NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - IPGARD Secure KVM/KM Switch (SDVN, SDPN, SDHN, SKMN models)

Certificate Date:  2017.03.10

Validation Report Number:  CCEVS-VR-VID10772-2017

Product Type:    Peripheral Switch

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Peripheral Sharing Switch Version 3.0

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

IPGARD Secure Peripheral Sharing Switches provide a secure medium to share a single set of peripheral components such as keyboard, video display and mouse/pointing devices among multiple computers over USB, DVI, and Display Port for KVM Switches and keyboard, mouse/pointing devices among multiple computers over USB for KM Switches.

The Target of Evaluation (TOE) is hardware and firmware components of the IPGARD Secure Peripheral Sharing Switches.    The TOE model numbers and descriptions are provided in the tables below.   The products range from 2-Port to 16-Ports to support 2 to 16 computers respectively.

#

Model Name

P/N

Description and NIAP Certification Version

Eval. Version

1

SDVN-2S

1872-IPG-1001

2-Port SH Secure DVI-I KVM w/audio, PP 3.0

111.111

2

SDVN-2S-P

1872-IPG-1002

2-Port SH Secure Pro DVI-I KVM w/audio and CAC, PP 3.0

111.111

3

SDVN-2D

1872-IPG-1003

2-Port DH Secure DVI-I KVM w/audio and CAC, PP 3.0

111.111

4

SDVN-2D-P

1872-IPG-1004

2-Port DH Secure Pro DVI-I KVM w/audio, PP 3.0

121.212

5

SDPN-2S

1872-IPG-1005

2-Port SH Secure DP KVM w/audio, PP 3.0

121.212

6

SDPN-2S-P

1872-IPG-1006

2-Port SH Secure Pro DP KVM w/audio and CAC, PP 3.0

121.212

7

SDPN-2D

1872-IPG-1007

2-Port DH Secure DP KVM w/audio and CAC, PP 3.0

121.212

8

SDPN-2D-P

1872-IPG-1008

2-Port DH Secure Pro DP KVM w/audio, PP 3.0

121.212

9

SDHN-2S-P

1872-IPG-1009

2-Port SH Secure Pro DP to HDMI KVM w/audio and CAC, PP 3.0

131.313

10

SDHN-2D-P

1872-IPG-1010

2-Port DH Secure Pro DP to HDMI KVM w/audio and CAC, PP 3.0

131.313

Table 1– IPGARD 2-Port Secure TOE Identification 

#

Model Name

P/N

Description and NIAP Certification Version

Eval. Version

1

SDVN-4S

1872-IPG-1011

4-Port SH Secure DVI-I KVM w/audio, PP 3.0

242.414

2

SDVN-4S-P

1872-IPG-1012

4-Port SH Secure Pro DVI-I KVM w/audio and CAC, PP 3.0

242.414

3

SDVN-4D

1872-IPG-1013

4-Port DH Secure DVI-I KVM w/audio, PP 3.0

242.414

4

SDVN-4D-P

1872-IPG-1014

4-Port DH Secure Pro DVI-I KVM w/audio and CAC, PP 3.0

242.414

5

SDPN-4S

1872-IPG-1015

4-Port SH Secure DP KVM w/audio, PP 3.0

252.515

6

SDPN-4S-P

1872-IPG-1016

4-Port SH Secure Pro DP KVM w/audio and CAC, PP 3.0

252.515

7

SDPN-4D

1872-IPG-1017

4-Port DH Secure DP KVM w/audio, PP 3.0

252.515

8

SDPN-4D-P

1872-IPG-1018

4-Port DH Secure Pro DP KVM w/audio and CAC, PP 3.0

252.515

9

SDHN-4S-P

1872-IPG-1019

4-Port SH Secure Pro DP to HDMI KVM w/audio and CAC, PP 3.0

262.616

10

SDHN-4D-P

1872-IPG-1020

4-Port DH Secure Pro DP to HDMI KVM w/audio and CAC, PP 3.0

262.616

11

SDVN-4Q-P

1872-IPG-1021

4-Port QH Secure Pro DVI-I KVM w/audio and CAC, PP 3.0

242.414

12

SDPN-4Q-P

1872-IPG-1022

4-Port QH Secure Pro DP KVM w/audio and CAC, PP 3.0

252.515

13

SDHN-4Q-P

1872-IPG-1023

4-Port QH Secure Pro DP to HDMI KVM w/audio and CAC, PP 3.0

262.616

14

SKMN-4S

1872-IPG-1030

4-Port Secure KM w/audio, PP 3.0

202.410

15

SKMN-4S-P

1872-IPG-1031

4-Port Secure Pro KM w/audio and CAC, PP 3.0

202.410

