Certification Report - Common Criteriacommoncriteriaportal.org/files/epfiles/HSM Flow Control... ·...
Transcript of Certification Report - Common Criteriacommoncriteriaportal.org/files/epfiles/HSM Flow Control... ·...
Certification Report
EAL 4+ (ALC_DVS.2)
Evaluation of
TÜBİTAK BİLGEM UEKAE
UEKAE Dirak Serisi HSM (HARDWARE SECURITY
MODULE) Flow Control Firmware V2.13
issued by
Turkish Standards Institution
Common Criteria Certification Scheme
3
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 3 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
TABLE OF CONTENTS
Table of contents ................................................................................................................................. 3 Document Information ....................................................................................................................... 4 Document Change Log ....................................................................................................................... 4 DISCLAIMER ..................................................................................................................................... 4 FOREWORD ....................................................................................................................................... 5 RECOGNITION OF THE CERTIFICATE ...................................................................................... 6 1 EXECUTIVE SUMMARY .............................................................................................................. 7 2 CERTIFICATION RESULTS ....................................................................................................... 11 2.1 Identification of Target of Evaluation ..................................................................................... 11 2.2 Security Policy ............................................................................................................................. 11 2.3 Assumptions and Clarification of Scope .................................................................................... 12 2.4 Architectural Information .......................................................................................................... 13 2.5 Documentation ............................................................................................................................ 14 2.6 IT Product Testing ...................................................................................................................... 14 2.7 Evaluated Configuration ............................................................................................................ 15 2.8 Results of the Evaluation ............................................................................................................ 15 2.9 Evaluator Comments / Recommendations ................................................................................. 15 3 SECURITY TARGET .................................................................................................................... 16 4 GLOSSARY .................................................................................................................................... 16 5 BIBLIOGRAPHY ........................................................................................................................... 16 6 ANNEXES ...................................................................................................................................... 17
4
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 4 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
Document Information
Date of Issue 15.03.2013
Version of Report 1.00
Author Kerem KEMANECİ
Technical Responsible Mustafa YILMAZ
Approved Mariye Umay AKKAYA
Date Approved 15.03.2013
Certification Number 14.10.06/13-007
Sponsor and Developer TÜBİTAK BİLGEM UEKAE
Evaluation Lab TÜBİTAK BİLGEM OKTEM
TOE Name UEKAE Dirak Serisi HSM (HARDWARE SECURITY
MODULE) Flow Control Firmware V2.13
Pages 17
Document Change Log
Release Date Pages Affected Remarks/Change Reference
V0.1 05.03.2013 All Initial
V1.0 15.03.2013 All Final Release
DISCLAIMER
This certification report and the IT product defined in the associated Common Criteria document
has been evaluated at an accredited and licensed evaluation facility conformance to Common
Criteria for IT Security Evaluation, version 3.1,revision 3, using Common Methodology for IT
Products Evaluation, version 3.1, revision3 This certification report and the associated Common
Criteria document apply only to the identified version and release of the product in its evaluated
configuration. Evaluation has been conducted in accordance with the provisions of the CCCS, and
the conclusions of the evaluation facility in the evaluation report are consistent with the evidence
adduced. This report and its associated Common Criteria document are not an endorsement of the
product by the Turkish Standardization Institution, or any other organization that recognizes or
gives effect to this report and its associated Common Criteria document, and no warranty is given
for the product by the Turkish Standardization Institution, or any other organization that recognizes
or gives effect to this report and its associated Common Criteria document.
5
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 5 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
FOREWORD
The Certification Report is drawn up to submit the Certification Committee the results and
evaluation information upon the completion of a Common Criteria evaluation service performed
under the Common Criteria Certification Scheme. Certification Report covers all non-confidential
security and technical information related with a Common Criteria evaluation which is made under
the PCC Common Criteria Certification Scheme. This report is issued publicly to and made
available to all relevant parties for reference and use.
The Common Criteria Certification Scheme (CCSS) provides an evaluation and certification service
to ensure the reliability of Information Security (IS) products. Evaluation and tests are conducted
by a public or commercial Common Criteria Evaluation Facility (CCTL) under CCCS’ supervision.
CCEF is a facility, licensed as a result of inspections carried out by CCCS for performing tests and
evaluations which will be the basis for Common Criteria certification. As a prerequisite for such
certification, the CCEF has to fulfill the requirements of the standard ISO/IEC 17025 and should be
accredited by accreditation bodies. The evaluation and tests related with the concerned product
have been performed by TÜBİTAK BİLGEM OKTEM, which is a public/commercial CCTL.
