Version: 1.0
2022-03-31
National Information Assurance Partnership
| Version | Date | Comment |
|---|---|---|
| 1.0 | 2022-03-31 | Initial Release |
| 0.5 | 2022-01-20 | Conversion to Protection Profile Module (PP-Module); Updated to include Wi-Fi Protected Access (WPA) 3 and Wi-Fi 6. WPA 3 is required. WPA 2 can additionally be included in the Security Target (ST). 256 bit keys are required. 128 and 192 bit keys can additionally be included in the ST. Mandated Distributed Target of Evaluation (TOE) |
The scope of this PP-Module is to describe the security functionality of a Wireless Local Area Network (WLAN) Access System (AS) in terms of [CC] and to define functional and assurance requirements for such products. This PP-Module is intended for use with the following Base Protection Profile (Base-PP):
A TOE that conforms to a Protection Profile Configuration (PP-Configuration) containing this PP-Module must be a ‘Distributed TOE’ as defined in the NDcPP. The expectation for this PP-Module is that a WLAN AS must include a controller and one or more access points (APs).
Assurance | Grounds for confidence that a TOE meets the SFRs [CC]. |
Base Protection Profile (Base-PP) | Protection Profile used as a basis to build a PP-Configuration. |
Collaborative Protection Profile (cPP) | A Protection Profile developed by international technical communities and approved by multiple schemes. |
Common Criteria (CC) | Common Criteria for Information Technology Security Evaluation (International Standard ISO/IEC 15408). |
Common Criteria Testing Laboratory | Within the context of the Common Criteria Evaluation and Validation Scheme (CCEVS), an IT security evaluation facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and approved by the NIAP Validation Body to conduct Common Criteria-based evaluations. |
Common Evaluation Methodology (CEM) | Common Evaluation Methodology for Information Technology Security Evaluation. |
Distributed TOE | A TOE composed of multiple components operating as a logical whole. |
Operational Environment (OE) | Hardware and software that are outside the TOE boundary that support the TOE functionality and security policy. |
Protection Profile (PP) | An implementation-independent set of security requirements for a category of products. |
Protection Profile Configuration (PP-Configuration) | A comprehensive set of security requirements for a product type that consists of at least one Base-PP and at least one PP-Module. |
Protection Profile Module (PP-Module) | An implementation-independent statement of security needs for a TOE type complementary to one or more Base-PPs. |
Security Assurance Requirement (SAR) | A requirement to assure the security of the TOE. |
Security Functional Requirement (SFR) | A requirement for security enforcement by the TOE. |
Security Target (ST) | A set of implementation-dependent security requirements for a specific product. |
Target of Evaluation (TOE) | The product under evaluation. |
TOE Security Functionality (TSF) | The security functionality of the product under evaluation. |
TOE Summary Specification (TSS) | A description of how a TOE satisfies the SFRs in an ST. |
Access Point (AP) | A device that provides the network interface that enables wireless client hosts to access a wired network. |
Service Set Identifier (SSID) | The primary name associated with an 802.11 wireless local area network (WLAN). |
Wireless Local Area Network (WLAN) | A wireless computer network that links two or more devices using wireless communication to form a local area network within a limited area such as a home, school, computer laboratory, campus, office building, etc. |
This PP-Module specifically addresses WLAN (IEEE 802.11) ASes. A compliant WLAN AS is a system composed of hardware and software that is connected to a network and has an infrastructure role in the overall enterprise network. In particular, a WLAN AS establishes a secure wireless (IEEE 802.11) link that provides an authenticated and encrypted path to an enterprise network and thereby decreases the risk of exposure of information transiting “over-the-air”.
Since this PP-Module extends the NDcPP, conformant TOEs are obligated to implement the functionality required in the NDcPP along with the additional functionality defined in this PP-Module in response to the threat environment discussed subsequently herein.
This PP-Module inherits exact conformance as required from the specified Base-PP and as defined in the Common Criteria (CC) and Common Evaluation Methodology (CEM) addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).
No Protection Profiles (PPs) or PP-Modules may be specified in a PP-Configuration with this PP-Module other than the Base-PP specified in Section 1.1 Overview.
This PP-Module is written to address the situation when network packets cross the boundary between a wired private network and a wireless client via a WLAN AS. The WLAN Access System provides secure communication between a user (wireless client) and a wired (trusted) network by supporting security functions such as administration, authentication, encryption, and the protection and handling of data in transit. To protect the data in transit from disclosure and modification, a WLAN AS is used to establish secure communications. The WLAN AS provides one end of the secure cryptographic tunnel and performs encryption and decryption of network packets in accordance with a WLAN AS security policy negotiated with its authenticated wireless client. It supports multiple simultaneous wireless connections and is capable of establishing and terminating multiple cryptographic tunnels to and from those peers.
