Post on 02-Jul-2018
C011 Certification Report
NetMATRIX TLE Version 1.0 Build number
00010003
File name: ISCB-5-RPT-C011-CR-v1a
Version: v1a Date of document: 15 March 2011 Document classification: PUBLIC
For general inquiry about us or our services, please email: mycc@cybersecurity.my
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page i
PUBLIC
C011 Certification Report
NetMATRIX TLE Version 1.0 Build number 00010003
15 March 2011
ISCB Department
CyberSecurity Malaysia
Level 8, Block A, Mines Waterfront Business Park,
No 3 Jalan Tasik, The Mines Resort City
43300 Seri Kembangan, Selangor, Malaysia
Tel: +603 8946 0999 Fax: +603 8946 0888
http://www.cybersecurity.my
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page ii
PUBLIC
Document Authorisation
DOCUMENT TITLE: C011 Certification Report - NetMATRIX TLE Version 1.0
Build number 00010003
DOCUMENT REFERENCE: ISCB-5-RPT-C011-CR-v1a
ISSUE: v1a
DATE: 15 March 2011
DISTRIBUTION: UNCONTROLLED COPY - FOR UNLIMITED USE AND
DISTRIBUTION
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page iii
PUBLIC
Copyright Statement
The copyright of this document, which may contain proprietary information, is the property
of CyberSecurity Malaysia.
The document shall be held in safe custody.
©CYBERSECURITY MALAYSIA, 2011
Registered office:
Level 8, Block A,
Mines Waterfront Business Park,
No 3 JalanTasik, The Mines Resort City,
43300 Seri Kembangan
Selangor Malaysia
Registered in Malaysia – Company Limited by Guarantee
Company No. 726630-U
Printed in Malaysia
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page iv
PUBLIC
Forward
The Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme has been
established under the 9th Malaysian Plan to increase Malaysia’s competitiveness in quality
assurance of information security based on the Common Criteria (CC) standard and to build
consumers’ confidence towards Malaysian information security products.
The MyCC Scheme is operated by CyberSecurity Malaysia and provides a model for licensed
Malaysian Security Evaluation Facilities (MySEFs) to conduct security evaluations of ICT
products, systems and protection profiles against internationally recognised standards. The
results of these evaluations are certified by the Malaysian Common Criteria Certification
Body (MyCB) Unit, a unit established within Information Security Certification Body (ISCB)
Department, CyberSecurity Malaysia.
By awarding a Common Criteria certificate, the MyCB asserts that the product complies with
the security requirements specified in the associated Security Target. A Security Target is a
requirements specification document that defines the scope of the evaluation activities. The
consumer of certified IT products should review the Security Target, in addition to this
certification report, in order to gain an understanding of any assumptions made during the
evaluation, the IT product's intended environment, its security requirements, and the level of
confidence (i.e., the evaluation assurance level) that the product satisfies the security
requirements.
This certification report is associated with the certificate of product evaluation dated 15
March 2011, and the Security Target (Ref [6]). The certification report, Certificate of product
evaluation and security target are posted on the MyCC Scheme Certified Product Register
(MyCPR) at www.cybersecurity.my/mycc.
Reproduction of this report is authorized provided the report is reproduced in its entirety.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page v
PUBLIC
Disclaimer
The Information Technology (IT) product identified in this certification report and its
associate certificate has been evaluated at an accredited and licensed evaluation facility
established under the Malaysian Common Criteria Evaluation and Certification (MyCC)
Scheme (Ref [4]) using the Common Methodology for IT Security Evaluation, version 3.1
revision 3 (Ref [3]), for conformance to the Common Criteria for IT Security Evaluation,
version 3.1 revision 3 (Ref [2]). This certification report and its associated certificate apply
only to the specific version and release of the product in its evaluated configuration. The
evaluation has been conducted in accordance with the provisions of the MyCC Scheme and
the conclusions of the evaluation facility in the evaluation technical report are consistent
with the evidence adduced. This certification report and its associated certificate is not an
endorsement of the IT product by CyberSecurity Malaysia or by any other organisation that
recognises or gives effect to this certification report and its associated certificate, and no
warranty of the IT product by CyberSecurity Malaysia or by any other organisation that
recognises or gives effect to this certificate, is either expressed or implied.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page vi
PUBLIC
Document Change Log
RELEASE DATE PAGES
AFFECTED
REMARKS/CHANGE REFERENCE
v1 4 March 2011 All Final Released.
v1a 15 March 2011 Page iv Add the date of the certificate.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page vii
PUBLIC
Executive Summary
NetMATRIX TLE (Terminal Line Encryption) v1.0 Build number 00010003 (hereafter referred
as NetMATRIX TLE) from GHL Systems Berhad is the Target of Evaluation (TOE). NetMATRIX TLE is a software solution that essentially provides a secure channel (through encryption and
message authentication (MAC)), similar to VPN or SSL, layered over an Acquirer’s existing
POS infrastructure, to the terminals.
