Extreme Networks Virtual Services Platform (VSP) Series Switches v8.3.100 Security Target Version 0.7 December 16, 2022 Preparedfor: Extreme Networks, Inc. 6480 Via Del Oro,San Jose, CA 95119 PreparedBy: www.gossamersec.com Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 2 of 40 1. SECURITYTARGET INTRODUCTION.............................................................................................................3 1.1 SECURITY TARGET REFERENCE...........................................................................................................................3 1.2 TOE REFERENCE ..................................................................................................................................................3 1.3 TOE OVERVIEW....................................................................................................................................................4 1.4 TOE DESCRIPTION................................................................................................................................................4 1.4.1 TOE Architecture.........................................................................................................................................4 1.4.2 TOE Documentation....................................................................................................................................7 2. CONFORMANCE CLAIMS....................................................................................................................................9 2.1 CONFORMANCE RATIONALE ..............................................................................................................................10 3. SECURITYOBJECTIVES ....................................................................................................................................11 3.1 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ......................................................................11 4. EXTENDED COMPONENTS DEFINITION.....................................................................................................13 5. SECURITYREQUIREMENTS ............................................................................................................................14 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS..................................................................................................14 5.1.1 Security audit (FAU).................................................................................................................................15 5.1.2 Cryptographic support (FCS)...................................................................................................................17 5.1.3 Identification and authentication (FIA)....................................................................................................20 5.1.4 Security management (FMT).....................................................................................................................22 5.1.5 Protection of the TSF (FPT).....................................................................................................................23 5.1.6 TOE access (FTA)......................................................................................................................................24 5.1.7 Trusted path/channels (FTP)....................................................................................................................24 5.2 TOE SECURITY ASSURANCE REQUIREMENTS...................................................................................................25 5.2.1 Development (ADV)...................................................................................................................................25 5.2.2 Guidance documents(AGD).....................................................................................................................26 5.2.3 Life-cycle support (ALC)...........................................................................................................................27 5.2.4 Tests(ATE).................................................................................................................................................27 5.2.5 Vulnerability assessment (AVA)................................................................................................................27 6. TOE SUMMARYSPECIFICATION...................................................................................................................29 6.1 SECURITY AUDIT.................................................................................................................................................29 6.2 CRYPTOGRAPHIC SUPPORT .................................................................................................................................31 6.3 IDENTIFICATION AND AUTHENTICATION............................................................................................................35 6.4 SECURITY MANAGEMENT ...................................................................................................................................37 6.5 PROTECTION OF THE TSF...................................................................................................................................38 6.6 TOE ACCESS.......................................................................................................................................................40 6.7 TRUSTED PATH/CHANNELS.................................................................................................................................40 LIST OF TABLES Table 1-1 Extreme networking appliances -hardware.......................................................................................................4 Table 2-1 Technical Decisions.............................................................................................................................................9 Table 5-1 TOE Security Functional Components.............................................................................................................15 Table 5-2 Audit events.......................................................................................................................................................17 Table 5-3 Assurance Components.....................................................................................................................................25 Table 6-1 VOSS 8.3.100 Platforms Cryptography...........................................................................................................32 Table 6-2 VOSS Key Establishment Schemes.................................................................................................................32 Table 6-3 Cryptographic Keys andCSPs.....................................................................................................................32 Table 6-4 Administrator Manageable Security Keys.......................................................................................................38 Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 3 of 40 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is Extreme Networks VSP Series Switches provided by Extreme Networks,Inc. The TOE is being evaluatedas a networkdevice The Security Target containsthefollowing additionalsections: • Conformance Claims (Section 2) • Security Objectives(Section3) • Extended ComponentsDefinition(Section4) • Security Requirements(Section5) • TOE Summary Specification (Section6) Conventions The following conventionshave beenapplied in this document: • Security Functional Requirements – Part 2 of the CC defines the approved set of operations that may be applied to functionalrequirements: iteration,assignment,selection,and refinement. o Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by a parenthetical number placed at the end of the component. For example FDP_ACC.1(1) and FDP_ACC.1(2)indicate thatthe ST includestwoiterationsofthe FDP_ACC.1 requirement. o Assignment: allows the specification of an identified parameter. Assignments are indicated using bold and aresurroundedby brackets(e.g.,[assignment]). Note thatanassignmentwithina selection would be identified in italics and with embeddedbold brackets(e.g.,[[selected-assignment]]). o Selection: allows the specification of one or more elements froma list. Selections are indicated using bold italics and are surroundedby brackets(e.g.,[selection]). o Refinement: allows the additionofdetails. Refinementsare indicated usingbold,foradditions,and strike-through,fordeletions(e.g.,“…all objects …” or“…some big things…”). • Othersections ofthe ST – Othersections ofthe ST use bolding to highlight text ofspecialinterest,suchas captions. 1.1 Security Target Reference STTitle – Extreme Networks Virtual Services Platform(VSP) Series Switches v8.3.100Security Target STVersion– Version 0.7 STDate – December16, 2022 1.2 TOE Reference TOE Identification – Extreme Networks VirtualServices Platform(VSP) Series Switches v8.3.100 TOE Developer – Extreme Networks,Inc. Evaluation Sponsor – Extreme Networks,Inc. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 4 of 40 1.3 TOE Overview The TOE is the Extreme Networks Virtual Services Platform (VSP) Series Switches v8.3.100. The TOE is a standalone network device that facilitates Data Link Layer data transfer between network nodes connected to its physicalports. TOE consistsofa hardware appliance with embedded firmware. In the evaluated configuration this consistsofan instanceofeitherofthe VSP4900, VSP7400, VSP8400, orExtremeAcess Platform(XA)models. All TOE appliances are shipped ready for immediate access through a Command Line Interface [CLI], with some basic featuresenabled by default. However,to ensure secure use,the product must be configured priorto being put into a productionenvironmentas specified in the userguidance. The CLIis a text based interface whichis accessible froma directly connectedterminalorvia a remote terminalusing SSH. All of the remote management interfacesare protected using encryptionas explained laterin this ST. 1.4 TOE Description The TOE consists of the hardware models shown in Table 1-1. The TOE links the Mocana 32-bit libraries for cryptographic operationsusingnon-PAAoperationsonly with theMocana GCM 64k feature enabled. Platform Model Processor VSP4900 VSP4900-48P C3338 IntelAtomDenverton VSP4900-24S C3338 IntelAtomDenverton VSP4900-24XE C3538 IntelAtomDenverton VSP4900-12MXU-12XE C3538 IntelAtomDenverton VSP7400 VSP7400 -32C C3758 IntelAtomDenverton VSP7400-48Y-8C C3758 IntelAtomDenverton VSP8400 VSP8404C Freescale P2020e500v2 ExtremeAccess Platform XA-1400 XA1440 C3558 IntelAtomDenverton XA1480 C3758 IntelAtomDenverton Table 1-1 Extreme networking appliances – hardware Each model includes an out ofband management port that is Intel-based and a set ofin band networkinterfacesthat are all Broadcom-based. Therefore,allmodels have equivalentnetworkinterfaces. 1.4.1 TOE Architecture The basic architecture ofeach TOE appliance beginswith a hardware appliance with physicalnetworkconnections. Within the hardware appliance the TOEis designed to controland enable accessto the available hardware functions (e.g.,programexecution,device access,facilitate basic routing and switchingfunctions). There are normally two management interfaces – a browser-based management UI accessed via TLS/HTTPS and a CLI accessed locally orvia SSH. However,to meet therequirementslistedin this Security Target,thebrowser-based management UImust be disabled asdescribedbyguidance. Thus,in the evaluatedconfigurationonly the CLIcan be used formanagement. The TOE Boundaryis outlinedin the following figure: Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 5 of 40 Figure 1:TOE Boundary 1.4.1.1 Physical Boundaries The physicalboundary ofthe TOEis the Extreme Networks VirtualServices Platform(VSP) Switches runningVSP Operating SystemSoftware (VOSS) 8.3.100, which includes: • The appliance hardware • RJ-45/RS-232 management ports • USB port • Embedded software/firmware installedon the appliance • CLI management interface Each TOE appliance runs a version of the Extreme proprietary OS and has physical network connections to its environmentto facilitate routing andswitchingofnetworktraffic. The TOE appliance canalso be thedestinationof networktraffic,where it providesinterfacesforitsownmanagement. The TOEmay be accessed andmanaged through a management workstation orterminalin the environment which can be remotefromordirectly connectedtothe TOE. The TOE can be configured toforward itsaudit recordsto anaudit server(i.e.,a syslog server)that is providedby the environment.This is generally advisable given the limited audit log storage space on the evaluated appliances. The TOE sets its internalclockusingadministrative commandsissuedat the CLIinterface orcan use an NTPserver. The evaluation assumes the OperationalEnvironmentofthe TOEincludes the following: • The SSH client that is used to accessthe managementinterface • The management workstation that hoststhe SSHclient • Syslog serverforexternalstorage ofaudit records • NTP serverforsynchronizing systemtime • Certificate Authority and OCSPserversto support X.509 • DNS server(optionalnot depicted in Figure 1) The scope ofthe evaluation is limited to the requirements levied uponthe TOEin the ST – all otherfunctionality is outsidethe scopeofthe evaluation. The TOE supportsa numberoffeatures that are notpart ofthe core functionality. Thesefeaturesare not includedin the scope ofthe evaluation: • Browser-basedmanagement UIaccessedvia TLS/HTTPSis disabledandis not evaluated. • The use ofSNMPv3is excluded. TOE Boundary Firewall/Router Client Terminal Client Client Peer OCSP/CA TLS SSH or HTTPS NTP Server Audit Server Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 6 of 40 • Fabric Extend with IPsec is not evaluated. • Use ofthe FTPserveris excluded and it is disabledby default. • Integrationwith AAA serveris not evaluated. • Virtualized VOSS versionsare not included in the scope and are notevaluated. 