NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0225:  NIT Technical Decision for Make CBC cipher suites optional in IPsec

Publication Date
2017.07.27

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
ND SD V1.0

Issue Description

The NIT has issued a technical decision for making CBC cipher suites optional in IPsec.

Resolution

To align with NIT interpretation # 201707, FCS_IPSEC_EXT.1.4 and FCS_IPSEC_EXT.1.6 shall therefore be modified as follows:

FCS_IPSEC_EXT.1.4 shall therefore be modified as follows:

FCS_IPSEC_EXT.1.4 The TSF shall implement the IPsec protocol ESP as defined by RFC 4303 using the cryptographic algorithms [selection: AES-CBC-128 (specified by RFC 3602), AES-CBC-256 (specified by RFC 3602), AES-GCM-128 (specified in RFC 4106), AES-GCM-256 (specified in RFC 4106)] together with a Secure Hash Algorithm (SHA)-based HMAC."

 

FCS_IPSEC_EXT.1.6 shall be modified as follows:

FCS_IPSEC_EXT.1.6 The TSF shall ensure the encrypted payload in the [selection: IKEv1, IKEv2] protocol uses the cryptographic algorithms [selection: AES-CBC-128 (as specified in RFC 3602), AES-CBC-256 (as specified in RFC 3602), AES-GCM-128 (as specified in RFC 5282), AES-GCM-256 (as specified in RFC 5282)].

 

The TSS requirements for FCS_IPSEC_EXT.1.4 in NDSD V1.0 shall be modified as follows:

The evaluator shall examine the TSS to verify the TSS describes all cryptographic algorithms selected in FCS_IPSEC_EXT.1.4. In addition, the evaluator ensures that the SHA-based HMAC algorithm conforms to the algorithms specified in FCS_COP.1(4) Cryptographic Operations (for keyed-hash message authentication).

 

The TSS requirements for FCS_IPSEC_EXT.1.6 in NDSD V1.0 shall be modified as follows:

The evaluator shall ensure the TSS identifies the algorithms used for encrypting the IKEv1 and/or IKEv2 payload, and that all cryptographic algorithms selected in FCS_IPSEC_EXT.1.6 are included in the TSS discussion.

 

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201707.pdf

 

Justification

The NIT acknowledges that there are some security related concerns regarding AES-CBC mode and therefore supports making AES-128-CBC and AES-256-CBC optional for IKE and ESP.

 
 
Site Map              Contact Us              Home