FCS_SRTP_EXT.1.3 and its related Assurance Activities assume that the TOE supports disabling of the SRTP NULL algorithm. There are SBC TOEs that do not allow SRTP NULL to be configured.

FCS_SRTP_EXT.1 in SBC EP v1.1 is modified as follows (strikethroughs for deletions and underlines for additions):

FCS_SRTP_EXT.1.3  The TSF shall ensure the SRTP NULL algorithm [selection: is disabled, can be disabled by a Security Administrator].

Assurance Activity
TSS   The evaluator shall verify that the TSS describes the ability of the TOE to do the following:

1. Support the use of SRTP and the ciphersuites that are supported by the SRTP implementation.
2. Disable the SRTP NULL algorithm and/or provide the ability for it to be disabled by a Security Administrator to disable the SRTP NULL algorithm.
3. Provide the ability for a Security Administrator to specify the SRTP ports used for SRTP communications.

AGD  The evaluator shall verify that the Operational Guidance describes how to perform the following actions on the TOE:

1. How to configure the ciphersuites used by SRTP.
2. [conditional] How to enable/disable use of the SRTP NULL algorithm.
3. How to specify the ports used for SRTP communications.

Test  The evaluator shall perform the following tests:

...

Test 2:
1. Configure the TOE to enable use of the SRTP NULL algorithm.
2. 1. Deploy a packet capture tool that is capable of sniffing traffic on the network interface where DTLS traffic will be transmitted.
3. Transmit SRTP NULL message to the TOE and observe that it is accepted.
4. 2. [conditional] Configure the TOE to disable use of the SRTP NULL algorithm.
5. 3. Transmit SRTP NULL message to the TOE and observe that it is rejected.

...

 

See issue description