1.4.1.2 Logical Boundaries This section summarizes the security functions provided by Extreme Networks Virtual Services Platform (VSP) Switches runningVOSS8.3.100: • Security audit • Cryptographic support • Identificationand authentication • Security management • Protection oftheTSF • TOE access • Trustedpath/channels 1.4.1.2.1 Securityaudit The Network Appliances provide extensive auditing capabilities. The TOE generates a comprehensive set of audit logs that identify specific TOEoperations. Foreach event,theTOErecords the date andtime ofeach event,thetype of event, the subject identity, and the outcome of the event. Auditable events include: failure on invoking cryptographic functionality suchasestablishment,terminationandfailure ofa TLSsession; establishment,termination and failure ofan SSHsession;alluse oftheuseridentification mechanisms; anyuse oftheauthenticationmechanism; any change in the configuration of the TOE, changes to time, initiation of TOE update, indication of completion of TSF self-test,terminationofa remote session; andinitiationand terminationofa trusted channel. The TOE is configured to transmit its audit messages to an external syslog server. Communication with the syslog serveris protectedusing TLS. The logs forall appliancescanbe viewed theCLI. The records include thedate/time the event occurred, the event/type of event, the user ID associated with the event, and additional information of the event andits successand/orfailure. 1.4.1.2.2 Cryptographic support The TOE utilizes CAVP-tested cryptographic implementations to provide key management, randombit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols. This cryptography is usedto support the following features: • TLS client in support ofsecure channelwith remote syslog server, • SSH serverin support ofsecure CLIremote management interface, • X.509 certificate validationand • NTP support. 1.4.1.2.3 Identification and authentication The TOE provides authentication services for administrative users to connect to the TOEs administrator interfaces (local CLI, and remote CLI). The TOE requires Administrators to authenticate priorto being granted access toany of the management functionality. In the Common Criteria evaluated configuration, the TOE requires a minimum passwordlengthbe configuredbetween8and 32characters,as wellas a minimum RSA key length of2048bits. The TOE provides administratorauthenticationagainst a localuserdatabase. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 7 of 40 1.4.1.2.4 Securitymanagement The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided bythe TOE. Management cantake place overa varietyofinterfaces including: • Local console commandline administration; • Remote command line administration via SSHv2; The TOEprovidesmultiple interfacesto performadministration. While in the CLIcommand mode,the administrator has accesstosixdistinct modes,orprivileges,thatprovideaccesstoa specific set ofcommands. DependingonRBAC configuration,not every administrativeaccountwould haveaccessto allmodes. The CLI modes are as follows: • UserEXEC Mode:Initialmode of access. • Privileged EXEC Mode:Usermode and passwordcombination determinesaccesslevel. • Global ConfigurationMode:Use this mode to make changesto therunningconfiguration. • Interface Configuration Mode:Use thismode to modify orconfigure logicalinterface,VLANora physicalinterface. • RouterConfigurationMode:Use this mode to modify protocolsettings. • ApplicationConfigurationMode:Use this mode to accessthe applications. The systemallows administratorsto viewaudit recordsin EXEC mode. All administrativefunctionality is accessed via the CLI. The TOEaudits alladministrativeaccess. TheTOEdisplays login bannersandinactivitytimeouts toterminate idle administrativesessionsaftera set periodofinactivity. 1.4.1.2.5 Protectionof the TSF The TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication,and accesscontrolsrestrictionstomanagement andconfigurationfunctionality toAdministrators. The TOE prevents reading of private keys and plaintext passwords by any user. The TOE internally maintains the date and time. This date and time are used as a timestamp that is part of each audit record generated by the TOE. Administratorscan updatethe TOE’s clockmanually orcan configure the TOEto synchronize with an externaltime source. TheTOEperforms testingto verify correctoperationofthesecurityappliancesthemselves. The TOEverifies all software updates via digital signature (2048-bit RSA/SHA-256) and requires administrative intervention prior to the software updatesbeing installed on theTOEto avoid the installationofunauthorized firmware. 1.4.1.2.6 TOE access The TOE can terminate inactive sessions after a configurable period. Once a session has been terminated the TOE requires theuserto re-authenticate toestablisha newsession. TheTOEcan also display specified banneron the local and remote CLIinterfaces priorto allowinganyadministrativeaccessto the TOE. The TOEallows usersto manually terminate an establishedmanagement sessionwith the TOE. 1.4.1.2.7 Trustedpath/channels The TOE supportsseveraltypes ofsecure communications: • Trustedpathswith remote administrators overSSH, • Trustedchannelswith remote IT environment syslog serversoverTLS. 1.4.2 TOE Documentation Extreme Networks offers a series ofdocumentsthatdescribe theinstallationprocessforthe TOEas wellas guidance for subsequent use and administration of the applicable security features. The following list of documents was examined as part ofthe evaluation: Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 8 of 40 • Extreme VOSS Common Criteria Configuration Guide 8.3.100, December2022 Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 9 of 40 2. Conformance Claims This TOE is conformant to thefollowing CCspecifications: • Common Criteria for Information TechnologySecurity Evaluation Part 2: Security functionalcomponents, Version 3.1, Revision 5,April2017. • Part 2 Extended • Common Criteria for Information TechnologySecurity EvaluationPart 3: Security assurance components, Version 3.1, Revision 5,April2017. • Part 3 Conformant • Package Claims: • collaborativeProtectionProfile forNetworkDevices,Version 2.2e,23 March 2020 (NDcPP22e) • TechnicalDecisions Technical Decision Applied Notes TD0670- NIT Technical Decision for Mutual and Non-Mutual Auth TLSC Testing Yes TD0639 - NIT Technical Decision for Clarification for NTP MAC Keys Yes TD0638 – NIT Technical Decision for Key Pair Generation for Authentication Yes TD0636 - NIT Technical Decision for Clarification of Public Key User Authentication for SSH No SFR not claimed TD0635 - NIT Technical Decision for TLSServer and Key Agreement Parameters No SFR not claimed (FCS_TLSS_EXT.1) TD0634 - NIT Technical Decision for Clarification requiredfor testingIPv6 Yes TD0633 - NIT Technical Decision for IPsec IKE/SA Lifetimes Tolerance No SFR not claimed TD0632 - NIT Technical Decision for Consistency with Time Data for vNDs Yes TD0631 - NIT Technical Decision for Clarification of public key authentication for SSH Server Yes TD0592 - NIT Technical Decision for Local Storage of Audit Records Yes TD0591 - NIT Technical Decision for Virtual TOEs and hypervisors Yes TD0581 - NIT Technical Decision for Elliptic curve-basedkey establishment and NIST SP 800-56Arev3 Yes TD0580 - NIT Technical Decision for clarification about use of DH14 in NDcPPv2.2e Yes TD0572 - NiT Technical Decision for RestrictingFTP_ITC.1to only IP address identifiers Yes TD0571 - NiT Technical Decision for Guidance on how to handle FIA_AFL.1 Yes TD0570 - NiT Technical Decision for Clarification about FIA_AFL.1 Yes TD0569 - NIT Technical Decision for Session ID Usage Conflict in FCS_DTLSS_EXT.1.7 No SFR not claimed TD0564 - NiT Technical Decision for Vulnerability Analysis Search Criteria Yes TD0563 - NiT Technical Decision for Clarification of audit date information Yes TD0556 - NIT Technical Decision for RFC 5077 question No SFR not claimed (FCS_TLSS_EXT.1) TD0555 - NIT Technical Decision for RFC Reference incorrect in TLSS Test No SFR not claimed (FCS_TLSS_EXT.1) TD0547 - NIT Technical Decision for Clarification on developer disclosure of AVA_VAN Yes TD0546 - NIT Technical Decision for DTLS- clarification of Application Note 63 No SFR not claimed TD0538 - NIT Technical Decision for Outdatedlink to allowed-with list Yes TD0537 - NIT Technical Decision for Incorrect reference to FCS_TLSC_EXT.2.3 Yes TD0536 - NIT Technical Decision for Update Verification Inconsistency Yes TD0528 - NIT Technical Decision for MissingEAs for FCS_NTP_EXT.1.4 Yes TD0527 - Updates to Certificate Revocation Testing(FIA_X509_EXT.1) Yes Table 2-1 Technical Decisions Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 10 of 40 2.1 Conformance Rationale The ST conforms to the NDcPP22e. As explained previously, the security problemdefinition, security objectives, and security requirementshave been drawnfromthe PP. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 11 of 40 3. Security Objectives The Security ProblemDefinition may be found in the NDcPP22e and this sectionreproduces only thecorresponding Security Objectivesforoperationalenvironment forreaderconvenience. The NDcPP22e offersadditionalinformation about the identified securityobjectives,butthat hasnotbeenreproducedhereandthe NDcPP22e shouldbe consulted if there is interestin that material. In general,the NDcPP22e hasdefinedSecurityObjectivesappropriate fornetworkdevicesandas such are applicable to the Extreme Networks VSPSeries Switches TOE. 3.1 Security Objectives for the Operational Environment OE.ADMIN_CREDENTIALS_SECURE The administrator'scredentials(privatekey)usedtoaccessthe TOEmust be protected onanyotherplatformon which theyreside. OE.COMPONENTS_RUNNING (applies to distributedTOEs only) FordistributedTOEs,the SecurityAdministratorensuresthattheavailability ofeveryTOEcomponentis checked as appropriate to reduce the riskofan undetectedattackon (orfailure of) one or more TOE components. The Security Administratoralso ensures that it is checked as appropriate forevery TOE component that the audit functionality is running properly. OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications)available on the TOE,otherthanthose services necessaryforthe operation,administrationandsupport ofthe TOE. Note:For vNDs the TOEincludesonly the contentsoftheits own VM,and doesnotincludeotherVMs or the VS. OE.NO_THRU_TRAFFIC_PROTECTION The TOE doesnotprovideanyprotection oftraffic that traversesit. It is assumed that protection ofthis traffic will be covered by othersecurityand assurance measures in the operational environment. OE.PHYSICAL Physicalsecurity,commensurate with the value ofthe TOEand the data it contains,is providedby the environment. OE.RESIDUAL_INFORMATION The SecurityAdministratorensuresthatthere is nounauthorized accesspossible for sensitive residual information (e.g., cryptographic keys, keying material, PINs, passwords etc.) on networking equipment when the equipment is discarded or removed fromits operational environment. For vNDs, this applies when the physicalplatformon which theVM runs is removedfromits operationalenvironment. OE.TRUSTED_ADMIN TOE Administratorsare trustedto followand apply allguidance documentationin a trusted manner. For vNDs, this includes the VS Administrator responsible for configuring the VMs that implement ND functionality. ForTOEs supportingX.509v3certificate-basedauthentication,the Security Administrator(s)are assumed tomonitor the revocationstatusofallcertificatesin the TOE's trust store and toremove anycertificatefromthe TOE's trust store in case such certificate canno longerbe trusted. OE.UPDATES The TOE firmware and software is updatedby an administratoron a regularbasis in response tothe release ofproduct updatesdue to knownvulnerabilities. OE.VM_CONFIGURATION (applies to vNDs only) ForvNDs,the Security Administratorensuresthat theVSand VMs are configuredto Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 12 of 40 • reduce the attacksurface ofVMs as much as possible while supportingNDfunctionality(e.g.,remove unnecessaryvirtualhardware,turn offunusedinter-VM communicationsmechanisms),and • correctly implement NDfunctionality(e.g.,ensure virtualnetworkingis properly configured tosupport networktraffic,management channels,andaudit reporting). The VS should be operated in a manner that reduces the likelihood that vND operations are adversely affected by virtualisationfeaturessuch ascloning,save/restore,suspend/resume,andlive migration. If possible,the VSshould be configuredto make use offeaturesthatleverage theVS's privileged position to provide additionalsecurityfunctionality.Suchfeaturescould includemalware detectionthroughVM introspection,measured VM boot,orVM snapshotforforensic analysis. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 13 of 40 4. Extended Components Definition All of the extended requirements in this ST have been drawn from the NDcPP22e. The NDcPP22e defines the following extended requirements and since they are not redefined in this ST the NDcPP22e should be consultedfor more information in regard to thoseCCextensions. Extended SFRs: • NDcPP22e:FAU_STG_EXT.1:Protected Audit Event Storage • NDcPP22e:FCS_NTP_EXT.1: NTPProtocol • NDcPP22e:FCS_RBG_EXT.1: RandomBit Generation • NDcPP22e:FCS_SSHS_EXT.1: SSH ServerProtocol • NDcPP22e:FCS_TLSC_EXT.1: TLS Client ProtocolWithoutMutualAuthentication • NDcPP22e:FIA_PMG_EXT.1:PasswordManagement • NDcPP22e:FIA_UAU_EXT.2:Password-based AuthenticationMechanism • NDcPP22e:FIA_UIA_EXT.1:UserIdentificationand Authentication • NDcPP22e:FIA_X509_EXT.1/Rev:X.509 Certificate Validation • NDcPP22e:FIA_X509_EXT.2: X.509 Certificate Authentication • NDcPP22e:FIA_X509_EXT.3: X.509 Certificate Requests • NDcPP22e:FPT_APW_EXT.1:Protection ofAdministratorPasswords • NDcPP22e:FPT_SKP_EXT.1:Protection ofTSFData (for reading ofall pre-shared,symmetric and private keys) • NDcPP22e:FPT_STM_EXT.1:Reliable Time Stamps • NDcPP22e:FPT_TST_EXT.1:TSFtesting • NDcPP22e:FPT_TUD_EXT.1:Trustedupdate • NDcPP22e:FTA_SSL_EXT.1:TSF-initiated SessionLocking Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 14 of 40 5. Security Requirements This section definesthe Security FunctionalRequirements(SFRs)and SecurityAssuranceRequirements(SARs)that serve to represent the securityfunctionalclaims forthe Target ofEvaluation(TOE)and to scopetheevaluationeffort. The SFRs have all been drawn from the NDcPP22e. The refinements and operations already performed in the NDcPP22e are not identified (e.g.,highlighted)here,ratherthe requirementshave been copied fromthe NDcPP22e and any residual operations have been completed herein. Of particular note, the NDcPP22e made a number of refinements and completedsome ofthe SFR operations defined in the Common Criteria (CC) and that PPshould be consultedto identify thosechangesifnecessary. The SARs are also drawn from the NDcPP22e. The NDcPP22e should be consulted for the assurance activity definitions. 5.1 TOE Security Functional Requirements The following table identifiesthe SFRs that are satisfied by Extreme Networks VSP Series Switches TOE. RequirementClass RequirementComponent FAU: Securityaudit NDcPP22e:FAU_GEN.1: Audit Data Generation NDcPP22e:FAU_GEN.2: Useridentity association NDcPP22e:FAU_STG_EXT.1:Protected Audit Event Storage FCS: Cryptographic support NDcPP22e:FCS_CKM.1: Cryptographic Key Generation NDcPP22e:FCS_CKM.2: Cryptographic Key Establishment NDcPP22e:FCS_CKM.4: Cryptographic Key Destruction NDcPP22e:FCS_COP.1/DataEncryption:Cryptographic Operation (AES Data Encryption/Decryption) NDcPP22e:FCS_COP.1/Hash:Cryptographic Operation(Hash Algorithm) NDcPP22e:FCS_COP.1/KeyedHash:Cryptographic Operation(Keyed Hash Algorithm) NDcPP22e:FCS_COP.1/SigGen: Cryptographic Operation(Signature Generation and Verification) NDcPP22e:FCS_NTP_EXT.1: NTPProtocol NDcPP22e:FCS_RBG_EXT.1: RandomBit Generation NDcPP22e:FCS_SSHS_EXT.1: SSH ServerProtocol NDcPP22e:FCS_TLSC_EXT.1: TLS Client ProtocolWithoutMutual Authentication FIA: Identification and authentication NDcPP22e:FIA_AFL.1:AuthenticationFailure Management NDcPP22e:FIA_PMG_EXT.1:PasswordManagement NDcPP22e:FIA_UAU.7:Protected AuthenticationFeedback NDcPP22e:FIA_UAU_EXT.2:Password-based Authentication Mechanism NDcPP22e:FIA_UIA_EXT.1:UserIdentificationand Authentication NDcPP22e:FIA_X509_EXT.1/Rev:X.509 Certificate Validation NDcPP22e:FIA_X509_EXT.2: X.509 Certificate Authentication NDcPP22e:FIA_X509_EXT.3: X.509 Certificate Requests FMT: Securitymanagement NDcPP22e:FMT_MOF.1/ManualUpdate:Managementofsecurity functionsbehaviour NDcPP22e:FMT_MTD.1/CoreData:ManagementofTSFData NDcPP22e:FMT_MTD.1/CryptoKeys:Management ofTSFData NDcPP22e:FMT_SMF.1:SpecificationofManagement Functions NDcPP22e:FMT_SMR.2:Restrictionson Security Roles Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 15 of 40 FPT: Protectionof the TSF NDcPP22e:FPT_APW_EXT.1:Protection ofAdministratorPasswords NDcPP22e:FPT_SKP_EXT.1:Protection ofTSFData (forreading of all pre-shared,symmetric and private keys) NDcPP22e:FPT_STM_EXT.1:Reliable Time Stamps NDcPP22e:FPT_TST_EXT.1:TSFtesting NDcPP22e:FPT_TUD_EXT.1:Trustedupdate FTA: TOE access NDcPP22e:FTA_SSL.3:TSF-initiated Termination NDcPP22e:FTA_SSL.4:User-initiated Termination NDcPP22e:FTA_SSL_EXT.1:TSF-initiated SessionLocking NDcPP22e:FTA_TAB.1:Default TOEAccessBanners FTP: Trustedpath/channels NDcPP22e:FTP_ITC.1: Inter-TSFtrustedchannel NDcPP22e:FTP_TRP.1/Admin:TrustedPath Table 5-1 TOE SecurityFunctional Components 5.1.1 Security audit (FAU) 5.1.1.1 Audit Data Generation (NDcPP22e:FAU_GEN.1) NDcPP22e:FAU_GEN.1.1 The TSFshallbe able to generate an audit recordofthe following auditable events: a) Start-up andshut-downofthe audit functions; b) All auditable eventsforthe not specified levelofaudit; and c) All administrative actionscomprising: - Administrativelogin andlogout(name ofuseraccountshallbe loggedifindividualuser accountsare required foradministrators). - Changesto TSFdata relatedto configurationchanges(in addition to the information that a change occurredit shallbe logged whathasbeen changed). - Generating/import of,changing,ordeletingofcryptographic keys (in addition tothe action itselfa unique key name orkey referenceshallbe logged). - Resetting passwords(name ofrelated useraccount shallbe logged). - [no otheractions]; d) Specifically defined auditable eventslistedin Table 5-2. Requirement Auditable Events Additional Content NDcPP22e:FAU_GEN.1 None None NDcPP22e:FAU_GEN.2 None None NDcPP22e:FAU_STG_EXT.1 None None NDcPP22e:FCS_CKM.1 None None NDcPP22e:FCS_CKM.2 None None NDcPP22e:FCS_CKM.4 None None NDcPP22e:FCS_COP.1/DataEncryption None None NDcPP22e:FCS_COP.1/Hash None None NDcPP22e:FCS_COP.1/KeyedHash None None NDcPP22e:FCS_COP.1/SigGen None None NDcPP22e:FCS_NTP_EXT.1 Configurationofa newtime serverRemovalofconfigured time server Identity ifnew/removedtime server NDcPP22e:FCS_RBG_EXT.1 None None NDcPP22e:FCS_SSHS_EXT.1 Failure to establishan SSH session. Reason forfailure. NDcPP22e:FCS_TLSC_EXT.1 Failure to establisha TLS Session. Reason forfailure. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 16 of 40 NDcPP22e:FIA_AFL.1 Unsuccessfullogin attemptlimit is met or exceeded. Origin ofthe attempt (e.g.,IP address). NDcPP22e:FIA_PMG_EXT.1 None None NDcPP22e:FIA_UAU.7 None None NDcPP22e:FIA_UAU_EXT.2 All use ofidentificationand authenticationmechanism. Origin ofthe attempt (e.g.,IP address). NDcPP22e:FIA_UIA_EXT.1 All use ofidentificationand authenticationmechanism. Origin ofthe attempt (e.g.,IP address). NDcPP22e:FIA_X509_EXT.1/Rev Unsuccessfulattemptto validate a certificate. Any addition, replacement orremovaloftrust anchorsin the TOE's truststore Reason forfailure ofcertificate validation Identification of certificates added,replacedor removed as trust anchorin the TOE's trust store NDcPP22e:FIA_X509_EXT.2 None None NDcPP22e:FIA_X509_EXT.3 None None NDcPP22e:FMT_MOF.1/ManualUpdate Any attemptto initiate a manual update. None NDcPP22e:FMT_MTD.1/CoreData None None NDcPP22e:FMT_MTD.1/CryptoKeys None None NDcPP22e:FMT_SMF.1 All management activitiesof TSF data. None NDcPP22e:FMT_SMR.2 None None NDcPP22e:FPT_APW_EXT.1 None None NDcPP22e:FPT_SKP_EXT.1 None None NDcPP22e:FPT_STM_EXT.1 Discontinuouschangesto time - eitherAdministratoractuated or changed via an automated process. (Note thatno continuouschangesto time need to be logged. See also application noteon FPT_STM_EXT.1) Fordiscontinuouschangesto time: The old and newvalues for the time. Origin of the attempt to change time for successand failure (e.g.,IP address). NDcPP22e:FPT_TST_EXT.1 None None NDcPP22e:FPT_TUD_EXT.1 Initiation ofupdate;result ofthe updateattempt (success or failure). None NDcPP22e:FTA_SSL.3 The termination ofa remote sessionby thesession locking mechanism. None NDcPP22e:FTA_SSL.4 The termination ofan interactive session. None NDcPP22e:FTA_SSL_EXT.1 (if 'lock the session'is selected) Any attemptsat unlockingofan interactive session. (if'terminate the session'is selected)The termination ofa localsession by the session lockingmechanism. None NDcPP22e:FTA_TAB.1 None None NDcPP22e:FTP_ITC.1 Initiation ofthe trustedchannel. Termination ofthe trusted channel. Failure ofthe trusted channelfunctions. Identificationofthe initiator and target offailed trusted channels establishment attempt. NDcPP22e:FTP_TRP.1/Admin Initiation ofthe trustedpath. Termination ofthe trustedpath. None Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 17 of 40 Failure ofthe trusted path functions. Table 5-2 Audit events NDcPP22e:FAU_GEN.1.2 The TSFshallrecord within each audit recordat leastthe following information: a) Date and time of the event,type ofevent,subjectidentity,andtheoutcome (successorfailure) of the event; and b) Foreach audit eventtype,based onthe auditable event definitionsofthe functionalcomponents included in the cPP/ST,informationspecified in column three ofTable 5-2. 5.1.1.2 User identity association (NDcPP22e:FAU_GEN.2) NDcPP22e:FAU_GEN.2.1 Foraudit eventsresulting fromactionsofidentified users,theTSFshallbe able to associate each auditable eventwith the identityofthe userthat causedtheevent. 5.1.1.3 ProtectedAudit Event Storage (NDcPP22e:FAU_STG_EXT.1) NDcPP22e:FAU_STG_EXT.1.1 The TSFshallbe able to transmit the generated audit data to an externalIT entity using a trusted channelaccordingto FTP_ITC.1. NDcPP22e:FAU_STG_EXT.1.2 The TSFshallbe able to store generated audit data onthe TOEitself. In addition, [The TOE shall consistofa single standalonecomponentthat storesaudit datalocally] NDcPP22e:FAU_STG_EXT.1.3 The TSFshall[drop new auditdata]whenthelocalstorage space foraudit data is full. 5.1.2 Cryptographic support (FCS) 5.1.2.1 Cryptographic Key Generation (NDcPP22e:FCS_CKM.1) NDcPP22e:FCS_CKM.1.1 The TSFshallgenerateasymmetric cryptographic keysin accordance with a specified cryptographic key generation algorithm:[ - RSA schemesusing cryptographickey sizes of2048-bit orgreaterthatmeet the following: FIPSPUB 186-4,'DigitalSignatureStandard (DSS)',AppendixB.3, - ECC schemesusing 'NIST curves'[P-256,P-384,P-521]that meetthe following:FIPSPUB 186-4,'DigitalSignatureStandard (DSS)',AppendixB.4, -FFC schemesusing cryptographic keysizes of2048-bit orgreaterthatmeet the following: FIPSPUB 186-4,'DigitalSignatureStandard (DSS)',AppendixB.1 - FFC Schemesusing ‘safe-prime’groupsthatmeet the following:NIST Special Publication 800-56A Revision3,RecommendationforPair-WiseKey Establishment SchemesUsing Discrete LogarithmCryptographyand [RFC3526]]. 5.1.2.2 Cryptographic Key Establishment (NDcPP22e:FCS_CKM.2) NDcPP22e:FCS_CKM.2.1 The TSFshallperformcryptographic key establishment in accordance with a specified cryptographic key establishment method:[ - RSA-basedkey establishment schemesthatmeet the following:RSAES-PKCS1-v1_5 as specifiedinSection7.2 ofRFC 3447,Public-Key Cryptography Standards(PKCS)#1:RSA Cryptography SpecificationsVersion2.1, Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 18 of 40 - Elliptic curve-based keyestablishmentschemesthat meetthe following:NIST Special Publication800-56A Revision3,'RecommendationforPair-Wise Key Establishment Schemes Using Discrete LogarithmCryptography' (TD0581 applied), - Finite field-basedkeyestablishmentschemesthat meetthe following:NIST Special Publication800-56A Revision2,'RecommendationforPair-Wise Key Establishment Schemes Using Discrete LogarithmCryptography' - FFC Schemesusing “safe-prime” groupsthat meet the following:NIST SpecialPublication 800-56A Revision3,RecommendationforPair-WiseKey Establishment SchemesUsing Discrete LogarithmCryptographyand [groupslistedinRFC 3526](TD0580 applied)]. 