Common Criteria NDcPP Assurance Activity Report Nubo Software Thin Client v2.0

Transcription

1 Common Criteria NDcPP Assurance Activity Report Nubo Software Thin Client v2.0 Danielle Canoles ISSUED BY Acumen Security 1

2 Revision History: Version Date Changes Version 0.1 March 2018 Initial Release Version 0.2 April 2018 Guidance updates Version 0.3 June 2018 Updated based on quality review Version 0.4 June 2018 Updated based on ECR review Version 0.5 July 2018 Updated based on ECR round 2 Version 0.6 July 2018 Updated based on ECR comments 2

3 Evaluation Technical Report for a Target of Evaluation Nubo Software Thin Client v2.0 Nubo Software Thin Client v2.0 ST Version 1.4 Application Software Protection Profile, Version 1.2 Evaluated by: 2400 Research Blvd Suite 395, Rockville, MD Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme 3

4 The Developer of the TOE: Nubo Software, Inc. The Author of the Security Target: Acumen Security 2400 Research Blvd Suite 395, Rockville, MD The TOE Evaluation was Sponsored by: Nubo Software, Inc. Evaluation Personnel: Muhammad Abdallah Danielle F Canoles Anthony Busciglio 4

5 Common Criteria Version Common Criteria Version 3.1 Revision 4 Common Evaluation Methodology Version CEM Version 3.1 Revision 4 5

6 Table of Contents 1 TOE Overview Test Equivalency Justification Test Infrastructure Test Bed # Visual Diagram Configuration Information Evaluation Evidence Detailed Test Cases Test Cases FCS_RBG_EXT.1.1 TSS FCS_RBG_EXT.1.1 Test FCS_STO_EXT.1.1 TSS FCS_STO_EXT.1.1 Test FCS_TLSC_EXT.1.1 TSS FCS_TLSC_EXT.1.1 Guidance FCS_TLSC_EXT.1.1 Test FCS_TLSC_EXT.1.1 Test FCS_TLSC_EXT.1.1 Test FCS_TLSC_EXT.1.1 Test FCS_TLSC_EXT.1.1 Test FCS_TLSC_EXT.1.2 TSS FCS_TLSC_EXT.1.2 Guidance FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.2 Test FCS_TLSC_EXT.1.3 Test FCS_TLSC_EXT.4.1 TSS FCS_TLSC_EXT.4.1 Guidance

7 FCS_TLSC_EXT.4.1 Test FCS_HTTPS_EXT.1.1 Test FCS_HTTPS_EXT.1.2 Test FCS_HTTPS_EXT.1.3 Test FDP_DEC_EXT.1.1 Guidance FDP_DEC_EXT.1.1 Test FDP_DEC_EXT.1.2 Test FDP_NET_EXT.1.1 Test FDP_NET_EXT.1.1 Test FDP_DAR_EXT.1.1 TSS FDP_DAR_EXT.1.1 Test Test Cases (Identification and Authentication) FIA_X509_EXT.1.1 TSS FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.1 Test FIA_X509_EXT.1.2 Test FIA_X509_EXT.1.2 Test FIA_X509_EXT.1.2 Test FIA_X509_EXT.2.2 TSS FIA_X509_EXT.2.2 TSS FIA_X509_EXT.2.2 Test FIA_X509_EXT.2.2 Test Test Cases (Security Management) FMT_MEC_EXT.1.1 TSS FMT_MEC_EXT.1.1 Test FMT_CFG_EXT.1.1 TSS FMT_CFG_EXT.1.1 Test FMT_CFG_EXT.1.1 Test

8 3.3.6 FMT_CFG_EXT.1.1 Test FMT_CFG_EXT.1.2 Test FMT_SMF.1.1 Guidance FMT_SMF.1.1 Test Test Cases (Privacy) FPR_ANO_EXT.1.1 TSS FPR_ANO_EXT.1.1 Test Test Cases (Protection of the TSF) FPT_API_EXT.1.1 TSS FPT_AEX_EXT.1.1 TSS FPT_AEX_EXT.1.1 Test FPT_AEX_EXT.1.2 Test FPT_AEX_EXT.1.3 Test FPT_AEX_EXT.1.4 Test FPT_AEX_EXT.1.5 TSS FPT_AEX_EXT.1.5 Test FPT_TUD_EXT.1 Test FPT_TUD_EXT.1.2 Test FPT_TUD_EXT.1.3 Test FPT_TUD_EXT.1.4 Test FPT_TUD_EXT.1.5 Test FPT_TUD_EXT.1.6 TSS FPT_LIB_EXT.1 Test Test Cases (Trusted Path) FTP_DIT_EXT.1 Test FTP_DIT_EXT.1 Test FTP_DIT_EXT.1 Test Security Assurance Requirements ADV_FSP.1 Development AGD_OPE.1 Guidance AGD_OPE.1 Guidance AGD_OPE.1 Guidance AGD_PRE.1 Guidance

9 4.6 ALC_CMC.1 ST/AGD ALC_CMS.1 Guidance ALC_TSU_EXT.1 TSS ALC_TSU_EXT.1 TSS ATE_IND.1 Test AVA_VAN.1 Test Conclusions