The security functionalities within the scope of TOE evaluation are:
• Protection of confidential data elements exchanged with the terminals by encrypting
all such data sent to the terminals on behalf of the processing host, and by
decrypting any such data received from the terminals before forwarding it to the
processing host; and
• Protection of integrity and authenticity of the messages exchanged with the terminal
by protecting the whole message with a Message Authentication Code (MAC).
The key used to derivate the unique Terminal keys within the TOE, can only be inserted by
authorised personal within an access of a secure and protected environment.
The TOE consists of three major components which are the web administration subsystem,
the TLE subsystem, and database subsystem.
The scope of the evaluation is defined by the Security Target (Ref [6]), which identifies
assumptions made during the evaluation, the intended environment for NetMATRIX TLE, the
security requirements, and the evaluation assurance level at which the product is intended to
satisfy the security requirements. Consumers are advised to verify that their operating
environment is consistent with that specified in the security target, and to give due
consideration to the comments, observations and recommendations in this certification
report.
This report describes the findings of the IT security evaluation of NetMATRIX TLE, to the
Common Criteria (CC) evaluation assurance level of EAL 2 and that the evaluation was
conducted in accordance with relevant criteria and the requirements of the Malaysia’s
Common Criteria Certification (MyCC) Scheme. The evaluation was performed by
CyberSecurity Malaysia Security Evaluation Facilities (MySEF). The evaluation was completed
on 28 January 2011.
Malaysian Common Criteria Certification Body (MyCB), as the MyCC Scheme Certification
Body, declares that the NetMATRIX TLE evaluation meets all the conditions of the
Arrangement on the Recognition of Common Criteria Certificates and that the product will
be listed on the MyCC Scheme Certified Products Register (MyCPR) at
www.cybersecurity.my/mycc.
It is the responsibility of the user to ensure that the NetMATRIX TLE meets their requirement
and security needs. It is recommended that prospective users of the NetMATRIX TLE refer to
the ST (Ref [6]), and read this Certification Report prior to deciding whether to purchase and
deploy the product.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page viii
PUBLIC
Table of Contents
1 Target of Evaluation ........................................................................... 1
1.1 TOE Description ............................................................................................... 1
1.2 TOE Identification ............................................................................................ 1
1.3 Security Policy .................................................................................................. 2
1.4 TOE Architecture ............................................................................................. 2
1.5 Clarification of Scope ...................................................................................... 5
1.6 Assumptions .................................................................................................... 6
1.7 Evaluated Configuration ................................................................................. 6
1.8 Delivery Procedures ........................................................................................ 7
1.9 Documentation ................................................................................................ 7
2 Evaluation ............................................................................................ 8
2.1 Evaluation Analysis Activities ........................................................................ 8
2.1.1 Life-cycle support ........................................................................................... 8
2.1.2 Development .................................................................................................... 8
2.1.3 Guidance documents ...................................................................................... 8
2.1.4 IT Product Testing ........................................................................................... 9
3 Results of the Evaluation ................................................................. 12
3.1 Assurance Level Information ....................................................................... 12
3.2 Recommendation ........................................................................................... 12
Annex A References ....................................................................................... 13
A.1 References ...................................................................................................... 13
A.2 Terminology ................................................................................................... 13
A.2.1 Acronyms ........................................................................................................ 13
A.2.2 Glossary of Terms ......................................................................................... 14
Index of Tables
Table 1: TOE Identification .................................................................................................................. 1
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page ix
PUBLIC
Table 2: Independent Functional Testing ......................................................................................... 9
Table 3: List of Acronyms .................................................................................................................. 13
Table 4: Glossary of Terms ............................................................................................................... 14
Index of Figures
Figure 1: Subsystem of the TOE ......................................................................................................... 3
Figure 2: Physical boundary of the TOE ............................................................................................ 4
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 1
PUBLIC
1 Target of Evaluation
1.1 TOE Description
1 The Target of Evaluation (TOE), NetMATRIX TLE (Multi-Application Transaction
Routing and Identification eXchange – Terminal Line Encryption) v1.0 Build number
00010003 (hereafter referred as NetMATRIX TLE) is a software solution to the line
tapping fraud problems that are plaguing the card acquirer. NetMATRIX TLE
essentially provides a secure channel (through encryption and message
authentication (MAC)), similar to VPN or SSL, layered over an Acquirer’s existing POS
infrastructure, to the terminals.
