NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - CellCrypt Classified 2.0 (also known as Cellcrypt Federal)

Certificate Date:  2019.04.22

Validation Report Number:  CCEVS-VR-VID10929-2019

Product Type:    Application Software
   VoIP

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Extended Package for Voice and Video over IP (VVoIP) Version 1.0
  Protection Profile for Application Software Version 1.2

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is the Cellcrypt Classified 2 version 2.10.0 smartphone application, which will run on an Android 7 based platform. The Cellcrypt Classified 2 application is a software cryptographic application for smartphones, which enables users to have secure voice calls on an end-to-end encrypted session.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cellcrypt Classified 2 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered configured as identified in the Administrative Guidance Document - Cellcrypt Classified 2, version 2.10.0, satisfies all of the security functional requirements stated in the Cellcrypt Classified 2 Security Target. The project underwent CCEVS Validator review. The evaluation was completed in March 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The logical scope of the TOE comprises:

  • Authenticated connection set-up with a SIP server
  • End-to-end encryption used by the TOE when encrypting/decrypting secure voice traffic

The TOE utilizes X.509 Certificates to provide a mutual authentication for the trusted channel with the SIP server. The validity of the X.509 certificates is checked by querying a CRL. The TOE uses the TLSv1.2 protocol to protect all communications with the SIP server from modification and disclosure. In addition to the X.509 Certificate authentication, the TOE authenticates to the SIP server using a password as an additional layer of security. The TOE does not store the password and requires the user to enter the password whenever the TOE requires it.

The TOE achieves end-to-end encryption using SDES-SRTP trusted channel. The keys for the SDES-SRTP trusted channel are protected by the TLS/SIP channel while the keys are being established.

The TOE mitigates side channel attacks by utilizing a fixed rate vocoder. This prevents an attacker from inferring information about the audio based on the bitrate being transmitted. The TOE also enables ASLR and stack-based overflow protections.


Vendor Information


Cellcrypt Inc.
Adam Such
240-660-3278
information@csghq.com

https://www.csghq.com
Site Map              Contact Us              Home