Compliant Product - Samsung Knox File Encryption 1.0
Certificate Date: 2019.12.09CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10994-2019
Product Type: Encrypted Storage
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for File Encryption Version 1.0
Protection Profile for Application Software Version 1.3
CC Testing Lab: Gossamer Security Solutions
The Target of Evaluation (TOE) is Samsung Knox File Encryption 1.0. The TOE is a software service built into Samsung Android 9 with Knox 3.3 to provide file encryption to a Knox Workspace container. Samsung Knox File Encryption is designed to provide a second encryption layer similar to and on top of the FBE layer for the entire device, specifically for the Knox Workspace container.
The Knox File Encryption service runs in the background and utilizes Samsung Android cryptographic modules to provide file encryption services for the Knox Workspace container. The service is designed to run without any user intervention as all files in the Knox Workspace container will be encrypted automatically.
The evaluated configuration consists of the Samsung Knox File Encryption 1.0 (the version is listed as “DualDAR”) on the following devices:
In addition to the evaluated devices, the following device models are claimed as equivalent with a note about the differences between the evaluated device and the equivalent models. Note that all devices have the same software environments (Android, Kernel, TEE).
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The CC and CEM addenda for Exact Conformance, Selection-Based SFRs, Optional SFRs (Version 0.5, May, 2017) was also applied. The product, when delivered and configured as identified in the Samsung File Encryption 1.0 Administrator Guide, Version 1.0, 10/14/2019 document, satisfies all of the security functional requirements stated in the Samsung Electronics Co., Ltd. Samsung Knox File Encryption (PP_APP_V1.3/MOD_FE_V1.0) Security Target, Version 0.5, 12/06/2019. The project underwent CCEVS Validator review. The evaluation was completed in December 2019. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10994-2019) prepared by CCEVS.
The logical boundaries of the Samsung Knox File Encryption 1.0 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE runs as part of Samsung Android 9 with Knox 3.3 and higher and includes several cryptographic libraries for encryption/decryption/cryptographic hashing functions for securing file contents and TOE keys. The TOE relies on the platform cryptographic functions for random number generation.
User data protection:
The TOE protects all user data within the Knox Workspace container by providing an automatic encryption service for all files stored within the container; applications to not have to be made aware of the Knox File Encryption service to be protected. All keys are AES 256-bit, using AES-GCM for FEK protection and AES-CBC for file content protection.
Identification and authentication:
The TOE utilizes the authentication services provided by the Knox Workspace container to unlock the Master Key. Unsuccessful authentication to the Knox Workspace container will prevent the Master Key from being unlocked, and hence no files in the container can be accessed.
The services provided by the TOE are not available until a Knox Workspace container with File Encryption enabled is created on the device. Authentication management and the container lock settings are handled by the Knox Workspace management and are generic for all Knox Workspace configurations.
The TOE does not transmit Personally Identifiable Information over any network interfaces nor does it request access to any applications that may contain such information.
Protection of the TSF:
The TOE relies on the physical boundary of the evaluated platform as well as the Samsung Android operating system for the protection of the TOE’s components.
The TOE relies on the Samsung Android operating system to provide updates as the software is incorporated as part of the device image. The version of the Knox File Encryption software can be seen in the About Device page with the Knox version information (as the DualDAR version).
The TOE is a Samsung component, and all code is maintained solely by Samsung. Only documented APIs available in Samsung Android (which includes the Knox Workspace and Samsung cryptographic libraries) are used.
The TOE does not transmit information over any network interfaces.
Samsung Electronics Co., Ltd.