NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Samsung Galaxy VPN Client on Android 7

Certificate Date:  2017.06.21

Validation Report Number:  CCEVS-VR-VID10813-2017

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]


Product Description

The TOE is a VPN client that runs on a mobile operating system (the TOE platform) based on Android 7.0 with modifications made to increase the level of security provided to end users and enterprises. The TOE is intended to be used as part of an enterprise messaging solution providing mobile staff with enterprise connectivity.

The TOE platform includes a Common Criteria mode (or “CC mode”) that an administrator can invoke through the use of an MDM or through a dedicated administrative application (see the Guidance for instructions to obtain the application).  The TOE platform must meet the following prerequisites in order for an administrator to transition the TOE platform to CC mode.

·         Require a screen lock password (swipe, PIN, pattern, or facial recognition screen locks are not allowed).

·         The maximum password failure retry policy should be less than or equal to ten.

·         Device encryption must be enabled or a screen lock password required to decrypt data on boot.

·         Revocation checking must be enabled.

·         External storage must be encrypted.

·         Password recovery policy must not be enabled.

·         Password history length must not be set.

When CC mode has been enabled, the TOE platform behaves as follows.

·         The TOE platform sets the system wide Android CC mode property to “Enabled” if all the prerequisites have been met.

·         The TOE platform performs power-on self-tests.

·         The TOE platform performs secure boot integrity checking of the kernel and key system executables.

·         The TOE platform prevents loading of custom firmware/kernels and requires all updates occur through FOTA (Samsung’s Firmware Over The Air firmware update method)

·         The TOE platform uses CAVP approved cryptographic ciphers when joining and communicating with wireless networks.

·         The TOE platform utilizes CAVP approved cryptographic ciphers for TLS.

·         The TOE platform ensures FOTA updates utilize 2048-bit PKCS #1 RSA-PSS formatted signatures (with SHA-512 hashing).

There are different models of the mobile phone into which Samsung embeds the TOE (the Samsung Galaxy Devices VPN Client on Android 7).  These models differ physically and differ in their internal components (as described in the table below).


Evaluated Configuration

The evaluated configuration consists of the following devices:

Device Name

Model
Number

 

Chipset

Android
Version

Kernel Version

Build Number

Galaxy S8 (Qualcomm)

SM-G950

MSM8998

7.0

4.4.16

NRD90M

Galaxy S8 (System LSI)

SM-G950

Exynos 8895

7.0

4.4.13

NRD90M

Galaxy S8 + (Qualcomm)

SM-G955

MSM8998

7.0

4.4.16

NRD90M

Galaxy S8 + (System LSI)

SM-G955

Exynos 8895

7.0

4.4.13

NRD90M

Galaxy S8 Active

SM-G892

MSM8998

7.0

4.4.16

NRD90M

 

Galaxy Tab S3

SM-T820

MSM8996

7.0

3.18.31

NRD90M

SM-T825

MSM8996

7.0

3.18.31

NRD90M

SM-T827

MSM8996

7.0

3.18.31

NRD90M

Galaxy S7 (Qualcomm)

SM-G930

MSM8996

7.0

3.18.31

NRD90M

Galaxy S7 (System LSI)

SM-G930

Exynos 8890

7.0

3.18.14

NRD90M

Galaxy S7 Edge (Qualcomm)

SM-G935

MSM8996

7.0

3.18.31

NRD90M

Galaxy S7 Edge (System LSI)

SM-G935

Exynos 8890

7.0

3.18.14

NRD90M

Galaxy S7 Active

SM-G891

MSM8996

7.0

3.18.31

NRD90M

Galaxy S6 Edge+

SM-G928

Exynos 7420

7.0

3.10.61

NRD90M

Galaxy Note 5

SM-N920

Exynos 7420

7.0

3.10.61

NRD90M

Galaxy S6

SM-G920

Exynos 7420

7.0

3.10.61

NRD90M

Galaxy S6 Edge

SM-G925

Exynos 7420

7.0

3.10.61

NRD90M

Galaxy S6 Active

SM-G890

Exynos 7420

7.0

3.10.61

NRD90M


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.    The product, when delivered and configured as identified in the Samsung VPN Client on Galaxy Devices Guidance documentation, Version 3.0, February 27, 2017 document, satisfies all of the security functional requirements stated in the Samsung Electronics Co., Ltd. Samsung Galaxy Devices VPN Client on Android 7 (IVPNCPP14) Security Target, Version 1.1, March 29, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in June 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10813-2017) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Samsung Galaxy VPN Client on Android 7 (IVPNCPP14) are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic Support - The IPsec implementation is the primary function of the TOE.  IPSec is used by the TOE to protect communication between itself and a VPN Gateway over an unprotected network. With the exception of the IPsec implementation, the TOE relies upon its underlying platform (evaluated against the Protection Profile For Mobile Device Fundamentals) for the cryptographic services specified in this Security Target.

User data protection - The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.

Identification and authentication - The TOE platform provides the ability to use, store, and protect X.509 certificates and pre-shared keys that are used for IPsec Virtual Private Network (VPN) connections.

Security management - The TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target. In particular, the IPsec VPN is fully configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway.

Protection of the TSF - The TOE relies upon its underlying platform to perform self-tests that cover the TOE as well as the functions necessary to securely update the TOE.

Trusted path/channels - The TOE is a VPN client that uses IPsec to established secure channels to corresponding VPN gateways.


Vendor Information

Logo
Samsung Electronics Co., Ltd.
Brian Wood
(973)044-0091
(908)080-9079
be.wood@sta.samsung.com

http://www.samsung.com
Site Map              Contact Us              Home