The proper installation, configuration, and administration of the WLAN AS are critical to its correct operation.
Note that this PP-Module does not repeat the threats identified in the NDcPP, though they all apply given the conformance and hence dependence of this PP-Module on the NDcPP. Note also that while the NDcPP contains only threats to the ability of the TOE to provide its security functions, this PP-Module addresses only threats to resources in the Operational Environment (OE). Together the threats of the NDcPP and those defined in this PP-Module define the comprehensive set of security threats addressed by a WLAN AS TOE.
An organization deploying the TOE is expected to satisfy the organizational security policy listed below in addition to all organizational security policies defined by the claimed Base-PP.
This document does not define any additional OSPs.| Threat, Assumption, or OSP | Security Objectives | Rationale |
| T.NETWORK_DISCLOSURE | O.AUTHENTICATION | The threat T.NETWORK_DISCLOSURE is countered by O.AUTHENTICATION as proper authentication of external entities ensures that network data is not disclosed to an unauthorized subject. |
| O.CRYPTOGRAPHIC_FUNCTIONS | The threat T.NETWORK_DISCLOSURE is countered by O.CRYPTOGRAPHIC_FUNCTIONS as implementation of cryptographic functions ensures that network data is not subject to unauthorized disclosure in transit. | |
| T.NETWORK_ACCESS | O.AUTHENTICATION | The threat T.NETWORK_ACCESS is countered by O.AUTHENTICATION as proper authentication methods ensure that subjects outside the protected network cannot access data inside the protected network until the TSF has authenticated them. |
| O.TOE_ADMINISTRATION | The threat T.NETWORK_DISCLOSURE is countered by O.TOE_ADMINISTRATION as the TOE's administration function does not permit execution of management functions that originate from wireless clients outside the protected network. | |
| T.TSF_FAILURE | O.FAIL_SECURE | The threat T.TSF_FAILURE is countered by O.FAIL_SECURE as the TOE responds to self-test failures that are significant enough to show a potential compromise of the TSF by making the TSF unavailable until the failure state has been cleared. |
| O.SYSTEM_MONITORING | The threat T.TSF_FAILURE is countered by O.SYSTEM_MONITORING as the TOE generates audit records of unauthorized usage, communications outages, incorrect configuration, and other behaviors that may indicate a degraded ability to enforce its intended security functionality so that issues can be diagnosed and resolved appropriately. | |
| T.DATA_INTEGRITY | O.CRYPTOGRAPHIC_FUNCTIONS | The threat T.DATA_INTEGRITY is countered by O.CRYPTOGRAPHIC_FUNCTIONS as the TOE uses cryptographic functionality to enforce the integrity of protected data in transit. |
| T.REPLAY_ATTACK | O.AUTHENTICATION | The threat T.REPLAY_ATTACK is countered by O.AUTHENTICATION as the TOE's use of authentication mechanisms prevent replay attacks because the source of the attack will not have the proper authentication data for the TSF to process the replayed traffic. |
| O.CRYPTOGRAPHIC_FUNCTIONS | The threat T.REPLAY_ATTACK is countered by O.CRYPTOGRAPHIC_FUNCTIONS as the TOE's use of cryptographic functionality prevents impersonation attempts that use replayed traffic. | |
| A.CONNECTIONS | OE.CONNECTIONS | The OE objective OE.CONNECTIONS is realized through A.CONNECTIONS. |
This requirement is modified from its definition in the NDcPP by mandating the selection of CBC mode and 256 bit key sizes while also defining additional AES mode and key size selections not present in the original definition.
This requirement mandates two modes for AES with a key size of 256 bits being implemented. It is not expected that these modes will both be used for all encryption and decryption functionality. Rather, the mandates serve particular purposes: to comply with the FCS_IPSEC_EXT.1 requirements, CBC mode is mandated, and to comply with IEEE 802.11-2020, AES-CCMP (which uses AES in Counter Mode with CBC-Message Authentication Code (CCM) as specified in SP 800-38C) must be implemented.
For the first selection of FCS_COP.1.1/DataEncryption, the ST author should choose the additional mode or modes in which AES operates. For the second selection, the ST author should choose the key sizes that are supported by this functionality. 256-bit CCMP is required in order to comply with FCS_CKM.1/WPA. Note that optionally AES-CCMP-192, AES-CCMP-128, AES-GCMP-192, and AES-GCMP-128 with cryptographic key size of 256 bits, may be implemented for IEEE 802.11ax-2021 connections. In the future, one of these modes may be required.
CTR mode is not used for WLAN AS capabilities but remains selectable since it may be required by another part of the TSF.
