Mobileiron Security - Cryptographic Systems Used in On-Premises Solutions

MobileIron Security - Cryptographic Systems Used in On-Premises Solutions

Scope

Security is in our DNA and the use of strong cryptographic algorithms in our solutions is foundational to MobileIron. MobileIron continuously reviews, validates and improves the cryptographic systems and security used in our products, and employs the most current security best practices. MobileIron does not use any proprietary cryptographic algorithms or proprietary implementations of the algorithms. The implementations are either from the operating system or well-known third party or open source products.

This document provides an overview of the cryptographic systems used by our on-premises products, specifically secure information storage (data-at-rest) and protecting information transmitted over the corporate network or Internet (data-in-motion). The current cryptography used by our Apple iOS clients, Android clients, and Microsoft Windows 10 Desktop and Mobile solutions are also discussed in this document.

EN v2.0 1 MobileIron Core

In Core version 9.0 and later, the Local Certificate Authority (CA) configuration defaults to the SHA-384 cryptographic hash algorithm. Support for SHA-256 and SHA-512 is available along with SHA-1 for backward compatibility. The RSA public-key cryptosystem supports 2048, 3072 and 4096-bit key lengths. This is consistent when generating a certificate signing request (CSR) used for the Intermediate Enterprise Certificate Authority (CA) configuration.

Also, the Local Certificate Authority supports Elliptic Curve Cryptography (ECC) public keys that default to the NIST P-384 curve. P-256 and P-512 curves are also supported. SHA-384 is the default for the CSR Signature Algorithm with support for SHA-1, SHA-256 and SHA-512.

The Certificate Enrollment for SCEP configurations defaults to the SHA-384 CSR Hash Algorithm and supports SHA-1, SHA-256, and SHA-512. The RSA public-key support defaults to 2048-bit key length, and supports 1024 and 1536, as well as 3072 and 4096-bit key lengths. Also, SCEP supports Elliptic Curve Cryptography (ECC) public keys that default to the NIST P-256 curve. P-384 and P-512 curves are also supported. SHA-384 is the default for the CSR Signature Algorithm with support for SHA-1, SHA-256 and SHA-512.

Application Algorithm Protocol Compliance

Encryption of sensitive data-at-rest AES 256 bit GCM TLS versions 1.0, 1.1 and 1.2 cipher suites Secure communications transmission (DHE and EDH cipher suites have been Incoming connections using HTTPS on removed from the default configuration as ports 443, 8443 and 9997 of Core 9.0 and later)* Password hashing SHA-256 (15,000 rounds) Device tokens AES 128-bit Random Number Generation FIPS 140-2 Level 1 – SecureRandom X.509 Public Key Infrastructure and RFC 5280 Certificate Revocation List

2 Default Cipher Suites

The MobileIron Core versions 9.0 and later releases made significant changes and improvements to the cryptographic algorithms used to secure Transport Layer Security (TLS) communications between the client and Core. The following Cipher Suites are now enabled by default. The stronger Cipher Suites are prioritized to be negotiated first during the TLS handshake between the peers. The first Cipher Suite matched by the client will be used to secure the data communications with Core.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

Forward Secrecy

Forward Secrecy is the cryptographic property for key-agreement protocols where the session key derived from a set of long-term keys cannot be compromised even if one of the long-term keys is compromised in the future. If a server is configured to support Forward Secrecy , then a compromise of its private key cannot be used to decrypt past communications. This is achieved by using the ECDHE Key Exchange protocol between the client and server.

Note: Forward Secrecy is enabled and prioritized by default. All modern browsers and devices support Cipher Suites that enable Forward Secrecy. Forward Secrecy improves security and is recommended, although it prevents decryption of captured network traffic for debugging purposes

3 (such as using Wireshark) even if the private keys of the server are known. For troubleshooting connections only, disable the cipher suites which use the ECDHE Key Exchange algorithm, by removing them from the Cipher Suite priority list.

Custom Configuration

Changing the Protocol and Cipher Suite configurations are not recommended, although your specific environment may require modifications to the Protocol selection, and Cipher Suite selection and priority.

4 MobileIron Sentry

Application Algorithm Protocol Compliance

Encryption of sensitive data-at-rest AES 128-bit CBC Secure communications transmission (AppConnect and Tunnel) TLS versions 1.0, 1.1 and 1.2 cipher suites

AES 256-bit (Docs@Work app) E-Mail attachment AES-128 bit (Docs@Work Original)

Random Number Generation FIPS 140-2 Level 1 – SecureRandom X.509 Public Key Infrastructure and RFC 5280 Certificate Revocation List

Android OS

Application Algorithm Protocol Compliance

Encryption of sensitive data-at-rest AES 256-bit GCM (AppConnect, KNOX 2.6 and Work)

Secure communications transmission TLS versions 1.0, 1.1 and 1.2 cipher suites (AppConnect, Tunnel and Wi-Fi)

Virtual Private Network Virtual Private SSL VPN - TLS versions 1.0, 1.1 and 1.2 cipher Network suites (SSL and IKEv2) IKEv2 – 3DES, AES 128, 192 and 256-bit Device key derivation PBKDF2 Random Number Generation IPS 140-2 Level 1 – SecureRandom

5 Apple iOS

Application Algorithm Protocol Compliance

Encryption of sensitive data-at-rest AES 256-bit GCM (AppConnect) iOS Data Protection API

Secure communications transmission TLS versions 1.0, 1.1 and 1.2 cipher suites (AppConnect, Tunnel and Wi-Fi)

SSL VPN - TLS versions 1.0, 1.1 and 1.2 cipher Virtual Private Network suites (SSL and IKEv2) IKEv2 – 3DES, AES 128, 192 and 256-bit

PBKDF2 Device key derivation BCRYPT

Random Number Generation FIPS 140-2 Level 1 – SecureRandom

6 Windows 10 Desktop and Mobile

Application Algorithm Protocol Compliance

Encryption of sensitive data-at-rest AES 128-bit (default) (BitLocker) AES 256-bit (Windows Pro)

Secure communications transmission TLS versions 1.0, 1.1 and 1.2 cipher suites (HTTPS and Wi-Fi)

SSL VPN - TLS versions 1.0, 1.1 and 1.2 cipher Virtual Private Network suites (SSL and IKEv2) IKEv2 – 3DES, AES 128, 192 and 256-bit

PBKDF2 Device key derivation BCRYPT

Random Number Generation FIPS 140-2 Level

Conclusion

MobileIron’s cryptographic implementation strategy makes use of mature third party and/ or open source algorithms that secure data-at-rest and data-in-motion. The implementation is constantly being reviewed, validated and kept up-to-date with today’s security best practices and compliance with FIPS 140-2 Level 1.

415 East Middlefield Road Mountain View, CA 94043 [email protected] www.mobileiron.com Tel: +1.877.819.3451 Fax :+1.650.919.8006 7