LG Electronics Inc. LG Android 7 devices (V20, G5)

LG Electronics Inc. LG Android 7 devices (V20, G5)
LG Electronics Inc.
LG Android 7 devices (V20, G5)
Guidance Documentation
Version 0.2
2016/09/22
LG Electronics Inc.
20 Yoido-dong, Youngdungpogu, Seoul 152-721, Korea
1.
DOCUMENT INTRODUCTION .......................................................................................................................4
1.1
1.2
EVALUATED DEVICES .....................................................................................................................................4
ACRONYMS.....................................................................................................................................................4
2.
EVALUATED CAPABILITIES .........................................................................................................................7
3.
SECURITY CONFIGURATION .......................................................................................................................9
3.1
3.2
COMMON CRITERIA MODE ............................................................................................................................. 9
COMMON CRITERIA RELATED SETTINGS ........................................................................................................9
4.
SECURE UPDATE PROCESS ........................................................................................................................ 26
5.
CRYPTOGRAPHIC APIS ............................................................................................................................... 27
5.1
5.2
5.3
5.4
5.5
5.6
5.7
FCS_CKM.2(1) - RSA ................................................................................................................................. 27
FCS_CKM.2(1) – ECDH ............................................................................................................................. 27
FCS_COP.1(1) - AES CBC.......................................................................................................................... 28
FCS_COP.1(2) - SHA .................................................................................................................................. 28
FCS_COP.1(3) – RSA(SIGNATURE ALGORITHMS) ...................................................................................... 29
FCS_COP.1(3) – ECDSA(SIGNATURE ALGORITHMS) ................................................................................. 30
FCS_COP.1(4) - HMAC .............................................................................................................................. 31
6.
VPN CONFIGURATION ................................................................................................................................. 32
7.
WI-FI CONFIGURATION ............................................................................................................................... 33
8.
BLUETOOTH CONFIGURATION ................................................................................................................ 34
9.
AUDIT LOGGING ............................................................................................................................................ 35
10.
10.1
10.2
DATA SEPARATION ................................................................................................................................... 50
WORK PROFILE INSTALLATION AND DATA SEPARATION .............................................................................. 50
HOW TO WIPE ENTERPRISE DATA (WORK PROFILE) ...................................................................................... 53
APPENDIX A GENERATING SECURE RANDOM DATA .............................................................................. 54
A.1 ANDROID API FOR GENERATING SECURE RANDOM DATA ................................................................................ 54
APPENDIX B SECURE KEY STORAGE ............................................................................................................ 55
B.1 KEY USAGE........................................................................................................................................................ 55
B.2 SYMMETRIC KEY GENERATION.......................................................................................................................... 55
B.3 SYMMETRIC KEY ENCRYPTION/DECRYPTION ...................................................................................................... 55
B.4 ASYMMETRIC KEY GENERATION ....................................................................................................................... 56
B.5 ASYMMETRIC KEY SIGN AND VERIFY ................................................................................................................ 56
B.6 KEY DESTRUCTION ............................................................................................................................................ 57
APPENDIX C CONFIGURATION OF FIPS VALIDATED CRYPTOGRAPHIC ENGINES ....................... 58
C.1 SETTING THE FIPS MODE .................................................................................................................................. 58
C.2 SDK FOR FIPSMODE APIS ................................................................................................................................ 58
APPENDIX D GUIDANCE FOR USING HTTPS/TLS APIS ........................................................................... 59
D.1 ANDROID APIS FOR TLS CONNECTION .............................................................................................................. 59
D.2 HOW TO SET CIPHER SUITES USING ANDROID API ............................................................................................. 59
D.3 HOW TO SET CLIENT CERTIFICATE...................................................................................................................... 60
APPENDIX E GUIDANCE FOR BLUETOOTH APIS ...................................................................................... 61
E.1 ANDROID APIS FOR BLUETOOTH ....................................................................................................................... 61
E.2 HOW TO ESTABLISH A SECURE CHANNEL FOR BLUETOOTH USING ANDROID API ............................................... 61
E.3 HOW TO INTERACT WITH THE BLE DEVICE VIA THE ANDROID BLE API ........................................................... 62
E.4 HOW TO ESTABLISH A PROFILE CONNECTION FOR BLUETOOTH USING ANDROID API ........................................ 63
Page 2 of 66
APPENDIX F GUIDANCE FOR ACCESS CONTROL TO SYSTEM SERVICES ........................................ 65
F.1 ACCESS CONTROL TO SYSTEM SERVICES ............................................................................................................. 65
Page 3 of 66
1. Document Introduction
This guide includes procedures for configuring Common Criteria on LG Android 7 devices (V20, G5).
1.1 Evaluated Devices
The evaluated device is the LG Android 7 devices (V20, G5). The following carrier models are supported:









LG V20 H910 (AT&T)
LG V20 VS995 (Verizon)
LG V20 H918 (T-Mobile)
LG V20 LS997 (Sprint)
LG V20 US996 (Open)
LG G5 H820 (AT&T)
LG G5 VS987 (Verizon)
LG G5 LS992 (Sprint)
LG G5 H830 (T-Mobile)
The software identification for the evaluated devices is as follows:
Security software version, MDF v2.0 Release 4



To check your carrier details, go to Settings > About phone > Network
To check your current security software version, go to Settings > About phone > Software info
To check your current OS versions & Build number, go to Settings > About phone > Software info
Product
Carrier
Security Software Version
OS version
Build number
LG V20 H910
AT&T
MDF v2.0 Release 4
Android 7.0
NRD90E
LG V20 VS995
Verizon
MDF v2.0 Release 4
Android 7.0
NRD90E
LG V20 LS997
Sprint
MDF v2.0 Release 4
Android 7.0
NRD90E
LG V20 H918
T-Mobile
MDF v2.0 Release 4
Android 7.0
NRD90E
LG V20 US996
Open
MDF v2.0 Release 4
Android 7.0
NRD90E
LG G5 H820
AT&T
MDF v2.0 Release 4
Android 7.0
NRD90M
LG G5 VS987
Verizon
MDF v2.0 Release 4
Android 7.0
NRD90M
LG G5 LS992
Sprint
MDF v2.0 Release 4
Android 7.0
NRD90M
LG G5 H830
T-Mobile
MDF v2.0 Release 4
Android 7.0
NRD90M
1.2 Acronyms
•
BYOD : Bring Your Own Device
•
CA : Certificate Authority
•
CAVP : Cryptographic Algorithm Validation Program
•
CBC : Cipher Block Chaining
•
CCM : Counter with CBC-Message Authentication Code
•
CC Mode : Common Criteria Mode
Page 4 of 66
•
CCTL : Common Criteria Testing Laboratory
•
CDH : Computational Diffie–Hellman
•
CRC : Cyclic Redundancy Check
•
CTR : Counter
•
CVL : Component Validation List
•
DEK : Data Encryption Key
•
DPM : Device Policy Manager
- It is Android native APIs for device management. Please see the link below.
- http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html
•
DRBG : Deterministic Random Bit Generator
•
ECDSA : Elliptic Curve Digital Signature Algorithm
•
EAP-TLS : Extensible Authentication Protocol - Transport Layer Security
•
ECC : Elliptic Curve Cryptography
•
EMM : Enterprise Mobility Management
•
eMMC : embedded Multi Media Card
•
FIPS : Federal Information Processing Standards
•
FS Signature : File System Signature
•
FW Signature : Firmware Signature
•
GCM : Galois Counter Mode
•
GPS : Global Positioning System
•
HMAC : Keyed-Hash Message Authentication Code
•
HW : Hardware
•
ISV : Independent Software Vendor
•
KEK : Key Encryption Key
•
KW : Key Wrap
•
LG FOTA : LG Firmware Over The Air
•
LG MDM : LG Mobile Device Management
- It is LG’s mobile device management solution. It extends DPM in android framework.
•
NFC : Near Field Communication
•
OS : Operating System
•
PBKDF2 : Password-Based Key Derivation Function 2
•
PIN : Personal Identification Number
•
PKG : Public Key Generation
•
PKV : Public Key Validation
•
RSA : Rivest Shamir Adleman
•
SD Card : Secure Digital Card
•
SIG : Signature
•
SHA : Secure Hash Algorithm
Page 5 of 66
•
SHS : Secure Hash Standard
•
SMS : Short Messaging Service
•
SP : Special Publications
•
SSID : Service Set Identifier
•
TEE : Trusted Execution Environment
•
USB : Universal Serial Bus
•
VPN : Virtual Private Network
•
WEP : Wired Equivalent Privacy
•
Wi-Fi : Wireless Fidelity
•
WLAN : Wireless Local-Area Network
•
WPA : Wi-Fi Protected Access
Page 6 of 66
2. Evaluated Capabilities
The Common Criteria configuration adds support for many security capabilities. Some of those capabilities include
the following:
1. Cryptographic Key Management
The LG provides Key Management feature to protect keys and key materials used for Full Disk
Encryption, SD Card encryption and Android Keystore.
A.
Random Number Generation
This feature employs all deterministic random bit generation services in accordance with NIST 80090a using CTR_DRBG (AES) to generate keys which provide entropy of more than 128bits.
B.
Key management
It manages the major types of keys: DEKs and KEKs. DEKs are used to protect data. KEKs are used
to protect other keys – DEKs, other KEKs and other types of keys and key materials
C.
Key storage
It stores the cryptographic keys encrypted by a h/w-protected key into a special user partition. The
special user partition is wiped when Factory data reset is performed.
2. Data protection
The LG Data Encryption protects user data stored in the device’s internal storage and the external SD card
from an unauthorized use. The capability can be configured by application settings or by IT administrators
using MDM capabilities.
All user data is encrypted with 256-bits AES (Advanced Encryption Standard) algorithm and stored in the
user data partition The encryption key is protected by a KEK generated by combining a KEK derived from a
user PIN or password using PBKDF2 with a randomly generated KEK which is protected by h/w.
•
•
•
Full Disk encryption
SD Card encryption
Keystore data protection
3. Certificate Validation
LG provides Certificate validation feature for all certificates to protect your secure connection from spoofing
and invalid certificates. This capability can be automatically configured by enabling CC Mode.
•
•
More robust validation of certificates
Revocation status checking of certificate, using OCSP(Online Certificate Status Protocol)
4. MDM Capability
Although generic Android OS has been supporting mobile devices management (MDM) capability since
Android 2.2, enterprises need substantial control and management over mobile devices where corporate data is
being used.
The newest native Android OS does not even provide as much management capability as IT managers would
want under various circumstances of organizations and environments. For example, there is no way to restrict
the use of GPS or Bluetooth by native MDM APIs of generic Android.
To close such gaps, LG Android devices come pre-loaded with extended MDM capability on top of the
native Android OS, giving IT administrators the enhanced ability to configure various device and application
settings, control hardware components, and manage applications at much more granular levels.
Page 7 of 66
LG Android device not only expends MDM capability and but also adds a rich feature set of mobile
application management keeping in mind of enterprise mobility management to meet the requirement for
granular and high level of manageability and security in LG Android devices.
Figure 1 describes LG MDM architecture. Independent software vendors (ISVs) can not only use generic
MDM APIs provided by Android but they can also leverage a rich set of extended MDM on LG Android
devices according to their needs and requirements.
•
•
•
•
•
•
•
•
Encryption Policy
Password Management
Lock-screen Policy
Certificate Management
Radio Control
Wi-Fi Settings
Hardware Control
Application Control
< LG MDM Architecture >
5. Firmware Update Protection
Except secure update verified by RSA(2048bit) altorithm and SHA256 for hash, unsecured firmware update
methods is restricted in CC mode. For the details of secure updates, please see the Section 4. Secure Update
Process.
•
Restriction of firmware update other than FOTA (CC mode only)
6. Audit Logging
LG provides Audit Logging feature to record the auditable events to help monitor secure-related objectives,
including identification of certain events, reconstruction of events, intrusion detection and problem detection.
For this purpose, Audit Logging feature records each audit record as a specific formula including date and time
of events, type of event, subject identity and outcome of the event at least. Thus, the integrity of audit logs
must be protected from modification. This protection is achieved by SELinux policy and DAC. Audit Logging
can be automatically configured by enabling CC Mode. For the details of Audit Logging, please see the
Section 8. Audit Logging.
Page 8 of 66
3. Security Configuration
The LG V20, G5 Smartphone offers a rich built-in interface and MDM callable interface for security configuration.
This section identifies the security parameters for configuring your device in Common Criteria mode, for managing
its security settings and for controlling preinstalled and 3rd party applications. Please contact to support-enterprisemobility@lge.com for the information about the testing app, guide and the list of natively installed applications.
3.1 Common Criteria Mode
To configure your device into Common Criteria Mode, you must set the following options:
1.
