Compliant Product - mTera Universal Transport Platform version MT5.1.2
Certificate Date: 2021.08.31CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11153-2021
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
CC Testing Lab: Gossamer Security Solutions
The Infinera mTera Universal Transport Platform is an extremely flexible and highly efficient transport solution supporting up to 12Tb/s of switching and grooming for OTN, Packet and SONET/SDH leveraging protocol agnostic fabrics and interface cards that can be software configured for OTN, MPLS-TP or Carrier Ethernet on each interface or virtual interface. The Infinera mTera is offered in either a 16-slot chassis or 8-slot chassis.
The mTera is an optical network appliance delivering Wavelength, High-capacity Electrical OTN, and Packet network switching. The mTera supports electrical switching using an agnostic switch fabric. Signals switched by the electrical switch fabric include high-capacity ITU Optical Transport Network (OTN) ODU switching, ITU/ANSI SDH/SONET switching and service oriented MPLS-TP/Ethernet packet switching. The security functions provided include Identification, Authentication, Access Control, Protection of TSF, Confidentiality, Integrity and Auditing.
The TOE includes the following hardware:
The STPM cards are management cards that run the software image for the mTera. The only difference between the two STPMs is that they are built with different form factors.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, September 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, July 2017. The product, when delivered and configured as identified in the Coriant Product Hardening Guide, Version BP11, August 23, 2021, satisfies all the security functional requirements stated in the mTera Universal Transport Platform version MT5.1.2 (NDcPP21) Security Target, Version 0.5, August 26, 2021. The project underwent CCEVS Validator review. The evaluation was completed on August 31, 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE is designed to be able to generate logs for a wide range of security relevant events including start-up and shutdown of the TOE, all administrator actions, and all events identified in the Security Target, Table 2 Auditable Events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated syslog server in the operational environment.
The TOE includes cryptographic modules that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including IPsec, SSH, and TLS.
Identification and authentication:
The TOE requires administrators to be identified and authenticated before they can access any TOE security functions. The TOE supports role-based authentication, so user accounts are assigned predefined roles which restrict them based on their assigned role. The TOE maintains these administrator and user attributes which can be defined locally with user names and passwords or can be defined in the context of local RADIUS services. Authentication can be either locally or remotely through an external authentication server, or internally. After an administrator-specified number of failed attempts, the user account is locked out. The TOE’s password mechanism provides configuration for a minimum password length. The TOE also protects, stores and allows authorized administrators to load X.509.v3 certificates for use to support authentication for IPsec, TLS and SSH connections.
The TOE provides the administrator role the capability to configure and manage all TOE security functions including cryptographic operations, user accounts, passwords, advisory banner, session inactivity and TOE updates. The management functions are restricted to the administrator role. The role must have the appropriate access privileges or access will be denied. The TOE’s cryptographic functions ensure that only secure values are accepted for security attributes.
Protection of the TSF:
The TOE has its own internal hardware clock that provides reliable time stamps used for auditing. The TOE stores passwords on flash and encrypts the passwords using an AES-256-CBC key. The TOE does not provide any interfaces that allow passwords or keys to be read. The TOE also provides integrity and security protection for all communication between its components. This prevents unauthorized modification or disclosure of TSF data during transmission.
The TOE runs self-tests during power up and periodically during operation to ensure the correct operation of the cryptographic functions and TSF hardware. There is an option for the administrator to verify the integrity of stored TSF executable code. The TOE executes self-tests for both the Kernel Crypto module and OpenSSL FIPS Object module.
The TOE includes mechanisms so that the administrator can determine the TOE version and update the TOE securely using digital signatures.
The TOE allows administrators to configure a period of inactivity for administrator sessions. Once that time period has been reached while the session has no activity, the session is terminated. All users may also terminate their own sessions at any time. A warning banner is displayed at the management interfaces (local CLI and SSH) to advise users on appropriate use and penalty for misuse of system.
The TOE uses IPsec to provide an encrypted channel between itself and third-party trusted IT entities in the operating environment including external syslog server, external authentication server and NTP server. The TOE also uses IPsec to encrypt communications between the TOE and external IT entities. The TOE uses TLS to secure network communications with an external optical network peer.
The TOE secures remote communication with administrators by implementing SSHv2 for CLI access. Both the integrity and disclosure protection is ensured via the secure protocol. If the negotiation of a secure session fails or if the user cannot be authenticated for remote administration, the attempted session will not be established.