Compliant Product - Bivio 6310-NC
Certificate Date: 2020.12.07CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11106-2020
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: UL Verification Services Inc. (Formerly InfoGard)
The Bivio 6310-NC (Target of Evaluation, or TOE) is a network device providing highly variable network functionality. It achieves this by leveraging RHEL8.2 to provide full hardware access to the networking applications, allowing them to address the high-performance hardware devices directly.
The Bivio 6310-NC device can be used to run a variety of applications for processing network data. There are many such applications, both commercial and open source. It is out of scope for this certification process to include all these applications for evaluation, so a standard application factory-installed to all Bivio 6310-NC devices as part of the base BiviOS will be provided. This application provides the following non-evaluated functionality:
· Inspects packets and will either drop them or forward them based on configuration.
· Uses the default mechanisms for packet handling and represents other packet processing applications that a customer may choose to install.
Models of the TOE are identified with a part number in the format:
a. This chassis is the “standard” product chassis.
a. This chassis is a shorter, ruggedized chassis
3. PacStar 451
a. This chassis does not have configuration options and will always use the “C04” processor specification (defined below) and no others.
The first digit ‘x’ following ‘C’ is indicative of the processor family (0 – Broadwell, 1 – Skylake, 2 – Cascade Lake), and the second digit ‘y’ (following the digit ‘x’) is selected to match Bivio’s hardware model numbering.
The naming conventions specified above reference the following hardware:
Running the following software:
BiviOS 8.5.1 V: Version 8.5.1 (Build 202006181129) V: Version 8.5.1-104-bv (Patch 202009191230) V: Version 8.5.1-103-rh (Patch 202008311617)
The guidance documentation is also part of the TOE. A list of the guidance documents can be found in Table 12 of the [ST].
The TOE’s Operational Environment must provide the following services to support the secure operation of the TOE:
· Local Console
· Syslog Server
· An SSHv2 Client
· A TLSv1.2 client
The TOE was configured for evaluation per the provided Administrative Guidance, using all claimed TOE functionality, specifically management through SSH, Local console and TLS-enabled telnet and time synchronization using NTP, and remote syslog server as a remote audit storage.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Bivio 6310-NC was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all the security functional requirements stated in the Bivio 6310-NC Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in December 2020.
· The TOE will audit all events and information defined in Table 4: Auditable Events of the Security Target
· The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.
· The TOE protects storage of audit information from unauthorized deletion.
· The TOE prevents unauthorized modifications to the stored audit records.
· The TOE can transmit audit data to an external IT entity using SSH protocol.
The TSF performs the following cryptographic operations:
· AES-128 in CBC mode for data ciphering, using SHA-1 hashing and RSA key exchange.
· AES-256 in GCM mode for data ciphering, using SHA-384 hashing and ECDHE key exchange.
· HMAC-SHA2-384 for keyed hash
· AES-128 or AES-256 in CBC mode, HMAC-SHA2-256 or HMAC-SHA2-512 hashing and DH key exchange.
· Public key authentication via SSH-RSA, RSA-SHA2-256 and RSA-SHA2-512 using HMAC-SHA1, HMAC-SHA2-256 and HMAC-SHA2-512 hashing algorithms.
· The TOE supports NTP v4 (RFC 5905). For NTP, the TOE uses the Symmetric key Method to ensure authenticity and integrity; supporting SHA1, SHA 512 and SHA256 MACs.
· TOE Random bit generation utilizes CTR_DRBG as defined by NIST SP 800-90A. This is not configurable, and there are no other cryptographic engines provided in the TOE.
· To support SSH for trusted path and trusted channel, the TOE cryptographic module implements RSA key generation with key sizes of 2048-bits and finite-field cryptography with modulus sizes of 2048 bits (Diffie-Hellman Group14).
· To support TLS, the TOE cryptographic module implements Elliptic-Curve key generation over NIST curve secp256r1 and RSA key generation using 2048-bit keys.
· The TOE supports Trusted Update by allowing the administrator to download update files from Bivio. Any software installed on the TOE will become active immediately and is authenticated using a published hash. Trusted update uses SHA-256 hash function in its algorithm.
· The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.
Identification and Authentication
· The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 9 characters or more.
· The TSF requires all administrative users to authenticate before allowing the user to perform any actions other than:
o Display the warning banner in accordance with FTA_TAB.1;
o Responding to ICMP echo requests
o Responding to ARP requests with ARP replies
o Establishing TLS connection on TCP port 27777
o Automated generation of cryptographic keys
· The TSF stores and protects the following data:
o Syslog data, user account data, and local authentication data (such as administrator passwords).
o Cryptographic keys including pre-shared keys, symmetric keys, and private keys.
· There is one class of user on the TOE: The Admin user
o The Admin user has full control over the TOE.
· Management of the TSF:
o The administrator can perform manual updates, determine the behavior of or modify the behavior of the handling of audit data, modify the behavior of the TSF, enable or disable services offered by the TOE, determine the behavior of or modify the behavior of audit functionality when local audit storage is full, manage TSF data, modify, delete, generate or import cryptographic keys, configure the access banner, and configure the session inactivity timeout period.
o The administrator may perform these functions locally or remotely using the trusted path provided by SSH and defined in FTP_TRP.1.
Protection of the TSF
· The TSF protects TSF data from disclosure when the data is transmitted between different parts of the TOE.
· The TSF prevents the reading of secret and private keys.
· The TOE provides reliable time stamps for itself.
· The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correct operation of the TSF.
· The TOE provides a means to verify firmware/software updates to the TOE using a published hash prior to installing those updates.
· The TOE, for local interactive sessions, will terminate the session after an Authorized Administrator-specified period of session inactivity.
· The TOE terminates a remote interactive session after an Authorized Administrator-configurable period of session inactivity.
· The TOE allows Administrator-initiated termination of the Administrator’s own interactive session.
· Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.
· The TOE uses SSH to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.
· The TOE permits the TSF, or the authorized IT entities to initiate communication via the trusted channel.
· The TOE permits remote administrators to initiate communication via the trusted path.
· The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.
Bivio Networks, Inc.