This requirement has been modified from its definition in the NDcPP to mandate the communications protocols and environmental components that a WLAN AS must use for infrastructure communications (802.11 support is also required for wireless client communications, but this is covered by the FTP_ITC.1/Client). IPsec or RADIUS over TLS (commonly known as "RadSec") is required at least for communications with the 802.1X authentication server. Other selections may be made if needed by other parts of the TSF. The requirement implies that not only are communications protected when they are initially established, but also on resumption after an outage.
The IT entity of "802.1X authentication server" is distinct from "authentication server" because the latter may be used for administrator authentication rather than authorization of WLAN clients.
If IPsec is selected in FTP_ITC.1.1, then FCS_IPSEC_EXT.1 from the NDcPP must be claimed. If RADIUS over TLS is selected in FTP_ITC.1.1, then FCS_RADSEC_EXT.1 in this PP-Module must be claimed, as well as FCS_TLSC_EXT.1 from the NDcPP.
| Requirement | Auditable Events | Additional Audit Record Contents |
|---|---|---|
| FCS_CKM.1/WPA | None. | |
| FCS_CKM.2/DISTRIB (optional) | None. | |
| FCS_CKM.2/GTK | None. | |
| FCS_CKM.2/PMK | None. | |
| FCS_RADSEC_EXT.1 (selection-based) | None. | |
| FCS_RADSEC_EXT.2 (selection-based) | None. | |
| FCS_RADSEC_EXT.3 (selection-based) | None. | |
| FCS_IPSEC_EXT.1 (selection-based) | Protocol failures. | Reason for failure. Non-TOE endpoint of connection. |
| Establishment or Termination of an IPsec SA. | Non-TOE endpoint of connection. | |
| FIA_8021X_EXT.1 | Attempts to access the 802.1X controlled port prior to successful completion of the authentication exchange. | Provided client identity (e.g. Media Access Control [Media Access Control (MAC)] address). |
| Failed authentication attempt. | Provided client identity (e.g. MAC address). | |
| FIA_PSK_EXT.1 (selection-based) | None. | |
| FIA_UAU.6 | Attempts to re-authenticate. | Origin of the attempt (e.g., IP address). |
| FMT_SMF.1/AccessSystem | None. | |
| FMT_SMR_EXT.1 | None. | |
| FPT_FLS.1 | Failure of the TSF. | Indication that the TSF has failed with the type of failure that occurred. |
| FPT_TST_EXT.1 | Execution of TSF self-test. | None. |
| Detected integrity violations. | The TSF code file that caused the integrity violation. | |
| FTA_TSE.1 | Failure of the TSF. | Indication that the TSF has failed with the type of failure that occurred. |
| FTP_ITC.1 | Failed attempts to establish a trusted channel (including IEEE 802.11). | Identification of the initiator and target of channel. |
| Detection of modification of channel data. | ||
The auditable events defined in Table 2 are for the SFRs that are explicitly defined in this PP-Module and are intended to extend FAU_GEN.1 in the Base-PP.
The events in the Auditable Events table should be combined with those of the NDcPP in the context of a conforming Security Target.
The Auditable Events (Table 2) includes optional and objective SFRs. The auditing of optional and objective SFRs is only required if that SFR is included in the ST.
Per FAU_STG_EXT.1 in the Base-PP, the TOE must support transfer of the audit data to an external IT entity using a trusted channel.
The cryptographic key derivation algorithm required by IEEE 802.11-2020 (Section 12.7.1.2) and verified in WPA2 certification is PRF-384, which uses the HMAC-SHA-1 function and outputs 384 bits. The use of GCMP is defined in IEEE 802.11ax-2021 (Section 12.5.5) and requires a Key Derivation Function (KDF) based on HMAC-SHA-256 (for 128-bit symmetric keys) or HMAC-SHA-384 (for 256-bit symmetric keys). This KDF outputs 704 bits.
This requirement applies only to the keys that are generated or derived for the communications between the AP and the client once the client has been authenticated. It refers to the derivation of the Group Temporal Key (GTK), through the Random Bit Generator (RBG) specified in this PP-Module, as well as the derivation of the Pairwise Transient Key (PTK) from the Pairwise Master Key (PMK), which is done using a random value generated by the RBG specified in this PP-Module, the HMAC function as specified in this PP-Module, as well as other information. This is specified in IEEE 802.11-2020, primarily in chapter 12. FCS_RBG_EXT.1 is defined in the NDcPP.
This requirement covers the TOE's role as the authenticator in an 802.1X authentication exchange. If the exchange is completed successfully, the TOE will obtain the PMK from the RADIUS server and perform the four-way handshake with the wireless client (supplicant) to begin 802.11 communications.
