Apple Inc. Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices Security Target PP_MD_V3.1 with MOD_MDM_AGENT_V1.0, MOD_VPN_CLI_V2.1, PP_WLAN_CLI_EP_V1.0 Version 1.7 2020-11-10 VID: 11036 Prepared for: Prepared by: Apple Inc. atsec information security Corp. One Apple Park Way 9130 Jollyville Road, Suite 260 MS 927-1CPS Austin, TX 78759 Cupertino, CA 95014 www.atsec.com www.apple.com © 2020 Apple Inc. This document may be reproduced and distributed only in its original entirety without revision VID: 11036 Table of Contents Revision History ........................................................................................................................... 8 1 Security Target Introduction .............................................................................................. 10 1.1 Security Target Reference ........................................................................................... 10 1.2 TOE Reference ............................................................................................................. 10 1.3 TOE Overview ............................................................................................................... 10 1.4 TOE Description ............................................................................................................ 11 1.4.1 General information .......................................................................................... 11 1.4.2 Obtaining the mobile devices .......................................................................... 11 1.4.3 Obtaining software updates ............................................................................. 12 1.4.4 Supervising and configuring the mobile devices............................................ 12 1.4.5 Mobile devices covered by this evaluation ..................................................... 12 1.5 TOE Architecture ........................................................................................................... 33 1.5.1 Physical Boundaries ......................................................................................... 34 1.5.2 Security Functions provided by the TOE ........................................................ 34 1.5.3 TOE Documentation ......................................................................................... 39 1.5.4 Other References ............................................................................................. 41 2 Conformance Claims ........................................................................................................... 44 2.1 CC Conformance .......................................................................................................... 44 2.2 Protection Profile (PP) Conformance .......................................................................... 44 2.2.1 Technical Decisions (TDs) ............................................................................... 44 2.3 Conformance Rationale ................................................................................................ 47 3 Security Problem Definition ............................................................................................... 48 3.1 Threats ........................................................................................................................... 48 3.2 Assumptions .................................................................................................................. 50 3.3 Organizational Security Policies .................................................................................. 51 4 Security Objectives .............................................................................................................. 53 4.1 Security Objectives for the TOE .................................................................................. 53 4.2 Security Objectives for the TOE Environment ............................................................ 55 5 Extended Components Definition ..................................................................................... 56 6 Security Functional Requirements ................................................................................... 57 6.1 Security Audit (FAU) ..................................................................................................... 58 Agent Alerts (FAU_ALT) ........................................................................................................ 58 FAU_ALT_EXT.2 Extended: Agent Alerts .................................................................. 58 Audit Data Generation (FAU_GEN) ...................................................................................... 58 FAU_GEN.1(1) Audit Data Generation ....................................................................... 58 FAU_GEN.1(2) Audit Data Generation ....................................................................... 60 Security Audit Event Selection (FAU_SEL).......................................................................... 61 FAU_SEL.1(2) Security Audit Event Selection ........................................................... 61 Security Audit Event Storage (FAU_STG) ........................................................................... 62 FAU_STG.1 Audit Storage Protection ......................................................................... 62 FAU_STG.4 Prevention of Audit Data Loss ............................................................... 62 6.2 Cryptographic Support (FCS) ...................................................................................... 63 Cryptographic Key Management (FCS_CKM) ..................................................................... 63 FCS_CKM.1(1) Cryptographic Key Generation ......................................................... 63 Page 2 of 185 © 2020 Apple Inc. Version: 1.7 VID: 11036 FCS_CKM.1/WLAN Cryptographic Key Generation (Symmetric Keys for WPA2 Connections) ..................................................................................................... 63 FCS_CKM.1/VPN VPN Cryptographic Key Generation (IKE) .................................. 63 FCS_CKM.2(1) Cryptographic Key Establishment .................................................... 63 FCS_CKM.2(2) Cryptographic Key Establishment (While device is locked) ........... 64 FCS_CKM.2/WLAN WLAN Cryptographic Key Distribution (GTK) .......................... 64 FCS_CKM_EXT.1 Extended: Cryptographic Key Support (REK) ............................ 64 FCS_CKM_EXT.2 Extended: Cryptographic Key Random Generation ................... 64 FCS_CKM_EXT.3 Extended: Cryptographic Key Generation .................................. 64 FCS_CKM_EXT.4 Extended: Key Destruction ........................................................... 65 FCS_CKM_EXT.5 Extended: TSF Wipe ..................................................................... 65 FCS_CKM_EXT.6 Extended: Salt Generation ........................................................... 66 FCS_CKM_EXT.7 Extended: Cryptographic Key Support (REK) ............................ 66 Cryptographic Operations (FCS_COP) ................................................................................ 67 FCS_COP.1(1) Confidentiality Algorithms .................................................................. 67 FCS_COP.1(2) Hashing Algorithms ............................................................................ 67 FCS_COP.1(3) Signature Algorithms ......................................................................... 67 FCS_COP.1(4) Keyed Hash Algorithms ..................................................................... 67 FCS_COP.1(5) Password-Based Key Derivation Functions..................................... 67 HTTPS Protocol (FCS_HTTPS) ............................................................................................ 68 FCS_HTTPS_EXT.1 Extended: HTTPS Protocol ...................................................... 68 IPsec Protocol (FCS_IPSEC) ................................................................................................ 68 FCS_IPSEC_EXT.1 Extended: IPsec ......................................................................... 68 Initialization Vector Generation (FCS_IV) ............................................................................ 69 FCS_IV_EXT.1 Extended: Initialization Vector Generation ...................................... 69 Random Bit Generation (FCS_RBG) .................................................................................... 70 FCS_RBG_EXT.1(Kernel and User space) Extended: Cryptographic Operation (Random Bit Generation) ................................................................................. 70 FCS_RBG_EXT.1(SEP) Extended: Cryptographic Operation (Random Bit Generation) ....................................................................................................... 70 Cryptographic Algorithm Services (FCS_SRV) ................................................................... 70 FCS_SRV_EXT.1 Extended: Cryptographic Algorithm Services.............................. 70 Cryptographic Key Storage (FCS_STG) .............................................................................. 71 FCS_STG_EXT.1 Extended: Secure Key Storage .................................................... 71 FCS_STG_EXT.2 Extended: Encrypted Cryptographic Key Storage ...................... 71 FCS_STG_EXT.3 Extended: Integrity of Encrypted Key Storage ............................ 72 FCS_STG_EXT.4 Extended: Cryptographic Key Storage .......................................