10 List of Tables Table 1 FCS_RBG_EXT.1.1 TSS Table 2 FCS_RBG_EXT.1.1 Test Table 3 FCS_STO_EXT.1.1 TSS Table 4 FCS_STO_EXT.1.1 Test Table 5 FCS_TLSC_EXT.1.1 TSS Table 6 FCS_TLSC_EXT.1.1 Guidance Table 7 FCS_TLSC_EXT.1.1 Test Table 8 FCS_TLSC_EXT.1.1 Test Table 9 FCS_TLSC_EXT.1.1 Test Table 10 FCS_TLSC_EXT.1.1 Test Table 11 FCS_TLSC_EXT.1.1 Test Table 12 FCS_TLSC_EXT.1.2 TSS Table 13 FCS_TLSC_EXT.1.2 Guidance Table 14 FCS_TLSC_EXT.1.2 Test Table 15 FCS_TLSC_EXT.1.2 Test Table 16 FCS_TLSC_EXT.1.2 Test Table 17 FCS_TLSC_EXT.1.2 Test Table 18 FCS_TLSC_EXT.1.2 Test Table 19 FCS_TLSC_EXT.1.2 Test Table 20 FCS_TLSC_EXT.1.2 Test Table 21 FCS_TLSC_EXT.1.3 Test Table 22 FCS_TLSC_EXT.4.1 TSS Table 23 FCS_TLSC_EXT.4.1 Guidance Table 24 FCS_TLSC_EXT.4.1 Test Table 25 FCS_HTTPS_EXT.1.1 Test Table 26 FCS_HTTPS_EXT.1.2 Test Table 27 FCS_HTTPS_EXT.1.3 Test Table 28 FDP_DEC_EXT.1.1 Guidance Table 29 FDP_DEC_EXT.1.1 Test Table 30 FDP_DEC_EXT.1.2 Test Table 31 FDP_NET_EXT.1.1 Test Table 32 FDP_NET_EXT.1.1 Test Table 33 FDP_DAR_EXT.1.1 TSS Table 34 FDP_DAR_EXT.1.1 Test Table 35 FIA_X509_EXT.1.1 TSS Table 36 FIA_X509_EXT.1.1 Test Table 37 FIA_X509_EXT.1.1 Test Table 38 FIA_X509_EXT.1.1 Test Table 39 FIA_X509_EXT.1.1 Test Table 40 FIA_X509_EXT.1.1 Test Table 41 FIA_X509_EXT.1.1 Test Table 42 FIA_X509_EXT.1.1 Test

11 Table 43 FIA_X509_EXT.1.2 Test Table 44 FIA_X509_EXT.1.2 Test Table 45 FIA_X509_EXT.1.2 Test Table 46 FIA_X509_EXT.2.2 TSS Table 47 FIA_X509_EXT.2.2 TSS Table 48 FIA_X509_EXT.2.2 Test Table 49 FIA_X509_EXT.2.2 Test Table 50 FMT_MEC_EXT.1.1 TSS Table 51 FMT_MEC_EXT.1.1 Test Table 52 FMT_CFG_EXT.1.1 TSS Table 53 FMT_CFG_EXT.1.1 Test Table 54 FMT_CFG_EXT.1.1 Test Table 55 FMT_CFG_EXT.1.1 Test Table 56 FMT_CFG_EXT.1.2 Test Table 57 FMT_SMF.1.1 Guidance Table 58 FMT_SMF.1.1 Test Table 59 FPR_ANO_EXT.1.1 TSS Table 60 FPR_ANO_EXT.1.1 Test Table 61 FPT_API_EXT.1.1 TSS Table 62 FPT_AEX_EXT.1.1 TSS Table 63 FPT_AEX_EXT.1.1 Test Table 64 FPT_AEX_EXT.1.2 Test Table 65 FPT_AEX_EXT.1.3 Test Table 66 FPT_AEX_EXT.1.4 Test Table 67 FPT_AEX_EXT.1.5 TSS Table 68 FPT_AEX_EXT.1.5 Test Table 69 FPT_TUD_EXT.1 Test Table 70 FPT_TUD_EXT.1.2 Test Table 71 FPT_TUD_EXT.1.3 Test Table 72 FPT_TUD_EXT.1.4 Test Table 73 FPT_TUD_EXT.1.5 Test Table 74 FPT_TUD_EXT.1.6 TSS Table 75 FPT_LIB_EXT.1 Test Table 76 FTP_DIT_EXT.1 Test Table 77 FTP_DIT_EXT.1 Test Table 78 FTP_DIT_EXT.1 Test Table 79 ADV_FSP.1 Development Table 80 AGD_OPE.1 Guidance Table 81 AGD_OPE.1 Guidance Table 82 AGD_OPE.1 Guidance Table 83 AGD_PRE.1 Guidance Table 84 ALC_CMC.1 ST/AGD Table 85 ALC_CMS.1 Guidance Table 86 ALC_TSU_EXT.1 TSS

12 Table 87 ALC_TSU_EXT.1 TSS Table 88 ATE_IND.1 Test Table 89 ATE_VAN.1 Test

13 1 TOE Overview The Target of Evaluation (TOE) is the Nubo Software Thin Client v2.0. The TOE is an application from the Google Play store installed and executing on a mobile device. With VMI, virtual applications execute on a user s behalf on VMI servers. No executable code associated with the virtual applications is downloaded to the user s device. Instead, the Thin Client displays the output from the virtual applications, and forwards input from the user to the virtual applications. The Thin Client transparently controls all communication with the VMI servers and ensures that all communication occurs over trusted channels. All network connections are initiated by the TOE. Direct connections are established to two VMI server components. The Nubo Management Server processes user activation and login. The Nubo Gateway provides the realtime connection for access to virtual applications. The traffic for any number of virtual applications is multiplexed over a single trusted channel with the Thin Client. When the Thin Client is first installed, the user is required to activate the Thin Client with the Nubo Management Server. The user specifies his/her password to the Management Server during activation. Once activated, the user may establish sessions and execute virtual applications. Each session requires that the user provide his/her password, which is transparently forwarded to the Management Server for validation. Upon successful login, the Management Server provides a session id to both the Thin Client and Gateway. The Thin Client then established a trusted channel to the Gateway, specifying the session id, enabling the user to activate his/her authorized applications. 13