A Common Criteria Certificate given to a product means that such product meets the security
requirements defined in its security target document that has been approved by the CCCS. The
Security Target document is where requirements defining the scope of evaluation and test activities
are set forth. Along with this certification report, the user of the IT product should also review the
security target document in order to understand any assumptions made in the course of evaluations,
the environment where the IT product will run, security requirements of the IT product and the level
of assurance provided by the product.
This certification report is associated with the Common Criteria Certificate issued by the CCCS for
UEKAE Dirak Serisi HSM (HARDWARE SECURITY MODULE) Flow Control Firmware (product
version: V2.13 ) whose evaluation was completed on 31/12/2012 and whose evaluation technical
report was drawn up by TÜBİTAK BİLGEM OKTEM (as CCTL), and with the Security Target
document with version no Rev 05 of the relevant product.
The certification report, certificate of product evaluation and security target document are posted
on the PCC Certified Products List at bilisim.tse.org.tr portal and the Common Criteria Portal (the
official web site of the Common Criteria Project).
6
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 6 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
RECOGNITION OF THE CERTIFICATE
The Common Criteria Recognition Arrangement logo is printed on the certificate to indicate that
this certificate is issued in accordance with the provisions of the CCRA.
The CCRA has been signed by the Turkey in 2003 and provides mutual recognition of certificates
based on the CC evaluation assurance levels up to and including EAL4. The current list of
signatory nations and approved certification schemes can be found on:
http://www.commoncriteriaportal.org.
7
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 7 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
1 - EXECUTIVE SUMMARY
Evaluated IT product name: UEKAE Dirak Serisi HSM (HARDWARE SECURITY
MODULE) Flow Control Firmware V2.13
Developer’s Name: TÜBİTAK BİLGEM UEKAE
Name of CCTL: TÜBİTAK OKTEM
Assurance Package: EAL 4+ (ALC_DVS.2)
Completion Date of Evaluation: 31.12.2012
UEKAE Dirak Serisi HSM device is a PCI-e module that provides physical and logical
protection for the cryptographic keys and confidential data of critical applications. It enhances
security for industry standard computing platforms and provides cryptographic hardware
acceleration. The HSM protects cryptographic keys and data from environmental threats, thanks to
its protected, tamper-resistant hardware design. In case of intrusion attempt the system detects this
event and clears all confidential keys and data.
TOE is a data flow control firmware on UEKAE Dirak Serisi HSM device. This firmware is
composed of several applications working on an embedded operating system. This operating system
is running on a processor located on UEKAE Dirak Serisi HSM device.
TOE supports the following functionalities;
Digital signature, data encryption and digital rights management using the following
cryptographic algorithms;
RSA Public key standard with up to 2048 bit key length,
Symmetric key encryption AES, DES,
HASH Functions SHA-1, SHA-256.
Storage of confidential keys and data on a high capacity (32 Mbit) temper-resistant memory,
Robust key generation, using a hardware random number generator (RNG) following FIPS
140-2, according to FIPS 186-2 specifications,
Secure backup, restore and transfer of keys and data,
Emergency erase,
Secured software update.
Among the above mentioned cryptographic functions, Diffie-Hellman, DSA, AES, DES,
SHA-1, SHA-256 cryptographic operations are performed using Open SSL library functions which
are not parts of the TOE. Moreover, RSA cryptographic operations are performed on the FPGA, on
the HSM card. This RSA implementation and the hardware RNG are also not included in the TOE.
UEKAE Dirak Serisi HSM device can be used on Server or PC. TOE provide hardware
protection to critical applications such as public key infrastructures (PKIs), databases, web and
application servers. Due to HSM device hardware acceleration, customers take advantage of
performance increases for cryptographic operations, such as RSA signatures
8
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 8 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
1.1 TOE major security features for operational use
1.1.1.Identification and Authentication:
The TOE provides its own identification and authentication mechanism. In order to use HSM
a login account, including a login name and password, must be created using a preassigned smart
card. To login to the TOE using the GUI, the user provides login name, password and assigned user
smart card at the prompt.
The TOE compares typed user name and password, and verifies inserted smart cards
certificate to that stored in the HSM database. If either the login name or password is incorrect, or
inserted smart card unverified the login request will fail and no functions will be made available.
