PRODUCT DESCRIPTION

The TOE is the Key Server and Authentication Server components of the SigabaNet 2.2 product. The TOE is a sensitive data protection type of product that mediates access to cryptographic keys that are used to guard against unauthorized access to data. The TOE is intended for use with application programming interfaces outside of the TOE boundary that use the TOE to generate server credentials called name assertions on behalf of SigabaNet users. SigabaNet users (users of the SigabaNet product that includes the TOE) can then use these credentials for authentication within the SigabaNet system (a superset of the TOE), allowing them to generate, store, and manage secret keys for use by external client applications.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Sigaba SigabaNet 2.2 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 6 June 2004. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL2 augmented with ADV_SPM.1 family of assurance requirements. The product, when configured as specified in the SigabaNet Servers Installation & Configuration Guide, satisfies all of the security functional requirements stated in the Sigaba SigabaNet 2.2 Security Target, Version 4.0, 7 January 2006. The supported platform is Windows 2000 Server SP4. The TOE also requires an Application Server - Tomcat 4.1.24, Database - Postgres 7.1.3, Courier Service (A SigabaNet 2.2 component), SigabaNet 2.2 Administration Server, and SigabaNet 2.2 Client APIs. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in January 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0002, dated 7 February 2006) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The product is the SigabaNet system; the TOE is a subset of the SigabaNet system, specifically the SigabaNet Authentication Server and the SigabaNet Key Server. The TOE components provide secure storage of cryptographic keys and controlled access to those keys.  The TOE is intended for use with application programming interfaces outside of the TOE boundary that are given access to cryptographic keys stored by the TOE based on the Sigaba authentication mechanism, name assertions.  SigabaNet 2.2 supports the following five security functions:

Security audit

The TOE has an audit mechanism that is invoked for access checks, authentication attempts, and administrator functions. When invoked, the date, time, responsible individual and other details describing the event are recorded to the audit trail.

The audit log is stored in a database in the environment. Audit events are generated by the SigabaNet Authentication and Key Servers using JMS publish messages, which are sent to SigabaNet system components that are in the environment and not part of the TOE.

Cryptographic support

The TOE implements a cryptographic module that was designed to meet FIPS 140-1 requirements. The TOE uses asymmetric keys to use with name assertions, and generates symmetric keys to use to protect data. The TOE provides pseudo random number generation, signature generation, signature verification, and hash generation. The TOE also provides cryptographic key generation.

FIPS 140-1 is a separate evaluation scheme; the cryptographic components of this TOE were not evaluated further during this evaluation.

User data protection

 

The TOE implements a Discretionary Access Control (DAC) policy over applicable SigabaNet system objects, specifically the secret keys. Each secret key object has an owner (the creator of the object). Object owners have special permissions, even though other users can subsequently be granted access to the object.

 

Identification and authentication

The TOE provides its own identification and authentication mechanism. Users must provide a valid user name and password before obtaining a name assertion, which in turn must be provided before either generating or accessing a secret key. Once identified and authenticated, all subsequent actions associated with that user and policy decisions are based on the user's identity, role, and name assertion entitlements.

Security management

 

The TOE provides administrators with HTML web forms that are generating using Java Server Pages (JSP) that in turn either operates directly on server configuration files or that generate Java Message Service (JMS) messages that are then sent to the server being administered. Administrator web forms are used to manage users and associated attributes, and JMS messages along with web forms are used to manage other security functions, including TSF data such as trust points. Web form interfaces are restricted to administrators only. Note that the TOE provides non-administrative users with network protocol interfaces that are accessed using application programming interfaces that are outside of the TOE boundary.

 

Functions of the IT Environment

 

The TOE relies on the Application Server (Tomcat 4.1.24) to provide separate user connection threads in its JVM JNI TCP/IP sockets service. The SigabaNet 2.2 TOE relies on the underlying operating system (Microsoft Windows 2000 Server SP4) to provide protection of the TSF by restricting access to TOE files.  The underlying operating system also provides a reliable time stamp. The SigabaNet 2.2 TOE relies on SigabaNet system components that are in the environment and not part of the TOE to receive audit events generated by SigabaNet Authentication and Key Servers, provide a reporting capability, and write events to an audit trail.