5.1.2.3 Cryptographic Key Destruction (NDcPP22e:FCS_CKM.4) NDcPP22e:FCS_CKM.4.1 The TSFshalldestroycryptographic keysin accordance with a specified cryptographic key destruction method • Forplaintext keys in volatile storage,the destructionshallbe executedby a [single overwrite consistingof[zeroes]]; • Forplaintext keys in non-volatile storage,the destructionshallbe executedby the invocationofan interfaceprovided bya part ofthe TSFthat [logically addressesthe storage locationofthe key and performsa [[2]-pass]overwrite consisting of [[one pass of a pseudo-randompatternusing the TSF'sRBGfollowedby one passofzeroes]]] that meets the following:No Standard. 5.1.2.4 Cryptographic Operation (AES Data Encryption/Decryption) (NDcPP22e:FCS_COP.1/DataEncryption) NDcPP22e:FCS_COP.1.1/DataEncryption The TSFshallperformencryption/decryption in accordance with a specified cryptographic algorithmAESused in [CBC,CTR,GCM]mode andcryptographic key sizes[128bits,256 bits] that meet the following:AESas specified in ISO 18033-3, [CBC asspecifiedinISO10116,CTR asspecifiedinISO10116,GCM asspecified inISO19772]. 5.1.2.5 Cryptographic Operation (Hash Algorithm) (NDcPP22e:FCS_COP.1/Hash) NDcPP22e:FCS_COP.1.1/Hash The TSFshallperformcryptographic hashingservicesin accordancewith a specified cryptographic algorithm[SHA-1,SHA-256,SHA-384,SHA-512]and messagedigestsizes [160, 256,384,512]bitsthat meet the following:ISO/IEC10118-3:2004. 5.1.2.6 Cryptographic Operation (Keyed HashAlgorithm) (NDcPP22e:FCS_COP.1/KeyedHash) NDcPP22e:FCS_COP.1.1/KeyedHash The TSFshallperformkeyed-hashmessage authentication in accordance with a specified cryptographic algorithm[HMAC-SHA-1,HMAC-SHA-256]and cryptographic key sizes [160 bits, 256 bits]and message digest sizes[160,256]bits that meet thefollowing:ISO/IEC 9797- 2:2011, Section 7'MACAlgorithm2'. 5.1.2.7 Cryptographic Operation (Signature GenerationandVerification) (NDcPP22e:FCS_COP.1/SigGen) NDcPP22e:FCS_COP.1.1/SigGen The TSFshallperformcryptographic signature services(generationandverification)in accordancewith a specified cryptographic algorithm[ - RSA DigitalSignature Algorithmand cryptographickey sizes(modulus)[2048 bits], that meet the following: Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 19 of 40 [- ForRSA schemes:FIPSPUB 186-4,'DigitalSignature Standard(DSS)',Section5.5, using PKCS#1 v2.1 Signature SchemesRSASSA-PSSand/orRSASSA-PKCS1v1_5; ISO/IEC 9796-2,Digitalsignature scheme2 orDigitalSignaturescheme 3, ]. 5.1.2.8 NTP Protocol (NDcPP22e:FCS_NTP_EXT.1) NDcPP22e:FCS_NTP_EXT.1.1 The TSFshalluse only thefollowing NTPversion(s)[NTP v4 (RFC 5905)]. NDcPP22e:FCS_NTP_EXT.1.2 The TSFshallupdateits systemtime using [Authenticationusing [SHA1]asthe message digest algorithm(s);]. NDcPP22e:FCS_NTP_EXT.1.3 The TSFshallnot updateNTPtimestamp frombroadcast and/ormulticast addresses. NDcPP22e:FCS_NTP_EXT.1.4 The TSFshallsupport configurationofat least three (3)NTPtime sourcesin the Operational Environment. 5.1.2.9 Random BitGeneration (NDcPP22e:FCS_RBG_EXT.1) NDcPP22e:FCS_RBG_EXT.1.1 The TSFshallperformall deterministic randombit generation servicesin accordancewith ISO/IEC 18031:2011 using [CTR_DRBG(AES)]. NDcPP22e:FCS_RBG_EXT.1.2 The deterministic RBGshallbe seeded byat leastone entropy source thataccumulatesentropy from[[one] software-basednoisesource]with a minimum of [256 bits]ofentropyat leastequal to the greatestsecurity strength,according to ISO/IEC18031:2011Table C.1 'Security Strength Table forHash Functions',ofthe keys andhashes thatit will generate. 5.1.2.10 SSHServer Protocol (NDcPP22e:FCS_SSHS_EXT.1) NDcPP22e:FCS_SSHS_EXT.1.1 The TSFshallimplement the SSHprotocolthat complies with:RFC(s)4251, 4252, 4253, 4254, [4256]. NDcPP22e:FCS_SSHS_EXT.1.2 The TSFshallensure that the SSHprotocolimplementationsupportsthefollowing user authenticationmethodsas describedin RFC 4252: public key-based,[password-based]. (TD0631 applied) NDcPP22e:FCS_SSHS_EXT.1.3 The TSFshallensure that,as describedin RFC 4253, packets greaterthan[32768]bytesin an SSH transport connection are dropped. NDcPP22e:FCS_SSHS_EXT.1.4 The TSFshallensure that the SSHtransport implementationusesthefollowing encryption algorithms and rejects allotherencryption algorithms:[aes128-ctr,aes256-ctr,aes128-cbc, aes256-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com]. NDcPP22e:FCS_SSHS_EXT.1.5 The TSFshallensure that the SSHpublic-key basedauthenticationimplementation uses[ssh-rsa, x509v3-ssh-rsa,x509v3-rsa2048-sha256]as its public key algorithm(s)andrejectsallother public key algorithms. NDcPP22e:FCS_SSHS_EXT.1.6 The TSFshallensure that the SSHtransport implementationuses[hmac-sha1,hmac-sha2-256, implicit]as its MACalgorithm(s)andrejectsallotherMACalgorithm(s). NDcPP22e:FCS_SSHS_EXT.1.7 The TSFshallensure that [diffie-hellman-group14-sha1]and [no othermethods]are the only allowed key exchange methodsused forthe SSHprotocol. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 20 of 40 NDcPP22e:FCS_SSHS_EXT.1.8 The TSFshallensure that within SSHconnections,the same sessionkeysare used fora threshold of no longerthan one hour,andeachencryptionkey is used toprotectno more thanone gigabyte of data. Afteranyofthe thresholdsare reached,a rekey needsto be performed. 5.1.2.11 TLS ClientProtocol WithoutMutual Authentication (NDcPP22e:FCS_TLSC_EXT.1) NDcPP22e:FCS_TLSC_EXT.1.1 The TSFshallimplement [TLS1.2 (RFC 5246)]and reject allotherTLSand SSLversions. The TLS implementation will support the followingciphersuites:[ TLS_DHE_RSA_WITH_AES_128_CBC_SHA asdefinedinRFC 3268, TLS_DHE_RSA_WITH_AES_256_CBC_SHA asdefinedinRFC 3268, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256asdefined inRFC 5246, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256asdefined inRFC 5246, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256asdefinedinRFC 5289, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384asdefinedinRFC 5289, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256asdefined inRFC5289, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384asdefined inRFC5289] and no otherciphersuites. NDcPP22e:FCS_TLSC_EXT.1.2 The TSFshallverify that the presentedidentifiermatches[the referenceidentifierperRFC6125 section6,IPv4 addressinCNor SAN]. NDcPP22e:FCS_TLSC_EXT.1.3 When establishing a trusted channel,by default the TSFshallnot establisha trusted channelif the servercertificate is invalid. The TSFshallalso [Not implement any administratoroverride mechanism]. NDcPP22e:FCS_TLSC_EXT.1.4 The TSFshall[present the Supported EllipticCurves/SupportedGroupsExtensionwiththe following curves/groups:[secp256r1,secp384r1,secp521r1]]in the Client Hello. 5.1.3 Identification and authentication (FIA) 5.1.3.1 AuthenticationFailure Management (NDcPP22e:FIA_AFL.1) NDcPP22e:FIA_AFL.1.1 The TSFshalldetect whenan Administratorconfigurable positiveintegerwithin [1 to255] unsuccessfulauthenticationattemptsoccurrelatedto Administratorsattemptingto authenticate remotely using a password. NDcPP22e:FIA_AFL.1.2 When thedefinednumberofunsuccessfulauthentication attemptshasbeen met,the TSFshall [prevent the offending Administratorfromsuccessfully establishinga remote sessionusing any authenticationmethodthat involvesa passworduntil[the account unlockaction]istakenby an Administrator;]. 5.1.3.2 PasswordManagement (NDcPP22e:FIA_PMG_EXT.1) NDcPP22e:FIA_PMG_EXT.1.1 The TSFshallprovide the followingpassword management capabilities foradministrative passwords: a) Passwordsshallbe able to be composedofany combinationofupperand lowercase letters, numbers,andthe following specialcharacters:['!','@','#','$','%','^','&','*','(',')']; b) Minimumpasswordlength shallbe configurable to between[8]and [32]characters. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 21 of 40 5.1.3.3 ProtectedAuthenticationFeedback (NDcPP22e:FIA_UAU.7) NDcPP22e:FIA_UAU.7.1 The TSFshallprovide only obscured feedbackto theadministrative userwhile the authentication is in progressat thelocalconsole. 5.1.3.4 Password-basedAuthenticationMechanism (NDcPP22e:FIA_UAU_EXT.2) NDcPP22e:FIA_UAU_EXT.2.1 The TSFshallprovide a local[password-based]authenticationmechanismto performlocal administrative userauthentication. 5.1.3.5 User Identification and Authentication (NDcPP22e:FIA_UIA_EXT.1) NDcPP22e:FIA_UIA_EXT.1.1 The TSFshallallow the following actions priorto requiring the non-TOEentityto initiate the identification andauthentication process: • Display the warningbannerin accordance with FTA_TAB.1; • [no otheractions]. NDcPP22e:FIA_UIA_EXT.1.2 The TSFshallrequire each administrative userto be successfully identified andauthenticated before allowing any otherTSF-mediated actionson behalfofthat administrative user. 5.1.3.6 X.509 Certificate Validation (NDcPP22e:FIA_X509_EXT.1/Rev) NDcPP22e:FIA_X509_EXT.1.1/Rev The TSFshallvalidate certificates in accordance with the followingrules: - RFC 5280 certificate validationandcertification pathvalidation supportinga minimum path lengthofthree certificates. - The certification path mustterminatewith a trusted CA certificatedesignated asa trust anchor. - The TSFshallvalidate a certification pathby ensuringthatallCA certificates in the certification pathcontain thebasicConstraintsextensionwith the CA flag set to TRUE. - The TSFshallvalidate the revocationstatus ofthecertificate using [the Online Certificate StatusProtocol (OCSP)asspecified inRFC 6960] - The TSFshallvalidate the extendedKeyUsagefield according to the following rules: o Certificates used fortrusted updatesandexecutable codeintegrity verification shall have the Code Signing purpose(id-kp 3with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsagefield. o Servercertificates presented forTLSshallhave the ServerAuthentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. o Client certificates presented forTLSshallhave the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the extendedKeyUsage field. o OCSP certificates presentedforOCSPresponsesshallhave the OCSPSigning purpose (id-kp 9with OID 1.3.6.1.5.5.7.3.9) in the extendedKeyUsage field. NDcPP22e:FIA_X509_EXT.1.2/Rev The TSFshallonly treat a certificate as a CA certificate ifthe basicConstraintsextensionis presentandthe CA flag is set to TRUE. 5.1.3.7 X.509 Certificate Authentication (NDcPP22e:FIA_X509_EXT.2) NDcPP22e:FIA_X509_EXT.2.1 The TSFshalluse X.509v3certificates as definedby RFC5280 to supportauthenticationfor [TLS, SSH] and [no additionaluses]. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 22 of 40 NDcPP22e:FIA_X509_EXT.2.2 When theTSFcannotestablisha connectionto determine thevalidity ofa certificate,theTSF shall[accept the certificateforTLS,not accept the certificateforSSH]. 5.1.3.8 X.509 Certificate Requests (NDcPP22e:FIA_X509_EXT.3) NDcPP22e:FIA_X509_EXT.3.1 The TSFshallgeneratea Certification Request asspecified byRFC2986 and be able to provide the following information in the request:public key and [CommonName,Organization, Organizational Unit,Country]. NDcPP22e:FIA_X509_EXT.3.2 The TSFshallvalidate the chain ofcertificatesfromthe Root CA upon receivingthe CA Certificate Response. 5.1.4 Security management (FMT) 5.1.4.1 Management of securityfunctions behaviour (NDcPP22e:FMT_MOF.1/ManualUpdate) NDcPP22e:FMT_MOF.1.1/ManualUpdate The TSFshallrestrict the ability to enable thefunctionsto performmanualupdatesto Security Administrators. 5.1.4.2 Management of TSF Data (NDcPP22e:FMT_MTD.1/CoreData) NDcPP22e:FMT_MTD.1.1/CoreData The TSFshallrestrict the ability to manage theTSFdata to Security Administrators. 5.1.4.3 Management of TSF Data (NDcPP22e:FMT_MTD.1/CryptoKeys) NDcPP22e:FMT_MTD.1.1/CryptoKeys The TSFshallrestrict the ability to manage thecryptographic keysto Security Administrators. 5.1.4.4 SpecificationofManagement Functions (NDcPP22e:FMT_SMF.1) NDcPP22e:FMT_SMF.1.1 The TSFshallbe capable ofperforming thefollowing managementfunctions: - Ability to administerthe TOElocally and remotely; - Ability to configurethe accessbanner; - Ability to configurethe sessioninactivitytime before sessiontermination orlocking; - Ability to update theTOE,and to verify the updatesusing [digital signature]capability priorto installing thoseupdates; - Ability to configurethe authentication failure parametersforFIA_AFL.1; - [Abilityto modify the behaviorofthe transmissionofaudit datato anexternal IT entity, - Ability to manage the cryptographic keys, - Ability to configure the cryptographic functionality, - Ability to re-enable anAdministratoraccount, - Ability to configure thresholdsforSSHrekeying, - Ability to set the timewhichis used for time-stamps, - Ability to configure NTP, - Ability to manage the TOE'struststore anddesignate X509.v3certificatesastrust anchors, - Ability to importX509v3certificatestothe TOE'strust store - Ability to manage the trusted public keysdatabase].