VMware Workspace ONE Boxer Email Client Version 21.05 Security Target ST Version: 1.5 September 21, 2021 VMware 1155 Perimeter Center West Suite 100 Atlanta, GA 30338 Prepared By: Cyber Assurance Testing Laboratory 1100 West St. Laurel, MD 20707 Security Target VMware Workspace ONE Boxer Email Client ii | P a g e Table of Contents 1 Security Target Introduction.................................................................................................................2 1.1 ST Reference.................................................................................................................................2 ST Identification ...................................................................................................................2 Document Organization........................................................................................................2 Terminology..........................................................................................................................2 Acronyms..............................................................................................................................3 Reference ..............................................................................................................................4 1.2 TOE Reference..............................................................................................................................4 1.3 TOE Overview..............................................................................................................................5 1.4 TOE Type......................................................................................................................................6 2 TOE Description...................................................................................................................................7 2.1 Evaluated Components of the TOE ..............................................................................................7 2.2 Components and Applications in the Operational Environment...................................................7 2.3 Excluded from the TOE................................................................................................................8 Not Installed..........................................................................................................................8 Installed but Requires a Separate License.............................................................................8 Installed but Not Part of the TSF ..........................................................................................8 2.4 Physical Boundary ........................................................................................................................8 Hardware...............................................................................................................................8 Software................................................................................................................................8 2.5 Logical Boundary..........................................................................................................................8 Cryptographic Support..........................................................................................................9 User Data Protection.............................................................................................................9 Identification and Authentication..........................................................................................9 Security Management ...........................................................................................................9 Privacy ................................................................................................................................10 Protection of the TSF..........................................................................................................10 Trusted Path/Channels ........................................................................................................10 3 Conformance Claims ..........................................................................................................................11 3.1 CC Version..................................................................................................................................11 3.2 CC Part 2 Conformance Claims..................................................................................................11 3.3 CC Part 3 Conformance Claims..................................................................................................11 3.4 PP Claims....................................................................................................................................11 3.5 Package Claims...........................................................................................................................11 3.6 Package Name Conformant or Package Name Augmented........................................................11 3.7 Conformance Claim Rationale....................................................................................................11 3.8 Technical Decisions....................................................................................................................12 4 Security Problem Definition ...............................................................................................................15 4.1 Threats.........................................................................................................................................15 4.2 Organizational Security Policies.................................................................................................15 4.3 Assumptions................................................................................................................................15 4.4 Security Objectives .....................................................................................................................16 TOE Security Objectives ....................................................................................................16 Security Target VMware Workspace ONE Boxer Email Client iii | P a g e Security Objectives for the Operational Environment........................................................17 4.5 Security Problem Definition Rationale.......................................................................................17 5 Extended Components Definition.......................................................................................................18 5.1 Extended Security Functional Requirements..............................................................................18 5.2 Extended Security Assurance Requirements ..............................................................................18 6 Security Functional Requirements......................................................................................................19 6.1 Conventions ................................................................................................................................19 6.2 Security Functional Requirements Summary..............................................................................19 6.3 Security Functional Requirements..............................................................................................21 Class FCS: Cryptographic Support.....................................................................................21 Class FDP: User Data Protection........................................................................................27 Class FIA: Identification and Authentication .....................................................................29 Class FMT: Security Management .....................................................................................30 Class FPR: Privacy..............................................................................................................31 Class FPT: Protection of the TSF .......................................................................................32 Class FTP: Trusted Path/Channels......................................................................................34 6.4 Statement of Security Functional Requirements Consistency ....................................................34 7 Security Assurance Requirements ......................................................................................................35 7.1 Class ASE: Security Target.........................................................................................................35 7.2 Class ADV: Development...........................................................................................................35 Basic Functional Specification (ADV_FSP.1)....................................................................35 7.3 Class AGD: Guidance Documentation .......................................................................................36 Operational User Guidance (AGD_OPE.1) ........................................................................36 Preparative Procedures (AGD_PRE.1) ...............................................................................37 7.4 Class ALC: Life Cycle Support ..................................................................................................37 Labeling of the TOE (ALC_CMC.1)..................................................................................37 TOE CM Coverage (ALC_CMS.1) ....................................................................................38 Timely Security Updates (ALC_TSU_EXT.1)...................................................................38 7.5 Class ATE: Tests.........................................................................................................................39 Independent Testing - Conformance (ATE_IND.1) ...........................................................39 7.6 Class AVA: Vulnerability Assessment.......................................................................................40 Vulnerability Survey (AVA_VAN.1) .................................................................................40 8 TOE Summary Specification ..............................................................................................................41 8.1 Cryptographic Support................................................................................................................41 [APP_PP] FCS_CKM_EXT.1 and FCS_CKM.1.1(1)........................................................42 [APP_PP] FCS_CKM.2......................................................................................................42 [EC_EP] FCS_CKM_EXT.3 ..............................................................................................43 [EC_EP] FCS_CKM_EXT.4 ..............................................................................................43 [EC_EP] FCS_CKM_EXT.5 ..............................................................................................43 [APP_PP] FCS_COP.1(1)...................................................................................................43 [APP_PP] FCS_COP.1(2)...................................................................................................44 [APP_PP] FCS_COP.1(3)...................................................................................................44 [APP_PP] FCS_COP.1(4)...................................................................................................44 [EC_EP] FCS_COP_EXT.2(1) and [EC_EP] FCS_COP_EXT.2(2)..................................44 Security Target VMware Workspace ONE Boxer Email Client iv | P a g e [EC_EP] FCS_IVG_EXT.1 ................................................................................................45 [EC_EP] FCS_KYC_EXT.1...............................................................................................45 [APP_PP] FCS_RBG_EXT.1(1), [APP_PP] FCS_RBG_EXT.1(2) and [APP_PP] FCS_RBG_EXT.2 ..............................................................................................................................46 [EC_EP] FCS_SMIME_EXT.1 ..........................................................................................46 [APP_PP] FCS_STO_EXT.1(1) .........................................................................................47 [APP_PP] FCS_STO_EXT.1(2) .........................................................................................53 8.2 User Data Protection...................................................................................................................53 [APP_PP] FDP_DAR_EXT.1.............................................................................................53 [APP_PP] FDP_DEC_EXT.1(1) and [APP_PP] FDP_DEC_EXT.1(2).............................54 [APP_PP] FDP_NET_EXT.1 .............................................................................................54 [EC_EP] FDP_NOT_EXT.1...............................................................................................55 [EC_EP] FDP_SMIME_EXT.1..........................................................................................55 8.3 Identification and Authentication................................................................................................56 [APP_PP] FIA_X509_EXT.1 .............................................................................................56 [APP_PP] FIA_X509_EXT.2 .............................................................................................56 [EC_EP] FIA_X509_EXT.3 ...............................................................................................57 8.4 Security Management .................................................................................................................57 [APP_PP] FMT_CFG_EXT.1 ............................................................................................57 [APP_PP] FMT_MEC_EXT.1............................................................................................57 [EC_EP] FMT_MOF_EXT.1..............................................................................................57 [APP_PP] FMT_SMF.1......................................................................................................58 8.5 Privacy ........................................................................................................................................58 [APP_PP] FPR_ANO_EXT.1.............................................................................................58 8.6 Protection of the TSF..................................................................................................................58 [APP_PP] FPT_AEX_EXT.1 .............................................................................................58 [EC_EP] FPT_AON_EXT.1...............................................................................................58 [APP_PP] FPT_API_EXT.1 ...............................................................................................59 [APP_PP] FPT_IDV_EXT.1(1) and FPT_IDV_EXT.1(2).................................................58 [APP_PP] FPT_LIB_EXT.1 ...............................................................................................58 [APP_PP] FPT_TUD_EXT.1 and FPT_TUD_EXT.2........................................................59 8.7 Trusted Path/Channels ................................................................................................................60 [APP_PP] FTP_DIT_EXT.1(1) and [APP_PP] FTP_DIT_EXT.1(2) ................................60 [EC_EP] FTP_ITC_EXT.1.................................................................................................60 Table of Figures Figure 1: TOE Boundary ..............................................................................................................................6 Table of Tables Table 1: Customer Specific Terminology.....................................................................................................3 Table 2: CC Specific Terminology...............................................................................................................3 Table 3: Acronym Definition........................................................................................................................4 Security Target VMware Workspace ONE Boxer Email Client v | P a g e Table 4: Evaluated Components of the TOE ................................................................................................7 Table 5: Components of the Operational Environment ................................................................................7 