14 2 Test Equivalency Justification This section presents the equivalency argument for the TOE platforms. The Security Target includes the following platforms, Samsung Galaxy S7 and Samsung S7 Edge running Android The evaluator tested on a Samsung Galaxy S7 device for the Android platform. This device is sufficient to address all the platforms because the evaluation that addresses all of these platforms has a single User s Guide that references one set of APIs for making and managing TLS connections. The Samsung evaluation did not differentiate between the platforms and the vendor is calling the evaluated interfaces. 2.1 Test Infrastructure Test Bed # 1 This is the only Testbed used throughout the entire evaluation Visual Diagram Below is a visual representation of the components included in the test bed: Nubo Phone (Galaxy S7) Linux Test server Configuration Information The following provides configuration information about each device on the test network Nubo Phone Software Version: Android Marshmallow (6.0.1) TOE: Nubo Thin Client Software version Linux test server OS Version: Ubuntu Tools: o AcumenTLS version 1 o OpenSSL version o NMAP version 6.0 o Android Debug Bridge version o Android Studio version o McAfee LiveSafe version 16.0 o Wireshark version

15 2.2 Evaluation Evidence The following evidence was used as part of this evaluation, TOE: Nubo Software Thin Client version 2.0 ST: Nubo Software Thin Client v2.0 Security Target, version 1.2, May 2018 Guidance: Nubo Software Thin Client Common Criteria Addendum, version

16 3 Detailed Test Cases 3.1 Test Cases FCS_RBG_EXT.1.1 TSS If invoke platform-provided DRBG functionality is selected, the evaluator performs the following activities. The evaluator shall examine the TSS to confirm that it identifies all functions (as described by the SFRs included in the ST) that obtain random numbers from the platform RBG. The evaluator shall determine that for each of these functions, the TSS states which platform interface (API) is used to obtain the random numbers. The evaluator shall confirm that each of these interfaces corresponds to the acceptable interfaces listed for each platform below. For Android: The evaluator shall verify that the application uses at least one of javax.crypto.keygenerator class or the java.security.securerandom class or /dev/random or /dev/urandom. Evaluator Findings Table 1 FCS_RBG_EXT.1.1 TSS FCS_RBG_EXT.1.1 TSS The evaluator examined the application/developer documentation to confirm that the application needs no random bit generation services. Section 6 of the ST was also used to determine the verdict of this assurance activity. Upon investigation, the evaluator found that the TOE uses the platform provided java.security.securerandom. This is one of the approved platform API. However, the TOE does not use this random bit generator for SFR related functionality. Verdict Based on these findings, the assurance activity is considered satisfied FCS_RBG_EXT.1.1 Test 1 Table 2 FCS_RBG_EXT.1.1 Test 1 FCS_RBG_EXT.1.1_T1 The evaluator shall then decompile the application binary using an decompiler suitable for the application (TOE). The evaluator shall search the output of the decompiler to determine that, for each API listed in the TSS, that API appears in the output. If the representation of the API does not correspond directly to the strings in the following list, the evaluator shall provide a mapping from the decompiled text to its corresponding API, with a description of why the API text does not directly correspond to the decompiled text and justification that the decompiled text corresponds to the associated API. 16

17 For Android: The evaluator shall verify that the application uses at least one of javax.crypto.keygenerator class or the java.security.securerandom class or /dev/random or /dev/urandom Test Flow Use Android Studio to debug the software /Fail Verify that java.security.securerandom is present The TOE uses java.security.securerandom. This is one of the allowed random bit generators for the Android platform. This meets the testing requirement FCS_STO_EXT.1.1 TSS The evaluator shall check the TSS to ensure that it lists all persistent credentials (secret keys, PKI private keys, or passwords) needed to meet the requirements in the ST. For each of these items, the evaluator shall confirm that the TSS lists for what purpose it is used, and how it is stored. For all credentials for which the application implements functionality, the evaluator shall verify credentials are encrypted according to FCS_COP.1(1) or conditioned according to FCS_CKM_1.1(A) and FCS_CKM.1.2(A). Evaluator Findings Table 3 FCS_STO_EXT.1.1 TSS FCS_STO_EXT.1.1 TSS The evaluator examined the TSS to ensure that it lists all persistent credentials needed to meet the requirements in the ST. Section 6 of the ST was used to determine the verdict of this assurance activity. Upon investigation, the evaluator found the following regarding store credentials, Credentials: X509 Digital Certificates (and associated keys) for the Nubo Management Server Purpose: Authentication of the Nubo Management Server How Stored: Android Key Store Since the storage is done by the Android Key Store, encryption/conditioning is done by the platform and is not implemented on the TOE. Verdict Based on this the assurance activity is considered satisfied FCS_STO_EXT.1.1 Test 1 Table 4 FCS_STO_EXT.1.1 Test 1 17

18 FCS_STO_EXT_1_1_T1 For all credentials for which the application invokes platform provided functionality, the evaluator shall perform the following actions which vary per platform. For Android: The evaluator shall verify that the application uses the Android KeyStore or the Keychain to store certificates. Test Flow Use apktool to decomplile the APK Search for the uses of clientkeystore and android keystore. /Fail The product uses the Android KeyStore for certificate storage. This meets the testing requirements FCS_TLSC_EXT.1.1 TSS The evaluator shall check the description of the implementation of this protocol in the TSS to ensure that the cipher suites supported are specified. The evaluator shall check the TSS to ensure that the cipher suites specified include those listed for this component. Evaluator Findings Table 5 FCS_TLSC_EXT.1.1 TSS FCS_TLSC_EXT.1.1 TSS The evaluator examined the description of the implementation of TLS in the TSS to ensure that the cipher suites supported are specified. Section 6 of the ST was used to determine the verdict of this assurance activity. The evaluator found that ten TLS ciphersuites are supported by the TOE. These ciphersuites were found to be consistent with those listed in section of the ST. Verdict Based on this the assurance activity is considered satisfied FCS_TLSC_EXT.1.1 Guidance The evaluator shall also check the operational guidance to ensure that it contains instructions on configuring the TOE so that TLS conforms to the description in the TSS. Evaluator Findings Table 6 FCS_TLSC_EXT.1.1 Guidance FCS_TLSC_EXT.1.1 Guidance The evaluator examined the guidance document to determine that any configuration that is required to be done to configure the functionality for the required modes and key sizes is present. Upon investigation, the evaluator found that the section titled Secure Communications of the guidance document describes the TOEs usage of TLS. Specifically, the section contained a list of the supported cipher suites. 18