2 NetMATRIX TLE is a software solution that once installed and configured operates
akin to a VPN-server. It will co-operate with the terminals to ensure that all sensitive
information exchanged with the terminals is encrypted and that the whole messages
are protected against changes and impersonation.
3 Administration and configuration of NetMATRIX TLE is performed via a web-based
management interface, using web browser on a PC.
1.2 TOE Identification
4 The details of the TOE are identified in Table 1 below.
Table 1: TOE Identification
Scheme Malaysian Common Criteria Evaluation and Certification
(MyCC) Scheme
Project Identifier C011
TOE Name NetMATRIX TLE
TOE Version v1.0 Build number 00010003
Security Target Title Security Target for NetMATRIX TLE
Security Target Version v1.0 public
Security Target Date 25 January 2011
Assurance Level Evaluation Assurance Level 2 (EAL2)
Criteria Common Criteria July 2009, Version 3.1, Revision 3
Methodology Common Methodology for Information Technology Security Evaluation, July 2009, Version 3.1 Revision 3
Protection Profile
Conformance None
Common Criteria
Conformance
CC Part 2 Conformant
CC Part 3 Conformant
Package conformant to EAL2
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 2
PUBLIC
Sponsor and Developer
GHL Systems Berhad
L5-E-7B, Enterprise 4, Technology Park Malaysia, Bukit
Jalil, 57000 Kuala Lumpur, Malaysia.
Evaluation Facility CyberSecurity Malaysia MySEF
1.3 Security Policy
5 NetMATRIX TLE implements security policy listed below:
a) Access control policy (web) - login and logout to the web administration
subsystem by trusted administrators, manual terminal key and MAC key
import and management.
b) Information flow control policy (ISO8586) – data communicated to and from
the TOE are protected during communication by enforcement of the
encryption and MAC mechanisms in the TOE.
6 The details of the access control and information flow control security policy are
described in Section 8 of the Security Target (Ref [6]).
7 The NetMATRIX TLE administrator is able to configure the policy rules as per stated
above through the web administration subsystem (administration interface) of the
web-based management interface.
1.4 TOE Architecture
8 NetMATRIX TLE Security Target defines clearly both logical and physical boundaries.
9 Figure 1 illustrates in the architecture of the TOE logical boundary of NetMATRIX TLE
in terms of subsystem and interfaces. The TOE’s main functionality for encryption
and message authentication hashing are done in the Terminal Line Encryption (TLE)
subsystem.
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
Figure
10 The TOE consists of three subsystems: the web administration subsystem, the TLE
subsystem and the database subsystem
a) Terminal Line Encryption (TLE) subsystem
terminals it sends/receives over the ISO8583 interface, encrypts/decrypts all
sensitive data and MAC generates/verifies the entire message. The TLE
subsystem forwards only the correctly decrypted and MAC verified messages
from the terminals to the processing host, and ensures that all messages
from the processing host to the terminals are properly encrypted and MACed.
The TLE subsystem also implements the proxy terminal
administration interface inside the enc
remote key injection functionality
b) Web administration subsystem
administration interface of the TOE. It allows the administrators to perform all
the management tasks, in particular the management of the MAC/encryption
keys. Access to this interface is primarily restricted to the administrators by
the environment. Although there is an access control mechanism in place for
administrator login,
the scope of evaluation.
c) Database subsystem
the web administration subsystem
stored in the TLE subsystem itself. Thi
remotely.
PUBLIC
FINAL
NetMATRIX TLE Version ISCB-5-RPT-C011
PUBLIC
Figure 1: Subsystem of the TOE
The TOE consists of three subsystems: the web administration subsystem, the TLE
subsystem and the database subsystem:
Terminal Line Encryption (TLE) subsystem - for all communication with the
terminals it sends/receives over the ISO8583 interface, encrypts/decrypts all
sensitive data and MAC generates/verifies the entire message. The TLE
subsystem forwards only the correctly decrypted and MAC verified messages
from the terminals to the processing host, and ensures that all messages
from the processing host to the terminals are properly encrypted and MACed.