Table 6: Technical Decisions......................................................................................................................14 Table 7: TOE Threats..................................................................................................................................15 Table 8: TOE Assumptions.........................................................................................................................16 Table 9: TOE Objectives ............................................................................................................................17 Table 10: Operational Environment Objectives..........................................................................................17 Table 11: iOS Security Functional Requirements for the TOE ..................................................................20 Table 12: Android Security Functional Requirements for the TOE ...........................................................21 Table 13: CAVP Certificates for Boxer’s OpenSSL Implementation on Android.....................................41 Table 14: Cryptographic Libraries..............................................................................................................42 Table 15: Stored Android Credentials ........................................................................................................50 Table 16: Stored iOS Credentials................................................................................................................53 Security Target VMware Workspace ONE Boxer Email Client 2 | P a g e 1 Security Target Introduction This chapter presents the Security Target (ST) identification information and an overview. An ST contains the Information Technology (IT) security requirements of an identified Target of Evaluation (TOE) and specifies the functional and assurance security measures offered by the TOE. 1.1 ST Reference This section provides information needed to identify and control this ST and its Target of Evaluation. ST Identification ST Title: VMware Workspace ONE Boxer Email Client Version 21.05 Security Target ST Version: 1.5 ST Publication Date: September 21, 2021 ST Author: Booz Allen Hamilton Document Organization Chapter 1 of this document provides identifying information for the ST and TOE as well as a brief description of the TOE and its associated TOE type. Chapter 2 describes the TOE in terms of its physical boundary, logical boundary, exclusions, and dependent Operational Environment components. Chapter 3 describes the conformance claims made by this ST. Chapter 4 describes the threats, assumptions, objectives, and organizational security policies that apply to the TOE. Chapter 5 defines extended Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs). Chapter 6 describes the SFRs that are to be implemented by the TSF. Chapter 7 describes the SARs that will be used to evaluate the TOE. Chapter 8 provides the TOE Summary Specification, which describes how the SFRs that are defined for the TOE are implemented by the TSF. Terminology This section defines the terminology used throughout this ST. The terminology used throughout this ST is defined in Table 1 and 2. These tables are to be used by the reader as a quick reference guide for terminology definitions. Term Definition Administrator An individual that has the ability to manage some aspect of mobile device configuration using the VMware Workspace ONE Unified Endpoint Management (UEM) console. UEM is a Mobile Device Management (MDM) product that contains a server and an agent that resides on the mobile device. Security Target VMware Workspace ONE Boxer Email Client 3 | P a g e Term Definition Managed Device Managed devices are those devices that are enrolled and managed by an MDM product. Enrolled devices have an agent installed on the device which provide status and policy information about the device to the UEM. Additionally, the agent is responsible for retrieving configuration information for the managed applications installed on the device. End User An individual who possesses a mobile device with the Boxer application installed and enrolled into UEM. Table 1: Customer Specific Terminology Term Definition Authorized Administrator The claimed Protection Profile defines an Authorized Administrator role that is authorized to manage the TOE and its data. Security Administrator Synonymous with Authorized Administrator. Trusted Channel An encrypted connection between the TOE and a system in the Operational Environment. Trusted Path An encrypted connection between the TOE and the application an Authorized Administrator uses to manage it (web browser, terminal client, etc.). User In a CC context, any individual who has the ability to manage TOE functions or data. Table 2: CC Specific Terminology Acronyms The acronyms used throughout this ST are defined in Table 3. This table is to be used by the reader as a quick reference guide for acronym definitions. Acronym Definition CA Certificate Authority CC Common Criteria GUI Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure over a bidirectional TLS encrypted tunnel IP Internet Protocol IT Information Technology LDAP Lightweight Directory Access Protocol MAS Mobile Application Store MDM Mobile Device Management NIAP National Information Assurance Partnership OCSP Online Certificate Status Protocol OS Operating System PP Protection Profile SAR Security Assurance Requirement SFR Security Functional Requirement SSL Secure Sockets Layer ST Security Target TCP Transmission Control Protocol TLS Transport Layer Security TOE Target of Evaluation Security Target VMware Workspace ONE Boxer Email Client 4 | P a g e TSF TOE Security Function UEM Unified Endpoint Management Table 3: Acronym Definition Reference [1] Protection Profile for Application Software, version 1.3 [APP_PP] [2] Application Software Extended Package for Email Clients, version 2.0 [EC_EP] [3] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-001 [4] Common Criteria for Information Technology Security Evaluation – Part 2: Security functional components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-002 [5] Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-003 [6] Common Methodology for Information Technology Security Evaluation – Evaluation Methodology, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-004 [CEM] [7] NIST Special Publication 800-38A Recommendation for Block Cipher Modes of Operation, December 2001 [8] NIST Special Publication 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, December 2012 [9] NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Discrete Logarithm Cryptography, April 2018 [10] NIST Special Publication 800-56B Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, August 2009 [11] NIST Special Publication 800-57 Recommendation for Key Management, January 2016 [12] NIST Special Publication 800-88 Guideline for Media Sanitization, December 2014 [13] NIST Special Publication 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators, June 2015 [14] NIST Special Publication 800-132 Recommendation for Password-Based Key Derivation, December 2010 [15] FIPS PUB 180-4 Federal Information Processing Standards Publication Secure Hash Standard (SHS), March 2012 [16] FIPS PUB 186-4 Federal Information Processing Standards Publication Digital Signature Standard, July 2013 [17] FIPS PUB 198-1 Federal Information Processing Standards Publication The Keyed-Hash Message Authentication Code (HMAC), July 2008 [18] ISO/IEC 19770-2:2015 Information technology – IT asset management – Part 2: Software identification tag [19] Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 10 – Spring Security Target (VID11042) [20] Apple iPad and iPhone Mobile Devices with iOS 13 (VID11036) [21] VMware Workspace ONE Boxer Admin Guide – 1/15/2019 1.2 TOE Reference The TOE is the VMware Workspace ONE Boxer Email Client Version 21.05. Security Target VMware Workspace ONE Boxer Email Client 5 | P a g e 1.3 TOE Overview The TOE is the VMware Workspace ONE Boxer Email Client product referred to as Boxer or TOE from this point forward. Boxer is an email client application software product that is installed on a mobile device platform. The Boxer application containerizes enterprise data from personal data that resides on the user’s mobile device. Boxer supports the use of Microsoft Exchange (using ActiveSync and/or Exchange Web Services), Office 365, Outlook, Gmail, Yahoo, G Suite and Lotus Notes, and Cloud email services. For the evaluated configuration, the enterprise management email support only applies to the use of Microsoft Exchange. In the evaluated configuration, the TOE is installed on a mobile device running iOS 13 (VID11036) as well as a mobile device host running Android 10 (VID11042). The mobile devices must be enrolled and managed by the VMware Workspace ONE Unified Endpoint Management (UEM) at the device level. When the TOE application is installed on the mobile device it is then enrolled as a managed application in UEM in order to obtain its configuration information. Additionally, the TOE is configured to use ActiveSync to communicate with the Microsoft Exchange server over a TLS v1.2 trusted channel. The Exchange server resides in the operational environment and is for sending and receiving enterprise data such as email, calendar information and appointment data. Whether installed on an Android or iOS device, the application validates the certificates using OCSP. The OCSP responder is also considered part of the operational environment. Security Target VMware Workspace ONE Boxer Email Client 6 | P a g e VMware UEM Hub Agent OCSP Responder for S/MIME Administrator Workstation Exchange Server VMware Workspace ONE Boxer Email Client VMware Workspace ONE UEM (MDM Server) OS (iOS or Android) OCSP Administrator Mobile Device TLS Controlled Test Environment Google Play Store Apple App Store Amazon OCSP Responders for TLS Comms Key TOE Mobile Device Host Environment TOE User 3 2 1 4 Operational Environment Dashed lines - Communication channels that are considered part of the operational environment. The TOE does not implement or invoke the OS to establish these channels. They are included for completeness of the required operational environment description Figure 1: TOE Boundary As depicted in Figure 1, the TOE resides on the mobile device host running iOS 13 or Android 10. The TOE is required to be under the control of the Workspace ONE UEM product and will communicate with the UEM server, via the UEM Hub Agent, to consume Boxer policy and configuration information (2). This communications channel is considered part of the operational environment as the UEM components initiate this communication channel not the TOE. Boxer email client communicates with the Exchange server by invoking the OS to establish a TLS v1.2 communication channel (3). There is also a communication channel between the TOE and the OCSP responder to check S/MIME certificate revocation status (1). The TOE is the VMware Workspace ONE Boxer Email Client. The mobile device, OS, UEM Hub Agent (2), UEM server (2), UEM Administrator Workstation (aka UEM Console), Exchange server, app stores (4), and OCSP responder for TLS communications (4) are operational environment components. 1.4 TOE Type TOE type is Application Software Email Client. The TOE is application software that is installed on mobile devices which provides email client services that allows the user to receive, send, manage, and access enterprise email on their mobile device. Security Target VMware Workspace ONE Boxer Email Client 7 | P a g e 2 TOE Description This section provides a description of the TOE in its evaluated configuration. This includes the physical and logical boundaries of the TOE. 2.1 Evaluated Components of the TOE The following table describes the TOE components in the evaluated configuration: Component Definition VMware Workspace ONE Boxer Email Client v 21.05 Application for Apple iOS 13* VMware Email Client Application VMware Workspace ONE Boxer Email Client v 21.05 Application for Android 10.0* VMware Email Client Application Table 4: Evaluated Components of the TOE *certified iOS 13 (VID11036) and certified Android 10 (VID11042). As shown in Figure 1, the TOE boundary on the end user mobile devices includes only the VMware Workspace ONE Boxer Email Client application (Boxer from this point forward). The mobile device and the OS that the application is installed on are considered part of the operational environment. The devices and the OS have been evaluated against the Mobile Device Fundamentals Protection Profile under the Validation ID numbers identified in Table 4 above. 2.2 Components and Applications in the Operational Environment The following table lists components and applications in the environment that the TOE relies upon in order to function properly: Component Definition OCSP Responder A server deployed within the Operational Environment which confirms the validity and revocation status of certificates. VMware Workspace ONE Unified Endpoint Management (UEM) Server The VMware Workspace ONE UEM server is used to manage the VMware Boxer app (TOE) and its host mobile device. The UEM Server provides administrative access through its UEM Console. Microsoft Exchange Server 2019 Exchange server for sending and receiving emails to and from the Operational Environment configured to use ActiveSync to communicate. Mobile Device The hardware that runs the OS in which the application is installed on. The TOE was installed on a certified iOS 13 (VID11036) device and certified Android 10 (VID11042) device. For testing, this evaluation used a Samsung Galaxy S10+ (Android) and an iPhone Xs (Apple). Note: Devices will hereafter be written as “Samsung device” and “iPhone device.” Table 5: Components of the Operational Environment Security Target VMware Workspace ONE Boxer Email Client 8 | P a g e 2.3 Excluded from the TOE The following optional products, components, and/or applications can be integrated with the TOE but are not included in the evaluated configuration. They provide no added security related functionality for the evaluated product. They are separated into three categories: not installed, installed but requires a separate license, and installed but not part of the TSF. Not Installed There are no components that are not installed. Installed but Requires a Separate License There are no excluded components that are installed and require a separate license. Installed but Not Part of the TSF This section contains functionality or components that are part of the purchased product but are not part of the TSF relevant functionality that is being evaluated as the TOE. There are no discrete individual components that are excluded from the TSF. Note however that the logical boundary of the TOE only includes the functionality that satisfies the Security Functional Requirements in the claimed Protection Profiles and the configuration specified in Section 2 above. Therefore, Boxer support for Microsoft Exchange (using Exchange Web Services), Office 365, Outlook, Gmail, Yahoo, G Suite, Lotus Notes, and Cloud email services are not part of the evaluated configuration. If the product provides functionality that is not used to satisfy any of the PP defined requirements, it is considered to be security-non-interfering functionality and is not part of the evaluated configuration. 2.4 Physical Boundary Hardware This is a software-only TOE. All hardware that is present is part of the TOE’s Operational Environment. VMware Workspace ONE Boxer Email Client v 21.05 Application for Apple iOS 13 iPhone Xs, A12 Bionic, certified iOS 13 VID11036 VMware Workspace ONE Boxer Email Client v 21.05 Application for Android 10.0 Samsung Galaxy S10+, SM8150 Snapdragon 855, certified Android 10 VID11042 Software The physical boundary of the TOE software is the VMware Boxer application and its configuration data. 2.5 Logical Boundary The TOE is comprised of several security features. Each of these security features consists of several security functionalities, as identified below. This ST includes the security functional requirements from the Application Software Protection Profile v1.3 and the Email Client Extended Package v2.0. The security requirements that are derived from the Application Software Protection Profile are denoted with Security Target VMware Workspace ONE Boxer Email Client 9 | P a g e [APP_PP] and the requirements that are derived from the Application Software Extended Package for Email Clients are denoted with [EC_EP]. 