The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33013	SRG-OS-000087-MOS-000056	SV-43411r1_rule		High

Description
Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the general proximity of the mobile device can eavesdrop on OTA transactions, making them particularly vulnerable to attack if confidentiality protections are not in place. Proper use of cryptography provides strong assurance that provisioning data is protected against confidentiality attacks. When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the system. Mutual authentication ensures both that the device is authorized for provisioning and that a rogue provisioning server is not used to obtain software. In this context, provisioning refers to configuration elements specific to the organization and user, and not installation of the base mobile OS. One way to ensure authentication of the server is to require that the MOS point to a specified URL for the provisioning process, and authenticate the URL-specified server using SSL/TLS.

Description

Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the general proximity of the mobile device can eavesdrop on OTA transactions, making them particularly vulnerable to attack if confidentiality protections are not in place. Proper use of cryptography provides strong assurance that provisioning data is protected against confidentiality attacks. When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the system. Mutual authentication ensures both that the device is authorized for provisioning and that a rogue provisioning server is not used to obtain software. In this context, provisioning refers to configuration elements specific to the organization and user, and not installation of the base mobile OS. One way to ensure authentication of the server is to require that the MOS point to a specified URL for the provisioning process, and authenticate the URL-specified server using SSL/TLS.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41311r1_chk )
Review system documentation and operating system configuration to determine if there is mutual authentication between the provisioning server and the provisioned device. If additional assurance is required, validate the provisioning server will not provision software and data to an unauthorized device and that an authorized device will not connect to an unauthorized provisioning server (e.g., a valid provisioning server with its credentials temporarily removed for the test). If either the device does not authenticate the provisioning infrastructure, or vice versa, this is a finding.

Check Text ( C-41311r1_chk )

Review system documentation and operating system configuration to determine if there is mutual authentication between the provisioning server and the provisioned device. If additional assurance is required, validate the provisioning server will not provision software and data to an unauthorized device and that an authorized device will not connect to an unauthorized provisioning server (e.g., a valid provisioning server with its credentials temporarily removed for the test). If either the device does not authenticate the provisioning infrastructure, or vice versa, this is a finding.

Fix Text (F-36926r1_fix)
Configure the mobile operating system to mutually authenticate between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session and prior to accepting provisioned software.