NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Samsung Galaxy VPN Client on Android 7.1

Certificate Date:  2017.11.15

Validation Report Number:  CCEVS-VR-VID10850-2017

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide 1 [PDF]

Administrative Guide 2 [PDF]


Product Description

The TOE is a VPN client that runs on a mobile operating system (the TOE platform) based on Android 7.1 with modifications made to increase the level of security provided to end users and enterprises. The TOE is intended to be used as part of an enterprise messaging solution providing mobile staff with enterprise connectivity.

The TOE platform includes a Common Criteria mode (or “CC mode”) that an administrator can invoke through the use of an MDM or through a dedicated administrative application (see the Guidance for instructions to obtain the application).  The TOE platform must meet the following prerequisites in order for an administrator to transition the TOE platform to CC mode.

·         Require a screen lock password (swipe, PIN, pattern, or facial recognition screen locks are not allowed).

·         The maximum password failure retry policy should be less than or equal to ten.

·         Device encryption must be enabled or a screen lock password required to decrypt data on boot.

·         Revocation checking must be enabled.

·         External storage must be encrypted.

·         Password recovery policy must not be enabled.

·         Password history length must not be set. 

When CC mode has been enabled, the TOE platform behaves as follows.

·   The TOE platform sets the system wide Android CC mode property to “Enabled” if all the prerequisites have been met.

·   The TOE platform performs power-on self-tests.

·   The TOE platform performs secure boot integrity checking of the kernel and key system executables.

·   The TOE platform prevents loading of custom firmware/kernels and requires all updates occur through FOTA (Samsung’s Firmware Over The Air firmware update method).

·   The TOE platform uses CAVP approved cryptographic ciphers when joining and communicating with wireless networks.

·   The TOE platform utilizes CAVP approved cryptographic ciphers for TLS.

·   The TOE platform ensures FOTA updates utilize 2048-bit PKCS #1 RSA-PSS formatted signatures (with SHA-512 hashing).

There are different models of the mobile phone into which Samsung embeds the TOE (the Samsung Galaxy Devices VPN Client on Android 7.1).  These models differ physically and differ in their internal components (as described in Evaluated Configuration section below).


Evaluated Configuration

The model numbers of the mobile device used during the evaluation is as follows:

Device Name

Model
Number

Chipset Vendor

CPU

Build Arch/ISA

Android
Version

Kernel Version

Build Number

Galaxy Note 8

SM-N950F

Samsung

Exynos 8895

A64

7.1.1

4.4.13

NMF26X

Galaxy Note 8

SM-N95oU

Qualcomm

MSM8998

A64

7.1.1

4.4.21

NMF26X

Galaxy Tab Active2

SM-T395N

Samsung

Exynos 7870

A32

7.1.1

3.18.14

NMF26X

The devices include a final letter or number at the end of the name that denotes that the device is for a specific carrier (for example, V = Verizon Wireless and A = AT&T, which were used during the evaluation).  The following list of letters/numbers denotes the specific models which may be validated:

V – Verizon Wireless,

P - Sprint,

R4 – US Cellular,

S – SK Telecom,

L – LG Uplus,

J – KDDI,

D – NTT Docomo,

K - KT, Korea Telecom

A – AT&T,

T – T-Mobile,

U – All US Carriers (unified US model),

C/F/I - International

For each device there are specific models which are validated. This table lists the specific carrier models which have the validated configuration.

Device Name

Base Model
Number

Android
Version

Kernel Version

Build Number

Carrier Models

Galaxy Note 8 (Qualcomm)

SM-N950

7.1

4.4.21

NMF26X

U, J, D

Galaxy Note 8 (Samsung)

SM-N950

7.1

4.4.13

NMF26X

N, F

Galaxy Tab Active2

SM-T390

7.1

3.18.14

NMF26X

None

SM-T395

7.1

3.18.14

NMF26X

N, None

SM-T397

7.1

3.18.14

NMF26X

None

The absence of a final carrier letter indicates a device without a carrier model designation suffix can also be placed into the validated configuration.


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the TOE is EAL 1.  The product, when delivered and configured as identified in the Samsung VPN Client on Galaxy Devices Guidance documentation, Version 3.1, November 13, 2017 document, satisfies all of the security functional requirements stated in the Samsung Galaxy VPN Client on Android 7.1 (IVPNCPP14) Security Target, Version 0.4, November 15, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in November 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10850-2017) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Samsung Galaxy VPN Client on Android 7.1 are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support:

The IPsec implementation is the primary function of the TOE.  IPsec is used by the TOE to protect communication between itself and a VPN Gateway over an unprotected network. With the exception of the IPsec implementation, the TOE relies upon its underlying platform (evaluated against the Protection Profile For Mobile Device Fundamentals) for the cryptographic services specified in this Security Target.

User data protection:

The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.

Identification and authentication:

The TOE platform provides the ability to use, store, and protect X.509 certificates and pre-shared keys that are used for IPsec Virtual Private Network (VPN) connections.

Security management:

The TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target. In particular, the IPsec VPN is fully configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway. 

Protection of the TSF:

The TOE relies upon its underlying platform to perform self-tests that cover the TOE as well as the functions necessary to securely update the TOE.

Trusted path/channels:

The TOE is a VPN client that uses IPsec to established secure channels to corresponding VPN gateways.


Vendor Information

Logo
Samsung Electronics Co., Ltd.
Brian Wood
973-440-9125
be.wood@samsung.com

www.samsung.com
Site Map              Contact Us              Home