Compliant Product - Belkin Secure KM models F1DN102K-3, F1DN104K-3, and F1DN108K-3
Certificate Date: 2019.07.31CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10984-2019
Product Type: Peripheral Switch
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Peripheral Sharing Switch Version 3.0
CC Testing Lab: DXC.technology
The Belkin Secure KM Peripheral Sharing Switches (PSS) allows the secure sharing of a single set of peripheral components such as keyboard, Mouse/Pointing device and user authentication device among multiple computers through cursor tracking. Belkin Secure KM can be configured to support large number of displays at any desired size and orientation with simple and intuitive switching between computers. Belkin Secure KM products are using multiple isolated microcontrollers and optical data diodes to protect from data leakages between connected computers.
This KM PSS enables user channel selection through conventional push-buttons and also through mouse cursor tracking function. Cursor tracking function follows the location of the cursor as it crosses the display boundaries. Some evaluated KM PSS also support CAC function as shown in the table below. This function enables secure connection of various USB devices based on pre-defined whitelist and blacklist.
Analog audio out switching is supported by the KM PSS. Stereo audio signals are passed through audio data diodes to enforce unidirectional flow of audio signals from the selected connected computer to the connected audio peripheral device.
Both CAC and audio may be switched to a computer other than the one selected for keyboard and mouse through the use of front panel fUSB and audio freeze push-buttons.
Note that unlike KVM PSS, the KM does not support video interfaces. When using KM, each computer is connected directly to its display.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Belkin Secure KM was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. DXC Technology determined that the product is conformant to requirements for Peripheral Switch Protection Profile version 3.0. The product satisfies all of the security functional requirements stated in the Security Target. A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC Technology. The evaluation was completed in June 7, 2019. Results of the evaluation can be found in the Assurance Activity Report for Belkin Secure KM prepared by DXC Technology.
Keyboard and mouse security
Isolated keyboard and mouse USB device emulators per connected computer to prevent direct interface between the TOE shared peripheral devices and connected computers.
TOE uses host (computer) emulators to interface with connected keyboard and mouse peripheral devices, thus isolating external peripherals from TOE internal circuitry and from connected computers.
Keyboard user data is not stored on TOE non-volatile memory. All USB stacks are implemented in the TOE using SRAM (Static Random Access Memory) – a volatile memory that clears data once TOE is powered down.
TOE external interface security
The TOE supports only the following external interfaces protocols:
• USB keyboard and mouse;
• Analog audio output;
• Power (AC or DC); and
Audio Subsystem security
The TOE audio data flow path is electrically isolated from all other functions and interfaces to prevent signaling data leakages to and from the audio paths.
User control and monitoring security
TOE is controlled and monitored by the user through front panel illuminated push-buttons and switches. TOE also enables user control through mouse cursor tracking function. These controls and indications are coupled to the TOE system controller function.
Always-on anti-tampering system mechanically coupled to the TOE enclosure to detect and attempt to access the TOE internal circuitry.
TOE is equipped with special holographic Tampering Evident Labels that located in critical location on the TOE enclosure.
Self-testing and Log
TOE is equipped with self testing function that operating at TOE power up prior to normal use. The self-test function is running independently at each one of the TOE microcontrollers following power up.
TOE is equipped with event log non-volatile memory that stores information about abnormal security related events.
Belkin International, Inc.