(TD0631 applied) Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 23 of 40 5.1.4.5 RestrictionsonSecurityRoles (NDcPP22e:FMT_SMR.2) NDcPP22e:FMT_SMR.2.1 The TSFshallmaintain the roles:-Security Administrator. NDcPP22e:FMT_SMR.2.2 The TSFshallbe able to associate userswith roles. NDcPP22e:FMT_SMR.2.3 The TSFshallensure that the conditions • The Security Administratorrole shallbe able to administerthe TOElocally; • The Security Administratorrole shallbe able to administerthe TOEremotely are satisfied. 5.1.5 Protection of the TSF (FPT) 5.1.5.1 Protectionof Administrator Passwords (NDcPP22e:FPT_APW_EXT.1) NDcPP22e:FPT_APW_EXT.1.1 The TSFshallstore administrative passwordsin non-plaintext form. NDcPP22e:FPT_APW_EXT.1.2 The TSFshallprevent the reading ofplaintext administrative passwords. 5.1.5.2 Protection of TSF Data (for reading of all pre-shared, symmetric and private keys) (NDcPP22e:FPT_SKP_EXT.1) NDcPP22e:FPT_SKP_EXT.1.1 The TSFshallprevent readingofallpre-sharedkeys,symmetric keys,and privatekeys. 5.1.5.3 Reliable Time Stamps (NDcPP22e:FPT_STM_EXT.1) NDcPP22e:FPT_STM_EXT.1.1 The TSFshallbe able to provide reliable time stamps forits own use. NDcPP22e:FPT_STM_EXT.1.2 The TSFshall[allow the Security Administratorto set the time,synchronisetime withanNTP server]. (TD0632 applied) 5.1.5.4 TSF testing (NDcPP22e:FPT_TST_EXT.1) NDcPP22e:FPT_TST_EXT.1.1 The TSFshallrun a suite ofthe following self-tests [duringinitial start-up (onpoweron),at the conditions[asspecifiedby FIPSPUB 140-2 Section4.9.2]]to demonstratethe correct operation of the TSF:[ Power-on self-tests: Integritycheck ofthe cryptographic module Known Answer Tests (KAT) of cryptographic primitives Conditional self-tests: Key generationpairwise consistencytests Continuous random number generator testing]. 5.1.5.5 Trustedupdate (NDcPP22e:FPT_TUD_EXT.1) NDcPP22e:FPT_TUD_EXT.1.1 The TSFshallprovide SecurityAdministratorsthe ability to querythecurrently executingversion of the TOEfirmware/software and [the most recently installed versionofthe TOE firmware/software]. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 24 of 40 NDcPP22e:FPT_TUD_EXT.1.2 The TSFshallprovide SecurityAdministratorsthe ability to manually initiate updatesto TOE firmware/software and [no otherupdate mechanism]. NDcPP22e:FPT_TUD_EXT.1.3 The TSFshallprovide meansto authenticate firmware/software updatesto the TOEusinga [digital signature]priorto installing thoseupdates. 5.1.6 TOE access (FTA) 5.1.6.1 TSF-initiatedTermination (NDcPP22e:FTA_SSL.3) NDcPP22e:FTA_SSL.3.1 The TSFshallterminate a remote interactive sessionaftera SecurityAdministrator-configurable time intervalofsessioninactivity. 5.1.6.2 User-initiatedTermination (NDcPP22e:FTA_SSL.4) NDcPP22e:FTA_SSL.4.1 The TSFshallallow Administrator-initiatedterminationofthe Administrator'sown interactive session. 5.1.6.3 TSF-initiatedSessionLocking (NDcPP22e:FTA_SSL_EXT.1) NDcPP22e:FTA_SSL_EXT.1.1 The TSFshall,for localinteractive sessions,[terminate the session]aftera Security Administrator-specified time period ofinactivity. 5.1.6.4 Default TOE Access Banners (NDcPP22e:FTA_TAB.1) NDcPP22e:FTA_TAB.1.1 Before establishingan administrative usersession the TSFshalldisplay a SecurityAdministrator- specified advisorynotice andconsent warning message regardinguse ofthe TOE. 5.1.7 Trusted path/channels (FTP) 5.1.7.1 Inter-TSF trustedchannel (NDcPP22e:FTP_ITC.1) NDcPP22e:FTP_ITC.1.1 The TSFshallbe capable ofusing[TLS]to provide a trusted communicationchannelbetween itselfand authorized IT entitiessupportingthefollowing capabilities:audit server,[no other capabilities]thatis logically distinct fromothercommunication channels andprovidesassured identification ofits endpointsandprotectionofthe channeldata fromdisclosure anddetectionof modification ofthe channeldata. NDcPP22e:FTP_ITC.1.2 The TSFshallpermit the TSForthe authorized IT entities to initiatecommunicationvia the trustedchannel. NDcPP22e:FTP_ITC.1.3 The TSFshallinitiate communication via thetrusted channelfor[transmitting auditrecords to an audit server]. 5.1.7.2 TrustedPath (NDcPP22e:FTP_TRP.1/Admin) NDcPP22e:FTP_TRP.1.1/Admin The TSFshallbe capable ofusing[SSH]to provide a communication pathbetweenitselfand authorized remote Administratorsthat is logically distinct fromothercommunicationpaths and Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 25 of 40 providesassured identification ofits endpointsandprotection ofthe communicated datafrom disclosure andprovidesdetectionofmodification ofthe channeldata. NDcPP22e:FTP_TRP.1.2/Admin The TSFshallpermit remote Administratorsto initiatecommunicationvia the trustedpath. NDcPP22e:FTP_TRP.1.3/Admin The TSFshallrequire the use ofthe trusted pathforinitialAdministratorauthentication and all remote administrationactions. 5.2 TOE Security Assurance Requirements The SARs forthe TOE are the componentsas specified in Part 3 of the Common Criteria. Note that the SARs have effectively beenrefined with the assuranceactivities explicitly definedin associationwith both the SFRs andSARs. RequirementClass RequirementComponent ADV: Development ADV_FSP.1: Basic FunctionalSpecification AGD: Guidance documents AGD_OPE.1: OperationalUserGuidance AGD_PRE.1: Preparative Procedures ALC: Life-cycle support ALC_CMC.1: Labelling of the TOE ALC_CMS.1: TOE CM Coverage ATE: Tests ATE_IND.1: Independent Testing-Conformance AVA: Vulnerabilityassessment AVA_VAN.1:Vulnerability Survey Table 5-3 Assurance Components 5.2.1 Development (ADV) 5.2.1.1 Basic Functional Specification (ADV_FSP.1) ADV_FSP.1.1d The developershallprovide a functionalspecification. ADV_FSP.1.2d The developershallprovide a tracing fromthe functionalspecificationto theSFRs. ADV_FSP.1.1c The functionalspecificationshalldescribe thepurpose andmethod ofuse foreach SFR-enforcing and SFR-supportingTSFI. ADV_FSP.1.2c The TSFshallsupport mutualauthenticationofTLSclients usingX.509v3certificates. ADV_FSP.1.3c The functionalspecificationshallproviderationale forthe implicit categorizationofinterfaces as SFR-non-interfering. ADV_FSP.1.4c The tracing shalldemonstratethatthe SFRs traceto TSFIs in the functionalspecification. ADV_FSP.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. ADV_FSP.1.2e The evaluatorshalldetermine that thefunctionalspecificationis an accurateandcomplete instantiationofthe SFRs. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 26 of 40 5.2.2 Guidance documents (AGD) 5.2.2.1 Operational User Guidance (AGD_OPE.1) AGD_OPE.1.1d The developershallprovide operationaluserguidance. AGD_OPE.1.1c The operationaluserguidance shalldescribe,foreach userrole,the user-accessible functionsand privileges thatshould be controlledin a secure processing environment,includingappropriate warnings. AGD_OPE.1.2c The operationaluserguidance shalldescribe,foreach userrole,howto usethe available interfaces provided bythe TOEin a secure manner. AGD_OPE.1.3c The operationaluserguidance shalldescribe,foreach userrole,the available functionsand interfaces,in particularallsecurity parametersunderthe controlofthe user,indicating secure values as appropriate. AGD_OPE.1.4c The operationaluserguidance shall,foreach userrole,clearly present each typeofsecurity- relevant event relative to theuser-accessible functionsthat needto be performed,including changingthesecuritycharacteristicsofentitiesunderthecontrolofthe TSF. AGD_OPE.1.5c The operationaluserguidance shallidentify allpossible modesofoperationofthe TOE(including operationfollowing failure oroperationalerror),theirconsequences,and implicationsfor maintaining secure operation. AGD_OPE.1.6c The operationaluserguidance shall,foreach userrole,describe thesecuritymeasuresto be followed in orderto fulfill the securityobjectivesforthe operationalenvironment as described in the ST. AGD_OPE.1.7c The operationaluserguidance shallbe clearand reasonable. AGD_OPE.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. 5.2.2.2 Preparative Procedures (AGD_PRE.1) AGD_PRE.1.1d The developershallprovide theTOE,including its preparative procedures. AGD_PRE.1.1c The preparative proceduresshalldescribeallthe stepsnecessaryforsecure acceptance ofthe delivered TOEin accordancewith the developer'sdelivery procedures. AGD_PRE.1.2c The preparative proceduresshalldescribeallthe stepsnecessaryforsecure installation ofthe TOE and forthe secure preparationofthe operationalenvironment in accordance with the security objectivesforthe operationalenvironment asdescribedin the ST. AGD_PRE.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. AGD_PRE.1.2e The evaluatorshallapply thepreparative procedures toconfirmthat the TOEcan be prepared securely foroperation. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 27 of 40 5.2.3 Life-cycle support (ALC) 5.2.3.1 Labelling of the TOE (ALC_CMC.1) ALC_CMC.1.1d The developershallprovide theTOEand a reference forthe TOE. ALC_CMC.1.1c The TOE shallbe labelled with its unique reference. ALC_CMC.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. 5.2.3.2 TOE CMCoverage (ALC_CMS.1) ALC_CMS.1.1d The developershallprovide a configurationlist forthe TOE. ALC_CMS.1.1c The configurationlist shallinclude thefollowing:the TOEitself; and the evaluation evidence required by the SARs. ALC_CMS.1.2c The configurationlist shalluniquely identify theconfigurationitems. ALC_CMS.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. 5.2.4 Tests (ATE) 5.2.4.1 Independent Testing -Conformance (ATE_IND.1) ATE_IND.1.1d The developershallprovide theTOEfor testing. ATE_IND.1.1c The TOE shallbe suitable fortesting. ATE_IND.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. ATE_IND.1.2e The evaluatorshalltesta subsetofthe TSFto confirmthat the TSFoperatesas specified. 5.2.5 Vulnerability assessment (AVA) 5.2.5.1 VulnerabilitySurvey (AVA_VAN.1) AVA_VAN.1.1d The developershallprovide theTOEfor testing. AVA_VAN.1.1c The TOE shallbe suitable fortesting. AVA_VAN.1.1e The evaluatorshallconfirmthat the informationprovided meetsallrequirementsforcontentand presentationofevidence. AVA_VAN.1.2e The evaluatorshallperforma search ofpublic domain sourcesto identify potentialvulnerabilities in the TOE. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 28 of 40 AVA_VAN.1.3e The evaluatorshallconduct penetrationtesting,basedon the identified potentialvulnerabilities,to determine that theTOEis resistant to attacks performed by anattackerpossessing Basic attack potential. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 29 of 40 6. TOE Summary Specification This chapterdescribesthesecurity functions: • Security audit • Cryptographic support • Identificationand authentication • Security management • Protection oftheTSF • TOE access • Trustedpath/channels 6.1 Security audit The TOE is a single standalone switch that provides extensive auditing capabilities. The TOE generates a comprehensive set ofaudit logsthat identify specific TOEoperations. Foreach event,the TOErecordsthe date and time ofeach event,the typeofevent,thesubjectidentity,andtheoutcome oftheevent. Thetypesofeventsthat cause audit recordstobe generatedinclude identificationandauthentication relatedevents,andadministrative events. Each ofthe eventsis specified in the audit recordis in sufficient detailto identify the userforwhich the eventis associated (e.g.,useridentity,IPaddress),whenthe eventoccurred,the outcome ofthe event,andthetypeofeventthatoccurred. The audit functionality of the TOE cannot be separately shutdown and started, only severity level of logging for dispatching logscanbe adjusted. Startupand shutdownofauditingcoincideswith startingandstopping ofthe TOE. All audit eventsrecordedlocally on theapplianceand canalsobe duplicatedoversecure channelto an externalaudit server(i.e.,a syslogserver). The logs canbe viewedvia the CLI(local orremote). Based on the severity code of each audit record, the TOE can be configured to dispatch it to one or more of the following destinations: • Local log file • Remote syslogserver • Terminal display The TOE supportsremote audit logging using the syslogformat (RFC5424) with an externalserver. Audit messages are entered into the log andwhena connectionexists to anexternalsyslog serverthe auditsare also sentto the syslog server. Audit recordsassociatedwith administratoractivity include the identity ofthe administratorresponsible for the activity. In the evaluated configuration,the TOEis configured to export syslog recordsto a specified,externalsyslogserver. The TOEprotectscommunicationswith thisexternalsyslogserverusing anencryptedvia TLSoverTCP (RFC 5425) session. The TOE acts as a TLS client in the communication channel with an external syslog server. The TOE automatically ensures that the connection