1.1.2.Security Management:
The UEKAE Dirak Serisi HSM product provides GUI interface to manage TOE called “HSM
Yönetim”. This GUI is a full-functioned interface from which a user with appropriate permission
can completely administer the TOE.
User permission is a system authorization which enables a user to use HSM management
functions. A user role is a collection of user permissions that may be assigned to a user. The TOE
includes two user roles; Administrator and User.
The TOE provides administrators to use all management functions;
Emergency erase,
Do initialization,
Create Admin/User/Backup Card,
Delete Admin/User,
Backup/Restore Database,
Login/Logout,
Update Software,
Get User List,
Get Storage Information etc.
1.1.3.Key Management:
The TOE provides the following key management functions;
Generate Key,
Delete Key,
Export/Import HSM Database.
FIPS-validated cryptographic operations are used in these functions, ensuring the keys remain
protected at all times. The TOE provides RSA2048 key pair production which includes public-
private key couples due to FIPS 186-3. This production process performed by TOE using primes
that generated by FPGA based prime generator. Keys are archived in a database that located on
tamper resistant memory.
9
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 9 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
1.1.4.Isolation:
The TOE ensures that only legitimate information flows of user data occur, i.e. the user data
can only be stored on the tamper resistant memories of the TOE and isolates the user data from host
PC and in case of any intrusion from embedded linux file system.
1.1.5.Protection of the TOE:
The TOE implements a measure to protect itself from the integrity intrusion and to ensure that
secure state follows both from legitimate and expected TOE accesses as well as from anticipated
failures.No mechanism is available to modify the TOE firmware via the TSF interface.
1.1.6.Physical protection of the TOE:
The TOE have mechanisms ensure that the TSF is protected from physical tampering and
interference. In addition these passive and active tamper detection mechanisms, the TOE’s physical
structure has protective desing to resist physical tampering. The HSM hardware has a strong
aluminium cover that hide the HSM’s front (component placed) side completely. This cover prevent
direct access to components and their pins. Under this cover there are four tamper switch to perceive
uncovering. In case of these type of intrusion attempt, tamper switches open the power circuit of
NVRAM that keep TOE database and secret keys, thus all of datas on the NVRAM deleted.
The tamper switches also have a connection active tamper detection mechanism. In case of
any intrusion attempt, this mechanism cut off ARM processor – NVRAM communication
physically and writes random datas to NVRAM to ensure that all of content completely deleted.
1.2.Threats:
The threats identified in this section are addressed by the TOE.
T.BYPASS: An unauthorized person may attempt to bypass the security mechanisms of the
TOE because of a defect in the TOE functioning.
T.CAPTURE: The data transmitted from the TOE to IT environment may be captured by a
malicious user by monitoring data bus.
T.DISARRANGE: Data may be disarranged as a result of IT environment driver error while
traversing the connection between TOE and the IT environment.
T.INF_LEAK: An unauthorized person may gather residual information from previous
information flow or internal TOE data by monitoring the padding of the information flows from
TOE because of a defect in the TOE functioning.
T.POOR_TEST: Lack of or insufficient tests that ran from developer to demonstrate that all
TOE security functions operate correctly (including in a fielded TOE) may result in incorrect TOE
behavior being discovered thereby causing potential security vulnerabilities.
T.REPEAT: The TOE permit A user or process may repeatedly send command to the TOE
and cause a data corruption or lost because of a defect in the TOE functioning.
T.UNSECURED_IT: The cryptographic entities may not be created correctly or cryptographic
operations may not execute properly because of unsecured IT environments that used from TOE
developer.
10
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 10 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
1.3.Organizational Security Policies:
P.EMERGENCY: All encryption keys contained in the default key database shall be deleted
in case of emergency.
P.ERASURE: All encryption keys contained in the default key database shall be deleted upon
the request of the authorized user.
P.CRYPTOGRAPHY: Only NIST FIPS 140-2 validated cryptography (methods and
implementations) are acceptable for key management.
1.4.Assumptions:
There are 5 assumptions those defined in the ST document:
A.CONNECT : The PC on which the TOE is running is not connected directly to an untrusted
network, either assumed not to be connected to any networks or it is connected to a trusted network
which is protected malicious attacks.
A.INSTALL : The Administrator will install and configure the TOE according to the
administrator guidance.
A.NOEVIL : Administrator of the TOE are assumed to be responsible, non-hostile individuals
who will follow by the instruction provided by TOE documentation.
