Huawei Access Terminal Platform ATP V200R001C03
Security Target
Issue V1.71
Date 2016-11-3
HUAWEI TECHNOLOGIES CO., LTD.
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
i
Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer.
All or part of the products, services and features described in this document may not be within the purchase scope or
the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this
document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or
implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation
of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this
document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://e.huawei.com
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target About This Document
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
ii
About This Document
Purpose
This document provides description about ST (Security Target).
Change History
Changes between document issues are cumulative. The latest document issue contains all the changes made in
earlier issues.
Date Revision Version
Section Number
Change Description Author
2015-11-5 1.0 ALL Initial Draft
Shu Pingfen
Zhou Xuezhong
Huang wei
Sun Bo
Liu Wen
2016-01-05 1.1 1.4.2
Change the physical
product to “B525”
Huxiaodong
2016-01-13 1.2 ALL Update by review Shupingfen
2016-02-16 1.3 ALL Update by review Shupingfen
2016-03-15 1.4 ALL Update template Shupingfen
2016-06-07 1.5 1.2/1.3/1.4.1/6.3.2/6.4/6.5/8.1
Resolve the
laboratory issue
Shupingfen
2016-10-21 1.6 1.4.2.5/6.3.7.2/7.1.5.1
Modify the
description about the
maximum concurrent
sessions
Shupingfen
2016-11-2 1.7 4.3.2/6.4.1/6.4.2/7.1 Update by review Shupingfen
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target About This Document
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
iii
2016-11-3 1.71 7.1 Update by review Shupingfen
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target Contents
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
iv
Contents
About This Document....................................................................................................................... ii
1 Introduction.....................................................................................................8
1.1 Security Target Reference ..........................................................................................................8
1.2 Target of Evaluation (TOE) Reference.......................................................................................8
1.3 TOE Overview .........................................................................................................................11
1.4 TOE Description ......................................................................................................................12
1.4.1 Physical scope ..........................................................................................................................12
1.4.2 Logical scope............................................................................................................................15
1.4.2.1 Audit.........................................................................................................................................15
1.4.2.2 Identification and Authentication (I&A)..................................................................................15
1.4.2.3 User Data Protection (Information flow control).....................................................................16
1.4.2.4 Security Management...............................................................................................................16
1.4.2.5 TOE Access..............................................................................................................................16
1.4.2.6 TSF Protection..........................................................................................................................16
1.4.2.7 Trusted Path/Channels..............................................................................................................16
2 CC Conformance Claim ...............................................................................17
3 TOE Security Problem Definition ...............................................................18
3.1 TOE Assets...............................................................................................................................18
3.2 Threats Agent ...........................................................................................................................18
3.3 Threats......................................................................................................................................19
3.4 Organizational Security Policies ..............................................................................................20
3.5 Assumptions.............................................................................................................................20
4 Security Objectives .......................................................................................22
4.1 Security Objectives for the TOE ..............................................................................................22
4.2 Security Objectives for the Operational Environment .............................................................22
4.3 Security Objectives Rationale..................................................................................................23
4.3.1 Coverage...................................................................................................................................23
4.3.2 Sufficiency ...............................................................................................................................23
5 Extended Components Definition................................................................25
6 Security Requirements .................................................................................26
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target Contents
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
v
6.1 Conventions..............................................................................................................................26
6.2 Definition of security policies ..................................................................................................26
6.2.1 ATP information control policy................................................................................................26
6.3 TOE Security Functional Requirements ..................................................................................27
6.3.1 Security Audit (FAU) ...............................................................................................................27
6.3.1.1 FAU_GEN.1 Audit data generation ......................................................................................27
6.3.1.2 FAU_GEN.2 User identity association .................................................................................28
6.3.1.3 FAU_SAR.1 Audit review ....................................................................................................28
6.3.1.4 FAU_SAR.3 Selectable Audit review ...................................................................................28
6.3.1.5 FAU_STG.1 Protected audit trail storage .............................................................................28
6.3.1.6 FAU_STG.3 Action in case of possible audit data loss ........................................................29
6.3.2 Cryptographic Support (FCS) ..................................................................................................29
6.3.2.1 FCS_COP.1(1)/AES Cryptographic operation......................................................................29
6.3.2.2 FCS_COP.1(2)/RSA Cryptographic operation......................................................................29
6.3.2.3 FCS_COP.1(3)/SHA256 Cryptographic operation ...............................................................29
6.3.2.4 FCS_CKM.1(1)/AES Cryptographic key generation............................................................29
6.3.2.5 FCS_CKM.1(2)/RSA Cryptographic key generation............................................................29
6.3.2.6 FCS_CKM.4(1)/AES Cryptographic key destruction...........................................................29
6.3.2.7 FCS_CKM.4(2)/RSA Cryptographic key destruction...........................................................30
6.3.3 User Data Protection (FDP) .....................................................................................................30
6.3.3.1 FDP_IFC.1 Subset information flow control ........................................................................30
6.3.3.2 FDP_IFF.1 Simple security attributes ...................................................................................30
6.3.4 Identification and Authentication (FIA)...................................................................................31
6.3.4.1 FIA_AFL.1 Authentication failure handling.........................................................................31
6.3.4.2 FIA_ATD.1 User attribute definition ....................................................................................31
6.3.4.3 FIA_SOS.1 Verification of secrets........................................................................................31
6.3.4.4 FIA_UAU.2 User authentication before any action..............................................................31
6.3.4.5 FIA_UID.2 User identification before any action.................................................................31
6.3.4.6 FIA_UAU.6 Re-authenticating .............................................................................................32
6.3.4.7 FIA_UAU.7 Protected authentication feedback....................................................................32
6.3.5 Security Management (FMT)...................................................................................................32
6.3.5.1 FMT_MOF.1 Management of security functions behaviour.................................................32
6.3.5.2 FMT_MSA.1 Management of security attributes .................................................................33
6.3.5.3 FMT_MSA.3 Static attribute initialisation............................................................................33
6.3.5.4 FMT_SMF.1 Specification of Management Functions.........................................................33
6.3.5.5 FMT_SMR.1 Security roles ................................................................................................33
6.3.6 Protection of the TSF (FPT).....................................................................................................33
6.3.6.1 FPT_ITC.1 Inter-TSF confidentiality during transmission...................................................33
6.3.6.2 FPT_ITI.1 Inter-TSF detection of modification....................................................................34
6.3.6.3 FPT_STM.1 Reliable time stamps ........................................................................................34
6.3.7 TOE access (FTA) ....................................................................................................................34
6.3.7.1 FTA_SSL.3 TSF-initiated termination..................................................................................34
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target Contents
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
vi
6.3.7.2 FTA_MCS.1 Basic limitation on multiple concurrent sessions ............................................34
6.3.7.3 FTA_TSE.1 TOE session establishment ...............................................................................34
6.3.8 Trusted Path/Channels (FTP) ...................................................................................................34
6.3.8.1 FTP_ITC.1 Inter-TSF trusted channel ..................................................................................34
6.3.8.2 FTP_TRP.1 Trusted path .......................................................................................................35
6.4 Security Functional Requirements Rationale...........................................................................35
6.4.1 Coverage...................................................................................................................................35
6.4.2 Sufficiency ...............................................................................................................................37
6.4.3 Security Requirements Dependency Rationale........................................................................38
6.4.4 Justification for unsupported dependencies .............................................................................41
6.5 Security Assurance Requirements............................................................................................41
6.6 Security Assurance Requirements Rationale............................................................................42
7 TOE Summary Specification .......................................................................43
7.1 TOE Security Functional Specification....................................................................................43
7.1.1 F.Audit......................................................................................................................................43
7.1.2 F.I&A........................................................................................................................................44
7.1.3 F.UserDataProtection ...............................................................................................................44
7.1.4 Cryptographic functions...........................................................................................................45
7.1.5 F.SecurityManagement.............................................................................................................46
7.1.6 F.TOE_Access..........................................................................................................................46
7.1.6.1 TOE Session Establishment .....................................................................................................46
7.1.6.2 TSF-initiated Termination ........................................................................................................47
7.1.6.3 User-initiated Termination........................................................................................................47
7.1.7 F.TSF_Protection......................................................................................................................47
7.1.7.1 Upload/Download Configuration file.......................................................................................47
7.1.7.2 Online Upgrade ........................................................................................................................47
7.1.8 F.TrustedPath/Channels............................................................................................................47
7.1.8.1 HTTPs over Web ......................................................................................................................47
7.1.8.2 HTTPs over TR069 ..................................................................................................................48
7.1.8.3 WiFi Secure Channel................................................................................................................48
7.2 TOE Security Functions Rationale...........................................................................................48
8 Abbreviations ................................................................................................50
8.1 Abbreviations ...........................................................................................................................50
List of Tables
Table 1 Technical specifications of the B525.......................................................................................................14
Table 2 Mapping of security objectives................................................................................................................23
Table 3 Sufficiency analysis for threats.................................................................................................................24
Table 4 Sufficiency analysis for assumption .........................................................................................................25
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target Contents
Issue 1.6(Error! Unknown
document property name.)
Error! Unknown document property
name..
vii
Table 5: Mapping SFRs to objectives ....................................................................................................................37
Table 6: SFR sufficiency analysis ..........................................................................................................................38
Table 7: Dependencies between TOE Security Functional Requirements.............................................................41
Table 8: TOE Security Functions Rationale ..........................................................................................................49
List of Figures
Figure 1: TOE Boundary ......................................................................................................................................12
Figure 2: ATP System Architecture.......................................................................................................................13
Figure 3: Interfaces on the B525 ..........................................................................................................................14
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
8
1 Introduction
This Security Target is for the evaluation of the Huawei Access Terminal Platform ATP
V200R001C03; the TOE consists of Access Terminal Platform (ATP), Embedded Unified
Application Platform (eUAP) and the underlying OS. The software is part of the Home
Gateway and LTE Router.
1.1 Security Target Reference
Name: Huawei Access Terminal Platform ATP V200R001C03 Security Target
Version: 1.6
Publication Date: 2016-10-21
Author: Huawei Technologies Co., Ltd.
1.2 Target of Evaluation (TOE) Reference
Name: Huawei Access Terminal Platform ATP V200R001C03
Version: ATP V200R001C03
Access Terminal Platform (ATP) is the software platform for home gateway, wireless router,
CPE and mobile broadband products (such as Data Card, 3G/4G LTE Router and Wingle).
Product software version is based on ATP software Version 2 Release 1.
Home gateway series of Huawei Access Terminal are cable broadband access products, The
WAN interface is xDSL or Ethernet, and the user access interfaces including WiFi, LAN ETH
port, FXS port and USB port.
The naming examples of Huawei home gateway products are as follows:
Field Meaning Description
A Product Series HG: Home Gateway
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
9
Field Meaning Description
WS: Wireless Series
B WAN Access technology type  2:Ethernet access
 5:ADSL2
 6: VDSL2
 7:Cable
C User interface service  2,3:WiFi
 5:VOIP
D Interface changed for product upgrade
E(optional) New feature for product upgrade New feature for product upgrade,
such as “S” means support USB
Wireless router series of Huawei Access Terminal are cable broadband access products, The
WAN interface is Ethernet or WiFi (As a WiFi repeater), and the user access interfaces
including WiFi, LAN ETH port, and USB port.
The naming examples of Huawei wireless router products are as follows:
Field Meaning Description
A Product Series WS: Wireless Series
B WiFi Rate  1: 11n 150Mbps
 2, 3, 4: 11n 300Mbps
 5, 6: 11n 300Mbps
 7, 8, 9: 11ac
C Product Positioning  1~8: In principle, the larger the
number, the higher product
positioning
D Product Positioning With the second digit indicates the
product positioning
E(optional) Product Characteristics Lowercase, further distinguish or
identify product characteristics
CPE products of Huawei Access Terminal are wireless broadband access products, The WAN
interface is 3G/4G interface (Ethernet interface also is optional) and the user access interfaces
including WiFi, LAN ETH port, FXS port and USB port.
The naming examples of Huawei CPE Access Terminal are as follows:
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
10
Field Meaning Description
A Product Series B: Broadband, the uplink is 3G/4G
B High/ Medium/Low end product  1: Low-end 3G Router
 2: High end 3G Router
 3: Low-end 4G LTE Router
 5,6: Medium-end 4G LTE Router
 7,8: High-end 4G LTE Router
C Generation  1:First Generation
 2:Second Generation
D Product Serial Number Serial number of the same grade
product
E(optional) Operator Code For operator customized
The naming examples of Huawei mobile broadband terminal products are as follows:
Field Meaning Description
A Product Series  EC: CDMA+[WCDMA][WiMAX]
 ET: TD-SCDMA
 EW: WiMAX+[LTE]
 E: WCDMA or
LTE+[ CDMA][ WCDMA].
B Product Style  3: Data Card
 5: 3G/4G LTE Router
 8: Wingle
C Generation  1:First Generation
 2:Second Generation
D Communicatioin Bandwidth  1,2:Low speed
 3:High speed
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
11
Field Meaning Description
 5,6:Mobile WiFi
 8:WiFi modem
E ID Sytle  0,1,2,3: Direct Insert
 6,7,8: Rotating plug
F Chipset Vendor  s,z:Balong
 u,t:Qualcomm
 v:infineon
 r: Icera
 y: STE
All above product series are Access Terminal Platform products. However, The TOE is
software only consisting of ATP and the underlying OS (Linux) running in the products.
Sponsor: Huawei Technologies Co., Ltd.
Developer: Huawei Technologies Co., Ltd.
Certification ID:
Keywords: Huawei, ATP, Access Terminal Platform, Access Terminals.
1.3 TOE Overview
ATP is a software platform for Huawei Access Terminals, which is a type of network and
network-related devices and systems, support rich WAN interfaces and user access interfaces
to provide WAN access, data access and voice services for home, personal and small office.
At the core of each Access Terminal is the ATP (Access Terminal Platform) deployed on SOC
(System on chip) chip, the software for managing and running the gateway’s access
networking functionality. ATP provides extensive security features. These features include
authentication control for user login; log auditing of user operation; communication and data
security. SOC also supports rich type of interfaces such as Xdsl/Ethernet/3G/4G/WiFi/USB
for WAN side and user side to provide internet, data, and voice access service.
The major security features of the Huawei Access Terminal products are audit, Identification
& Authentication (I&A), security management, access to the product, and information flow
control (i.e., network packets sent through the TOE are subject to router information flow
control rules setup by the administrator or pre-defined in default configuration). The System
also provides protection against the Denial of Service (DoS) attacks.
ATP is application platform based on Linux OS, so the chip platform and product hardware
are non-TOE. Additionally, the operational environment is defined by the following to be
outside the TOE boundary:
• A browser or APP for local administration;
• ACS for remote administration;
• HOTA servers for online upgrade;
• A Simple Network Time Protocol server for external time synchronization.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
12
1.4 TOE Description
1.4.1 Physical scope
The following figure shows the TOE boundary, and the IT environment used for these
functions in the scope of evaluation.
ACS
（Auto-Configuration Server）
SNTP Server
Browser/APP
HOTA Server
Network traffic / data
Legend:
IT Environment
TOE
HGxxx/WSxxx/Bxxx/Exxx
(IT Environment)
TOE
ATPV200R001
Figure 1: TOE Boundary
The ATP Software runs on various hardware products (HGxxx/WSxxx/Bxxx/Exxx) but the
hardware platforms are excluded. ACS for limited remote administration (used by ISP),
browser/APP access for local administration (Browser used by the end user and ISP and APP
used only by the end user), HOTA servers for online upgrade, and a Simple Network Time
Protocol (SNTP) server for external time synchronization. All TSFIs are evaluated.
The following figure shows the ATP system architecture:
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
13
ATP Service
ATP Framework
OS - Linux
IPv4 IPv6
Firewall &
Security
Bridging
Driver & BSP
Key &
LED
WiFi USB
DECT
ETH
NAT QoS Routing
DSL ISDN
3G/4G
SMS
phone
book
DialUp
USSD
Management
CLI
WEB
UPnP
CWMP
Voice
PSTN
SIP
ISDN
Route/Bridge
LAN
WAN
Firewall
Tunnel
Application
UPG
Storage
Share
Cloud
LOG
DNS
Route
SNTP
QoS
MSG
DB XML HTTP SEC
Kernel
Patch
WiFi
STA
AP
Repeater
HAL
DECT
FLASH
HiLink
Figure 2: ATP System Architecture
The Subsystems with yellow background are evaluated and will be detailed in TDS. This
document gives a brief description:
ï‚· WEB provides local management from Web GUI
ï‚· CWMP provides remote management by ACS according to TR-069 protocol.
ï‚· Route makes the device to forward packets from LAN to WAN
ï‚· SNTP Client is used to synchronize the network time from SNTP Server.
ï‚· UPG model is used for online upgrading.
ï‚· LOG model is used for audit and records system log.
The typical LTE router series B525 will be used to run the ATP software during this
evaluation. B525 is customer premises equipment (CPE). On the network side, it provides a
high-speed LTE CAT6 for wide area network (WAN) access. B525 provides internet access
with highest bandwidth and speed for customers.
For users, the B525 supports both the 2.4 GHz and 5 GHz Wi-Fi functions, it provides dual
concurrent 802.11b/g/n (2.4 GHz) and 802.11a/n/ac (5 GHz) interfaces, one USB interface,
one phone interfaces and four Ethernet interfaces for home users to connect various terminals,
such as a PC, an IP set-top box. By integrating the Foreign Exchange Station (FXS) module,
the B525 can be set to voice over Internet protocol (VoIP) or circuit switch (CS) voice mode.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
14
Figure 3: Interfaces on the B525
No. Interface Description
1 SIM card slot Used to insert a SIM card.
2 Phone interfaces Used to connect the B525 to telephones.
3 USB interface Used to connect a USB device, such as a USB
flash drive.
4 LAN/WAN interfaces Used to connect Ethernet devices, such as PCs
and switches, to the B525.
One RJ45 interface support LAN/WAN function.
5 Reset button Used to restore the factory settings of the B525.
6 Power interface Used to connect the B525 to the power adapter.
7 On/Off button Used to power on or off the B525.
8 WPS button Used to enable the WPS negotiation function.
Table 1 Technical specifications of the B525
Item Description
Technical
standard
WAN  Mobile Network:
LTE/DC-HSPA+/HSPA+/HSPA/WCDMA/EDG
E/GPRS/GSM
 Gigabit Ethernet: IEEE 802.3/802.3u
Error!
Error!
Error!
Error!
Error!
Error!
Error!
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
15
Item Description
LAN IEEE 802.3/802.3u
WLAN IEEE 802.11b/g/n
IEEE 802.11a/n/ac
External port  One power adapter port
 Three LAN ports (RJ45)
 One WAN/LAN port (RJ45)
 One USB 2.0 host port
 One phone port (RJ11)
 Two external LTE antenna ports (SMA-J1.5)
 One SIM card slot
Button  One Power ON or OFF switch
 One WPS button
 One Reset button
1.4.2 Logical scope
The TOE is comprised of several security features. Each of the security features identified
above consists of several security functionalities, as identified below.
1. Audit
2. Identification and Authentication
3. User Data Protection
4. Security Management
5. TOE Access
6. TSF Protection
7. Trusted Path/Channels
These features are described in more detail in the subsections below.
1.4.2.1 Audit
Event logging controls the generation, dissemination and recording of system events for
monitoring status and troubleshooting faults within the system. The TOE also generates audit
records for all user activities on the management plane and stores the audit records in FLASH
memory by FIFO mode in the TOE. Limit the number of stores to the FIFO (usually 100
items), save to the Flash in the way of the loop, and then cover the earliest of the low priority
records.
1.4.2.2 Identification and Authentication (I&A)
The TOE can be managed by Web GUI. It authenticates the local user based on username and
password. The TOE also provides authentication failure handling and the ability for the
administrator to define password complexity requirements.
Authentication is enforced for WiFi station access if TOE acts as a WiFi AP (such as home
gateway/wireless router). WiFi access authentication is not evaluated since the authentication
is according to WiFi standard completely.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 1Introduction
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
16
For home gateway and CPE, the ISP could customize the remote management by TR-069.
TR-069 authentication method is according to the standard, such as HTTP basic, HTTP Digest
and Certification authentication, which depends on the ACS （Automatic Configuration
Server）.However, the document will not focus on this since it depends on the ISP’s network
environment absolutely.
1.4.2.3 User Data Protection (Information flow control)
The TOE provides firewall and packet filtering as information flow control policy for the
network packets sent through the TOE. The TOE provides ACL as information flow control
policy for the network packets sent to the TOE (The destination IP address is the TOE).
1.4.2.4 Security Management
The TOE offers management functionality for its security functions. Security management
functionality can be executed by the administrator through Web UI or ACS. However, ACS
remote management need to be customized by ISP, and it is not a common function.
1.4.2.5 TOE Access
Mechanisms place controls on administrators’ sessions. Web administrator’s sessions are
dropped after a pre-defined time (can be modified by ACS) period of inactivity. Dropping the
connection of Web session (after the specified time period) reduces the risk of someone
accessing the machines where the session was established, thus gaining unauthorized access
to the session. Administrator can initiate the termination of Web sessions by clicking the
“Logout” button. The TOE will deny session establishment based on maximum number of
concurrent Web management sessions or maximum http connections that have been
established.
1.4.2.6 TSF Protection
The TOE supports importing/exporting configuration file and online upgrade. Digital sign
algorithm RSA2048 (SHA256) is used to protect the data integrity for the configuration file
and image file. Besides, encryption technique is used to prevent the configuration file and
image file from information disclosure.
1.4.2.7 Trusted Path/Channels
The TOE supports the use of a trusted path (HTTPs) for user authentication in local
management and which is mandatory in remote management with Web UI. However, access
from WAN side is disabled by default.
TR069 remote management supports the use of a trusted channel (HTTPs). Using HTTP or
HTTPS depends on the ISP who deploys the ACS. However, the TOE supports setting the
ACS server URL to use HTTPS only, and then the management traffic will be transfer
through a security channel.
WiFi channel used WPA2 authentication and AES decryption is trusted. Usually, the product
with WiFi AP feature uses WPA2+AES as the default configuration. A security risk
notification will be prompted if unsecure authentication mode is used.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 2CC Conformance Claim
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
17
2 CC Conformance Claim
This ST is CC Part 1 conformant [CC], CC Part 2 conformant [CC] and CC Part 3 conformant
[CC], no extended. The CC version of [CC] is 3.1R4.
No conformance to a Protection Profile is claimed.
No conformance rationale to a Protection Profile is claimed.
The TOE claims EAL2 without augmentations.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 3TOE Security Problem Definition
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
18
3 TOE Security Problem Definition
3.1 TOE Assets
The following table includes the assets that have been considered for the TOE:
Asset Description
A1.Software(Image
file)
The integrity and confidentiality of the system software should be
protected from modification and disclosure when transmission in
the management network.
A2. Configuration data
Configuration data includes the security related parameters under
the control of the TOE (such as username and passwords used by
Web login authentication), service configuration, and audit
records. The integrity and confidentiality of the configuration data
should be protected.
A3.Network traffic
The TOE provides the Internet service (or IPTV service) and VoIP
service for the end user. The network traffic includes the user data
packets transferred in the air interface (LTE) or ETH/DSL
interface.
3.2 Threats Agent
This section shows the threats agent to the TOE. The threat agents can be categorized as the
following:
Agent Description
Internet attacker
An attacker in the Internet is able to capture the data packets,
intercept and tamper with the data that sent or received by the TOE.
Information disclosure will happen if the attacker capture or
intercept the packets since data transmission based on an unsecure
channel. The Internet attacker can also send a large number of
packets or invalid packets to cause the device denial of service.
LAN attacker
An attacker in the LAN side is able to spoofing valid user once the
WiFi password was cracked or unsecure WiFi authentication mode
was used. The attacker can rub network or even modify the device
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 3TOE Security Problem Definition
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
19
configuration.
3.3 Threats
The assumed security threats are listed below.
Threat: T. UnauthenticatedAccess
Attack
A subject that is not an authenticated user of the TOE gains access to the
TOE and modifies TOE configuration data without permission.
Asset A2.Configuration data
Agent Internet attacker & LAN attacker
Threat: T.UnattendedSession
Attack
A user may gain unauthorized access to an unattended session and view
and change the TOE configuration.
Asset A2.Configuration data
Agent Internet attacker & LAN attacker
Threat: T.UpdateCompromise
Attack
Threat agents may attempt to provide a compromised update of the
software or firmware which undermines the security functionality of the
device. Non-validated updates or updates validated using non-secure
or weak cryptography leave the update firmware vulnerable to
surreptitious alteration.
Asset A1.Software(Image file)
Agent Internet attacker & LAN attacker
Threat: T.UnwantedNetworkTraffic
Attack Unwanted network traffic sent to the TOE from Internet will cause the
TOE’s processing capacity for incoming network traffic to be consumed
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 3TOE Security Problem Definition
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
20
thus failing to process legitimate traffic.
This may further causes the TOE fails to respond to system control and
security management operations. The TOE will be able to recover from
this kind of situations.
Asset A3.Network traffic
Agent Internet attacker
Threat: T.UnsecureManagementChannels
Attack
Threat agents may attempt to target network devices that do not use
standardized secure tunnel protocols to protect the critical network
traffic. Attackers may take advantage of unsecure protocol or poor key
management to successfully perform man-in-the-middle attacks, replay
attacks, etc. Successful attacks will result in loss of confidentiality and
integrity of the management network traffic, and potentially could lead
to a compromise of the network device itself.
Asset A2. Configuration data & A3.Network traffic
Agent Internet attacker & LAN attacker
3.4 Organizational Security Policies
NA
3.5 Assumptions
Assumption Name Assumption Definition
A.PhysicalProtection It is assumed that the TOE is protected against unauthorized
physical access. For home gateway and CPE, the direct
connection by ETH port is secure.
A.TrustworthyUsers It is assumed that authorized end users who own the device are
trustworthy and the ISP authorized remote administrators are
trustworthy.
A.NetworkIsolation It is assumed that the TR069 remote management network
access to the TOE is separated from the Internet service
networks.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 3TOE Security Problem Definition
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
21
A.Support The operational environment (STNP Server in the Internet) must
provide the following supporting mechanisms to the TOE:
Reliable time stamps for the generation of audit records.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 4Security Objectives
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
22
4 Security Objectives
4.1 Security Objectives for the TOE
The following objectives must be met by the TOE:
ï‚· O.Authentication The TOE must authenticate users of its user access and control the
session establishment.
 O.TOE_Access The TOE shall provide mechanisms that control an administrator’s
logical access to the TOE and to explicitly deny access to specific administrators when
appropriate.
ï‚· O.TrafficControl The TOE shall control the forwarding network traffic (i.e.,
individual packets) from LAN to WAN or from WAN to LAN, and drop unwanted
network traffic. The TOE shall also control the network traffic to itself and forbid to
access the TOE self-services from LAN or WAN side.
ï‚· O.SoftwareIntegrity The TOE must provide functionality to verify the integrity of
the received software image file and configuration file.
ï‚· O.Audit The TOE shall provide functionality to generate, store and review audit
records for all user activities on the management plane.
ï‚· O.SecurityManagement The TOE shall provide functionality to securely manage
security functions provided by the TOE.
ï‚· O.SecureManagementChannels The TOE shall provide secure management
channels to prevent the local and remote management from attack.
4.2 Security Objectives for the Operational Environment
ï‚· OE. PhysicalProtection The TOE (i.e., the complete system including attached
peripherals, such as a console, USB storage device) shall be protected against
unauthorized physical access.
ï‚· OE.NetworkSegregation The operational environment shall provide segregation by
deploying the management interface in TOE into a local sub-network, compared to the
network interfaces in TOE serving the application (or public) network. Besides, the TOE
environment shall assure that the network interfaces that allow access to the TOE’s
remote management interfaces are in a management network that is separated from the
networks that the TOE serves over the Internet service interfaces.
ï‚· OE.TrustworthyUsers Those responsible for the operation of the TOE and its
operational environment must be trustworthy, and trained such that they are capable of
securely managing the TOE and following the provided guidance.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 4Security Objectives
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
23
ï‚· OE.Support Those responsible for the operation of the TOE and its operational
environment must ensure that the operational environment provides the following
supporting mechanisms to the TOE: Reliable time stamps for the generation of audit
records.
4.3 Security Objectives Rationale
4.3.1 Coverage
The following tables provide a mapping of security objectives to the environment defined by
the threats, policies and assumptions, illustrating that each security objective covers at least
one threat and that each threat is countered by at least one objective or assumption.
Objective Threat
O.Authentication T.UnauthenticatedAccess
O.TOE_Access T.UnattendedSession
O.TrafficControl T.UnwantedNetworkTraffic
O.SoftwareIntegrity T.UpdateCompromise
O.Audit T.UnauthenticatedAccess
T.UnattendedSession
O.SecurityManagement T.UnauthenticatedAccess
O.SecureManagementChannels T.UnsecureManagementChannels
Table 2 Mapping of security objectives
4.3.2 Sufficiency
The following rationale provides justification that the security objectives are suitable to
counter each individual threat and that each security objective tracing back to a threat, when
achieved, actually contributes to the removal, diminishing or mitigation of that threat:
Threat Rationale for security objectives
T.UnauthenticatedAccess The threat T1.UnauthenticatedAccess is countered by the
security objective for the TOE O.Authentication which
requires the TOE to implement an authentication mechanism.
The security objective for the operational environment
OE.TrustworthyUsers contributes to the mitigation of this
threat requiring the users to be responsible with their
passwords.
The security objective for the operational environment
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 4Security Objectives
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
24
OE.PhysicalProtection contributes to the mitigation of the
threat assuring that the software and configuration files stored
in the TOE will not be modified.
In addition, actions are logged allowing detection of attempts
and possibly tracing of attacker (O.Audit). And Authentication
mechanisms can be configured by users with sufficient user
level (O.SecurityManagement).
T.UnattendedSession The O.TOE_ACCESS objective requires that the TOE
mitigate this threat by including mechanisms that place
controls on administrator’s sessions. Web sessions are dropped
after a pre-defined time period of inactivity. Dropping the
connection of a Web session (after the specified time period)
reduces the risk of someone accessing the local and remote
machines where the session was established, thus gaining
unauthorized access to the session.
T.UpdateCompromise This threat is countered by O.SoftwareIntegrity: when a
software package is loaded, its signature is verified.
T.UnwantedNetworkTraffic The threat T.nwantedNetworkTraffic is directly counteracted
by the security objective for the TOE O.TrafficControl. ACL
and packet filter can also deny unwanted network traffic enter
or passthrough TOE.
T.UnsecureManagementCh
annels
The threat T. UnsecureManagementChannels is countered by
O.SecureManagementChannels which establishes a secure
communication channel between the TOE and external entities
in the management network.
Table 3 Sufficiency analysis for threats
The following rationale provides justification that the security objective and assumption for
the environment is one-one correspondence, when security objectives achieved, actually
contributes to the environment achieving consistency with the assumption.
Assumption Rationale for security objectives
A.PhysicalProtection This assumption is directly implemented by the security
objective for the environment OE.PhysicalProtection.
A.TrustworthyUsers This assumption is directly implemented by the security
objective for the environment OE.TrustworthyUsers.
A.NetworkSegregation This assumption is directly implemented by the security
objective for the environment OE.NetworkSegregation.
A.Support This assumption is directly implemented by the security
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 5Extended Components Definition
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
25
objective for the environment OE.Support.
Table 4 Sufficiency analysis for assumption
5 Extended Components Definition
No extended components have been defined for this ST.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
26
6 Security Requirements
This section provides security functional and assurance requirements that must be satisfied by
a compliant TOE. These requirements consist of functional components from Part 2 of the CC
and an Evaluation Assurance Level (EAL) that contains assurance components from Part 3 of
the CC.
6.1 Conventions
The following conventions are used for indicating different content:
ï‚· Bold text indicates the content is the same with CC part2 document.
ï‚· Italicized and bold text indicates the completion of an assignment or a selection.
ï‚· (Underlined text in parentheses) indicates additional text provided as a refinement.
ï‚· Iteration/Identifier indicates an element of the iteration, where Identifier distinguishes the
different iterations.
6.2 Definition of security policies
To avoid redundancy in the definition of SFRs, in this chapter the security policies are defined
that have to be fulfilled by the TOE.
6.2.1 ATP information control policy
The ATP information control policy defines the following subjects and attributes:
Subjects:
ï‚· network packets
Information security attributes:
ï‚· source IP address,
ï‚· destination IP address,
ï‚· transport protocol,
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
27
ï‚· source TCP or UDP port number,
ï‚· destination TCP or UDP port number,
ï‚· source MAC address (used in parent control and WLAN MAC filtering),
Whenever an incoming network packet is intended to be forwarded, the ATP information
control policy mandates to check the Access Control List (ACL) defined for ATP. The rules in
ACL refer to handling of the network packet on layer 3.
Whenever an outcoming network packet is intended to be forwarded, Rules for layer 2 could
either permit or deny forwarding based on the information security attributes ‘source MAC
address’. The network packet is dropped or forwarded depends on the rule matches with
whitelist or blacklist rule.
Rules for layer 3 could either permit or deny forwarding based on the information security
attributes ‘source IP address’, ‘destination IP address’, ‘transport protocol’, ‘source TCP or
UDP port number’, ‘destination TCP or UDP port number’. Rules have to contain at least one
of the attributes but may contain several attributes.
For every incoming network packet that is intended to be forwarded the ACL is checked for a
rule that matches the attributes of the packet or frame, respectively starting from the first entry
in the ACL. The ACL is checked until the first matching rule is found. The network packet is
then either forwarded or discarded according to the matching rule in the ACL. If no matching
rule is found, the network packet is discarded.
6.3 TOE Security Functional Requirements
6.3.1 Security Audit (FAU)
6.3.1.1 FAU_GEN.1 Audit data generation
FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following
auditable events:
a) Start-up and shutdown of the audit functions;
b) All auditable events for the [selection: not specified] level of audit; and
c) [assignment: The following auditable events:
All user activities on the management plane are recorded in system logs, including:
1) Login and logout
2) Changing user account: username, password
3) Locking, unlocking user account
4) Changing system security configurations
5) Import/Export configuration file
6) Modifying configuration parameters
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
28
7) Reboot, restore default settings
8) Upgrading software remotely or locally]
Application Note: Audit functionality shall be enabled by default. Disabling audit
functionality is impossible by Web GUI.
FAU_GEN.1.2 The TSF shall record within each audit record at least the following
information:
a) Date and time of the event, type of event, subject identity (if applicable), and the
outcome (success or failure) of the event; and
b) For each audit event type, based on the auditable event definitions of the functional
components included in the PP/ST, [assignment: User ID (if applicable), configure tool
(if applicable), workstation IP (if applicable)].
Application Note: The term ‘if applicable’ shall be read as ‘whenever an event can be
associated with the specified information’. For example if an event can be associated with a
User ID, then the event shall be audited and the audit information shall contain the User ID. If
the event cannot be associated with the User ID, the event shall be audited and the audit
information shall not contain User ID information. If multiple conditional information can be
associated with an event (e.g. User ID and configure tool can be associated with an event), all
the conditional information shall be contained in the audit information when auditing the
event.
6.3.1.2 FAU_GEN.2 User identity association
FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall
be able to associate each auditable event with the identity of the user that caused the
event.
6.3.1.3 FAU_SAR.1 Audit review
FAU_SAR.1.1 The TSF shall provide [assignment: users with audit review rights] with
the capability to read [assignment: all information] from the audit records.
FAU_SAR.1.2 The TSF shall provide the audit records in a manner suitable for the user
to interpret the information.
Application note: This SFR can be observed through Web GUI.
6.3.1.4 FAU_SAR.3 Selectable Audit review
FAU_SAR.3.1 The TSF shall provide the ability to apply [assignment: selection] of audit
data based on [assignment: log level (0 Emergency;1 Alert;2 Critical;3 Error;4 Warning;5
Notice;6 Informational) and log type (ALL, User Level, System, Security)].
Application note: This SFR can be observed through Web GUI.
6.3.1.5 FAU_STG.1 Protected audit trail storage
FAU_STG.1.1 The TSF shall protect the stored audit records in the audit trail from
unauthorized deletion.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
29
FAU_STG.1.2 The TSF shall be able to [selection: prevent] unauthorized modifications
to the stored audit records in the audit trail.
6.3.1.6 FAU_STG.3 Action in case of possible audit data loss
FAU_STG.3.1 The TSF shall [assignment: overwritten the oldest records] if the audit trail
exceeds [assignment: the pre-defined limited 100 records].
Application Note: There are several options to store audit data. At first they are written to
RAM and from there they can be written to Flash, or external audit servers (if present). When
the audit trail in RAM exceeds 100 records the oldest audit data is overwritten.
6.3.2 Cryptographic Support (FCS)
6.3.2.1 FCS_COP.1(1)/AES Cryptographic operation
FCS_COP.1.1 The TSF shall perform [assignment: symmetric decryption and encryption]
in accordance with a specified cryptographic algorithm [assignment: AES256 or AES128]
and cryptographic key size [assignment: 256 or 128 bits] that meet the following:
[assignment: [FIPS 197]].
6.3.2.2 FCS_COP.1(2)/RSA Cryptographic operation
FCS_COP.1.1 The TSF shall perform [assignment: asymmetric authentication] in
accordance with a specified cryptographic algorithm [assignment: RSA] and
cryptographic key sizes [assignment: 2048 bits] that meet the following: [assignment:
[FIPS 186-2], RSA Cryptography Standard ([PKCS#1 V1.5])].
6.3.2.3 FCS_COP.1(3)/SHA256 Cryptographic operation
FCS_COP.1.1 The TSF shall perform [assignment: data integrity verification] in
accordance with a specified cryptographic algorithm [assignment: SHA256] that meet
the following: [assignment: [FIPS 198]].
6.3.2.4 FCS_CKM.1(1)/AES Cryptographic key generation
FCS_CKM.1.1 The TSF shall generate cryptographic keys in accordance with a
specified cryptographic key generation algorithm [assignment: PRNG] and specified
cryptographic key sizes [assignment: 128 or 256 bits] that meet the following:
[assignment: [RFC 1750]].
6.3.2.5 FCS_CKM.1(2)/RSA Cryptographic key generation
FCS_CKM.1.1 The TSF shall generate cryptographic keys in accordance with a
specified cryptographic key generation algorithm [assignment: keygen method RSA] and
specified cryptographic key sizes [assignment: 2048 bits] that meet the following:
[assignment: RSA Cryptography Standard [PKCS#1V1.5]].
6.3.2.6 FCS_CKM.4(1)/AES Cryptographic key destruction
FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified
cryptographic key destruction method [assignment: AES cryptographic key used for
sensitive data storage encryption is destructed periodically (160 days)] that meets the
following: [assignment: [RFC 1750]]].
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
30
6.3.2.7 FCS_CKM.4(2)/RSA Cryptographic key destruction
FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified
cryptographic key destruction method [assignment: RSA cryptographic key used for Web
sensitive data transmission encryption is destructed when the device is reboot] that meets
the following: [assignment: RSA Cryptography Standard [PKCS#1V1.5]].
6.3.3 User Data Protection (FDP)
6.3.3.1 FDP_IFC.1 Subset information flow control
FDP_IFC.1.1 The TSF shall enforce the [assignment: ATP information control policy as
defined in chap. 6.2.1] on [assignment: the network traffic, the ACL-defined information,
and rules defined in the rules either permitting or denying forwarding of the network traffic
based on Information Security attributes as defined in chap. 6.2.1].
6.3.3.2 FDP_IFF.1 Simple security attributes
FDP_IFF.1.1 The TSF shall enforce the [assignment: ATP information control policy as
defined in chap. 6.2.1] based on the following types of subject and information security
attributes:
[assignment:
Subjects:
ï‚· network packets or frames,
Information security attributes:
ï‚· source IP address,
ï‚· destination IP address,
ï‚· transport protocol,
ï‚· source TCP or UDP port number,
ï‚· destination TCP or UDP port number,
ï‚· source MAC address]
FDP_IFF.1.2 The TSF shall permit an information flow between a controlled subject
and controlled information via a controlled operation if the following rules hold:
[assignment: the ATP information control policy as defined in chap. 6.2.1, and the policy’s
action is permit.]
FDP_IFF.1.3 The TSF shall enforce the [assignment: ATP information control policy as
defined in chap.6.2.1].
FDP_IFF.1.4 The TSF shall explicitly authorize an information flow based on the
following rules: [assignment: None].
FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following
rules: [assignment: None].
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
31
6.3.4 Identification and Authentication (FIA)
6.3.4.1 FIA_AFL.1 Authentication failure handling
FIA_AFL.1.1 The TSF shall detect when [selection: [assignment: 3]] unsuccessful
authentication attempts occur related to [assignment: since the last successful
authentication of the indicated user identity].
FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has
been [selection: surpassed], the TSF shall [assignment: terminate the session of the user
trying to authenticate and block the client IP address for authentication for 1 minute. The
locking time will be doubled for the subsequent 3 consecutive failed authentication attempts,
64 minutes is the maximum time].
6.3.4.2 FIA_ATD.1 User attribute definition
FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belonging
to individual users: [assignment:
a) user ID
b) user level
c) SHA256 hash of password
d) temporary blocking time for user accounts after unsuccessful authentication
attempts
e) time when user is logging in and logging off]
6.3.4.3 FIA_SOS.1 Verification of secrets
FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets meet [assignment:
for web user, the password must meet the following:
1) a minimum length (characters): default 6 and within a range of 6-32;
2) Complexity requirements: must contain at least two of the following character types:
a) At least one (1) numeric character must be present in the password;
b) At least one (1) special character must be present in the password. Special characters
include: ~!@#$%^&*()_+|{}:”<>?`-=\[];’;
c) At least one (1) upper case character; and
d) At least one (1) lower case character;].
6.3.4.4 FIA_UAU.2 User authentication before any action
FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before
allowing any other TSF-mediated actions on behalf of that user.
Application Note: Authentication is possible by username and password.
6.3.4.5 FIA_UID.2 User identification before any action
FIA_UID.2.1 The TSF shall require each user to be successfully identified before
allowing any other TSF-mediated actions on behalf of that user.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
32
Application Note: Authentication is possible by username and password. The user is
identified by his username if he is able to successfully authenticate with his username and
corresponding password.
6.3.4.6 FIA_UAU.6 Re-authenticating
FIA_UAU.6.1 The TSF shall re-authenticate the user under the conditions [assignment:
a) user changes password
b) session timeout
c) logout]
6.3.4.7 FIA_UAU.7 Protected authentication feedback
FIA_UAU.7.1 The TSF shall provide only [assignment: obscured feedback] to the user
while the authentication is in progress.
6.3.5 Security Management (FMT)
6.3.5.1 FMT_MOF.1 Management of security functions behaviour
FMT_MOF.1.1 The TSF shall restrict the ability to [selection: determine the behavior of] the
functions [assignment: listed in the following table] to [assignment: the administrator].
Security Functions
Configuring Firewall
Configuring IP Filters
Configuring MAC Filters
Configuring Application Filters
Configuring ACL
Configuring Web Management Password
Configuring remote ACS administration (if applicable)
Configuring Login control
Configuring SNTP
Configuring Reboot
Configuring Restore Default Settings
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
33
Configuring WiFi Access Parameters
6.3.5.2 FMT_MSA.1 Management of security attributes
FMT_MSA.1.1 The TSF shall enforce the [assignment: ATP information control policy]
to restrict the ability to [selection: query, modify, delete] the security attributes
[assignment: identified in FDP_IFF.1] to [assignment: the administrator].
6.3.5.3 FMT_MSA.3 Static attribute initialisation
FMT_MSA.3.1 The TSF shall enforce the [assignment: ATP information control policy]
to provide [selection: restrictive] default values for security attributes that are used to
enforce the SFP.
FMT_MSA.3.2 The TSF shall allow [assignment: the administrator] to specify alternative
initial values to override the default values when an object or information is created.
6.3.5.4 FMT_SMF.1 Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management
functions: [assignment:
a) Define and maintain IP addresses and address ranges (via ACL policy) that will be
accepted as source addresses for traffic forwarding (L3 forwarding). Define and
maintain IP addresses and address ranges (via ACL policy) that will be accepted for
local and remote administration (TOE administration).
b) Configure the firewall level.
c) Configure URL filtering, application filtering and parent control (source MAC
address filtering based on time rule).
d) Manage user accounts and user data.
e) Configure audit functionality, such as configure log display level and log type
f) Perform reboot.
g) Perform restore default settings.
h) Enable or Disable SNTP function and configure SNTP Server address, time zone.
i) Configure WiFi parameters, such as WiFi SSID, key, authentication mode and
encryption mode and so on.]
6.3.5.5 FMT_SMR.1 Security roles
FMT_SMR.1.1 The TSF shall maintain the roles [assignment: administrators].
FMT_SMR.1.2 The TSF shall be able to associate users with roles.
6.3.6 Protection of the TSF (FPT)
6.3.6.1 FPT_ITC.1 Inter-TSF confidentiality during transmission
FPT_ITC.1.1 The TSF shall protect all TSF data transmitted from the TSF to another
trusted IT product from unauthorized disclosure during transmission.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
34
6.3.6.2 FPT_ITI.1 Inter-TSF detection of modification
FPT_ITI.1.1 The TSF shall provide the capability to detect modification of all TSF data
during transmission between the TSF and another trusted IT product within the
following metric: [assignment: digital signature].
FPT_ITI.1.2 The TSF shall provide the capability to verify the integrity of all TSF data
transmitted between the TSF and another trusted IT product and perform [assignment:
reject the update of the configuration file and image file] if modifications are detected.
6.3.6.3 FPT_STM.1 Reliable time stamps
FPT_STM.1.1 The TSF shall be able to provide reliable time stamps.
Application Note: The reliable time stamps are based on an external time source using SNTP
protocol. Once the TOE synchronizes the clock with the SNTP server, the clock will be set as
local time and maintains by the OS.
6.3.7 TOE access (FTA)
6.3.7.1 FTA_SSL.3 TSF-initiated termination
FTA_SSL.3.1 The TSF shall terminate an interactive session after [assignment: 5
minutes].
Application Note: The web server will terminate the current session if there is no any
interaction for 5 minutes. However, the time interval of user inactivity cannot be configured
by the end user.
6.3.7.2 FTA_MCS.1 Basic limitation on multiple concurrent sessions
FTA_MCS.1.1 The TSF shall restrict the maximum number of concurrent sessions that
belong to the same user.
FTA_MCS.1.2 The TSF shall enforce, by default, a limit of [assignment: 128] sessions
per user.
6.3.7.3 FTA_TSE.1 TOE session establishment
FTA_TSE.1.1 The TSF shall be able to deny session establishment based on
[assignment:
a) authentication failure
b) ACL
c) Session connection reaches max number].
6.3.8 Trusted Path/Channels (FTP)
6.3.8.1 FTP_ITC.1 Inter-TSF trusted channel
FTP_ITC.1.1 The TSF shall provide a communication channel between itself and
another trusted IT product that is logically distinct from other communication channels
and provides assured identification of its end points and protection of the channel data
from modification or disclosure.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
35
FTP_ITC.1.2 The TSF shall permit [selection: the TSF] to initiate communication via
the trusted channel.
FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for
[assignment: HTTPs over TR069].
6.3.8.2 FTP_TRP.1 Trusted path
FTP_TRP.1.1 The TSF shall provide a communication path between itself and [selection:
remote] users that is logically distinct from other communication paths and provides
assured identification of its end points and protection of the communicated data from
[selection: modification, disclosure].
FTP_TRP.1.2 The TSF shall permit [selection: remote users] to initiate communication
via the trusted path.
FTP_TRP.1.3 The TSF shall require the use of the trusted path for [selection: initial user
authentication].
Application Note: TOE supports HTTP and HTTPs when access Web GUI from LAN side.
However, it depends on the end user which protocol to use. It is trustworthy when connect to
the TOE by RJ45 port or WiFi with WPA2 authentication. HTTPs will be used (redirect
automatically) when access Web GUI from WAN side. However, access Web GUI from
WAN side is forbidden by default.
6.4 Security Functional Requirements Rationale
6.4.1 Coverage
The following table provides a mapping of SFR to the security objectives, showing that each
security functional requirement addresses at least one security objective.
Security Functional Requirements Objectives
FAU_GEN.1
O.Audit
FAU_GEN.2
FAU_SAR.1
FAU_SAR.3
FAU_STG.1
FAU_STG.3
FCS_COP.1(1)/AES,
FCS_CKM.1(1)/AES,
O.SoftwareIntegrity
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
36
FCS_CKM.4(1)/AES
FCS_COP.1(2)/RSA,
FCS_CKM.1(2)/RSA,
FCS_CKM.4(2)/RSA
O.SoftwareIntegrity
FCS_COP.1(3)/SHA256
O.Authentication
O.SoftwareIntegrity
FDP_IFC.1
O.TrafficControl
FDP_IFF.1
FIA_AFL.1
O.Authentication
FIA_ATD.1
FIA_SOS.1
FIA_UAU.2
FIA_UID.2
FIA_UAU.6
FIA_UAU.7
FMT_MOF.1
O.SecurityManagement
FMT_MSA.1
FMT_MSA.3
FMT_SMF.1
FMT_SMR.1
FPT_ITC.1
O.SoftwareIntegrity
FPT_ITI.1
FPT_STM.1 O.Audit
FTA_SSL.3 O.TOE_Access
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
37
FTA_MCS.1
FTA_TSE.1
FTP_ITC.1
O.SecureManagementChannels
FTP_TRP.1
Table 5: Mapping SFRs to objectives
6.4.2 Sufficiency
The following rationale provides justification for each security objective for the TOE,
showing that the security functional requirements are suitable to meet and achieve the security
objectives:
Security objectives Rationale
O.Authentication
User authentication is implemented by FIA_UAU.2,
supported by individual user identification in
FIA_UID.2. The requirements on necessary user
attributes (passwords) are addressed in FIA_ATD.1. The
authentication mechanism supports authentication
failure handling as addressed in FIA_AFL.1. Initial
O.TrafficControl
TOE information flow control policy is based on
firewall and packet filtering as defined in FDP_IFC.1
and FDP_IFF.1 to protect the TOE from information
flow attack.
O.TOE_Access
TOE access is implemented by FTA_MCS.1,
FTA_SSL.3 and FTA_TSE.1
O.SoftwareIntegrity
When a software package is loaded, its signature is verified
via FCS_COP.1(3)/SHA256 and FCS_COP.1(2)/RSA.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
38
O.SecurityManagement
The TOE is required to provide the ability to restrict the
use of TOE management/administration/security functions
to authorized administrators of the TOE [FMT_MOF.1].
The TOE will capable of performing security management
functions. The TOE is capable of performing numerous
management functions including start-up, shutdown, and
creating/modifying/deleting configuration items
[FMT_SMF.1].
The TOE must be able to recognize the administrative role
that exists for the TOE [FMT_SMR.1].
The TOE must restrict the ability to manage security
attributes associated with the UNAUTHENTICATED
SFP to the administrator. [FMT_MSA.1]
The TOE must allow the privileged administrator to specify
alternate initial values when an object is
created.[FMT_MSA.3].
The TOE ensures that all administrator actions resulting in
the access to TOE security functions and configuration data
are controlled. [FMT_SMF.1, FMT_MOF.1]
The TOE ensures that access to TOE security functions and
configuration data is based on the assigned administrator
role. [FMT_SMR.1]
O.SecureManagementChannels
The TOE is required to provide the secure management
channels when management the device from local Web UI
or remote ACS. [FTP_ITC.1, FTP_TRP.1].
O.Audit
The generation of audit records is implemented by
FAU_GEN.1. Audit records are supposed to include
timestamp as provided by FPT_STM.1 and user
identities as defined in FAU_GEN.2 where applicable.
Requirements on reading audit records are defined in
FAU_SAR.1. The protection of the stored audit records
is implemented in FAU_STG.1. Functionality to
overwrite the oldest audit records is provided if it
exceeds 100 records is required according to
FAU_STG.3.
Table 6: SFR sufficiency analysis
6.4.3 Security Requirements Dependency Rationale
Dependencies within the EAL2 package selected for the security assurance requirements have
been considered by the authors of CC Part 3 and are not analyzed here again.
The security functional requirements in this Security Target do not introduce dependencies on
any security assurance requirement; neither do the security assurance requirements in this
Security Target introduce dependencies on any security functional requirement.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
39
The following table demonstrates the dependencies of SFRs modeled in CC Part 2 and how
the SFRs for the TOE resolve those dependencies:
Security Functional
Requirement
Dependencies Resolution
FAU_GEN.1 FPT_STM.1 FPT_STM.1
FAU_GEN.2
FAU_GEN.1
FIA_UID.1
FAU_GEN.1
FIA_UID.2/RTM
FAU_SAR.1 FAU_GEN.1 FAU_GEN.1
FAU_STG.1 FAU_GEN.1 FAU_GEN.1
FAU_STG.3 FAU_STG.1 FAU_STG.1
FCS_COP.1(1)/AES
[FDP_ITC.1, or
FDP_ITC.2, or
FCS_CKM.1]
FCS_CKM.4
FCS_CKM.1(1)/AES,
FCS_CKM.4(1)/AES
FCS_COP.1(2)/RSA
[FDP_ITC.1, or
FDP_ITC.2, or
FCS_CKM.1]
FCS_CKM.4
FCS_CKM.1(2)/RSA
FCS_CKM.4(2)/RSA
FCS_COP.1(3)/SHA256
[FDP_ITC.1, or
FDP_ITC.2, or
FCS_CKM.1]
FCS_CKM.4
N/A
FCS_CKM.1(1)/AES
[FCS_CKM.2 or
FCS_COP.1],
FCS_CKM.4
FCS_COP.1(1)/AES,
FCS_CKM.4(1)/AES
FCS_CKM.1(2)/RSA
[FCS_CKM.2 or
FCS_COP.1],
FCS_CKM.4
FCS_COP.1(2)/RSA ,
FCS_CKM.4(2)/RSA
FCS_CKM.4(1)/AES
[FDP_ITC.1, or
FDP_ITC.2, or
FCS_CKM.1]
FCS_CKM.1]
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
40
FCS_CKM.4(2)/RSA
[FDP_ITC.1, or
FDP_ITC.2, or
FCS_CKM.1]
FCS_CKM.1]
FDP_IFC.1 FDP_IFF.1 FDP_IFF.1
FDP_IFF.1
FDP_IFC.1
FMT_MSA.3
FDP_IFC.1
FMT_MSA.3
FDP_DAU.1 None N/A
FIA_AFL.1 FIA_UAU.1 FIA_UAU.2
FIA_ATD.1 None N/A
FIA_UAU.2 FIA_UID.1 FIA_UID.2
FIA_UID.2 None N/A
FIA_UAU.6 None N/A
FIA_UAU.7 FIA_UAU.1 FIA_UAU.2
FMT_MOF.1
FMT_SMF.1
FMT_SMR.1
FMT_SMF.1
FMT_SMR.1
FMT_MSA.1
[FDP_ACC.1 or
FDP_IFC.1]
FMT_SMR.1
FMT_SMF.1
FDP_ACC.1
FMT_SMR.1
FMT_SMF.1
FMT_MSA.3
FMT_MSA.1
FMT_SMR.1
FMT_MSA.1
FMT_SMR.1
FMT_SMF.1 None N/A
FMT_SMR.1 FIA_UID.1 FIA_UID.2
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
41
FPT_ITC.1 None N/A
FPT_ITI.1 None N/A
FPT_STM.1 None N/A
FTA_SSL.3 None N/A
FTA_MCS.1 FIA_UID.1 FIA_UID.2
FTA_TSE.1 None N/A
FTP_TRP.1 None N/A
FTP_ITC.1 None N/A
Table 7: Dependencies between TOE Security Functional Requirements
6.4.4 Justification for unsupported dependencies
The following dependencies are unsupported for the reasons given below.
FCS_COP.1(3)/SHA256: The dependency on FCS_CKM.1 (Key generation) and
FCS_CKM.4 (Key destruction) is unsupported, because the SHA256 doesn’t need to generate
or destroy keys.
6.5 Security Assurance Requirements
The security assurance requirements for the TOE are the Evaluation Assurance Level 2
components. No operations are applied to the assurance components.
Assurance Class Assurance components
ADV: Development
ADV_ARC.1 Security architecture description
ADV_FSP.2 Security-enforcing functional
specification
ADV_TDS.1 Basic design
AGD: Guidance documents
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC: Life-cycle support ALC_CMC.2 Use of a CM system
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 6Security Requirements
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
42
ALC_CMS.2 Parts of the TOE CM coverage
ALC_DEL.1 Delivery procedures
ASE: Security Target
evaluation
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.2 Security objectives
ASE_REQ.2 Derived security requirements
ASE_SPD.1 Security problem definition
ASE_TSS.1 TOE summary specification
ATE: Tests
ATE_COV.1 Evidence of coverage
ATE_FUN.1 Functional testing
ATE_IND.2 Independent testing – sample
AVA: Vulnerability
assessment
AVA_VAN.2 Vulnerability analysis
6.6 Security Assurance Requirements Rationale
The Evaluation Assurance Level 2 has been chosen to commensurate with the threat
environment that is experienced by typical consumers of the TOE.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
43
7 TOE Summary Specification
7.1 TOE Security Functional Specification
7.1.1 F.Audit
The TOE can provide auditing ability by receiving all types of logs and processing them
according to user’s configuration:
1 The TOE supports generation of audit records for the following events:
- User login and logout
- Modifying a user account: username and password.
- Locking, unlocking user account.
- Changing system security configurations.
- Import/Export configuration file.
- Modifying configuration parameters by Web UI/ACS/CLI.
- Reboot the device (except for reboot by hardware).
- Resetting the device to factory settings
- Upgrading software remotely or locally.
2 The TOE records within each audit record the date and time of the event, type of event,
subject identity (of applicable) and the outcome (success or failure) of the event. The
TOE provides reliable time stamps for that purpose. Depending on the definition of the
event records might include the interface, workstation IP, User ID or operations.
3 The TOE supports association of audit events resulting from actions of identified users
with the identity of the user that caused the event.
4 The TOE allows all authorized users to read the audit records.
5 The TOE supports log file formats binary and readable text. This function is achieved
by providing output format transformation. By this the TOE provides the user with
audit information suitable for interpretation.
6 The TOE writes audit event information to the NVRAM first (buffer). The TOE
supports local storage of audit event information in the internal NAND/NOR flash
memory, and these audit information can be exported to storage in local device (such as
local PC).
7 The TOE does not support modification of audit information.
8 The TOE restricts the ability to delete audit event information to authorized users. Only
the administrator can delete the audit event information if the TOE supports two or
more user levels. If there is only one user, then the user can delete the audit event
information.
9 The TOE automatically overwrites the oldest audit data in the NVRAM (buffer) if the
audit trail exceeds 100 records.
10 Audit functionality is activated by default and the end user cannot disable it. Logging
of the event of disabling audit functionality is enforced by default.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
44
7.1.2 F.I&A
The TOE can identify administrators by a unique ID and enforces their authentication before
granting them access to any TSF management interfaces. Detailed functions include:
1 FIA_AFL.1 The TOE supports authentication via password or username and password.
This function is achieved by comparing user information input with pre-defined
reference values stored in memory.
2 FIA_ATD.1, The TOE stores the following security attributes for individual uses:
- User ID
- User level
- SHA256 hash of password and salt
- Number of unsuccessful authentication attempts since last successful authentication
- Time when users are logging in and logging off
3 The TOE supports the use of HTTPs certification authentication in local management
and which is mandatory in remote management with Web UI. However, access from
WAN side is disabled by default.
4 The TOE supports the detection of 3 consecutive failed authentication attempts after the
last successful user authentication and locks the account for one minute. The locking
time will be doubled for the subsequent 3 consecutive failed authentication attempts, 64
minutes is the maximum time.
5 The TOE allows specifying minimum requirements on the length and complexity of
passwords.
6 The TOE requires each user to be successfully authenticated before he can perform any
other TSF-mediated actions.
7 If the authentication method is based on username and password, the username is used
for identification. If the authentication method is based on password only, the terminal
ID is used for identification and the terminal has to be regarded as ‘user’.
7.1.3 F.UserDataProtection
This section describes ATP information flow control for the network traffic sent to the TOE
and sent through the TOE.
The TOE supports Access Control Lists (ACLs) to filter traffic destined to the TOE to prevent
internal traffic overload and service interruption. The TOE also uses the ACL to identify flows
and perform flow control to prevent the CPU and related services from being attacked. The
content of ACLs is pre-defined and can be modify by Web UI or ACS.
ACL function is detailed by the following:
1 The TOE supports ACLs by associating ACLs to whitelists. This function is achieved
by interpreting ACL configurations then storing interpreted values in memory.
2 The TOE supports access control for ICMP, FTP, HTTP, HTTPS services from
WAN-side and LAN-side. Besides, Samba service from LAN-side access can be
controlled by ACL
3 The TOE enables the LAN side ICMP, FTP, HTTP, Samba, HTTPS service, and all
service on the WAN side access are disabled by default, the product can be customized.
4 The TOE supports 16 ACL rules at most. For each rule, the user can configure service
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
45
type, access direction, IP address range. If no IP address is specified, it means that any
device can access the service provided by the TOE.
5 The ACL function realized based on Netfilter structure of the Linux kernel. The
“iptables” commands are executed according to the ACL rules. For example, allowing
ping the external IP address of the device from WAN side with IP address
100.100.100.100, the “iptables” command is: “iptables -I INPUT_SERVICE_ACL -i
ppp256 -p icmp -s 100.100.100.100 -j ACCEPT”.
The TOE supports IPv4 and IPv6 firewall, to prevent the external active packet access from
the WAN interface. The TOE supports three firewall levels: “High”, “Low” and “Disabled”.
They are defined as the following:
High: only allows DNS, FTP, HTTP/HTTPS protocol packets through the TOE, other packets
are forbidden to pass through the TOE.
Low: allows all active packets from LAN side to the WAN side, other packets are blocked.
Disabled: disable the firewall, all the packets are able to pass through the TOE.
“Low” is the default level. If the end user disables the firewall by Web GUI, a security
warning will be prompted.
The TOE supports SPI (Stateful Packet Inspection) and DDoS functions. The TOE protects
the device from LAND attack, Ping of Death, ICMP flood, SYN flood, ARP attack and so on.
Packet Filtering is the primary functionality implemented by the TOE. The packet filtering
filters packets based on the Physical interface, MAC address, IP address, port number,
protocol type, and can be combined. The packet filtering function realized based on Netfilter
structure of the Linux kernel. The “iptables” and “ebtables” commands are executed
according to the filtering rules.
The TOE supports IP filtering by the 5-tuple (source IP address, source port, destination IP
address, destination port, protocol), blacklist can be defined. Besides, MAC filtering and
URL filtering are used in the parent control function.
7.1.4 F.Cryptographic_Functions
Cryptographic functions are required by security features as dependencies. The following
cryptographic algorithms are supported:
1 The TOE supports symmetric encryption and decryption using the AES algorithm in
CBC mode according to [FIPS 197] and [FIPS SP 800-38A] using key lengths of 128
or 256 bits. AES-128 CBC is used for encryption and decryption in configuration file
backup & restoring, sensitive data storage and image file packaging & upgrading.
AES-256 CBC is used in encryption and decryption default configuration file.
2 The TOE supports hashing of data using SHA256 algorithm according to [FIPS 180-4].
Hashing is used for hashing passwords before encryption with AES-128-CBC before
storage inside the TOE.
3 TOE supports data integrity generation and verification using the digital sign algorithm
RSA (SHA256) using key lengths of 2048 bits. The data integrity protection
mechanism is used for integrity protection for configuration file and image file
upgrading.
4 The TOE supports key generation for the RSA algorithm according to [FIPS 186-4]
using CRT. RSA keys generated have a key length of 2048bits and are intended for
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
46
usage with RSASSA-PKCS1-V1_5.
5 The TOE supports the destruction of RSA keys by overwriting them with 0.
6 The TOE support the generation of random numbers according to ANSI X9.31,
Appendix A.2.4 based on AES 128bit, CBC mode. The deterministic random number
generator provided by the TOE corresponds to the requirements of class DRG.2
according to [AIS20]. The random numbers are used for generation of 128bit or 256bit
AES keys and 2048bit RSA keys.
(FCS_COP.1/AES, FCS_COP.1/RSA, FCS_COP.1/SHA256, FCS_CKM.1/AES,
FCS_CKM.1/3DES, FCS_CKM.1/RSA)
7.1.5 F.SecurityManagement
The TOE offers management functionality for its security functions. This section describes the
security functions can be managed by Web UI or ACS. They are detailed by the following:
1 The TOE supports the configuration of firewall level.
2 The TOE supports the configuration of ACL rules. Configuration parameter Including
LAN or WAN, the source IP address or IP address range, TOE self-services (ICMP, FTP,
Samba, HTTP, HTTPS).
3 The TOE supports the configuration of application filtering. Including DNS, FTP
Server, HTTP Proxy, Mail (POP3), Mail (SMTP), SAMBA, Secure Shell Server (SSH),
Secure Web Server (HTTPS), Telnet Server, Web Server (HTTP). The TOE supports
configure block these application block for one or more than one specified device.
4 The TOE supports the configuration of URL filtering. Match the key words of the
domain name will be filtered.
5 The TOE supports the configuration of parent control, based on MAC address, supports
by week, day, and time to control the LAN side of the device to access WAN network.
6 The TOE supports the configuration of IP address filtering function by 5-tuple
(protocol, source address, source port, destination address, destination port) filter.
7 The TOE supports change the Web authentication password and TR069 parameters,
including authentication information (ACS username, ACS password, connection
request username and connection request password) and ACS URL, period inform
interval.
8 The TOE supports view the audit records with log type and log level.
9 The TOE supports reboot the device, restore default settings.
10 The TOE supports configure WiFi parameters and SNTP parameters.
7.1.6 F.TOE_Access
7.1.6.1 TOE Session Establishment
A Web session will be generated when the Web login successful. If the maximum number of
concurrent sessions reaches 128 (Up to 10 concurrent sessions per IP address are allowed) or
the maximum number of HTTP connections reaches 40 (The timeout for the HTTP
connection is 45 seconds), the Web login will be rejected. A browser can generate four to six
HTTP links at a time, depending on the browser model. For example, suppose a browser
generates five HTTP connections without one timeout, then the maximum session can be
established is eight.
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
47
7.1.6.2 TSF-initiated Termination
The TOE has the ability to terminate stale (inactive) connections. The TOE terminates
interactive session after a pre-defined period of inactivity with a default value of 5 minutes.
This idle-time parameter configures the idle timeout for Web sessions before the session is
terminated by the system. This would reduce the chance for the unauthorized administrators
to access the device through an unattended opened session. By default, an idle Web session
times out after five (5) minutes of inactivity.
7.1.6.3 User-initiated Termination
The administrators can initiate termination of their own sessions by clicking the logout button
on the top right of the Web GUI. When “Logout” button is pressed, the current logged session
will be destroy and the page which user is visiting will be redirected to the login page.
7.1.7 F.TSF_Protection
7.1.7.1 Upload/Download Configuration file
The TOE has the ability to upload and download the configuration file of the device by Web
GUI or ACS. Upload configuration file means backup the configuration to local PC (by Web)
or remote HTTP/HTTPs/FTP Server (by ACS). By contraries, download configuration file
means restore the configuration of the device using the backup one.
To protect the configuration file from disclosure and tampering in storage or transmission,
digital sign and encryption technique are used to when uploading configuration file. Digital
sign first and then encrypt. Verify the digital sign and decrypt when downloading
configuration file.
7.1.7.2 Online Upgrade
Online (OTA) upgrade is used for system software update. Huawei named this upgrade
method with “HOTA” upgrade. HOTA Server will be deployed by Huawei.
The upgrade process is divided into two steps:
1) Check the new software version
The TOE supports the user manual trigger to check the new version and automatic check the
new software version periodically.
2) Download and Upgrade
Download the image file and decrypt it, then verify the digital sign to ensure the software
version is the correct one. If the decryption and verification are successful, then continue to
upgrade. Otherwise, the upgrade is terminated.
The common sign server provided by Huawei is used when generated the image file to ensure
the private key is trusted.
7.1.8 F.TrustedPath/Channels
7.1.8.1 HTTPs over Web
The TOE supports the use of a trusted path (HTTPs) for user authentication and data
transmission in Web management. HTTPs protocol is optional in local management and it
depends on the end user. It is mandatory in remote management with Web UI. HTTPs will be
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
48
redirected When the user using HTTP protocol to access the Web service. However, access
from WAN side is disabled by default.
7.1.8.2 HTTPs over TR069
The TOE supports the use of a trusted channel (HTTPs) for user authentication and data
transmission in TR069 remote management. Using HTTP or HTTPS depends on the ISP who
deployed the ACS. However, the TOE supports setting the ACS server URL to use HTTPS
only, and then the management traffic will be transferred through a security channel.
7.1.8.3 WiFi Secure Channel
WiFi channel used WPA2 authentication and AES decryption is trusted. Usually, the product
with WiFi AP feature uses WPA2+AES as the default configuration. A security risk
notification will be prompted if unsecure authentication mode is used.
For wireless router (WSxxx), there is no WiFi authentication in default. When the user uses
the device at first, he must configure the WiFi authentication password. The password
complexity is indicated to inform the user its configuration is secure or not.
7.2 TOE Security Functions Rationale
Security Functional Requirements Security Functions
FAU_GEN.1
F.Audit
FAU_GEN.2
FAU_SAR.1
FAU_SAR.3
FAU_STG.1
FAU_STG.3
FCS_COP.1(1)/AES,
FCS_CKM.1(1)/AES,
FCS_CKM.4(1)/AES
F.TSF_Protection
FCS_COP.1(2)/RSA,
FCS_CKM.1(2)/RSA,
FCS_CKM.4(2)/RSA
F.TSF_Protection
FCS_COP.1(3)/SHA256
F.I&A
F.TSF_Protection
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 7TOE Summary Specification
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
49
FDP_IFC.1
F.UserDataProtection
FDP_IFF.1
FIA_AFL.1
F.I&A
FIA_ATD.1
FIA_SOS.1
FIA_UAU.2
FIA_UID.2
FIA_UAU.6
FIA_UAU.7
FMT_MOF.1
F.SecurityManagement
FMT_MSA.1
FMT_MSA.3
FMT_SMF.1
FMT_SMR.1
FPT_ITC.1
F.TOE_Access
FPT_ITI.1
FPT_STM.1 F.Audit
FTA_SSL.3
F.TOE_Access
FTA_MCS.1
FTA_TSE.1
FTP_ITC.1
F.TurstedPath/Channels
FTP_TRP.1
Table 8: TOE Security Functions Rationale
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 8Abbreviations
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
50
8 Abbreviations
8.1 Abbreviations
Abbreviation Description
ACL Access Control List
ARP Address Resolution Protocol
ATP Access Terminal Platform
CC Common Criteria
GUI Graphical User Interface
SPI Stateful Packet Inspection
CC Huawei Access Terminal Platform ATP Software
V200R001C03 Security Target 8Abbreviations
Issue 1.5(Error! Unknown
document property name.)
Error! Unknown document property
name..
51
RMT Remote Maintenance Terminal
SFR Security Functional Requirement
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functions
SNTP Simple Network Time protocol