Enable the password on the lock-screen
 Please refer to No.5,6,7 in 3.2 Common Criteria Related Settings
2.
Disallow the ‘Download Mode’
 Please refer to No 44 in 3.2 Common Criteria Related Settings
3.
Enable SD card encryption
 Please refer to No 3 in 3.2 Common Criteria Related Settings
4.
Disable the ‘Smart Lock’
 Please refer to No 14 in 3.2 Common Criteria Related Settings
5.
Disallow VPN split-tunneling
 Please refer to No 45 in 3.2 Common Criteria Related Settings
6.
Set CC mode
 Please refer to No 1 in 3.2 Common Criteria Related Settings
Note: Only the OpenSSL Cryptographic Module has been evaluated in the CC mode. While it is possible to use
other cryptographic modules without enabling CC mode, the use of them was not evaluated or tested during the CC
evaluation of the TOE.
3.2 Common Criteria Related Settings
The Common Criteria evaluation requires a range of security settings be available. Those security settings are
identified in the table below.
Security
Feature
CC
Mode
Encrypti
on
No.
1
2
Setting
Common
Criteria
Mode
Device
Encrypti
on
Description
Enable CC
mode
Encrypts all
internal
storage
Required
Value
Enable
Enable
API
[LGMDM]
void
setCommonCriteriaMode(C
omponentName who, int
mode)
mode =
LGMDMManager.COMMO
NCRITERIA_ENABLED
[LGMDM]
Void
setEncryptionPolicy(Compo
nentName who, int policy)
User Interface
N/A
Encrypt all data on
your phone.
Settings > Security >
Encrypt phone
Page 9 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
[LGMDM]
void
setEncryptionPolicy(Compo
nentName who, int policy)
Encrypt all data on
the SD card storage.
Settings > Security >
Encrypt SD card
storage.
Configure the Secure
start-up to be selected
“Require PIN to
power on phone”.
(LG G5 VS987
exceptionally turns
on the Secure start-up
in Settings >
Fingerprints &
security > Secure
start-up.)
Reset your settings to
the factory default
values and delete all
your data.
policy = 1
3
SD Card
Encrypti
on
Encrypts all
SD card
storage
Enable
policy = 2
4
Wipe
Device
Removes all
data from
device
Enable
[LGMDM]
void wipeData(int flags)
flags =
0(Device)
1(Device+Storage)
Passwor
d
Manage
ment
5
6
Password
Length
Password
Complex
ity
Minimum
number of
characters in
a password
Specify the
type of
characters
required in a
password
Greater
than 6
[DevicePolicyManager]
void
setPasswordMinimumLengt
h(ComponentName admin,
int length)
length = greater than 6
[DevicePolicyManager]
Void
setPasswordQuality(Compo
nentName admin, int
quality)
Quality :
DevicePolicyManager.PASS
WORD_QUALITY_COMP
LEX (393216)
Settings > Backup &
reset > Factory data
reset
Set a screen lock type
to secure your phone
Display > Lock
screen > Select
screen lock >
Password
Set a screen lock type
to secure your phone
Display > Lock
screen > Select
screen lock >
Password
&
=================
void
setPasswordMinimumLetter
s(ComponentName admin,
int length)
length = Insert the number
you want
or
Page 10 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
void
setPasswordMinimumNume
ric (ComponentName
admin, int length)
length = Insert the number
you want
or
void
setPasswordMinimumLower
Case (ComponentName
admin, int length)
length = Insert the number
you want
or
void
setPasswordMinimumUpper
Case (ComponentName
admin, int length)
length = Insert the number
you want
or
void
setPasswordMinimumSymb
ols (ComponentName
admin, int length)
length = Insert the number
you want
or
void
setPasswordMinimumNonL
etter (ComponentName
admin, int length)
length = Insert the number
you want
=================
7
Password
Expiratio
n
Maximum
length of
time before a
password
must change
[DevicePolicyManager]
N/A
Void
setPasswordExpirationTime
out(ComponentName admin,
long timeout)
timeout = millisecond unit
ex. 1Day = 24*60*60*1000)
8
Maximu
m
password
failed
attempt
Maximum
number of
authenticatio
n failures
10 or less
[DevicePolicyManager]
setMaximumFailedPassword
sForWipe(ComponentName
admin, int num)
N/A
Page 11 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
num = insert the number you
want
9
10
11
Lockscreen
12
Password
hit
Password
Visible
Show
password
Inactivity
to
lockout
Prevent
“Forgot
password”
5 or less
The last
character of
the password
is visible for
a few
seconds if
enabled
Disable
Disallow
show
password
option on the
configuratio
n screen of
lock-screen
password
Disable
Time before
lock-screen
is engaged
Less than
15 minutes
[DevicePolicyManager]
setMaximumFailedPassword
sForWipe(ComponentName
admin, int num)
num = insert the number you
want
[LGMDM]
Void
setAllowPasswordTypingVi
sible(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
[LGMDM]
N/A
Show the last
character of the
hidden password as
you type.
Settings > Security >
Password typing
visible
N/A
void
setAllowPasswordVisible
(ComponentName
who,
boolean allow)
allow = true : enabled
allow = false : disabled
[DevicePolicyManager]
void
setMaximumTimeToLock(C
omponentName admin, long
timeMs)
timeMs : millisecond unit
Sets the amount of
time before the
screen times out.
Settings > Display >
Screen timeout
Sets the amount of
time before the
screen automatically
locks after the
screen has timed-out.
Settings > Display >
Lock timer
13
Banner2)
Banner
message
displayed on
the lockscreen
Administra
tor defined
text
[LGMDM]
N/A
Void
setWarningMsg(Component
Name who, boolean allow,
String str)
allow = true
str = Insert the text you want
Page 12 of 66
Security
Feature
No.
14
15
Setting
Description
Required
Value
Remote
Lock
Lock the
device
remotely
Enable
Smart
lock
Control
smart lock
KEYGUA
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_TRUST_
AGENTS
API
[LGMDM]
User Interface
N/A
void lockNow()
[DevicePolicyManager]
N/A
void
setKeyguardDisabledFeature
s(ComponentName admin,
int which)
which =
KEYGUARD_DISABLE_T
RUST_AGENTS : disabled
which =
KEYGUARD_DISABLE_F
EATURES_NONE : enabled
16
Notificati
on
Disable
display
notification
on the lockscreen
KEYGUA
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_SECURE
_NOTIFIC
ATIONS
[DevicePolicyManager]
void
setKeyguardDisabledFeature
s(ComponentName admin,
int which)
which =
KEYGUARD_DISABLE_S
ECURE_NOTIFICATIONS
: disabled
which =
KEYGUARD_DISABLE_F
EATURES_NONE : enabled
17
18
Transitio
n to the
locked
state
Remove
Enterpris
e
applicati
ons
Prevents a
user from
turning off
the power
button
instantly
locks.
Disable
You cannot
see the
application
icon in the
Launcher's
menu
Disable
public void
setEnforcePowerButtonLock
s (ComponentName who,
boolean allow)
N/A
allow = true : enabled
allow = false : disabled
public void
setApplicationState
(ComponentName who,
List<LGMDMApplicationSt
ate> applicationStateList)
N/A
applicationStateList
application state list
LGMDMApplicationState.
If it is null or empty list,
remove all application state
Page 13 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
policies.
Certifica
te
Manage
ment
19
20
Import
CA
Certificat
es
Remove
Certificat
es
Import CA
Certificates
into the
Trust
Anchor
Database or
the
credential
storage
[LGMDM]
int
installCertificate(Component
Name who, String path,
String password)
path : path of file location
password : PKCS12
password
[LGMDM]
Remove
certificates
from the
Trust
Anchor
Database or
the
credential
storage
Boolean
uninstallCertificate(Compon
entName who, String
certificateId)
Install certificates
from storage
Settings > Security >
Credential storage >
Install from storage
Deletes all secure
certificates and
related credentials
and erases the secure
storage’s own
password. you’re
prompted to confirm
you want to clear this
data.
Settings > Security >
Credential storage >
Install from storage >
Clear credentials
Radio
Control
21
Control
Wi-Fi
Control
access to
Wi-Fi
Enable/Dis
able
[LGMDM]
void
setAllowWifi(ComponentNa
me who, boolean allow)
Turns on Wi-Fi to
connect to available
Wi-Fi networks.
Settings > Networks
> Wi-Fi
allow = true : enabled
allow = false : disabled
22
Control
GPS
Control
access to
GPS
Enable/Dis
able
[LGMDM]
void
setAllowGPSLocation(Com
ponentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
23
Control
Cellular
Control
access to
Cellular
Enable/Dis
able
[LGMDM]
void
setEnforceAirplaneMode(Co
mponentName who, boolean
enforce)
enforce = true : enforce
AirplaneMode
Turn on location
service, your phone
determines your
approximate location
using GPS.
Settings > General >
Location > Mode >
Device sensors
only(GPS only)
Turn off all wireless
connections(Wi-Fi,
Bluetooth and data)
and calls.
Settings > Networks
> More > Wireless &
networks > Airplane
mode
enforce=false : no
Page 14 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
restriction(default)
void
setAllowAirplaneModeOn(C
omponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
24
Control
NFC
Control
access to
NFC
Enable/Dis
able
[LGMDM]
void
setAllowNfc(ComponentNa
me who, int allow)
allow = true : enabled
allow = false : disabled
25
Control
Bluetoot
h
Control
access to
Bluetooth
Enable/Dis
able
[LGMDM]
void
setAllowBluetooth(Compon
entName who, int allow)
Allow sending and
receiving data, such
as transportation or
credit card info, by
holding phone and
other device together.
Settings > Networks
> Share & connect >
NFC
Turn the Bluetooth
wireless feature on or
off to use Bluetooth
Settings > Networks
> Bluetooth
allow = true : enabled
allow = false : disabled
26
27
Control
Location
Service
Control
SMS
Control
access to
Location
Service
Control
Messaging
capabilities
Enable/Dis
able
Enable/Dis
able
[LGMDM]
void
setAllowGPSLocation(Com
ponentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
public void
setAllowWirelessLocation(C
omponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
[LGMDM]
Turn on location
service, your phone
determines your
approximate location
using GPS, Wi-Fi and
mobile networks
Settings > General >
Location > Mode >
High accuracy(GPS
and networks)
N/A
void
setAllowSendingSms(Comp
onentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
void
setAllowReceivingSmsMms
Page 15 of 66
Security
Feature
No.
28
Setting
Control
VPN
Description
Control
access to
VPN
Required
Value
Enable/Dis
able
API
(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
[LGMDM]
void
setAllowVpn(ComponentNa
me who, boolean allow)
allow = true : enabled
allow = false : disabled
User Interface
Displays the list of
Virtual Private
Networks (VPNs)
that you've
previously
configured. Allows
you to add different
types of VPNs.
Settings > Networks
> More > Wireless &
networks > VPN
29
Enable/di
sable
Bluetoot
h BR/DR
Prevents a
user from
ready to
connect in
Bluetooth.
Disable
public void
setAllowReadyToConnectIn
Bluetooth (ComponentName
who, boolean allow)
N/A
allow = true : enabled
allow = false : disabled
Wi-Fi
Settings
30
Specify
Wi-Fi
SSIDs
Specify
SSID values
for
connecting
to Wi-Fi.
Can also
create white
and black
lists for
SSIDs.
listType =
2
[LGMDM]
void
setAllowWiFiSSIDList(Com
ponentName who, int
listType, List<String>
wblist)
Settings > Networks
> Wi-Fi
listType = 1 : Black list
listType = 2 : White list
wblist = list of WiFi SSID
31
Set
WLAN
CA
Certificat
e
Select the
CA
Certificate
for the WiFI
connection
CA
Certificate
[LGMDM]
Int
installCertificateSelectUsety
pe(ComponentName who,
String path, String password,
int useType)
Settings > Security >
Credential storage >
Install from storage
useType = 2
32
Specify
security
type
Specify the
connection
security
(WEP,
WPA2, etc)
Wi-Fi
connection
type
[LGMDM]
void
setWiFiSecurityLevel(Comp
onentName who, int policy)
policy = 0~3
Turns on Wi-Fi to
connect to available
Wi-Fi networks.
Settings > Networks
> Wi-Fi> select
connected Wi-Fi >
check the security
Page 16 of 66
Security
Feature
No.
33
Setting
Select
authentic
ation
protocol
Description
Specify the
EAP-TLS
connection
values
Required
Value
Wi-Fi
protocol
API
NONE : 0
WEP : 1
WPA: 2
EAP : 3
[LGMDM]
void setEap(String eap);
eap = “TLS”
“FAST”
“PEAP”
“TTLS”
User Interface
type
Turns on Wi-Fi to
connect to available
Wi-Fi networks.