19 This list is consistent with what is presented in the TSS. Additionally, the guidance states that no addition configuration is required. Verdict Based on this the assurance activity is considered satisfied FCS_TLSC_EXT.1.1 Test 1 Table 7 FCS_TLSC_EXT.1.1 Test 1 FCS_TLSC_EXT.1.1_T1 The evaluator shall establish a TLS connection using each of the ciphersuites specified by the requirement. This connection may be established as part of the establishment of a higher level protocol, e.g., as part of an EAP session. It is sufficient to observe the successful negotiation of a ciphersuite to satisfy the intent of the test; it is not necessary to examine the characteristics of the encrypted traffic in an attempt to discern the ciphersuite being used (for example, that the cryptographic algorithm is 128 bit AES and not 256 bit AES). Test Flow Configure the TLS tool with a cipher.txt file containing the ciphers selected in the ST Configure the TOE to point to the TLS server Cause the TOE to attempt to initiate a connection until each TLS cipher suite has been exercised /Fail The TOE supports the claimed TLSC ciphersuites. The evaluator was able to see each of the ciphersuites being used. This meets the testing requirements FCS_TLSC_EXT.1.1 Test 2 Table 8 FCS_TLSC_EXT.1.1 Test 2 FCS_TLSC_EXT.1.1_T2 The evaluator shall attempt to establish the connection using a server with a server certificate that contains the Server Authentication purpose in the extendedkeyusage field and verify that a connection is established. The evaluator will then verify that the client rejects an otherwise valid server certificate that lacks the Server Authentication purpose in the extendedkeyusage field and a connection is not established. Ideally, the two certificates should be identical except for the extendedkeyusage field. Test Flow Configure TLS on the TOE Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the test case. Notice that the connection is not established 19

20 /Fail when the server authentication purpose in not present in extended key usage field Capture the network traffic Verify the results The TOE terminates a TLS connection when attempting to connect to a TLS server whose certificate does not contain a Server Authentication purpose. This meets the testing requirements FCS_TLSC_EXT.1.1 Test 3 Table 9 FCS_TLSC_EXT.1.1 Test 3 FCS_TLSC_EXT.1.1_T3 The evaluator shall send a server certificate in the TLS connection that does not match the server selected ciphersuite (for example, send a ECDSA certificate while using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite or send a RSA certificate while using one of the ECDSA ciphersuites.) The evaluator shall verify that the TOE disconnects after receiving the server s Certificate handshake message. Test Flow Configure TLS on the TOE Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FCS_TLSC_EXT.1. Test Case #3 test case. Send Traffic to the Tool (this is done by enabling TLS on the TOE) Capture the network traffic Verify the results /Fail The TOE rejects a connection attempt where the selected ciphersuite does not match the certificate ciphersuite. This meets the testing requirements FCS_TLSC_EXT.1.1 Test 4 Table 10 FCS_TLSC_EXT.1.1 Test 4 FCS_TLSC_EXT.1.1_T4 The evaluator shall configure the server to select the TLS_NULL_WITH_NULL_NULL ciphersuite and verify that the client denies the connection. Test Flow Configure TLS on the TOE Send Traffic to the Tool (this is done by enabling TLS on the TOE) Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FCS_TLSC_EXT.1. Test Case #4 test case (which attempts to use the TLS_NULL_WITH_NULL_NULL ciphersuite) Capture the network traffic 20

21 /Fail Verify the results The evaluator verified that the TOE rejects a connection attempt with the TLS_NULL_WITH_NULL_NULL ciphersuite. This meets the testing requirements FCS_TLSC_EXT.1.1 Test 5 Table 11 FCS_TLSC_EXT.1.1 Test 5 FCS_TLSC_EXT.1.1_T5 The evaluator shall perform the following modifications to the traffic: Test 5.1: Change the TLS version selected by the server in the Server Hello to a non supported TLS version (for example 1.3 represented by the two bytes 03 04) and verify that the client rejects the connection. Test 5.2: Modify at least one byte in the server s nonce in the Server Hello handshake message, and verify that the client rejects the Server Key Exchange handshake message (if using a DHE or ECDHE ciphersuite) or that the server denies the client s Finished handshake message. Test 5.3: Modify the server s selected ciphersuite in the Server Hello handshake message to be a ciphersuite not presented in the Client Hello handshake message. The evaluator shall verify that the client rejects the connection after receiving the Server Hello. Test 5.4 (conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message. Test 5.5: Modify a byte in the Server Finished handshake message, and verify that the client sends a fatal alert upon receipt and does not send any application data. Test 5.6: Send an garbled message from the Server after the Server has issued the ChangeCipherSpec message and verify that the client denies the connection Test Flow Configure TLS on the TOE Send Traffic to the Tool (this is done by enabling TLS on the TOE) Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute each of the the FCS_TLSC_EXT.1.1 Test Case #5 test cases. This includes various malformations of the session negotiation attempts. Capture the network traffic Verify the results /Fail The TOE rejects each malformed connection. This meets the testing requirement. 21