1. Cryptographic Support 2. User Data Protection 3. Identification and Authentication 4. Security Management 5. Privacy 6. Protection of the TSF 7. Trusted Path/Channels Cryptographic Support Depending on which OS the application is installed on, the TOE either invokes the underlying platform or implements its own cryptographic module to perform cryptographic services. All cryptographic mechanisms, whether platform or application provided, use DRBG functionality to support cryptographic operations. Cryptographic functionality includes encryption/decryption services, credential/key storage, key establishment, key destruction, hashing services, signature services, key-hashed message authentication, and key chaining using a password-based derivation function. Cryptographic services for the application’s S/MIME functionality and TLS communications are provided by the underlying platform when the application is installed on a device running iOS. When installed on a device running the Android OS, the TOE invokes the underlying platform cryptographic libraries for TLS communications and implements an OpenSSL cryptographic module to perform the cryptographic functionality required to support S/MIME (CAVP certificate #A1297). User Data Protection The TOE uses S/MIME to digitally sign, verify, decrypt, and encrypt email messages. The TOE stores all application data in an encrypted Boxer database which is created on the mobile device during installation. The TOE requires that the host platform have full disk encryption enabled to securely store the data. The TOE restricts its network access and provides user awareness when it attempts to access hardware resources and sensitive data stored on the host platform. The TOE displays notification icons that show S/MIME status. Each status is shown as a different color so that the user can quickly identify any issues. Identification and Authentication The TOE relies on the OS to validate X.509.3 certificates for TLS communication. The TOE validates X.509v3 certificates for signing and encrypting emails for S/MIME. Security Management The TOE enforces the application’s enterprise policy set by the UEM administrator pushed out to the managed TOE device. The TOE does not use default passwords, and automatically installs and configures the application to protect itself and its data from unauthorized access while also implementing the recommended platform security mechanisms. Changing one’s own password from the application is the only management function that can be performed by the owner/user of the mobile device with the TOE installed. Security Target VMware Workspace ONE Boxer Email Client 10 | P a g e Privacy The TOE does not transmit any personally identifiable information (PII) over the network unless voluntarily sent via free text email. Protection of the TSF The TOE does not support the installation of trusted or untrusted add-ons. The user is able to navigate the platform to check the version of the TOE and also check for updates to the application. All updates come from the Google Play Store (Android) or Apple App Store (iOS). The digital signature of the updates is verified by the mobile device platform prior to being installed. The TOE does not replace or modify its own binaries without user interaction. The TOE implements anti-exploitation features, such as stack- based overflow protection, is compatible with security features provided by the OS, and will only use documented APIs and libraries. Trusted Path/Channels The TOE invokes the platform to provide the trusted communication channel between the TOE and the Exchange server. Communications are protected with TLS v1.2. Communication to the Exchange server uses ActiveSync to send and receive emails. Security Target VMware Workspace ONE Boxer Email Client 11 | P a g e 3 Conformance Claims 3.1 CC Version This ST is compliant with Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5 April 2017. 3.2 CC Part 2 Conformance Claims This ST and Target of Evaluation (TOE) is Part 2 extended to include all applicable NIAP and International interpretations through September 21, 2021. 3.3 CC Part 3 Conformance Claims This ST and Target of Evaluation (TOE) are conformant to Part 3 extended to include all applicable NIAP and International interpretations through September 21, 2021. 3.4 PP Claims This ST claims exact conformance to the following Protection Profiles: • Protection Profile for Application Software Version 1.3 [APP_PP] • Application Software Extended Package for Email Clients v2.0 [EC_EP] 3.5 Package Claims The TOE claims exact compliance to the Protection Profile for Application Software and The Application Software Extended Package for Email Clients. The TOE claims following optional SFRs that are defined in the appendices of the claimed PP: [EC_EP] FCS_CKM_EXT.5 This does not violate the notion of exact conformance because the PP specifically indicates these as allowable options and provides both the ST author and evaluation laboratory with instructions on how these claims are to be documented and evaluated. 3.6 Package Name Conformant or Package Name Augmented This ST and TOE claim exact conformance to the [APP_PP] and [EC_EP]. 3.7 Conformance Claim Rationale The [APP_PP] states the following: “The application, which consists of the software provided by its vendor, is installed onto the platform(s) it operates on. It executes on the platform, which may be an operating system, hardware environment, a software based execution environment, or some combination of these.” “Applications include a diverse range of software such as office suites, thin clients, PDF readers, downloadable smartphone apps, and apps running in a cloud container. The TOE includes any software in Security Target VMware Workspace ONE Boxer Email Client 12 | P a g e the application installation package, even those pieces that may extend or modify the functionality of the underlying platform, such as kernel drivers.” The [EC_EP] states the following: “Email clients are user applications that provide functionality to send, receive, access and manage email. The complexity of email content and email clients has grown over time. Modern email clients can render HTML as well as plaintext, and may include functionality to display common attachment formats, such as Adobe PDF and Microsoft Word documents. Some email clients allow their functionality to be modified by users through the addition of add-ons. Protocols have also been defined for communicating between email clients and servers. Some clients support multiple protocols for doing the same task, allowing them to be configured according to email server specifications.” The Application Software Email Client TOE type is justified because the TOE is application software that is installed on mobile devices which provides email client services that allows the user to receive, send, manage, and access enterprise email on their mobile device. 3.8 Technical Decisions Technical Decisions that effected the SFR wording have been annotated with a Footnote. The following is a complete list of Technical Decisions that apply to the [APP_PP] and [EC_PP] evaluation activities that must be performed during the evaluation of this TOE: TD # Title References Changes Analysis to this evaluation SFR AA Notes NA Reason TD0600 Conformance claim sections updated to allow for MOD_VPNC_V2.3 MOD_BT_V1.0, MOD_FE_V1.0, MOD_FEEM_V1.0, MOD_MDM_AGENT_V1.0, PP_APP_v1.3, PP_MDF_V3.2, PP_MDM_V4.0, PP_OS_V4.2.1 X Adds VPN module as allowable under App PP. Not applicable. Not a VPN solution. TD0598 Expanded AES Modes in FCS_COP for App PP PP_APP_v1.3, PP_SSH_EP_v1.0 X X X AA: Test Added SFR option. However, this option not selected Footnote 7 TD0587 X.509 SFR Applicability in App PP FIA_X509_EXT.1, FIA_X509_EXT.2, FTP_DIT_EXT.1 X X X FIA_X509_EXT.2.1 has additional SFR option. However, this option not selected. Therefore, no footnote or identification is reflected in ST. FIA_X509_EXT1.1 SFR wording was updated. Footnote 12 Security Target VMware Workspace ONE Boxer Email Client 13 | P a g e Additionally, the AA: TSS, Test wording FTP_DIT_EXT.1 has additional SFR option However, this option not selected. Footnote 16 and 17 TD0582 PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed FDP_DAR_EXT,1 X X Update to conformance claims. Corrected SFR option. However, this option not selected. Footnote 11 TD0561 Signature verification update FPT_TUD_EXT.1.4, FPT_TUD_EXT.2 X X X AA: TSS Footnote 14 and 15 TD0554 iOS/iPadOS/Android AppSW Virus Scan AVA_VAN.1 X AA: Drops virus scan for Android and iOS platforms TD0548 Integrity for installation tests in AppSW PP 1.3 FPT_TUD_EXT.1.3 X AA: Test activity TD0544 Alternative testing methods for FPT_AEX_EXT.1.1 FPT_AEX_EXT.1 X AA: Test wording TD0543 FMT_MEC_EXT.1 evaluation activity update FMT_MEC_EXT.1 X X AA: Test wording. Not claiming Windows. TD0540 Expanded AES Modes in FCS_COP FCS_COP.1(1) X X AA: Tests wording Footnote 7 TD0519 Linux symbolic links and FMT_CFG_EXT.1 FMT_CFG_EXT.1.2 X X AA: Test wording Not claiming Linux TD0515 Use Android APK manifest in test FDP_DEC_EXT.1 X AA: Test wording TD0510 Obtaining random bytes for iOS/macOS FCS_RBG_EXT.1 X AA: Test wording TD0498 Application Software PP Security Objectives and Requirements Rationale X Updated Security Objective Rationale TD0495 FIA_X509_EXT.1.2 Test Clarification FIA_X509_EXT.1.2 X AA: Test wording TD0473 Support for Client or Server TOEs in FCS_HTTPS_EXT FCS_HTTPS_EXT.1 X X X Not claiming HTTPS TD0465 Configuration Storage for .NET Apps FMT_MEC_EXT.1 X AA: Test wording TD0445 User Modifiable File Definition FPT_AEX_EXT.1.4 X X AA: Test wording TD0437 Supported Configuration Mechanism FMT_MEC_EXT.1.1 X X Additional SFR option AA: TSS, AGD, Test wording Footnote 13 TD0435 Alternative to SELinux for FPT_AEX_EXT.1.3 FPT_AEX_EXT.1.3 X AA: Test wording TD0434 Windows Desktop Applications Test FDP_DEC_EXT.1.1 X AA: Test wording TD0427 Reliable Time Source A.Platform Updated wording to Assumption. Footnote 1 Security Target VMware Workspace ONE Boxer Email Client 14 | P a g e TD0416 Correction to FCS_RBG_EXT.1 Test Activity FCS_RBG_EXT.1.1 X AA: Test wording TD0560* Email Encryption Algorithms FCS_SMIME_EXT.1 X X X AA: Test wording Footnote 8, 9, and 10 TD0414* FTP_ITC_EXT1. Tests 1 and 2 FTP_ITC_EXT.1 X AA: Test wording TD0405* FIA_SASL_EXT.1 Testing FIA_SASL_EXT.1 X X Not claiming FIA_SASL_EXT.1 TD0352* Added key destruction options FCS_CKM_EXT.4 X X AA: TSS wording Footnote 2 TD0266* Password/passphrase min vs max value for FCS_CKM_EXT.5.1 FCS_CKM_EXT.5.1 X X X AA: TSS, AGD, Test wording Footnote 3,4,5, and 6 Table 6: Technical Decisions * Technical Decisions that apply to the Application Software Extended Package for Email Clients [EC_PP]. Security Target VMware Workspace ONE Boxer Email Client 15 | P a g e 4 Security Problem Definition The security problem definition content from the [EC_EP] is explicitly marked but content from the [APP_PP] is not likewise distinguished in this section. 4.1 Threats This section identifies the threats against the TOE. These threats have been taken from the [APP_PP] and [EC_EP]. Threat Threat Definition T.FLAWED_ADDON [EC_EP] Email client functionality can be extended with integration of third- party utilities and tools. This expanded set of capabilities is made possible via the use of add-ons. The tight integration between the basic email client code and the new capabilities that add-ons provide increases the risk that malefactors could inject serious flaws into the email client application, either maliciously by an attacker, or accidentally by a developer. These flaws enable undesirable behaviors including, but not limited to, allowing unauthorized access to sensitive information in the email client, unauthorized access to the device's file system, or even privilege escalation that enables unauthorized access to other applications or the operating system. T.LOCAL_ATTACK An attacker can act through unprivileged software on the same computing platform on which the application executes. Attackers may provide maliciously formatted input to the application in the form of files or other local communications. T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with the application software or alter communications between the application software and other endpoints in order to compromise it. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between the application and other endpoints. T.PHYSICAL_ACCESS An attacker may try to access sensitive data at rest. Table 7: TOE Threats 4.2 Organizational Security Policies There are no Organizational Security Policies in the [APP_PP] or [EC_EP]. 4.3 Assumptions The specific conditions listed in this section are assumed to exist in the TOE’s Operational Environment. These assumptions have been taken from the [APP_PP] or [EC_EP]. Assumption Assumption Definition A.PLATFORM1 The TOE relies upon a trustworthy computing platform with a reliable time clock for its execution. This includes the underlying platform and whatever runtime environment it provides to the TOE. 1 TD0427 Security Target VMware Workspace ONE Boxer Email Client 16 | P a g e Assumption Assumption Definition A.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. A.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. Table 8: TOE Assumptions 4.4 Security Objectives This section identifies the security objectives of the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. TOE Security Objectives This section identifies the security objectives of the TOE. These objectives have been taken directly from the [APP_PP] or [EC_EP]. Objective Objective Definition O.ADDON_INTEGRITY [EC_EP] To address issues associated with malicious or flawed plugins or extensions, conformant email clients implement mechanisms to ensure their integrity. This includes verification at installation time and update. O.INTEGRITY Conformant TOEs ensure the integrity of their installation and update packages, and also leverage execution environment-based mitigations. Software is seldom, if ever, shipped without errors. The ability to deploy patches and updates to fielded software with integrity is critical to enterprise network security. Processor manufacturers, compiler developers, execution environment vendors, and operating system vendors have developed execution environment-based mitigations that increase the cost to attackers by adding complexity to the task of compromising systems. Application software can often take advantage of these mechanisms by using APIs provided by the runtime environment or by enabling the mechanism through compiler or linker options. O.MANAGEMENT To facilitate management by users and the enterprise, conformant TOEs provide consistent and supported interfaces for their security-relevant configuration and maintenance. This includes the deployment of applications and application updates through the use of platform-supported deployment mechanisms and formats, as well as providing mechanisms for configuration. This also includes providing control to the user regarding disclosure of any PII. O.PROTECTED_COMMS To address both passive (eavesdropping) and active (packet modification) network attack threats, conformant TOEs will use a trusted channel for sensitive data. Sensitive data includes cryptographic keys, passwords, and any other data specific to the application that should not be exposed outside of the application. O.PROTECTED_STORAGE To address the issue of loss of confidentiality of user data in the event of loss of physical control of the storage medium, conformant TOEs will use data-at-rest protection. This involves encrypting data and keys stored by the TOE in order to prevent unauthorized access to this data. This also includes unnecessary network communications whose consequence may be the loss of data. O.QUALITY To ensure quality of implementation, conformant TOEs leverage services and APIs provided by the runtime environment rather than implementing their own versions of these services and APIs. This is especially important for cryptographic services and other complex operations such as file and media parsing. Leveraging this platform behavior relies upon using only documented and supported APIs. Security Target VMware Workspace ONE Boxer Email Client 17 | P a g e Table 9: TOE Objectives Security Objectives for the Operational Environment The TOE’s operational environment must satisfy the following objectives: Objective Objective Definition OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. Table 10: Operational Environment Objectives 4.5 Security Problem Definition Rationale The assumptions, threats, OSPs, and objectives that are defined in this ST represent the assumptions, threats, OSPs, and objectives that are specified in the Protection Profiles to which the TOE claims conformance. The associated mappings of assumptions to environmental objectives, SFRs to TOE objectives, and OSPs and objectives to threats are therefore identical to the mappings that are specified in the claimed Protection Profiles. Security Target VMware Workspace ONE Boxer Email Client 18 | P a g e 5 Extended Components Definition 5.1 Extended Security Functional Requirements The extended Security Functional Requirements that are claimed in this ST are taken directly from the PPs to which the ST and TOE claim conformance. These extended components are formally defined in the PPs in which their usage is required. 