Settings > Networks
> Wi-Fi > Select
Option Menu >
Saved Wi-Fi > check
configured Wi-Fi
Ex)
LGMDMWifiConfiguration
newConfig = new
LGMDMWifiConfiguration(
);
newConfig.SSID = oldSSID;
newConfig.hiddenSSID =
false;
newConfig.priority =
oldPriority;
newConfig.allowedKeyMan
agement.set(LGMDMWifiC
onfiguration.KeyMgmt.WP
A_EAP);
newConfig.allowedKeyMan
agement.set(LGMDMWifiC
onfiguration.KeyMgmt.IEE
E8021X);
newConfig.setEap("TLS")
;
newConfig.setPhase2("None
");
newConfig.setIdentity("wifiuser");
newConfig.setCaCert("pmk"
);
newConfig.setClientCert("p
mk");
newConfig.setEngine(LGM
DMWifiConfiguration.ENG
INE_ENABLE);
newConfig.setEngineId(LG
MDMWifiConfiguration.KE
YSTORE_ENGINE_ID);
newConfig.setKeyId("pmk")
;
LGMDMManager.getInstan
Page 17 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
ce().addWifiNetwork(newC
onfig)
34
Select
client
credentia
ls
Specify the
client
credentials
to access a
specified
WLAN
Wi-Fi
credentials
[LGMDM]
List<String>
enumCertificateIdSelectUset
ype(ComponentName who,
int useType)
useType = 2
Hardwar
e
Control
35
Control
Microph
one
Control
access to
microphones
Enable/Dis
able
[LGMDM]
Settings > General >
Fingerprints &
Security > Certificate
management >
Trusted credentials >
select User tab >
check configured
credentials
N/A
void
setAllowMicrophone(Comp
onentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
36
Control
Camera
Control
access to
camera
Enable/Dis
able
[LGMDM]
N/A
void
setCameraDisabled(Compon
entName admin, boolean
disabled)
disabled = true : disabled
disabled = false : allow
37
38
Control
USB
Mass
Storage
Control
access to
mounting
the device
for storage
over USB.
Enable/Dis
able
[LGMDM]
Control
USB
Debuggi
ng
Control
access to
USB
debugging.
Enable/Dis
able
[LGMDM]
public void
setAllowUsb(ComponentNa
me who, boolean allow)
allow = true : enabled
allow = false : disabled
void
setAllowUSBDebugging(Co
mponentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
39
Control
SD Card
Control
access to SD
card storage.
Enable/Dis
able
N/A
[LGMDM]
void
setAllowExternalMemorySl
ot(ComponentName who,
boolean allow)
Turn on debug mode
when USB is
connected
Settings > General >
Developer options >
USB debugging
Settings > General >
Storage >SD CARD
allow = true : enabled
Page 18 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
allow = false : disabled
40
Control
USB
Tethered
Connecti
ons
Control
access to
USB
tethered
connections.
Enable/Dis
able
[LGMDM]
void
setAllowUSBTethering(Co
mponentName who, boolean
allow)
allow = true : enabled
allow = false : disabled
41
Control
Bluetoot
h
Tethered
Connecti
ons
Control
access to
Bluetooth
tethered
connections.
Enable/Dis
able
[LGMDM]
void
setAllowBluetoothTethering
(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
42
Control
Hotspot
Connecti
ons
Control
access to
Wi-Fi
hotspot
connections
Enable/Dis
able
[LGMDM]
void
setAllowHotspot(Componen
tName who, boolean allow)
allow = true : enabled
allow = false : disabled
Connect the USB
cable to share the
internet connection
with the computer.
Settings > Networks
> More > Wireless &
networks > USB
tethering
Turn on Bluetooth
tethering and connect
other devices to
phone via Bluetooth
Settings > Networks
> More > Wireless &
networks > Bluetooth
tethering
Allows you to use
your device as a WiFi hotspot for other
devices to use your
mobile network
connection.
Set up Wi-Fi hotspot:
Sets the SSID and
password for your
Wi-Fi hotspot.
Timeout: Allows you
to set the time after
which Wi-Fi hotspot
automatically turns
off.
Settings > Networks
> More > Wireless &
networks > Mobile
Hotspot
43
Automati
c Time
Allows the
device to get
time from
the Wi-Fi
connection
Enable/Dis
able
[LGMDM]
void
setAllowChangeDateAndTi
me(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
Use Date & time
settings to set how
dates will be
displayed. You can
also use these settings
to set your own time
and time zone rather
than obtaining the
current time from the
mobile network.
Settings > General >
Page 19 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
Date & Time
44
Applicat
ion
Control
45
Enable/di
sable all
data
signaling
over
USB
The USB
mode is
forced to be
configured
as none.
Install
Applicati
on
Installs
specified
application
Disable
public void
setEnforceUsbModeAsNone
(ComponentName who,
boolean enforce)
N/A
enforce = true : enforce
enforce = false : release
[LGMDM]
N/A
void
installApplication(Compone
ntName who, String path)
path : apk file path to the
installation.
46
Uninstall
Applicati
on
Uninstalls
specified
application
[LGMDM]
public void
uninstallApplication(Compo
nentName who, String
packageName)
Settings > General >
Application manager
> menu > Uninstall
apps
packageName : package
name to be deleted.
47
Applicati
on
Whitelist
Specifies a
list of
applications
that may be
installed
[LGMDM]
<install>
Settings > General >
Application manager
public void
setAllowInstallApplication(
ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
&
void
setApplicationState(Compon
entName who,
List<LGMDMApplicationSt
ate> applicationStateList)
applicationStateList: Insert
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
Page 20 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
ext.getText().toString());
item.setAllowInstallation(1);
item.setAllowUninstallation(
0~2);
item.setEnable(0~2);
mSelectedAppStateList.add(
item);
<uninstall>
public void
setAllowUninstallApplicatio
n(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
&
void
setApplicationState(Compon
entName who,
List<LGMDMApplicationSt
ate> applicationStateList)
applicationStateList: Insert
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
ext.getText().toString());
item.setAllowInstallation(0~
2);
item.setAllowUninstallation(
1);
item.setEnable(0~2);
mSelectedAppStateList.add(
item);
48
Applicati
on
Blacklist
Specifies a
list of
applications
that may not
be installed
[LGMDM]
<install>
Settings > General >
Application manager
void
setApplicationState(Compon
entName who,
List<LGMDMApplicationSt
ate> applicationStateList)
applicationStateList: Insert
Page 21 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
ext.getText().toString());
item.setAllowInstallation(2);
item.setAllowUninstallation(
0~2);
item.setEnable(0~3);
mSelectedAppStateList.add(
item);
<uninstall>
void
setApplicationState(Compon
entName who,
List<LGMDMApplicationSt
ate> applicationStateList)
applicationStateList: Insert
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
ext.getText().toString());
item.setAllowInstallation(0~
2);
item.setAllowUninstallation(
2);
item.setEnable(0~3);
mSelectedAppStateList.add(
item);
<running>
void
setApplicationState(Compon
entName who,
List<LGMDMApplicationSt
Page 22 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
ate> applicationStateList)
applicationStateList: Insert
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
ext.getText().toString());
item.setAllowInstallation(0~
2);
item.setAllowUninstallation(
0~2);
item.setEnable(2~3);
mSelectedAppStateList.add(
item);
49
Applicati
on
Reposito
ry
Specifies the
location
from which
applications
may be
installed
Void
setAllowInstallation(int
allowInstallation)
N/A
allowInstallation :
0(Default)
1(Enabled)
2(Disabled)
&
void
installApplication(Compone
ntName who, String path)
path : apk file path to the
installation.
Downloa
d Mode
50
Control
Downloa
d Mode
Control
access to
Download
Mode
[LGMDM]
Int
setAllowDownloadMode(Co
mponentName who, boolean
allow)
N/A
allow = true : enabled
allow = false : disabled
VPN
51
Control
VPN
splittunneling
Control
access to
VPN splittunneling
Disable
[LGMDM]
void
setAllowVPNSplitTunneling
(ComponentName who,
boolean allow)
N/A
Page 23 of 66
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
allow = true : enabled
allow = false : disabled
Backup
52
Enable/di
sable
backup
to
Disable
backup
to
locally
connected
system
Disable
public void
setAllowGoogleBackup
(ComponentName who,
boolean allow)
N/A
allow = true : enabled
allow = false : disabled
Disable
backup to
remote
system
public void
setAllowSpecificApplication
(ComponentName who,
LGMDMManager.Applicati
onType applicationType,
boolean allow)
LGMDMManager.Applicati
onType.LGBACKUP is for
allowing/disallowing
LGBackup
Audit
Logging
53
54
Configur
e the
auditable
items
Read
audit
logs kept
by the
TSF
CC mode is
forced to be
configured
with
auditable
items at one
time
Admin only
can access
audit logs
Enable
allow = true : enabled
allow = false : disabled
public boolean
setGranularControlOnCCMo
de (ComponentName who,
int function)
N/A
CC_MODE = 0x01,
CC_AUDIT_LOGGING =
0x2, ....
ex ) 0x3 is CC_MODE ==
ON,
CC_AUDIT_LOGGING ==
ON.
Enable
Returns
true : CC mode Service is
enabled, policy is called
false : CC mode Service is
not enabled, policy is not
called
public ParcelFileDescriptor
ExportCCauditLogFile
(ComponentName who)
N/A
Returns
ParcelFileDescriptor
Page 24 of 66
[Password Policy Recommendation]
To configure good and strong password, next password policies are strongly recommended
1.
Password Length
For setting the good password, administrator has to set password length. It is recommended that the
password length is more than 8 characters.
 Please refer to No.5 in 3.2 Common Criteria Related Settings
2.
Password Complexity and Quality
Password complexity should include more than 1 character, number and symbol. Administrator can
enforce minimum number of numeric, upper and lower case, symbol, and so on. Administrator also can
choose one of password quality to increase the level of password strength;
PASSWORD_QUALITY_UNSPECIFIED,PASSWORD_QUALITY_SOMETHING,
PASSWORD_QUALITY_NUMERIC,PASSWORD_QUALITY_ALPHABETIC,
PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX.
 Please refer to No 6 in 3.2 Common Criteria Related Settings
3.
Maximum password failed attempt
Administrator can set maximum password failed attempt policy. The device will be wiped immediately
when maximum count is reached in case of unsuccessful authentication. For example, when maximum
password failed attempt is 10, if the half of maximum count(5) is reached , device shows the warning
dialog that displays ‘Life is good’ message and requires user input to continue trying authentication and
then, if maximum count(10) is reached, the device will be wiped.
 Please refer to No 8 in 3.2 Common Criteria Related Settings
Page 25 of 66
4. Secure Update Process
This section provides how secure updates are delivered. LG FOTA supports below verification item for secure
update when delta package for FOTA is placed on device’s storage.


Verification of delta package itself
Verification of whether delta package is for the device’s image or not
Verification of delta package itself is done through checking signature of it. The signature is made for every
delta package of firmware images and files. It’s used RSA(2048bit) altorithm and SHA256 for hash, to make
signature for packages of each images.
Verification of whether delta package is for the device’s image is done through checking CRC of every image
(CRC-32). It checks identification between calculated CRC value of every image such as all firmware image and all
files, and delivered CRC value of delta packages for
Download delta package
Check Signature
of whole pkg.
Write a update setting value to eMMC
Reset Device & reboot
Read a update setting value on eMMC
Update?
Stop FOTA Upgrade
Whole Signature mismatch error occurred
&
Device goes to Idle status
Magic code?
Check Signature
of each FW pkg.
Check identification by
CRC for each FW images
FW Signature mismatch error occurred
&
Normal boot
Validation Fail occurred
(Mismatch between FW image & pkg.)
&
Normal boot
Check Signature
of each File pkg.
FS Signature mismatch error occurred
&
Normal boot
Check identification by
CRC for each File
Validation Fail occurred
(Mismatch between FS image & pkg.)
&
Normal boot
Update Firmware images
Update Files
Reset & Normal booting
[FOTA update process for secure delta package]
Page 26 of 66
5. Cryptographic APIs
The following Algorithms are evaluated by CCTL (CC Testing Laboratory). You can access to the following
algorithms by using Android Cryptographic APIs.
5.1 FCS_CKM.2(1) - RSA
Assume that Alice knows a private key and Bob knows Alice’s public key.
Bob sent a key encrypted by the public key.
This example shows how Alice gets a plain key sent by Bob.
Alice needs her own private key to decrypt an encrypted key.