As indicated previously, there are at least three communication paths present during the exchange; two with the TOE as an endpoint and one with the TOE acting as a transfer point only. The TOE establishes an Extensible Authentication Protocol (EAP) over Local Area Network (EAPOL) connection with the wireless client as specified in 802.1X-2007. The TOE also establishes (or has established) a RADIUS protocol connection protected either by IPsec or RadSec (TLS) with the RADIUS server. The wireless client and RADIUS server establish an EAP-TLS session (RFC 5216); in this transaction the TOE merely takes the EAP-TLS packets from its EAPOL/RADIUS endpoint and transfers them to the other endpoint. Because the specific authentication method (TLS in this case) is opaque to the TOE, there are no requirements with respect to RFC 5126 in this PP-Module. However, the base RADIUS protocol (2865) has an update (3579) that will need to be addressed in the implementation and evaluation activities. Additionally, RFC 5080 contains implementation issues that will need to be addressed by developers but which levy no new requirements.
The point of performing 802.1X authentication is to provide access to the network (assuming the authentication was successful and that all 802.11 negotiations are performed successfully); in the terminology of 802.1X, this means the wireless client has access to the "controlled port" maintained by the TOE.
The “TOE interface” can be specified in terms of the device in the TOE that the WLAN client is connecting to (e.g. specific WLAN APs). “Time” and “day” refer to time-of-day and day-of-week, respectively.
The assignment is to be used by the ST author to specify additional attributes on which denial of session establishment can be based.
The following rationale provides justification for each security objective for the TOE,
showing that the SFRs are suitable to meet and achieve the security objectives:
| Objective | Addressed by | Rationale |
|---|---|---|
| O.CRYPTOGRAPHIC_FUNCTIONS | FCS_COP.1/DataEncryption (modified from Base-PP) | FCS_COP.1/DataEncryption supports the objective by requiring the TSF to implement AES in the modes needed to support its other functions. |
| FCS_CKM.1/WPA | FCS_CKM.1/WPA supports the objective by requiring the TSF to generate symmetric keys used for WPA2. | |
| FCS_CKM.2/GTK | FCS_CKM.2/GTK supports the objective by requiring the TSF to distribute group temporal keys used for IEEE 802.11. | |
| FCS_CKM.2/PMK | FCS_CKM.2/PMK supports the objective by requiring the TSF to distribute pairwise master keys used for IEEE 802.11. | |
| FCS_CKM.2/DISTRIB (optional) | FCS_CKM.2/DISTRIB supports the objective by optionally requiring the TSF to distribute IEEE 802.11 keys to any distributed TOE components using a secured method. | |
| O.AUTHENTICATION | FCO_CPC_EXT.1 (from Base-PP) | FCO_CPC_EXT.1 supports the objective by requiring the TSF to implement a mechanism that authenticates its distributed components to each other. |
| FIA_8021X_EXT.1 | FIA_8021X_EXT.1 supports the objective by requiring the TSF to act as the authenticator for 802.1X authentication. | |
| FIA_UAU.6 | FIA_UAU.6 supports the objective by requiring the TSF to re-authenticate a security administrator under certain circumstances. | |
| FTA_TSE.1 | FTA_TSE.1 supports the objective by requiring the TSF to deny the establishment of a wireless client session for reasons unrelated to the correctness of an authentication credential. | |
| FCS_RADSEC_EXT.1 (selection-based) | FCS_RADSEC_EXT.1 supports the objective by optionally requiring the TSF to implement RadSec in accordance with a defined specification. | |
| FCS_RADSEC_EXT.2 (selection-based) | FCS_RADSEC_EXT.2 supports the objective by optionally requiring the TSF to implement RadSec using pre-shared keys if that is the method chosen for peer authentication. | |
| FIA_PSK_EXT.1 (selection-based) | FIA_PSK_EXT.1 supports the objective by optionally requiring the TSF to implement pre-shared key authentication if any trusted protocols require its use. | |
| O.FAIL_SECURE | FPT_TST_EXT.1 (modified from Base-PP) | FPT_TST_EXT.1 supports the objective by requiring the TSF to perform self-tests that may aid in the detection of a TSF failure. |
| FPT_FLS.1 | FPT_FLS.1 supports the objective by requiring the TSF to preserve a secure state in the event of a self-test failure. | |
| O.SYSTEM_MONITORING | FAU_GEN.1/WLAN | FAU_GEN.1/WLAN supports the objective by requiring the TSF to generate audit records for security-relevant WLAN behavior. |
| FAU_GEN_EXT.1 (modified from Base-PP) | FAU_GEN_EXT.1 supports the objective by requiring the TSF to generate appropriate security-relevant auditable events on each of its distributed components. | |
| FAU_STG_EXT.1 (modified from Base-PP) | FAU_STG_EXT.1 supports the objective by defining how distributed TOE components store their generated audit records. | |
| O.TOE_ADMINISTRATION | FMT_SMR_EXT.1 | FMT_SMR_EXT.1 supports the objective by requiring the TSF to prevent any administrative actions that originate from the 'external' network. |