Table 2 – IPGARD 4-Port Secure TOE Identification

#

Model Name

P/N

Description and NIAP Certification Version

Eval. Version

1

SDVN-8S

1872-IPG-1024

8-Port SH Secure DVI-I KVM w/audio, PP 3.0

373.717

2

SDVN-8S-P

1872-IPG-1025

8-Port SH Secure Pro DVI-I KVM w/ audio and CAC, PP 3.0

373.717

3

SDVN-8D

1872-IPG-1026

8-Port DH Secure DVI-I KVM w/ audio, PP 3.0

373.717

4

SDVN-8D-P

1872-IPG-1027

8-Port DH Secure Pro DVI-I KVM w/ audio and CAC, PP 3.0

373.717

5

SKMN-8S

1872-IPG-1032

8-Port Secure KM w/ audio, PP 3.0

303.710

6

SKMN-8S-P

1872-IPG-1033

8-Port Secure  Pro KM w/ audio and CAC, PP 3.0

303.710

7

SDVN-16S

1872-IPG-1028

16-Port SH Secure DVI-I KVM w/ audio, PP 3.0

484.818

8

SDVN-16S-P

1872-IPG-1029

16-Port SH Secure Pro DVI-I KVM w/ audio and CAC, PP 3.0

484.818

Table 3 – IPGARD 8 and 16-Port Secure TOE Identification

The IPGARD KVM and KM switches are compatible with standard personal/portable computers, servers or thin-clients. Connected computers run operating systems such as Windows or Linux and have ports for the following:

·         USB keyboard (KVM and KM)

·         USB mouse (KVM and KM)

·         DVI and Display Port 1.2 Video Input (KVM)

·         DVI, HDMI 1.4 and Display Port 1.2 Video Output (KVM)

·         Audio Input (KVM and KM)

·         Audio Output (KVM and KM)

·         USB Common Access Card (CAC) or Smart-Card reader (KVM and KM)

Computers of varying sensitivities are connected to a single TOE that is intended to restrict peripherals connection to one computer at a time. Data leakage is prevented across the TOE to avoid severe compromise of the user's information.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the IPGARD Secure Peripheral Sharing Switches were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.   The product, when delivered and configured as identified in the IPGARD Secure KVM Administration and Security Management Tool Guide (KVM and KM), Version 1.9, December 13, 2016 and the respective User Manuals,  satisfies all of the security functional requirements stated in the IPGARD Secure KVM/KM Switch Security Target, Version 3.14, February 17, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in March 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE implements the User Data Protection and Data Isolation security function policies of the Protection Profile for Peripheral Sharing Switch. As specified in the ST.

Secure KVM/KM allows an individual user to utilize a single set of peripherals to operate in an environment with several isolated computers. KVM switches keyboard, mouse, display, audio, and USB/CAC (on -P models) from one isolated computer to another. KM switches keyboard, mouse, audio, and USB user authentication devices (only in -P models) from one isolated computer to another.

Keyboard and Mouse

The keyboard and mouse processor is programmed in firmware only to accept basic keyboard and mouse USB devices. Wireless keyboard and mouse are not allowed by the TOE. Only USB host peripheral devices are allowed by TOE keyboard and mouse host emulators.   A secure peripheral switch (multiplexer) is used to assure the selection of just one tied keyboard and mouse serial data stream during TOE operation. The secure multiplexor has a third position, isolation, which is activated when the TOE has been tampered with or self-test has failed to disable the keyboard and mouse stream.

