NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0472:  File Encryption SFR Rationale and Consistency of TOE Type added

Publication Date
2019.12.04

Protection Profiles
MOD_FE_V1.0

Other References
Section 5.3, Section 6.1.1

Issue Description

Evaluation of the PP-Module during the first evaluation found failed work units for ACE_MCO.1-1 and APE_REQ.2-11. Therefore, the PP-Module needs to be updated to add the SFR Rationale and Consistency of TOE Type.

Resolution

Section 5.3 is added as follows:

5.3 TOE Security Requirements Rationale

The following rationale provides justification for each security objective for the TOE, showing that the SFRs are suitable to meet and achieve the security objectives:

Objective

SFR

Rationale

O.KEY_MATERIAL_ PROTECTION

FCS_CKM_EXT.4

This SFR supports the key material protection objective by destroying key material in a secure manner when no longer needed.

FPT_KYP_EXT.1

This SFR supports the key material protection objective by ensuring that key data is only stored in non-volatile memory when certain conditions are met.

O.FEK_SECURITY

FCS_COP.1(1) (from Base-PP)

This SFR supports the FEK security objective by defining the AES algorithm that is used to protect the FEK.

FCS_CKM_EXT.2

This SFR supports the FEK security objective by defining how the TSF accepts or generates a FEK.

FCS_IV_EXT.1

This SFR supports the FEK security objective by defining how IVs for AES keys are generated depending on the AES mode being used. AES keys may be used as KEKs to protect the FEK or as the FEK itself.

FCS_KYC_EXT.1

This SFR supports the FEK security objective by defining the key chain that is used to protect the FEK.

FCS_VAL_EXT.1

This SFR supports the FEK security objective by requiring some user validation method to succeed before the FEK can be decrypted.

FCS_CKM_EXT.3 (selection-based)

This SFR supports the FEK security objective by defining how the TSF accepts or generates KEKs, if used.

FCS_CKM_EXT.6 (selection-based)

This SFR supports the FEK security objective by defining the TSF’s support for a password authorization factor as a method of user validation, if used.

FCS_COP.1(5) (selection-based)

This SFR supports the FEK security objective by defining the key wrap functionality used to secure the key chain that protects the FEK, if used.

FCS_COP.1(6) (selection-based)

This SFR supports the FEK security objective by defining the key transport functionality used to secure the key chain that protects the FEK, if used.

FCS_COP.1(7) (selection-based)

This SFR supports the FEK security objective by defining the key encryption functionality used to secure the key chain that protects the FEK, if used.

FCS_KDF_EXT.1 (selection-based)

This SFR supports the FEK security objective by defining the key derivation functionality used to secure the key chain that protects the FEK, if used.

FCS_SMC_EXT.1 (selection-based)

This SFR supports the FEK security objective by defining the key combining functionality used to secure the key chain that protects the FEK, if used.

FCS_VAL_EXT.2 (selection-based)

This SFR supports the FEK security objective by defining methods to limit user access to the validation mechanism that decrypts the FEK, if used.

O.WIPE_MEMORY

FDP_PRT_EXT.1

This SFR supports the memory wipe objective by ensuring that sensitive data created by the TOE during the file encryption/decryption process is destroyed.

FDP_PRT_EXT.2

This SFR supports the memory wipe objective by ensuring that plaintext data created by the TOE during the file encryption/decryption process is destroyed.

FDP_PRT_EXT.3 (optional)

This SFR supports the memory wipe objective by ensuring that if the TOE has a capability to allow third-party applications to invoke it, that those applications do not create persistent plaintext data during the encryption/decryption process.

O.PROTECT_DATA

FCS_COP.1(1) (from Base-PP)

This SFR supports the data protection objective by providing the AES algorithm that the FEK uses to encrypt protected data.

FCS_IV_EXT.1

This SFR supports the data protection objective by defining how IVs for AES keys are generated depending on the AES mode being used. AES keys may be used as KEKs to protect the FEK or as the FEK itself. Either way, sensitive data is ultimately protected using AES.

FDP_PRT_EXT.1

This SFR supports the data protection objective by specifying AES as the cryptographic algorithm used to encrypt/decrypt sensitive data. It also supports the objective by ensuring that the encryption/decryption process does not leave residual traces of protected data in plaintext.

FDP_PRT_EXT.2

This SFR supports the data protection objective by ensuring that the encryption/decryption process does not leave residual traces of protected data in plaintext.

FCS_CKM_EXT.5 (optional)

This SFR supports the data protection objective by optionally defining the use of a FAK to support data authentication.

FCS_COP_EXT.1 (optional)

This SFR supports the data protection objective by requiring that key wrapping be used to protect a FAK if the TSF supports data authentication.

FDP_AUT_EXT.1 (optional)

This SFR supports the data protection objective by defining optional functionality for performing data authentication against sensitive data.

FDP_AUT_EXT.2 (optional)

This SFR supports the data protection objective by defining a method by which the TSF performs the optional data authentication function using a keyed-hash function.

FDP_AUT_EXT.3 (optional)

This SFR supports the data protection objective by defining a method by which the TSF performs the optional data authentication function using a digital signature function.

FDP_PM_EXT.1 (optional)

This SFR supports the data protection objective by defining optional functionality for ensuring that data protection is enforced when the TOE platform transitions into and out of a power managed state.

FDP_PRT_EXT.3 (optional)

This SFR supports the data protection objective by ensuring that if the TSF can be invoked by third-party applications to perform encryption/decryption functionality, that this invocation does not cause the disclosure of sensitive data through its presence in temporary files.

FIA_FCT_EXT.1 (optional)

This SFR supports the data protection objective by defining optional functionality for maintaining multiple key chains that can tie different sets of protected data to different users that have unique authorization factors.

O.SAFE_AUTHFACTOR_ VERIFICATION

FCS_VAL_EXT.1

This SFR supports the authorization factor validation objective by defining the specific method used to validate authorization factors and ensuring that the FEK is not decrypted until this validation is successful.

FIA_AUT_EXT.1

This SFR supports the authorization factor validation objective by defining the specific authorization factors that a user can supply to the TSF to decrypt the FEK.

O.MANAGE

FMT_MEC_EXT.1 (from Base-PP)

This SFR supports the secure management objective by ensuring that configuration settings that apply to the TOE are stored using the mechanisms recommended by the platform vendor.

FMT_SMF.1(2)

This SFR supports the secure management objective by defining the TSF management functions that can be used to support file encryption/decryption functionality.

 

The following text is added for Section 6.1.1 Consistency of TOE type:

When this PP-Module is used to extend the AppPP, the TOE type for the overall TOE is still an application. The TOE boundary is simply extended to include File Encryption functionality that is provided by the application.

Justification

See issue description. The resulting additions result in PASS verdicts for these work units.

 
 
Site Map              Contact Us              Home