// generate an Alice’s private key
KeyFactory kf = KeyFactory.getInstance("RSA", “ AndroidOpenSSL”);
RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec(
new BigInteger(n, 16), new BigInteger(d, 16));
// generate private key
PrivateKey privKey = kf.generatePrivate(rsa_private);
// Decrypt an encrypted key
Cipher cipher = Cipher.getInstance(“ RSA/ECB/NoPadding”, “ AndroidOpenSSL”);
cipher.init(Cipher.DECRYPT_MODE, privKey);
cipher.update(encryptedKey);
byte[] resultK = cipher.doFinal();
Algorithms of AndroidOpenSSL for RSA Pair-wise key establishment
“RSA/ECB/NoPadding”
“RSA/ECB/PKCS1Padding”
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html
5.2 FCS_CKM.2(1) – ECDH
Assume that Alice knows a private key and a Bob’s public key.
Bob knows his private key and an Alice’s public key.
Then Alice and Bob can share a secret key via ECDH Key agreement.
// Bob’s public key
ECPublicKey BobPubkey = … ;
// Alice’s private key generation
ECPrivateKey AlicePrivkey = … ;
//Generate Secret key in Bob Side
KeyAgreement ka = KeyAgreement.getInstance(“ECDH”,” AndroidOpenSSL”);
ka.init(AlicePrivkey);
ka.doPhase(BobPubkey, true);
byte[] secret = ka.generateSecret();
Key agreement of AndroidOpenSSL
“ECDH” for KeyAgreement
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/crypto/KeyAgreement.html
Page 27 of 66
5.3 FCS_COP.1(1) - AES CBC
Cipher class encrypts or decrypts a plaintext.
// get cipher instance with provided algorithm and provider
Cipher cipher = Cipher.getInstance(“AES/CBC/NoPadding”, “ AndroidOpenSSL”);
// generate key and iv to be used when encrypt or decrypt
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
// initiate cipher instance as encrypt mode
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
byte[] encrypted = cipher.doFinal(plaintext);
// initiate cipher instance as decrypt mode
cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);
byte[] decrypted = cipher.doFinal(encrypted);
AES algorithms of AndroidOpenSSL
“AES/CBC/NoPadding”
Reference webpage
http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html
5.4 FCS_COP.1(2) - SHA
You can use MessageDigest class to calculate the hash of plaintext.
MessageDigest md = MessageDigest.getInstance(“ SHA-256”, “ AndroidOpenSSL”);
md.update(plaintext);
byte[] hashdata = md.digest();
MessageDigest algorithms of AndroidOpenSSL
“SHA-1”, “SHA-256”, “SHA-384”, “SHA-512”
Reference webpage:
http://developer.android.com/reference/java/security/MessageDigest.html
Page 28 of 66
5.5 FCS_COP.1(3) – RSA(Signature Algorithms)
KeyFactory class generates RSA private key and public key.
Signature class signs a plaintext with private key generated above and verifies it with public key.
// generate key spec
KeyFactory kf = KeyFactory.getInstance(“RSA”, “ AndroidOpenSSL”);
RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec(
new BigInteger(n, 16), new BigInteger(d, 16));
RSAPublicKeySpec rsa_public = new RSAPublicKeySpec(
new BigInteger(n, 16), new BigInteger(e, 16));
// generate key
PrivateKey privKey = kf.generatePrivate(rsa_private);
PublicKey pubKey = kf.generatePublic(rsa_public);
// sign test
Signature signature = Signature.getInstance(“ SHA1WithRSA”, “ AndroidOpenSSL”);
signature.initSign(privKey);
signature.update(plaintext);
byte[] signed = signature.sign();
// verify test
signature.initVerify(pubKey);
signature.update(plaintext);
boolean verified = signature.verify(signed);
Signature algorithms of AndroidOpenSSL
“SHA1WithRSA”
“SHA256WithRSA”
“SHA384WithRSA”
“SHA512WithRSA”
Key generators of AndroidOpenSSL
“RSA” KeyFactory
“RSA” KeyPairGenerator
Reference webpages:
http://developer.android.com/reference/java/security/KeyFactory.html
http://developer.android.com/reference/java/security/Signature.html
http://developer.android.com/reference/java/security/spec/RSAPrivateKeySpec.html
http://developer.android.com/reference/java/security/spec/RSAPublicKeySpec.html
Page 29 of 66
5.6 FCS_COP.1(3) – ECDSA(Signature Algorithms)
Signature class signs a hash data with EC private key and verifies it with EC public key.
KeyPairGenerator kpg;
ECGenParameterSpec kpgparams;
kpg = KeyPairGenerator.getInstance("EC", “AndroidOpenSSL”);
kpgparams = new ECGenParameterSpec(”secp256r1”);
kpg.initialize(kpgparams, new SecureRandom());
ECParameterSpec params = ((ECPublicKey)kpg.generateKeyPair().getPublic()).getParams();
// key spec generation
ECPoint point = new ECPoint(Qx, Qy);
ECPublicKeySpec ec_public = new ECPublicKeySpec(point, params);
ECPrivateKeySpec ec_private = new ECPrivateKeySpec(d, params);
// key generation
KeyFactory kf;
kf = KeyFactory.getInstance("EC", “AndroidOpenSSL”);
ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(ec_private);
ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(ec_public);
// sign the hashdata and generate signature
Signature signature = Signature.getInstance(“SHA256WithECDSA”, “AndroidOpenSSL”);
signature.initSign(privkey);
signature.update(hashdata);
byte[] signed = signature.sign();
// verify the signature with public key
signature.initVerify(pubkey);
signature.update(hashdata);
boolean verified = signature.verify(signed);
Signature algorithms of AndroidOpenSSL
“SHA256withECDSA”
“SHA384withECDSA”
“SHA512withECDSA”
Key generators of AndroidOpenSSL
“EC” for KeyFactory
“EC” for KeyPairGenerator
Supported curves
“secp256r1”
“secp384r1”
“secp521r1”
Reference webpages:
http://developer.android.com/reference/java/security/Signature.html
http://developer.android.com/reference/java/security/spec/ECPublicKeySpec.html
http://developer.android.com/reference/java/security/spec/ECPrivateKeySpec.html
Page 30 of 66
5.7 FCS_COP.1(4) - HMAC
Mac class calculates the hash of plaintext with key.
Mac hmac = Mac.getInstance(“HmacSHA1”, “ AndroidOpenSSL”);
SecretKeySpec secretkey = new SecretKeySpec(key, algorithm);
hmac.init(secretkey);
byte[] hmacdata = hmac.doFinal(plaintext);
MAC algorithms of AndroidOpenSSL
“HmacSHA1”
“HmacSHA256”
“HmacSHA384”
“HmacSHA512”
Reference webpages:
http://developer.android.com/reference/javax/crypto/Mac.html
Page 31 of 66
6. VPN Configuration
The LG VPN in LGE mobile devices provides IPsec VPN connection.
If a VPN connection is established, interceptor module(kernel side) in LG VPN is able to control all inbound and
outbound traffic traverse.
It means that all IP traffics are controlled through the VPN client (IPsec tunnels).
Applications
User
socket
<Inbound>
LG VPN
socket
socket
Kernel
interceptor
tun0
Routing
Routing
Applications
User
socket
<Outbound>
LG VPN
socket
eth0
socket
Kernel
Routing
tun0
interceptor
Routing
eth0
The Split-tunneling feature is enabled by default. So, the Split-tunneling feature must be disabled on the
CC Mode. The feature can be configured by MDM capability.
Page 32 of 66
7. Wi-Fi Configuration
User can set Wi-Fi configuration on the device by going to ‘Settings > Wi-Fi’.
Follow the next instructions to test EAP-TLS/TTLS in the LGE devices:
1.
2.
3.
Place certificates into internal storage or external SD card by using MTP or Email attachment.
Administrators are able to distribute certificates by web link that executes certificates installation directly.
“Install certificates” of the “PERSONAL” tab on the “advanced Wi-Fi” menu.
- Must select “Wi-Fi” of “Credential use” tab.
Back to the Wi-Fi menu, Select Access point which is supported EAP-method.
- Select EAP method to “TLS” or “TTLS”
- Select CA certificate, User certificate installed on Step #2
- Input identity parameter.
- Push “Connect” button.
Page 33 of 66
8. Bluetooth Configuration
User can set Bluetooth configuration on the device by going to ‘Settings > Bluetooth’.
Follow the next instructions to test pairing with a remote Bluetooth device:
1.
2.
3.
4.
Search remote device
Select device to pair if you find remote device
Please check passkey and select “PAIR”
You can connect device if you success to pair.
5.
You can delete device in your paired list if you select Unpair menu.
Page 34 of 66
9. Audit Logging
A MDM client can get the audit log file using the API #52 ‘Read audit logs’ that is mentioned in Section 3.2
Common Criteria Related Settings.
Basically, the whole concept of Audit logging is based on Android logging system. The following provides
examples of audit log.
12-31 20:27:05.776 2662 2662 I CCModeService: FIPS validated BouncyCastle self-test success!!!
12-31 20:25:51.605 819 819 D CCAUDIT_KERN: <6>[ 1.796391 / 01-01 00:00:01.739][5] [880] [CCAudit]
Secure boot Success
Similar to Android logging system, basic format of Audit logging is written and it represents fields as follows.
•
•
•
•
•
Date and time of the event;
type of event; This is described as log level and log tag
subject identity; This is described as PID and PPID
the outcome (success or failure) of the event; and
additional information in the below table.
Audit logs of kernel are also complied with typical kernel log. These additionally contains typical kernel log
information in the outcome field and tag the log with ‘CCAUDIT_KERN’.
Each field of two example logs corresponds with above format as below.
Date and Time
12-31
20:27:05.776
12-31
20:25:51.605
Type of event
Subject
identity
The outcome
I / CCModeService
2662 / 2662
FIPS validated BouncyCastle self-test success!!!
D / CCAUDIT_KERN
819 / 819
<6>[ 1.796391 / 01-01 00:00:01.739][5] [880]
[CCAudit] Secure boot Success
The following provides a list of audit events required by the MDFPP so the administrator knows what to look for
when reading the audit log.
MDFPP
Requirem
ent
FAU_GEN
.1.1
Auditable
Events
Start-up and
shutdown of the
audit functions;
All
administrative
actions;
Start-up and
shutdown of the
OS and kernel;
Additional
Audit Record
Contents
The outcome of Audit Records
a. write_flag_to_misc::CC_AUDIT_LOGGING is started
b. write_flag_to_misc::CC_AUDIT_LOGGING is stopped
a.
setAllowBluetooth(ComponentInfo{com.lge.mdm.newclient/co
m.lge.mdm.newclient.MainActivity$DeviceAdminSampleRecei
ver}) : 1
a. [CCAudit] Run init process for OS startup
b. devicePowerOff, devicefunction : 1, who :
com.lge.mdm.newclient
c. start normal shutdown
Page 35 of 66
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
Insertion or
removal of
removable
media;
a. [CCAudit] mmc1: slot status change detected (0 -> 1)
b. [CCAudit] mmc1: slot status change detected (1 -> 0)
log :
c. [CCAudit] mmc1: slot status change detected (0 -> 1)
d. [CCAudit] mmc1: slot status change detected (1 -> 0)
a. [gmail-ls][Account {name=ccaudit.test@gmail.com,
type=com.google}] Account synchronizing connection is
established,,,
Establishment of
a synchronizing
connection;
FCS_CKM
_EXT.1
FCS_CKM
.1(1)
FCS_HTT
PS_EXT.1
The outcome of Audit Records
[selection: Audit
records reaching
[95] percentage
of audit
capacity].
[selection: none]
a. CCAudit logging record reaches 95 percent
Failure of key
generation
activity for
authentication
keys.
Failure of the
certificate
validity check.
a. Primary keymaster device failed to generate key, falling back
to SW.
b. rc ERROR : -4
Issuer Name and
Subject Name of
certificate.
[selection:
User's
authorization
decision, no
additional
information].
FCS_RBG
_EXT.1
Failure of the
randomization
process.
FCS_STG_
EXT.1
Import or
destruction of
key.
[selection:
Exceptions to
use and
destruction
rules, No other
events]
Identity of key.
Role and
identity of
requestor.
FCS_STG_
EXT.3
Failure to verify
integrity of
stored key.
Identity of key
being verified.
a. SSL:Certificate invalid:subject name=/OU=Domain Control
Validated/OU=COMODO SSL
Wildcard/CN=*.crashlytics.com:issuer
name=/C=GB/ST=Greater
Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO RSA Domain Validation Secure Server
CA
a. dual ec drbg disabled
b. error initialising drbg
c. no fips random method set
a. importKey keyName =
USRPKEY_9fcbc887f0ab90118827ec41270497dee5dc629e,
uid = -1
del : filename :
user_0/1000_USRPKEY_6f41232b523647d0043d9c57a309255
0cdf0bc50, keyBlob type : 4, userId = 0
del : filename :
user_0/1000_USRCERT_6f41232b523647d0043d9c57a309255
0cdf0bc50, keyBlob del : filename :
user_0/1000_CACERT_6f41232b523647d0043d9c57a3092550
cdf0bc50, keyBlob type : 1, userId = 0
a. Failed to verify integrity of stored key :
user_0/1000_USRCERT_111
Page 36 of 66
MDFPP
Requirem
ent
FCS_TLS
C_EXT.1
Auditable
Events
Failure to
establish an
EAP-TLS
session.
