BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT

CCCS CERTIFICATION REPORT

 

IYayın Tarihi [30/07/2015
ReizyonTarni [29/04/2016 [Nos

CoH

SL.

 

 

 

 

 

 

 

Certification Report

EAL 2 Evaluation of
ARCELIK A.S

Embedded Firmware Security Solution of Connectivity Features V1.0
for Arcelik Bluetooth IoT Devices

issued by

Turkish Standards Institution
Common Criteria Certification Scheme

Certificate Number: 21.0.03/TSE-CCCS-58

ei AL Sayfa 1/14

Bu dokiimanin giincelligi, elektronik ortamda TSE Doküman Yünetim Sisteminden takip edilmelidir.
 

 

BiLisiM TEKNOLOJILERi
TEST VE BELGELENDIRME
DAIRESi BASKANLIGI / Doküman No |BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT

CCCS CERTIFICATION REPORT

 

ayın Tarihi [30/07/2015
Revizyon Tarihi [29/04/2016 |Naj 05

 

 

 

 

 

 

 

TABLE OF CONTENTS

TABLE OF CONTENTS ..
DOCUMENT INFORMATION hs
DOCUMENT CHANGE LOG 3
DISCLAIMER ........esssssesseesssnessonsenssnssuoonsswssesucensowonsussusstwessisssiounsiessstsenosvsvsstussvenossssbssvstwenavoasetssnsesvaeesiaenssintists 4
FOREWORD
RECOGNITION OF THE CERTIFICATE,

1 - EXECUTIVE SUMMARY...

 

 

 

  
  

 

1.1 TOE Overview

1.2 Threats un cn RR QE EN QG RENE 8
2 - CERTIFICATION RESULTS..........sssssssessescssssercesensereseessesseeesenssseeneeseasenssnessensenensesceaseeceesaesesneeessanensseeneneaae 8

2.1 Identification of Target of Evaluation 8

2.2 Security Policy

 

2.3 Assumptions and Clarification of Scope .
2.4 Architectural Information
2.4.1 Logical SCOPE eue ee ESPERANT NEEDS NAT NT moe 9
2.4.2 Physical Scope

 
 

 

 
 

2.5 Documentation...

2.6 IT Product Testing .11

2.7 Evaluated Configuratioı

2.8 Results of the Evaluation... 12

2.9 Evaluator Comments / RecommendationSorssnnsenneeseenneunanennenvsnennssess 13
3 - SECURITY TARGET svcssssssivssssesvnsinssvossessensscsvssusscosssesscssssessscssstessvereoseesstesvaasssvesssoesessabeesvensaseasenasresesias cen 14
4 - BIBLIOGRAPHY..........sccsscsssseesseesesserssssssarsreaesssseessseesssnssaeseusessssessusessaeseeatsessereesnssassesasseseesenerenaeaeeteeeataae 14

ck Sayfa 2/14
uWokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
 

m

 

 

 

BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No _|BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
ayın Tarihi |30/07/2015

CCCS CERTIFICATION REPORT

 

 

05

 

29/04/2016 Na

 

Revigon Tarihi

 

DOCUMENT INFORMATION

 

Date of Issue

April 15, 2019

 

 

 

 

 

 

 

 

 

 

 

Approval Date April 15, 2019
Certification Report Number 21.0.03/19-004
| Sponsor and Developer Argelik A.S.
Evaluation Facility Beam Technology Test Center
TOE Embedded Firmware Security Solution of Connectivity Features V1.0 for
Arçelik Bluetooth IoT Devices
Pages 14
Prepared by Cem ERDIVAN
Common Criteria Inspection Expert C Er — &
Reviewed by Ibrahim Halil KIRMIZI
Common Criteria Technical Responsible “
(Software Product Group) La

 

 

This report has been prepared by the Certification Expert and reviewed by the Technical Responsible of which

signatures are above.

 

 

DOCUMENT CHANGE LOG
Release Date Pages Affected Remarks/Change Reference
1.0 April 16", 2019 All First Release

 

 

 

 

 

 

a

Sayfa 3/14

Bu dokiimanin giincelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
 

BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No _|BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT

CCCS CERTIFICATION REPORT

 

|Yayın Tarihi [30/07/2015
Reimontarni [29042016 Ind os

 

 

 

 

 

 

 

DISCLAIMER

This certification report and the IT product in the associated Common Criteria document has been evaluated at
an accredited and licensed evaluation facility conformance to Common Criteria for IT Security Evaluation,
version 3.1, revision 5, using Common Methodology for IT Products Evaluation, version 3.1, revision 5. This
certification report and the associated Common Criteria document apply only to the identified version and
release of the product in its evaluated configuration. Evaluation has been conducted in accordance with the
provisions of the CCCS, and the conclusions of the evaluation facility in the evaluation report are consistent
with the evidence adduced. This report and its associated Common Criteria document are not an endorsement
of the product by the Turkish Standardization Institution, or any other organization that recognizes or gives
effect to this report and its associated Common Criteria document, and no warranty is given for the product by
the Turkish Standardization Institution, or any other organization that recognizes or gives effect to this report

and its associated Common Criteria document.

x N Sayfa 4/14

Bu dokümanım güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
 

 

 

BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
ayın Tarihi [30/07/2015
CCCS CERTIFICATION REPORT
Roigontaiti [29/04/2016 Ind os

 

 

 

 

 

 

FOREWORD

The Certification Report is drawn up to submit the Certification Commission the results and evaluation
information upon the completion of a Common Criteria evaluation service performed under the Common
Criteria Certification Scheme. Certification Report covers all non-confidential security and technical
information related with a Common Criteria evaluation which is made under the ITCD Common Criteria
Certification Scheme. This report is issued publicly to and made available to all relevant parties for reference
and use.

The Common Criteria Certification Scheme (CCSS) provides an evaluation and certification service to ensure
the reliability of Information Security (IS) products. Evaluation and tests are conducted by a public or
commercial Common Criteria Evaluation Facility (CCTL = Common Criteria Testing Laboratory) under
CCCS’ supervision.

CCEF is a facility, licensed as a result of inspections carried out by CCCS for performing tests and evaluations
which will be the basis for Common Criteria certification. As a prerequisite for such certification, the CCEF
has to fulfill the requirements of the standard ISO/IEC 17025 and should be accredited by accreditation bodies.
The evaluation and tests related with the concerned product have been performed by Beam Technology Testing
Facility, which is a commercial CCTL.

A Common Criteria Certificate given to a product means that such product meets the security requirements
defined in its security target document that has been approved by the CCCS. The Security Target document is
where requirements defining the scope of evaluation and test activities are set forth. Along with this
certification report, the user of the IT product should also review the security target document in order to
understand any assumptions made in the course of evaluations, the environment where the IT product will run,
security requirements of the IT product and the level of assurance provided by the product.

This certification report is associated with the Common Criteria Certificate issued by the CCCS for Embedded
Firmware Security Solution of Connectivity Features V1.0 for Argelik Bluetooth IoT Devices whose evaluation
was completed on February 21", 2019 and whose evaluation technical report was drawn up by Beam
Technology (as CCTL), and with the Security Target document with version no 0.9 of the relevant product.

The certification report, certificate of product evaluation and security target document are posted on the ITCD
Certified Products List at bilisim.tse.org.tr portal and the Common Criteria Portal (the official web site of the

Common Criteria Project).

ce Sayfa 5/14
Bu’dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir,
 

BiLISIM TEKNOLOJILERI

 

<P

 

 

TEST VE BELGELENDIRME
DAIRESi BASKANLIGI / Dokiiman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
CCCS CERTIFICATION REPORT pene Teri poe
Revizyon Tarihi [29/04/2016 |Nol 05

 

 

 

 

 

 

RECOGNITION OF THE CERTIFICATE

The Common Criteria Recognition Arrangement logo is printed on the certificate to indicate that this certificate

is issued in accordance with the provisions of the CCRA.
The CCRA has been signed by the Turkey in 2003 and provides mutual recognition of certificates based on the

CC evaluation assurance levels up to and including EAL2. The current list of signatory nations and approved

certification schemes can be found on:

http://www.commoncriteriaportal.org.

ea
Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.

Sayfa 6/14
 

 

BiLiSiM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESi BASKANLIGI / Doküman No |BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
30/07/2015

CCCS CERTIFICATION REPORT ayın Tarihi

 

 

 

|Revizyon Tarihi [29/04/2016 — |No} 05

 

 

 

 

 

 

1 - EXECUTIVE SUMMARY
1.1 TOE Overview

Embedded Firmware Security Solution of Connectivity Features v1.0 for Arçelik Bluetooth IoT Devices is an
IoT device security solution which provides security functions to implement secure OTA firmware update of
Arçelik IoT Devices mainboard and secure log storage of Argelik IoT Devices.

The TOE provides secure OTA firmware update feature to the device users. The user easily updates the device
firmware by following the procedure demonstrated on the mobile application. During the OTA firmware update
process the download and install phases are protected by several cryptographic processes which are stated
below.

Also, the device periodically logs usage data like diagnosis, customer detailed usage, electrical and sensor data
of the device etc. The Secure Log Storage feature provides the log data to be stored and transmitted securely
inside and outside (to Argelik Cloud Server) of the product.

ARCELIK Home Appliance

ARCELIK Cloud Server

=

 

 

Figure I — External Entities of the TOE Operational Environment

Sayfa 7/14
or Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir,
 

 

 

 

BiLisiM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
ayın Tarihi 30/07/2015
CCCS CERTIFICATION REPORT
Revizyon Tarihi |29/04/2016 No 05

 

 

 

 

 

 

 

1.2 Threats

Threats are defined in Section 3.1 of Security Target Document v0.9.

2 - CERTIFICATION RESULTS

2.1 Identification of Target of Evaluation

 

21.0.03/TSE-CCCS-58

 

Certificate Number
TOE Name and Version

Embedded Firmware Security Solution of Connectivity Features V1.0
for Argelik Bluetooth IoT Devices

 

Security Target Title

Embedded Firmware Security Solution of Connectivity Features V1.0
for Arçelik Bluetooth IoT Devices Security Target

 

 

 

 

 

 

Security Target Version V0.9
Security Target Date December 25", 2018
Assurance Level EAL2
Criteria e Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model; CCMB-
2012-09-001, Version 3.1, Revision 5, April 2017
e Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components; CCMB-
2012-09-002, Version 3.1 Revision 5, April 2017
e Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components; CCMB-
2012-09-003, Version 3.1 Revision 5, April 2017
Methodology Common Criteria for Information Technology Security Evaluation,
Evaluation Methodology; CCMB-2012-09-004, Version 3.1, Revision
5, April 2017
Protection Profile Conformance None

 

Common Criteria Conformance

e Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model, Version 3.1,
Revision 5, April 2017

e Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components, Version
3.1, Revision 5, April 2017, conformant

e Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components, Version
3.1, Revision 5, April 2017, conformant

 

 

 

Sponsor and Developer Arcelik A.S.
Evaluation Facility Beam Technology Test Center
Certification Scheme TSE CCCS

 

 

 

 

2.2 Security Policy

The TOE’s purpose and key security features are as follows:

c.8 L
Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.

Sayfa 8/14
 

 

 

BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
CCCS CERTIFICATION REPORT [jayın Tarih _ ELU
Reign ttt |29/04/2016 [hol 05

 

 

 

 

 

 

e Secure OTA Firmware Download

This function blocks the installation of unauthorized firmware by using digital signature verification.
The digital signature process for the firmware takes place in the Argelik Cloud server and this
enables only the firmware that are downloaded from the Argelik Cloud server to be installable on the
IoT device.

e Secure OTA Firmware Installation of Mainboard

The new mainboard firmware downloaded on the Argelik IoT device is encrypted and stored in the
external flash of display board. The TOE decrypts and verifies the mainboard firmware image. After
the verification is successfully completed, the installation process starts. The mainboard firmware
image is securely transferred from display board to mainboard via encrypted SPI line chunk by
chunk, The mainboard microcontroller decrypts each OTA image chunks and the mainboard’s
bootloader programs its own flash accordingly. The firmware update of mainboard finished after all
required packages arrived in mainboard.

e Secure Log Storage

The Argelik IoT Devices periodically logs usage data like diagnosis, customer detailed usage,
electrical and sensor data of the appliance etc. The Secure Log Storage function provides the log
data to be stored and transmitted securely inside and outside (to Argelik Cloud Server) of the
product. The logged data are generated by mainboard. The log data are stored in display board’s
external flash until sent to Cloud Server. The Secure Log Storage Function uses the same secure SPI
connection between DB and MB as stated in Secure OTA Firmware Installation phase. The
communication between DB_MCU and external flash is also secure.

2.3 Assumptions and Clarification of Scope

Please refer to Security Target Document v0.9 Section 3.2 for OSPs and Section 3.3 for Assumptions.
2.4 Architectural Information

2.4.1 Logical Scope

e Secure OTA Firmware Download

When a user connects a mobile device to Argelik IoT Device via BLE, initially the firmware versions of
the appliance and the latest firmware version published to Argelik Cloud for respective appliance polled
by the mobile device. After the comparison of firmware versions, the download request generated if
needed.

The new OTA firmware update image is placed on Argelik Cloud Server. The image on Cloud Server is
signed and encrypted. Before the download process starts, the Appliance to Argelik Cloud
authentication and digital signature verification must be fulfilled. Appliance to Argelik Cloud

Sayfa 9/14
as Me Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
 

 

 

 

BiLisiM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAIRESI BASKANLIGE/ IDoküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
|Yayın Tarihi |30/07/2015
CCCS CERTIFICATION REPORT
Reiyontarm |29/04/2016 [Na os

 

 

 

 

 

authentication is established using TLS 1.2 protocol and digital signature material downloaded through
TLS channel from Cloud Server to Appliance. After successful completion of authentication and
verification processes, OTA firmware update image starts download from Cloud Server to Appliance.
This means that apart from authenticated and verified OTA firmware update images download process
are blocked by TOE.

 

e Secure OTA Firmware Installation of Mainboard

The downloaded OTA firmware image on the Argelik IoT Device is encrypted and stored in display
board. Before passing to installation phase, the display board must implement verification and
decryption to OTA image. The verification and decryption keys which was downloaded through TLS
channel are used for fulfilling this step.

After verifying and decrypting the OTA image, the sending and installation process starts.

The DB transfers the OTA image through secure channel between DB and MB. The secure channel
implemented by encryption and decryption of OTA image packages using DB-MB communication
encryption key. After that the mainboard microcontroller gets the OTA package securely, the
mainboard’s bootloader programs its own flash accordingly. The firmware update of mainboard finished
after all required packages arrived in mainboard.

e Secure Log Storage

The Argelik IoT Device periodically logs usage data like diagnosis, customer detailed usage, electrical
and sensor data of the appliance etc. The Secure Log Storage function provides that the log data is
stored and transmitted securely. The logged data are generated by mainboard, sent to display board and
then sent to Cloud Server if all security conditions are fulfilled. The Secure Log Storage Function uses
the same secure channels between DB-MB and Appliance-Cloud Server which is implemented in OTA
download and installation phases. The log data is stored in DB until the connection occurs. If there is a
secure connection between appliance and Cloud Server, the log data is sent over this channel.

2.4.2 Physical Scope

The physical scope of TOE includes software elements that are used for securing the OTA firmware update and
implementing securely usage log storage. A figure of the TOE can be found in below (Figure 2) and identifies
its components. Only authenticated and properly encrypted firmware images downloaded and installed to the
product electronic boards. The usage log data is always stored and transferred encrypted inside the product.
Also, the usage log data sent from product to server encrypted by using a secure authenticated communication
channel.

The TOE has two firmware elements. Those are display board microcontroller firmware and mainboard
microcontroller firmware. Those firmware’s are installed to the electronic boards in the factory during the serial
production phase of loT devices. Upon completion of the production, the IoT device delivered and set up to the
user’s property by Argelik Service Technician. Also, the Argelik User Guide is delivered to the user during the
delivery.

CLE N Sayfa 10/14
Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmetidir.
 

BILISIM TEKNOLOJILERI

 

CCCS CERTIFICATION REPORT

 

 

 

TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
|Yayın Tarihi [30/07/2015

 

|Revizyon Tarii

 

29/04/2016 No 05

 

 

Figure 2 - Infrastructure of TOE

2.5 Documentation

These documents listed below are provided to customer by the developer alongside the TOE:

 

 

 

 

[ Document Name Version Release Date
Embedded Firmware Security Solution of Connectivity v0.9 December 25", 2018
Features V1.0 for Argelik Bluetooth IoT Devices Security
Target

| User Manual v0.2 October 10", 2018

2.6 IT Product Testing

e Developer Testing: All TOE security behaviors have been tested by developer. Developer has
conducted 11 functional tests in total, including negative-tests.

e Evaluator Testing: Evaluator has conducted all 11 developer tests. Since the scope of TOE is limited,
no additional (independent) functional tests have been devised. TOE has passed all 11 functional tests to

demonstrate that its security functions work as it is defined in the ST.

¢ Penetration Tests: TOE has been tested against common threats and other threats surfaced by
vulnerability analysis. As a result, 4 penetration tests have been conducted. TOE proved that it is

resistant to “Attackers with Basic Attack Potential”.

2.7 Evaluated Configuration

TOE Configuration:

ee
\ Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yüönetim Sisteminden takip edilmelidir.

 

Sayfa 11/14
 

 

 

 

>

 

 

BiLiSiM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
CCCS CERTIFICATION REPORT (as Tai _ 0072015
|Revizyon Tarihi |29/04/2016 [Na 05

 

 

 

 

 

Embedded Firmware Security Solution of Connectivity Features v1.0 for Arçelik Bluetooth IoT Devices

Required Non-TOE Hardware/Software Configuration:

 

 

 

 

 

 

 

 

 

 

 

 

Category Specifications
Display Board | MPU 48-MHz ARM Cortex-M0 256KB
Flash 32KB SRAM
Bluetooth BLE 4.2
Flash Memory 2MB SPI Flash
HSM ECC508
Mainboard MPU 48-MHz ARM Cortex-M0+ 128KB
Flash 16KB RAM
Communication | Mainboard MPU - Display SPI
Interface MPU
Display MPU - Flash SPI
Memory
Display MPU - HSM DC
Mobile HomeWhiz Requires BLE4.2 or later mobile
App/Device device
Requires Android 5.0/iOS 9 or later
mobile device

 

 

 

2.8 Results of the Evaluation

The verdict for the CC Part 3 assurance components (according to EAL2) and the security target evaluation) is
summarized in the following table:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Class Heading Class Family Description Result
ADV: Development ADV_ARC.1 Security architecture description PASS
ADV_FSP.2 Security-enforcing functional specification | PASS
ADV_TDS.1 Basic design PASS
AGD: AGD_OPE.I Operational user guidance PASS
Guidance Documents AGD _PRE.l Preparative procedures PASS
ALC: ALC_CMC.2 Use of a CM system PASS
Lifecycle Support ALC_CMS.2 Parts of the TOE CM coverage PASS
ALC_DEL.1 Delivery procedures PASS
ASE: ASE CCL.1 Conformance claims PASS
Security Target evaluation ASE_ECD.1 Extended components definition PASS
ASE INT.1 ST introduction PASS
ASE_OBJ.2 Security objectives PASS
ASE_REQ.2 Derived security requirements PASS
ASE SPD.1 Security problem definition PASS
ASE_TSS.1 TOE summary specification PASS
Sayfa 12/14
Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.

N
 

BiLisiM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAÏRESI BASKANLIGI / Doküman No |BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT

CCCS CERTIFICATION REPORT

 

‘aym Tarihi |30/07/2015
Revizyon Tarihi {29/04/2016 No 05

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Class Heading Class Family Description Result
ATE: ATE _COV.1 Evidence of coverage PASS
Tests ATE _FUN.1 Functional testing PASS
ATE_IND.2 Independent testing - sample PASS
AVA: Vulnerability Analysis | AVA_VAN.2 Vulnerability analysis PASS

 

2.9 Evaluator Comments / Recommendations

No recommendations or comments have been communicated to CCCS by the evaluators related to the
evaluation process of “Embedded Firmware Security Solution of Connectivity Features V1.0 for Argelik
Bluetooth IoT Devices” product, result of the evaluation, or the ETR.

€

€ M Sayfa 13/14
Bu dokümanın güncelligi, elektronik ortamda TSE Doküman Yünetim Sisteminden takip edilmelidir.
 

 

BILISIM TEKNOLOJILERI
TEST VE BELGELENDIRME
DAIRESi BASKANLIGI/ Doküman No |BTBD-03-01-FR-01

INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT

CCCS CERTIFICATION REPORT

 

Yayin Tarihi [30/07/2015
Reizen tarni. [29/04/2016 [No 0s

 

 

 

 

 

 

3 - SECURITY TARGET

The security target associated with this Certification Report is identified by the following terminology:

Title: Embedded Firmware Security Solution of Connectivity Features V1.0 for Argelik Bluetooth IoT Devices
Security Target

Version: v0.9

Date of Document: December 25%, 2018

This Security Target describes the TOE, intended IT environment, security objectives, security requirements
(for the TOE and IT environment), TOE security functions and all necessary rationale.

4 - BIBLIOGRAPHY

[1] Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017

[2] Common Methodology for Information Technology Security Evaluation, CEM, Version 3.1 Revision 5,
April 2017

[3] BTBD-03-01-TL-01 Certification Report Preparation Instructions, Rel. Date: February 8, 2016

[4] ETR v1.2 of Embedded Firmware Security Solution of Connectivity Features V1.0 for Argelik Bluetooth
IoT Devices, Rel. Date: February 21%, 2019

[5] Embedded Firmware Security Solution of Connectivity Features V1.0 for Argelik Bluetooth IoT Devices
Security Target, Version 0.9, Rel. Date: December 25", 2018

Sayfa 14/14
Bu dokümanın güncelligi, elektronik ortamda TSE Doktiman Yénetim Sisteminden takip edilmelidir.