NIAP
NIAP/CCEVS
  NIAP  »»  CCEVS Products  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Belkin Secure KVM models F1DN102F-3, F1DN102N-3, F1DN102V-3, F1DN102H-3, F1DN104P-3, F1DN104W-3, F1DN104B-3, F1DN104C-3, F1DN104E-3, F1DN104F-3, F1DN104Q-3, F1DN108C-3, F1DN116C-3, and F1DN108F-3

Certificate Date:  24 March 2016

Validation Report Number:  CCEVS-VR-VID10708-2016

Product Type:    Peripheral Switch

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Peripheral Sharing Switch Version 3.0

CC Testing Lab:  DXC.technology


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Belkin Secure KVM Peripheral Sharing Switches (PSS) allows the secure sharing of a single set of peripheral components such as keyboard, Video Display and Mouse/Pointing devices among multiple computers through standard USB, DVI, and DisplayPort interfaces. Belkin Third-Generation Secure KVMs products are using multiple isolated microcontrollers and optical data diodes to protect from data leakages between connected computers.

Products are ranging from 2-Ports to 16-Ports to support 2 to 16 computers respectively.

Some evaluated KVM products also support CAC (user authentication) function as shown in the table below. This function enables secure connection of smart-card reader USB devices.

Analog audio out switching is supported by all evaluated products. Stereo audio signals are passed through audio data diodes to enforce unidirectional flow of audio signals from the selected connected computer to the connected audio peripheral device.

CAC may be switched to a computer other than the one selected for keyboard and mouse through the use of front panel CAC enable – disable slider switches.

Single-head products are used to switch video from computers having a single video output (for example 4:1) while dual-head models are used to switch parallel computers having two video outputs (for example 8:1 + 8:1).

All evaluated products support a USB keyboard and USB mouse or touchscreen.

Belkin secure KVM products support a single user having a single or multiple display/s based on the table below:

Model

Computers supported

Display/s supported

Display I/F  Protocol

Computer video I/F Protocol

Video switching function

CAC Port

Analog audio out

F1DN102F-3

2

1

DVI-I

DVI-I

Switch 2:1

No

Yes

F1DN102N-3

2

1

HDMI

DisplayPort

Switch 2:1

No

Yes

F1DN102V-3

2

1

VGA

VGA

Switch 2:1

No

Yes

F1DN102H-3

2

1

HDMI

HDMI

Switch 2:1

No

Yes

F1DN104P-3

4

1

HDMI

DisplayPort

Switch 4:1

Yes

Yes

F1DN104W-3

4

2

HDMI

DisplayPort

Switch 4:1 + 4:1

Yes

Yes

F1DN104B-3

4

1

DVI-I

DVI-I

Switch 4:1

No

Yes

F1DN104C-3

4

1

DVI-I

DVI-I

Switch 4:1

Yes

Yes

F1DN104E-3

4

2

DVI-I

DVI-I

Switch 4:1

No

Yes

F1DN104F-3

4

2

DVI-I

DVI-I

Switch 4:1

Yes

Yes

F1DN104Q-3

4

3

DVI-I

DVI-I

Switch 4:1+4:1+4:1

Yes

Yes

F1DN108C-3

8

1

DVI-I

DVI-I

Switch 8:1

Yes

Yes

F1DN116C-3

16

1

DVI-I

DVI-I

Switch 16:1

Yes

Yes

F1DN108F-3

8

2

DVI-I

DVI-I

Switch 8:1 + 8:1

Yes

Yes


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Belkin Secure KVM was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. Computer Sciences Corporation determined that the product is conformant to requirements for Peripheral Switch Protection Profile version 3.0.  The product satisfies all of the security functional requirements stated in the Security Target. Four validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in February 26, 2016. Results of the evaluation can be found in the Assurance Activity Report for Belkin Secure KVM prepared by CSC Global Cybersecurity.


Environmental Strengths

Keyboard and mouse security

Isolated keyboard and mouse USB device emulators per connected computer to prevent direct interface between the TOE shared peripheral devices and connected computers.

TOE uses host (computer) emulators to interface with connected keyboard and mouse peripheral devices, thus isolating external peripherals from TOE internal circuitry and from connected computers.

Keyboard user data is not stored on TOE non-volatile memory.  All USB stacks are implemented in the TOE using SRAM (Static Random Access Memory) – a volatile memory that clears data once TOE is powered down.

TOE external interface security

The TOE supports only the following external interfaces protocols:

           USB keyboard and mouse;

           Analog audio output;

           User authentication device or other assigned USB devices (TOE model specific);

           Power (AC or DC); and

           Video (VGA, DVI, HDMI, DisplayPort or MHL video only).

Audio Subsystem security

The TOE audio data flow path is electrically isolated from all other functions and interfaces to prevent signaling data leakages to and from the audio paths.

Video subsystem security

Video input interfaces are isolated from one another. Isolation is achieved through the use of different power and ground planes, different electronic components and different emulated EDID chips per channel.

TOE supports Display Port 1.1, 1.2 and 1.3. TOE video function filters the AUX channel by converting it to I2C EDID only. DisplayPort video is converted into HDMI video stream.

User authentication device subsystem security

TOE supports User Authentication Device function (called CAC). These products are configured by default as FDF (Fixed Device Filtration) with filter set to qualify only the following devices:

           Standard smart-card reader USB token or biometric authentication device having USB smart-card class interface complying with USB Organization standard CCID Revision 1.1 or ICCID Revision 1.0.

Note that device must be bus powered

User control and monitoring security

TOE is controlled and monitored by the user through front panel illuminated push-buttons and switches. These controls and indications are coupled to the TOE system controller function.

Tampering protection

Always-on anti-tampering system mechanically coupled to the TOE enclosure to detect and attempt to access the TOE internal circuitry.

TOE is equipped with special holographic Tampering Evident Labels that located in critical location on the TOE enclosure.

Self-testing and Log

TOE is equipped with self testing function that operating at TOE power up prior to normal use. The self-test function is running independently at each one of the TOE microcontrollers following power up.

TOE is equipped with event log non-volatile memory that stores information about abnormal security related events.


Vendor Information

logo
Belkin International
John Minasyan
+1-949-270-8504
john.minasyan@belkin.com

http://belkinbusiness.com/government
Site Map              Contact Us              Home