| FMT_SMF.1/AccessSystem | FMT_SMF.1/AccessSystem supports the objective by defining management functionality that is specific to WLAN AS devices. |
| PP-Module Threat, Assumption, OSP | Consistency Rationale |
|---|---|
| T.NETWORK_DISCLOSURE | This threat extends the security problem defined by the Base-PP to include the threat of a malicious entity in an untrusted network interacting with a protected entity in a trusted network. This is not addressed in the Base-PP because not all network devices are responsible for facilitating communications between separate networks. This threat is also consistent with the T.UNTRUSTED_COMMUNICATION_CHANNELS threat defined by the Base-PP because compromise of data in transit is one potential way this threat may be exploited. |
| T.NETWORK_ACCESS | This threat extends the security problem defined by the Base-PP to include the threat of a malicious entity in an untrusted network interacting with a protected entity in a trusted network. This is not addressed in the Base-PP because not all network devices are responsible for facilitating communications between separate networks. |
| T.TSF_FAILURE | This threat is an extension of the T.SECURITY_FUNCTIONALITY_FAILURE threat defined by the Base-PP. |
| T.DATA_INTEGRITY | This threat is a specific type of failure that may result from successful exploitation of the T.WEAK_CRYPTOGRAPHY threat defined by the Base-PP. It is an extension of the Base-PP threat for communications that are specific to this PP-Module. |
| T.REPLAY_ATTACK | This threat is a specific type of failure that may result from successful exploitation of the T.UNAUTHORIZED_ADMINISTRATOR_ACCESS and T.UNTRUSTED_COMMUNICATIONS_CHANNELS threats defined by the Base-PP. It is an extension of the Base-PP threat for communications that are specific to this PP-Module. |
| A.CONNECTIONS | The Base-PP does not define where in a particular network architecture a network device must be deployed since it is designed to be generic to various types of network devices. This PP-Module defines the expected architectural deployment specifically for WLAN AS network devices. |
The objectives for the TOEs are consistent with the NDcPP based on the following rationale:
| PP-Module TOE Objective | Consistency Rationale |
|---|---|
| O.CRYPTOGRAPHIC_FUNCTIONS | The Base-PP does not define TOE objectives, but it does define requirements for cryptographic functions. This objective is consistent with the functional behavior required by the Base-PP. |
| O.AUTHENTICATION | The Base-PP does not define TOE objectives, but it does define requirements for authentication of both users and remote entities. This objective is consistent with the functional behavior required by the Base-PP. |
| O.FAIL_SECURE | The Base-PP does not define TOE objectives, but it does define requirements for self-testing. This PP-Module is consistent with that by defining an objective to enter a secure state if a self-test does fail. |
| O.SYSTEM_MONITORING | The Base-PP does not define TOE objectives, but it does define requirements for auditing. This PP-Module is consistent with that by ensuring that auditable events are appropriately defined for the WLAN AS capability. |
| O.TOE_ADMINISTRATION | The Base-PP does not define TOE objectives, but it does define requirements for management. This PP-Module is consistent with that by applying security restrictions on how the TOE's management interface can be invoked. |
The objectives for the TOE's OE are consistent with the NDcPP based on the following rationale:
| PP-Module OE Objective | Consistency Rationale |
|---|---|
| OE.CONNECTIONS | The Base-PP does not define where in a particular network architecture a network device must be deployed since it is designed to be generic to various types of network devices. This PP-Module defines the expected architectural deployment specifically for WLAN AS network devices. |
| PP-Module Requirement | Consistency Rationale |
|---|---|
| Modified SFRs | |
| FAU_GEN_EXT.1 | This PP-Module does not modify the Base-PP SFR; it only mandates the inclusion of the SFR because a conformant TOE will always require this functionality that is only conditional in the Base-PP. |
| FAU_STG_EXT.1 | This PP-Module modifies a Base-PP SFR by restricting the selection options to a subset of those defined in the Base-PP. . |
| FAU_STG_EXT.4 | This PP-Module does not modify the Base-PP SFR; it only mandates the inclusion of the SFR because a conformant TOE will always require this functionality that is only conditional in the Base-PP. |
| FCO_CPC_EXT.1 | This PP-Module does not modify the Base-PP SFR; it only mandates the inclusion of the SFR because a conformant TOE will always require this functionality that is only conditional in the Base-PP. |
| FCS_COP.1/DataEncryption | This PP-Module modifies the Base-PP's definition of the SFR by adding additional AES modes consistent with the standards referenced in the Base-PP and by mandating specific selections that are relevant to the technology type of the PP-Module. |
