{"product_id":10634,"v_id":10634,"product_name":"Samsung Galaxy S6 & S6 Edge VPN Client","certification_status":"Certified","certification_date":"2015-04-09T00:00:00Z","tech_type":"Virtual Private Network","vendor_id":{"name":"Samsung Electronics Co., Ltd.","website":"www.samsung.com"},"vendor_poc":"Brian Wood","vendor_phone":"908-809-7939","vendor_email":"be.wood@samsung.com","assigned_lab":{"cctl_name":"Gossamer Security Solutions"},"product_description":"<p class=\"Body\">The Target of Evaluation (TOE) is the Samsung Electronics Co., Ltd. Samsung Galaxy S6 and S6 Edge VPN Client.&nbsp;</p>\r\n<p class=\"Body\">The TOE is a VPN client intended for use on the following mobile devices, the Samsung Galaxy S6 and the Galaxy S6 Edge, which are based on Android 5.0.2; with modifications made to increase the level of security provided to end users and enterprises. The TOE is intended to be used as part of an enterprise messaging solution providing mobile staff with enterprise connectivity.</p>\r\n<p>The TOE includes a Common Criteria mode (or &ldquo;CC mode&rdquo;) that an administrator can invoke through the use of an MDM or through the installation and use of the administrative application, CCMode.apk (see the guidance for instructions to obtain the application).&nbsp; The TOE platform must be configured as follows in order for an administrator to transition the TOE platform to CC mode.</p>\r\n<ul>\r\n<li>Require a screen lock password (swipe, PIN, pattern, or facial recognition screen locks are not allowed).</li>\r\n<li>The maximum password failure retry policy should be less than or equal to ten.</li>\r\n<li>Device encryption must be enabled.</li>\r\n<li>Revocation checking must be enabled.</li>\r\n</ul>\r\n<p>When CC mode has been enabled, the TOE behaves as follows.</p>\r\n<ul>\r\n<li>The TOE restricts the available VPN configurations to those evaluated as part of this evaluation.</li>\r\n<li>The TOE restricts the use of IKEv2/IPsec cipher suites to only those conformant with the requirements of the IVPNCPP14.</li>\r\n</ul>","evaluation_configuration":"<p>The evaluated configuration consists of the following device identification:</p>\r\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead> \r\n<tr style=\"text-align: center;\">\r\n<td width=\"211\">\r\n<p><strong>Device Name</strong></p>\r\n</td>\r\n<td width=\"90\">\r\n<p><strong>Base Model <br /> Number</strong></p>\r\n</td>\r\n<td width=\"72\">\r\n<p><strong>Android <br /> Version</strong></p>\r\n</td>\r\n<td width=\"72\">\r\n<p><strong>Kernel Version</strong></p>\r\n</td>\r\n<td width=\"72\">\r\n<p><strong>Build Number</strong></p>\r\n</td>\r\n</tr>\r\n</thead> \r\n<tbody>\r\n<tr>\r\n<td width=\"211\">\r\n<p>Galaxy S6</p>\r\n</td>\r\n<td width=\"90\">\r\n<p>SM-G920</p>\r\n</td>\r\n<td width=\"72\">\r\n<p>5.0.2</p>\r\n</td>\r\n<td width=\"72\" valign=\"top\">\r\n<p>3.10.61</p>\r\n</td>\r\n<td width=\"72\">\r\n<p>LRX22G</p>\r\n</td>\r\n</tr>\r\n<tr>\r\n<td width=\"211\">\r\n<p>Galaxy S6 Edge</p>\r\n</td>\r\n<td width=\"90\">\r\n<p>SM-G925</p>\r\n</td>\r\n<td width=\"72\">\r\n<p>5.0.2</p>\r\n</td>\r\n<td width=\"72\" valign=\"top\">\r\n<p>3.10.61</p>\r\n</td>\r\n<td width=\"72\">\r\n<p>LRX22G</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p>These devices may include an additional letter or number at the end of the name (such as SM-N920V) that denotes the device is for a specific carrier (V = Verizon Wireless). The following list of letters/numbers denotes the specific models which are validated:</p>\r\n<p>V, P, R4, S, L, K, A, T, I</p>\r\n<p>Only models with one of these suffixes can be placed into the validated configuration.