22 FCS_TLSC_EXT.1.2 TSS The evaluator shall ensure that the TSS describes the client s method of establishing all reference identifiers from the application configured reference identifier, including which types of reference identifiers are supported (e.g. Common Name, DNS Name, URI Name, Service Name, or other application specific Subject Alternative Names) and whether IP addresses and wildcards are supported. The evaluator shall ensure that this description identifies whether and the manner in which certificate pinning is supported or used by the TOE. Evaluator Findings Table 12 FCS_TLSC_EXT.1.2 TSS FCS_TLSC_EXT.1.2 TSS The evaluator examined the TSS to determine if it describes the client s method of establishing all reference identifiers. Section 6 of the ST was used to determine the verdict of this assurance activity. The evaluator found that the TOE establishes and performs verification of the reference identifiers in the peer certificate. Identifiers that are supported by that are supported and verified by the TOE are Common Name (CN) and Subject Alternative Name (SAN) (IP address and DNS). The TOE supports the use of wildcards in X.509 reference identifiers (CN and SAN). The TOE does not utilize certificate pinning. Verdict Based on this the assurance activity is considered satisfied FCS_TLSC_EXT.1.2 Guidance The evaluator shall verify that the AGD guidance includes instructions for setting the reference identifier to be used for the purposes of certificate validation in TLS. Evaluator Findings Table 13 FCS_TLSC_EXT.1.2 Guidance FCS_TLSC_EXT.1.2 Guidance The evaluator verified that the guidance includes instructions for setting the reference identifier. Upon investigation, the evaluator found that the section titled Digital Certificates includes guidance that the required reference identifier is the configured Nubo Management Server IP address/host name. No additional configuration is required. Verdict Based on this the assurance activity is considered satisfied FCS_TLSC_EXT.1.2 Test 1 Table 14 FCS_TLSC_EXT.1.2 Test 1 FCS_TLSC_EXT.1.2_T1 22

23 The evaluator shall present a server certificate that does not contain an identifier in either the Subject Alternative Name (SAN) or Common Name (CN) that matches the reference identifier. The evaluator shall verify that the connection fails. Test Flow Configure TLS on the TOE Send Traffic to the Tool (this is done by enabling TLS on the TOE) Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FCS_TLSC_EXT.1.2 Test Case #1 test case. This presents a server certificate that does not include the SAN/CN that matches the reference identifier. Capture the network traffic Verify the results /Fail A mismatch in both the CN and SAN results in the TOE rejecting a TLS connection attempt. This meets the testing requirements FCS_TLSC_EXT.1.2 Test 2 Table 15 FCS_TLSC_EXT.1.2 Test 2 FCS_TLSC_EXT.1.2_T2 The evaluator shall present a server certificate that contains a CN that matches the reference identifier, contains the SAN extension, but does not contain an identifier in the SAN that matches the reference identifier. The evaluator shall verify that the connection fails. The evaluator shall repeat this test for each supported SAN type. Test Flow Configure the reference identifier on the TOE as invalidalt.com Configure TLS on the TOE Send Traffic to the Tool (this will result in a CN that matches the reference identifier but does not include a SAN) Verify that the connection does not succeed /Fail A SAN mismatch results in the TOE rejecting a TLS connection attempt, as expected. This meets the testing requirements FCS_TLSC_EXT.1.2 Test 3 Table 16 FCS_TLSC_EXT.1.2 Test 3 FCS_TLSC_EXT.1.2_T3 [conditional] If the TOE does not mandate the presence of the SAN extension, the evaluator shall present a server certificate that contains a CN that matches the reference identifier and does not contain the SAN extension. The evaluator shall verify that the connection succeeds. If the 23

24 /Fail TOE does mandate the presence of the SAN extension, this Test shall be omitted. The TOE mandates the presence of the SAN extension. This test case is not applicable. N/A FCS_TLSC_EXT.1.2 Test 4 Table 17 FCS_TLSC_EXT.1.2 Test 4 FCS_TLSC_EXT.1.2_T4 The evaluator shall present a server certificate that contains a CN that does not match the reference identifier but does contain an identifier in the SAN that matches. The evaluator shall verify that the connection succeeds. Test Flow Configure TLS on the TOE Send Traffic to the Tool (this is done by enabling TLS on the TOE) Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FCS_TLSC_EXT.1.2 Test Case #4 test case. This uses a server certificate that contains a CN that does not match the reference identifier but does contain an identifier in the SAN that matches. Verify that the connection could not complete /Fail As expected, the TOE will establish a TLS connection if the SAN matches, even if the CN is not a match. This meets the testing requirements FCS_TLSC_EXT.1.2 Test 5 Table 18 FCS_TLSC_EXT.1.2 Test 5 FCS_TLSC_EXT.1.2_T5 The evaluator shall perform the following wildcard tests with each supported type of reference identifier: Test 5.1: The evaluator shall present a server certificate containing a wildcard that is not in the left most label of the presented identifier (e.g. foo.*.example.com) and verify that the connection fails. Test 5.2: The evaluator shall present a server certificate containing a wildcard in the left most label but not preceding the public suffix (e.g. *.example.com). The evaluator shall configure the reference identifier with a single left most label (e.g. foo.example.com) and verify that the connection succeeds. The evaluator shall configure the reference identifier without a 24

25 left most label as in the certificate (e.g. example.com) and verify that the connection fails. The evaluator shall configure the reference identifier with two left most labels (e.g. bar.foo.example.com) and verify that the connection fails. Test 5.3: The evaluator shall present a server certificate containing a wildcard in the left most label immediately preceding the public suffix (e.g. *.com). The evaluator shall configure the reference identifier with a single leftmost label (e.g. foo.com) and verify that the connection fails. The evaluator shall configure the reference identifier with two left most labels (e.g. bar.foo.com) and verify that the connection fails Test Flow Configure TLS on the TOE Send Traffic to the Tool (this is done by enabling TLS on the TOE) Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FCS_TLSC_EXT.1.2 Test Case #5 test cases. This will result in connection attempts with various usage of wildcards (some valid others not as described in each test). Capture the network traffic Verify the results with the logs /Fail The TOE follows the rules for the proper use of wildcards in certificates. This meets the testing requirements FCS_TLSC_EXT.1.2 Test 6 /Fail FCS_TLSC_EXT.1.2 Test 7 Table 19 FCS_TLSC_EXT.1.2 Test 6 FCS_TLSC_EXT.1.2_T6 [conditional] If URI or Service name reference identifiers are supported, the evaluator shall configure the DNS name and the service identifier. The evaluator shall present a server certificate containing the correct DNS name and service identifier in the URIName or SRVName fields ofthe SAN and verify that the connection succeeds. The evaluator shall repeat this test with the wrong service identifier (but correct DNS name) and verify that the connection fails. URI/Service name reference identifiers are not supported. This test is not applicable N/A Table 20 FCS_TLSC_EXT.1.2 Test 7 25