| FPT_TST_EXT.1 | This PP-Module modifies the Base-PP's definition of the SFR by defining a minimum baseline for what self-tests must be run. Additional self-tests may still be specified by the ST author. |
| FTP_ITC.1 | This PP-Module modifies the Base-PP's definition of the SFR by specifying a minimum baseline of required communications protocols and also includes additional protocols not originally defined by the Base-PP. The original protocols specified in the Base-PP may still be selected by the ST author. |
| Additional SFRs | |
| This PP-Module does not add any requirements when the NDcPP is the base. | |
| Mandatory SFRs | |
| FAU_GEN.1/WLAN | This SFR iterates the FAU_GEN.1 SFR defined in the Base-PP to define auditable events for the functionality that is specific to this PP-Module. |
| FCS_CKM.1/WPA | This SFR defines additional cryptographic functionality not defined in the Base-PP, but it implements this using the DRBG mechanism already defined in the Base-PP. |
| FCS_CKM.2/GTK | This SFR defines additional cryptographic functionality not defined in the Base-PP that is used for functionality outside the original scope of the Base-PP. |
| FCS_CKM.2/PMK | This SFR defines additional cryptographic functionality not defined in the Base-PP that is used for functionality outside the original scope of the Base-PP. |
| FIA_8021X_EXT.1 | This SFR defines support for 802.1X communications, which is a logical interface that extends the scope of what the Base-PP originally defined. |
| FIA_UAU.6 | This SFR defines support for re-authentication of wireless users, which are a type of subject beyond the scope of what the Base-PP originally defined. |
| FMT_SMF.1/AccessSystem | This SFR defines additional management functionality that is specific to the Module’s product type and would therefore not be expected to be present in the Base-PP. |
| FMT_SMR_EXT.1 | This SFR applies restrictions on when the execution of management functions is authorized. It does not prevent proper administration of the TSF. |
| FPT_FLS.1 | This SFR extends the functionality described by FPT_TST_EXT.1 in the Base-PP by defining the specific TSF reaction in the event of a failed self-test. |
| FTA_TSE.1 | This SFR applies restrictions on establishment of wireless communications, which is a logical interface that extends the scope of what the Base-PP originally defined. |
| FTP_ITC.1/Client | This SFR iterates the FTP_ITC.1 SFR defined in the Base-PP to define trusted communication channels for the functionality that is specific to this PP-Module. |
| Optional SFRs | |
| FCS_CKM.2/DISTRIB | This SFR defines an additional use for the cryptographic and self-protection mechanisms defined in the Base-PP. |
| Selection-based SFRs | |
| FCS_RADSEC_EXT.1 | This SFR defines the implementation of RadSec and the peer authentication method that it uses. This relies on the TLS requirements defined by the Base-PP and may also use the X.509v3 certificate validation methods specified in the Base-PP, depending on the selected peer authentication method. |
| FCS_RADSEC_EXT.2 | This SFR defines the implementation of RadSec when pre-shared key authentication is used. This functionality is outside the original scope of the Base-PP, but it relies on the TLS client protocol implementation, cryptographic algorithms, and random bit generation functions defined by the Base-PP. |
| FCS_RADSEC_EXT.3 | This SFR defines the implementation of RadSec when pre-shared key authentication with RSA is used. This functionality is outside the original scope of the Base-PP, but it relies on the TLS client protocol implementation, cryptographic algorithms, and random bit generation functions defined by the Base-PP. |
| FIA_PSK_EXT.1 | This SFR defines parameters for pre-shared key generation. The Base-PP supports pre-shared keys as a potential authentication method for IPsec. This PP-Module does not prevent this from being used but does define restrictions on how pre-shared keys may be generated and what constitutes an acceptable key. This may also be used for RadSec, which is outside the original scope of the Base-PP. |
| Objective SFRs | |
| This PP-Module does not define any Objective requirements. | |
| Implementation-based SFRs | |
| This PP-Module does not define any Implementation-based requirements. | |
This requirement applies to any key necessary for successful IEEE 802.11 connections not covered by FCS_CKM.2/GTK. In cases where a key must be distributed to other APs, this communication must be performed via a mechanism of commensurate cryptographic strength. Because communications with any component of a distributed TOE are required to be performed over a trusted connection, the transfer of these keys will be protected.
FCS_COP.1 and FPT_ITT.1 are defined in the NDcPP.
This PP-Module does not define any Objective SFRs.
This PP-Module does not define any Implementation-dependent SFRs.
This SFR is applicable if "RADIUS over TLS" is selected in FTP_ITC.1.1.
If X.509v3 certificates is selected in FCS_RADSEC_EXT.1.2, then FCS_TLSC_EXT.2 from the NDcPP must be claimed. If pre-shared keys is selected in FCS_RADSEC_EXT.1.2, then FCS_RADSEC_EXT.2 and FIA_PSK_EXT.1 in this PP-Module must be claimed.