</p>\r\n<p>The following table shows the security software versions for the device.</p>\r\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead> \r\n<tr style=\"text-align: center;\">\r\n<td width=\"211\">\r\n<p><strong>Device Name</strong></p>\r\n</td>\r\n<td width=\"77\">\r\n<p><strong>MDF Version</strong></p>\r\n</td>\r\n<td width=\"77\">\r\n<p><strong>MDF Release</strong></p>\r\n</td>\r\n<td width=\"77\">\r\n<p><strong>VPN v1.4 Release</strong></p>\r\n</td>\r\n</tr>\r\n</thead> \r\n<tbody>\r\n<tr>\r\n<td width=\"211\">\r\n<p>Galaxy S6</p>\r\n</td>\r\n<td width=\"77\">\r\n<p>2.0</p>\r\n</td>\r\n<td width=\"77\" valign=\"top\">\r\n<p>3</p>\r\n</td>\r\n<td width=\"77\" valign=\"top\">\r\n<p>4.1</p>\r\n</td>\r\n</tr>\r\n<tr>\r\n<td width=\"211\">\r\n<p>Galaxy S6 Edge</p>\r\n</td>\r\n<td width=\"77\">\r\n<p>2.0</p>\r\n</td>\r\n<td width=\"77\" valign=\"top\">\r\n<p>3</p>\r\n</td>\r\n<td width=\"77\" valign=\"top\">\r\n<p>4.1</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Samsung Galaxy Devices VPN Client was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.&nbsp; The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.&nbsp; Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the product is EAL 1.&nbsp; The product, when delivered and configured as identified in the Samsung VPN Client on Galaxy Devices Guidance documentation, Version 2.1, April 9, 2015 &nbsp;&nbsp;document, satisfies all of the security functional requirements stated in the Samsung Electronics Co., Ltd. Samsung Galaxy S6 and S6 Edge VPN Client (IVPNCPP14) Security Target, Version 1.2, April 9, 2015.&nbsp; The project underwent CCEVS validator review.&nbsp; The evaluation was completed in April 2015.&nbsp; Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10634-2015) prepared by CCEVS.</p>","environmental_strengths":"<p>The logical boundaries of the Samsung Galaxy S6 and S6 Edge VPN Client TOE are realized in the security functions that it implements. Each of these security functions is summarized below.</p>\r\n<p><strong>Cryptographic Support</strong> - The IPsec implementation is the primary function of the TOE. IPSec is used by the TOE to protect communication between itself and a VPN Gateway over an unprotected network. With the exception of the IPsec implementation, the TOE relies upon its underlying platform (evaluated against the Protection Profile for Mobile Device Fundamentals) for the cryptographic services.</p>\r\n<p><strong>User Data Protection</strong> - The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.</p>\r\n<p class=\"Body\"><strong>Identification and Authentication</strong> - The TOE provides the ability to use, store, and protect X.509 certificates and pre-shared keys that are used for IPsec Virtual Private Network (VPN) connections.</p>\r\n<p><strong>Security Management</strong> - The TOE provides the interfaces necessary to manage the security functions identified throughout the security target. In particular, the IPsec VPN is configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway.</p>\r\n<p class=\"Body\"><strong>TSF Protection</strong> - The TOE relies upon its underlying platform to perform self-tests and the functions necessary to securely update the TOE.</p>\r\n<p><strong>Trusted Path/Channels</strong> - The TOE acts as a VPN client using IPsec to established secure channels to corresponding VPN gateways.</p>","features":[]}