26 /Fail FCS_TLSC_EXT.1.2_T7 [conditional] If pinned certificates are supported the evaluator shall present a certificate that does not match the pinned certificate and verify that the connection fails. Pinned certificates are not supported. This test is not applicable N/A FCS_TLSC_EXT.1.3 Test 1 /Fail Table 21 FCS_TLSC_EXT.1.3 Test 1 FCS_TLSC_EXT_1_3_T1 The evaluator shall demonstrate that a peer using a certificate without a valid certification path results in an authenticate failure. Using the administrative guidance, the evaluator shall then load the trusted CA certificate(s) needed to validate the peer's certificate, and demonstrate that the connection succeeds. The evaluator then shall delete one of the CA certificates, and show that the connection fails. This test was covered by FIA_X509_EXT.1.1 Test FCS_TLSC_EXT.4.1 TSS The evaluator shall verify that TSS describes the supported Elliptic Curves Extension and whether the required behavior is performed by default or may be configured. Evaluator Findings Table 22 FCS_TLSC_EXT.4.1 TSS FCS_TLSC_EXT.4.1 TSS The evaluator examined the TSS to determine if the supported Elliptic Curves Extensions are described and whether the required behavior is performed by default. The evaluator found that the TOE supports the secp256r1, secp384r1, and secp521r1 curves. These curves are supported by default (no configuration is required). Verdict Based on this the assurance activity is considered satisfied FCS_TLSC_EXT.4.1 Guidance If the TSS indicates that the supported Elliptic Curves Extension must be configured to meet the requirement, the evaluator shall verify that AGD guidance includes configuration of the supported Elliptic Curves Extension. Table 23 FCS_TLSC_EXT.4.1 Guidance 26

27 Evaluator Findings Verdict FCS_TLSC_EXT.4.1 Guidance The evaluator used the Guidance documentation and the TSS in ST to determine the verdict of this work unit. Upon investigation, the evaluator found that Android supports the Elliptic Curve Extensions (secp256r1, secp384r1, and secp521r1) and no configuration is required. Based on these findings, this Assurance Activity is considered satisfied FCS_TLSC_EXT.4.1 Test 1 Table 24 FCS_TLSC_EXT.4.1 Test 1 FCS_TLSC_EXT.4.1_T1 The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE s supported curves and shall verify that the TOE successfully connects to the server. Test Flow Initiate openssl connection using each supported elliptic curve Record packet capture Verify that the TOE accepts each of of the supported ciphers /Fail Connections with supported shared curves are successful. This meets the testing requirements FCS_HTTPS_EXT.1.1 Test 1 /Fail Table 25 FCS_HTTPS_EXT.1.1 Test 1 FCS_HTTPS_EXT.1.1_T1 The evaluator shall attempt to establish an HTTPS connection with a webserver, observe the traffic with a packet analyzer, and verify that the connection succeeds and that the traffic is identified as TLS or HTTPS. This test was conducted in conjunction with FCS_TLSC_EXT.1.1 Test # FCS_HTTPS_EXT.1.2 Test 1 Table 26 FCS_HTTPS_EXT.1.2 Test 1 FCS_HTTPS_EXT.1.2_T1 Other tests are performed in conjunction with FCS_TLSC_EXT.1 and/or FCS_TLSS_EXT.1. 27

28 FCS_HTTPS_EXT.1.3 Test 1 /Fail Table 27 FCS_HTTPS_EXT.1.3 Test 1 FCS_HTTPS_EXT.1.3_T1 The evaluator shall demonstrate that using a certificate without a valid certification path results in the selected action in the SFR. If "notify the user" is selected in the SFR, then the evaluator shall also determine that the user is notified of the certificate validation failure. Using the administrative guidance, the evaluator shall then load a certificate or certificates to the Trust Anchor Database needed to validate the certificate to be used in the function, and demonstrate that the function succeeds. The evaluator then shall delete one of the certificates, and show that again, using a certificate without a valid certification path results in the selected action in the SFR, and if "notify the user" was selected in the SFR, the user is notified of the validation failure. Carried out in conjunction with FIA_X.509_EXT.1.1 Test #1; FDP_DEC_EXT.1.1 Guidance 1 The evaluator shall review documentation provided by the application developer and for each resource which it accesses, identify the justification as to why access is required. Evaluator Findings Table 28 FDP_DEC_EXT.1.1 Guidance 1 FCS_TLSC_EXT.4.1 Guidance The evaluator used the Guidance documentation and the TSS in ST to determine the verdict of this work unit. Upon investigation, the evaluator found that the TSS states that the TOE access the following resources, camera microphone location services media stored in non-volatile memory Next, the evaluator examined the guidance documentation to verify that for each resource a justification for usage is included. Upon investigation, the evaluator found that the section titled, Resources in the guidance documentation includes a listing of each resource accessed and justification of why the TOE requires the access. 28

29 Verdict Based on these findings, this Assurance Activity is considered satisfied FDP_DEC_EXT.1.1 Test 1 Table 29 FDP_DEC_EXT.1.1 Test 1 FDP_DEC_EXT_1_1_T1 The evaluator shall perform the platform-specific actions below and inspect user documentation to determine the application's access to hardware resources. The evaluator shall ensure that this is consistent with the selections indicated. The evaluator shall inspect permissions presented at installation time (Android 5.1 and below) or on-access (Android 6.0 and above) for each hardware resource an app intends to access Test Flow Access the TOE Verify the requested permissions o Camera o Microphone o Location o Media Verify this is consistent with the permissions listed in the ST /Fail The requested permissions match those listed in the ST. This meets the testing requirements FDP_DEC_EXT.1.2 Test 1 Table 30 FDP_DEC_EXT.1.2 Test 1 FDP_DEC_EXT_1_2_T1 The evaluator shall perform the platform-specific actions below and inspect user documentation to determine the application's access to sensitive information repositories. The evaluator shall ensure that this is consistent with the selections indicated. The evaluator shall review documentation provided by the application developer and for each sensitive information repository which it accesses, identify the justification as to why access is required. The evaluator shall review documentation provided by the application developer and for each sensitive information respository which it accesses, identify the justification as to why access is required. 29