Additional
Audit Record
Contents
Reason for
failure.
The outcome of Audit Records
1. Invalid information when EAP-TLS connection
a. Wi-Fi EAP-TLS Private key not configured
b. Wi-Fi EAP-TLS ca_cert is invalid.
c. Wi-Fi EAP-TLS client_cert is invalid.
d. Wi-Fi EAP-TLS key_id is invalid.
e. Wi-Fi TLS: Failed to load private key
f. Wi-Fi TLS: Failed to set TLS connection parameters
2. Failure in SSL initialize during EAP-TLS connection
a. Wi-Fi EAP-TLS Failed to initialize SSL.
b. Wi-Fi EAP-TLS SSL : Failed to initialize new TLS
connection
3. When EAP-TLS connect/disconnect/connect fail
a. Wi-Fi EAP-TLS Done(establish)
b. Wi-Fi EAP-TLS session termination!!
c. Wi-Fi EAP-TSL SSL: Received non-ACK when output
fragments are waiting to be sent out
d. Wi-Fi EAP-TLS SSL: Failed - tls_out available to report error
e. Wi-Fi EAP-TLS SSL: TLS errors detected
f. Wi-Fi EAP-TLS SSL: Invalid TLS message: no Flags octet
included
Establishment/te
rmination of an
EAP-TLS
session.
Non-TOE
endpoint of
connection.
4. Connection success/failure
a. Wi-Fi Connection success
b. Wi-Fi Connect Failure
1. Invalid information when EAP-TLS connection
a. Wi-Fi EAP-TLS Private key not configured
b. Wi-Fi EAP-TLS ca_cert is invalid.
c. Wi-Fi EAP-TLS client_cert is invalid.
d. Wi-Fi EAP-TLS key_id is invalid.
e. Wi-Fi TLS: Failed to load private key
f. Wi-Fi TLS: Failed to set TLS connection parameters
2. Failure in SSL initialize during EAP-TLS connection
a. Wi-Fi EAP-TLS Failed to initialize SSL.
b. Wi-Fi EAP-TLS SSL : Failed to initialize new TLS
connection
3. When EAP-TLS connect/disconnect/connect fail
a. Wi-Fi EAP-TLS Done(establish)
b. Wi-Fi EAP-TLS session termination!!
c. Wi-Fi EAP-TSL SSL: Received non-ACK when output
fragments are waiting to be sent out
d. Wi-Fi EAP-TLS SSL: Failed - tls_out available to report error
e. Wi-Fi EAP-TLS SSL: TLS errors detected
f. Wi-Fi EAP-TLS SSL: Invalid TLS message: no Flags octet
included
4. Connection success/failure
a. Wi-Fi Connection success
b. Wi-Fi Connect Failure
Page 37 of 66
MDFPP
Requirem
ent
FCS_TLS
C_EXT.2
FDP_DAR
_EXT.1
Auditable
Events
Additional
Audit Record
Contents
Failure to
establish a TLS
session.
Reason for
failure.
Failure to verify
presented
identifier.
Presented
identifier and
reference
identifier.
Non-TOE
endpoint of
connection.
Establishment/te
rmination of a
TLS session.
Failure to
encrypt/decrypt
data.
FDP_STG
_EXT.1
Addition or
removal of
certificate from
Trust Anchor
Database.
Subject name of
certificate.
FDP_UPC
_EXT.1
Application
initiation of
trusted channel.
Name of
application.
Trusted channel
protocol.
Non-TOE
endpoint of
connection.
FIA_AFL_
EXT.1
Excess of
authentication
failure limit.
The outcome of Audit Records
SSL:Validation error:subject
name=/C=US/ST=California/L=Mountain View/O=Google
Inc/CN=*.googleapis.com:issuer name=/C=US/O=Google
Inc/CN=Google Internet Authority G2
a. connect to google.com, facebook.com,ssllabs.com through
https://
a. SSL:session connected:hostname=www.googleapis.com
b. SSL:session
terminated:hostname=www.googleadservices.com
a. [CCAudit] Error getting random bytes in SEC mode
b. [CCAudit] ecryptfs_filldir: Error attempting to decode and
decrypt
c. [CCAudit] Error attempting to allocate memory
d. [CCAudit] ecryptfs_open: Error attempting to initialize the
lower file for the dentry with name
a. Addition CA Cert - C=FI,O=Authentec\, Inc.,CN=Test RSA
CA
b. Delete CA Cert - CN=GeoTrust Primary Certification
Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use
only, O=GeoTrust Inc., C=US
c. Delete CA Cert - OU=certSIGN ROOT CA, O=certSIGN,
C=RO
d. Delete CA Cert - CN=DST ACES CA X6, OU=DST ACES,
O=Digital Signature Trust, C=US
e. Delete CA Cert - CN=GeoTrust Global CA, O=GeoTrust Inc.,
C=US
f. Delete CA Cert - CN=USERTrust ECC Certification
Authority, O=The USERTRUST Network, L=Jersey City,
ST=New Jersey, C=US
g. Delete CA Cert - CN=UTN-USERFirst-Hardware,
OU=http://www.usertrust.com, O=The USERTRUST Network,
L=Salt Lake City, ST=UT, C=US
a. com.slacker.radio attempts to establish SSL/TLS connection.
b. com.slacker.radio attempts to establish SSL/TLS connection.
c. com.vcast.mediamanager attempts to establish SSL/TLS
connection.
d. com.vcast.mediamanager attempts to establish SSL/TLS
connection.
e. com.cequint.ecid attempts to establish SSL/TLS connection.
f. com.cequint.ecid attempts to establish SSL/TLS connection.
a. Excess of authentication failure limit.
Page 38 of 66
MDFPP
Requirem
ent
FIA_BLT_
EXT.1
Auditable
Events
User
authorization of
Bluetooth
device.
User
authorization for
local Bluetooth
service.
Additional
Audit Record
Contents
The outcome of Audit Records
User
authorization
decision.
Bluetooth
address and
name of device.
Bluetooth
profile. Identity
of local service.
1. PAIR :
a. [FIA_BLT_EXT.1] - (NEW_PAIR_REQUEST) :
b. [FIA_BLT_EXT.1] - (SSP_REQUEST) : XXXX
[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:794842
VARIANT:PAIRING_VARIANT_PASSKEY_CONFIRMATI
ON
c. [FIA_BLT_EXT.1] - (BOND_BONDED) :
XXXX[22:22:2C:6D:9F:07] [CoD:524]
d. [FIA_BLT_EXT.1] - (ENTER_STABLE) :
2. CANCLE :
a. [FIA_BLT_EXT.1] - (NEW_PAIR_REQUEST) :
b. [FIA_BLT_EXT.1] - (SSP_REQUEST) : XXXX
[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:705961
VARIANT:PAIRING_VARIANT_PASSKEY_CONFIRMATI
ON
c. [FIA_BLT_EXT.1] - (BOND_NONE) : XXXX
[22:22:2C:6D:9F:07] [CoD:524]
REASON:UNBOND_REASON_REMOVED - An existing
bond was explicitly revoked
d. [FIA_BLT_EXT.1] - (ENTER_STABLE) :
FIA_BLT_
EXT.2
FIA_UAU
_EXT.2
FIA_UAU
_EXT
Initiation of
Bluetooth
connection.
Bluetooth
address and
name of device.
Failure of
Bluetooth
connection.
Action
performed
before
authentication.
User changes
Password
Authentication
Factor.
Reason for
failure.
Reason for
failure of
validation.
3. request delayed :
a. [FIA_BLT_EXT.1] - (NEW_PAIR_REQUEST) :
b. [FIA_BLT_EXT.1] - (SSP_REQUEST) :
XXXX[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:355552
VARIANT:PAIRING_VARIANT_PASSKEY_CONFIRMATI
ON
c. [FIA_BLT_EXT.1] - (BOND_NONE) :
XXXX[22:22:2C:6D:9F:07] [CoD:524]
REASON:UNBOND_REASON_AUTH_FAILED - A bond
attempt failed because pins did not match, or remote device did
not respond to pin request in time
d. [FIA_BLT_EXT.1] - (ENTER_STABLE) :
e. STATE_ON :
SCAN_MODE_CONNECTABLE_DISCOVERABLE
a. OPP Service Access User decision: accept, Peer Device
NameXXXXAddress22:22:20:26:86:C1
b. OPP Service Access User decision: reject, Peer Device
NameXXXXAddress22:22:20:26:86:C1
a. Failed to connectPAN
a. PackageName: com.jiubang.goscreenlock is performed before
user authentication
a. User changes Password Authentication Factor. .3
Page 39 of 66
MDFPP
Requirem
ent
FIA_X509
_EXT.2
FMT_SMF
_EXT.1
Auditable
Events
Failure to
establish
connection to
determine
revocation
status.
Change of
settings.
Success or
failure of
function.
FMT_SMF
_EXT.2
FPT_AEX
_EXT.4
FPT_NOT
_EXT.1
Additional
Audit Record
Contents
a. SSL:Certificate revoked:subject
name=/C=KR/ST=Seoul/L=Youngdungpogu/O=LG Electronics
Inc./OU=it 2/CN=*.lgecloud.com:issuer
Role of user that
changed setting.
Value of new
setting
Role of user that
performed
function.
Function
performed.
Reason for
failure.
Initiation of
software update.
Version of
update.
Initiation of
application
installation or
update.
Unenrollment.
Name and
version of
application.
Blocked attempt
to modify TSF
data.
[selection:
Measurement of
TSF software,
none].
The outcome of Audit Records
Identity of
administrator.
Remediation
action
performed.
Identity of
subject. Identity
of TSF data.
[selection:
integrity
verification
value, no
additional data].
a. setEnforceAirplaneMode : true, who :
com.lge.mdm.newclient
1. Success
a. LG VPN existing profile newly saved : xpsk
b. LG VPN DisableSplitTunneling FALSE : xpsk
c. LG VPN connection SUCCESS : xpsk
2. Failure
a. LG VPN new profile created : xpsk
b. LG VPN DisableSplitTunneling FALSE : xpsk
c. LG VPN connection FAILED : xpsk
d. LG VPN failed REASON : Timeout while connecting
a. Started updating software successfully.
b. SW update Version : XXXXX
a. com.google.android.apps.translate(4.4.0.RC01.104701208):
Installation Success!
b. com.google.android.apps.translate(4.4.0.RC01.104701208):
Removed!
a. [MDMCClog] removeActiveAdmin() requested unenrollment
process~!!!
a. [CCAudit] do_sys_open error=-13 file=/data/dalvikcache/arm/system@app@LGEIME@LGEIME.apk@classes.de
x flag=131650 proc=dex2oat parent=com.lge.ime
1. Bootimage Fail
a. [CCAudit] Image hash :
7D95E4XXXXXXXXXXXXXXXXXXXXX...
b. [CCAudit] cert hash :
420F5BXXXXXXXXXXXXXXXXXX...
c. [CCAudit] Hash is different
d. [CCAudit] Image mis-matched
e. [CCAudit] Secure boot Fail
2. System component fail
a. [CCAudit] [WALLPAPER] : Modules hash :
1EEE9FXXXXXXXXXXXXXXX...
b. [CCAudit] [WALLPAPER] : [ 293] verify_certificate Different hash
c. [CCAudit] [WALLPAPER] : Cert hash :
44D649XXXXXXXXXXXXXXX....
Page 40 of 66
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
The outcome of Audit Records
d. [CCAudit] [WALLPAPER] : Verifying fail... 9
[selection:
Measurement of
TSF software,
none].
[selection:
Measurement of
TSF software,
none].
[selection:
integrity
verification
value, no
additional data].