TOE External Interface

The TOE only supports AC/DC power, USB keyboard and mouse, KVM Video (DVI in/DVI out, DP 1.2 in/DP 1.2 out, DP 1.2 in/HDMI 1.4 out or VGA in/VGA out via adapter), analog audio output, user authentication devices, and other assigned/authorized USB devices.   Docking protocols are not supported by the TOE.   Analog microphone or audio line inputs are not supported by the TOE. Unidirectional audio diodes are placed in parallel on both right and left stereo channels to ensure unidirectional data flow from the connected computer to the user peripheral device. Audio data from the connected peripheral devices to the connected computer is blocked by the audio data diodes.

Audio Subsystem

Electrical isolation of the audio subsystem from all other TOE interfaces prevents data leakages to and from the audio paths.  The use of microphones or audio line input devices are prohibited. All TOE devices support analog audio out switching and all TOE devices will prevent microphone devices. These microphones are stopped through the use of unidirectional audio diodes on both left and right stereo channels (forces data flow from only the computer to the connected audio device) and the analog output amplifier which enforces uni-directional audio data flow.  The TOE audio subsystem does not delay, store, or convert audio data flows. This prevents any audio overflow during switching between isolated audio channels.

Video Subsystem (KVM Only)

Each connected computer has its own TOE isolated channel with its own EDID emulator and video input port. Data flows from the input video source through its respective EDID emulator and out of the monitor display port.  Each video input interface is isolated from one another using different EDID ICs, power planes, ground planes, and electronic components in each independent channel. The TOE supports DVI/ DP 1.2 video input, and DVI/HDMI 1.4 video output (depending on the TOE model).

TOE Administration and Security Management

Each TOE is equipped with Administration and Security Management Tool that can be initiated by running an executable file on a computer with keyboard connected to the same computer via the TOE. The tool requires administrator or a user to be successfully identified and authenticated by name and password in order to gain access to any supported feature.

User Authentication Device Subsystem

The TOE is shipped with default Device Filtration for the CAC port. The filter is set at default to allow only standard smart-card reader, PIV/CAC USB 1.1/2.0 token or biometric reader. All devices must be bus powered only (no external power source allowed).  The TOE default settings accept standard smart-card reader, PIV/CAC USB 1.1/2.0 token or biometric reader. Only an Identified and authorized administrator can register other USB devices.

User Control and Monitoring Security

All user monitoring and control of the TOE is performed through the TOE front panel LED illuminated push-buttons. These buttons are tied to the TOE system controller functionality.  All push-buttons for selecting computer channels are internally illuminated via LEDs. The current selected channel is indicated by the illumination of the current channel push-button LED (the other channel LEDs remain off). During operation, all front panel LED indications cannot be turned off or dimmed by the user in any way including after Restore Factory Default (reset).

All features of the TOE front panel are tested during power up self-testing. From power up until the termination of the TOE self-test, no channel is selected.

Tampering Protection

In order to mitigate potential tampering and replacement, the TOE is devised to ensure that any replacement may be detected, any physical modification is evident, and any logical modification may be prevented. The TOE is designed so that access to the TOE firmware, software, or its memory via its accessible ports is prevented.   The TOE is designed to prevent any physical or logical access its internal memory.  There is a mechanical switch on the inside of the TOE that triggers the anti-tampering state when the enclosure is manually opened.   Once the anti-tampering state is triggered, the TOE is permanently disabled.

Self-testing and Log

The TOE has a self-testing function that executes immediately after power is supplied including Restore Factory Default (reset) and power reset, before normal operation access is granted to the user. Self-Test function includes the following activities:

·         Basic integrity test of the TOE hardware (no front panel push buttons are jammed).

·         Basic integrity test of the TOE firmware.

·         Integrity test of the anti-tampering system and control function.

·         Test the data traffic isolation between ports.

The TOE has a non-volatile memory event log which records all abnormal security events that occur within TOE operation.  This log can be accessed by the identified and authorized administrator and dumped into a .txt file using a connected computer and a program.


Vendor Information

Logo
IPGARD, Inc.
Albert Cohen
702-990-0523
702-441-5590
acohen@ipgard.com

http://www.ipgard.com/
Site Map              Contact Us              Home