30 Test Flow /Fail For Android: The evaluator shall inspect permissions presented at installation time (Android 5.1 and below) or on-access (Android 6.0 and above) for each sensitive information repository an app intends to access Verify that the TOE does not request access to any sensitive information repositories. Consistent with the ST, the TOE does not access any sensitive information repositories. This meets the testing requirements FDP_NET_EXT.1.1 Test 1 Table 31 FDP_NET_EXT.1.1 Test 1 FDP_NET_EXT.1.1_T1 The evaluator shall run the application. While the application is running, the evaluator shall sniff network traffic ignoring all non-application associated traffic and verify that any network communications witnessed are documented in the TSS or are user initiated Test Flow Cause the TOE to connect to the test server Capture all traffic from the TOE Observe all traffic is user-initiated Verify that only TLS traffic /Fail The evaluator verified that the TOE only sends the expected TLS traffic. This meets the testing requirements FDP_NET_EXT.1.1 Test 2 Table 32 FDP_NET_EXT.1.1 Test 2 FDP_NET_EXT.1.1_T2 The evaluator shall run the application. After the application initializes, the evaluator shall run network port scans to verify that any ports opened by the application have been captured in the ST for the third selection and its assignment. This includes connection-based protocols (e.g. TCP, DCCP) as well as connectionless protocols (e.g. UDP). Test Flow Attempt a connection from the TOE Scan the TOE for open ports using NMAP Packet capture showing successful connection Export Nmap results in.txt /Fail The evaluator verified that there were no unexpected open ports. This meets the testing requirements. 30

31 FDP_DAR_EXT.1.1 TSS 1 The evaluator shall examine the TSS to ensure that it describes the sensitive data processed by the application. The evaluator shall then ensure that the following activities cover all of the sensitive data identified in the TSS. Assurance activities (after the identification of the sensitive data) are to be performed on all sensitive data listed that are not covered by FCS_STO_EXT.1. For Android: The evaluator shall inspect the TSS and verify that it describes how files containing sensitive data are stored with the MODE_PRIVATE flag set. Evaluator Findings Table 33 FDP_DAR_EXT.1.1 TSS 1 FDP_DAR_EXT.1.1 Test 1 The evaluator examined the TSS and verified that it describes how files containing sensitive data are stored with the MODE_PRIVATE flag set. Section 6 of the ST as used to determine the verdict of this assurance activity. Upon investigation, the evaluator found that the TOE stores no user data. However, configuration data is stored by the TOE in /data/data/package/shared_prefs/. Additionally, the the MODE_PRIVATE flag is set. Verdict Based on this the assurance activity is considered satisfied FDP_DAR_EXT.1.1 Test 1 /Fail Table 34 FDP_DAR_EXT.1.1 Test 1 FDP_DAR_EXT.1.1_T1 The evaluator shall inventory the filesystem locations where the application may write data. The evaluator shall run the application and attempt to store sensitive data. The evaluator shall then inspect those areas of the filesystem to note where data was stored (if any), and determine whether it has been encrypted. The evaluator shall inspect the TSS and verify that it describes how files containing sensitive data are stored with the MODE_PRIVATE flag set. No user data is stored by the TOE. Configuration data is stored by the TOE in /data/data/package/shared_prefs/ with the MODE_PRIVATE flag set. 31

32 3.2 Test Cases (Identification and Authentication) FIA_X509_EXT.1.1 TSS The evaluator shall ensure the TSS describes where the check of validity of the certificates takes place. The evaluator ensures the TSS also provides a description of the certificate path validation algorithm. Evaluator Findings Verdict FIA_X509_EXT.1.1 Test 1 Table 35 FIA_X509_EXT.1.1 TSS FIA_X509_EXT.1.1 TSS The evaluator examined the TSS to determine that it describes where the check of validity of the certificates takes place. Section 6 of the ST was used to determine the verdict of this assurance activity. The evaluator found that certificate validation is performed by the TOE platform (Android) in conformance to RFC5280. Based on this the assurance activity is considered satisfied. Table 36 FIA_X509_EXT.1.1 Test 1 FIA_X509_EXT.1.1_T1 The evaluator shall demonstrate that validating a certificate without a valid certification path results in the function failing. The evaluator shall then load a certificate or certificates as trusted CAs needed to validate the certificate to be used in the function, and demonstrate that the function succeeds. The evaluator shall then delete one of the certificates, and show that the function fails. Test Flow Upload a complete certificate validation chain to the TOE. Verify the connection succeeds Delete one of the certificates in the chain. Verify that the connection fails /Fail The evaluator confirmed that the TOE will not validate a certificate with an incomplete path, but it will accept that same certificate when it has the full CA chain. This meets the testing requirements FIA_X509_EXT.1.1 Test 2 Table 37 FIA_X509_EXT.1.1 Test 2 FIA_X509_EXT.1.1_T2 The evaluator shall demonstrate that validating an expired certificate results in the function failing. 32

