Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 1 of 64 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos OS 14.2R3 ST Version 1.0 December 10, 2015 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 2 of 64 Prepared By: Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 www.juniper.net Abstract This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the Junos OS 14.2R3 running on Mx-Series 3D Universal Edge Routers, PTX-Series Packet Transport Routers and EX-9200 Ethernet Switches. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security requirements and the IT security functions provided by the TOE which meet the set of requirements. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 3 of 64 Table of Contents 1 Introduction ................................................................................................................................................ 6 1.1 ST Reference...............................................................................................................................................6 1.2 TOE Reference ............................................................................................................................................6 1.3 About This Document.................................................................................................................................6 1.3.1 Document Conventions .........................................................................................................................7 1.3.2 Document Terminology .........................................................................................................................7 1.4 TOE Overview .............................................................................................................................................7 1.5 TOE Boundaries ..........................................................................................................................................7 1.5.1 Physical Boundary..................................................................................................................................8 1.5.2 Logical Boundary....................................................................................................................................9 1.5.3 Non-TOE hardware, software, firmware .............................................................................................11 1.5.4 Summary of Out-of-Scope Items .........................................................................................................11 2 Conformance Claims.................................................................................................................................. 12 2.1 CC Conformance Claim.............................................................................................................................12 2.2 PP Claim ...................................................................................................................................................12 3 Security Problem Definition ...................................................................................................................... 13 3.1 Threats .....................................................................................................................................................13 3.2 Organizational Security Policies ...............................................................................................................13 3.3 Assumptions.............................................................................................................................................14 4 Security Objectives.................................................................................................................................... 15 4.1 Security Objectives for the TOE ................................................................................................................15 4.2 Security Objectives for the Operational Environment ..............................................................................15 4.3 Security Objectives Rationale...................................................................................................................15 5 Extended Security Requirement Components Definition........................................................................... 17 5.1 Extended TOE Security Functional Requirement Components .................................................................17 5.1.1 FAU_STG_EXT.1 External Audit Trail Storage ......................................................................................17 5.1.2 FCS_CKM_EXT.4 Cryptographic Key Zeroization..................................................................................17 5.1.3 FCS_RBG_EXT.1 Extended: Random Bit Generation............................................................................18 5.1.4 FCS_SSH_EXT.1 Explicit: SSH................................................................................................................18 5.1.5 FIA_PMG_EXT.1 Password Management ............................................................................................19 5.1.6 FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism...........................................20 5.1.7 FIA_UIA_EXT.1 Extended: Password-based Authentication and Identification Mechanism...............20 5.1.8 FPT_APW_EXT.1 Extended: Protection of Administrator Passwords ..................................................21 5.1.9 FPT_SKP_EXT.1 Extended: Protection of TSF data (for reading of all symmetric keys).......................21 5.1.10 FPT_TST_EXT.1 Extended: TSF testing.............................................................................................22 5.1.11 FPT_TUD_EXT.1 Extended: Management of TSF Data ....................................................................22 5.1.12 FTA_SSL_EXT.1 Extended: TSF-initiated Session Locking ................................................................23 5.2 Extended TOE Security Assurance Requirement Components..................................................................23 6 Security Requirements .............................................................................................................................. 