If any of the TLS_RSA_PSK ciphersuites are selected by the ST author, it is necessary to claim the selection-based requirement FCS_RADSEC_EXT.3.
The above ciphersuites are only for use when the TSF is acting as a RADIUS over TLS client, not for other uses of the TLS protocol. The ciphersuites to be tested in the evaluated configuration are limited by this requirement. The ST author should select the ciphersuites that are supported. If "X.509v3 certificates" is selected in FCS_RADSEC_EXT.1.2, the ciphersuites selected in (and tested by) FCS_TLSC_EXT.2.1 are also supported for RADIUS over TLS client use.
This requirement must be claimed if any ciphersuites beginning with 'TLS_RSA_PSK' are selected in FCS_RADSEC_EXT.2.1.
The rules for verification of identity are described in Section 6 of RFC 6125. The reference identifier is typically established by configuration (e.g. configuring the name of the authentication server). Based on a singular reference identifier’s source domain and application service type (e.g. HTTP, SIP, LDAP), the client establishes all reference identifiers which are acceptable, such as a Common Name for the Subject Name field of the certificate and a (case-insensitive) DNS name for the Subject Alternative Name field. The client then compares this list of all acceptable reference identifiers to the presented identifiers in the TLS server’s certificate.
The preferred method for verification is the Subject Alternative Name using DNS names, URI names, or Service Names. Verification using the Common Name is required for the purposes of backwards compatibility. Additionally, support for use of IP addresses in the Subject Name or Subject Alternative name is discouraged as against best practices but may be implemented. Finally, support for wildcards is discouraged but may be implemented. If the client supports wildcards, the client must follow the best practices regarding matching; these best practices are captured in the evaluation activity.
This requirement must be claimed if any ciphersuites beginning with 'TLS_RSA_PSK' are selected in FCS_RADSEC_EXT.2.1.
Validity is determined by the identifier verification, certificate path, the expiration date, and the revocation status in accordance with RFC 5280. Certificate validity is tested in accordance with testing performed for FIA_X509_EXT.1/Rev in the NDcPP.
This requirement must be included if IPsec or another protocol that uses pre-shared keys is claimed, and pre-shared key authentication is selected (e.g., "Pre-shared Keys" is selected in FCS_IPSEC_EXT.1.13 or "pre-shared keys" is selected in FCS_RADSEC_EXT.1.2). The intent of this requirement is that all protocols will support both text-based and bit-based pre-shared keys.
For the length of the text-based pre-shared keys, a common length (22 characters) is required to help promote interoperability. If other lengths are supported, they should be listed in the assignment; this assignment can also specify a range of values (e.g., "lengths from 5 to 55 characters") as well.
For FIA_PSK_EXT.1.3, the ST author specifies whether the TSF merely accepts bit-based pre-shared keys or is capable of generating them. If it generates them, the requirement specifies that they must be generated using the RBG provided by the TOE.
| Functional Class | Functional Components |
|---|---|
| Identification and Authentication (FIA) | FIA_8021X_EXT 802.1X Port Access Entity (Authenticator) Authentication FIA_PSK_EXT Pre-Shared Key Composition |
| Security Management (FMT) | FMT_SMR_EXT Security Management Restrictions |
| Cryptographic Support (FCS) | FCS_RADSEC_EXT RadSec |
FIA_8021X_EXT.1, 802.1X Port Access Entity (Authenticator) Authentication, requires the TSF to securely implement IEEE 802.1X as an authenticator.
No specific management functions are identified.
The following actions should be auditable if FAU_GEN Security Audit Data Generation is included in the ST:
Hierarchical to: No other components.
Dependencies to: No dependencies
FIA_PSK_EXT.1, Pre-Shared Key Composition, requires the TSF to support pre-shared keys that meet various characteristics for specific communications usage.
No specific management functions are identified.
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to: FCS_RBG_EXT.1 Random Bit Generation
FMT_SMR_EXT.1, No Administration from Client, requires the TSF to reject remote administration from a wireless client by default.
No specific management functions are identified.
There are no auditable events foreseen.
FCS_RADSEC_EXT.1, RadSec, requires the TSF to implement RadSec using a specified peer authentication method.
FCS_RADSEC_EXT.2, RadSec using Pre-Shared Keys, requires the TSF to implement RadSec using pre-shared key authentication in a manner that conforms to relevant TLS specifications.
FCS_RADSEC_EXT.3, RadSec using Pre-Shared Keys and RSA, requires the TSF to validate the external entity used for trusted communications.
No specific management functions are identified.
