Welcome to the Acumen Security Blog

The Mobile Device PP Version 3.0

In early June version 3.0 of the Protection Profile for Mobile Device Fundamentals (PP_MD) was released. Previous versions of this PP have been widely adopted with more than 20 products currently on the PCL. PP_MD validated platforms can also be used to satisfy requirements for products going against PPs such as the Application Software PP, so the requirements of the PP_MD are likely to be of interest to a number of vendors.

A quick glance at the PP_MD’s revision history shows that changes to this new version have come in a number of areas. Some “clean up” has been done with requirements and assurance activities being clarified where necessary, and Technical Rapid Response Team (TRRT) decisions being included in the new PP. A number of objective requirements from the older version of the PP are now mandatory. Additional objective requirements have also been added to cover functionality that mobile devices may support.

One very obvious change in the new PP_MD is the fact that audit generation and storage requirements are now mandatory. Audit review and event selection are still optional objective requirements, but all products going against the PP_MD version 3.0 will have to support FAU_GEN.1, FAU_STG.1 and FAU_STG.4. The requirements of these SFRs should be familiar to anyone with experience in CC. It’s interesting to note that the ability to read audit records is still an optional requirement.

The sensitive data encryption requirements that were previously optional are now also required. FDP_DAR_EXT.2 is written nearly the same in the most recent PP, the only change being a provision for the use of biometric KEKs in addition to password derived ones. By making it mandatory though this updated PP has added significantly stricter data storage protections.

Several Bluetooth related SFRs are now mandatory as well. Mutual authentication, rejection of duplicate connections and secure simple pairing were all present in the previous PP but were not required. Version 3.0 has made them mandatory. Mutual authentication was already present as an objective requirement in the previous version of the PP, so it should be familiar to those who have worked with it. The other Bluetooth SFRs are new though and weren’t present in any form in version 2.0.

The last new mandatory requirement is FPT_JTA_EXT.1. This SFR requires the TOE to restrict JTAG access through either hardware or software controls, and is presumably meant to stop attackers from using diagnostic ports to compromise the device.

A number of new objective requirements have been added to this version of the PP_MD as well. The requirements that will be most obvious to users of modern mobile devices are FIA_BMG for the management of biometrics. As noted previously biometric KEKs are now allowed and these new objective SFRs will support that functionality.

Other new objective requirements are FCS_RBG_EXT.2 for random bit generation, FIA_BLT_EXT.5 for devices that support Secure Connections Only Mode for Bluetooth, FMT_SMF_EXT.3 for administrative management and FTP_BLT_EXT.1 and 2 for Bluetooth encryption. WLAN related SFRs have also been removed since they are now in the WLAN Client Extended Package.

The last significant change to the PP_MD is better support for BYOD situations. O.PRIVACY, which recognizes the importance of keeping personal data private has been added as a PP objective. FIA_UAU_EXT.4 was added as an optional requirement in order to allow separate credentials for the protection of personal and enterprise data. A BYOD template was also added in Appendix G to aid ST authors with selections in a BYOD use case.

This is a very high level overview of the changes in the most recent version of the PP_MD. As was mentioned many of the now mandatory requirements and assurance activities that are now required are not new. This should serve as a reminder to keep a close eye on current objective requirements since they may appear as mandatory requirements in future PP updates. The WLAN EP will also become significantly more important now that it is supported by one of the most commonly used current PPs.