[selection:
integrity
verification
value, no
additional data].
a. Openssl Self-test Started!!!!
b. cc_mode_selftest::OpenSSL fips self-test failed~~!!!
c. Openssl Self-test failed!!! errorno=-9
a. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
Failed self test on encryption: AES
b. at
com.lge.org.bouncycastle.crypto.fips.SelfTestExecutor.validate(
SelfTestExecutor.java:3c. at
com.lge.org.bouncycastle.crypto.fips.FipsAES$EngineProvider.
createEngine(FipsAES.java:918)
d. at
com.lge.org.bouncycastle.crypto.fips.FipsAES.<clinit>(FipsAE
S.java:192)
e. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.loadClass(Fips
Status.java:178)
f. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.access$200(Fip
sStatus.java:21)
g. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(
FipsStatus.java:315)
h. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.isReady(FipsSt
atus.java:49)
i.
com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
Failed self test on encryption: AES
j. at
com.lge.org.bouncycastle.crypto.fips.SelfTestExecutor.validate(
SelfTestExecutor.java:3k. at
com.lge.org.bouncycastle.crypto.fips.FipsAES$EngineProvider.
createEngine(FipsAES.java:918)
l. at
com.lge.org.bouncycastle.crypto.fips.FipsAES.<clinit>(FipsAE
S.java:192)
m. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.loadClass(Fips
Status.java:178)
n. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.access$200(Fip
sStatus.java:21)
o. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(
FipsStatus.java:315)
p. at
Page 41 of 66
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
The outcome of Audit Records
com.lge.org.bouncycastle.crypto.fips.FipsStatus.isReady(FipsSt
atus.java:49)
FPT_TST_
EXT.1
Initiation of selftest. Failure of
self-test.
Algorithm that
caused failure.
1. openssl error log
a. Error entering FIPS mode
b. RSA key generation faild as expected.
c. Testing induced failure of DSA keygen test
d. Pairwise Consistency DSA test failure induced
e. Pairwise Consistency DSA test failed as expected
f. DSA key generation failed as expected.
g. Error entering FIPS mode
h. Testing induced failure of ECDSA keygen test
h. ECDSA key generation failed as expected.
i. Error entering FIPS mode
j. Testing induced failure of DRBG CPRNG test
k. DRBG SHA1 test Failed Incorrectly!!
l. failed INCORRECTLY!
2. BCFIPS error log
a. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
Failed self test on encryption: AES
b. at
com.lge.org.bouncycastle.crypto.fips.SelfTestExecutor.validate(
SelfTestExecutor.java:34)
c. at
com.lge.org.bouncycastle.crypto.fips.FipsAES$EngineProvider.
createEngine(FipsAES.java:918)
d. at
com.lge.org.bouncycastle.crypto.fips.FipsAES.<clinit>(FipsAE
S.java:192)
e. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.loadClass(Fips
Status.java:178)
f. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.access$200(Fip
sStatus.java:21)
g. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(
FipsStatus.java:315)
h. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.isReady(FipsSt
atus.java:49)
i. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
Failed self test on encryption: AES
j. at
com.lge.org.bouncycastle.crypto.fips.SelfTestExecutor.validate(
SelfTestExecutor.java:34)
k. at
com.lge.org.bouncycastle.crypto.fips.FipsAES$EngineProvider.
createEngine(FipsAES.java:918)
l. at
Page 42 of 66
MDFPP
Requirem
ent
FPT_TST_
EXT.2
FPT_TUD
_EXT.2
Auditable
Events
Additional
Audit Record
Contents
Start-up of TOE.
Boot Mode.
[selection:
detected
integrity
violation, none].
[selection: The
TSF code file
that caused the
integrity
violation,
no additional
information].
Success or
failure of
signature
verification for
software
updates.
Success or
failure of
signature
verification for
applications.
FTA_TAB.
1
Change in
banner setting.
FTA_WSE
_EXT.1
All attempts to
connect to
access points.
The outcome of Audit Records
com.lge.org.bouncycastle.crypto.fips.FipsAES.<clinit>(FipsAE
S.java:192)
m. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.loadClass(Fips
Status.java:178)
n. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.access$200(Fip
sStatus.java:21)
o. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(
FipsStatus.java:315)
p. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.isReady(FipsSt
atus.java:49)
a. [CCAudit] Start-up BOOT MODE = Reboot_by_PowerKey
1. Bootimage Success
a. [CCAudit] Image hash :
7D95E4XXXXXXXXXXXXXXXXXXXXX…
b. [CCAudit] Secure boot Success
2. System component Success
a. [CCAudit] [WALLPAPER] : Modules hash :
1EEE9FXXXXXXXXXXXXXXX...
b. [CCAudit] [WALLPAPER] : [ 309] verify_certificate Success verifying
a. [CCAudit] Signature verification for software updates
Note: You may need to update FOTA system App to get logs of
this item. Please contact to support-enterprisemobility@lge.com for the application.
1. success :
a. com.lge.mdm.newclient: Signature verification Success!
2. Failure
a. android.content.pm.PackageParser$PackageParserException:
Failed to collect certificates from
/data/app/vmdl1629286186.tmp/base.apk
b. Caused by: java.lang.SecurityException: Incorrect signature
a. Banner is showing
b. Banner is removed
Identity of
access point.
1. SSID that DUT trying to connect
a. Wi-Fi Attempts to connect to [SSID]
2. Connection success/failure
a. Wi-Fi Connection success
b. Wi-Fi Connect Failure
Page 43 of 66
MDFPP
Requirem
ent
FTP_ITC_
EXT.1
Additional
Audit Record
Contents
Auditable
Events
Initiation and
termination of
trusted channel.
Initiation and
termination of
trusted channel.
Trusted channel
protocol. NonTOE endpoint of
connection.
Trusted channel
protocol. NonTOE endpoint of
connection.
The outcome of Audit Records
a. SSL:session connected:hostname=www.googleapis.com
b. SSL:session
terminated:hostname=www.googleadservices.com
1. When EAP-TLS connect/disconnect/connect fail
a. Wi-Fi EAP-TLS Done(establish)
b. Wi-Fi EAP-TLS session termination!!
c. Wi-Fi EAP-TSL SSL: Received non-ACK when output
fragments are waiting to be sent out
d. Wi-Fi EAP-TLS SSL: Failed - tls_out available to report error
e. Wi-Fi EAP-TLS SSL: TLS errors detected
f. Wi-Fi EAP-TLS SSL: Invalid TLS message: no Flags octet
included
2. Connection success/failure
a. Wi-Fi Connection success
b. Wi-Fi Connect Failure
<Security Setting Related MDM Audit Logs>
No.
1
Change of
Settings
Common
Criteria
Mode
Description
Enable CC
mode
Required
Value
Enable
Audit Records
[MDMCClog] "setCommonCriteriaMode, mode : " + mode + "
(0:NONE, 1:DISABLED, 2:ENABLED)” + “, who : “ +
who.getPackageName()
 mode : 0(COMMONCRITERIA NONE),
1(COMMONCRITERIA DISABLED),
2(COMMONcRITERIA ENABLED)
2
Device
Encryption
Encrypts all
internal
storage
Enable
[MDMCClog] "setEncryptionPolicy : " + policy + " (0:NONE,
1:DEVICE, 2:STORAGE, 3:DEVICE_AND_STORAGE,” +
"4:DEVICE_DISABLED, 5:DISABLED,
6:DEVICE_AND_STORAGE_DISABLED)" + “who : “ +
who.getPackageName())
 policy : int
3
SD Card
Encryption
Encrypts all
SD card
storage
Enable
[MDMCClog] "setEncryptionPolicy : " + policy + " (0:NONE,
1:DEVICE, 2:STORAGE, 3:DEVICE_AND_STORAGE,” +
"4:DEVICE_DISABLED, 5:DISABLED,
6:DEVICE_AND_STORAGE_DISABLED)" + “who : “ +
who.getPackageName())
 policy : int
4
5
Wipe
Device
Removes all
data from
device
Enable
Password
Length
Minimum
number of
characters in a
Greater
than 6
[MDMCClog] "setAllowWipeDataMaster : " + allow
 allow : boolean (true or false)
[MDMCClog] "setPasswordMinimumLength
: " + length + ", ComponentName: " + who.getPackageName()
 length : int
Page 44 of 66
No.
Change of
Settings
Description
Required
Value
Audit Records
password
6
Password
Complexit
y
Specify the
type of
characters
required in a
password
[MDMCClog] setActivePasswordState, quality: 327680
 quality : password quality (Unspecified(0
(0x00000000)), Something(65536 (0x00010000)),
Numeric(131072 (0x00020000)), Alphabetic(262144
(0x00040000)), Alphanumeric(327680 (0x00050000)),
Complex(393216 (0x00060000)))
 more detailed :
http://developer.android.com/intl/es/reference/android/
app/admin/DevicePolicyManager.html#PASSWORD_
QUALITY_ALPHANUMERIC
[MDMCClog] "setPasswordMinimumLetters: " + length + ",
ComponentName: " + who.getPackageName()
 length : int
[MDMCClog] "setPasswordExpirationTimeout: " + timeout + ",
ComponentName: " + who.getPackageName()
 timeout : long (millisecond)
ex. 1Day = 24*60*60*1000
7
Password
Expiration
Maximum
length of time
before a
password must
change
8
Maximum
password
failed
attempt
10 or less
Maximum
number of
authenticatio
n failures
[MDMCClog] "setMaximumFailedPasswordsForWipe: " + num
+ ", ComponentName: " + who.getPackageName()
 num : int
9
Password
hit
Prevent
“Forgot
password”
5 or less
[MDMCClog] "setMaximumFailedPasswordsForWipe: " + num
+ ", ComponentName: " + who.getPackageName()
 num : int
10
Password
Visible
The last
character of
the password
is visible for a
few seconds if
enabled
Disable
[MDMCClog] "setAllowPasswordTypingVisible: " + allow + ",
who : " + who.getPackageName()
 allow : boolean (true or false)
11
Show
password
Disallow show
password
option on the
configuration
screen of lockscreen
password
Disable
[MDMCClog] "setAllowPasswordVisible: " + allow + ", who :
" + who.getPackageName()
 allow : boolean (true or false)
12
Inactivity
to lockout
Time before
lock-screen is
engaged
Less than
15 minutes
[MDMCClog] "setMaximumTimeToLock: " + timeMS + ",
ComponentName: " + who.getPackageName()
 timeMS : long (millisecond)
ex. 1Day = 24*60*60*1000
13
Banner2)
Banner
Administra
[MDMCClog] "setWarningMsg: " + allow + “, str : “ + str + ",
Page 45 of 66
No.
Change of
Settings
Description
Required
Value
Audit Records
message
displayed on
the lockscreen
tor defined
text
who : " + who.getPackageName()
 allow : boolean (true or false), str : String
14
Remote
Lock
Lock the
device
remotely
Enable
MDMCClog: setLockoutNow, level : 1
(0:UNLOCKOUT_STATE,
1:stUnlockoutNow(ComponentName), 2:LOCKOUT_STATE),
str : tyui, recoveryKey : null, who : com.lge.mdm.newclient
15
Smart lock
Control smart
lock
KEYGUA
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_TRUST_
AGENTS
[MDMCClog] ""setKeyguardDisabledFeatures: " + which
+ " (0:FEATURES_NONE, 1:WIDGETS_ALL,
2:SECURE_CAMERA"
+ "3:SECURENOTIFICATIONS, 4:TRUST_AGENTS,
5:UNREDACTED_NOTIFICATIONS"
+ "6:FINGERPRINT, 7:FEATURES_ALL)" + ",
ComponentName: " + who.getPackageName()
 which : int
16
Notificatio
n
Disable
display
notification on
the lockscreen
KEYGUA
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_SECURE
_NOTIFIC
ATIONS
[MDMCClog] ""setKeyguardDisabledFeatures: " + which
+ " (0:FEATURES_NONE, 1:WIDGETS_ALL,
2:SECURE_CAMERA"
+ "3:SECURENOTIFICATIONS, 4:TRUST_AGENTS,
5:UNREDACTED_NOTIFICATIONS"
+ "6:FINGERPRINT, 7:FEATURES_ALL)" + ",
ComponentName: " + who.getPackageName()
 which : int
17
Transition
to the
locked
state
Prevents a
user from
turning off the
power button
instantly
locks.
Disable
[MDMCClog] "setEnforcePowerButtonLocks: " + allow + ",
who : " + who.getPackageName()
 allow : boolean (true or false)
18
Remove
Enterprise
application
s
You cannot
see the
application
icon in the
Launcher's
menu
Disable
MDMCClog: setApplicationState, list :
[LGMDMApplicationState
[packageName=com.google.android.gm, allowInstallation=0,
allowUninstallation=0, enable=3], who : com.lge.mdm.new
 Enable : 0(Default), 1(Enable), 2(Disable), 3(Hide)
19
Import CA
Certificate
s
Import CA
Certificates
into the Trust
Anchor
Database or
the credential
storage
[MDMCClog] "installCertificate, certificateId : " + certificateId
+ ", who : " + who.getPackageName()
 certificteId : String
20
Remove
Certificate
s
Remove
certificates
from the
[MDMCClog] "uninstallCertificate, certificateId : " +
certificateId + ", who : " + who.getPackageName()
 certificteId : String
Page 46 of 66
No.