24 6.1 Security Functional Requirements............................................................................................................24 6.1.1 Security Audit (FAU).............................................................................................................................26 6.1.2 Cryptographic Support (FCS)................................................................................................................26 6.1.3 User Data Protection (FDP)..................................................................................................................28 6.1.4 Identification and Authentication (FIA) ...............................................................................................28 6.1.5 Security Management (FMT) ...............................................................................................................29 6.1.6 Protection of the TSF (FPT) ..................................................................................................................30 6.1.7 TOE Access (FTA)..................................................................................................................................31 6.1.8 Trusted Path/Channels (FTP) ...............................................................................................................31 6.2 Security Assurance Requirements ............................................................................................................32 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 4 of 64 6.3 Security Requirements Rationale .............................................................................................................32 6.3.1 Security Functional Requirements Rationale.......................................................................................32 6.3.2 Security Assurance Requirements Rationale .......................................................................................35 7 TOE Summary Specification....................................................................................................................... 36 7.1 Security Audit ...........................................................................................................................................36 7.2 Cryptographic Support .............................................................................................................................37 7.3 User Data Protection................................................................................................................................40 7.4 Identification and Authentication ............................................................................................................40 7.5 Security Management..............................................................................................................................41 7.6 Protection of the TSF................................................................................................................................42 7.7 TOE Access................................................................................................................................................45 7.8 Trusted Path/Channels.............................................................................................................................45 7.9 RFC Conformance Statements..................................................................................................................46 7.10 Conformance Statements for 800-56.......................................................................................................49 7.10.1 Finite Field-Based and Elliptic Curve-Based Key Establishment Schemes.......................................49 8 Audit Events .............................................................................................................................................. 52 9 Install Packages ......................................................................................................................................... 53 9.1 Mx/PTX Routers........................................................................................................................................53 9.2 EX9200 Switches.......................................................................................................................................53 9.3 FIPS Install Packages ................................................................................................................................53 10 TOE Network Interfaces............................................................................................................................. 54 10.1 Mx 240, Mx 480 and Mx 960....................................................................................................................54 10.1.1 MPCs................................................................................................................................................54 10.1.2 MICs.................................................................................................................................................54 10.1.3 DPC ..................................................................................................................................................55 10.2 Mx 2010 and Mx 2020 .............................................................................................................................55 10.2.1 Modular Port Concentrators (MPCs)...............................................................................................55 10.2.2 Modular Interface Cards (MICs) ......................................................................................................57 10.3 PTX 5000 ..................................................................................................................................................57 10.3.1 PTX5000 FPC and PICs .....................................................................................................................57 10.3.2 PTX5000 Supported FPC and PIC Compatibility: .............................................................................58 10.4 PTX3000 ...................................................................................................................................................59 10.4.1 PTX3000 Supported FPCs ................................................................................................................59 10.4.2 PTX3000 Supported PICs .................................................................................................................59 10.4.3 PTX3000 Supported FPC and PIC Compatibility: .............................................................................59 10.5 EX9200 .....................................................................................................................................................59 11 Appendices................................................................................................................................................ 59 11.1 References................................................................................................................................................60 11.2 Glossary....................................................................................................................................................61 11.3 Acronyms..................................................................................................................................................63 List of Tables Table 1 - ST Organization and Section Descriptions ....................................................................................................6 Table 2 – TOE Physical Boundary.................................................................................................................................9 Table 3 – TOE Logical Boundary.................................................................................................................................10 Table 4 – Threats Addressed by the TOE...................................................................................................................13 