A.PHYSICAL : The TOE will be located in an environment that is physically protected and
well management.(stable power, acceptable temperature) Only the authorized user of the TOE has
physical access.
A.PLATFORM : The Administrator will ensure that the platforms used to host the TOE
conform to the hardware and software outlined in the administrator guidance.
1.5.Evaluation Result:
According to Evaluation Technical Report for this product provides sufficient evidence that it
meets the EAL 4 augmented with ALC_DVS.2 assurance requirements for the evaluated security
functionality.The evaluation was conducted using the Common Methodology for Information
Technology Security Evaluation, Version 3.1 Revision 3. CCS Certification Body declares that the
“UEKAE Dirak Serisi HSM (HARDWARE SECURITY MODULE) Flow Control Firmware
V2.13” evaluation meets all the conditions of the Arrangement on the Recognotion of Common
Criteria Certificates and that the product will be listed on the CCS Certified Product List (CPL) and
the official Common Criteria Portal website.
11
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 11 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
2 CERTIFICATION RESULTS
2.1 Identification of Target of Evaluation
Project Identifier 14.10.06/TSE-CCCS-014
TOE Name and Version UEKAE Dirak Serisi HSM (HARDWARE SECURITY
MODULE) Flow Control Firmware V2.13
Security Target Document Title UEKAE Dirak Serisi HSM (HARDWARE SECURITY
MODULE) Flow Control Firmware V2.13 SECURITY
TARGET
Security Target Document
Version
v.05
Security Target Document Date 12.12.2012
Assurance Level EAL 4+ (ALC_DVS.2)
Criteria Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model, Version
3.1, Revision 3, July 2009
Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components,
Version 3.1, Revision 3, July 2009
Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components,Version
3.1, Revision 3, July 2009
Methodology Common Methodology for Information Technology
Security Evaluation, Version 3.1 Revision 3, July 2009
Protection Profile Conformance None
Common Criteria Conformance Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components,
Version 3.1, Revision 3, July 2009
Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components,Version
3.1, Revision 3, July 2009
Sponsor and Developer TÜBİTAK UEKAE
Evaluation Facility TÜBİTAK BİLGEM OKTEM
Certification Scheme Turkish Standards Institution
Common Criteria Certification Scheme
2.2 Security Policy
The TOE - UEKAE Dirak Serisi HSM (HARDWARE SECURITY MODULE) Flow Control
Firmware is a data flow control firmware on UEKAE Dirak Serisi HSM device. This firmware is
composed of several applications working on an embedded operating system. This operating system
is running on a processor located on UEKAE Dirak Serisi HSM device. UEKAE Dirak Serisi HSM
12
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 12 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
device is a PCI-e module that provides physical and logical protection for the cryptographic keys
and confidential data of critical applications.
TOE is designed for institutions those requires secure software applications those use
cryptographic keys and confidential data in case of running secure applications. TOE provides
protection against intrusion to the hardware which holds the critical keys and confidential data via
its tamper resistant hardware design and intrusion detection system.
Organizational Security Policies:
All encryption keys contained in the default key database shall be deleted in case of
emergency.
All encryption keys contained in the default key database shall be deleted upon the request
of the authorized user.
Only NIST FIPS 140-2 validated cryptography (methods and implementations) are
acceptable for key management.
2.3 Assumptions and Clarification of Scope
The consumers should know that TOE is a data flow control firmware on UEKAE Dirak
Serisi HSM device. This firmware is composed of several applications working on an embedded
operating system. This operating system is running on a processor located on UEKAE Dirak Serisi
HSM device. UEKAE Dirak Serisi HSM device is a PCIe x1 interface, thus requires a PCIe x1 slot
located on a PC in a secure location.
The consumers who plans to use the product should consider the assumptions below:
The PC on which the TOE is running is not connected directly to an untrusted network,
either assumed not to be connected to any networks or it is connected to a trusted network which is
protected malicious attacks.
The Administrator will install and configure the TOE according to the administrator
guidance.
Administrator of the TOE are assumed to be responsible, non-hostile individuals who will
follow by the instruction provided by TOE documentation.
The TOE will be located in an environment that is physically protected and well managed
(stable power, acceptable temperature) Only the authorized user of the TOE has physical access.
The Administrator will ensure that the platforms used to host the TOE conform to the
hardware and software outlined in the administrator guidance.