5.2 Extended Security Assurance Requirements The extended Security Assurance Requirement that is claimed in this ST is taken directly from the PP to which the ST and TOE claim conformance. This extended component is formally defined in the PP in which its usage is required. Security Target VMware Workspace ONE Boxer Email Client 19 | P a g e 6 Security Functional Requirements 6.1 Conventions The CC permits four functional component operations—assignment, refinement, selection, and iteration—to be performed on functional requirements. This ST will highlight the operations in the following manner: • Assignment: allows the specification of an identified parameter. Indicated with italicized text. • Refinement: allows the addition of details. Indicated with bold text. • Selection: allows the specification of one or more elements from a list. Indicated with underlined text. • Iteration operation: are identified with a number inside parentheses (e.g. "(1)") When multiple operations are combined, such as an assignment that is provided as an option within a selection or refinement, a combination of the text formatting is used. Text that is formatted in a claimed PP, such as if the PP’s instantiation of the SFR has a refinement (bolded font), or a completed assignment (inside brackets), the formatting is not preserved when reproduced in this ST. Only the assignments and selections made by the ST author are within [brackets]. This is so that the reader can easily identify the operations that are performed by the ST author. 6.2 Security Functional Requirements Summary The following tables list the SFRs claimed by the TOE per platform. SFRs that originate from the Application Software Protection Profile are denoted by a [APP_PP], SFRs that originated from the Email Client Extended Package are denoted by [EC_EP]. Class Name Component Identification Component Name Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services [APP_PP] FCS_CKM.1(1) Cryptographic Asymmetric Key Generation [APP_PP] FCS_CKM.2 Cryptographic Key Establishment [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) [EC_EP] FCS_COP_EXT.2(1) Key Wrapping [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation [EC_EP] FCS_KYC_EXT.1 Key Chaining [APP_PP] FCS_RBG_EXT.1(1) Random Bit Generation Services (iOS) [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data [APP_PP] FDP_DEC_EXT.1(1) Access to Platform Resources (iOS) [APP_PP] FDP_NET_EXT.1 Network Communications [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status Security Target VMware Workspace ONE Boxer Email Client 20 | P a g e Class Name Component Identification Component Name [EC_EP] FDP_SMIME_EXT.1 S/MIME Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Authentication and Encryption [APP_PP] FIA_X509_EXT.2 X.509 Authentication and Encryption [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior [APP_PP] FMT_SMF.1 Specification of Management Functions Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs [APP_PP] FPT_IDV_EXT.1(1) Software Identification and Versions [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1(1) Protection of Data in Transit (iOS) [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel Table 11: iOS Security Functional Requirements for the TOE Class Name Component Identification Component Name Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services [APP_PP] FCS_CKM.1(1) Cryptographic Asymmetric Key Generation [APP_PP] FCS_CKM.2 Cryptographic Key Establishment [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) [APP_PP] FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption (Android) [APP_PP] FCS_COP.1(2) Cryptographic Operation – Hashing (Android) [APP_PP] FCS_COP.1(3) Cryptographic Operation – Signing (Android) [APP_PP] FCS_COP.1(4) Cryptographic Operation - Keyed-Hash Message Authentication (Android) [EC_EP] FCS_COP_EXT.2 Key Wrapping [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation [EC_EP] FCS_KYC_EXT.1 Key Chaining [APP_PP] FCS_RBG_EXT.1(2) Random Bit Generation Services (Android) [APP_PP] FCS_RBG_EXT.2 Random Bit Generation from Application (Android) [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data Security Target VMware Workspace ONE Boxer Email Client 21 | P a g e Class Name Component Identification Component Name [APP_PP] FDP_DEC_EXT.1(2) Access to Platform Resources (Android) [APP_PP] FDP_NET_EXT.1 Network Communications [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status [EC_EP] FDP_SMIME_EXT.1 S/MIME Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Authentication and Encryption [APP_PP] FIA_X509_EXT.2 X.509 Authentication and Encryption [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior [APP_PP] FMT_SMF.1 Specification of Management Functions Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs [APP_PP] FPT_IDV_EXT.1(2) Software Identification and Versions [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1(2) Protection of Data in Transit (Android) [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel Table 12: Android Security Functional Requirements for the TOE 6.3 Security Functional Requirements Class FCS: Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_CKM_EXT.1.1 The application shall [ • invoke platform-provided functionality for asymmetric key generation]. [APP_PP] FCS_CKM.1(1) Cryptographic Asymmetric Key Generation FCS_CKM.1.1(1) The application shall [ • invoke platform-provided functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [ [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3; Security Target VMware Workspace ONE Boxer Email Client 22 | P a g e [ECC schemes] using [“NIST curves” P-256, P-384 and [no other curves ]] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4]]. [APP_PP] FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.2.1 The application shall [invoke platform-provided functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [ • [RSA-based key establishment schemes] that meets the following: [NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”], • [Elliptic curve-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”]]. [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material FCS_CKM_EXT.3.1 The email client shall [only store keys in non-volatile memory when wrapped as specified in FCS_COP_EXT.2 unless the key meets any one of following criteria: [The plaintext key is the public portion of the key pair]]. [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction FCS_CKM_EXT.4.12 The email client shall [ • invoke platform-provided key destruction, • implement key destruction using [ o For volatile memory, the erasure shall be executed by a [ ▪ single direct overwrite [ • consisting of zeroes]]. o For nonvolatile storage, the erasure shall be executed by [ ▪ single] overwrite of key data storage location consisting of [ • a static pattern]]] that meet the following: [ • NIST SP800-88] for destroying all keying material and cryptographic security parameters when no longer needed. 2 TD0352 Security Target VMware Workspace ONE Boxer Email Client 23 | P a g e [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) FCS_CKM_EXT.5.13 The TSF shall support a password/passphrase of up to [512] characters used to generate a password authorization factor. FCS_CKM_EXT.5.24 The TSF shall allow passwords to be composed of any combination of upper case characters, lower case characters, numbers, and the following special characters: "!", "@", "#", "$", "%", "^", "&", "*", "(", and ")", and [no other characters]. FCS_CKM_EXT.5.35 The TSF shall perform Password-based Key Derivation Functions in accordance with a specified cryptographic algorithm HMAC- [SHA-256], with [10k for iOS and 20k for Android] iterations, and output cryptographic key sizes [256] bits that meet the following: NIST SP 800-132. FCS_CKM_EXT.5.46 The TSF shall not accept passwords less than [a value settable by the administrator] and greater than the maximum password length defined in FCS_CKM_EXT.5.1. [APP_PP] FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption (Android) FCS_COP.1.1(1)7 The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm [ • AES-CBC (as defined in NIST SP 800-38A) mode. ] and cryptographic key sizes [128-bit, 256-bit]. [APP_PP] FCS_COP.1(2) Cryptographic Operation - Hashing (Android) FCS_COP.1.1(2) The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [ • SHA-256, • SHA-384, • SHA-512] 3 TD0266 4 TD0266 5 TD0266 6 TD0266 7 TD0540 and TD0598 Security Target VMware Workspace ONE Boxer Email Client 24 | P a g e and message digest sizes [ • 256, • 384, • 512] bits that meet the following: FIPS Pub 180-4. [APP_PP] FCS_COP.1(3) Cryptographic Operation - Signing (Android) FCS_COP.1.1(3) The application shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4]. [APP_PP] FCS_COP.1(4) Cryptographic Operation - Keyed-Hash Message Authentication (Android) FCS_COP.1.1(4) The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm • HMAC-SHA-256 and [ • no other algorithms] with key sizes [256 bits] and message digest sizes 256 and [no other size] bits that meet the following: FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard. [EC_EP] FCS_COP_EXT.2(1) Key Wrapping (iOS) FCS_COP_EXT.2.1(1) The email client shall [use platform-provided functionality to perform Key Wrapping] in accordance with a specified cryptographic algorithm [AES Key Wrap] and the cryptographic key size [256 bits (AES)] that meet the following: ["NIST SP 800-38F" for Key Wrap (section 6.2) and Key Wrap with Padding (section 6.3)]. Security Target VMware Workspace ONE Boxer Email Client 25 | P a g e [EC_EP] FCS_COP_EXT.2(2) Key Wrapping (Android) FCS_COP_EXT.2.1(2) The email client shall [implement functionality to perform Key Wrapping] in accordance with a specified cryptographic algorithm [AES Key Wrap] and the cryptographic key size [256 bits (AES)] that meet the following: ["NIST SP 800-38F" for Key Wrap (section 6.2) and Key Wrap with Padding (section 6.3)]. [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation FCS_IVG_EXT.1.1 The email client shall create IVs in the following manner: [CBC: IVs shall be non-repeating]. [EC_EP] FCS_KYC_EXT.1 Key Chaining FCS_KYC_EXT.1.1 The email client shall maintain a key chain of: [intermediate keys originating from: [a password as specified in FCS_CKM_EXT.5.1]] to the data encryption/decryption key(s) using the following method(s): [implement Key Wrapping as specified in FCS_COP_EXT.2] while maintaining an effective strength of [256 bits]. [APP_PP] FCS_RBG_EXT.1(1) Random Bit Generation Services (iOS) FCS_RBG_EXT.1.1(1) The application shall [invoke platform-provided DRBG functionality] for its cryptographic operations. [APP_PP] FCS_RBG_EXT.1(2) Random Bit Generation Services (Android) FCS_RBG_EXT.1.1(2) The application shall [invoke platform-provided DRBG functionality, implement DRBG functionality] for its cryptographic operations. Security Target VMware Workspace ONE Boxer Email Client 26 | P a g e [APP_PP] FCS_RBG_EXT.2 Random Bit Generation from Application (Android) FCS_RBG_EXT.2.1 The application shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [CTR_DRBG (AES)]. FCS_RBG_EXT.2.2 The deterministic RBG shall be seeded by an entropy source that accumulates entropy from a platform-based DRBG and [ • no other noise source] with a minimum of [ • 256 bits] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) FCS_SMIME_EXT.1.18 The email client shall implement both a sending and receiving S/MIME v4.0 Agent as defined in RFC 8551, using CMS as defined in RFCs 5652, 5754, and 3565. FCS_SMIME_EXT.1.29 The email client shall transmit the ContentEncryptionAlgorithmIdentifier for AES-128 CBC, AES- 256 CBC and [no other] as part of the S/MIME protocol. FCS_SMIME_EXT.1.3 The email client shall present the digestAlgorithm field with the following Message Digest Algorithm identifiers [id-sha256, id-sha384, id-sha512] and no others as part of the S/MIME protocol. FCS_SMIME_EXT.1.410 The email client shall present the signatureAlgorithm field with the following sha256withRSAEncryption and [no other algorithms] as part of the S/MIME protocol. FCS_SMIME_EXT.1.5 The email client shall support use of different private keys (and associated certificates) for signature and for encryption as part of the S/MIME protocol. FCS_SMIME_EXT.1.6 The email client shall only accept a signature from a certificate with the digitalSignature bit set as part of the S/MIME protocol. 8 TD0560 9 TD0560 10 TD0560 Security Target VMware Workspace ONE Boxer Email Client 27 | P a g e FCS_SMIME_EXT.1.7 The email client shall implement mechanisms to retrieve certificates and certificate revocation information [[at a frequency equal to the value received from OCSP responder or an administratively set value which overrides the value from OCSP responder or automatically retrieve if no previous OCSP responder value or set value exists]] as part of the S/MIME protocol. [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials FCS_STO_EXT.1.1(1) The application shall [ • invoke the functionality provided by the platform to securely store [Android credentials defined in Table 15, iOS credentials defined in Table 16], • implement functionality to securely store [Android credentials defined in Table 15] according to [FCS_COP.1(1)] ] to nonvolatile memory. [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) FCS_STO_EXT.1.1(2) The application shall [ • invoke the functionality provided by the platform to securely store [iOS platform S/MIME revocation status information], • implement functionality to securely store [Android platform S/MIME revocation status information] according to [FCS_COP.1(1)] ] to nonvolatile memory. Class FDP: User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DAR_EXT.1.111 The application shall [ • leverage platform-provided functionality to encrypt sensitive data, • protect sensitive data in accordance with FCS_STO_EXT.1] in non-volatile memory. [APP_PP] FDP_DEC_EXT.1(1) Access to Platform Resources (iOS) FDP_DEC_EXT.1.1(1) 11 TD0582 Security Target VMware Workspace ONE Boxer Email Client 28 | P a g e The application shall restrict its access to [ • network connectivity, • camera, • [device storage, phone, and touch/face ID]]. FDP_DEC_EXT.1.2(1) The application shall restrict its access to [ • address book, • calendar]. [APP_PP] FDP_DEC_EXT.1(2) Access to Platform Resources (Android) FDP_DEC_EXT.1.1(2) The application shall restrict its access to [ • network connectivity, • camera, • NFC, • [device storage, phone, fingerprint, and vibrator]]. FDP_DEC_EXT.1.2(2) The application shall restrict its access to [ • address book, • calendar • [accounts, profile]]. [APP_PP] FDP_NET_EXT.1 Network Communications FDP_NET_EXT.1.1 The application shall restrict network communication to [ • user-initiated communication for [sending email, forcing sync (calendar, address book, email), Global Address List (GAL) lookup, email search], • [application initiated actions: ActiveSync (calendar, address book, email), OCSP for S/MIME revocation checking, Version Information Check, ] ]. [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status FDP_NOT_EXT.1.1 The email client shall display a notification of the S/MIME status of received emails upon viewing. Security Target VMware Workspace ONE Boxer Email Client 29 | P a g e [EC_EP] FDP_SMIME_EXT.1 S/MIME FDP_SMIME_EXT.1.1 The email client shall use S/MIME to sign, verify, encrypt, and decrypt mail. Class FIA: Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.1.112 The application shall [invoke platform-provided functionality] to validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation • The certificate path must terminate with a trusted CA certificate • The application shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints are met • The application shall validate that any CA certificate includes caSigning purpose in the key usage field • The application shall validate the revocation status of the certificate using [OCSP as specified in RFC 6960] • The application shall validate the extendedKeyUsage (EKU) field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing Purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the EKU field. o Client certificates presented for TLS shall have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the EKU field. o S/MIME certificates presented for email encryption and signature shall have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the EKU field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the EKU field. o Server certificates presented for EST shall have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the EKU field. FIA_X509_EXT.1.2 The application shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to TRUE. 12 TD0587 Security Target VMware Workspace ONE Boxer Email Client 30 | P a g e [APP_PP] FIA_X509_EXT.2 X.509 Certificate Authentication FIA_X509_EXT.2.1 The application shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [TLS]. FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application shall [allow the administrator to choose whether to accept the certificate in these cases]. [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption FIA_X509_EXT.3.1 The email client shall use X.509v3 certificates as defined by RFC 5280 to support encryption and authentication for S/MIME. FIA_X509_EXT.3.2 The email client shall prevent the establishment of a trusted communication channel when the peer certificate is deemed invalid. FIA_X509_EXT.3.3 The email client shall prevent the installation of code if the code signing certificate is deemed invalid. FIA_X509_EXT.3.4 The email client shall prevent the encryption of email if the email protection certificate is deemed invalid. FIA_X509_EXT.3.5 The email client shall prevent the signing of email if the email protection certificate is deemed invalid. Class FMT: Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. Security Target VMware Workspace ONE Boxer Email Client 31 | P a g e [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.113 The application shall [ • invoke the mechanisms recommended by the platform vendor for storing and setting configuration options]. [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior FMT_MOF_EXT.1.1 The email client shall be capable of performing the following management functions, controlled by the user or administrator as shown: X: Mandatory O: Optional Management Function Administrator User Enable/disable plaintext only mode globally and by [no other method] O Configure message sending/receiving to only use cryptographic algorithms defined in FCS_SMIME_EXT.1 O Change password/passphrase authentication credential O Configure cryptographic functionality O [Configure Password Complexity Policy: Length O Configure OCSP retrieval frequency] O [APP_PP] FMT_SMF.1 Specification of Management Functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions [ • [Change password/passphrase authentication credential] ]. Class FPR: Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1 The application shall [ 13 TD0437 Security Target VMware Workspace ONE Boxer Email Client 32 | P a g e • not transmit PII over a network]. Class FPT: Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [the designated use of mmap for the use of "reallocating" memory to expand the Boxer database file map]. FPT_AEX_EXT.1.2 The application shall [ • not allocate any memory region with both write and execute permissions]. FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons FPT_AON_EXT.1.1 The email client shall include the capability to load [no add-ons]. [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1 The application shall use only documented platform APIs. [APP_PP] FPT_IDV_EXT.1(1) Software Identification and Versions (iOS) FPT_IDV_EXT.1.1(1) The application shall be versioned with [[(YY.MM.PP) last two digits of year, two-digit numerical representation of the month of the package release date, patch under minor version]]. [APP_PP] FPT_IDV_EXT.1(2) Software Identification and Versions (Android) FPT_IDV_EXT.1.1(2) Security Target VMware Workspace ONE Boxer Email Client 33 | P a g e The application shall be versioned with [[(YY.MM.PP.BB) last two digits of year, two-digit numerical representation of the month of the package release date, patch under minor version, and build Number]]. [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries FPT_LIB_EXT.1.1 The application shall be packaged with only [see Android and iOS list details in Section 8.6.5]. [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.1.1 The application shall [provide the ability, leverage the platform] to check for updates and patches to the application software. FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application software. FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. FPT_TUD_EXT.1.414 Application updates shall be digitally signed such that the application platform can cryptographically verify them prior to installation. FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS]. [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager. FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. FPT_TUD_EXT.2.315 The application installation package shall be digitally signed such that its platform can cryptographically verify them prior to installation. 14 TD0561 15 TD0561 Security Target VMware Workspace ONE Boxer Email Client 34 | P a g e Class FTP: Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1(1) Protection of Data in Transit (iOS) FTP_DIT_EXT.1.1(1)16 The application shall [invoke platform-provided functionality to encrypt all transmitted sensitive data with [TLS]] between itself and another trusted IT product. [APP_PP] FTP_DIT_EXT.1(2) Protection of Data in Transit (Android) FTP_DIT_EXT.1.1(2)17 The application shall [invoke platform-provided functionality to encrypt all transmitted data with [TLS]] between itself and another trusted IT product. If [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel FTP_ITC_EXT.1.1 The email client shall initiate or receive communication via the trusted channel. FTP_ITC_EXT.1.2 The email client shall communicate via the trusted channel for [ActiveSync]. 6.4 Statement of Security Functional Requirements Consistency The Security Functional Requirements included in the ST represent all required SFRs specified in the PPs against which exact conformance is claimed a subset of the optional SFRs. All hierarchical relationships, dependencies, and unfulfilled dependency rationales in the ST are considered to be identical to those that are defined in the claimed PP. 16 TD0587 17 TD0587 Security Target VMware Workspace ONE Boxer Email Client 35 | P a g e 7 Security Assurance Requirements This section identifies the Security Assurance Requirements (SARs) that are claimed for the TOE. The SARs which are claimed are in exact conformance with the [APP_PP] and [EC_EP]. 7.1 Class ASE: Security Target As per ASE activities defined in [CEM] 7.2 Class ADV: Development Basic Functional Specification (ADV_FSP.1) Developer action elements: ADV_FSP.1.1D The developer shall provide a functional specification. ADV_FSP.1.2D The developer shall provide a tracing from the functional specification to the SFRs. Content and presentation elements: ADV_FSP.1.1C The functional specification shall describe the purpose and method of use for each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.2C The functional specification shall identify all parameters associated with each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.3C The functional specification shall provide rationale for the implicit categorization of interfaces as SFR-non-interfering. ADV_FSP.1.4C The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. Evaluator action elements: ADV_ FSP.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security Target VMware Workspace ONE Boxer Email Client 36 | P a g e ADV_ FSP.1.2E The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. 7.3 Class AGD: Guidance Documentation Operational User Guidance (AGD_OPE.1) Developer action elements: AGD_OPE.1.1D The developer shall provide operational user guidance. Content and presentation elements: AGD_OPE.1.1C The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2C The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3C The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.4C The operational user guidance shall, for each user role, clearly present each type of security-relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5C The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences and implications for maintaining secure operation. AGD_OPE.1.6C The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security objectives for the operational environment as described in the ST. AGD_OPE.1.7C The operational user guidance shall be clear and reasonable. Security Target VMware Workspace ONE Boxer Email Client 37 | P a g e Evaluator action elements: AGD_OPE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Preparative Procedures (AGD_PRE.1) Developer action elements: AGD_PRE.1.1D The developer shall provide the TOE including its preparative procedures. Content and presentation elements: AGD_ PRE.1.1C The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_ PRE.1.2C The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. Evaluator action elements: AGD_ PRE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_ PRE.1.2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 7.4 Class ALC: Life Cycle Support Labeling of the TOE (ALC_CMC.1) Developer action elements: ALC_CMC.1.1D The developer shall provide the TOE and a reference for the TOE. Security Target VMware Workspace ONE Boxer Email Client 38 | P a g e Content and presentation elements: ALC_CMC.1.1C The application shall be labeled with its unique reference. Evaluator action elements: ALC_CMC.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. TOE CM Coverage (ALC_CMS.1) Developer action elements: ALC_CMS.1.1D The developer shall provide a configuration list for the TOE. Content and presentation elements: ALC_CMS.1.1C The configuration list shall include the following: the TOE itself; and the evaluation evidence required by the SARs. ALC_CMS.1.2C The configuration list shall uniquely identify the configuration items. Evaluator action elements: ALC_CMS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Timely Security Updates (ALC_TSU_EXT.1) Developer Actions Element: ALC_TSU_EXT.1.1D The developer shall provide a description in the TSS of how timely security updates are made to the TOE. ALC_TSU_EXT.1.2D The developer shall provide a description in the TSS of how users are notified when updates change security properties or the configuration of the product. Security Target VMware Workspace ONE Boxer Email Client 39 | P a g e Content and presentation elements: ALC_TSU_EXT.1.1C The description shall include the process for creating and deploying security updates for the TOE software. ALC_TSU_EXT.1.2C The description shall express the time window as the length of time, in days, between public disclosure of a vulnerability and the public availability of security updates to the TOE. ALC_TSU_EXT.1.3C The description shall include the mechanisms publicly available for reporting security issues pertaining to the TOE. Evaluator action elements: ALC_TSU_EXT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.5 Class ATE: Tests Independent Testing - Conformance (ATE_IND.1) Developer action elements: ATE_IND.1.1D The developer shall provide the TOE for testing. Content and presentation elements: ATE_IND.1.1C The TOE shall be suitable for testing. Evaluator action elements: ATE_IND.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.1.2E The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. Security Target VMware Workspace ONE Boxer Email Client 40 | P a g e 7.6 Class AVA: Vulnerability Assessment Vulnerability Survey (AVA_VAN.1) Developer action elements: AVA_VAN.1.1D The developer shall provide the TOE for testing. Content and presentation elements: AVA_VAN.1.1C The application shall be suitable for testing. Evaluator action elements: AVA_VAN.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.1.2E The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.1.3E The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. Security Target VMware Workspace ONE Boxer Email Client 41 | P a g e 8 TOE Summary Specification The following sections identify the security functions of the TOE and describe how the TSF meets each claimed SFR. They include Cryptographic Support, User Data Protection, Identification and Authentication, Security Management, Privacy, Protection of the TSF, and Trusted Path/Channels. 8.1 Cryptographic Support [iOS] TLS communication and S/MIME cryptographic services for Boxer application installed on an iPhone device are provided by the underlying platform. The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 13 Security Target documentation (VID11036). [Android] TLS communication cryptographic services for the Boxer application installed on a Samsung Galaxy device is provided by the underlying platform. The specific cryptographic implementation for the Android platform can be found in the Samsung Android 10 Security Target documentation (VID11042). Additionally, when Boxer is installed on a device running the Android OS 10, the application includes OpenSSL software library 1.0.2x to perform the cryptographic services for S/MIME functionality. The CAVP certificates for Boxer’s OpenSSL Android implementation are specified in Table 13. Table 13: CAVP Certificates for Boxer’s OpenSSL Implementation on Android Below is a table that references which cryptographic library is responsible for performing the cryptographic function (SFR) per Android and iOS platform. OpenSSL Algorithm for S/MIME SFR Consolidated CAVP Cert. # HMAC-SHA-256, 256 bit key FCS_CKM_EXT.5.3, FCS_COP.1(4), A1297 SHA-256, SHA-384, SHA-512 FCS_SMIME_EXT.1.3, FCS_COP.1(2) A1297 RSA (2048, SHA2-256) FCS_SMIME_EXT.1.4, FCS_COP.1(3) A1297 DRBG CTR (AES-256) FCS_RBG_EXT.2.1 A1297 AES-256-CBC FCS_SMIME_EXT.1.2, FCS_COP.1(1), A1297 SFR Cryptographic Function iOS Platform Android Platform OpenSSL [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services X X N/A [APP_PP] FCS_CKM.1(1) Cryptographic Key Establishment X X N/A [APP_PP] FCS_CKM.2 Cryptographic Key Establishment X X N/A [APP_PP] FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption X X X [APP_PP] FCS_COP.1(2) Cryptographic Operation - Hashing X X X [APP_PP] FCS_COP.1(3) Cryptographic Operation - Signing X X X Security Target VMware Workspace ONE Boxer Email Client 42 | P a g e Table 14: Cryptographic Libraries [APP_PP] FCS_CKM_EXT.1 and FCS_CKM.1.1(1) The TOE uses assigned certificates that are generated through the UEM Server (operational environment) communicating with a certificate authority server. The assigned certificates are used for user S/MIME functionality. The TOE invokes the platform to support asymmetric key generation in support of TLS communications. The platform provided functionality support both RSA schemes using cryptographic key sizes of 2048-bit or greater that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3 and ECC schemes using “NIST curves” P-256, P-384 that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4 [APP_PP] FCS_CKM.2 The TOE invokes the platform in support of two key establishment schemes for establishment of TLS communications. • RSA key establishment conforming to “NIST SP 800-56B”. • Elliptic curve-based key establishment conforming to NIST Special Publication 800-56A. [APP_PP] FCS_COP.1(4) Cryptographic Operation - Keyed-Hash Message Authentication X X X [APP_PP] FCS_RBG_EXT.1(1) Random Bit Generation Services (iOS) X N/A N/A [APP_PP] FCS_RBG_EXT.1(2) Random Bit Generation Services (Android) N/A X N/A [APP_PP] FCS_RBG_EXT.2 Random Bit Generation from Application (Android only) N/A N/A X [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials X X X [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) X X X [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material X N/A X [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction X X X [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) X N/A X [EC_EP] FCS_COP_EXT.2(1) Key Wrapping (iOS) X N/A N/A [EC_EP] FCS_COP_EXT.2(2) Key Wrapping (Android) N/A N/A X [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation X N/A X [EC_EP] FCS_KYC_EXT.1 Key Chaining X N/A X [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) X N/A X Security Target VMware Workspace ONE Boxer Email Client 43 | P a g e The TOE invokes the platform-provided functionality to perform Cryptographic Key Establishment for both Apple iOS 13 (VID11036) and Android 10 (VID11042). [EC_EP] FCS_CKM_EXT.3 Keys