The TLE subsystem also implements the proxy terminal
administration interface inside the encryption+MAC tunnel, used by the
remote key injection functionality but this is out of the evaluation
Web administration subsystem - provides the human
administration interface of the TOE. It allows the administrators to perform all
ment tasks, in particular the management of the MAC/encryption
keys. Access to this interface is primarily restricted to the administrators by
the environment. Although there is an access control mechanism in place for
administrator login, privilege and password configuration but this is out of
the scope of evaluation.
Database subsystem - is the central location where the TLE subsystem and
he web administration subsystem store and retrieve persistent data not
stored in the TLE subsystem itself. This subsystem cannot be accessed
C011-CR-v1a
Page 3
The TOE consists of three subsystems: the web administration subsystem, the TLE
for all communication with the
terminals it sends/receives over the ISO8583 interface, encrypts/decrypts all
sensitive data and MAC generates/verifies the entire message. The TLE
subsystem forwards only the correctly decrypted and MAC verified messages
from the terminals to the processing host, and ensures that all messages
from the processing host to the terminals are properly encrypted and MACed.
The TLE subsystem also implements the proxy terminal-accessible
ion+MAC tunnel, used by the
evaluation scope.
provides the human-accessible
administration interface of the TOE. It allows the administrators to perform all
ment tasks, in particular the management of the MAC/encryption
keys. Access to this interface is primarily restricted to the administrators by
the environment. Although there is an access control mechanism in place for
and password configuration but this is out of
is the central location where the TLE subsystem and
store and retrieve persistent data not
cannot be accessed
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
Figure
11 NetMATRIX TLE is delivered
with its guidance document
a) Hardware and firmware: None (underlying hardware to be provided by
environment)
b) Software: NetMAT
provided by the environment)
c) Guidance for TOE user (manuals for the
with the TOE):
i) NetMATRIX TLE
ii) NetMATRIX TLE
iii) NetMATRIX TLE
d) Guidance for the terminal developer (design documentation for terminal
software developers, provided under NDA only):
i) NetMATRIX TLE
12 NetMATRIX TLE is a software type TOE and it is not able to run stand
requires the environment to support its o
a) Microsoft Windows Server 2003 Service Pack 2, standard edition, including IIS
(hardening is required)
b) MSDE or Microsoft SQL Server Express Edition 2005
PUBLIC
FINAL
NetMATRIX TLE Version ISCB-5-RPT-C011
PUBLIC
Figure 2: Physical boundary of the TOE
delivered to the customer in a form of an installation CD together
with its guidance document that consists of the item listed below:
Hardware and firmware: None (underlying hardware to be provided by
NetMATRIX TLE provided as installation CD (underlying OS to be
provided by the environment)
Guidance for TOE user (manuals for the NetMATRIX TLE, delivered together
NetMATRIX TLE Operations Manual, version 1.00
NetMATRIX TLE Installation Guide Version 1.01
NetMATRIX TLE Administration User Manual, version 1.20
Guidance for the terminal developer (design documentation for terminal
software developers, provided under NDA only):
NetMATRIX TLE Terminal Functional Specification, version 1.60
is a software type TOE and it is not able to run stand
requires the environment to support its operation. The environment provide:
Microsoft Windows Server 2003 Service Pack 2, standard edition, including IIS
(hardening is required)
MSDE or Microsoft SQL Server Express Edition 2005
C011-CR-v1a
Page 4
to the customer in a form of an installation CD together
Hardware and firmware: None (underlying hardware to be provided by
provided as installation CD (underlying OS to be
, delivered together
Administration User Manual, version 1.20
Guidance for the terminal developer (design documentation for terminal
Terminal Functional Specification, version 1.60
is a software type TOE and it is not able to run stand-alone. It
peration. The environment provide:
Microsoft Windows Server 2003 Service Pack 2, standard edition, including IIS
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 5
PUBLIC
c) Server hardware to run said OS and the TOE has been tested on:
i) Intel x86 compatible CPU, Pentium 4 2.18Ghz.
ii) 1.5GB RAM.
iii) 160GB Disk.
