NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Black Lantern BL300-B2 and BL300-C2 (software version 1.5.2)

Certificate Date:  2017.12.07

Validation Report Number:  CCEVS-VR-VID10838-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

Guardtime Black Lantern is a network device providing an integrated hardware and software platform designed to mitigate both remote and physical attacks against a customer infrastructure and applications. Black Lantern incorporates a built-in Keyless Signature Infrastructure (KSI) gateway and extender, which allows for secure implementation of KSI-based data assurance and cybersecurity solutions with built-in active anti-tamper measures.

Black Lantern extends the power of the KSI Industrial Blockchain for real-time cybersecurity and data-centric asset protection, supporting enhanced continuity of operations and data loss prevention. KSI is designed to provide scalable digital signature-based authentication for electronic data, machines and humans.

KSI is a method and a globally distributed network infrastructure for the issuance and verification of KSI signatures. Unlike traditional digital signature approaches (such as Public Key Infrastructure (PKI)), which depend on asymmetric key cryptography, KSI uses only hash function cryptography, allowing verification to rely only on the security of hash functions and the availability of a public ledger commonly referred to as a blockchain.

A blockchain is a distributed public ledger—an append-only record of events where each new event is cryptographically linked to all previous events. New entries are created using a distributed consensus protocol.

A user interacts with the KSI system by submitting a hash value of the data to be signed into the KSI infrastructure and is then returned a signature which provides cryptographic proof of the time of signature, integrity of the signed data, as well as attribution of origin, i.e., which entity generated the signature.

Evaluated Configuration

The TOE consists of the following appliance models running Black Lantern version 1.5.2 software:

·         BL300-B2

·         BL300-C2.

The operational environment can include the following components to support the operation of the TOE:

·         Local management console—local administration of the TOE is supported via an RS-232 serial interface, which provides access to the Serial Console Interface (SCI). The local management console can be any device that supports an RS-232 connection, including a local terminal, PC with terminal emulation software, or a terminal server.

·         Remote management client—the TOE provides a RESTful interface to support remote administration from client software that makes requests with calls to the TOE’s RESTful application programming interface (API). The RESTful API is fully described in the TOE’s guidance documentation.

·         Remote authentication service—in order to support remote administration, the TOE requires a remote authentication service able to generate an authentication token (authToken) that is used by a remote management client to authenticate each call it makes to the RESTful API. The requirements for the remote authentication service and construction of the authToken are described in the TOE’s guidance documentation.

·         Audit server—the TOE is able to export audit records to an external syslog server over TLS.

  • NTP server—the TOE supports synchronization to NTP servers to maintain its internal time source.
  • HTTP Server—the TOE supports connection to an HTTP server for the purpose of updating the Black Lantern software.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered and configured as identified in Guardtime Black Lantern Guidance Documentation, Version 1.2, December 5, 2017, satisfies all of the security functional requirements stated in Guardtime Black Lantern Security Target, Version 1.2, December 5, 2017. The project underwent CCEVS Validator review. The evaluation was completed in December 2017. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE generates audit records of security relevant events. Generated audit records include the date and time of the event, the event type, the subject identity and the outcome of the event. For audit events resulting from the actions of identified users, the identity of the user is recorded in the generated audit record.

The TOE is able to store generated audit records locally and to export audit records securely to an external syslog server over TLS. In the event the space available for storing audit records locally is exhausted, the TOE will drop new audit data until such time as space is again available. The TOE is able to keep track of the number of dropped audit records and to write this number to the audit trail once it has been cleared and space has been made available for storage of new audit records.

The TOE writes a warning to the audit trail when the space available for storage of audit records reaches the following thresholds: 25% space remaining; 15% space remaining; 10% space remaining; 5, 4, 3, 2, and 1% space remaining.

Cryptographic Support

The TOE incorporates the Guardtime Crypto Support Library (CSL) Direct v1.0.0 to provide cryptographic algorithms and support cryptographic protocols, including TLS and HTTPS. The TOE’s implementation of each of the required cryptographic algorithms is certified via the NIST Cryptographic Algorithm Validation Program (CAVP).  

Identification and Authentication

The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console and a network accessible interface over HTTPS (the RESTful API) to support administration of the TOE.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. When a user is authenticated at the local console, no information about the authentication data (i.e., password) is echoed to the user. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: !; @; #; $; %; ^; &; *; (; ); _; ?; <; >; .; ~; and |. The TOE supports the use of X.509v3 certificates for TLS authentication and also supports certificate revocation checking using Online Certificate Status Protocol (OCSP). It will not accept a certificate if it is unable to establish a connection in order to determine the certificate’s validity.

Security Management

The TOE implements a role-based access control model with the following three defined roles:

·         Security Administrator—has authorizations to manage users (add user, update user, add user to group, delete user from group), provision Black Lantern, update TOE software, and upload certificates.

·         Network Administrator—has authorizations to manage network-related configuration (device network configuration, remote host configuration).

·         KSI Administrator—has authorizations to manage all KSI-related configuration (all aggregator and extender configuration).

Of these roles, only the Security and Network Administrator have the necessary authorizations to be able to manage the TOE security functionality and TSF data. Security management commands are limited to administrators and are available only after they have provided acceptable user identification and authentication data to the TOE.

Protection of the TSF

The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).

The TOE provides mechanisms to view the current version of the TOE and to install updates of the TOE software. TOE updates are initiated manually by the Security Administrator.  The TOE can verify the integrity of the update prior to installation using a decryption mechanism and a digital signature.

The TOE performs tests for connection integrity and cryptographic known-answer tests.

TOE Access

The TOE will terminate local interactive sessions at the local console interface after a configurable period of inactivity. The use of the RESTful API for remote security management means there is no concept of an interactive session for remote administrators—each request to the API is a self-contained, identified and authenticated request.   The remote session is terminated immediately after the request is submitted to the interface and is never open for any measurable period of inactivity.

The TOE is able to display an administrator-configurable advisory and consent warning message at the local console prior to an administrator establishing an interactive session with the TOE. The TOE provides the capability for users to terminate their own local sessions by logging out of the TOE.

Trusted Path/Channels

The TOE utilizes TLS version 1.2, in compliance with RFC 5246, to support secure path and channel communications. The TOE supports the establishment of a trusted path between a RESTful API client and the TOE, and initiated by the client. The TOE establishes trusted channels between itself and the audit server and authentication server. All TLS connections are mutually authenticated. Note that communications with the RESTful API client and with the authentication server use HTTPS.

Vendor Information

Christian Bravo
Site Map              Contact Us              Home