are wrapped according to the chain process described in FCS_COP_EXT.2 and FCS_KYC_EXT.1. See Section 8.1.15 FCS_STO_EXT.1(1): Table 15 and Table 16 for the description on secure storage (volatile and non-volatile), destruction, and usage of keys. [EC_EP] FCS_CKM_EXT.4 The TOE invokes and implements key destruction on both platforms. The method is dependent on the key and its storage location as to whether the TOE will implement or invoke this functionality. When a plaintext or private keys stored in volatile or non-volatile memory is no longer needed, for example a TLS communication session closed, task completed, or the application being wiped, the TOE either implements or invokes the platform to perform the key destruction. Key destruction performed by Boxer is done with a single overwrite consisting of zeroes before releasing the volatile memory and a single overwrite consisting of a static pattern of zeroes before releasing the non-volatile storage space that meet NIST SP800-88. Key destruction performed by the OS is done in accordance with: [Android] The specific cryptographic implementation for the Android platform can be found in the Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 10 – Spring Security Target documentation (VID11042). [iOS] The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 13 Security Target documentation (VID11036). See Section 8.1.15 FCS_STO_EXT.1(1): Table 15 and Table 16 describe the circumstances in which the key is no longer needed for volatile and nonvolatile memory. The tables also identify the mechanism (OS or Boxer) which is responsible for the destruction of the keys. [EC_EP] FCS_CKM_EXT.5 The TOE implements a password/passphrase for key chaining. The TOE supports a password of up to 512 characters. The supported character sets include: upper case, lower case, numeric, and only the following special characters “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”. Passwords are not accepted if they are less than the required length configurable by the administrator or are greater than 512 characters. The TOE performs a password-based key derivation function in accordance with the HMAC-SHA-256 algorithm, defined in COP.1(4)) with the password string without padding, a salt of 256 bits, 10K iterations (iOS) and 20K iterations (Android), with an output cryptographic key size of 256 bits that meets NIST SP 800-132. [APP_PP] FCS_COP.1(1) The TOE supports AES encryption/decryption for FCS_SMIME_EXT.1.2. [Android] The TOE implements the cryptographic support the AES encryption/decryption for S/MIME using AES-256-CBC and AES-128-CBC. This cryptographic functionality is handled by the TOE’s OpenSSL implementation. Security Target VMware Workspace ONE Boxer Email Client 44 | P a g e The Boxer database is encrypted, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the TOE’s OpenSSL implementation in support of FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2). The following is included for completeness in addressing FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2) as it references FCS_COP.1(1). [iOS] The iOS platform provides the cryptographic support for the AES encryption/decryption for S/MIME using AES-256-CBC and AES-128-CBC. The Boxer database is encrypted, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the iOS platform to support FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2). See FCS_COP.1(1) in the Apple iOS 13 Security Target documentation (VID11036) for the AES-128-CBC and AES-256-CBC declaration. [APP_PP] FCS_COP.1(2) The TOE supports the use of SHA-256, SHA-384, and SHA-512 for S/MIME functionality as defined in FCS_SMIME_EXT.1.3. [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. The following specifies the selected algorithms, key sizes, and message digest sizes respectively: • SHA-256, 256, 256 • SHA-384, 384, 384 • SHA-512, 512, 512 [APP_PP] FCS_COP.1(3) The TOE uses sha256withRSAEncryption for the signatureAlgorithm (RSA scheme) for digital signature services in support of S/MIME functionality as defined in FCS_SMIME_EXT.1.4. RSA scheme with a key size of 2048 bits is supported. [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. [APP_PP] FCS_COP.1(4) The TOE performs a password-based key derivation function in accordance with the HMAC-SHA-256 algorithm with a 256 bit key size and 256 message digest size (defined by FCS_CKM_EXT.5.3). [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. [EC_EP] FCS_COP_EXT.2(1) and [EC_EP] FCS_COP_EXT.2(2) [Android] The TOE implements functionality to perform Key Wrapping using AES Key Wrap with a cryptographic key size 256-bits that meets NIST SP 800-38F for Key Wrap (section 6.2). Security Target VMware Workspace ONE Boxer Email Client 45 | P a g e [iOS] The TOE uses the platform to perform the Key Wrapping using AES Key Wrap with a cryptographic key size 256-bits that meets NIST SP 800-38F for Key Wrap (section 6.2). See Section 8.1.15 FCS_STO_EXT.1(1): Table 15 and Table 16 for the description on secure storage, destruction, and usage of keys. [EC_EP] FCS_IVG_EXT.1 The TOE creates IVs using the CBC encryption mode meaning that the IVs are non-repeating. [EC_EP] FCS_KYC_EXT.1 For both Android and iOS, the user enters a password according to the policy set forth by FCS_CKM_EXT.5. This key is processed as prescribed by FCS_COP_EXT.2 and results in a 256-bit key (Password Key). The derived Password Key is only stored in volatile memory (RAM) and is always recreated when the user is required to enter the password to unlock the application such as first time executing the application after a reboot of the mobile device or restart of app. Users using the iOS may also input biometrics utilizing the Touch ID feature. A Touch ID key is randomly generated using iOS- platform provided functionality. The Key Chaining process is the same with the exception of using the Touch ID key instead of the Password Key. The term “SecurePref storage” means a VMware key grouping within the Boxer database. The term “SharedPref “ means an Android key/value pair persistent storage mechanism (keystore). Android Key Chaining Process: When application is not running (i.e. first time login from a reboot): • The user inputs the password • The Passphrase Key is derived (SHA1 hashed and encoded version of the password) • The encrypted Key Encryption Key (KEK1) is pulled from SharedPrefs storage • The encrypted Key Encryption Key is then decrypted using Passphrase Key Or when session is running in background: • Session Key in memory and stored in SharedPrefs • The encrypted Key Encryption Key (KEK2) is pulled from SharedPrefs storage • The encrypted Key Encryption Key is then decrypted using Session Key • The encrypted Master key is pulled from SharedPrefs storage • The encrypted Master Key is then decrypted using Key Encryption Key • The encrypted Boxer Database Key is then pulled from SecurePref storage • The encrypted Boxer Database Key is then decrypted using the Master Key • Access to Boxer Database is now available iOS Key Chaining Process: • The user inputs password or biometric unlock • The Password Key/Touch ID Key is derived • The encrypted Master Key is pulled from iOS keychain • The Master Key is then decrypted using Password Key/Touch ID key • The encrypted Boxer App Key is pulled from iOS keychain Security Target VMware Workspace ONE Boxer Email Client 46 | P a g e • The encrypted Boxer App Key is decrypted using Master Key • The encrypted Boxer Master Key is then pulled form iOS keychain • The encrypted Boxer Master Key is decrypted using Boxer App Key • The encrypted Boxer Database key is pulled from iOS keychain • The encrypted Boxer Database Key is then decrypted using Boxer Master Key • Access to Boxer Database is now available See Section 8.1.15 FCS_STO_EXT.1(1): Table 15 and Table 16 for the description on secure storage, destruction, and usage of keys. [APP_PP] FCS_RBG_EXT.1(1), [APP_PP] FCS_RBG_EXT.1(2) and [APP_PP] FCS_RBG_EXT.2 [Android] When installed on an Android platform, the TOE implements its own DRBG functionality and invokes the platform’s DRBG services, depending upon the function. The TOE implements OpenSSL to provide NIST SP 800-90A compliant AES_CTR DRBG services (see Table 12 for certificate number) for the cryptographic functionality specified in the [EC_EP]. There is no ability to specify the use of an alternative DRBG. The TOE’s DRBG is seeded with a minimum of 256- bits entropy data that is collected from /dev/random or /dev/urandom depending on the function. The amount of entropy that is collected is based on the function that the DRBG is being used for. In all cases, this amount is greater than or equal to the security strength of the data that is being outputted. The entropy source is described in greater detail in the proprietary Entropy Assessment Report. The TOE invokes the platform’s BoringSSL cryptography to provide NIST SP 800-90A compliant AES_CTR DRBG functionality for trusted communications between the TOE and email Exchange server. The specific cryptographic implementation for the Android platform can be found in the Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 10 – Spring Security Target documentation (VID11042). When the application invokes the platform to obtain random numbers, the platform APIs used are /dev/random and /dev/urandom APIs depending on function. The TOE also implements its own DRBG function using OpenSSL. The random numbers are obtained using /dev/random or /dev/urandom depending on what function when OpenSSL is being used. [iOS] When installed on an iOS platform, the TOE invokes the platform’s CoreCrypto module to provide NIST SP 800-90A compliant AES_CTR DRBG functionality for trusted communications between the TOE and email Exchange server. The CoreCrypto AES_CTR DRBG services also provide support for the cryptographic functionality specified in the [EC_EP]. The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 13 Security Target documentation (VID11036). The platform API used to obtain random numbers is SecRandomCopyBytes(). [EC_EP] FCS_SMIME_EXT.1 The TOE implements both a sending and receiving S/MIME v3.2 Agent as defined in RFC 5751, using CMS as defined in RFCs 5652, 5754, and 3565. The TOE uses AES-256-CBC (FCS_COP.1(1)) as its default for transmitting the ContentEncryptionAlgorithmIdentifier. The administrator is able to configure the TOE to use AES-128-CBC as well. For the digestAlgorithm, the TOE implements id-sha256 by default. This is also configurable by the administrator to use id-sha384 and id-sha512 (FCS_COP.1(2)). The TOE uses sha256withRSAEncryption for the signatureAlgorithm by default (FCS_COP.1(3). Only a Security Target VMware Workspace ONE Boxer Email Client 47 | P a g e certificate with the digitalSignature bit set will be accepted as part of the S/MIME protocol. The TOE supports the use of different private keys for signature and for encryption as part of the S/MIME protocol. Certificate revocation information is received from the OCSP responder at a frequency defined by the server. An UEM administrator may override this frequency by configuring a value via UEM. Certificates are pulled from the signed email when received in the application in order to validate the authenticity and integrity of the email. [APP_PP] FCS_STO_EXT.1(1) There are two groupings of keys/credentials: • Keys used to unlock Boxer for operational use: Keys that the OS platform (iOS or Android) is invoked to store in the platform’s keystore/keychain. • Keys/Credentials Considered Configuration Data used by Boxer for operational functionality: Keys/credentials that are considered sensitive configuration data that the TOE stores in its internal encrypted Boxer database. o [Android] The Boxer database is encrypted, using the included SQLCipher API which uses the TOE’s OpenSSL implementation for AES-256-CBC encryption/decryption services on the Android platform, per FCS_COP1(1) of this ST (TOE implements). o [iOS] The Boxer database is encrypted, using the included SQLCipher API which invokes the iOS platform for AES-256-CBC encryption/decryption services provided by the iOS platform (TOE invokes). o Additionally, the Boxer database is protected by the iOS and Android platforms mandated full disk encryption as defined in FDP_DAR_EXT.1 providing a double encryption protection scheme for the Boxer database. The following table identifies the keys/credentials that are used by the TOE, how and where they are stored, how and when they are destroyed, and the purpose as scoped by [APP_PP] and [EC_EP]: • Any keys/credentials saved to the internal encrypted Boxer database maps to the “implement functionality” selection. • The term “SecurePref” means a VMware created key grouping within the Boxer database. • The term “SharedPref “ means an Android key/value pair persistent storage mechanism (keystore). • The term “App Wipe” is a remote wipe accomplished from the UEM console and “App Uninstall” is when a user removes it manually from the OS App listing. Keys used Directly / Indirectly to unlock Boxer application (invoke) Volatile Non-volatile Keychain Description User entered Password/passcode Used in memory Cleared by OS: • Device Reboot Not persistently stored • User password entry Security Target VMware Workspace ONE Boxer Email Client 48 | P a g e Zeroed by OS: • Functionality complete Passphrase Key Used in memory Zeroed by Boxer: • Task completion Not persistently stored • This is a SHA1 hashed and encoded version of the key above (User entered Password/passcode) Session Key Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot Android: Stored in SharedPrefs and protected by the Android hardware- backed crypto services API keystore. Cleared by OS: • App Uninstall • Primary key to be used to get to Key Encryption Key while the application is running Key Encryption Key (KEK) Used in memory Kept in Memory wrapped with Session Key (KEK2) until: Cleared by Boxer: • App Wipe Wrapped using Passphrase Key and saved in SharedPrefs (KEK1) Wrapped using the Session Key and saved in SharedPrefs (KEK2) Cleared by OS: • App Uninstall • Randomly generated at installation • KEK used to encrypt Master Key • The Key Encryption Key #1 and #2 is derived by encrypting the randomly generated Key Encryption Key with the Passphrase Key and Session Key respectively • When the mobile device user enters the correct passcode, then KEK1 can be decrypted to reproduce the KEK for use in volatile memory • When an active session, the KEK2 can be decrypted to reproduce the KEK for us in volatile memory Master Key Used in memory Cleared by OS: • Device Reboot Wrapped using KEK and saved in SharedPrefs Cleared by OS: • App Uninstall • Randomly generated at installation • Used to encrypt the Boxer database Key Keys/credentials exclusively for operational Boxer Volatile Non-volatile Keychain Description Security Target VMware Workspace ONE Boxer Email Client 49 | P a g e (implement) Boxer Database Key Used in memory Cleared by Boxer: • App Wipe Cleared by OS: Device Reboot Wrapped using Master Key and saved in SecurePref Cleared by OS: • App Uninstall AES wrapped with Master Key and stored in Android Shared preferences. • Randomly generated at installation Used to encrypt/decrypt Boxer Database providing access to mail data Authentication Credential Password Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot Persistently stored in encrypted Boxer database Cleared by OS: App Uninstall • Used to authenticate boxer client with Exchange server Authentication credential Communication Certificate Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot Certificate is AES wrapped and stored in Boxer database Cleared by OS: • App Uninstall • Overwritten when a new certificate is generated • Used for communication with Exchange server S/MIME certificates containing public + private keys (1 for Encryption 1 for signing or the same certificate for both signing and encryption) Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot • Encrypting/decry pting S/MIME email is completely done in memory Certificate is stored in the SecurePref. Cleared by OS: • App Uninstall A copy is also stored in the encrypted Boxer database Cleared by OS: App Uninstall • Used for S/MIME Sensitive Data exclusively for operational Boxer (FDP_DAR_EXT.1) Volatile Non-volatile (db) Description Security Target VMware Workspace ONE Boxer Email Client 50 | P a g e Public Key of email recipient Used in memory Cleared by OS: • App Uninstall Certificates are stored in the encrypted Boxer database Cleared by OS: • App Uninstall Public Certificate and its Certificate chain are temporarily stored on the file system for the duration of the encryption/signature verification • Used for S/MIME Attachment Encryption Key Used in memory Available only when accessing the attachment Zeroed by Boxer: • Task Completion (Decryption of attachment completed) Encrypted version Stored in encrypted Boxer database Cleared by OS: • App Uninstall • Used to encrypt attachments stored in the internal file system Temporary Files Encryption Key Used in memory Available only when accessing the temporary file Zeroed by Boxer: • Task Completion (Temporary file no longer in use) In case of “draft e-mails (before being sent out)”: Not stored persistently In case of “incoming S/MIME messages content”: Key is key- wrapped using Boxer database key and then encrypted using a static passcode and stored in Shared Preferences. Cleared by OS: • App Uninstall • Used to store temporary content Example: Emails before being sent out utilize these files to temporarily store the content and are deleted once the message is sent. Table 15: Stored Android Credentials Keys used Directly / Indirectly to unlock Boxer application (invoke) Volatile Non-volatile Keychain Description Session Key Used in memory Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close Encrypted with App's public key (that was subscribed to share session) and saved in iOS Keychain • Primary key to be used to get to Master Key while the application is running • Used to maintain app specific or shared session across SSO Security Target VMware Workspace ONE Boxer Email Client 51 | P a g e Corresponding private key is kept in the running memory of the app Zeroed by Boxer: • App Wipe Apps Biometric Key (i.e. TouchID Key) Used in memory Not kept in Memory Zeroed by Boxer: • Session establishment completed Wrapped by system and stored in Secure Enclave by system for type SecClass Key Zeroed by Boxer: • App Wipe • Passcode change • Used only to unwrap Master Key and start creating a session Password Based Key Used in memory Not kept in Memory Zeroed by Boxer: • Task Completion (Session establishment completed) Not persistently stored • Used only to unwrap Master Key and start creating a session • Uses KDF with 10000 iterations to convert user input into Password Based Key Master Key Used in memory Kept in Memory wrapped with Session Key (MK3) Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close 1. Wrapped with Password Based Key and saved in iOS keychain (MK1) 2. 