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 5 of 64 Table 5 – Organizational Security Policies .................................................................................................................14 Table 6 – Assumptions...............................................................................................................................................14 Table 7 – TOE Security Objectives .............................................................................................................................15 Table 8– Operational Environment Security Objectives............................................................................................15 Table 9– TOE Security Functional Requirements.......................................................................................................25 Table 10 – Security Assurance Requirements ...........................................................................................................32 Table 11– Satisfaction of dependencies ....................................................................................................................35 Table 12 – Minimum Storage Capacity for Audit File ................................................................................................37 Table 13 – CAVP Certificate Results...........................................................................................................................37 Table 14– Key zeroization handling...........................................................................................................................39 Table 15 – RFC Conformance Statements .................................................................................................................49 Table 16 – [800-56A] Conformance Statements .......................................................................................................51 Table 17 – Security Audit Requirements ...................................................................................................................53 Table 18 - Acronyms used in the Security Target ......................................................................................................64 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 6 of 64 1 Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE), Security Target organization, document conventions, and terminology. It also includes an overview of the evaluated products. 1.1 ST Reference ST Title Security Target: Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos OS 14.2R3 ST Revision 1.0 ST Draft Date December 10, 2015 Author Juniper Networks, Inc. 1.2 TOE Reference TOE Reference Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos OS 14.2R3 1.3 About This Document This Security Target follows the following format: SECTION TITLE DESCRIPTION 1 Introduction Provides an overview of the TOE and defines the hardware and software that make up the TOE as well as the physical and logical boundaries of the TOE 2 Conformance Claims Lists evaluation conformance to Common Criteria versions, Protection Profiles, or Packages where applicable 3 Security Problem Definition Specifies the threats, assumptions and organizational security policies that affect the TOE 4 Security Objectives Defines the security objectives for the TOE/operational environment and provides a rationale to demonstrate that the security objectives satisfy the threats 5 Security Requirements Contains the functional and assurance requirements for this TOE 6 TOE Summary Specification Identifies the IT security functions provided by the TOE and also identifies the assurance measures targeted to meet the assurance requirements 7 Rationale Demonstrates traceability and internal consistency 8 Audit Events TOE audit events are listed here 9 Appendices Supporting material Table 1 - ST Organization and Section Descriptions Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 7 of 64 1.3.1 Document Conventions The CC defines operations on Security Functional Requirements: assignments, selections, assignments within selections and refinements. This document uses the following font conventions to identify the operations defined by the CC that are not already completed in [NDPP]1 :  Assignment: Indicated with italicized text;  Refinement made by ST author: Indicated with bold text and strikethroughs, if necessary;  Selection: Indicated with underlined text;  Assignment within a Selection: Indicated with italicized and underlined text. Iterations are indicated by appending the iteration number in parenthesis, e.g., (1), (2), (3). Iterations identified in [NDPP] are identified in the same manner in this ST. 1.3.2 Document Terminology See Section 11.2 for the Glossary. 1.4 TOE Overview The Target of Evaluation (TOE) is a network device (router/switch), and includes the following secure network devices running Junos OS 14.2R3  Mx-Series 3D Universal Edge Routers: Mx240 Mx480 Mx960 Mx2010 Mx2020  PTX-Series Packet Transport Routers: PTX3000 PTX5000  EX-Series Ethernet Switches: EX9200 (EX9204, EX9208 & EX9214) 1.5 TOE Boundaries The TOE consists of the following IT components: 1. Network devices (as detailed in Table 2 below). 2. Junos OS 14.2R3: an operating system for security appliances. The TOE is managed and configured via Command Line Interface. Each appliance is a secure network device that protects itself largely by offering only a minimal logical interface to the network and attached nodes. All router platforms are powered by the Junos OS software, which is a special purpose OS that provides no general purpose computing capability. Junos OS provides both management and control functions as well as all IP routing. Each Juniper Networks Mx-series and PTX-series routing platform is a complete routing system that supports a variety of high-speed interfaces (only Ethernet is within scope of the evaluation) for medium/large networks and network applications. Similarly, the EX-series 9200 switches provide high- 1 i.e. if a selection, assignment or refinement has been made in [NDPP] it will not also be marked using the font conventions (although any square brackets used in [NDPP] will be retained) in this security target, thereby highlighting the additional operations completed in the Security Target. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 8 of 64 performance, carrier-class networking solutions, supporting a variety of high-speed Ethernet interfaces for medium/large networks. Juniper Networks routers share common Junos OS software, features, and technology for compatibility across platforms. The hardware has two components: the router/switch chassis and the PICs, DPCs and Line Cards that have been installed in the appliance. The various PICs, DPCs, MPCs, MICs and FPCs that have been installed in the appliance allow it to communicate with the different types of networks that may be required within the environment where the router/switch will be used2 . The architecture of each appliance cleanly separates routing and control functions from packet forwarding operations, thereby eliminating bottlenecks and permitting the router to maintain a high level of performance. Each appliance consists of two major architectural components:  The Routing Engine (RE), which provides Layer 3 routing services and network management and control;  The Packet Forwarding Engine (PFE)3 , which provides all operations necessary for transit packet forwarding. The Routing Engine and Packet Forwarding Engine perform their primary tasks independently, while constantly communicating through a high-speed internal link. This arrangement provides streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. 