d) Power and TCP/IP network connectivity
e) Physical and logical protection against attacks
1.5 Clarification of Scope
13 This section clarifies the evaluation boundary as per claim stated in the Security
Target (Ref [6]) and the following evaluated security functions:
a) Line encryption – the TOE protects the confidential data elements exchanged
with the terminals by encrypting all such data sent to the terminals on behalf
of the processing host, and by decrypting any such data received from the
terminals before forwarding it to the processing host. The key used for
encryption will be unique per terminal. The following cryptographic
algorithms are supported:
i) Tiny Encryption Algorithm (TEA)
ii) Data Encryption Standard (1DES)
iii) Triple-DES (3DES)
iv) Advanced Encryption Standard (AES)
b) Message MACing (Message authentication code) – the TOE protect the
integrity and authenticity of the messages exchanged with the terminal by
protecting the whole message with a Message Authentication Code (MAC). All
messages sent to the terminal on behalf of the processing host must contain
a valid MAC for that terminal. For all messages received from the terminals,
the MAC must be checked and only if the MAC is valid for that terminal must
the TOE forward the message to the processing host. The following MACing
algorithms are supported:
i) X9.9 using TEA/DES/3DES/AES
ii) X9.19 using 3DES (also known as RMAC)
iii) SHA-1 + X9.9 as above
iv) SHA-1 + X9.19 as above
14 Listed below are the limits of evaluation scope on security functionality of the
NetMATRIX TLE as described in section 2.2.2 of the Security Target (Ref [6]):
a) NetMATRIX TLE can perform aggregation and limited routing of transactions.
This is not evaluated functionality. It does not impact the encryption/MAC
mechanisms.
b) NetMATRIX TLE can perform remote key injection, a mechanism designed to
facilitate easy deployment of keys with terminals in the field. This mechanism
is a possible method for generating the unique terminal keys (by derivation
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 6
PUBLIC
from the applicable Base Derivation Key), distributing them and inserting
them in a way fulfilling the terminal personalization requirements, but
explicitly not part of the evaluation. This mechanism uses the trusted path
provided by the TOE under the SFR “Error! Reference source not found.” for utual authentication and confidentiality. Alternatively administrator can
generate the unique terminal keys with a stand-alone application and
distribute it following the terminal personalization requirements. This is also
outside the scope of evaluation.
c) NetMATRIX TLE allows administrator to perform practical management tasks
other then the key import, such as starting/stopping/restarting subsystems
for maintenance, administration of the proxy-terminals used for the remote
key injection and logging for fault seeking. All these tasks are not evaluated
functionality. Note that these tasks require administrator access, which is
protected by the environment.
15 In terms of packaging, the product can be installed on behalf of the customer or
even delivered pre-installed on a hardware appliance, following the preparative
guidance. As such it can be installed on a platform (hardware+software) that allows
connections such as X.25, and these are translated to the TCP/IP-transmission layer
as expected. This is consistent with the TOE in its evaluated configuration.
1.6 Assumptions
16 This section summarises the security aspects of the environment or configuration in
which the IT product is intended to operate. Consumers should understand their own
IT environments and what is required for secure operation of the NetMATRIX TLE as
defined in subsequent sections and in the Security Target. Customer can make
informed decisions about the risks associated with using the NetMATRIX TLE by
considering assumptions about usage and environment settings as requirements for
the product’s installation and its operating environment, to ensure its proper and
secure operation.
17 However, there is no assumption declared in the Security Target since the specific
item needs by the TOE was explained in section of Security Objective for Operational
Environment.
1.7 Evaluated Configuration
18 This section describes the configurations of the TOE that are included within the
scope of the evaluation. The assurance gained via evaluation applies specifically to
the TOE in the defined evaluated configuration according to the secure installation
procedure (Ref 23).
19 The TOE is delivered in CD as an application by the developer’s authorized
personnel. The developer’s authorized personnel is responsible to make changes to
the configuration based on the secure installation procedure (Ref 23) as following:
a) Installation of NetMATRIX TLE Web Administration component.
b) Installation of NetMATRIX TLE Service component.
c) Initialize the database for NetMATRIX TLE usage.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 7
PUBLIC
1.8 Delivery Procedures
20 NetMATRIX TLE is delivered to the customers in a form of an installation CD together
with its guidance document using the procedure described in the Common Criteria
Addendum for NetMATRIX TLE (Ref [8]). This is to ensure that NetMATRIX TLE is
securely transferred from the development environment to the customer. The
delivery procedures are outlined below:
a) The developer is responsible to deliver the version of NetMATRIX TLE as
described in the ST to the customer.
b) Typically NetMATRIX TLE is hand-delivered by the developer to ensure it is
protected against tampering and impersonation, and the developer will
assists in the installation of NetMATRIX TLE. However, other trusted
arrangements can also be made.
c) It is the responsibility of the customer to verify that they have received the
correct items listed in the Security Target and this Certification Report (the
product plus the documentation) from the developer. Customers are advice to
contact the developer immediately for further instructions and not to use the
product in security sensitive situations if they found that they have received
the incorrect or tampered items.
