Compliant Product - KeyW Protect for Samsung, Version 184.108.40.206
Certificate Date: 2020.06.09CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11061-2020
Product Type: Encrypted Storage
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for File Encryption Version 1.0
Protection Profile for Application Software Version 1.3
CC Testing Lab: Gossamer Security Solutions
The Target of Evaluation (TOE) is KeyW Protect for Samsung, Version 220.127.116.11. The KeyW Protect for Samsung TOE is also known as KEYWprotect. The TOE provides an AES-based Data at Rest (DAR) encryption model that is used to encrypt the Android Enterprise workspace data when the workspace is unlocked, and enables the protection of workspace data when the workspace is locked and when the Samsung mobile device is powered off. The TOE is an application on the Samsung mobile device.
The KeyW Protect for Samsung 18.104.22.168 TOE is also known as KEYWprotect. The following table shows the model numbers of the mobile devices used during evaluation testing of KEYWprotect:
Table 1 - Tested Devices
In addition to the evaluated devices, the following device models are claimed as equivalent since they have the same processors and run the same KEYWprotect software.
Table 2 - Equivalent Devices
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Android OS Suite B Data At Rest v22.214.171.124 – User Guide, Document Version 1.3, 05/19/2020 document, satisfies all of the security functional requirements stated in the KeyW Protect for Samsung, Version 126.96.36.199 (PP_APP_V1.3/MOD_FE_V1.0) Security Target, Version 0.4, 06/04/2020. The project underwent CCEVS Validator review. The evaluation was completed in June 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11061-2020) prepared by CCEVS.
The logical boundaries of the KeyW Protect for Samsung are realized in the security functions that it implements. Each of these security functions is summarized in the following sections.
The TOE operates on a Samsung mobile device and uses features provided by the platform for key storage. The TOE includes the Suite B Cryptographic Algorithms library, which implements its own algorithms for random bit generation, AES encryption/decryption, AES key wrapping, keyed-hashing functions, password-based Key Derivation, key pair generation, key establishment and cryptographic hashing.
User data protection:
The TOE protects user data by providing an integrated file encryption capability that automatically encrypts new files and decrypts files upon user demand. The TOE utilizes 256-bit AES encryption for confidentiality.
Identification and authentication:
The TOE authenticates a user by requiring a password before any file data decryption operation is initiated. Without the correct password, the user is unable to decrypt the keys necessary to obtain clear text data from the Android Enterprise workspace file system.
The TOE does not allow encryption/decryption operations while in the locked state until the user authenticates to the device upon first use of the TOE. The TOE allows the following user management capabilities:
· Change workspace password.
· Reset workspace password using a reset token from the Unified Endpoint Management (UEM) console. Samsung Knox DualDAR by default does not disable reset passwords thereby enabling key recovery. To disable all key recovery mechanisms simply do not set a password using a token, which will prevent a password reset from the IT admin.
· Configure password/passphrase complexity settings including the minimum and maximum lengths.
· Perform a cryptographic erase of the data.
· Configure the corrective behavior (wipe/disable workspace) and number of failed validation attempts required to trigger corrective behavior.
The TOE does not transmit Personally Identifiable Information over any network interfaces, nor does it request access to any applications that may contain such information.
Protection of the TSF:
The TOE relies on the physical boundary of the evaluated platform as well as the Android 9.0 operating system for the protection of the TOE’s application components.
Updates to the TOE are handled via the UEM console.
The TOE does not transmit any data between itself and another network entity. All of the data managed by the TOE resides on the evaluated platform (Samsung mobile device with Android OS 9.0, Knox 3.3, and DualDAR 1.0).