Security Target Entrust Authority Security Manager and ... Security Target . Entrust Authority Security

  • View
    0

  • Download
    0

Embed Size (px)

Text of Security Target Entrust Authority Security Manager and ... Security Target . Entrust Authority...

  • Security Target Entrust Authority Security Manager and Security Manager Administration

    Version 5. 5 January 17, 2012

    Prepared By: Entrust Inc.

  • Entrust Authority Security Target V5.5

    II

    © 2012 Entrust Inc. All rights reserved Entrust is a trademark or a registered trademark of Entrust, Inc. in certain countries. All Entrust product names and logos are trademarks or registered trademarks of Entrust, Inc. in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries. The information is subject to change as Entrust reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant.

    © 2012 ENTRUST INC. All rights reserved.

  • Entrust Authority Security Target V5.5

    III

    Document version control log

    Version

    Date

    Author(s)

    Description

    1.0 May 8, 2009 Sharon Boeyen Initial copy of Entrust Authority 8.0 Security Target 2.0 May 21, 2009 Mark Joynes Modifying ST to reflect version number change for

    the product set – change to 8.1 3.0 July 14, 2010 Sharon Boeyen Align ST with “Certificate Issuing and

    Management Components for Basic Robustness Environments Protection Profile Version 1.0 April 27, 2009”.

    4.0 August 10, 2010 Sharon Boeyen Modify ST to resolve issues raised by evaluator Lachlan Turner in Domus Observation report dated August 9, 2010

    4.1 August 12, 2010 Sharon Boeyen Modify ST to resolve additional issues and concerns raised by evaluator Lachlan Turner in Domus Observation report dated August 12, 2010

    4.2 September 17, 2010 Sharon Boeyen Modify ST to resolve certifier comments 5.0 November 23, 2010 Sharon Boeyen Modify to exclude EAAS from TOE 5.1 December 30, 2010 Sharon Boeyen Align ST with revised PP 5.2 August 30, 2011 Sharon Boeyen Corrected reference in section 7.1.1.1 for

    Operations Guide to point to Section E and added version number to Operations Guide in list of References in Section 10.

    5.3 November 17, 2011 Sharon Boeyen Updated EASM and EASMA versions to 8.1 SP1 and updated Security Kernel version to 8.1 SP1

    5.4 December 16, 2011 Sharon Boeyen Updated version numbers for database, directory, HSM and ESP and clarified which service/protocol made use of the GUTS cryptographic module that is turned off for purposes of the evaluation

    5.5 January 17, 2012 Sharon Boeyen Added EASM and EASMA specific build numbers, updated reference to CIMC PP to reference final CC approved version, updated reference to EASM Operations Guide, and updated version and date information for ST.

    © 2012 ENTRUST INC. All rights reserved.

  • Entrust Authority Security Target V5.5

    IV

    Table of Contents

    1  Introduction..........................................................................................................................................8 

    1.1  ST Reference..................................................................................................................................8  1.2  TOE Reference...............................................................................................................................8  1.3  TOE Overview ................................................................................................................................8 

    1.3.1  Components........................................................................................................................8  1.3.2  Typical Deployment Scenarios ..........................................................................................8 

    1.3.2.1  Traditional X.509 Environment..........................................................................9  1.3.2.2  Electronic Passport Country Verifying Environment employing EAC.............9 

    1.3.3  Non-TOE Requirements.....................................................................................................9  1.3.3.1  TOE Component Platform Requirements ........................................................9  1.3.3.2  Additional Software Requirements ................................................................ 10  1.3.3.3  Additional Hardware Requirements............................................................... 10 

    1.3.4  Evaluated Configuration .................................................................................................. 10  1.4  TOE Description .......................................................................................................................... 11 

    1.4.1  Product Type.................................................................................................................... 11  1.4.2  Major Security Features .................................................................................................. 11  1.4.3  TOE Roles........................................................................................................................ 12  1.4.4  High Level Architecture ................................................................................................... 13 

    1.4.4.1  Entrust Authority Security Manager ............................................................... 14  1.4.4.2  Entrust Authority Security Manager Administration ...................................... 15  1.4.4.3  Database......................................................................................................... 15  1.4.4.4  Directory .......................................................................................................... 16  1.4.4.5  Cryptographic Modules................................................................................... 16 

    1.4.5  TOE Boundary ................................................................................................................. 17  1.4.5.1  Exclusion from the TOE Boundary ................................................................ 18 

    2  Conformance Claims....................................................................................................................... 21 

    2.1  CC Conformance Claim.............................................................................................................. 21  2.2  Protection Profile Claim............................................................................................................... 21 

    3  Security Problem Definition............................................................................................................ 22 

    3.1  Assumptions ................................................................................................................................ 22  3.1.1  Personnel Assumptions................................................................................................... 22  3.1.2  Connectivity...................................................................................................................... 23  3.1.3  Physical ............................................................................................................................ 23 

    3.2  Threats......................................................................................................................................... 23  3.2.1  Authorized Users ............................................................................................................. 23  3.2.2  System.............................................................................................................................. 23  3.2.3  Cryptography.................................................................................................................... 23  3.2.4  External Attacks ............................................................................................................... 24 

    3.3  Organizational Security Policies ................................................................................................. 24 

    4  Security Objectives.......................................................................................................................... 25 

    4.1  Security Objectives for the TOE ................................................................................................. 25  4.1.1  Authorized Users ............................................................................................................. 25  4.1.2  System.............................................................................................................................. 25  4.1.3  Cryptography.................................................................................................................... 25  4.1.4  External Attacks ............................................................................................................... 25 

    4.2  Security Objectives for the Environment.................................................................................... 25  4.3  Security Objectives for both the TOE and the Environment ..................................................... 27 

    © 2012 ENTRUST INC. All rights reserved.

  • Entrust Authority Security Target V5.5

    V

    4.4  Security Objectives Rationale..................................................................................................... 28  4.4.1  Tracing Between Security Objectives and Security