NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Voyager TDC 10G Switch - V2.0

Certificate Date:  2018.11.19

Validation Report Number:  CCEVS-VR-VID10911-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Klas Voyager TDC Switch running KlasOS firmware provides connectivity to multiple devices into the same network segment. A real-time clock is present on all KlasOS devices. Authentication can be provided locally or over a trusted channel using SSH and all logs can be securely sent to a syslog server. KlasOS provides a Command Line Interface (CLI) for device configuration. The TOE provides TenGigabit Ethernet, and layer 2 high-speed switching and removable storage using the VIK.

Evaluated Configuration

Functional testing of the TOE was performed on the KLAS-VOY-TDC-R2.0 platform with KlasOS fastnet v5.2.0rc7 installed and configured as per the CC Preparative and Administrative Guidance documentation provided as part of the TOE. Platform equivalency claims were not necessary as only one hardware platform was claimed in the TOE.

The Operational Environment included the following components to support the secure operation of the TOE:

  • Local Console
  • Syslog Server
  • An SSHv2 Client


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Klas Telecom VoyagerTDC 10G Switch (TOE) was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all of the security functional requirements stated in the Klas Telecom VoyagerTDC 10G Switch Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in November 2018.

Environmental Strengths


  • The TOE will audit all events and information defined in Table 3: Auditable Events in the Security Target.
  • The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.
  • The TOE protects storage of audit information from unauthorized deletion.
  • The TOE can transmit audit data to an external IT entity using SSH protocol.

Cryptographic Operations

The TSF performs the following cryptographic operations:

  • SSHv2 using:
    • AES-CBC-128 or AES-CBC-256 for encryption;
    • DH Group 14, or NIST P-256 / P-384 for key exchange;
    • HMAC SHA1, HMAC-SHA2-256, or HMAC-SHA2-512 for message authentication;
    • RSA public key authentication using 2048, 3072 and 4096-bit keys & EC public key authentication using NIST P-256 or P-384.

The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

Identification and Authentication

  • The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 15 characters or more.
    • The TSF supports public key-based authentication methods.
    • The TSF requires all administrative-users to authenticate before allowing the user to perform any actions other than:
      • Viewing the warning banner

Security Management

The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. All TOE administration occurs via a local serial console connection or remote SSH session. The TOE provides the ability to securely manage:

  • All TOE administrative users, including identification and authentication parameters and credentials.
  • Timestamps maintained by the TOE.
  • Update to the TOE.

Only one administrative user can be created on the TOE, and the administrative user can perform all of the above security relevant management functions. Administrators can create configurable login banners to be displayed at time of login and can also define an inactivity timeout to terminate sessions after a set period of inactivity.

Protection of the TSF

  • The TSF prevents the reading of secret and private keys.
  • The TOE provides reliable time stamps for itself.
  • The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correction operation of the TSF.
  • The TOE provides a means to verify firmware/software updates to the TOE using a digital signature mechanism prior to installing those updates.

TOE Access

  • The TOE, for local interactive sessions, shall terminate the session after an Authorized Administrator-specified period of session inactivity.
  • The TOE terminates a remote interactive session after an Authorized Administrator-configurable period of session inactivity.
  • TOE allows Adminstrator-initiated termination of the Administrator’s own interactive session.
  • Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.

Trusted Path/Channels

  • The TOE uses SSH to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.he TOE permits the TSF or the authorized IT entities to initiate communication via the trusted channel.
  • The TOE permits the TSF or the authorized IT entities to initiate communication via the trusted channel.
  • The TOE permits remote administrators to initiate communication via the trusted path.
  • The TOE requires the use of the trusted path for intial administrator authentication and all remote adminstration actions.


Vendor Information

Klas Telecom
Toby Stidham
Site Map              Contact Us              Home