1.9 Documentation
21 It is important that the NetMATRIX TLE is used in accordance with guidance
documentation in order to ensure secure usage of the product.
22 The following documentation is provided by the developer to the end user as
guidance to ensure secure usage and operation of the product:
a) NetMATRIX Administration User Manual v1.20, 16 Oct 2005
b) NetMATRIX TLE Operations Manual v1.00, 10 May 2007.
23 The following guidance documentation is provided by the developer for secure
installation of the product:
a) NetMATRIX TLE Installation Guide v1.01, 29 June 2010
b) Common Criteria Addendum for NetMATRIX TLE v0. 11, 24 Aug 2010
24 The following public documentation is available for secure acceptance of the
product:
a) Common Criteria Addendum for NetMATRIX TLE v0. 11, 24 Aug 2010
b) Security Target for the NetMATRIX TLE Version 1.0 Build number 00010003,
11 Nov 2010
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 8
PUBLIC
2 Evaluation
25 The evaluation was conducted in accordance with the requirements of the Common
Criteria, Version 3.1 Revision 3 (Ref [2]) and the Common Methodology for IT
Security Evaluation (CEM), Version 3.1 Revision 3 (Ref [3]). The evaluation was
conducted at Evaluation Assurance Level 2 (EAL2). The evaluation was performed
conformant to the MyCC Scheme Policy (MyCC_P1) (Ref [4]) and MyCC Scheme
Evaluation Facility Manual (MyCC_P3) (Ref [5]).
2.1 Evaluation Analysis Activities
26 The evaluation activities involved a structured evaluation of NetMATRIX TLE,
including the following components:
2.1.1 Life-cycle support
27 An analysis of the NetMATRIX TLE configuration management system and associated
documentation was performed. The evaluators found that the NetMATRIX TLE
configuration items were clearly and uniquely labelled, and that the access control
measures as described in the configuration management documentation are effective
in preventing unauthorized access to the configuration items. The developer’s
configuration management system was evaluated, and it was found to be consistent
with the provided evidence.
28 The evaluators examined the delivery documentation and determined that it
described all of the procedures required to maintain the integrity of NetMATRIX TLE
during distribution to the consumer.
2.1.2 Development
29 The evaluators analysed the NetMATRIX TLE functional specification; they determined
that the design completely and accurately describes the TOE security functionality
(TSF) interfaces (TSFIs), and how the TSF implements the security functional
requirements (SFRs).
30 The evaluators examined the NetMATRIX TLE specification; they determined that the
structure of the entire TOE is described in terms of subsystems. They also
determined that, it provides a complete, accurate, and high-level description of the
SFR-enforcing behaviour of the SFR-enforcing subsystems.
31 The evaluators examined the NetMATRIX TLE security architecture description; they
determined that the information provided in the evidence is presented at a level of
detail commensurate with the descriptions of the SFR-enforcing abstractions
contained in the functional specification and TOE design.
2.1.3 Guidance documents
32 The evaluators examined the NetMATRIX TLE preparative user guidance and
operational user guidance, and determined that it’s sufficiently and unambiguously
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 9
PUBLIC
described how to securely transform the TOE into its evaluated configuration, and
how to use and administer the product in order to fulfil the security objectives for
the operational environment. The evaluators examined and tested the preparative
and operational guidance, and determined that they were complete and sufficiently
detailed to result in a secure configuration.
2.1.4 IT Product Testing
33 Testing at EAL2 consists of assessing developer tests, independent function test, and
performing penetration tests. NetMATRIX TLE testing was conducted by
CyberSecurity Malaysia MySEF at CyberSecurity Malaysia MySEF Lab in Seri
Kembangan Selangor where it was subjected to an independent functional and
penetration tests. The detailed testing activities, including configurations,
procedures, test cases, expected results and actual results are documented in a
separate Test Plan Reports.
2.1.4.1 Assessment of Developer Tests
34 The evaluators verified that the developer has met their testing responsibilities by
examining their test plans, and reviewing their test results, as documented in the
Evaluation Technical Report (Ref [7]) (not a public document because it contains
information proprietary to the developer and/or the evaluator).
35 The evaluators analysed the developer’s test coverage and found them to be
complete and accurate. The correspondence between the tests identified in the
developer’s test documentation and the interfaces in the functional specification,
TOE design and security architecture description was complete.