with the syslog server remains active. Once a syslog server has accepted the TLSconnection fromtheTOE,the TOEpushesnewaudit logstothe syslog serverovertheTLSprotectedchannel in real time. The audit recordsare transferred asthey are generated. If the connection with thesyslogserveris broken andtheTLSsession times out,theTOEwill reconnectautomatically aftera short waitingperiod. The TOEwill not attemptto retransmit the audit recordsgeneratedwhile the connection was broken afternormalconnectivityis resumed. However,the TOEcontinuesto save its internalaudit trailin non- volatile memory regardlessofthe state ofthe externalsyslog serverin localinternalaudit log files. The TOE is a standalone device that saves its local internal audit log files in non-volatile memory within log files, where it does not overwrite olderrecords. The TOE stops generating newaudit records when non-volatile memory becomes 75% full. Only Authorized Administratorsare able to clearthe locallogs using CLI commands. Whenan Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 30 of 40 Authorized Administrator clears local log files to make space available, the TOE automatically resumes auditing. When the TOEis not writing to local internalaudit log files it will still attempt to send audit records generatedto a connected syslog server. The TOE generatesthe followingtypesofaudit logs duringoperation: • Start-up ofthe TOEfromboth cold boot and reboot, • Shutdown ofthe TOE(when shut downfromthe CLI), • All administrativeactions(bothsecurityrelevantandnon-securityrelevant)fromthe localCLI,Remote CLI, and GUI, • TLS session establishmentand terminationwith the syslogserver, • Errors during TLSsession establishment (e.g.,algorithmmismatch), • Remote administrative SSHconnection establishment, • Remote administrative SSHconnection closure, • Errors during Remote administrative SSHconnection establishment, • Generation ofcertificate signingrequestsandassociatedkeys, • Import of certificates, • Deletion ofcertificates, • Successfulauthentication attempts(fromthe localCLI, and Remote CLI), • Unsuccessfulauthentication attempts(fromthe localCLI, and Remote CLI), • Administration sessiontimeout(fromthe localCLI, and Remote CLI). • Unsuccessfulcertificate validation, • Unsuccessfulcertificate revocation statuscheck, • All attempts toupdate theTOEsoftware, • Discontinuouschangesto time. The TOE ensuresthat eachauditable event is associatedwith the userthattriggeredthe event. Forexample,a human user, user identity or related session ID would be included in the audit record. For an IT entity or device, the IPv4 address,MACaddress,host name,orotherconfiguredidentification is includedin the audit record. The log records followa standardformat. Allsystemmessagesincludethe followinginformation: • CPU slot number– the CPslot • Timestamp – the format is MM/DD/YYhh:mm:ss.uuu,where uuu is milliseconds. • Hostname – the hostname fromwhich the message is generated • Event code – identifies theevent reported • Module name – identifiesthe software module fromwhich the log is generated • Severity level– identifies the severityofthe event • Sequence number– identifiesspecific CLI command • Context – specifies the type ofthe session used to connect to the switch. If the session is a remote session, the remote IPaddressis identified. • Username – where applicable,identifies userloggedinto the switch. • CLI command – specifies thecommand typed duringthe CLIsession. AllCLI commands are logged. The Security audit functionsatisfies the following securityfunctionalrequirements: • NDcPP22e:FAU_GEN.1: The TOE can generate allthe required auditable eventsas specified in Table 5-2. Within each audit event is date/time, event type, outcome of the event, responsible subject/user, as well as the additional event-specific content indicated in Table 5-2. For cryptographic keys, the act of importing, Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 31 of 40 exporting ordeletinga key is audited,thekey is identified byname andtheassociated administratoraccount is identified. • NDcPP22e:FAU_GEN.2: The TOE identifies the responsible user for each event based on the specific administratorornetworkentity(identified by IPaddress)that caused theevent. • NDcPP22e:FAU_STG_EXT.1: The TOE can be configured to export audit records to an external syslog server. This communicationis protected with the useofTLS. Authorized administratorsin EXEC mode are allowed access to view audit records on the TOE. Since EXEC mode is available to all authorized administrators alladministratorscanviewaudit records. 6.2 Cryptographic support The Target ofEvaluation (TOE) is the Extreme Networks Virtual Services Platform(VSP) Switches running VOSS 8.3.100. The TOE is software that run within the models shown in Table 1-1 Extreme networking appliances - hardware. The TOE includes the Mocana Cryptographic Library v6.5.2f (Software) on the processors shown in Table 1-1. The TOE exclusively relies on Mocana Cryptographic Library v6.5.2f as a providerofall cryptographic functionality. This cryptographic library performs allcryptographic operations in a 32-bit mode and doesnot utilize Processor AlgorithmAccelerators (PAA). The Mocana Cryptographic Library has the Mocana GCM 64K feature enabled (thisis testedby CAVPCert A663). Functions Requirement Cert # Encryption/Decryption AES CBC (128 and 256 bits) NDcPP22e:FCS_COP.1/DataEncryption FIPS Pub 197 ISO 10116 A661 AES CTR (128 and 256 bits) NDcPP22e:FCS_COP.1/DataEncryption FIPS Pub 197 ISO 10116 A661 AES GCM (128 and 256 bits) NDcPP22e:FCS_COP.1/DataEncryption NIST SP 800-38A ISO 19772 A663 Cryptographic hashing SHA-1, SHA-256, SHA-384, SHA-512 (digest sizes 160, 256, 384,512) NDcPP22e:FCS_COP.1/Hash FIPS Pub 180-4 ISO/IEC 10118-3:2004 A661 Keyed-hash message authentication HMAC-SHA-1, HMAC-SHA-256 (digest sizes 160, and 256) NDcPP22e:FCS_COP.1/KeyedHash FIPS Pub 198-1 FIPS Pub 180-4 ISO/IEC 9797-2:2011 A661 Cryptographic signature services RSA Digital Signature Algorithm (rDSA) (modulus 2048) NDcPP22e:FCS_COP.1/SigGen FIPS Pub 186-4 ISO/IEC 9796-2 A661 Random bit generation CTR_DRBG with SW based noise sources with a minimum of256 bits ofnon-determinism NDcPP22e:FCS_RBG_EXT.1 FIPS SP 800-90A ISO/IEC 18031:2011 A661 Key Generation RSA Key Generation (2048 bit) NDcPP22e:FCS_CKM.1 FIPS Pub 186-4 A661 ECDSA Key Generation with Curves P-256, P-384 and P- 521 FIPS Pub 186-4 A661 FFC Scheme DSA (2048-bit) FIPS Pub 186-4 A661 Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 32 of 40 FFC Scheme using Diffie-Hellman Group 14 Per Policy 5: No NIST CAVP, CCTL must perform all assurance/evaluation activities Key Establishment RSA Key Establishment (2048-bit) NDcPP22e:FCS_CKM.2 RSAES-PKCS1-v1_5 Vendor Affirmed ECC Key Establishment with Curves P-256, P-384 and P- 521 NIST SP 800-56ARev 3 A2791 FFC Key Establishment (2048-bit) NIST SP 800-56ARev 3 A2791 FFC Schemes using safe-prime groups Diffie-Hellman Group 14 NIST SP 800-56ARev 3 Verification by known good impl. Table 6-1 VOSS 8.3.100Platforms Cryptography The TSFsupportsRSA key generationscheme usingcryptographic key size of2048-bit that meet the FIPSPUB 186- 4, “DigitalSignature Standard (DSS)”,AppendixB.3; standard. The RSA algorithmimplementation is providedby the included Mocana cryptographic library. The TSFalso supportsECDSA (appendixB.4) and FFC key generation (appendixB.1). RSA key pairs can be generated during the creation of a Certificate Signing Request (CSR). The TOE follows NIST SP 800-56A Rev 3 ‘Recommendation forPair-Wise Key EstablishmentSchemesUsingDiscrete LogarithmCryptography’key agreement scheme. The TOE acts as a senderofsecret keying materialfor RSA key establishment. The following table outlineskey establishmentschemesusedin the TOE: Scheme SFRs Service ECC key establishment FCS_TLSC_EXT.1 Remote syslogServer Remote Administration RSA key establishment FCS_SSHS_EXT.1 Remote Administration FFC key establishment FCS_TLSC_EXT.1 Remote syslogServer FFC Safe-primes key establishment FCS_SSHS_EXT.1(DH 14) Remote Administration Table 6-2 VOSS KeyEstablishmentSchemes TOE actively performsa destructionofkeysandCriticalSecurity Parameters(CSPs)whennolongerrequiredforuse. The switchesstoreseveraltypes ofkeys in volatile memory (RAM)in plaintext. The switchesdo notstore anykeys in plaintext formwithin user-accessible,non-volatile storage. The TOE supports short and long termstorage ofthe following secret keys,private keysandCSPs: Key or CSP Clearedupon Storedin Clearedby SSH host private key Command Flash Overwriting with randomdata followed by zeros SSH host public key Command Flash Overwriting with randomdata followed by zeros SSH sessionEncryptionkey End of session RAM Overwriting once with zeros SSH SessionIntegrity Key End of session RAM Overwriting once with zeros TLS host private key Command Flash Overwriting with randomdata followed by zeros TLS host digitalcertificate Command Flash Overwriting with randomdata followed by zeros TLS pre-mastersecret Handshake done RAM Overwriting once with zeros TLS session Encryptionkey Close ofsession RAM Overwriting once with zeros TLS session Integrity key Close ofsession RAM Overwriting once with zeros AccountPasswords Command Flash Overwriting with randomdata followed by zeros Table 6-3 Cryptographic Keys and CSPs Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 33 of 40 Each plaintext key stored in volatile memory is associated with a protocolsession. In eachinstance,afterthe session closes, the key is overwritten with the value “00” After the overwrite operation is complete, the TOE performs a specific "read-verify"operationto confirmthat the storagespace no longercontains the key. When a key is deleted fromFLASH,the previousvalue is overwrittenwith randomdata fromthe TSFRBG followed by a one passofzeros. The TOE uses SSH for to facilitate secure remote administrative sessions (CLI). The TOE's SSH implementation supportsthe following: • Use of 2048-bit RSA keys in support ofssh-rsa,x509v3-ssh-rsa orx509v3-rsa2048-sha256for public key- based authentication; - For x509v3-ssh-rsa or x509v3-rsa2048-sha256 for public key-based authentication the identity of the usermust be specified in the certificate’sSubjectAltName:PrincipalName field; - For ssh-rsa public key authentication,the usermust pre-loadtheirpublic key into the TOE, before attempting tousetheirprivate key duringan SSHauthentication; • Dropping SSHpacketsgreaterthan 32768bytes. This is accomplishedby buffering alldata fora particular SSH packet transmissionuntilthe bufferlimit is reached and thendroppingthe packet; • Strict compliance with RFCs 4251, 4252, 4253, 4254, and 4256 • No optionsincluded in the RFCs have been implemented; • Encryption algorithms aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, aes128-gcm@openssh.com, and aes256-gcm@openssh.comto ensure confidentiality ofthe session; • Passwordbased authentication; • Hashing algorithmhmac-sha1 and hmac-sha2-256 to ensure the integrity of the session (integrity is also provided implicitly by GCM when usingaes128-gcm@openssh.comand aes256-gcm@openssh.com); • Host public key algorithmsuse a 2048-bit RSA hostkey forssh-rsa,or2048-bit RSA certificatesforx509v3- ssh-rsa andx509v3-rsa2048-sha256authentication; • TOE initiates a rekey before 1hourorbefore 1GB whichevercomes first. • Enforcement ofdiffie-hellman-group14-sha1as the only allowed key exchangemethod. The TOE exclusively supportsTLSv1.2 secure communication protocolthat complies with RFC 5246 when acting as a TLS client. The TOE is a TLS client during communication with Remote syslogServers. The following ciphersuitesare supportedforcommunicationswith syslog servers: • TLS_DHE_RSA_WITH_AES_128_CBC_SHA • TLS_DHE_RSA_WITH_AES_256_CBC_SHA • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 • TLS_ ECDHE_RSA_WITH_AES_256_CBC_SHA384 The TOEsupportsX509v3certificatesfollowingformatdefinedbyRFC5280during TLSnegotiations. Thereference identifierconfiguredon theTOEmust be eithera hostname/FQDNoran IPv4address. Aspart ofnegotiatinga TLS connection, the TOE will verify that peer certificate Subject Alternative Name (SAN) or Common Name (CN) contains expected identifier. The CN field in a certificate is checked only if a SAN Extension is absent fromthe certificate. The TOE only establishes connection if the peer certificate is valid, is trusted, has a matching reference identifierand has passedthe revocation check. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 34 of 40 The following identifiers are supported in CN: IPv4 address ora hostname. The following identifiers are supported in SAN: FQDN, IPv4 address. Wildcards are supported in the CN with a hostname or in the SAN with a FQDN identifier. The specific identifier is configured as part of the external syslog configuration using the “syslog host” command. The “server -cert-name ” is used to configure the reference identifier. The connection is only accepted when the serverfromthe configured IPaddress authenticates with a valid certificate containing matching identifier. The TOE does notsupport certificate pinning. When the presented identifierin the CN is an IPv4 address,the TOEconvertsthe string toa binary representationof an IPv4 address in network byte order. If there is not an exact binary match, then the verification fails. The TOE expects IPv4 identifier to follow RFC 3986 format, if any unexpected special characters or extra numbers are encountered,the verificationfails. The Cryptographic support functionsatisfiesthe following security functionalrequirements: • NDcPP22e:FCS_CKM.1: The TOE supportsasymmetric key generation usingRSA,ECDSA and FFC key establishment as part ofTLSand SSH as described in the sectionabove. The TOE acts as a client for TLS (ECDSA, FFC) and a serverforSSH(RSA,FFC (DH-14 key generation)). The TOEsupportsDHgroup 14 key establishment scheme that meetsstandardRFC3526, section 3forinteroperability. • NDcPP22e:FCS_CKM.2: FCS_CKM.2: See FCS_CKM.1. • NDcPP22e:FCS_CKM.4: All data is cleared as identified above. • NDcPP22e:FCS_COP.1/DataEncryption: The TOE provides symmetric encryption and decryption capabilities using AES in CBC mode (128 and 256 bit key sizes), AES in CTR mode (128 and 256 bit key sizes)as well as using AESin GCM mode (128 and 256 bit key sizes). AES is implemented in support of TLS and SSH protocols. • NDcPP22e:FCS_COP.1/Hash: The TOEsupportshashing usingSHA-1,SHA-256,SHA384 and SHA-512 conforming to FIPS 180-4, Secure Hash Standard (SHS). SHS hashing is used within several services including,NTPhashingand SSH. SHA-256 is used in conjunction with RSA signaturesforverification of software image integrity. The TOEalso usesSHA-1,SHA-256,SHA-384 and SHA-512 hashingas partof RSA signaturegenerationandverificationservices. • NDcPP22e:FCS_COP.1/KeyedHash: The TOE supports keyed hash HMAC-SHA1 and HMAC-SHA256, conforming to ISO/IEC 9797-2:2011. Supported cryptographic key sizes:160, 256 bits and message digest sizes:160, 256 bits. • NDcPP22e:FCS_COP.1/SigGen: The TOE supports generation and verification of RSA Digital Signature Algorithmwith modulus of2048for cryptographic signature services. • NDcPP22e:FCS_NTP_EXT.1: The TOE implements NTPv4protocolto synchronize with an externaltime servers. The TOE authenticates updates using an administrator-configured SHA1 -based message authentication. The TOE does not synchronize based on broadcast and multicast time updates. The TOE supports configuration ofmultiple simultaneous time serversand follows RFC5905 algorithmto prioritize them. • NDcPP22e:FCS_RBG_EXT.1: The TOE implements a NIST-approved AES-CTR Deterministic Random Bit Generator (DRBG), in accordance with ISO/IEC 18031:2011. The TOE implements a random bit generatorin support ofvariouscryptographic operations,including,RSA key establishment schemes,Diff- Hellman key establishment schemes, TLS session establishment, SSH session establishment. The entropy source usedto seed the Deterministic RandomBit Generatoris a randomset ofbitsorbytesthatare regularly supplied to the DRBGby polling software sourcesin threads. All randomnumbergeneration functionality is continuously health tested as per the tests defined in section 11.3 of SP 900-90A. Any initialization or systemerrors during bring-up or processing of this systemcauses a reboot resulting in the DRBG being reseeded. • NDcPP22e:FCS_SSHS_EXT.1: The TOE supports SSHv2as described above forCLI management. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 35 of 40 • NDcPP22e:FCS_TLSC_EXT.1: The TOEsupportsTLSv1.2with the ciphersuiteslisted above foritssyslog connections. TheTOEofferssecp256r1,secp384r1,secp521r1as supportedgroupsforECDHEciphersuites when acting asa TLSclient. 6.3 Identification and authentication The administratorcan configure the maximum numberof failed attempts using the CLI interface. The configurable range is between 1 and 255 attempts. When a user account has exceeded maximum number of unsuccessful authenticationattemptsit will be locked. The hostthatthe userwas connectingfrom,is also locked out,butthathost is automatically unlocked base on a timer. The user account remains locked out till the admin unlocks the user’s account using a CLI command. The account lockoutfeature is not enforced on logins occurring at the localconsole for the “Privilege” account. This account is allowed to login only at theconsole,and canunlockotheraccounts,thus ensuringthat a systemcannot getinto a situation whereno administratoraccessis available. The TOE requires allusers to be successfully identified and authenticated before allowing any TSFmediated actions to be performed. Administrativeaccessto the TOEis facilitated through one ofseveralinterfaces, • Directly connectingto theTOE • Remotely connecting via SSHv2 Regardless of the interface at which the administrator interacts, the TOE will enforce username and authentication credentialsto be presented. Authenticationcredentialsmay be a passwordorpublic-keyat eitherthelocalconsole or via an SSHv2protectedsession. The TOEalsoacceptsanX.509v3certificate asa valid authenticationcredentialover an SSHv2 protected session. Only after the administrative user presents the correct authentication credentials will accessto the TOEadministrative functionalitybe granted. No accessis allowedto theadministrative functionality of the TOE untilan administratoris successfully identified andauthenticated. The TOE providesa localpassword-based authentication mechanism. The processforauthenticationis the same for administrative access whether administration is occurring via direct connection or remotely. At initial login, the administrative useris prompted to provide a username. Aftertheuserprovidesthe username,the useris promptedto provide the administrative passwordassociatedwith theuseraccount. TheTOEtheneithergrant administrative access (if the combinationofusername andpassword is correct)orindicate that the login wasunsuccessful. The TOEdoes not providea reason forfailure in the casesofa login failure. The TOE supports the local definition of users with corresponding passwords. The passwords can be composed of any combination ofupperandlowercaseletters,numbers,andspecialcharacters(thatinclude:'!','@','#','$','%','^', '&','*','(',and ')'. The minimum password length is configurable by theAuthorized Administrator. Whenthe TOE is in the evaluatedconfiguration,the minimumpassword lengthconfigured by an administratorto a value between8 and 32 characters (default is 15). Administratorsconfigure a certificate foreach service (i.e.,syslog,sshx509v3 authentication)and those certificates are used bythe TOEservice forauthentication. Theadministratoris expectedto configure the operatingenvironment such that devices in the operating environment and the TOEuse accurate time (to support validity checkand OCSP response validity periods). The administrator must also ensure that the certificates loaded into the TOE as trusted roots are those that are also acceptedby networkpeers. The TOE performs X.509v3 certificate validationaccordingto RFC5280 for the following purposes: • As a TLSclient the TOEvalidatesthe certificatepresentedduringthe TLSnegotiation withthesyslogserver. • As an SSH server, the TOE validates the certificate presented by an administrative user during the establishment ofan SSHprotectedsessionoffering the admin CLI. • When certificatesare loaded intothe TOE,the imported certificatesare validated. In all of the above scenarios,X.509certificates validationprocessincludes: • Certificate expiry date check • Certificate path (continuityofthe certificate chain)validationup tothe trustedCA Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 36 of 40 • Certificate revocation check • Public key,key algorithm,and parameters check • Checkof certificate issuer • Processcertificateextensions The TOE requires the certificate presented by the syslog serverto include the ServerAuth EKU,and CA certificates to include the BasicConstraintsflag as true. Certificates presented by an administratorto the TOESSH servermust include the useridentity (i.e.,username@domain.com)as a PrincipalName in the SubjectAltName extension. In a TLS exchange,revocationcheckingis completedbefore any encryptedapplicationdata is transferred. In an SSH authentication, revocation checking is completed before the SSH session is fully established and before the CLI is offered. The only exception being when the revocation servercannot be contacted,the revocationcheckis skipped and the validity ofthe certificate is basedon allotherchecks. The TOE generateskeysand createsCertificate SigningRequests(CSR) with the following fields: • Common Name • Organization • OrganizationalUnit • Country The TOE does notsupport “device specific information” within theCertificate RequestMessage. The Identificationandauthenticationfunctionsatisfiesthe followingsecurityfunctionalrequirements: • NDcPP22e:FIA_AFL.1: The administrator can set a maximum remote login failure number. If that is exceeded, the account is locked until the account is manually unlocked by an administrator using a CLI command. • NDcPP22e:FIA_PMG_EXT.1: The TOE implements a rich set of password composition constraints as describedabove. • NDcPP22e:FIA_UAU.7:Fora localadministrative session,passwordcharacterentriesare not echoedto the screen. Fora remote administrative session,credentials are protected bya secure channel. • NDcPP22e:FIA_UAU_EXT.2: The TOE uses local password-based authentication, SSH public key, and SSH X.509 certificates to login authorized administrativeusersremotely and locally. • NDcPP22e:FIA_UIA_EXT.1:The TOEdoes not offeranyservicesoraccessto its functions,except forthe displayinga messageofthe daybanner,without requiring a userto be identified and authenticated. • NDcPP22e:FIA_X509_EXT.1/Rev:OCSP is supported forX509v3certificate validationforTLS and SSH. Certificates are validated aspart oftheauthenticationprocesswhentheyare presented tothe TOEand when they are loadedinto theTOE. • NDcPP22e:FIA_X509_EXT.2: Certificates are checked and if found not valid are not accepted. Whenthe TOE determines a certificateto be valid andthe necessaryOCSPservercannot be contactedfora revocation check, then that certificate is not accepted as part of an SSH session negotiation, but the certificates are accepted as part of a TLS session negotiation. This is true for TLS connections to a syslog server and administratorloginsusing x509v3certificates via SSH. • NDcPP22e:FIA_X509_EXT.3:The TOE generatescertificaterequestsandvalidatestheCA usedto signthe certificates. In order to verify the revocation status of the presented certificates Online Certificate Status Protocol (OCSP) is used. If the connection to determine the certificate validity cannot be established, the TOE accepts the certificate. Upon import the TOE verifies that the certificate being imported chains to a Trustedroot CA. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 37 of 40 6.4 Security management The TOE is securely managed via the CLI which is available through a local console or over an SSHv2 protected session. The CLIoffers command line functions whichallowadministratorsto configure the TOE. These command line functions can be used to effectively manage every security policy (supporting all requirements), as well as the non-security relevant aspectsofthe TOE. The specific management capabilities definedin this ST include: • Ability to administerthe TOElocally and remotely; • Ability to configurethe accessbanner; • Ability to configurethe sessioninactivitytime before sessiontermination orlocking; • Ability to update theTOE,and to verify the updatesusing digitalsignature priorto installing those updates; • Ability to configurethe authentication failure parametersforFIA_AFL.1; • [Ability to modify the behaviorofthe transmissionofaudit data to an externalIT entity, • Ability to manage the cryptographic keys, • Ability to configurethe cryptographic functionality, • Ability to re-enable an Administratoraccount, • Ability to configurethresholdsforSSHrekeying • Ability to set the time which is usedfortime-stamps, • Ability to configureNTP, • Ability to manage the TOE's trust store anddesignate X509.v3certificatesas trust anchors, • Ability to import X509v3 certificates to theTOE's truststore,and • Ability to manage the trustedpublic keysdatabase. Managementfunctionsare exclusively restricted toSecurityAdministratorswith correspondingprivileges. The term “Security Administrator” usedin the ST refers to any userthathasa role that hasbeenassignedany ofthe privileges allowing to performany of the management functions. Not every administrator would necessarily have sufficient privileges to accesseachadministrative function. The TOE supports multiple administrative roles when accessing the administrative interface through the local or remote CLI. These roles define the access that is allowed per role. The following list identifies the configuration capabilities assignedto eachrole. • UserEXEC Mode:Initialmode of access. • Privileged EXEC Mode:Usermode and passwordcombination determinesaccesslevel. • Global ConfigurationMode:Use this mode to make changesto therunningconfiguration. • Interface ConfigurationMode:Use this mode to modify orconfigure logicalinterface,VLAN ora physical interface. • RouterConfigurationMode:Use this mode to modify a protocol. • ApplicationConfigurationMode:Use this mode to accessthe applications. The following table lists the keys the Security Administrator is able to manage and includes the operations that are available to the Security Administrator that can be performed on those keys. These operations are available to the Security Administratorthroughcommandson theCLI. Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 38 of 40 Key Administrator CLI Operations SSH host private key Generate, Delete SSH host public key Generate, Delete CA certificate Import, Delete TOE private key Generate, Delete TOE digital certificate Generate, Delete Table 6-4 Administrator Manageable SecurityKeys The Security managementfunctionsatisfies the following securityfunctionalrequirements: • NDcPP22e:FMT_MOF.1/ManualUpdate: The TOE does not provide automatic updates to the software version running on the TOE. The Security Administrators can query the software version running on the TOE and can manually initiate updates. The software update consists of installing the new image into primary partition andrebootingthe device. • NDcPP22e:FMT_MTD.1/CoreData: Only after the administrative user presents the correct authentication credentials will access to the TOE administrative functionality be granted. No access is allowed to the administrative functionality of the TOE until an administrator is successfully identified and authenticated. Security management is restricted to administrators. The trust store is accessed when administrators import/remove certificates as described in the Admin Guide. The trust store is protected by default and is restricted such that only administrators haveaccess. • NDcPP22e:FMT_MTD.1/CryptoKeys: Only administratorscan performmanagement operationsincluding the command to generate and delete cryptographic keys. Administrators can also import and delete CA certificates and their keys into the trust store. All of these administrative actions on keys are described by the Admin Guide. • NDcPP22e:FMT_SMF.1: The TOE provides administrative interfaces to performthe functions identified above. • NDcPP22e:FMT_SMR.2:The TOEsupportsmultiple administrative roleswhenaccessingthe administrative interface through the localorremote CLI. These roles define the access that is allowed perrole. All roles are considered authorized administrators. 6.5 Protection of the TSF The TOE is designed with a set of self-protection mechanisms. All passwords, and keys stored on the TOE are protected fromunauthorized modification and disclosure. The TOE storessymmetric keys only in volatile memory never on persistent media. The TOE admin interface does not provide any mechanismto view or directly modify passwords, symmetric keys, or private keys. Only authorized administrators with sufficient privileges can perform operationson such sensitive data usingCLIcommands. The TOE encrypts and stores all private keys in a secure directory that is not readily accessible to administrators; therefore,thereis no administrativeinterface accessprovided todirectly manipulatethe keys. The TOE runs a suite ofself-tests during initialstart-up to verify its correct operation. If any ofthe tests failone of the following will happen: the TOE will enter into an error state until an Administrator intervenes or the TOE will automatically reboot and re-run all the tests. During initialization and self-test execution, the module inhibits all access to the cryptographic algorithms. Additionally, the power-on self-tests are performed after the cryptographic systems are initialized but prior to the underlying OS initialization of external interfaces; this prevents the security appliances from passing any data before completing self-tests. In the event of a power-on self-test failure, the cryptographic module will force the platform to reload and reinitialize the operating systemand cryptographic components. This operation ensures no cryptographic algorithms can be accessed unless all power on self-tests are Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 39 of 40 successful. By ensuringthat cryptographic operationsare accurate and that the TOEsoftware image is unmodified, these self-testsare sufficient to demonstrate the TSFoperatesas correctly. These testsinclude: • AES Known Answer Test - For the encrypt test, a known key is used to encrypt a known plain text value resulting in an encryptedvalue. Thisencrypted value is comparedto a knownencryptedvalueto ensurethat the encryptoperation is working correctly. The decrypt test is just the opposite. In this test a known key is used to decrypt a known encrypted value. The resulting plaintext value is compared to a known plaintext value to ensure that the decrypt operationis working correctly. • HMACKnown AnswerTest -For each ofthe hash values listed,the HMACimplementation is fed known plaintext data and a known key. These values are used to generate a MAC. This MAC is compared to a known MACto verify thatthe HMACand hash operationsare operating correctly. • PRNG/DRBG Known Answer Test - For this test, known seed values are provided to the DRBG implementation. The DRBGuses these valuesto generate randombits. These randombits are comparedto known randombits toensure thatthe DRBGis operatingcorrectly. • SHA Known Answer Test – For each of the values listed, the SHA implementation is fed known data and key. These valuesare usedtogenerate a hash. Thishashis compared toa known value toverify they match and the hash operationsare operating correctly. • RSA Signature Known Answer Test (both signature/verification) - This test takes a known plaintext value and Private/Public key pairand used the public key to encrypt the data. This value is comparedto a known encrypted value to verify that encrypt operation is working properly. The encrypteddata is then decrypted using the private key. This value is comparedto the originalplaintext value to ensure the decrypt operation is working properly. • Software Integrity Test -This test is run automatically wheneverthe systemimages is loaded and confirms throughuse ofdigitalsignature verificationthat the image file that’saboutto be loadedwas properly signed and maintained its integrity since being signed. The systemimage is digitally signed prior to being made available fordownloadfromExtreme. The Authorized Administratorcanquery the software versionrunningonthe TOE,andcaninitiateupdatestosoftware images. When software updates are made available, an administrator can obtain, verify the integrity of via digital signature,andinstallthoseupdates. Theupdatescanbe downloadedfromhttps://support.extremenetworks.com. The TOE image files are digitally signed sotheirintegrity canbe verified duringthe boot process,and an image thatfails an integrity check will not be loaded. The public keys used by the update verification mechanismare contained on the TOE. The TOE compares the update files’signature usinga certificate that comespre-loadedon the device and is stored in thetruststore. Aspart ofthe build process,the updateimage is signedwith theExtreme private key. This is done using an RSA 2048/SHA-256 digital signature. Only if the signature/hash is correct, will the image be installed. Ifan update is unsuccessful,a warning is displayedto the administrator. Since the updateprocessattempts to update a different partition than what is currently being run, the current active image remains the same until the reboot. The reboot promptis offered aspart ofthe updateprocess. The clockfunction is reliant on the systemclockprovided by the underlyinghardware. The TOEcan be configured to synchronize its internalclockwith an NTPserver. The date and time are used as the time stamp thatis applied to TOE generated audit records, used to track inactivity of administrative sessions, and performcertificate expiration checks. The Protectionofthe TSFfunctionsatisfiesthefollowing security functionalrequirements: • NDcPP22e:FPT_APW_EXT.1: Passwords are the only authentication data that is subject to this SFR. No passwordsare everstoredas cleartext. The TOE does not offerany functions that willdisclose to anyuser a plain text password. Passwords are stored on the TOE in a secured partition in non-plaintext. Prior to writing on disks eachpasswordis hashed(SHA-256)with a salt. During subsequentauthentication attempts passwordsare similarly processed and comparedin cyphertext (i.e., hash comparison). Extreme Networks VSP Series Switches v8.3.100 Security Target Version 0.7, December 16, 2022 Page 40 of 40 • NDcPP22e:FPT_SKP_EXT.1:The TOE does not offeranyfunctionsthat willdisclose to any usersa stored cryptographic key. • NDcPP22e:FPT_STM_EXT.1:The TOE includes its own hardware clockand can synchronize with a NTP server. • NDcPP22e:FPT_TST_EXT.1: The TOEincludesa numberofpower-on diagnosticsand cryptographic self- teststhatwill serve to ensure theTOEis functioningproperly. The tests are describedabove. • NDcPP22e:FPT_TUD_EXT.1: The TOE provides function to query the version and upgrade the software embeddedin theTOEappliance. When installing updatedsoftware,digitalsignaturesare usedtoauthenticate the update to ensureit is the update intendedandoriginatedby Extreme Networks. 6.6 TOE access The TOE provides the administrative user with an ability to configure inactivity time out periods for administrative sessions. The inactivity period forCLI (local and remote)administrative accessis configured separately through the TOE administrative interfaces. When the administrative interface hasbeenidle for more than the configured period of time the session is terminated. After termination, administrative authentication is required to access any of the administrative functionality ofthe TOE. This is applicable fromboth localand remote administrativesessions. The localconsole CLI and remote SSHCLI can be configured to display a customlogin banner. Thisbannerwill be displayedpriorto allowing Administratoraccessthrougheitherinterface. The TOE accessfunction satisfiesthe followingsecurityfunctionalrequirements: • NDcPP22e:FTA_SSL.3: The TOE terminates remote sessions that have been inactive foran administrator- configuredperiodoftime. • NDcPP22e:FTA_SSL.4: The TOE providesthe functionto logout (orterminate)bothlocaland remote user sessionsas directedby the user. • NDcPP22e:FTA_SSL_EXT.1: The TOE terminates local sessions that have been inactive for an administrator-configuredperiodoftime. • NDcPP22e:FTA_TAB.1: The TOE can be configured to display administrator-defined advisory banners when administrators successfully establish interactive sessions with the TOE, allowing administrators to terminate theirsession priorto performing anyfunctions. 6.7 Trusted path/channels The TOEprotectstrusted channelswith audit servers(syslog servers)using the TLSv1.2protocol. The TOEis a TLS client in the communicationswith the audit servers. The TOEprovidesassured identificationofthe non-TSFendpoint by validating X.509 certificates. The TOE implements a trust store containing trust anchors which it uses to verify identities ofthose non-TSFcertificates. The TOEutilizes TLS as describedin Section6.2above. All remote administrative CLIsessions are protected with an SSHv2tunnelthat providesa secure encrypted session. The SSHv2sessionis encryptedusingAESencryption. The remoteadministratorsis able toinitiate theSSHv2secure channelto the TOE. Note that localadministratoraccessvia the serialport is alsoallowed forCLI access. The Trusted path/channels functionsatisfiesthefollowing security functionalrequirements: • NDcPP22e:FTP_ITC.1: In the evaluated configuration, the TOE must be configured to use TLS to ensure that exported audit records are sent only to the configured server so they are not subject to inappropriate disclosure or modification as the TOE validates the syslog server and against the TOE configuration using the certificatespresentedduringTLSnegotiation. • NDcPP22e:FTP_TRP.1/Admin: The TOE provides SSH to ensure secure remote administration. The administrator can initiate the remote SSH session, the remote SSH session is secured fromdisclosure and modification usingCAVPtestedcryptographic operations.