{"product_id":11396,"v_id":11396,"product_name":"DataSoft Secure Tactical VPN Client for Android","certification_status":"Certified","certification_date":"2023-08-14T00:00:00Z","tech_type":"Application Software, Virtual Private Network","vendor_id":{"name":"DataSoft Corporation","website":"www.datasoft.com"},"vendor_poc":"Vik Patel","vendor_phone":"4807635777","vendor_email":"vik.patel@datasoft.com","assigned_lab":{"cctl_name":"Gossamer Security Solutions"},"product_description":"<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The Target of Evaluation (TOE) is the DataSoft Secure Tactical VPN Client for Android (SW version 2.3.7).<span style=\"mso-spacerun: yes;\">&nbsp; </span>The TOE enables remote users within an organization to communicate securely as if their devices were directly connected to a private network.</p>\r\n<p class=\"Body\">The TOE complies with IKEv2 RFCs and can utilize X509v3 certificates for authentication of an IPsec peer.<span style=\"mso-spacerun: yes;\">&nbsp; </span>In a basic IPsec VPN connection, all traffic from the VPN client is encrypted and sent across the VPN gateway.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Administrators can define profiles through the TOE or load them into a mobile device.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Named profiles define the endpoints, authentication data, and cryptographic characteristics for a VPN connection.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Profiles define the cryptographic configuration of the set of additional cryptographic options.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The TOE can interoperate with IKEv2 VPN Gateways but also includes extensions to route multicast traffic through the VPN, allowing the TOE to interoperate with DataSoft&rsquo;s small form factor Radio Access Point (RAP), which allows mobile and dismounted operators to perform C2-releated computing functions security across existing tactical communications networks.</p>","evaluation_configuration":"<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The TOE provides IPsec VPN client functionality for Android-based End User Devices (EUD) running on Android 11, Android 12, and Android 13 mobile devices (or &ldquo;Platforms&rdquo;) running Linux Kernel earlier than v5.6.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\">The TOE was specifically tested on those three different versions of Android using the following hardware:</p>\r\n<table class=\"MsoNormalTable\" style=\"margin-left: 5.65pt; border-collapse: collapse; mso-table-layout-alt: fixed; mso-padding-alt: 0in .5pt 0in .5pt;\" border=\"0\" width=\"612\" cellspacing=\"0\" cellpadding=\"0\">\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes;\">\r\n<td style=\"width: 49.5pt; border: solid #C0504D 1.0pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"color: white;\">Phone</span></strong></p>\r\n</td>\r\n<td style=\"width: 85.5pt; border: solid #C0504D 1.0pt; border-left: none; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"color: white;\">Model </span></strong></p>\r\n</td>\r\n<td style=\"width: 166.5pt; border: solid #C0504D 1.0pt; border-left: none; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"222\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 9.0pt; color: white;\">CPU</span></strong></p>\r\n</td>\r\n<td style=\"width: 31.5pt; border: solid #C0504D 1.0pt; border-left: none; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"42\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"color: white;\">Kernel</span></strong></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border: solid #C0504D 1.0pt; border-left: none; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"color: white;\">Android OS</span></strong></p>\r\n</td>\r\n<td style=\"width: 67.5pt; border: solid #C0504D 1.0pt; border-left: none; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; background: #C0504D; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"Standard\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"color: white;\">VID/Date</span></strong></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 1;\">\r\n<td style=\"width: 49.5pt; border: solid #C0504D 1.0pt; border-top: none; mso-border-top-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" width=\"66\">\r\n<p class=\"MsoNormal\">Samsung</p>\r\n</td>\r\n<td style=\"width: 85.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" width=\"114\">\r\n<p class=\"MsoNormal\">S20 Tactical Edition</p>\r\n</td>\r\n<td style=\"width: 166.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"222\">\r\n<p class=\"MsoNormal\">Qualcomm snapdragon 865 (SM8250)</p>\r\n</td>\r\n<td style=\"width: 31.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" width=\"42\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">4.19</span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"MsoNormal\">Android 11</p>\r\n</td>\r\n<td style=\"width: 67.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\">11042/</p>\r\n<p class=\"MsoNormal\">Archived</p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2;\">\r\n<td style=\"width: 49.5pt; border: solid #C0504D 1.0pt; border-top: none; mso-border-top-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" width=\"66\">\r\n<p class=\"MsoNormal\">Google</p>\r\n</td>\r\n<td style=\"width: 85.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" width=\"114\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">Pixel 5</span></p>\r\n</td>\r\n<td style=\"width: 166.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"222\">\r\n<p class=\"MsoNormal\">Qualcomm snapdragon 765G (SM7250)</p>\r\n</td>\r\n<td style=\"width: 31.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"42\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">4.19</span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"MsoNormal\">Android 11</p>\r\n</td>\r\n<td style=\"width: 67.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\">11124/</p>\r\n<p class=\"MsoNormal\">Archived</p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3;\">\r\n<td style=\"width: 49.5pt; border: solid #C0504D 1.0pt; border-top: none; mso-border-top-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" width=\"66\">\r\n<p class=\"MsoNormal\">Google</p>\r\n</td>\r\n<td style=\"width: 85.