TOE is evaluated to meet all assurance requirements to provide security against Enhanced-
Basic Level (EAL 4 augmented with ALC.DVS.2) attackers with the scope of the threats listed
below:
An unauthorized person may attempt to bypass the security mechanisms of the TOE because
13
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 13 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
of a defect in the TOE functioning.
The data transmitted from the TOE to IT environment may be captured by a malicious user
by monitoring data bus.
Data may be disarranged as a result of IT environment driver error while traversing the
connection between TOE and the IT environment.
An unauthorized person may gather residual information from previous information flow or
internal TOE data by monitoring the padding of the information flows from TOE because of a
defect in the TOE functioning.
Lack of or insufficient tests that ran from developer to demonstrate that all TOE security
functions operate correctly (including in a fielded TOE) may result in incorrect TOE behavior being
discovered thereby causing potential security vulnerabilities.
The TOE permit A user or process may repeatedly send command to the TOE and cause a
data corruption or lost because of a defect in the TOE functioning.
The cryptographic entities may not be created correctly or cryptographic operations may not
execute properly because of unsecured IT environments that used from TOE developer.
2.4 Architectural Information
TOE is a data flow control firmware on an Atmel ARM 9 processor on UEKAE Dirak Serisi
HSM device. On this processor, limited command set Linux kernel (version 2.6.32.9) is installed.
This kernel also include MIRACL (version 5.4.1) and Open SSL (version 0.9.8) libraries for
mathematical and cryptographic operations. On the HSM device, to accelerate public key
cryptographic operations the RSA algorithm is implemented on an FPGA and used by TOE.
Consequently, TOE is an application packet that runs on the Linux operating system and uses above
mentioned cryptographic resources to produce and protect cryptographic variables (keys, initial
vectors etc.) and proceed cryptographic functions. TOE uses these resources in a secure way.
TOE basically manages dataflow between PKCS#11 command interface (for communicating
to host computer), FPGA based RSA2048 algorithm, Open SSL library, True Noise Generator (for
cryptographic variable production), secure memory (for cryptographic variable protection) and SIM
Card in a secure way.
UEKAE Dirak Serisi HSM device has a PCIe x1 interface for being used by the host
computer. PKCS#11 commands, sent by the user software, come to UEKAE Dirak Serisi HSM
device and consequently to TOE via this interface. These commands are to be converted to
UEKAE-HSM data command format by a driver software on the host computer.
The basic function of TOE is proceeding PKCS#11 commands coming from PCIe x1
interface. The user adds PKCS#11 commands in his software code (or directly calls), driver
software converts these commands into UEKAE-HSM data command format. Next, TOE performs
these commands. In addition, there are dedicated management commands for management of HSM
device as authentication, initializing, backup, emergency erase etc. Dedicated management
commands are already in UEKAE-HSM data command format and they do not need to be
14
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 14 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
converted. The HSM management software on the host computer calls these management functions
and the user does not need to know these commands.
2.5 Documentation
Document list for customers:
UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 SECURITY TARGET v05 (Güvenlik
Hedefi Dokümanı)
UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 YÖNETİCİ KULLANMA
KILAVUZU v03 (Administrator User Manual)
UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 TESLİM, KURULUM,
ÇALIŞTIRMA DOKÜMANI v1.0 (Delivery, Installation, Operating Document)
UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 FONKSİYONEL SPESİFİKASYON
v2 (Functional Specification)
2.6 IT Product Testing
UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 is evaluated for EAL 4. This level
requires developer tests assessment, independent functional testing, penetration tests (vulnerability
analaysis) conducted by evaluator laboratory.
Developer Tests:
Test Scenarios, expected results and obtained results are listed by TÜBİTAK UEKAE testers.
For each test, expected results are same with obtained test results. Developer Tests are explained in
HSM Gelistirici Testleri v2.00 document.
Evaluator Tests:
The evaluator repeated all tests conducted by developer, according to HSM Gelistirici Testleri
v2.00 (Developer Tests) document. Evaluator found that testing approach for each interface
demonstrates the expected behaviour of that interface. There is correspondance between TSFI and
developer tests and all security functions are covered. Test prerequisites, test steps and expected
result(s) adequately test each interface.
Independent Testing:
Independent tests are conducted by the evaluator, the philosphy of independent tests are
focusing the main security functions that could be very critical. After assessing developer tests, the
evaluator creates more number of tests and goes into more details. Independent testing is a process,
if a test is failed the developer is expected to fix the problem, after the update the same test is
repeated. At the end of independent test process all test results are obtained as expected by test
scenarios.