3. Wrapped using Touch ID Key and saved in iOS keychain (MK2) 4. Wrapped using Session Key and saved in iOS keychain (MK3) Zeroed by OS: • App Uninstall • The Master Key #1, #2, #3 is derived by encrypting the randomly generated Master Key with the Password Key, Biometric Key, and Session key respectively • When the mobile device user enters the correct passcode, then MK1 can be decrypted to re-produce the Master Key for use in volatile memory • When the mobile device user enters the correct TouchID, the MK2 can be decrypted to re-produce the Master Key for use in volatile memory • When an active session, the MK3 can be decrypted to reproduce the Master Key for use in volatile memory Security Target VMware Workspace ONE Boxer Email Client 52 | P a g e Boxer App Key Used in memory Obfuscated with Master Key which is also kept in memory Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close Wrapped with Master key and stored in iOS Keychain Destroyed by Boxer: • App Wipe • The Boxer App Key is randomly generated • The Boxer App Key is encrypted with the Master Key for storage • Used for encrypting/decrypting Boxer Database Keys/credentials exclusively for operational Boxer (invoke) Volatile Non-volatile Keychain Description Boxer Master Key Used in memory throughout the lifetime of the app Zeroed by OS: • App Close Stored encrypted in the iOS Keychain Encrypted using the Boxer Application Key Zeroed by OS: • App Uninstall • Randomly generated at installation • Used for encrypting all other keys inside the boxer app Boxer Database Key Used in-memory Zeroed by Boxer: • Task Completion (Opening Boxer database) Stored encrypted in the iOS Keychain Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Randomly generated at installation • Used for locking / unlocking the Boxer database Sensitive Data exclusively for operational Boxer (FDP_DAR_EXT.1) Volatile Non-volatile (db) Description File Encryption Keys Used in-memory Zeroed by Boxer: • Task Completion (File Read or Write) Stored encrypted in the Boxer database Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Used for encrypting / decrypting files on disk S/MIME Private Keys Used in-memory Loaded on demand Zeroed by OS: • App Close Stored encrypted in the Boxer database Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Used for encrypting / decrypting S/MIME email messages Exchange CBA Certificate Used in memory throughout the lifetime of the app Stored encrypted in the Boxer database • Used for Client-Server authentication with Exchange Security Target VMware Workspace ONE Boxer Email Client 53 | P a g e Zeroed by OS: • App Close Zeroed by Boxer: • App Wipe Zeroed by OS: • App Uninstall Exchange Basic Authentication Password Used in memory throughout the lifetime of the app Zeroed by OS: • App Close Stored encrypted in the Boxer database Zeroed by Boxer: • App Wipe Zeroed by OS: • App Uninstall • Used for Client-Server authentication with Exchange Table 16: Stored iOS Credentials [APP_PP] FCS_STO_EXT.1(2) The Boxer application stores S/MIME revocation status information in the Boxer database. The following information is stored: • Certificate Identifier • Certificate Revocation Status • Validation Failure Reason • Next Revocation Check Date • Last Revocation Checked Date The information is overwritten when information is refreshed. The revocation status information is deleted upon the Boxer application removal. [Android] These objects are stored in the encrypted Boxer database. The Boxer database is encrypted, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the TOE’s OpenSSL implementation on the Android platform, per FCS_COP.1(1) of this ST (TOE implements). [iOS] These objects are stored in the encrypted Boxer database. The TOE invokes the iOS platform to encrypt the Boxer database, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the iOS platform (TOE invokes). 8.2 User Data Protection [APP_PP] FDP_DAR_EXT.1 The TOE relies on the underlying platforms (iOS and Android) to provide data-at-rest encryption for all saved data files including the already encrypted Boxer database. The Android platform implements AES- 256-CBC for full disk encryption and the iOS platform implements AES-256-GCM for full disk encryption. The use of full device encryption in mandated by both iOS and Android platforms. [Android]. The TOE’s file creation scheme requires sensitive data files to be saved with the MODE_PRIVATE flag set. All instances where files containing sensitive data are stored call the getSharedPreferences(String name, int mode) method (which is an overridden method defined in the Boxer application source code) with the “MODE_PRIVATE” flag as the second parameter. Sensitive data includes: calendar, address book (i.e. contacts), system accounts, profile are stored in the internal Boxer database that is fully encrypted in addition to the full disk encryption (double encryption). Security Target VMware Workspace ONE Boxer Email Client 54 | P a g e [iOS]. The TOE’s file creation scheme requires sensitive data files to use Protected Until First User Authentication Data Protection Class for each data file stored locally. Sensitive data includes: calendar, address book, system accounts, profile are stored in an internal Boxer database that is fully encrypted in addition to the full disk encryption (double encryption). All instances where sensitive data files are stored rely on the NSFileProtectionCompleteUntilFirstUserAuthentication declaration in "VMwareBoxer.entitlements", which is contained in the TOE .ipa file and is enforced in code. [APP_PP] FDP_DEC_EXT.1(1) and [APP_PP] FDP_DEC_EXT.1(2) The TOE restricts its access and provides user awareness for the intent to access the following hardware resources: [Android] The hardware access is defined as part of the manifest that can be accessed from the Play Store. It will also be displayed on-access. • network connectivity • camera • NFC • device storage • phone • fingerprint • vibrator Access to the following sensitive information repositories are also defined in the manifest and will be displayed on-access. • address book (i.e. contacts) • calendar • accounts • profile [iOS] The iOS displays the warnings when access is required. • network connectivity • camera • device storage • phone • touch/face ID The product also displays warnings before accessing the following sensitive information: • address book (i.e. contacts) • calendar [APP_PP] FDP_NET_EXT.1 The TOE does not invoke or implement any listening ports. The TOE requires network access to facilitate remote administration (via UEM) as well as communicating with the Exchange server. The TOE supports the following user-initiated communications connections: Security Target VMware Workspace ONE Boxer Email Client 55 | P a g e • Exchange server for sending email, forcing a sync (calendar, address book, and emails), GAL lookup, and email search. The TOE application invokes the platform to initiate the following SFR-supporting operational environment connections: • Exchange server (ActiveSync: (calendar, address book, email)) • OCSP responder for S/MIME revocation checking • Automatic Version Information Check Server(s) o [Android]: Amazon Server o [iOS]: Akamai Server Note: This is not the same as the OS querying the respective app stores for available updates. The TOE invokes the OS to automatically query the above servers for the latest VMware published version information to notify the end user when a new version is available from within the application. Additionally, the TOE application invokes the platform to initiate the following non-SFR supporting operational environment connections to: • [Android and iOS] Apteligent service for reporting app crashes and exceptions hosted in Amazon. • [iOS] Cloudfront VMware service to get images to display for certain icons hosted in Amazon. • [iOS] Automattic, Inc - Gravatar services to fetch profile image for a sender of an e-mail using sender's e-mail address. • [iOS] AirWatch LLC OCSP responder for discovering an existing configuration for a given email address. [EC_EP] FDP_NOT_EXT.1 When the email content is viewed, the TOE shows a notification icon between the header and the body of the email. A seal symbol indicates the email has been signed. A lock symbol indicates the email has been encrypted. Both symbols are displayed when the email has been signed and encrypted. The notification icon uses color coding to help the user quickly identify if there are any issues with the validity of the signer or email. The icon is: black to indicate the certificate is verified and trusted; orange to indicate the email is from an untrusted signer; red to indicate the email has been tampered with. If the email is from an untrusted signer then the user is provided with option to manually accept the certificate. When displaying the list of emails, a seal symbol is used to notify the user that the email is signed and a lock symbol is used to notify the user that the email is encrypted. Both symbols are displayed if the mail is signed and encrypted. Signature validity is not displayed until the message is opened. [EC_EP] FDP_SMIME_EXT.1 The TOE uses S/MIME for signing, encrypting, verifying, and decrypting email. S/MIME is implemented as specified in FCS_SMIME_EXT.1. The signature verification and decryption occur at the receipt of the message. The messages are not stored with their S/MIME envelopes. Security Target VMware Workspace ONE Boxer Email Client 56 | P a g e 8.3 Identification and Authentication [APP_PP] FIA_X509_EXT.1 The TOE platform, regardless of OS, performs certificate validation for certificates used for TLS communications. The following is checked in order to determine if a given certificate is valid: • Certificate validation and certificate path validation conforms to RFC 5280. • The certificate path must terminate with a trusted CA certificate. • All CA certificates must have the basicConstraints extension present and the CA flag set to TRUE. • The TOE uses the Online Certificate Status Protocol (OCSP) as specified in RFC 2560 to verify revocation status. The certificate must not be revoked. • The extendedKeyUsage field must be valid based on the following rules: o Certificates used for trusted updates and executable code integrity verification must have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS must have the Server Authentication purpose (id-kp with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. o Client certificates presented for TLS must have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the extendedKeyUsage field. o S/MIME certificates presented for email encryption and signature must have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the extendedKeyUsage field. o OCSP certificates presented for OCSP responses must have the OCSP signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the extendedKeyUsage field. o Server certificates presented for EST must have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the extendedKeyUsage field. The certificate validation service will ensure that all certificate paths terminate with a trusted root CA certificate and that all CA certificates include the basicConstraints extension with the CA flag set to TRUE. Certificate status is validated using OCSP. The certificate validation service will also ensure that the extendedKeyUsage field is properly set for all certificates depending on their intended usage. [APP_PP] FIA_X509_EXT.2 The TOE uses X.509v3 certificates for TLS authentication to the Exchange server. The use of certificates is enabled by default. The administrator may also specify the path to an OCSP responder so that revocation status can be checked during authentication. The trusted CA certificates to be used by the TOE are specified through the UEM console. The TLS implementation will automatically reject a certificate if it is found to be invalid. The UEM administrator is able to specify the default action when the application/platform cannot reach the OCSP responder, so that the TOE will either: • Strict setting: Reject the certificate. • Moderate setting: Accept the certificate if the last revocation status is valid. Reject the certificate if the last known revocation status is unknown or was revoked. Security Target VMware Workspace ONE Boxer Email Client 57 | P a g e [EC_EP] FIA_X509_EXT.3 X.509v3 certificates as defined by RFC 5280, are used for S/MIME functionality and are transmitted from the UEM server to the Boxer application upon initial launch of the application and subsequent launches if new certificates are available. When the underlying application/platform cannot reach the OCSP responder, the UEM administrator is able to specify the default action so that the TOE will either: • Reject the certificate or • Accept the certificate if the last revocation status is valid. Reject the certificate if the last known revocation status is unknown or was revoked. The email client will prevent the encryption and/or signing of an email if the email protection certificate is deemed invalid. 