NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Oceus Networks® VPN Client v2

Certificate Date:  2017.02.03

Validation Report Number:  CCEVS-VR-VID10754-2017

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is the Oceus Networks® VPN Client for Android Devices, Version 2.0.0.0.2211; and Oceus Networks® VPN Client for Samsung Devices, Version 2.0.0.0.2211.

The TOE is a VPN client that provides secure remote network connectivity for Android 6.x mobile devices by implementing an IPsec VPN using the configurations defined by profiles.  The IPsec VPN capabilities are the primary function of the TOE.  IPsec is used by the TOE to protect communication between itself and a VPN gateway over an unprotected network.

The TOE employs a cross-platform implementation that utilizes a FIPS 140-2 level 1 certified cryptographic code base (Mocana NanoCrypto) providing IPsec/VPN encryption.  The TOE is interoperable with current IKEv1 and IKEv2 RFCs and can utilize X509v3 certificates for authentication of an IPsec peer.  In a basic IPsec VPN connection, all traffic from the VPN client is encrypted and sent across the VPN gateway.  Profiles can be defined on or loaded into a mobile device.  Named profiles define the endpoints, authentication data, and cryptographic characteristics for a VPN.  Profiles define the cryptographic configuration of IKEv1 and IKEv2, tunnel mode, as well as a large set of additional cryptographic options.


Evaluated Configuration

The Oceus Networks VPN Client runs on any Android 6.x platform.  This includes the currently evaluated Samsung Galaxy mobile Android devices using these versions of Android (i.e., Galaxy S6, S6 Edge, Galaxy S7 and S7 Edge).  The TOE is installed on the mobile device and provides an interface to define and view profiles (a set of configuration values), as well as to establish and terminate VPN connections.  The TOE relies upon its platform for random numbers with which it seeds its own DRBG.  All cryptography and the IPsec protocol stack are provided by the TOE.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Oceus Networks VPN Client was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.    The product, when delivered and configured as identified in the Oceus Networks VPN Client User Guide, Version 0.16, 12/8/2016 and the Oceus Networks VPN Client Product Guidance, Version 0.8, 12/8/2016, satisfies all of the security functional requirements stated in the Oceus Networks VPN Client (IVPNCPP14) Security Target, Version 0.9, January 19, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in January 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10754-2017) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Oceus Networks VPN Client TOE are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic Support - The IPsec implementation is the primary function of the TOE.  IPsec is used by the TOE to protect communication between itself and a VPN Gateway over an unprotected network.  The TOE also provides its cryptographic services to support the IPsec VPN, and self-testing functionality specified in this Security Target.

User Data Protection - The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.

Identification and Authentication - The TOE provides the ability to use, store, and protect X.509 certificates that are used for IPsec Virtual Private Network (VPN) connections.

Security Management - The TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target.  This includes interfaces to the user as well as to the VPN gateway.  The IPsec VPN is fully configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway.  The TOE platform provides the functions necessary to securely update the TOE.

TSF Protection - The TOE utilizes its own cryptographic functions to perform self-tests that cover the TOE.  The TOE platform provides the functions necessary to securely update the TOE.

Trusted Path/Channels - The TOE acts as a VPN client using IPsec to establish secure channels to corresponding VPN gateways.


Vendor Information

Logo
Oceus Networks, Inc.
Sharman Palos
214-778-6360
214-778-6341
spalos@oceusnetworks.com

www.oceusnetworks.com
Site Map              Contact Us              Home