Change of
Settings
Description
Required
Value
Audit Records
Trust Anchor
Database or
the credential
storage
21
Control
Wi-Fi
Control access
to Wi-Fi
Enable/Dis
able
[MDMCClog] "setAllowWifi: " + allow + ", who : " +
who.getPackageName()
 allow : boolean (true or false)
22
Control
GPS
Control access
to GPS
Enable/Dis
able
23
Control
Cellular
Control access
to Cellular
Enable/Dis
able
24
Control
NFC
Control access
to NFC
Enable/Dis
able
25
Control
Bluetooth
Control access
to Bluetooth
Enable/Dis
able
26
Control
Location
Service
Control access
to Location
Service
Enable/Dis
able
[MDMCClog] "setGPSLocation: " + allow + ", who : " +
who.getPackageName()
 allow : boolean (true or false)
[MDMCClog] "setAllowMobileNetwork: " + allow + ", who : "
+ who.getPackageName()
 allow : boolean (true or false)
[MDMCClog] "setAllowNfc: " + allow + " (0:DISALLOW,
1:ALLOW)" + ", who : " + who.getPackageName()
 allow : boolean (true or false)
[MDMCClog] "setAllowBluetooth: " (" + who + ") : " + allow
+ " (0:DISALLOW, 1:ALLOW_AUDIOONLY, 2:ALLOW)"
 allow : int
MDMCClog: setAllowWirelessLocationWithWhitelist : false,
list : [com.android.chrome], who : com.lge.mdm.newclient
27
Control
SMS
Control
Messaging
capabilities
Enable/Dis
able
[MDMCClog] "setAllowSendingSMS: " + allow + ", who : " +
who.getPackageName()
allow : boolean (true or false)
28
Control
VPN
Control access
to VPN
Enable/Dis
able
[MDMCClog] "setAllowVon: " + allowType + ", who : " +
who.getPackageName()
 allow : 0 (allow), 3(disallow)
30
Specify
Wi-Fi
SSIDs
Specify SSID
values for
connecting to
Wi-Fi. Can
also create
white and
black lists for
SSIDs.
listType =
2
MDMCClog: addNetwork, config : * ID: -1 SSID: "
testAP_802.1x" BSSID: null PRIO: 40
31
Set WLAN
CA
Certificate
Select the CA
Certificate for
the Wi-FI
connection
CA
Certificate
MDMCClog: ca_cert: mdmweak
32
Specify
security
type
Specify the
connection
security
(WEP, WPA2,
etc)
Wi-Fi
connection
type
MDMCClog: KeyMgmt: WPA_EAP IEEE8021X Protocols
33
Select
authenticat
ion
Specify the
EAP-TLS
connection
Wi-Fi
protocol
MDMCClog: eap: TTLS
Page 47 of 66
No.
Change of
Settings
Description
Required
Value
Audit Records
protocol
values
34
Select
client
credentials
Specify the
client
credentials to
access a
specified
WLAN
Wi-Fi
credentials
MDMCClog: client_cert: mdmweak
35
Control
Microphon
e
Control access
to
microphones
Enable/Dis
able
[MDMCClog] "setAllowMicrophone : " + allow + ", who : " +
who.getPackageName()
allow : boolean (true or false)
36
Control
Camera
Control access
to camera
Enable/Dis
able
37
Control
USB Mass
Storage
Control access
to mounting
the device for
storage over
USB.
Enable/Dis
able
[MDMCClog] "setCameraDisabled : " + disabled + ",
ComponentName: " + who.getPackageName()
 disabled : boolean (true or false)
[MDMCClog] "setAllowUsb : " + allow + ", who : " +
who.getPackageName()
 allow : boolean (true or false)
38
Control
USB
Debugging
Control access
to USB
debugging.
Enable/Dis
able
[MDMCClog] "setAllowUSBDebugging : " + allow + ", who : "
+ who.getPackageName()
 allow : boolean (true or false)
39
Control SD
Card
Control access
to SD card
storage.
Enable/Dis
able
[MDMCClog] "setAllowExternalMemorySlot : " + allow + ",
who : " + who.getPackageName()
allow : boolean (true or false)
40
Control
USB
Tethered
Connectio
ns
Control access
to USB
tethered
connections.
Enable/Dis
able
[MDMCClog] "setAllowUSBTethering : " + allow + ", who : "
+ who.getPackageName()
 allow : boolean (true or false)
41
Control
Bluetooth
Tethered
Connectio
ns
Control access
to Bluetooth
tethered
connections.
Enable/Dis
able
[MDMCClog] "setAllowBluetoothTethering : " + allow + ",
who : " + who.getPackageName()
 allow : boolean (true or false)
42
Control
Hotspot
Connectio
ns
Control access
to Wi-Fi
hotspot
connections
Enable/Dis
able
[MDMCClog] "setAllowHotspot : " + allow + ", who : " +
who.getPackageName()
 allow : boolean (true or false)
43
Enable/dis
able all
data
signaling
over USB
The USB
mode is forced
to be
configured as
none.
Disable
MDMCClog: setEnfoceUsbModeAsNone : false, who :
com.lge.mdm.newclient
44
Install
Applicatio
n
Installs
specified
application
MDMCClog: installApplication, path :
/storage/emulated/0/mytest.p12, who : com.lge.mdm.newclient
Page 48 of 66
No.
Change of
Settings
Description
Required
Value
Audit Records
45
Uninstall
Applicatio
n
Uninstalls
specified
application
MDMCClog: uninstallApplication, packageName :
com.wildtangent.android, who : com.lge.mdm.newclient
46
Applicatio
n Whitelist
Specifies a list
of applications
that may be
installed
MDMCClog: setApplicationState, list :
LGMDMApplicationState [packageName=com.amazon.kindle,
allowInstallation=1, allowUninstallation=0,enable=0]], who :
com.lge.mdm.newclient
 allowInstallation : 0(Default), 1(Enable), 2(Disable)
47
Applicatio
n Blacklist
Specifies a list
of applications
that may not
be installed
MDMCClog: setApplicationState, list :
LGMDMApplicationState [packageName=com.amazon.kindle,
allowInstallation=2, allowUninstallation=0,enable=0]], who :
com.lge.mdm.newclient
 allowInstallation : 0(Default), 1(Enable), 2(Disable)
50
Control
Download
Mode
Control access
to Download
Mode
[MDMCClog] "setAllowDownloadMode : " + allow + ", who :
" + who.getPackageName()
 allow : boolean (true or false)
51
Control
VPN splittunneling
Control access
to VPN splittunneling
Disable
MDMCClog: setAllowVPNSplitTunneling : false, who :
com.lge.mdm.newclient
52
Enable/dis
able
backup to
Disable
backup
locally
connected
system
Disable
MDMCClog: setAllowSpecificApplication : false,
applicationName : LGBACKUP, who : com.lge.mdm.newclient
to
MDMCClog: setAllowGoogleBackup : false, who :
com.lge.mdm.newclient
Disable
backup to
remote system
53
Configure
the
auditable
items
CC mode is
forced to be
configured
with auditable
items at one
time
Enable
MDMCClog: setCommonCriteriaMode : 2 (0:NONE,
1:DISABLED, 2:ENABLED), who : com.lge.mdm.newclient
Page 49 of 66
10. Data Separation
This section describes how to enable ‘Work Profile’ of ‘Android for Work’ and to wipe enterprise data (‘Work
Profile’).
10.1 Work Profile installation and Data Separation
The corporate domain (e.g. lge.com) must be registered with Google and an EMM (Enterprise Mobility
Management) Token has to be obtained from Google and installed on the MDM server (most MDM servers have a
semi-automated process for completing these steps). The domain is set up in the Work Profile mode. The DPC
(Device Policy Controller) app is installed during the device provisioning process. The Work Profile is managed by
the DPC app while the Personal space is managed by the MDM agent. Please refer to Google Android for Work
website for more details.
After Work Profile installation, all of the applications belongs to the Work Profile apps will have a badge icon on
the home screen, recent app screen and so on. It means that to distinguish the Work Profile from Personal space.
There are two ways to set up the Work Profile.
The first one is using corporate account that is provided by your company’s administrator if having AfW server and
console. When a corporate account that's set to enforce EMM policy is added to a device (either on a new device in
the Setup Wizard > Add your account, or afterwards from Settings > Accounts & Sync), the corresponding DPC for
that account’s domain will be downloaded and invoked in order to continue the set up Work Profile.
Below describes the flow of setting up Work Profile in the Setup wizard > Add your account.
Page 50 of 66
<Figure1. Work Profile setup via Setup Wizard>
Page 51 of 66
The other way is by using the DPC that is downloaded via Google Play Store or EMM Store and just executed to set
up Work Profile.
Below describes the flow of setting up Work Profile via the DPC that is downloaded from Play Store or EMM Store.
<Figure2. Work Profile setup via downloaded DPC>
The data separation between Personal and Work Profiles is implemented by storage emulation. Each profile has its
own physical storage, which can be accessed only by the applications in it. When an application starts, the physical
storage is mounted to an application as an emulated path that is mapped with its own UserHandle. An application
with a different UserHandle is not allowed to accessing data stored with the original UserHandle.
Additionally, all data separation is governed at the system level, all the way down to the SELinux kernel, which runs
in full enforcement mode. Separation between the work and personal users is strictly enforced, and cross-sharing of
intents from work to personal is off by default. The administrator does have the option to enable sharing in certain
instances, such as work contacts to the system dialer for caller ID.
Page 52 of 66
<Figure3. Data Separation of Personal and Work contacts>
10.2 How to wipe enterprise data (Work Profile)
The android framework is supporting the method to be able to wipe enterprise data that is described in
DevicePolicyManager.
So DPC should implement the method that is DevicePolicyManager.wipeData() for wiping all of the enterprise data
in the Work Profile and provides the UX that is able to be clicked or executed by user.
Reference Page: http://developer.android.com/intl/ko/reference/android/app/admin/DevicePolicyManager.html
Page 53 of 66
Appendix A Generating Secure Random Data
This appendix guides how to generate cryptographically secure pseudo-random data.
To use FIPS validated SecureRandom, enable FIPS mode of OpenSSL first. See Appendix C.
Reference Page: http://developer.android.com/reference/java/security/SecureRandom.html
A.1 Android API for Generating Secure Random Data
SecureRandom() provides the most cryptographically strong provider available as following example.
com.android.org.conscrypt.FipsMode.FIPS_mode_set(1);
SecureRandom sr = new SecureRandom();
Byte[] output = new byte[16]
Sr.nextBytes(output);
Page 54 of 66
Appendix B Secure Key Storage
This appendix guides how to utilize the key management with Keystore APIs
Reference Page:
https://developer.android.com/reference/java/security/KeyStore.html
B.1 Key Usage
Use the AndroidKeyStore provider to let an individual app store its own credentials that only the application itself
can access. This provides a way for applications to manage credentials that are usable only by themselves.
AndroidKeyStore is registered as a KeyStore type for use with the KeyStore.getInstance(type) method and as a
provider for use with the KeyPairGenerator.getInstance(algorithm, provider) method.
You can refer to examples from the Android KeyStore System webpage for generating a new key pair, signing and
verifying as follow.
Reference pages:
https://developer.android.com/training/articles/keystore.html
https://developer.android.com/reference/java/security/KeyPairGenerator.html
https://developer.android.com/intl/ko/reference/android/security/keystore/KeyGenParameterSpec.html
B.2 Symmetric Key Generation
The Android Keystore system lets you create secret keys in the secure key storage.
KeyGenerator keygen = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
keygen.init(new KeyGenParameterSpec.Builder(
"AESTEST",
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setRandomizedEncryptionRequired(false)
.build());
SecretKey sk = keygen.generateKey();
Generators of AndroidKeyStore
“AES” SecretKeyFactory & KeyGenerator
B.3 Symmetric key encryption/decryption
Applications can encrypt their plain text by using a SecretKey stored in the AndroidKeyStore.
