CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

Cellcrypt Android Mobile Client is a secure multimedia application for Android smartphones. It implements end-to-end encryption and authentication of voice, video, text messages and file attachments between two or more users of Cellcrypt Android Mobile Client and other compatible applications. The Cellcrypt system comprises a handset software application (Cellcrypt Android Mobile Client, i.e. the TOE) and the back-end support infrastructure (Cellcrypt Server). The TOE is the handset software application, Cellcrypt Android Mobile Client, on a specific hardware platform (described below).

Cellcrypt Android Mobile Client uses standard wireless packet-based connectivity that can be provided by a cellular network or a Wi-Fi data connection.

Mutually authenticated connection set-up ensures that only mobile phones on which the TOE runs can participate in secure sessions with the Cellcrypt Server, and that the users of the TOE can be assured to always connect to a legitimate Cellcrypt server. End-to-end encryption is achieved through the creation and use of session-unique encryption/decryption keys used by the TOE to encrypt and decrypt voice traffic, messages, and attachments. Long-term static keys and other sensitive user data are stored by the TOE in an encrypted database (SQLCipher) with the SQLCipher master key being protected by the operating system.

The following prerequisites must apply in the use of the TOE:

·       The Android mobile platform is the Samsung Galaxy S20 running Android 11.0 on a Qualcomm Snapdragon 865 ARMv8 processor with Processor Algorithm Accelerators (PAA).

·       The TOE runs on a NIAP-validated configuration of a mobile platform (including VPN), as defined by the Protection Profile for Mobile Device Fundamentals. The mobile platform is outside the scope of the evaluation.

·       ESC Server, as defined by the PP-Module for Enterprise Session Controller (ESC) is outside the scope of this evaluation.

·       The TOE operates exclusively within the mobility ecosystem specified by the associated mobility Protection Profiles and will assume that all associated resources (IPSEC VPN tunnel, SIP network) are in place.

The non-TOE components required by the TOE are the following:

·       CRL or OCSP server for use in the verification of X.509 certificates.

·       Cellcrypt Server for client authentication and other services e.g. SIP, messaging/attachments and check for updated software.

Physical Scope:

The Target of Evaluation (TOE) is the Cellcrypt Android Mobile Client application (Figure 1), which runs on Android 11. The Cellcrypt Android Mobile Client application is a software cryptographic application for smartphones. The core function of the TOE is to allow users' voice and video calls to be encrypted with end-to-end security.

Figure 1 TOE Boundary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cellcrypt Android Mobile Client was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Cellcrypt Android Mobile Client Common Criteria Guidance Version 1.1.2, September 19, 2022, satisfies all of the security functional requirements stated in the Cellcrypt Android Mobile Client Security Target  Version 1.2.4, September 19, 2022. The project underwent CCEVS Validator review.  The evaluation was completed in September 2022.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The logical scope of the TOE comprises of the following:

·       Authenticated call set-up with the Cellcrypt Server.

·       End-to-end encryption of secure voice and video traffic.

·       Security management functions restricted to authorized personnel.

·       Protection measures for ensuring the integrity and authenticity of the TOE.

The TOE uses X.509 Certificates for mutual authentication on the trusted channel between itself and the Cellcrypt Server. The validity of the X.509 certificates is checked by querying a CRL or an OCSP responder. The TOE uses TLSv1.2 protocol to protect all communications between itself and the Cellcrypt Server from modification and disclosure. In addition to the X.509 Certificate authentication, the TOE also authenticates the user to the Cellcrypt Server using a password. The TOE does not store the authentication password but requests the user to enter it each time it is required.

The TOE achieves end-to-end encryption using an SDES-SRTP trusted channel. The keys for the SDES-SRTP trusted channel are protected by the TLS/SIP channel during key establishment.

The TOE mitigates side channel attacks by utilizing a fixed rate vocoder. This prevents an attacker from inferring information about the audio from the bitrate being transmitted. The TOE also enables ASLR and stack-based overflow protections.

Vendor Information