• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)

  • Subject: Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
  • From: William Cerniuk <email@hidden>
  • Date: Wed, 31 Oct 2012 15:25:40 -0400
Remember, we are talking about certification of cryptology, not COTS products. NIST (chime in here please if want) is not certifying the apps or the technology that uses the cryptology, just the crypto module that implements the cryptology. Think of the certification process as directed at a chip with inputs and outputs, a black box.  NIST certified to FIPS 140-2 is for the inside of the black box. The 'chip' can be hardware, firmware or software.

BlueTooth has had NIST FIPS 140-2 compliant crypto for a long time with AES.  Note that I said "compliant" and not "certified compliant".  Huge difference.  NIST provides the diploma (certification).  Like having a degree, you can take all the classes but if you don't take the tests, you don't get your degree.

So could bluetooth crypto be certified NIST FIPS 140-2 compliant? Sure.  Is any implementation? Not aware of one, have not looked today :-).

Now here is the kicker. (Shawn, correct me if I'm wrong). With the new comprehensive and consolidated crypto system under Lion & iOS 6, BlueTooth on either iOS or Lion may actually be achieving it's certification right now.  Shawn could answer that off the top of his head I wager. (and I suspect the answer is "the crypto module that bluetooth uses is included" but don't quote me.)

--
R/Wm.

Ref
Apple's current status on certification of Mac OS X and iOS Crypto
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
NIST Cryptographic Module Certification Program
http://csrc.nist.gov/groups/STM/cmvp/index.html
NIST Stages of Certification Defined
http://csrc.nist.gov/groups/STM/cmvp/inprocess.html
 
 
On Oct 31, 2012, at 2:58 PM, Jeffrey Walton <email@hidden> wrote:

Hi William,

On Wed, Oct 31, 2012 at 1:17 PM, William Cerniuk <email@hidden> wrote:
This should really address the three modes of tethering:
1 - USB
2 - BlueTooth
3 - Hotspot

but still contradictory concur.  2.13 presumes bluetooth perhaps (?) but but
ignores the issue that BT crypto on iOS is not NIST certified (for the
moment) encryption.
Can BlueTooth ever be FIPS certified? BT pairing does not meet
security levels we have in customary key exchange/agreement. In
addition, BT 2.1 added public key  (IIRC), but its non-authenticated.

Forgive my ignorance. I generally keep BlueTooth shutdown.

Jeff

On Oct 31, 2012, at 11:31 AM, Luis Nunez <email@hidden> wrote:

I agree.  They look contradictory.

below are the sections that looks contradictory.  Taken from the
"U_Apple_iOS_6_V1R0_1_Overview.pdf".

2.13 Tethered Modem Use
An iPhone and iPad can be used as an “IP” modem or a “tethered modem” to
provide a wireless
Internet connection for a laptop computer or other device, such a Wi-Fi only
iPad. In most cases,
this is less expensive than buying a broadband wireless card and setting up
a separate broadband
wireless account. This use is permitted in DoD.
Note that most wireless carriers disable the capability for using an iOS
device to directly set up a
tethered connection to a laptop via an Internet connection, requiring
subscribers to pay an
additional fee to acquire “tethered” service. Procedures for setting up IP
modem service on a
laptop are available from each wireless carrier.
2.14 Personal Hotspot
An iOS 6 device can be set up as a personal cellular hotspot where laptops,
smartphones, or
tablet devices can connect to the device via a Wi-Fi, Bluetooth, or USB
connection and access
the Internet via the iPhone or iPad cellular connection. This configuration
is not authorized in
DoD because the native iOS encryption supporting Wi-Fi is not
FIPS-validated.

btw I am ccing the scap-on-apple list for automation perspective.

-ln

On Oct 31, 2012, at 9:00 AM, STEMPNAKOWSKI, DAVID A MSgt USAF AETC AETC/A6OI
wrote:

Before I make a comment on the comment matrix and possibly make myself look
stupid, does section 2.13 and 2.14 seem to contradict themselves? I
understand the difference between "tethered" and "hotspot" but I'm not aware
of how to use an iPhone or iPad connected via a USB cable as a tethered
modem. I'm more familiar with that config over WiFi or Bluetooth.

David A. Stempnakowski, MSgt, USAF
AETC/A6OI
NCOIC, Network Infrastructure
AETC Software Benefits Administrator
DSN 487-7513 Comm 652-7513

-----Original Message-----
From: fed-talk-bounces+david.stempnakowski=email@hidden
[mailto:fed-talk-bounces+david.stempnakowski=email@hidden] On
Behalf Of Luis Nunez
Sent: Tuesday, October 30, 2012 10:46 AM
To: email@hidden
Subject: [Fed-Talk] iOS 6 STIG

DISA draft Apple iOS 6 Security Technical Implementation Guide for comment.

http://iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html#iOS6

-ln

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
      • From: Jeffrey Walton <email@hidden>
References: 
 >[Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG) (From: Jeffrey Walton <email@hidden>)

  • Prev by Date: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
  • Next by Date: Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
  • Previous by thread: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
  • Next by thread: Re: [Fed-Talk] BlueTooth and FIPS (was: iOS 6 STIG)
  • Index(es):
    • Date
    • Thread