Compliant Product - BlackBerry SecuSUITE 4.0
Certificate Date: 2020.02.03CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10993-2020
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Extended Package for Voice and Video over IP (VVoIP) Version 1.0
Functional Package for TLS Version 1.1
Protection Profile for Application Software Version 1.3
CC Testing Lab: Gossamer Security Solutions
The TOE, herein referred to as the SecuSUITE Client or the TOE, is a VoIP application that executes on an evaluated mobile device operating system
The TOE user downloads the SecuSUITE Client from an app store (e.g. Apple Store, Google Play) or it is pushed via a Mobile Device Management (MDM) server (e.g. BlackBerry Enterprise Server) and installs the app to their mobile device. On first use of the app, the user must go through a registration process in order to register to a specified BlackBerry SecuGATE (identified by URI).
Once registered, the user can place secure VoIP calls using the app with largely the same interactions as with a normal phone call. The SecuSUITE Client provides encryption of user call signaling and voice data.
Users are typically invited to join SecuSUITE via an activation email initiated by their corporate IT administrator who adds users via the BlackBerry SecuGATE administration portal.
The TOE is part of the SecuSUITE Security Solution. The TOE does not work in isolation but relies on BlackBerry SecuGATE components to enable a secure VoIP communication.
The SecuSUITE VoIP process flow is as follows:
a) Step 1 Initial Registration. Every participating client has to register first to the Secure Client Authentication (SCA) server. The SCA server authenticates users and enrolls required client and user certificates as well as client configuration. Only clients that have been enrolled via the SCA service are able to connect to the SIP server and are allowed to establish end-to-end encrypted communication to other SecuSUITE clients. Note: Clients must also register to the SIP server using a SIP password. This is in addition to initial client registration with the SCA server.
b) Step 2 Connection establishment. The Session Initiation Protocol (SIP) together with TLS is used to establish a secure connection between mobile devices. The use of a TLS connection, providing encryption and mutual authentication, ensures that the devices connect with authorized SIP servers and the dialed call numbers are transmitted encrypted. The BlackBerry SecuGATE SIP Server Security Target defines the SIP Server TOE.
c) Step 3 Key agreement. When a call is placed and accepted, SecuSUITE clients exchange SIP messages that include digital certificates used to confirm caller identity and perform key agreement for SRTP encryption.
d) Step 4 End-to-end encrypted voice communication established. Clients utilize the SRTP protocol to exchange encrypted voice communications. The voice stream remains encrypted while traversing the BlackBerry SecuGATE and only the clients have access to the SRTP session keys.
e) Step 5 Forwarding of end-to-end encrypted voice stream. During connection signaling, the SIP server sets up the RTP/RTCP packet bridging in the Real-Time Transport Protocol (RTP) Proxy for this connection. The RTP Proxy relays / bridges the encrypted data stream between clients. The main purpose of the RTP Proxy is to make the communication between SIP user agents behind NAT/NAPT possible.
The SecuSUITE Client establishes a secure tunnel for voice communications with another SecuSUITE client or the SecuGATE SIP server. The tunnel provides confidentiality, integrity, and data authentication for information that travels across the public network. This occurs using the Secure Real-Time Transport Protocol (SRTP) that has been established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP - the TOE supports SDES-SRTP.
The SecuSUITE Client also protects communications between itself and the SIP Server by using a Transport Layer Security (TLS)-protected signaling channel. To register the TOE within the domain, the TOE is required to be password authenticated by the SIP Server. The TOE also makes use of certificates to authenticate both the SIP server end and the TOE itself through the TLS connection.
Secure Text Messaging
The SecuSUITE client allows encrypted instant message transfer between client applications. Secure Text Messaging utilizes the same TLS protected SIP communication channel exactly the same way as other sensitive information (such as the SRTP encryption key) is transferred between the clients.
The evaluated configuration is BlackBerry SecuSUITE v4.0 installed on Android 8.0/8.1 or iOS 12.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Common Criteria Configuration Guide BlackBerry SecuSUITE v4.0, Version 1.3, 30-Jan-2020 document, satisfies all of the security functional requirements stated in the SecuSUITE Client (PKGTLS11/ASPP13/VVoIPASEP10) Security Target, Version 0.7, 1/30/2020. The project underwent CCEVS Validator review. The evaluation was completed in January 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Specifically, as noted in the AGD, the SecuSUITE client differentiates between calls deemed secure (called “Secure Landing”) and calls that are considered unprotected as they’re routed potentially unencrypted to external numbers over untrusted networks (called “Breakout”). The ability of the SecuGATE SIP server to route calls to additional endpoints through a PBX lies beyond the scope of this ASPP13/PKGTLS11/VVoIPASEP10 evaluation and is not covered by the common criteria evaluation of the SecuSUITE client.
The logical boundaries of the BlackBerry SecuSUITE v4.0 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE uses the SILK codec, which produces a variable bit-rate that SecuSUITE pads to a constant value.
The TOE incorporates the OpenSSL cryptographic module to provide the cryptography in support of TLS and SRTP symmetric cryptography for bulk AES/AES-GCM encryption/decryption, SHA-2 algorithm for hashing, and HMAC for keyed hashing. In addition the TOE provides the cryptography to support EC-Diffie-Hellman key exchange and derivation function used in the TLS key establishment. The TOE platform provides ECDSA and RSA asymmetric cryptography for TLS peer authentication using digital signature and hashing services. In addition the TOE implements an SP 800-90A DRBG.
User data protection:
The TOE secures media transmissions between itself and another VoIP endpoint. The TOE mediates the creation of SRTP channels between registered VoIP endpoints. The TOE enforces no additional information flow control policy rules, nor does it explicitly authorize or deny any information flows. The TOE protects sensitive data by storing secret and private keys using platform provided secure key storage, and it restricts access to platform provided resources.
Identification and authentication:
The TOE and TOE platform perform device-level X.509 certificate-based authentication of the SIP server (ESC) during TLS. Device-level authentication allows the TOE to establish a secure channel with a trusted SIP server (ESC). The secure channel is established only after each endpoint successfully authenticates each other.
The TOE, TOE platform, and SIP server (ESC) provide the management functions to configure the security functionality provided by the TOE.
The TOE does not collect any PII and does not intentionally transmit any PII over a network.
Protection of the TSF:
The TOE performs a suite of self-tests during initial start-up to verify correct operation of its CAVP tested algorithms. Upon execution, the integrity of the TOEs software executables is also verified. The TOE Platform provides for verification of TOE software updates prior to installation.
The TOE enforces a timeout on the SRTP channel. The timeout value is configurable on the SIP server (ESC).
The TOE’s implementation of TLS and SRTP provides a trusted channel ensuring sensitive data is protected from unauthorized disclosure or modification when transmitted from the host to a SIP server (ESC) and another VoIP endpoint, respectively