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" width=\"114\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">Pixel 4a-5G</span></p>\r\n</td>\r\n<td style=\"width: 166.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"222\">\r\n<p class=\"MsoNormal\">Qualcomm snapdragon 765G (SM7250)</p>\r\n</td>\r\n<td style=\"width: 31.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"42\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">4.19</span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"MsoNormal\">Android 12</p>\r\n</td>\r\n<td style=\"width: 67.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\">11239/</p>\r\n<p class=\"MsoNormal\">02/28/2022</p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4; mso-yfti-lastrow: yes;\">\r\n<td style=\"width: 49.5pt; border: solid #C0504D 1.0pt; border-top: none; mso-border-top-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" width=\"66\">\r\n<p class=\"MsoNormal\">Google</p>\r\n</td>\r\n<td style=\"width: 85.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" width=\"114\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">Pixel 5a-5G</span></p>\r\n</td>\r\n<td style=\"width: 166.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"222\">\r\n<p class=\"MsoNormal\">Qualcomm snapdragon 765G (SM7250)</p>\r\n</td>\r\n<td style=\"width: 31.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"42\">\r\n<p class=\"MsoNormal\"><span style=\"mso-fareast-font-family: Calibri;\">4.19</span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in 5.4pt 0in 5.65pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"MsoNormal\">Android 13</p>\r\n</td>\r\n<td style=\"width: 67.5pt; border-top: none; border-left: none; border-bottom: solid #C0504D 1.0pt; border-right: solid #C0504D 1.0pt; mso-border-top-alt: solid #C0504D .5pt; mso-border-left-alt: solid #C0504D .5pt; mso-border-alt: solid #C0504D .5pt; padding: 0in .5pt 0in .5pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\">11317/</p>\r\n<p class=\"MsoNormal\">01/24/2023</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">&nbsp;</p>","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation demonstrated that <span style=\"mso-bidi-font-style: italic;\">the TOE </span>meets the security requirements contained in the Security Target.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the Evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The product, when delivered and configured as identified in the <span style=\"mso-no-proof: yes;\">DataSoft</span> <span style=\"mso-no-proof: yes;\">Secure Tactical VPN Client CC Configuration Guide</span>, Version <span style=\"mso-no-proof: yes;\">1.1</span>, <span style=\"mso-no-proof: yes;\">July 26, 2023</span> document, satisfies all of the security functional requirements stated in the <span style=\"mso-no-proof: yes;\">DataSoft Secure Tactical VPN Client for Android Security Target</span>, Version 0.5, August 07<span style=\"mso-no-proof: yes;\">, 2023</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The project underwent CCEVS Validator review.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation was completed in <span style=\"mso-no-proof: yes;\">August 2023</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID<span style=\"mso-no-proof: yes;\">11396-2023</span>) prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The logical boundaries of the <span style=\"mso-no-proof: yes;\">Secure Tactical VPN Client for Android</span> are realized in the security functions that it implements. Each of these security functions is summarized below.</p>\r\n<p class=\"MsoNormal\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Cryptographic support:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The TOE includes its own cryptographic library that implements approved cryptographic algorithms that the TOE uses to protect communication between itself and a VPN gateway over an unprotected network using IPsec.<span style=\"mso-spacerun: yes;\">&nbsp; </span><span style=\"mso-spacerun: yes;\">&nbsp;</span>The TOE uses the Platform to protect credential data at rest.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The TOE platform provides asymmetric cryptography (Android&rsquo;s user keychain), which is used by the TOE for IKE peer authentication (using digital signature and hashing services).<span style=\"mso-spacerun: yes;\">&nbsp;&nbsp; </span>In addition, the TOE seeds its DRBG from the Platform.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>User data protection:</strong></p>\r\n<p>The TOE ensures that residual information from previously sent network packets processed through the platform are protected from being passed into subsequent network packets.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Identification and authentication:</strong></p>\r\n<p>The TOE and TOE platform perform device-level X.509 certificate-based authentication of the VPN Gateway during IKE v2 key exchange.&nbsp; Device-level authentication allows the TOE to establish a secure channel with a trusted VPN Gateway. The secure channel is established only after each endpoint successfully authenticates each other.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Security management:</strong></p>\r\n<p>The TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target.&nbsp; This includes interfaces to the user as well as to the VPN gateway.&nbsp; The IPsec VPN is fully configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway.&nbsp; The TOE platform provides the functions necessary to securely update the TOE.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Privacy:</strong></p>\r\n<p>The TOE does not store or transmit Personally Identifiable Information (PII) over a network.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Protection of the TSF:</strong></p>\r\n<p>The TOE utilizes its own cryptographic functions to perform self-tests that ensure the TOE&rsquo;s integrity and algorithm correctness.&nbsp; The TOE platform provides the functions necessary to securely update the TOE software.</p>\r\n<p><strong>Trusted path/channels:</strong></p>\r\n<p>The TOE establishes an IPsec trusted channel (which protects the transmitted data from unauthorized disclosure and modification) with a corresponding VPN gateway.</p>","features":[]}