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to:
FCS_TLSC_EXT.1 TLS Client Protocol
FIA_PSK_EXT.1 Pre-Shared Key Composition
FIA_X509_EXT.1 X.509v3 Certificate Validation
No specific management functions are identified.
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to:
FCS_CKM.1 Cryptographic Key Generation
FCS_COP.1 Cryptographic Operation
FCS_RADSEC_EXT.1 RadSec
FCS_RBG_EXT.1 Random Bit Generation
No specific management functions are identified.
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to:
FCS_RADSEC_EXT.2 RadSec using Pre-Shared Keys
FIA_X509_EXT.1 X.509v3 Certificate Validation
This appendix lists requirements that should be considered satisfied by products successfully evaluated against this Module. These requirements are not featured explicitly as SFRs and should not be included in the ST. They are not included as standalone SFRs because it would increase the time, cost, and complexity of evaluation. This approach is permitted by [CC] Part 1, 8.2 Dependencies between components.
This information benefits systems engineering activities which call for inclusion of particular security controls. Evaluation against the PP provides evidence that these controls are present and have been evaluated.
This PP-Module has no implicitly satisfied requirements. All SFR dependencies are explicitly met either through SFRs defined by the PP-Module or inherited from the Base-PP.| Requirement | Description | Distributed TOE SFR Allocation |
| FAU_GEN.1/WLAN | Audit Data Generation | All |
| FCS_CKM.1/WPA | Cryptographic Key Generation (Symmetric Keys for WPA2 Connections) | One |
| FCS_CKM.2/GTK | Cryptographic Key Distribution (GTK) | Feature Dependent |
| FCS_CKM.2/PMK | Cryptographic Key Distribution (PMK) | Feature Dependent |
| FIA_8021X_EXT.1 | 802.1X Port Access Entity (Authenticator) Authentication | One |
| FIA_UAU.6 | Re-Authenticating | Feature Dependent |
| FMT_SMF.1/AccessSystem | Specification of Management Functions | Feature Dependent |
| FMT_SMR_EXT.1 | No Administration from Client | All |
| FPT_FLS.1 | Failure with Preservation of Secure State | All |
| FTA_TSE.1 | TOE Session Establishment | All |
| FTP_ITC.1/Client | Inter-TSF Trusted Channel (WLAN Client Communications) | All |
| FCS_CKM.2/DISTRIB | Cryptographic Key Distribution (802.11 Keys) | Feature Dependent |
| FCS_RADSEC_EXT.1 | RadSec | Feature Dependent |
| FCS_RADSEC_EXT.2 | RadSec using Pre-Shared Keys | Feature Dependent |
| FCS_RADSEC_EXT.3 | RadSec using Pre-Shared Keys and RSA | Feature Dependent |
| FIA_PSK_EXT.1 | Pre-Shared Key Composition | Feature Dependent |
| Acronym | Meaning |
|---|---|
| AES | Advanced Encryption Standard |
| AP | Access Point |
| AS | Access System |
| Base-PP | Base Protection Profile |
| CBC | Cipher Block Chaining |
| CC | Common Criteria |
| CCM | Counter Mode with CBC-Message Authentication Code |
| CCMP | CCM mode Protocol |
| CEM | Common Evaluation Methodology |
| CTR | Counter (encryption mode) |
| EAP | Extensible Authentication Protocol |
| GCM | Galois-Counter Mode |
| GTK | Group Temporal Key |
| IPsec | Internet Protocol Security |
| MAC | Media Access Control |
| NDcPP | Network Device collaborative Protection Profile |
| OE | Operational Environment |
| PAE | Port Access Entity |
| PMK | Pairwise Master Key |
| PP | Protection Profile |
| PP-Configuration | Protection Profile Configuration |
| PP-Module | Protection Profile Module |
| PTK | Pairwise Transient Key |
| RADIUS | Remote Authentication Dial In User Service |
| RBG | Random Bit Generator |
| SAR | Security Assurance Requirement |
| SFR | Security Functional Requirement |
| SSID | Service Set Identifier |
| ST | Security Target |
| TLS | Transport Layer Security |
| TOE | Target of Evaluation |
| TSF | TOE Security Functionality |
| TSF Interface (TSFI) | TSF Interface |
| TOE Summary Specification (TSS) | TOE Summary Specification |
| WLAN | Wireless Local Area Network |
| WPA | Wi-Fi Protected Access |
| Collaborative Protection Profile (cPP) | Collaborative Protection Profile |
| Identifier | Title |
|---|---|
| [CC] | Common Criteria for Information Technology Security Evaluation -
|
| [NDcPP] | collaborative Protection Profile for Network Devices, Version 2.2e, March 23, 2020 |
| [NDcPP SD] | Supporting Document - Evaluation Activities for Network Device cPP, Version 2.2, December 2019 |