CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE portfolio delivers high-performance, scaling and flexibility to support a full array of IP and MPLS services and functions for service provider, web scale and enterprise networks. The 7750 SR family includes a wide range of physical platforms that share a mutual architecture and feature set. This allows Nokia customers to select the platform that best addresses their unique business goals and fulfills their scale, density, space, power, and value-added service requirements without compromising on quality or features. The 7750 series are chassis-based routers. The TOE supports a full array of network functions and services, achieving scale and efficiency without compromising versatility. It provides highly available service delivery mechanisms that maximize network stability and minimize service interruptions. Every Nokia 7750 series routing appliance is a whole routing system that provides a variety of high-speed interfaces (only Ethernet is within scope of this evaluation) for various scale of networks and various network applications. The TOE utilizes a common Nokia SR OS firmware, features, and technology for compatibility across all platforms.

Nokia SR OS firmware is mainly responsible for all the functionalities and services provided by the routers. The routers can be accessed either via a local console or via a network connection that is protected using the SSH protocol. Each time a user accesses the routers, either via local console terminal connection or from the network remotely using SSH, the user must successfully authenticate with the correct credentials.

The TOE also supports MACsec functionality between compatible Nokia MACsec peer devices using the Media Dependent Adapter (MDA). The communication between these devices includes frames for ARP and Ethernet Control frames. In addition, it includes Destination MAC and Source MAC addresses in MACsec and MACsec Key Agreement (MKA) frames, which are not protected.

The MDAs are pluggable adapter cards. They provide physical interface connectivity to the devices. MDAs can be different in terms of connectivity and density configuration settings. Additionally, the MDA modules vary by chassis. Regardless, they provide the same functionality and security for the related chassis. MDAs support Ethernet and multiservice interfaces. For this evaluation, the following is true:

• Routers 7750 SR-a4 and 7750 SR-a8 support 10-port 10/1GE MACsec MDA maxp10-10/1Gb-msec-sfp+
• Routers 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, 7750 SR-7, 7750 SR-12 and 7750 SR-12e support MDA me12-10/1gb-sfp+

MKA protocol uses the Connectivity Association Key (CAK) to derive transient session keys called Secure Association Keys (SAKs). SAKs and other MKA parameters are required to sustain communication over the secure channel and to perform encryption and other MACsec security functions. SAKs, along with other essential control information, are distributed in MKA protocol control packets, also referred to as MKPDUs. MACsec can be deployed in two modes:

• Point-to-point mode
• Point-to-multipoint mode

In the evaluated configuration, MACsec is configured for individual point-to-point MACsec peers over an point-to-multipoint Ethernet link. A pair of MACsec devices can be connected via bridge or a direct connection. In order to establish the secured channel, the MACsec devices rely on a CAK and utilize the MKA protocol to make and receive the successful secure connection.

In order to determine an authorized peer, both devices must first exchange an MKA frame, these devices must agree upon a shared key and MACsec cipher suite in order to set up transmit Security Associations (SA). Once the connections are established, the MACsec frames will be transmitted between devices.

In the evaluated configuration, MACsec is configured for individual point-to-point MACsec peers over an point-to-multipoint Ethernet link. A pair of MACsec devices can be connected via bridge or a direct connection. In order to establish the secured channel, the MACsec devices rely on a CAK and utilize the MKA protocol to make and receive the successful secure connection.

In order to determine an authorized peer, both devices must first exchange an MKA frame, these devices must agree upon a shared key and MACsec cipher suite in order to set up transmit Security Associations (SA). Once the connections are established, the MACsec frames will be transmitted between devices.

The TOE is comprised of the following models:

Table 1 –TOE Physical Boundary Components

Figure 1 depicts the TOE boundary:

Figure 1 – TOE Boundary Diagram

TOE Evaluated Configuration

In the evaluated configuration, the TOE consists of one of the platforms identified above. The TOE supports secure connectivity with another IT environment device as stated in Table 3. 

Table 2 – IT Environment Components

Physical Scope of the TOE

The TOE boundary is the hardware appliance, which is comprised of hardware and software components. It is deployed in an environment that contains the various IT components as depicted in Figure 1 above. The TOE guidance documentation is included on this website.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Nokia 7x50 SR OS 20.10.R4 for 7750 SR-7, 7750 SR-12, 7750 SR-12e, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, 7750 SR-a4, and 7750 SR-a8 with maxp10-10/1Gb-msec-sfp+ and me12-10/1gb-sfp+ MDAs were evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Nokia 7x50 SR OS 20.10.R1 Guidance Document, satisfies all of the security functional requirements stated in the Nokia 7x50 SR OS 20.10.R4 for 7750 SR-7, 7750 SR-12, 7750 SR-12e, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, 7750 SR-a4, and 7750 SR-a8 with maxp10-10/1Gb-msec-sfp+ and me12-10/1gb-sfp+ MDAs Security Target.

The project underwent CCEVS Validator review.  The evaluation was completed in August 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The TOE implements the following security functional requirements:

•                Security Audit

•                Cryptographic Support

•                Identification and Authentication

•                Security Management

•                Protection of the TSF

•                TOE Access

•                Trusted Path/Channels

Each of these security functionalities are listed in more detail in the sections below.

Security Audit

The TOE generates audit events for all start-up and shut-down functions and all auditable events as specified in Table 15 of the Security Target. Audit events are also generated for management actions specified in FAU_GEN.1. The TOE is capable of storing audit events locally and exporting them to an external audit server using HTTP PUT requests over TLS v1.2 protocol. Each audit record contains the date and time of event, type of event, subject identity, and the relevant data of the event. The audit server supports the following severity levels: indeterminate (info), major, and minor.

Cryptographic Support

The TOE provides cryptographic support for the services described in Table 3 below. The related CAVP validation details are provided in Table 4. The operating system is SR OS 20.10.R4. The TOE leverages OpenSSL v1.1.1g for its cryptographic functionality.

Table 3 – TOE Cryptography Implementation

Table 4 – CAVP Algorithm Testing References

Identification and Authentication

All users must be authenticated to the TOE prior to carrying out any management actions. The TOE supports password-based authentication and public key-based authentication. Based on the assigned role, a user is granted a set of privileges to access the system.

Security Management

The TOE supports local and remote management of its security functions including:

• Local console CLI administration
• Remote CLI administration via SSHv2
• Timed user lockout after multiple failed authentication attempts
• Password configurations
• Configurable banners to be displayed at login
• Timeouts to terminate administrative sessions after a set period of inactivity
• Protection of secret keys and passwords

TOE Access

Prior to establishing an administration session with the TOE, a banner is displayed to the user. The banner messaging is customizable. The TOE will terminate an interactive session after configurable number of minutes of session inactivity. A user can terminate their local CLI session and remote CLI session by entering the appropriate command at the prompt.

Protection of the TSF

The TOE protects all passwords, pre-shared keys, symmetric keys, and private keys from unauthorized disclosure. Pre-shared keys, symmetric keys, and private keys are stored in encrypted format. Passwords are stored as a non-reversible hash value as per standard Linux approach. The TOE executes self-tests during initial start-up to ensure correct operation and enforcement of its security functions. An administrator can install software updates to the TOE. The TOE internally maintains the date and time.

Trusted Path/Channels

The TOE supports HTTPS PUT requests over TLS v1.2 for secure communication to the audit server. The TOE supports TLS v1.2 for secure communication to LDAP server. The TOE supports local CLI and uses SSH v2 for secure remote administration.

Vendor Information