NIAP: Assurance Continuity
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - Maintenance Update of Aruba Remote Access Points

Date of Maintenance Completion:  2017.11.08

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

Original Evaluated TOE:  2017.02.26 - Aruba Remote Access Point Version 6.5.0-FIPS

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Adminstrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

Aruba has provided several updates to the ArubaOS, the operating system for all of Aruba’s controller-managed wireless LAN devices, including the TOE. TOE updates largely consisted of a variety of bug fixes, modifications to the user interface, and performance optimizations none of which were security-relevant. However, some modifications to ArubaOS were security-relevant, while others are security-relevant, but out of scope for this evaluation. The following are a summary of the security-relevant changes to ArubOS and a brief discussion of their impact on the assurance maintenance of the TOE.

  • Support for SHA2 Signature for Image Verification

The controller images now support SHA256 signatures for image verification. While copying new images to the controllers, both SHA1 and SHA256 signatures are validated.

Minor Change: The original evaluated TOE implemented both SHA1 and SHA256, but chose to call on the SHA1 algorithm to perform the code integrity verification check. RSA with SHA256 was already supported/tested in the ArubaOS Crypto Module for Trusted Updates and in conjunction with HMAC for authentication of IPsec connections.   The updated TOE has been changed to call on the SHA256 algorithm (already implemented in the previous version, and validated by NIST testing) to perform the code integrity check.  Since this change only involves invocation of the underlying cryptographic mechanism, it is considered a minor change.  This feature results in no changes to TSF platforms, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment.

  • Revocation of ArubaOS Default Certificate Issued by GeoTrust

The controller-issued server certificate replaces the ArubaOS default certificate issued by GeoTrust Public CA for WebUI authentication, Captive Portal, 802.1X termination, and Single Sign-On (SSO) because the default certificate is now revoked.

The revoked default certificate is applicable to Aruba Mobility Controllers, Instant Access Points (IAP) and Mobility Access Switches (MAS). 

For more information on the GeoTrust Public CA certificate revocation, refer to the advisory: http://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809.

Minor Change –The revoked default certificate is not applicable to the TOE.

  • Support for OCSP and USB Custom Certificate on AP-205H

Starting from ArubaOS 6.5.1.0, support for Online Certificate Status Protocol (OCSP) and USB custom certificate is introduced on AP-205H remote access points. With this feature:

  • AP-205H remote access points support checking the revocation status of the controller certificate by reading the AIA field of the server certificate with its corresponding OCSP responder.
  • AP-205H remote access points can store CSR and private key files and read the custom certificate stored in .p12 certificate format for establishing IKE/IPsec tunnel with a controller.

Minor Change –The previous evaluation supported the OCSP feature for RAPs using ArubaOS 6.5.0.  This feature was previously tested on the other models for 6.5.0.  The ‘added support’ for the feature is only on AP-205H model that is being added through this assurance maintenance.  It is considered a minor change because the functionality was already tested on the previous models. USB storage for custom certificates was supported in 6.5.0 but not included in the scope of the evaluation and therefore this feature addition for the AP-205H is considered a minor change.  

  • Null Encryption

Starting from ArubaOS 6.5.1.0, XLP based controllers are supported with null encryption for IKEv1 as an encryption algorithm. This helps in reducing the load on the local router for internet destined traffic.

Minor Change –Controllers are not in the TOE.  This support for reducing the load does not affect the security functionality of the TOE or modify any of the SFRs.  The addition of this feature results in no changes to TSF platforms, SFRs, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment.

  • ANY-ANY Crypto Map

Starting from ArubaOS 6.5.1.0, any-any selectors are negotiated in IKEv1 to enable the option of having numerous tunnels. After pre-connect flag is enabled for IPsec map, IKE triggers the tunnel to the peer ip and proposes any-any traffic selector.

Minor Change –This feature is on Controllers only and does not affect the security functionality of the TOE or modify any of the SFRs.  The addition of this feature results in no changes to TSF platforms, SFRs, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment.

PAPI Enhanced Security

Starting from ArubaOS 6.5.1.0, a minor security enhancement is made to Process Application Programming Interface (PAPI) messages. With this enhancement, PAPI endpoints authenticate the sender by performing a sanity check of the incoming messages using MD5 (hash).

All PAPI endpoints—access points, Mobility Access Switches, controllers, Analytics and Location Engine (ALE), AirWave, and HPE switches—must use the same secret key.

The PAPI Enhanced Security configuration provides protection to Aruba devices, AirWave, and ALE against malicious users sending fake messages that results in security challenges.

The PAPI Enhanced Security feature can be configured from either the WebUI or the CLI.

Minor Change – Process Application Programming Interface (PAPI) is not in the TOE.  This enhancement does not affect the security functionality of the TOE or modify any of the SFRs.  The addition of this feature results in no changes to TSF platforms, SFRs, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment.

  • Authentication Survivability

The Cache Lifetime parameter value in Authentication Survivability is increased from 72 hrs to 168 hrs.

Minor Change – Authentication Survivability is not within the scope of the TOE.    The change in parameter values does not affect the security functionality of the TOE or modify any of the SFRs.   This performance enhancement results in no changes to TSF platforms, SFRs, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment.

Vendor Information

Logo
Aruba, a Hewlett Packard Enterprise company
Steve Weingart
512 319 2480
steve.weingart@hpe.com

http://support.arubanetworks.com
Site Map              Contact Us              Home