Validated Product - CoreStreet Real Time Credential Validation Authority

PRODUCT DESCRIPTION

CoreStreet's Real Time Credential Validation Authority supports a Public Key Infrastructure (PKI) that creates and manages public key certificates to facilitate the use of public key cryptography. One of the required basic tasks of any PKI is to maintain and distribute certificate status information for unexpired certificates. The CoreStreet Real Time Credential Validation Authority TOE is designed to provide a truly scalable, and trustworthy method for managing and distributing certificate status. In addition, it extends the functionality and utility of certificates by providing the capability to dynamically manage physical and logical access control attributes without requiring revoking and/or reissuing the certificate.

Specifically, the two basic tasks that the CoreStreet RTC VA TOE performs are:

• Maintain and distribute certificate status information for unexpired certificates

• Maintain and distribute associated attribute status information for unexpired certificates

The CoreStreet Real Time Credential Validation Authority TOE distributes certificate and attribute status information in the form of digitally signed proofs. CoreStreet Real Time Credential Validation Authority TOE supports two types of validation proofs:

• Basic OCSP responses

• MiniCRLs

Either or both of these proofs can be used with any specific implementation of the CoreStreet Real Time Credential Validation Authority TOE. These validation proofs provide conclusive evidence to a relying party application of the current validity of a certificate or associated attributes.

The CoreStreet Real Time Credential (RTC) Validation Authority TOE consists of two components; the RTC Authority, which securely houses and manages the status of certificates and attributes, and the RTC Responder, which holds and disperses non-secret pre-signed validation proofs to relying applications.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the CoreStreet Real Time Credential Validation Authority TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 9 January 2004. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL3 family of assurance requirements augmented with ALC_FLR.1. The product, when configured as specified in the RTC Authority User Guide, CoreStreet Ltd., Revision 3 and RTC Authority Administration Guide CoreStreet Ltd., Revision 7, satisfies all of the security functional requirements stated in the CoreStreet Real Time Credential Validation Authority Security Target, version 1.0, 2 September 2004. One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in September 2004. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-04-0078, dated 1 September 2004) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

CoreStreet Real Time Credential Validation Authority TOE manages and publishes certificate and attribute validity status, making it available to Public Key Enabled (PKE) applications. These applications rely on this information to make access control decisions to both physical locations and logical functions and services. CoreStreet Real Time Credential Validation Authority supports the following six security functions:

Audit Function

The RTCA generates audit records based on the administrative actions and system actions. The audit records are stored within the environment. The administrative actions are audited and stored in a database utilized by the TOE, while system actions are stored in a system log file defined by the TOE. The Auditor is able to view, search and sort the audit records generated based on administrator actions. The system log records are viewable by the Administrator only.

User Data Protection

There are no unauthorized users of the TOE. The TOE defines the access to the TSF and user data based on the role that is assigned to the authorized user. The TOE implements an access control policy, which limits the interfaces accessible to users to those, associated with the defined roles of the TOE. The interfaces define what actions may be performed to the TSF and user data stored within the database.

Identification and Authentication

The CoreStreet Real Time Credential Validation Authority has two authentication mechanisms that are used together to identify the authorized users. The first mechanism is the user id and password. The CoreStreet Real Time Credential Validation Authority provides the interface to accept and verify the user id and password against the user account information stored in the database.

If the user's account includes a certificate containing the user's public key, the second mechanism, certificate-based authentication, is used. The CoreStreet Real Time Credential Validation Authority verifies that the user also has the associated private key by issuing a standard SSL challenge to the user who must return a response encrypted with his private key. This mechanism is used in conjunction with the password mechanism. Upon successful verification, the user is permitted access to the administrative interfaces allowed by the user assigned role(s).

Communication

The CoreStreet Real Time Credential Validation Authority has been designed to minimize the types of imported data. The description below identifies each of these data types:

• Issuer registration data - these data include the issuer's common name, assigned OID and public certificate. It contains no unprotected security sensitive data. Registration of new issuers will be a relatively infrequent event and is a manual process governed by local policy and procedures.

• Newly issued certificates - the integrity and authenticity of the data is protected by digital signature

• Newly issued CRLs - the integrity and authenticity of the data is protected by digital signature

• Certificate attribute changes (optional) - the integrity and authenticity of the data is protected by digital signature

• Certificates of the attribute managing officers (optional) - used to authenticate and verify integrity of certificate attribute change requests

• Trusted root certificates - the "trust anchors" that are used to authenticate certificates from entities outside the CoreStreet Real Time Credential Validation Authority

Specific note is made of the fact that the relying party applications and the RTC Responders do not communicate directly with the CoreStreet RTC Authority. All data imported by the CoreStreet Real Time Credential Validation Authority is of a specific predefined type and from authenticated sources. The RTC Authority stores certificate status and attribute information in the database, and the RTC Responders retrieve it from there.

Security Management

CoreStreet Real Time Credential Validation Authority does not support the notion of untrusted users. Rather "users" are administrative personnel operating within a supported role. CoreStreet maintains three roles within the CoreStreet Real Time Credential Validation Authority: Administrator, Officer, and Auditor.

• Administrators - responsible for installing, configuring and upgrading the CoreStreet Real Time Credential Validation Authority software. This includes managing user accounts, certificate issuers, attribute mappings, data stores, key stores and scheduling jobs.

• Officer - responsible for managing credential lifecycles. Officers register certificates with the Authority and manage CRLs.

• Auditors - responsible for reviewing audit logs and security breaches.

TSF Protection

The CoreStreet Real Time Credential Validation Authority ensures that security functions are not bypassed by the enforcement of the authentication mechanisms and limiting the access capability based on the administrative role assigned to the user interface.

The TSF information stored in the database is stored with a digital signature to ensure that any tampering of the information can be verified by the comparison of the stored digital signature with the generated signature.