2.1.4.2 Independent Functional Testing
36 Independent functional testing is the evaluation conducted by evaluator based on the
information gathered by examining design and guidance documentation, examining
developer’s test documentation, executing a sample of the developer’s test plan, and
creating test cases that augmented the developer tests.
37 The results of the independent test developed and performed by the evaluators to
verify the TOE functionality as follows:
Table 2: Independent Functional Testing
DESCRIPTION SECURITY
FUNCTION
TSFI STATUS
The test is developed to see
whether the sensitive fields in
message from TOE to terminal
are really encrypted.
Cryptographic
(Encryption)
ISO8583 TSFI Passed
The tests are developed to
ensure the TOE performs correct
encryption and MACing
operations for all the supported
Cryptographic
(Encryption)
Cryptographic (MAC)
ISO8583 TSFI
Passed
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 10
PUBLIC
DESCRIPTION SECURITY
FUNCTION
TSFI STATUS
algorithms.
The tests are developed to
simulate multiple terminals of
transaction to a single host and
verify it is working properly.
Cryptographic
(Encryption)
Cryptographic (MAC)
ISO8583 TSFI
Passed
38 All tests performed by the evaluators produced the expected results and as such the
TOE behaved as expected.
2.1.4.3 Penetration Testing
39 The evaluators performed a vulnerability analysis of the TOE in order to identify
potential vulnerabilities in the TOE. This vulnerability analysis considered public
domain sources and an analysis of guidance documentation, and functional
specification.
40 From the vulnerability analysis, the evaluators conducted penetration testing to
determine that the TOE is resistant to attacks performed by an attacker possessing
Basic attack potential. The following factors have been taken into consideration
during the penetration tests:
a) Time taken to identify and exploit (elapsed time);
b) Specialist technical expertise required (specialist expertise);
c) Knowledge of the TOE design and operation (knowledge of the TOE);
d) Window of opportunity; and
e) IT hardware/software or other equipment required for exploitation.
41 The penetration tests focused on :
a) Generic vulnerabilities;
b) Web based penetration testing;
c) Tampering
42 The results of the penetration testing note that a number of additional vulnerabilities
exist that are dependent on an attacker effort, time, skill/knowledge, and focused
tools/exploits use to gather the TOE configuration information. Therefore, it is
important to ensure that the TOE is use only in its evaluated configuration and in
secure environment. It is important that the Administrator of the TOE to be trained
and trusted.
2.1.4.4 Testing Results
43 Tests conducted for the NetMATRIX TLE produced the expected results and
demonstrated that the product behaved as specified in its Security Target and
functional specification.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 11
PUBLIC
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 12
PUBLIC
3 Results of the Evaluation
44 After due consideration during the oversight of the evaluation execution by the
certifiers and of the Evaluation Technical Report (Ref [7]), the Malaysian Common
Criteria Certification Body certifies the evaluation of NetMATRIX TLE performed by
CyberSecurity Malaysia MySEF.
45 CyberSecurity Malaysia MySEF found that NetMATRIX TLE upholds the claims made in
the Security Target (Ref [6]) and supporting documentation, and has met the
requirements of the Common Criteria (CC) assurance level EAL2.
46 Certification is not a guarantee that a TOE is completely free of exploitable
vulnerabilities. There will remain a small level of risk that exploitable vulnerabilities
undiscovered in its claimed security functionality. This risk is reduced as the certified
level of assurance increases for the TOE.
3.1 Assurance Level Information
47 EAL2 provides a basic level of assurance by a limited Security Target and an analysis
of the security functions in that Security Target, using a design document,
architectural document, functional and interface specification and guidance
documentation, to understand the security behaviour.
48 The analysis is supported by a search for potential vulnerabilities in the public
domain, developer’s test cases and independent testing (functional and penetration)
of the TOE security functions.
49 EAL2 also provides assurance through unique identification of the TOE and
implementation of a configuration management system so that there is no ambiguity
in terms of which instance of the TOE is being evaluated.
3.2 Recommendation
50 In addition to ensure secure usage of the product, below are additional
recommendations for NetMATRIX TLE:
a) Ensure strict adherence to the acceptance checklist as mentioned in the Common Criteria Addendum for NetMATRIX TLE (Ref [8]).
b) Use it only in its evaluated configuration.
c) HTTPS is recommended to be deployed to ensure that the communication via web administration subsystem is secured.
d) Implement strong cryptographic algorithm with long key size.
