NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0459:  RadSec Pre-Shared Key Clarification

Publication Date
2019.10.25

Protection Profiles
PP_NDCPP_APP_AUTHSVR_EP_V1.0

Other References
FCS_RADSEC_EXT.1.4

Issue Description

FCS_RADSEC_EXT.1.4 is required to be made if FCS_RADSEC_EXT.1 is selected; however, there is no means to satisfy the selection if pre-shared key is not selected as part of FCS_RADSEC_EXT.1.2 and therefore no PSK algorithms are selected as part of FCS_RADSEC_EXT.1.3. Moreover, FCS_RADSEC_EXT.1.4 is written as a conditional SFR element when it should be its own component.

Resolution

The following changes are made to Section C.1.2:

  • Delete FCS_RADSEC_EXT.1.4
  • Add the following sentence to the Application Note:
    • If an optional ciphersuite for pre-shared keys is selected in FCS_RADSEC_EXT.1.3, then FCS_RADSEC_EXT.2 shall be included in the ST.
  • Delete the last paragraph of the TSS Assurance Activity
  • Delete the last paragraph of the AGD Assurance Activity
  • Delete Test 15 and Test 16 from the Test Assurance Activity

The following additions shall be made:

C.1.3 FCS_RADSEC_EXT.2 - Extended: RadSec with Pre-Shared Keys

The following SFR shall be included in the ST if an optional ciphersuite for pre-shared keys is selected in FCS_RADSEC_EXT.1.3

FCS_RADSEC_EXT.2.1 - The TSF shall [selection: accept, generate using the random bit generator specified in FCS_RBG_EXT.1] bit-based pre-shared keys.

Assurance Activity

TSS

The evaluator shall examine the TSS to ensure it describes the process by which the bit-based pre-shared keys are generated (if the TOE supports this functionality), and confirm that this process uses the RBG specified in FCS_RBG_EXT.1.

AGD

The evaluator shall confirm the operational guidance contains instructions for either entering bit-based pre-shared keys, or generating a bit-based pre-shared key (or both).

Tests

Test 1: [conditional] If the TOE does not generate bit-based pre-shared keys, the evaluator shall obtain a bit-based pre-shared key of the appropriate length and enter it according to the instructions in the operational guidance. The evaluator shall then demonstrate that a successful protocol negotiation can be performed with the key.

Test 2: [conditional] If the TOE does generate bit-based pre-shared keys, the evaluator shall generate a bit-based pre-shared key of the appropriate length and use it according to the instructions in the operational guidance. The evaluator shall then demonstrate that a successful protocol negotiation can be performed with the key.

 

 

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home