33 Test Flow Use the AcumenTLS tool (a forked version of NIAP TLS tool) and execute the FIA_X509_EXT_1_1_TEST2 test case. This presents an expired certificate Attempt connect to the acumen tls tool from the TOE Verify that the connection attempt failed /Fail The TOE rejected an attempt to open a connection to a server that gives an expired certificate. This meets the testing requirements FIA_X509_EXT.1.1 Test 3 Table 38 FIA_X509_EXT.1.1 Test 3 FIA_X509_EXT_1_1_T3 The evaluator shall test that the TOE can properly handle revoked certificates- conditional on whether CRL, OCSP, or OCSP Stapling is selected; if multiple methods are selected, then the following tests shall be performed for each method: The evaluator shall test revocation of the node certificate. The evaluator shall also test revocation of an intermediate CA certificate (i.e. the intermediate CA certificate should be revoked by the root CA), if intermediate CA certificates are supported. The evaluator shall ensure that a valid certificate is used, and that the validation function succeeds. The evaluator then attempts the test with a certificate that has been revoked (for each method chosen in the selection) to ensure when the certificate is no longer valid that the validation function fails Test Flow Attempt a connection between the TOE and a peer for which the peer certificate is valid Verify that the connection succeeds revoke the peer certificate Re-attempt the connection between the TOE and the peer Verify that the connection fails /Fail The TOE is capable of opening a connection to a server that issues a good certificate. When that same certificate is then revoked the TOE can no longer connect to the same server. This meets the testing requirements FIA_X509_EXT.1.1 Test 4 Table 39 FIA_X509_EXT.1.1 Test 4 FIA_X509_EXT.1.1_T4 If OCSP is selected, the evaluator shall configure the OCSP server or use a man in the middle tool to present a certificate that does not have the OCSP 33

34 signing purpose and verify that validation of the OCSP response fails. If CRL is selected, the evaluator shall configure the CA to sign a CRL with a certificate that does not have the crlsign key usage bit set, and verify that validation of the CRL fails. Test Flow Create a certificate chain with no OCSP signing purpose Start the OCSP responder Attempt to connect to the TOE /Fail Verify that the connection fails If a presented server certificate does not contain a valid OCSP signing purpose, the validation of the OCSP response will cause an unsuccessful connection. This meets the testing requirements FIA_X509_EXT.1.1 Test 5 Table 40 FIA_X509_EXT.1.1 Test 5 FIA_X509_EXT.1.1_T5 The evaluator shall modify any byte in the first eight bytes of the certificate and demonstrate that the certificate fails to validate. (The certificate will fail to parse correctly.) Test Flow Configure a connection with a peer on the TOE Ensure that digital certificates are used for authentication During session establishment modify a byte in the first eight bytes of the certificate Verify that the connection does not complete /Fail The TOE rejected a connection to a server that issued a certificate that was modified by the Acumen TLS test tool. This meets the testing requirements FIA_X509_EXT.1.1 Test 6 Table 41 FIA_X509_EXT.1.1 Test 6 FIA_X509_EXT.1.1_T6 The evaluator shall modify any byte in the last byte of the certificate and demonstrate that the certificate fails to validate. (The signature on the certificate will not validate.) Test Flow Configure a connection with a peer on the TOE, Ensure that digital certificates are used for authentication During session establishment modify a byte in the last eight bytes of the certificate Verify that the connection does not complete 34

35 /Fail The TOE rejected a connection to a server that issued a certificate that was modified by the Acumen TLS test tool. This meets the testing requirements FIA_X509_EXT.1.1 Test 7 Table 42 FIA_X509_EXT.1.1 Test 7 FIA_X509_EXT.1.1_T7 The evaluator shall modify any byte in the public key of the certificate and demonstrate that the certificate fails to validate. (The signature on the certificate will not validate.) Test Flow Configure a connection with a peer on the TOE, Ensure that digital certificates are used for authentication During session establishment modify a byte in the public of the certificate Verify that the connection does not complete /Fail The TOE rejected a connection to a server that issued a certificate that was modified by the Acumen TLS test tool. This meets the testing requirements FIA_X509_EXT.1.2 Test 1 Table 43 FIA_X509_EXT.1.2 Test 1 FIA_X509_EXT.1.2_T1 The evaluator shall construct a certificate path, such that the certificate of the CA issuing the TOE's certificate does not contain the basicconstraints extension. The validation of the certificate path fails. Test Flow Configure the TOE to support digital certificates Configure the certificate used by the TOE such that, The certificate of the CA issuing the TOE s certificate has the ca flag in the basicconstraints extension set to undefined Verify that the TOE identifies that the signing CA certificate has the ca flag in the basicconstraints extension set to undefined Ensure the TOE rejects the certificate /Fail The TOE rejects connections when the CA used to sign a certificate does not have the basicconstraints extension. This meets the testing requirements FIA_X509_EXT.1.2 Test 2 Table 44 FIA_X509_EXT.1.2 Test 2 35

36 FIA_X509_EXT.1.2_T2 The evaluator shall construct a certificate path, such that the certificate of the CA issuing the TOE's certificate has the CA flag in the basicconstraints extension not set. The validation of the certificate path fails. Test Flow Configure the TOE to support digital certificates Configure the certificate used by the TOE such that, The certificate of the CA issuing the TOE s certificate has the ca flag in the basicconstraints extension set to FALSE Verify that the TOE identifies that the signing CA certificate has the ca flag in the basicconstraints extension set to FALSE Ensure the TOE rejects the certificate /Fail The TOE rejects certificates signed by a CA whose basicconstraints flag has been set to false. This meets the testing requirements FIA_X509_EXT.1.2 Test 3 Test Flow (generic test steps) /Fail FIA_X509_EXT.2.2 TSS 1 Table 45 FIA_X509_EXT.1.2 Test 3 FIA_X509_EXT.1.2_T3 The evaluator shall construct a certificate path, such that the certificate of the CA issuing the TOE's certificate has the CA flag in the basicconstraints extension set to TRUE. The validation of the certificate path succeeds. Configure the TOE to support digital certificates Configure the certificate used by the TOE such that, The certificate of the CA issuing the TOE s certificate is wellformed with the ca flag in the basicconstraints extension set to TRUE Ensure the TOE accepts the certificate Connection successful when basicconstraints set to True. This meets the testing requirements. The evaluator shall check the TSS to ensure that it describes how the TOE chooses which certificates to use, and any necessary instructions in the administrative guidance for configuring the operating environment so that the TOE can use the certificates. Evaluator Findings Table 46 FIA_X509_EXT.2.2 TSS 1 FIA_X509_EXT.1.1 TSS 1 The evaluator checked the TSS to ensure that it describes how the TOE chooses which certificates to use, and any necessary instructions in the administrative guidance for configuring the operating environment so that the TOE can use the certificates. 36