8.4 Security Management [APP_PP] FMT_CFG_EXT.1 There are no default credentials for the TOE. All credentials would be pre-existing on the Exchange server or UEM server, which are separate entities to the TOE. The TOE software is installed by default with the appropriate permissions to prevent unauthorized access. Both the Android and the iOS platforms mandate the use of full disk encryption providing further protection. [APP_PP] FMT_MEC_EXT.1 The iOS and Android platforms mandate the use of full disk encryption to protect all applications and their data from unauthorized access. The user of the mobile device must enter a passcode to derive the key which is used for the full disk encryption. Secondly, when enrolling the TOE, it must be enrolled against a server that has a valid pre-existing credentials for the user of the mobile device. Thirdly, the user must enter a passphrase to gain access to the Boxer application and its data. This passphrase is used to derive the Boxer database key that is required to decrypt the Boxer database contents for use when needed. The keys and passcodes are stored as described in FCS_STO_EXT.1(1). [Android] The only user configurable sensitive TSF datum is the application password as defined in FMT_MOF_EXT.1, is stored in the shared preferences XML file as a hashed string. [iOS] The user configurable sensitive TSF datum—the application password as defined in FMT_MOF_EXT.1, is stored in the iOS keychain. [EC_EP] FMT_MOF_EXT.1 The administrator in this evaluation is considered to be the UEM administrator. The UEM administrator is responsible for setting the configuration of the TOE applications using the UEM console that resides in the operational environment. The UEM administrator can configure the password length, cryptographic functionality such as specifying what key sizes are used for the cryptographic algorithms in FCS_SMIME_EXT.1, OCSP retrieval frequency, S/MIME cryptographic assignments, and enabling/disabling the plaintext only mode globally. The mobile device user is not capable of changing these settings from the mobile device. Security Target VMware Workspace ONE Boxer Email Client 58 | P a g e The user is the subject that performs management functions on the TOE itself. The TOE allows the user the ability to change one’s own password/passphrase. See Supplemental Administrative Guidance for Common Criteria document on how the user defined password authorization factor can be changed. [APP_PP] FMT_SMF.1 At the TOE application, the User is considered the owner or user of the mobile device for which the TOE is installed. The TOE software provides one function that is considered administrative functionality to the end user according to the [EC_EP] FMT_MOF_EXT.1: change password/passphrase authentication credential. The User of both Android and iOS platforms may change their password/passphrase authentication credentials. For both Android and iOS platforms an UEM administrator can force a password change by making the password complexity stricter (i.e. increase password length). The user would be forced to change their password after having successfully authenticated with their old now non- compliant password. 8.5 Privacy [APP_PP] FPR_ANO_EXT.1 The TOE application does not collect personally identifiable information (PII) for administrators or users. Therefore, the TOE application will not transmit PII data over the network unless the user of the mobile device includes such information in the free text email. Free text in an email is outside the TOE’s scope of control. 8.6 Protection of the TSF [APP_PP] FPT_AEX_EXT.1 The TOE implements several mechanisms to protect against exploitation. [Android] The TOE is compiled using the -fPIE and -pie compilation flags to ensure it is a Position Independent Executable (ASLR). Memory map (mmap) is never invoked with both the PROT_WRITE and PROT_EXEC permissions. Additionally, mprotect is never invoked. User modifiable files are written to /data/data/com.boxer.email and there are also no executable files. [iOS] The TOE is compiled using the LD_NO_PIE=NO compilation flag to ensure it is a Position Independent Executable (ASLR). All uses of mmap have the explicit memory address location parameter set to NULL (or 0) with the exception of when mmap is called to reallocate memory to expand the Boxer database file map. Additionally, mprotect is never invoked with the PROT_EXEC permission. The platform forces applications to write all data within the application working directory (sandbox). Additionally, the TOE was compiled using the -fstack-protector-all compilation flag for both platforms. [EC_EP] FPT_AON_EXT.1 The TOE does not support the installation of trusted or untrusted add-ons. Security Target VMware Workspace ONE Boxer Email Client 59 | P a g e [APP_PP] FPT_API_EXT.1 When installed on a mobile device with the Android OS, the TOE uses only the following supported platform APIs in order to function. • androidx.annotation:annotation • androidx.appcompat:appcompat • androidx.arch.core:core-runtime • androidx.arch.core:core-testing • androidx.biometric:biometric • androidx.browser:browser • androidx.cardview:cardview • androidx.constraintlayout:constraintlayout • androidx.core:core • androidx.core:core-ktx • androidx.fragment:fragment • androidx.gridlayout:gridlayout • androidx.legacy:legacy-preference-v14 • androidx.legacy:legacy-support-v13 • androidx.legacy:legacy-support-v4 • androidx.lifecycle:lifecycle-common-java8 • androidx.lifecycle:lifecycle-extensions • androidx.lifecycle:lifecycle-livedata • androidx.lifecycle:lifecycle-runtime • androidx.lifecycle:lifecycle-service • androidx.lifecycle:lifecycle-viewmodel-ktx • androidx.multidex:multidex • androidx.palette:palette • androidx.preference:preference • androidx.recyclerview:recyclerview • androidx.room:room-common • androidx.room:room-compiler • androidx.room:room-ktx • androidx.room:room-runtime • androidx.security:security-crypto • androidx.sqlite:sqlite • androidx.sqlite:sqlite-framework • androidx.test.espresso:espresso- accessibility • androidx.test.espresso:espresso-contrib • androidx.test.espresso:espresso-core • androidx.test.espresso:espresso-intents • androidx.test.espresso:espresso-web • androidx.test.ext:junit • androidx.test.uiautomator:uiautomator • androidx.test:core • androidx.test:orchestrator • androidx.test:runner • androidx.work:work-runtime • androidx.work:work-runtime-ktx • androidx.work:work-testing • com.google.android.gms:play-services-base • com.google.android.gms:play-services- basement • com.google.android.gms:play-services- safetynet • com.google.android.gms:play-services- tasks • com.google.android.material:material • com.google.code.findbugs:jsr305 • com.google.code.gson:gson • com.google.crypto.tink:tink-android • com.google.dagger:dagger • com.google.dagger:dagger-android • com.google.dagger:dagger-android- processor • com.google.dagger:dagger-android-support • com.google.dagger:dagger-compiler • com.google.firebase:firebase-messaging • com.google.guava:guava • com.google.guava:listenablefuture • com.google.zxing:core • com.auth0.android:jwtdecode • com.crittercism:crittercism-android-agent • com.darwinsys:hirondelle-date4j • com.github.akarnokd:rxjava2-extensions • com.googlecode.libphonenumber:geocoder • com.jakewharton:butterknife • com.mixpanel.android:mixpanel-android • com.nhaarman.mockitokotlin2:mockito- kotlin • com.squareup.leakcanary:leakcanary- android • com.squareup.moshi:moshi • com.squareup.moshi:moshi-adapters • com.squareup.okhttp3:okhttp • com.squareup.okio:okio • com.sun.mail:android-activation • com.sun.mail:android-mail • com.uservoice:uservoice-android-sdk • commons-io:commons-io • cz.msebera.android:httpclient Security Target VMware Workspace ONE Boxer Email Client 60 | P a g e • io.reactivex.rxjava2:rxandroid • io.reactivex.rxjava2:rxjava • junit:junit • me.grantland:autofittextview • net.openid:appauth • net.sf.biweekly:biweekly • net.zetetic:android-database-sqlcipher • org.apache.commons:commons-lang3 • org.apache.httpcomponents:httpclient- android • org.greenrobot:eventbus • org.greenrobot:greendao • org.greenrobot:greendao-api • org.hamcrest:hamcrest • org.jetbrains.kotlin:kotlin-android- extensions-runtime • org.jetbrains.kotlin:kotlin-reflect • org.jetbrains.kotlin:kotlin-stdlib • org.jetbrains.kotlin:kotlin-stdlib-common • org.jetbrains.kotlin:kotlin-stdlib-jdk7 • org.jetbrains.kotlin:kotlin-stdlib-jdk8 • org.jetbrains.kotlinx:kotlinx-coroutines- android • org.jetbrains.kotlinx:kotlinx-coroutines- core • org.jetbrains.kotlinx:kotlinx-coroutines-test • org.jetbrains.kotlinx:kotlinx-serialization- runtime • org.jsoup:jsoup • org.koin:koin-android • org.koin:koin-core • org.mockito:mockito-android • org.mockito:mockito-core • org.robolectric:robolectric • org.robolectric:shadows-httpclient • org.robolectric:shadows-multidex • org.simpleframework:simple-xml When installed on a mobile device with the iOS, the TOE uses only the following supported platform APIs in order to function. • Accelerate.framework • Accounts.framework • AddressBook.framework • AdSupport.framework • AssetsLibrary.framework • AudioToolbox.framework • AVFoundation.framework • CallKit.framework • CFNetwork.framework • Contacts.framework • CoreData.framework • CoreFoundation.framework • CoreGraphics.framework • CoreLocation.framework • CoreMedia.framework • CoreMotion.framework • CoreTelephony.framework • CoreText.framework • CoreVideo.framework • EventKit.framework • Foundation.framework • ImageIO.framework • libc++ • libiconv • libresolv • libsqlite3 • libxml2.2 • libxml2 • libz.tbd • LocalAuthentication.framework • MapKit.framework • MediaPlayer.framework • MessageUI.framework • MobileCoreServices.framework • Photos.framework • QuartzCore.framework • QuickLook.framework • SafariServices.framework • Security.framework • Social.framework • SystemConfiguration.framework • UIKit.framework • UserNotifications.framework • WebKit.framework [APP_PP] FPT_IDV_EXT.1(1) and FPT_IDV_EXT.1(2) [Android] The TOE version format is “YY.MM.PP.BB”. The vendor operates on a monthly release cycle to incorporate updates and fixes. The first number is based on the last two digits of the year of the release date. The second number is the 2-digit numerical representation of the month of the release date, the third number is based on the patch release under the monthly release number, and the fourth number is based on the internal build number that has been released to the Google Play store. [iOS] The TOE version format is “YY.MM.PP”. The vendor operates on a monthly release cycle to incorporate updates and fixes. The first number is based on the last two digits of the year of the release date. The second number is the 2-digit numerical representation of the month of the release date, and the third number is based on the patch release under the monthly release number. [APP_PP] FPT_LIB_EXT.1 The TOE is packaged with several third-party open source libraries in order to function. When installed on a mobile device with the Android OS, the TOE uses only the following third-party dynamic libraries in order to function. • libc++_shared.so • libchameleon.so • libchameleon_jni.so • libcoredevice.so • libcrypto.1.0.2.so • libcrypto.so • libdyncdd.so • libencjni.so • libfips_main.so • libmip_core.so • libmip_protection_sdk.so • libmip_upe_sdk.so • libmip_wrapper.so • libopdatashim.so • libpolarisoffice8.so • libscep.so • libsettings.so • libsettings-native-library.so • libsqlcipher.so • libssl.1.0.2.so • libsupercollider.so When installed on a mobile device with iOS, the TOE uses only the following third-party libraries in order to function. • AEXML.framework • AFNetworking.framework • AWCMWrapper.framework • AWCrypto.framework • AWEncryptedStoreKit.framework • AWError.framework • AWHelpers.framework • AWLocalization.framework • AWLog.framework • AWPresentation.framework • AWPrivacy.framework • AWSDK.framework • AWServices.framework • AWStorage.framework • AWTrustServices.framework • AirWatchEWS.framework • Alamofire.framework • AppAuth.framework • AppSupportKit.framework • CocoaLumberjack.framework • CompoundFileReader.framework • ContentServices.framework • ContentUIServices.framework • CryptBridge.framework • DerivedCredentialsUsage.framework • Duktape.framework • EncryptedCoreData.framework • FMDB.framework • GRDB.framework • GRMustache.framework Security Target VMware Workspace ONE Boxer Email Client 59 | P a g e • GTMAppAuth.framework • GTMSessionFetcher.framework • HTTPStatusCodes.framework • JLRoutes.framework • JRSwizzle.framework • JWTDecode.framework • KissXML.framework • LogAggregator.framework • Lottie.framework • MBProgressHUD.framework • MSGraphClientModels.framework • NotificationObserverHelper.framework • OpenSSL.framework • RoswellFramework.framework • SQLCipher.framework • SQLite.framework • Shimmer.framework • SwiftyJSON.framework • SwiftyTraverson.framework • TrustKit.framework • URITemplate.framework • VISidebarController.framework • VisionUX.framework • WS1MIP.framework • WSODeviceUtils.framework • XLActionController.framework • XSWChameleon.framework • XSWSettings.framework • XSWSettingsAttributesProvider.framew ork • XSWSettingsHttpProvider.framework • XSWSettingsKeychainProvider.framew ork • XSWSettingsOperationalDataProvider.f ramework • XSWSettingsSuperColliderProvider.fra mework • ZipArchive.framework • libPhoneNumber_iOS.framework • libical.framework • sasl.framework • uservoice_iphone_sdk.framework [APP_PP] FPT_TUD_EXT.1 and FPT_TUD_EXT.2 The TOE provides a user with the ability to check the version of the TOE that is currently running on the machine. [Android] Within the application, the TOE will display the version by navigating: Settings → About. The Android OS also provides the versioning information by using the App manager. [iOS] Within the application, the TOE will display the version by navigating: Settings → About. The Android OS also provides the versioning information by using the App manager. The TOE automatically checks to see if an update is available without user intiation. If there is an update available, the user is notified that the product has an update available and directs the user to go to the appropriate app store to download. Additionally, the user can leverage the platform features to independently check for updates by navigating to the Google Play Store (Android) or the Apple App Store (iOS). The TOE does not automatically update its own binaries or executable files. The binary code is only modified or replaced if the user manually initiates the update via the platform provided update mechanism. The application for Android is packaged in .apk format and for iOS it is packaged in .ipa format. The TOE and updates to the TOE are provided by the Google Play Store (Android) or Apple App Store (iOS) over HTTPS/TLS. Once the update has been completed by the developer, it is then digitally signed by the developer and sent to the Google Play Store/Apple App Store. The TOE software is digitally signed using a Verisign X.509v3 certificate. The Google Play Store/Apple App Store will then verify the signature and will sign the update with its own signature. When the update gets sent to the mobile device, Security Target VMware Workspace ONE Boxer Email Client 60 | P a g e the mobile device will verify the signature from the Google Play Store/Apple App Store. Secure communication between the mobile device and its app store is handled by the underlying platform. This secure channel is considered part of the operating environment and is out of the scope of the evaluation. The TOE relies on the platform OS to uninstall the application and remove all remnants of the software from the device. When the TOE application is uninstalled, the entire package is removed. There are no exceptions or customizations for the uninstall function to leave any traces of files or settings. 8.6.6.1 Timely Security Updates As part of providing timely security updates, VMware provides customers with a support section on VMware.com where they have the ability to submit support issues. This is an HTTPS site that requires user authentication prior to use. Any feedback that necessitates a fix will result in an update to Boxer itself so there is no third-party update process to consider when updating the TOE. High severity issues can result in a patch release as soon as remediation is available. Lower severity issues will be incorporated into the next monthly release. Security fixes will be released as new packages in the same manner as any feature updates (see discussion on FPT_TUD_EXT.1 above). The TOE contains a number of components, including third-party components that VMware does not have control over the implementation of. Any implementation flaws are expected to be addressed within 90 days of reporting. Customers are notified of security-related fixes on the VMware customer portal. 8.7 Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1(1) and [APP_PP] FTP_DIT_EXT.1(2) The TOE invokes the platform to communicate with an Exchange server for its primary function as an email client. The TOE implements the actual ActiveSync protocol layer communications after it invokes the OS to establish the trusted channel that ActiveSync requires. [Android] The TOE invokes the platform to provide the TLSv1.2 channel to secure all transmitted data via this external interface. In this instance, the TOE/platform acts as the TLS client to initiate the secure communications to the Exchange server. [iOS] The TOE invokes the platform to provide the TLSv1.2 channel to secure all sensitive data in transit via this external interface. In this instance, the TOE/platform acts as the TLS client to initiate the secure communication to the Exchange server. [EC_EP] FTP_ITC_EXT.1 As described above in FTP_DIT_EXT.1, the TOE implements ActiveSync to communicate with the Exchange server over the TLS v1.2 channel established by the TOE platform. The TOE is able to send and receive emails from the operational environment over this channel.