Encrypt and decrypt a message by a key stored in the AndroidKeyStore
AlgorithmParameterSpec ivSpec = new IvParameterSpec(hexToBytes(iv));
KeyStore keystore = KeyStore.getInstance("AndroidKeyStore");
keystore.load(null);
SecretKeyEntry keystoreKey = (SecretKeyEntry)keystore.getEntry("AESTEST", null);
Page 55 of 66
SecretKey sk = keystoreKey.getSecretKey();
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, sk, ivSpec);
byte[] encrypted = cipher.doFinal(hexToBytes(plaintext));
cipher.init(Cipher.DECRYPT_MODE, sk, ivSpec);
byte[] decrypted = cipher.doFinal(encrypted);
Cipher algorithm of AndoridKeyStore
“AES/ECB/NoPadding”
B.4 Asymmetric Key Generation
Generate a key pair in the AndroidKeyStore
KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg1.initialize(new KeyGenParameterSpec.Builder(
"RSATEST1",
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setKeySize(Integer.parseInt(mod))
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build());
// Generate Key Pair from the Secure Key Store
kpg1.generateKeyPair();
Generators of AndroidKeyStore
“RSA” KeyFactory & KeyPairGenerator
“EC” KeyFactory & KeyPairGenerator
B.5 Asymmetric Key Sign and Verify
Sign and verify
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
// Get RSA Key
KeyStore.Entry entry1 = ks.getEntry("TEST1", null);
PrivateKey privKey1 = ((PrivateKeyEntry) entry1).getPrivateKey();
PublicKey pubKey1 = ((PrivateKeyEntry) entry1).getCertificate().getPublicKey();
// Sign Test
Signature s = Signature.getInstance(algorithm);
s.initSign(privKey1);
s.update(msg, 0, expectedMaxMessageSizeBytes);
byte[] signature = s.sign();
// Verify Test
s.initVerify(pubKey1);
Page 56 of 66
s.update(msg, 0, expectedMaxMessageSizeBytes);
Signature algorithms of AndroidKeyStore
“NONEwithRSA”
“SHA1withRSA”
“SHA256withRSA”
“SHA384withRSA”
“SHA512withRSA”
“ECDSA”
“SHA256withECDSA”
“SHA384withECDSA”
“SHA512withECDSA”
B.6 Key Destruction
Application can delete the entry identified with the given alias from this KeyStore.
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
ks.deleteEntry(“TEST_ALIAS_1”);
Page 57 of 66
Appendix C Configuration of FIPS Validated Cryptographic Engines
This appendix guides how to configure FIPS mode.
C.1 Setting the FIPS Mode
Get a FIPS status of OpenSSL by FIPS_mode() function and set FIPS mode by FIPS_mode_set() function.
Example code
import com.android.org.conscrypt.FipsMode;
if (FipsMode.FIPS_mode() != 1) {
if (FipsMode.FIPS_mode_set(1) != 1) {
Log.e("CryptoTest", "Failed to OpenSSL enable");
} else {
Toast.makeText(this, "OpenSSL FIPS Mode Enable Success", Toast.LENGTH_LONG).show();
}
} else {
Toast.makeText(this, "OpenSSL is in FIPS Mode", Toast.LENGTH_LONG).show();
}
C.2 SDK for FipsMode APIs
A SDK is needed to build an application using FipsMode APIs. Please contact to support-enterprisemobility@lge.com for the information about the SDK for FipsMode APIs.
Page 58 of 66
Appendix D Guidance for using HTTPS/TLS APIs
This appendix guides how to use HTTPS/TLS APIs in your source codes. Using URL class is easy and safe way to
use HTTPS. Developers can use SSLSocket class directly to utilize TLS connection.
The detail guidance is available at following reference webpages.
Reference webpage:
http://developer.android.com/reference/javax/net/ssl/package-summary.html
https://developer.android.com/training/articles/security-ssl.html
D.1 Android APIs for TLS connection
Https connections can be established by using URL class.
URL url = new URL("https://wikipedia.org");
URLConnection urlConnection = url.openConnection();
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
D.2 How to set cipher suites using Android API
It describes how to set TLS cipher suites with Android APIs. The cipher suites are limited on the CC Mode to
prevent TLS connection by weak cipher suites because LG Android platform restricts other cipher suites not in the
following table from being set when generating cipher suites list of client hello message for TLS connection.
Application developers can choose few cipher suites among the approved cipher suites.
Example codes
private X509HostnameVerifier hostname Verifier;
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException
{
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket,
host, port, autoClose);
sslSocket.setEnabledProtocols(protocol);
String[] ciphersuits = new String[]{"AES128-SHA",
"AES256-SHA",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA",
"AES128-SHA256",
"AES256-SHA256",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384"};
sslSocket.setEnabledCipherSuites(ciphersuits);
hostnameVerifier.verify(host, sslSocket);
return sslSocket;
Page 59 of 66
}
Approved Cipher suites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS version
TLSv1
TLSv1.1
TLSv1.2
D.3 How to set client certificate
If server requires client certificate to establish connection, client should provide a certificate to be authenticated by
the sever.
A custom X509KeyManager can be used to supply a client certificate.
Example codes
KeyStore keyStore = ...;
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
URL url = new URL("https://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/net/ssl/HttpsURLConnection.html
Page 60 of 66
Appendix E Guidance for Bluetooth APIs
This appendix guides how to establish a secure channel for Bluetooth in your source codes.
Reference webpage:
http://developer.android.com/reference/android/bluetooth/package-summary.html
E.1 Android APIs for Bluetooth
Android provides classes that manage Bluetooth functionality, such as scanning for devices, connecting with devices,
and managing data transfer between devices. The Bluetooth API supports both "Classic Bluetooth" and Bluetooth
Low Energy.
The Bluetooth APIs let applications:
•
•
•
•
•
•
•
Scan for other Bluetooth devices (including BLE devices).
Query the local Bluetooth adapter for paired Bluetooth devices.
Establish RFCOMM channels/sockets.
Connect to specified sockets on other devices.
Transfer data to and from other devices.
Communicate with BLE devices, such as proximity sensors, heart rate monitors, fitness devices, and so on.
Act as a GATT client or a GATT server (BLE).
BluetoothA2dp
This class provides the public APIs to control the Bluetooth A2DP profile.
BluetoothGatt
Public API for the Bluetooth GATT Profile.BluetoothGattServer
Public API for the
Bluetooth GATT Profile server role.
BluetoothHeadset
Public API for controlling the Bluetooth Headset Service.
BluetoothHealth
Public API for Bluetooth Health Profile.
BluetoothAdapter
Represents the local device Bluetooth adapter.
BluetoothDevice
Represents a remote Bluetooth device.
BluetoothManager
High level manager used to obtain an instance of an BluetoothAdapter and to conduct
overall Bluetooth Management.
BluetoothServerSocket
A listening Bluetooth socket.
BluetoothSocket
A connected or connecting Bluetooth socket.
E.2 How to establish a secure channel for Bluetooth using Android API
It describes how to establish a secure channel for Bluetooth with Android APIs.
Example codes
Start the bonding (pairing) process with the remote device.
public boolean startPairing() {
if (!mDevice.createBond()) {
return false;
}
This is an asynchronous call, it will return immediately. Register for ACTION_BOND_STATE_CHANGED
intents to be notified when the bonding process completes, and its result. Android system services will handle
the necessary user interactions to confirm and complete the bonding process.
public SecureSocket createSocket() {
Page 61 of 66
BluetoothSocket socket = null;
try {
socket = device.createRfcommSocketToServiceRecord(UUID_SPP);
} catch (IOException e) {
;
}
Use this socket only if an authenticated socket link is possible. Authentication refers to the authentication of the
link key to prevent man-in-the-middle type of attacks. For example, for Bluetooth 2.1 devices, if any of the
devices does not have an input and output capability or just has the ability to display a numeric key, a secure
socket connection is not possible.
E.3 How to interact with the BLE device via the Android BLE API
Here is an example to interact with the BLE device via the Android BLE API.
// A service that interacts with the BLE device via the Android BLE API.
public class BluetoothLeService extends Service {
private final static String TAG = BluetoothLeService.class.getSimpleName();
private BluetoothManager mBluetoothManager;
private BluetoothAdapter mBluetoothAdapter;
private String mBluetoothDeviceAddress;
private BluetoothGatt mBluetoothGatt;
private int mConnectionState = STATE_DISCONNECTED;
private static final int STATE_DISCONNECTED = 0;
private static final int STATE_CONNECTING = 1;
private static final int STATE_CONNECTED = 2;
public final static String ACTION_GATT_CONNECTED =
"com.example.bluetooth.le.ACTION_GATT_CONNECTED";
public final static String ACTION_GATT_DISCONNECTED =
"com.example.bluetooth.le.ACTION_GATT_DISCONNECTED";
public final static String ACTION_GATT_SERVICES_DISCOVERED =
"com.example.bluetooth.le.ACTION_GATT_SERVICES_DISCOVERED";
public final static String ACTION_DATA_AVAILABLE =
"com.example.bluetooth.le.ACTION_DATA_AVAILABLE";
public final static String EXTRA_DATA =
"com.example.bluetooth.le.EXTRA_DATA";
public final static UUID UUID_HEART_RATE_MEASUREMENT =
UUID.fromString(SampleGattAttributes.HEART_RATE_MEASUREMENT);
// Various callback methods defined by the BLE API.
private final BluetoothGattCallback mGattCallback =
new BluetoothGattCallback() {
@Override
public void onConnectionStateChange(BluetoothGatt gatt, int status,
int newState) {
String intentAction;
if (newState == BluetoothProfile.STATE_CONNECTED) {
intentAction = ACTION_GATT_CONNECTED;
mConnectionState = STATE_CONNECTED;
Page 62 of 66
broadcastUpdate(intentAction);
Log.i(TAG, "Connected to GATT server.");
Log.i(TAG, "Attempting to start service discovery:" +
mBluetoothGatt.discoverServices());
} else if (newState == BluetoothProfile.STATE_DISCONNECTED) {
intentAction = ACTION_GATT_DISCONNECTED;
mConnectionState = STATE_DISCONNECTED;
Log.i(TAG, "Disconnected from GATT server.");
broadcastUpdate(intentAction);
}
}
@Override
// New services discovered
public void onServicesDiscovered(BluetoothGatt gatt, int status) {
if (status == BluetoothGatt.GATT_SUCCESS) {
broadcastUpdate(ACTION_GATT_SERVICES_DISCOVERED);
} else {
Log.w(TAG, "onServicesDiscovered received: " + status);
}
}
@Override
// Result of a characteristic read operation
public void onCharacteristicRead(BluetoothGatt gatt,
BluetoothGattCharacteristic characteristic,
int status) {
if (status == BluetoothGatt.GATT_SUCCESS) {
broadcastUpdate(ACTION_DATA_AVAILABLE, characteristic);
}
}
...
};
...
}
http://developer.android.com/intl/ko/guide/topics/connectivity/bluetooth-le.html
E.4 How to establish a profile connection for Bluetooth using Android API
It describes how to establish a profile connection for Bluetooth with Android APIs.
Example codes
You can connect device with each profile like as below.
-
profile.connect(mDevice)
You can get the each profile proxy like as below API to handle each profiles.
public boolean getProfileProxy(Context context, BluetoothProfile.ServiceListener listener,
int profile) {
if (context == null || listener == null) return false;
Page 63 of 66
if (profile == BluetoothProfile.HEADSET) {
BluetoothHeadset headset = new BluetoothHeadset(context, listener);
return true;
} else if (profile == BluetoothProfile.A2DP) {
BluetoothA2dp a2dp = new BluetoothA2dp(context, listener);
return true;
} else if (profile == BluetoothProfile.A2DP_SINK) {
BluetoothA2dpSink a2dpSink = new BluetoothA2dpSink(context, listener);
return true;
} else if (profile == BluetoothProfile.AVRCP_CONTROLLER) {
BluetoothAvrcpController avrcp = new BluetoothAvrcpController(context, listener);
return true;
} else if (profile == BluetoothProfile.INPUT_DEVICE) {
BluetoothInputDevice iDev = new BluetoothInputDevice(context, listener);
return true;
} else if (profile == BluetoothProfile.PAN) {
BluetoothPan pan = new BluetoothPan(context, listener);
return true;
} else if (profile == BluetoothProfile.DUN) {
BluetoothDun dun = new BluetoothDun(context, listener);
return true;
} else if (profile == BluetoothProfile.HEALTH) {
BluetoothHealth health = new BluetoothHealth(context, listener);
return true;
} else if (profile == BluetoothProfile.MAP) {
BluetoothMap map = new BluetoothMap(context, listener);
return true;
} else if (profile == BluetoothProfile.HEADSET_CLIENT) {
BluetoothHeadsetClient headsetClient = new BluetoothHeadsetClient(context, listener);
return true;
} else if (profile == BluetoothProfile.SAP) {
BluetoothSap sap = new BluetoothSap(context, listener);
return true;
} else if (profile == BluetoothProfile.PBAP_CLIENT) {
BluetoothPbapClient pbapClient = new BluetoothPbapClient(context, listener);
return true;
} else {
return false;
}
}
Page 64 of 66
Appendix F Guidance for Access control to System services
F.1 access control to system services
Users can restrict applications access to sysem service in application install time.
If users want to install an application from Android PlayStore, the users must accept all permissions for system
services used by the application when the application is installed.
Page 65 of 66
Page 66 of 66
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising