SERTIT, Postboks 814, 1306 Sandvika, NORWAY Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: post@sertit.no Internet: www.sertit.no Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-106 CR Certification Report Issue 1.0 19 April 2018 Huawei IP Camera Series v200R003C20 CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE SD 009 VERSION 2.1 11.11.2011 Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 2 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN THE FIELD OF INFORMATION TECHNOLOGY SECURITY SERTIT, the Norwegian Certification Authority for IT Security, is a member of the above Arrangement and as such this confirms that the Common Criteria certificate has been issued by or under the authority of a Party to this Arrangement and is the Party’s claim that the certificate has been issued in accordance with the terms of this Arrangement The judgements contained in the certificate and Certification Report are those of SERTIT which issued it and the Norwegian evaluation facility (EVIT) which carried out the evaluation. There is no implication of acceptance by other Members of the Agreement Group of liability in respect of those judgements or for loss sustained as a result of reliance placed upon those judgements by a third party. The Common Cr iteria Recognition Arrangement logo printed on the certificate indicates that this certification is recognized under the terms of the CCRA July 2nd 2014. The recognition under CCRA is limited to cPP related assurance packages or EAL 2 and ALC_FLR CC part 3 components. MUTUAL RECOGNITION AGREEMENT OF INFORMATION TECHNOLOGY SECURITY EVALUATION CERTIFICATES (SOGIS MRA) SERTIT, the Norwegian Certification Authority for IT Security, is a member of the above Agreement and as such this confirms that the Common Criteria certificate has been issued by or under the authority of a Party to this Agreement and is the Party’s claim that the certificate has been issued in accordance with the terms of this Agreement The judgements contained in the certificate and Certification Report are those of SERTIT which issued it and the Norwegian evaluation facility (EVIT) which carried out the evaluation. There is no implication of acceptance by other Members of the Agreement Group of liability in respect of those judgements or for loss sustained as a result of reliance placed upon those judgements by a third party. Mutual recognition under SOGIS MRA applies to components up to EAL 4. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 3 of 23 Contents 1 Certification Statement 4 2 Abbreviations 5 3 References 6 4 Executive Summary 7 4.1 Introduction 7 4.2 Evaluated Product 7 4.3 TOE scope 7 4.4 Protection Profile Conformance 8 4.5 Assurance Level 8 4.6 Security Policy 8 4.7 Security Claims 8 4.8 Threats Countered 8 4.9 Threats Countered by the TOE’s environment 9 4.10 Threats and Attacks not Countered 9 4.11 Environmental Assumptions and Dependencies 9 4.12 IT Security Objectives 10 4.13 Non-IT Security Objectives 11 4.14 Security Functional Requirements 11 4.15 Evaluation Conduct 12 4.16 General Points 12 5 Evaluation Findings 14 5.1 Introduction 15 5.2 Delivery 15 5.3 Installation and Guidance Documentation 15 5.4 Misuse 15 5.5 Vulnerability Analysis 15 5.6 Developer’s Tests 16 5.7 Evaluators’ Tests 16 6 Evaluation Outcome 17 6.1 Certification Result 17 6.2 Recommendations 17 Annex A: Evaluated Configuration 18 TOE Identification 18 TOE Documentation 21 TOE Configuration 22 Environmental Configuration 23 Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 5 of 23 2 Abbreviations CC Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) CCRA Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security CEM Common Methodology for Information Technology Security Evaluation EAL Evaluation Assurance Level EOR Evaluation Observation Report ETR Evaluation Technical Report EVIT Evaluation Facility under the Norwegian Certification Scheme for IT Security IPC IP Camera POC Point of Contact QP Qualified Participant SERTIT Norwegian Certification Authority for IT Security SPM Security Policy Model ST Security Target TOE Target of Evaluation TSF TOE Security Functions TSP TOE Security Policy Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 6 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 3 References [1] Huawei IP Camera Series Products V200R003C20 Security Target, Huawei Technology Co. Ltd., version 1.0, 27 March 2018. [2] Common Criteria Part 1, CCMB-2012-09-001, Version 3.1 R4, September 2012. [3] Common Criteria Part 2, CCMB-2012-09-002, Version 3.1 R4, September 2012. [4] Common Criteria Part 3, CCMB-2012-09-003, Version 3.1 R4, September 2012. [5] The Norwegian Certification Scheme, SD001E, Version 10.4, 20 February 2018. [6] Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, CCMB-2012-09-004, Version 3.1 R4, September 2012. [7] Evaluation Technical Report Common Criteria EAL3+ALC_FLR.2 Evaluation of “Huawei IP Camera Series V200R003C20”, v3.0, 26 March 2018. [8] CC Huawei IP Camera Series products V200R003C20 AGD_PRE V04. [9] CC Huawei IP Camera Series products V200R003C20 AGD_OPE V03. [10] IPC V200R003C20 Product Documentation V01. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 7 of 23 4 Executive Summary 4.1 Introduction This Certification Report states the outcome of the Common Criteria security evaluation of Huawei IP Camera Series Products version V200R003C20 to the Sponsor, Huawei Technology Co. Ltd., and is intended to assist prospective consumers when judging the suitability of the IT security of the product for their particular requirements. Prospective consumers are advised to read this report in conjunction with the Security Target[1] which specifies the functional, environmental and assurance evaluation requirements. 4.2 Evaluated Product The version of the product evaluated was Huawei IP Camera Series Products and version V200R003C20. These products are also described in this report as the Target of Evaluation (TOE). The developer was Huawei Technology Co. Ltd. The TOE is an IP Camera system composed of a hardware platform and a firmware running within the platform as a whole system. This TOE provides video over IP networks with some security features such as Security Audit, Cryptographic support, Identification and Authentication, Security Management, Protection of the TSF, TOE access, Trusted Path. 8 IP Cameras are included, namely, IPC6125-WDL-FA, IPC6225- VRZ, IPC6285- VRZ, IPC6325-WD-VRZ, IPC6385-VRZ, IPC6525-Z30, IPC6625-Z30, IPC6681-Z20. Some can be used in indoors, such as IPC6125-WDL-FA, IPC6325-WD- VRZ. Some can be used in outdoors, such as IPC6225-VRZ, IPC6285- VRZ, IPC6681- Z20. The TOE is used to send video over an IP network such as a local area network (LAN) or the Internet. A network camera enables live viewing and/or recording, either continuously, at scheduled times, on request or when triggered by an event. there are two usage scenarios regarding the video distribution: 1.The video data distribution is only accessed using the web interface. 2.The video data is sent and stored in a server using a different interface than https used for the web access. This certification is only about the first scenarios. Details of the evaluated configuration, including the TOE’s supporting guidance documentation, are given in Annex A. 4.3 TOE scope The TOE scope is described in the ST [1] chapter 1.4.1 and 1.4.2. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 8 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 4.4 Protection Profile Conformance The Security Target[1] did not claim conformance to any protection profile. 4.5 Assurance Level The Security Target[1] specified the assurance requirements for the evaluation. The assurance incorporated predefined evaluation assurance level EAL 3, augmented by ALC_FLR.2. Common Criteria Part 3[4] describes the scale of assurance given by predefined assurance levels EAL1 to EAL7. An overview of CC is given in CC Part 1[2]. 4.6 Security Policy There are no Organizational Security Policies or rules with which the TOE must comply. 4.7 Security Claims The Security Target[1] fully specifies the TOE’s security objectives, the threats which these objectives counter and security functional requirements and security functions to elaborate the objectives. All of the SFR’s are taken from CC Part 2[3]; use of this standard facilitates comparison with other evaluated products. 4.8 Threats Countered T.UNAUTHORIZED_ADMINISTRATOR_ACCESS Threat agents may attempt to gain administrator access to the network device by nefarious means such as masquerading as an administrator to the device, masquerading as the device to an administrator, replaying an administrative session (in its entirety, or selected portions), or performing man-in-the-middle attacks, which would provide access to the administrative session, or sessions between network devices. Successfully gaining administrator access allows malicious actions that compromise the security functionality of the device and the network on which it resides. T.WEAK_CRYPTOGRAPHY Threat agents may exploit weak cryptographic algorithms or perform a cryptographic exhaust against the key space. Poorly chosen encryption algorithms, modes, and key sizes will allow attackers to compromise the algorithms, or brute force exhaust the key space and give the unauthorized access allowing them to read, manipulate and/or control the traffic with minimal effort. T.UNTRUSTED_COMMUNICATION_CHANNELS Threat agents may attempt to target network devices that do not use standardized secure tunnelling protocols to protect the critical network traffic. Attackers may take advantage of poorly designed protocols or poor key management to successfully perform man-in-the-middle attacks, replay Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 9 of 23 attacks, etc. Successful attacks will result in loss of confidentiality and integrity of the critical network traffic, and potentially could lead to a compromise of the network device itself. T.UNDETECTED_ACTIVITY Threat agents may attempt to access, change, and/or modify the security functionality of the network device without Administrator awareness. This could result in the attacker finding an avenue (e.g., misconfiguration, flaw in the product) to compromise the device and the Administrator would have no knowledge that the device has been compromised. 4.9 Threats Countered by the TOE’s environment T.NETWORK_ATTACKS Threat agents may attempt to attack TOE from internet or external networks with flooding, malformed packages or other means intended to subvert the TOE TSF. Successful attacks will result in loss of availability of the TOE, such as losing of control or device restarting. 4.10 Threats and Attacks not Countered No threats or attacks that are not countered are described. 4.11 Environmental Assumptions and Dependencies A.PHYSICAL_PROTECTION The TOE is assumed to be physically protected in its operational environment and not subject to physical attacks that compromise the security and/or interfere with the device's physical interconnections and correct operation. This protection is assumed to be sufficient to protect the device and the data it contains. As a result, the ST will not include any requirements on physical tamper protection or other physical attack mitigations. The ST will not expect the product to defend against physical access to the device that allows unauthorized entities to extract data, bypass other controls, or otherwise manipulate the device. A.LIMITED_FUNCTIONALITY The TOE is assumed to provide networking functionality as its core function and not provide functionality/services that could be deemed as general purpose computing. For example, the device should not provide a computing platform for general purpose applications (unrelated to networking functionality). A.TRUSTED_USERS The Security Administrator(s) for the TOE are assumed to be trusted and to act in the best interest of security for the organization. This includes being appropriately trained, following policy, and adhering to guidance Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 10 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 documentation. Administrators are trusted to ensure passwords/credentials have sufficient strength and to lack malicious intent when administering the device. The TOE is not expected to be capable of defending against a malicious Administrator that actively works to bypass or compromise the security of the device. All users of the TOE having access to the TOE management computers or the TOE network are trusted in the sense that they will not perform malicious actions intended to subvert the availability of the TOE assets. A. NETWORK_SEGREGATION The network environment of TOE (the LAN where the TOE is connected) is assumed to be trusted and to prevent attacks from internet. This environment includes one network which is separated from external networks (e.g. other LANs or Internet). In the TOE network there are only the following components: cameras, one (or a very limited number of) computer for cameras management and the video recording equipment (e.g. IVS and decoders). Connection of any other devices is not possible If access from Internet is necessary, a boundary protection device such as Firewall/Gateway/Physical segregation device is required to prevent attacks from the internet. 4.12 IT Security Objectives O.SYSTEM_MONITORING The TOE will provide the capability to generate audit data. O.AUDIT_VIEW The TOE will provide only the authorized administrators the capability to review audit data, and overwrite the oldest stored audit records if the audit trail is full. O.CRYPTOGRAPHIC_FUNCTIONS The TOE shall provide cryptographic functions (i.e.,encryption/decryption and digital signature operations) to maintain the confidentiality. O.PROTECTED_COMMUNICATIONS The TOE will provide protected communication channels for administrators. O.SESSION_ACCESS The TOE shall provide mechanisms that can set basic limitation on multiple concurrent sessions and initiated termination. O.ID_AUTH The TOE must uniquely identify and authenticate the claimed identity of all administrative users before granting management access. O.SECURITY_MANAGE Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 11 of 23 The TOE will provide management tools/applications to allow authorized administrators to manage its security functions. O.ADMIN_ROLE The TOE will provide administrator levels to isolate administrative actions, and to make the administrative functions available remotely. 4.13 Non-IT Security Objectives OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is provided by the environment. OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. OE.TRUSTED_USERS Users are trusted to follow and apply all guidance documentation in a trusted manner. Security Administrators are trusted to follow and apply all guidance documentation in a trusted manner. All users of the TOE having access to the TOE network are trusted in the sense that they will not perform malicious actions intended to subvert the availability of the TOE assets. OE.NETWORK_SEGREGATION The operational environment shall provide segregation from Internet by deploying TOE into a LAN with a firewall or gateway, and it shall restrict the physical access to the TOE network to TOE authorized users.. 4.14 Security Functional Requirements FAU_GEN.1 Audit data generation FAU_GEN.2 User identity association FAU_SAR.1 Audit review FCS_CKM.1/RSA Cryptographic key generation FCS_CKM.1/DATA_AES Cryptographic key generation FCS_CKM.1/TLS_AES Cryptographic key generation FCS_CKM.1/ KeyedHash Cryptographic key generation FCS_CKM.4/RSA Cryptographic key destruction FCS_CKM.4/DATA_AES Cryptographic key destruction FCS_CKM.4/TLS_AES Cryptographic key destruction FCS_CKM.4/ KeyedHash Cryptographic key destruction FCS_COP.1/DataEncryption Cryptographic Operation (AES Data Encryption/Decryption) Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 12 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 FCS_COP.1/SigGen Cryptographic Operation (Signature Generation and Verification) FCS_COP.1/Hash Cryptographic Operation (Hash Algorithm) FCS_COP.1/KeyedHash Cryptographic Operation (Keyed Hash Algorithm) FIA_AFL.1 Authentication failure handling FIA_ATD.1 User attribute definition FIA_UAU.2 User authentication before any action FIA_UID.2 User identification before any action FMT_MOF.1 Management of security functions behaviour FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_STM.1 Reliable time stamps FTA_MCS.1 Basic limitation on multiple concurrent sessions FTA_SSL.3 TSF-initiated termination FTA_SSL.4 User-initiated termination FTP_TRP.1 Trusted path 4.15 Evaluation Conduct The evaluation was carried out in accordance with the requirements of the Norwegian Certification Scheme for IT Security as described in SERTIT Document SD001[5]. The Scheme is managed by the Norwegian Certification Authority for IT Security (SERTIT). As stated on page 2 of this Certification Report, SERTIT is a member of the Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security (CCRA), and the evaluation was conducted in accordance with the terms of this Arrangement. The purpose of the evaluation was to provide assurance about the effectiveness of the TOE in meeting its Security Target[1], which prospective consumers are advised to read. To ensure that the Security Target[1] gave an appropriate baseline for a CC evaluation, it was first itself evaluated. The TOE was then evaluated against this baseline. Both parts of the evaluation were performed in accordance with CC Part 3[4] and the Common Evaluation Methodology (CEM)[6]. SERTIT monitored the evaluation which was carried out by the Brightsight B.V. Commercial Evaluation Facility (CLEF/EVIT). The evaluation was completed when the EVIT submitted the final Evaluation Technical Report (ETR)[7] to SERTIT in 26 March 2018. SERTIT then produced this Certification Report. 4.16 General Points The evaluation addressed the security functionality claimed in the Security Target[1] with reference to the assumed operating environment specified by the Security Target[1]. The evaluated configuration was that specified in Annex A. Prospective consumers are advised to check that this matches their identified requirements and give due consideration to the recommendations and caveats of this report. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 13 of 23 Certification does not guarantee that the IT product is free from security vulnerabilities. This Certification Report and the belonging Certificate only reflect the view of SERTIT at the time of certification. It is furthermore the responsibility of users (both existing and prospective) to check whether any security vulnerabilities have been discovered since the date shown in this report. This Certification Report is not an endorsement of the IT product by SERTIT or any other organization that recognizes or gives effect to this Certification Report, and no warranty of the IT product by SERTIT or any other organization that recognizes or gives effect to this Certification Report is either expressed or implied. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 14 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 5 Evaluation Findings The evaluators examined the following assurance classes and components taken from CC Part 3[4]. These classes comprise the EAL 3 assurance package augmented with ALC_FLR.2. Assurance class Assurance components Development ADV_ARC.1 Security architecture description ADV_FSP.3 Functional specification with complete summary ADV_TDS.2 Architectural design Guidance documents AGD_OPE.1 Operational user guidance AGD_PRE.1 Preparative procedures Life-cycle support ALC_CMC.3 Authorisation controls ALC_CMS.3 Implementation representation CM coverage ALC_DEL.1 Delivery procedures ALC_DVS.1 Identification of security measures ALC_LCD.1 Developer defined life-cycle model ALC_FLR.2 Flaw reporting procedures Security Target evaluation ASE_CCL.1 Conformance claims ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_REQ.2 Derived security requirements ASE_SPD.1 Security problem definition ASE_OBJ.2 Security objectives ASE_TSS.1 TOE summary specification Tests ATE_COV.2 Analysis of coverage ATE_DPT.1 Testing: basic design ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample Vulnerability assessment AVA_VAN.2 Vulnerability analysis All assurance classes were found to be satisfactory and were awarded an overall “pass” verdict. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 15 of 23 5.1 Introduction The evaluation addressed the requirements specified in the Security Target[1]. The results of this work were reported in the ETR[7] under the CC Part 3[4] headings. The following sections note considerations that are of particular relevance to either consumers or those involved with subsequent assurance maintenance and re- evaluation of the TOE. 5.2 Delivery The TOE delivery procedures are outlined for the consumer in [8]. On receipt of the TOE, the consumer is recommended to check that the evaluated version has been supplied, and to check that the security of the TOE has not been compromised in delivery. 5.3 Installation and Guidance Documentation Installation of the TOE must be performed completely in accordance with the guidance listed in the ST[1] chapter 1.4.2. The Common Criteria Security Evaluation - Certified Configuration preparative guidance [8] describes all necessary steps to configure the TOE in the certified configuration. These documents are a collection of all security relevant operations and settings that must be observed to ensure that the TOE operates in a secure manner. 5.4 Misuse There is always a risk of intentional and unintentional misconfigurations that could possibly compromise confidential information. The user should always follow the guidance for the TOE in order to ensure that the TOE operates in a secure manner. The guidance documents adequately describe the mode of operation of the TOE, all assumptions about the intended environment and all requirements for external security. Sufficient guidance is provided for the consumer to effectively use the TOE’s security functions. 5.5 Vulnerability Analysis The Evaluators’ vulnerability analysis was based on both public domain sources and the visibility of the TOE given by the evaluation process. Based on all possible attack paths and threat agents, the evaluator analysed all possible attack scenarios aiming at compromising the assets defined in the ST [1]. Furthermore the evaluator analysed public domain vulnerabilities related to 3r d party libraries such as the OS kernel, the webserver, and the TLS libraries, to check if there are known exploitable vulnerabilities. The evaluator also searched the public domain vulnerabilities for the generic IP camera. The evaluators assessed all possible vulnerabilities found during evaluation. Potential vulnerabilities were found but only one of them turned out to be possibly Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 16 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 exploitable. The developer has updated the guidance to enhance the secure configuration of the TOE, and as a result this issue has become moot. 5.6 Developer’s Tests The Developer Test Plan consists of 15 tests. The categories are based on major groupings of security functionality, and in combination cover all SFRs and TSFIs. 5.7 Evaluators’ Tests For independent testing it was decided to repeat 9 out of the 15 developer tests, which provided a good coverage of the SFRs. The evaluator has also made sure that there is no overlap between these tests and the tests in the ATE IND, thereby maximizing coverage. The evaluator also analysed the Developer Test Plan to see where additional ATE tests could be performed, and devised 10 additional tests. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 17 of 23 6 Evaluation Outcome 6.1 Certification Result After due consideration of the ETR[7], produced by the Evaluators, and the conduct of the evaluation, as witnessed by the Certifier, SERTIT has determined that Huawei IP Camera Series Products version V200R003C20 meet the Common Criteria Part 3 augmented requirements of Evaluation Assurance Level EAL 3 augmented with ALC_FLR.2 for the specified Common Criteria Part 2 conformant functionality, in the specified environment, when running on platforms specified in Annex A. 6.2 Recommendations Prospective consumers of Huawei IP Camera Series Products version V200R003C20 should understand the specific scope of the certification by reading this report in conjunction with the Security Target[1]. The TOE should be used in accordance with a number of environmental considerations as specified in the Security Target. Only the evaluated TOE configuration should be installed. This is specified in Annex A with further relevant information given above under Section 4.3 “TOE Scope” and Section 5 “Evaluation Findings”. The TOE should be used in accordance with the supporting guidance documentation included in the evaluated configuration. The above “Evaluation Findings” include a number of recommendations relating to the secure receipt, installation, configuration and operation of the TOE. In particular the user must not use the Huawei root CA that comes together with the TOE. The user must use their own trusted PKI instead. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 18 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 Annex A: Evaluated Configuration TOE Identification The TOE consists of the 8 models. The details of their hardware specification and firmware version are listed below: Model Feature Interface IPC6125-WDL-FA firmware version V200R003C20 l H.265, H.264 and MJPEG video compression standard l Dual-channel 1080p HD video encoding l Intelligent analytics l Auto Back Focus(-FA) l 1x SFP slot for SFP fiber optic modules(-FA) l Ethernet: 1x RJ-45 10/100/1000Base-T self- adaptive Ethernet port l SFP slot: 1x SFP slot l Opto-electronic cascade(OEC): Supporting cascade connection of two cameras via opto- electronic Eth ports l Serial: 1x RS-485 port ,supporting PELCO- P/D protocol l Alarm : 1-channel alarm input and 1-channel alarm output l Analog video: 1-channel CVBS output l Audio: 1-channel audio input and 1-channel audio port l Memory card slot: 1x Micro SD/SDHC/SDXC slot l Lens interface: C- or CS- mount interface IPC6225-VRZ firmware version V200R003C20 l H.265, H.264 and MJPEG video compression standard l Invisible IR(-SP) l Built-in motorized zoom and focus lens l Intelligent analytics l Ethernet: 1x RJ-45 10/100Base-T self- adaptive Ethernet port l Serial: 1x RS-485 port (PELCO-P/D protocol) l Alarm: 2-channel alarm input and 2-channel alarm output l Analog video: 1-channel CVBS output, BNC connector l Audio 1-channel audio input and 1-channel audio port ,3.5mm mono Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 19 of 23 Model Feature Interface connector l Memory card slot1x MicroSD/SDHC/SDXC slot IPC6285- VRZ firmware version V200R003C20 l Up to 4K(3840×2160) UHD l H.265, H.264 and MJPEG video compression l Wide dynamic range 120dB l Intelligent behavior analytics, color recognition, vehicle and pedestrian classification, exception audio detection l IP67 protection class l Ethernet: 1x RJ-45 10/1001000Base-T self-adaptive Ethernet port l Serial: 1x RS-485 port (PELCO-P/D protocol) l Alarm: 2-channel alarm input and 2-channel alarm output l Analog video: 1-channel CVBS output, BNC connector l Audio 1-channel audio input and 1-channel audio port l Memory card slot1x MicroSD/SDHC/SDXC slot IPC6325-WD-VRZ firmware version V200R003C20 l H.265, H.264 and MJPEG video compression standard l Wide dynamic range 120dB l 2.8-12 mm Motorized and smart focus l Intelligent analytics l Intelligent IR control(- VRZ) l IP66 protection class l IK10 Vandal-proof class l Railway application standards l Ethernet interface: 1x RJ- 45 10/100Base-T self- adaptive Ethernet port l Serial interface: 1x RS- 485 port l Alarm interface: 1- channel alarm input and 1-channel alarm output l Analog video interface: 1-channel CVBS output l Audio interface: 1- channel audio input and 1-channel audio port (3.5mm mono connector) l Memory card slot: 1x MicroSD/SDHC/SDXC slot. IPC6385-VRZ firmware version l Up to 4K(3840×2160) UHD l H.265, H.264 and MJPEG video compression l Wide dynamic range 120dB l Intelligent behavior l Ethernet interface: 1x RJ- 45 10/100Base-T self- adaptive Ethernet port l Alarm interface: 1- channel alarm input and 1-channel alarm output l Audio interface: 1- channel audio input and Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 20 of 23 SERTIT-106 CR Issue 1.0 19 April 2018 Model Feature Interface V200R003C20 analytics, color recognition, vehicle and pedestrian classification, exception audio detection l IP66 protection class 1-channel audio port (3.5mm mono connector) l The power input interface. supports DC12V±25% and AC24V±24.9% power input. IPC6525-Z30 firmware version V200R003C20 l H.265, H.264 and MJPEG video compression standard l Dual-channel 1080p HD video encoding l Ultra WDR 120dB l Auto defogging l Gyroscopic image stabilization l Intelligent analytics l SFP slot for SFP fiber optic modules l Opto-electronic cascade(OEC) l Railway applications l Ethernet interface:1x RJ- 45 10/100/1000Base-T self-adaptive Ethernet port l SFP slot:1x SFP slot for SFP fiber optic modules l Opto-electronic cascade(OEC):Supporting cascade connection of two cameras via opto- electronic Eth ports l Serial interface:1x RS- 485 port (PELCO-P/D protocol) l Alarm interface:8- channel alarm input and 2-channel alarm output l Analog video interface:1- channel analog video output through the CVBS interface, BNC connector l Audio interface:1- channel audio input and 1-channel audio port l Memory card slot:1x MicroSD/SDHC/SDXC slot IPC6625-Z30 firmware version V200R003C20 l H.265, H.264 and MJPEG video compression standard l Dual-channel 1080p HD video encoding l Intelligent IR l Ultra WDR 120dB l Highlight suppression l Auto defogging l Gyroscopic image stabilization l Ethernet interface:1x RJ- 45 10/100Base-T self- adaptive Ethernet port l Serial interface:1x RS- 485 port (PELCO-P/D protocol) l Memory card slot:1x MicroSD/SDHC/SDXC slot, up to 64 GB l Alarm interface:8- channel alarm input and 2-channel alarm output Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 21 of 23 Model Feature Interface l Intelligent analytics l IK10 Vandal-proof class l IP66 protection class l Ultra wide operating temperature range -40℃ ~ 60℃ l Analog video interface:1- channel analog video output through the CVBS interface, BNC connector IPC6681-Z20 firmware version V200R003C20 l Up to 4K(3840×2160) UHD l H.265, H.264 and MJPEG video compression l Wide dynamic range 120dB l Intelligent behavior analytics, color recognition, vehicle and pedestrian classification, exception audio detection l IP66 protection class l Ethernet interface1x RJ-45 10/100/1000Base- T self-adaptive Ethernet port l Serial interface1x RS- 485 port (PELCO-P/D protocol) l Alarm interface4- channel alarm input and 2-channel alarm output l Analog video interface 1-channel analog video output through the CVBS interface,BNC connector l Audio interface1- channel audio input and 1-channel audio port,RCA connector l Memory card slot1x MicroSD/SDHC/SDXC slot TOE Documentation The supporting guidance documents evaluated were: [a] CC Huawei IP Camera Series products V200R003C20 AGD_PRE V04 [b] CC Huawei IP Camera Series products V200R003C20 AGD_OPE V03 [c] IPC V200R003C20 Product Documentation 01 Further discussion of the supporting guidance material is given in Section 5.3 “Installation and Guidance Documentation”. Huawei IP Camera Series Products Version V200R003C20 EAL 3 + Page 22 of 24 SERTIT-106 CR Issue 1.0 19 April 2018 TOE Configuration The following configuration was used for testing: ITEM IDENTIFIER HARDWARE IPC6125-WDL-FA IPC6385-VRZ IPC6525-Z30 SOFTWARE V200R003C20 MANUALS CC Huawei IP Camera Series products V200R003C20 AGD_PRE V04 CC Huawei IP Camera Series products V200R003C20 AGD_OPE V03 IPC V200R003C20 Product Documentation 01 Huawei IP Camera Series Products Version V200R003C20 EAL 3 + SERTIT-106 CR Issue 1.0 19 April 2018 Page 23 of 23 Environmental Configuration The TOE is tested in the following two different test setups. Test setup 1 Test setup 2 192.168.2.101 192.168.2.100 Test PC A (TPC) TOE Test PC B (TPC) 192.168.2.102 Network 1 192.168.2.102 192.168.2.101 192.168.2.10 IPC6125- WDL-FA 192.168.2.12 192.168.2.103 IPC-6385- VRZ 192.168.2.11 VM Windows Test PC VM Kali 192.168.2.104 IPC-6385- VRZ Network 1 IPC6525- Z30