictions may be put into place to help build narrowly defined environments, though the use of privacy-enhancing technologies and cryptographic primitives is still needed to protect the confidentiality of user data.

Additionally, software design patterns and infrastructure tools make it easier to integrate blockchain networks, wallets, and external resources (e.g., user account data, external data feeds) with user interfaces. The unbundling between user interfaces and application data and logic results in a user-centric system architecture and requires re-examining approaches to break down and evaluate the security risks entailed by individual configurations.

While token-based protocols can integrate and transform existing organizations and web services with efficiency and interoperability gains, the parties involved must establish common purposes and rules to form secure and sustainable governance models. More generally, blockchain networks face multi-dimensional challenges that range from scalability and privacy obstacles to educational and regulatory needs (e.g., understanding of cryptoeconomics and legal infrastructures) as well as standard- and product-related requirements (e.g., data format interoperability). The literature that has emerged on these challenges is rich, and substantial efforts are being made to address them publicly and across organizations.

In that way, blockchain-enabled tokens can be integrated into web and mobile applications to provide different types of embedded services, especially related to finance, identity, authentication, payments, and supply chains. A key driver is that tokens can act as tools with built-in usage and governance features to facilitate business-making online with increased efficiency and transparency, benefiting both users and businesses.

 

 

---

Table of Contents

1 Introduction
1.1 Purpose
1.2 Scope
1.3 Document Structure

2 Technology Overview
2.1 Public Safety Mobile Devices
2.2 Public Safety Wearable Devices

3 Analysis Methodology
3.1 Test Plan
3.2 Testing & Analysis
3.3 Develop Guidance

4 Test Overview
4.1 Mobile Test Results Summary
4.2 Wearable Test Results Summary

5 Best Practices and Guidance
5.1 Guidance for Mobile and Wearable Devices

6 Conclusion

References
List of Appendices

Appendix A— Acronyms

Appendix B— Tests and Results
B.1 Mobile Test Results
B.1.1 Test 1: Obtain General Hardware Information
B.1.2 Test 2: Obtain General Software Information
B.1.3 Test 3: Device Ruggedization Ratings
B.1.4 Test 4: Obtaining Vulnerability Information from OS version and known databases 
B.1.5 Test 5: Vulnerability Scan via Mobile Threat Defense (MTD) Application
B.1.6 Test 6: External Fingerprinting 
B.1.7 Test 7: External Vulnerability Scan
B.1.8 Test 8: MAC Address Randomization
B.1.9 Test 9: Device Update Policy
B.1.10Test 10: Rogue Base station Detection
B.1.11Test 11: Configuration Guidance
B.1.12Test 12: Wi-Fi MitM and Rogue AP Detection
B.1.13Test 13: Boot Integrity
B.1.14Test 14: Data Isolation
B.1.15Test 15: Device Encryption

B.2 Wearable Devices
B.2.1 Test 1: Obtain General Hardware Information
B.2.2 Test 2: Obtain General Software Information
B.2.3 Test 3: Device Ruggedization Ratings
B.2.4 Test 4: Obtaining Vulnerability Information from OS Information
B.2.5 Test 5: Bluetooth Pairing
B.2.6 Test 6: Bluetooth Encryption
B.2.7 Test 7: Configuration Guidance
B.2.8 Test 8: Wearable Device MAC Address Randomization
B.2.9 Test 9: Device Update Polic

List of Tables
Table 1 - Handset and Wearable Security Objectives
Table 2 - Handset and Wearable Security Sub-objectives
Table 3 - Mobile Device Tests
Table 4 - Wearable Device Tests
Table 5 – High-Level Guidance for Securing Mobile and Wearable Devices

List of Figures
Figure 1 - Example 1: Device Information
Figure 2 - id applications listing (left), iOS applications listing (right)
Figure 3 - Example ruggedized device
Figure 4 - Example Android CVEs
Figure 5 - Vulnerability scanner results
Figure 6 - CVE reference in National Vulnerability Database
Figure 7 - MTD scan results
Figure 8 - NMAP port scan
Figure 9 - External vulnerability scan results (1)
Figure 10 - External vulnerability scan results (2)
Figure 11 - Mac address randomization analysis
Figure 12 - Optional Mac address randomization setting
Figure 13 - Example update information
Figure 14 - Preferred network selection on an Android device
Figure 15 - Mobile network connection monitor
Figure 16 - Android device location permissions (1)
Figure 17 - Android device location permissions (2)
Figure 18 – iOS device location permissions
Figure 19 - EvilAP/MitM network configuration
Figure 20 - Mobile device connection to AP with no Internet
Figure 21 - Website detects MitM attack due invalid certificate response
Figure 22 - Simplified schematic of the Android boot process
Figure 23 - (Left) Android device encryption settings. (Right) Apple iOS device data protection settings
Figure 24 - Example packet capture used to identify Bluetooth version
Figure 25 - Link Key Establishment for Secure Simple Pairing (NIST SP 800-121) [17]
Figure 26 - Bluetooth Low Energy Secure Connections Pairing (NIST SP 800-121) [17]
Figure 27 - Security Requirements for Services Protected by Security Mode 4 (NIST SP 800-121) [17]
Figure 28 - Secure Simple Pairing Service Levels (NIST SP 800-121) [17]

---