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 13
PUBLIC
Annex A References
A.1 References
[1] Arrangement on the recognition of Common Criteria Certificates in the field of
Information Technology Security, May 2000.
[2] The Common Criteria for Information Technology Security Evaluation, Version 3.1,
Revision 3, July 2009.
[3] The Common Evaluation Methodology for Information Technology Security
Evaluation, Version 3.1, Revision 3, July 2009.
[4] MyCC Scheme Policy (MyCC_P1), v1a, CyberSecurity Malaysia, December 2009.
[5] MyCC Scheme Evaluation Facility Manual (MyCC_P3), v1, December 2009.
[6] Security Target for the NetMATRIX TLE Version 1.0 Build number 00010003, version
1.0 public, 25 January 2011.
[7] Evaluation Technical Report NetMATRIX TLE Version 1.0 Build number 00010003,
version 1.2, 28 January 2011.
[8] Common Criteria Addendum for NetMATRIX TLE v0.11, 24 August 2010.
[9] NetMATRIX TLE Terminal Functional Specification (SFE) v1.60, 10 March 2010.
[10] NetMATRIX TLE Installation Guide v1.01, 29 June 2010.
[11] NetMATRIX TLE Administration User Manual v1.20, 16 Oct 2005
[12] NetMATRIX TLE Operations Manual v1.00, 10 May 2007.
A.2 Terminology
A.2.1 Acronyms
Table 3: List of Acronyms
Acronym Expanded Term
CB Certification Body
CC Common Criteria (ISO/IEC15408)
CEM Common Evaluation Methodology (ISO/IEC 18045)
CCRA Common Criteria Recognition Arrangement
IEC International Electrotechnical Commission
ISO International Organisation for Standardization
ISCB Information Security Certification Body
MAC Message Authentication Code
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 14
PUBLIC
Acronym Expanded Term
MyCB Malaysian Common Criteria Certification Body
MyCC Malaysian Common Criteria Evaluation and Certification
Scheme
MyCPR MyCC Scheme Certified Products Register
MySEF Malaysian Security Evaluation Facility
NDA None Disclosure Agreement
POS Point of sale
PP Protection Profile
ST Security Target
TLE Terminal Line Encryption
TOE Target of Evaluation
A.2.2 Glossary of Terms
Table 4: Glossary of Terms
Term Definition and Source
CC International
Interpretation
An interpretation of the CC or CEM issued by the CCMB that
is applicable to all CCRA participants.
Certificate The official representation from the CB of the certification of
a specific version of a product to the Common Criteria.
Certification Body An organisation responsible for carrying out certification and
for overseeing the day-today operation of an Evaluation and
Certification Scheme. Source CCRA
Consumer The organisation that uses the certified product within their
infrastructure.
Developer The organisation that develops the product submitted for CC
evaluation and certification.
Evaluation The assessment of an IT product, IT system, or any other
valid target as defined by the scheme, proposed by an
applicant against the standards covered by the scope defined
in its application against the certification criteria specified in
the rules of the scheme. Source CCRA and MS ISO/IEC Guide
65
PUBLIC
FINAL
C011 Certification Report - NetMATRIX TLE Version
1.0 Build number 00010003
ISCB-5-RPT-C011-CR-v1a
Page 15
PUBLIC
Term Definition and Source
Evaluation and Certification
Scheme
The systematic organisation of the functions of evaluation
and certification under the authority of a certification body
in order to ensure that high standards of competence and
impartiality are maintained and that consistency is achieved.
Source CCRA.
Interpretation Expert technical judgement, when required, regarding the
meaning or method of application of any technical aspect of
the criteria or the methodology. An interpretation may be
either a national interpretation or a CC international
interpretation.
Certifier The certifier responsible for managing a specific certification
task.
Evaluator The evaluator responsible for managing the technical aspects
of a specific evaluation task.
Maintenance Certificate The update of a Common Criteria certificate to reflect a
specific version of a product that has been maintained under
the MyCC Scheme.
National Interpretation An interpretation of the CC, CEM or MyCC Scheme rules that
is applicable within the MyCC Scheme only.
Security Evaluation Facility An organisation (or business unit of an organisation) that
conducts ICT security evaluation of products and systems
using the CC and CEM in accordance with Evaluation and
Certification Scheme policy
Sponsor The organisation that submits a product for evaluation and
certification under the MyCC Scheme. The sponsor may also
be the developer.
--- END OF DOCUMENT ---