15
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 15 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
Penetration Tests:
Penetration tests are conducted by the evaluator against all exploitable vulnerabilities and
residual vulnerabilities, detailing for each:
a) its source
b) the SFR(s) not met;
c) a description;
d) whether it is exploitable in its operational environment or not (i.e. exploitable or residual).
e) the amount of time, level of expertise, level of knowledge of the TOE, level of opportunity
and the equipment required to perform the identified vulnerabilities, and the corresponding values
using the tables 3 and 4 of Annex B.4 CEM v3.1 rev3.
Penetration tests are also independent tests those are conducted against vulnerabilities.
Penetration testing work is also a kind of process if a test fails, evaluator is expected to fix the
vulnerability. After update of the TOE test is reconducted. The final results are as expected and all
penetration test results are successful.
2.7 Evaluated Configuration
TOE is a data flow control firmware on UEKAE Dirak Serisi HSM device. This firmware is
composed of several applications working on an embedded operating system. This operating system
is running on a processor located on UEKAE Dirak Serisi HSM device.
The physical boundary of the TOE is depicted below. The evaluator used the same configuration of
TOE and the same environment during the evaluation process.
2.8 Results of the Evaluation
All evaluator actions are satisfied for the evaluation level of EAL4+ (ALC_DVS.2) as defined
by the Common Criteria and the Common Methodology. The overall verdict for the evaluation is
PASS. The results are supported by the evidence in the ETR.
2.9 Evaluator Comments / Recommendations
The TOE must be protected against insecure network connections.
Responsible administrators should follow administrator guidence document for the
conforming environment of the TOE and also installation and configuration of the TOE.
16
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 16 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
The location of the TOE must be managed well (stable power, proper temperature etc. ) and
only authorized users must have physical access to the TOE. Measures must be taken against non-
hostile users.
3 SECURITY TARGET
The Security Target associated with this Certification Report is identified by the following
description of identity:
Title: UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 SECURITY TARGET
Version: 05
Date: 12.12.2012
4 GLOSSARY CCCS: Common Criteria Certification Scheme (TSE)
CCTL: Common Criteria Test Laboratory (OKTEM)
CCMB: Common Criteria Management Board
CEM: Common Evaluation Methodology
ETR: Evaluation Technical Report
IT: Information Technology
PCC: Product Certification Center
ST: Security Target
TOE: Target of Evaluation
TSF: TOE Security Function
TSFI: TSF Interface
SFR: Security Functional Requirement
EAL:
AES:
DES:
RSA:
SHA:
HSM:
PKI:
GUI:
UEKAE:
FIPS:
FPGA:
Evaluation Assurance Level
Advanced Encryption Standard
Data Encryption Standard
Rivest, Shamir and Adleman
Secure Hash Algorithm
Hardware Security Module
Public Key Infrastructure
Graphical User Interface
Ulusal Elektronik ve Kriptoloji Araştırma
Ensitüsü
Federal Information Processing Standard
Field Programmable Gate Array
5 BIBLIOGRAPHY
[1]Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and
General Model; CCMB-2009-07-001, Version 3.1, Revision 3, July 2009
17
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 17 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
[2]Common Criteria for Information Technology Security Evaluation, Part 2: Security
Functional Components; CCMB-2009-07-002, Version 3.1, Revision 3, July 2009
[3]Common Criteria for Information Technology Security Evaluation, Part 3:Security
Assurance Requirements; CCMB-2009-07-003, Version 3.1, Revision 3, July 2009
[4]Common Methodology for Information Technology Security Evaluation, Evaluation
Methodology; CCMB-2009-07-004, Version 3.1, Revision 3,July 2009
[5]PCC-03-WI-04 CERTIFICATION REPORT PREPARATION INSTRUCTIONS
[6]Evaluation Technical Report v1.0 Date: 31.12.2012
[7] UEKAE Dirak Serisi HSM Flow Control Firmware V2.13 SECURITY TARGET v05
Date: 12.12.2012
6 ANNEXES There is no additional information which is inappropriate for reference in other sections.
18
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 18 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011
19
PRODUCT CERTIFICATION CENTER
COMMON CRITERIA CERTIFICATION SCHEME
CERTIFICATION REPORT
Date of Issue: 28/12/2012
Page : 19 / 19
Rev. No : 00 Date of Rev:
Document No: PCC-09-FR-011