1.5.1 Physical Boundary Series Model Slots4 Firmware5 Mx-Series Mx240 3 x MPCs and DPCs (as detailed in Section 10.1) Junos 14.2R3.8 Mx480 6 x MPCs and DPCs (as detailed in Section 10.1) Junos 14.2R3.8 Mx960 12 x MPCs and DPCs (as detailed in Section 10.1) Junos 14.2R3.8 Mx2010 10 x 480 line-rate 10GbE ports (as detailed in Section 10.2) Junos 14.2R3.8 Mx2020 20 x 960 line-rate 10GbE ports (as detailed in Section 10.2) Junos 14.2R3.8 2 These network interfaces are required for the TOE to operate. However, they are not relied upon for the enforcement security functionality necessary to satisfy the requirements of [NDPP] and so do not fall within the scope of the TSF. Therefore, the network interfaces are considered to be non-TOE hardware/software/firmware entities, and are referenced as such in section 1.5.3. 3 The network interface components form the lower layers of the PFE (the DPC, PICs, DPCs, MPCs and FPCs network interface components) which simply deal with physical interfaces mechanics. 4 The fabric/cards plugged into the chassis slots are considered to be non-TOE hardware/software/firmware entities as discussed above. 5 The firmware version reflects the detail reported for the components of the Junos OS when the show version command is executed on the appliance. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 9 of 64 Series Model Slots4 Firmware5 PTX-Series PTX3000 9 x Switch Interface Boards (as detailed in Section 10.4) Junos 14.2R3.8 PTX5000 9 x Switch Interface Boards (as detailed in Section 10.3) Junos 14.2R3.8 EX-Series EX9204 4 slots of up to 260 Gbps (full duplex) per slot fabric capacity (as detailed in Section 10.5) Junos 14.2R3.8 EX9208 8 slots of up to 260 Gbps (full duplex) per slot fabric capacity (as detailed in Section 10.5) Junos 14.2R3.8 EX9214 14 slots of up to 260 Gbps (full duplex) per slot fabric capacity (as detailed in Section 10.5) Junos 14.2R3.8 Table 2 – TOE Physical Boundary The TOE is comprised of the Junos OS 14.2R3 firmware running on the appliance chassis listed in Table 2 above (including the software implementing the Routing Engine and the software and ASICs implementing the Packet Forwarding Engine). Hence the TOE is contained within the physical boundary of the specified appliance chassis. Details of the appliance specific install packages of the Junos OS 14.2R3 are provided in Section 9, Install Packages. The guidance documents included as part of the TOE are: [CLI] Junos OS CLI User Guide, Release 14.2 [ECG] Junos OS Common Criteria Evaluation Configuration Guide for Mx Series, PTX Series and EX9200 Series Devices Release 14.2R3 [GSG] Junos OS Getting Started Guide for Routing Devices, Release 14.2 [IUG] Installation and Upgrade Guide, Release 14.2 [SLM] Junos OS System Log Messages Reference, Release 14.2 [SSG] Junos OS Security Services Administration Guide for Routing Devices, Release 14.2 [UAA] Junos OS User Access and Authentication Feature Guide for Routing Devices, Release 14.2 1.5.2 Logical Boundary This section outlines the boundaries of the security functionality of the TOE; the logical boundary of the TOE includes the security functionality described in the following sections. TSF DESCRIPTION Audit (FAU) Junos auditable events are stored in the syslog files, and can be sent to an Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 10 of 64 TSF DESCRIPTION external log server (via Netconf over SSH). Auditable events include start-up and shutdown of the audit functions, authentication events, service requests, as well as the events listed in the table in Section 8. Audit records include the date and time, event category, event type, username, and the outcome of the event (success or failure). Local syslog storage limits are configurable and are monitored. In the event of storage limits being reached the oldest logs will be overwritten. Cryptographic Support (FCS) The TOE includes a baseline cryptographic module that provides confidentiality and integrity services for authentication and for protecting communications with adjacent systems. User Data Protection The TOE is designed to process network packets and forward them as appropriate. The packet handling is implemented in such a manner as to prevent the leakage of user data from one packet into other packet(s) there were not intended by the originator. Identification and Authentication (FIA) The TOE requires users to provide unique identification and authentication data before any administrative access to the system is granted. .The devices also require that applications exchanging information with them successfully authenticate prior to any exchange. This covers all services used to exchange information, including Secure Shell (SSH). Telnet, File Transfer Protocol (FTP), Secure Socket Layer (SSL) are out of scope. Security Management (FMT) The TOE provides an Authorized Administrator role that is responsible for:  the configuration and maintenance of cryptographic elements related to the establishment of secure connections to and from the evaluated product  the regular review of all audit data;  all administrative tasks (e.g., creating the security policy). The devices are managed through a Command Line Interface (CLI). The CLI is accessible through remote administrative session. Protection of the TSF (FPT) The TOE provides protection mechanisms for its security functions. One of the protection mechanisms is to protect TFS data (e.g. cryptographic keys, administrator passwords). Another protection mechanism is to ensure the integrity of any software/firmware updates are can be verified prior to installation. The TOE provides for both cryptographic and non-cryptographic self-tests, and is capable of automated recovery from failure states. Also, reliable timestamp is made available for use by the TOE. TOE Access (FTA) The TOE can be configured to terminate interactive user sessions and to present an access banner with warning messages prior to authentication. Trusted Path/Channels (FTP) The TOE creates trusted channels between itself and remote trusted authorized IT product (e.g. syslog server) entities that protect the confidentiality and integrity of communications. The TOE creates trusted paths between itself and remote administrators and users that protect the confidentiality and integrity of communications. Table 3 – TOE Logical Boundary Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 11 of 64 1.5.3 Non-TOE hardware, software, firmware Network interfaces (DPCs, MPCs, MICs and PICs) are required by the TOE to operate, communicate with the connected network. These are detailed for each TOE appliance in Section 10. The TOE requires the following clients/servers to be provided in the connected network:  Syslog server supporting SSHv2 connections to send audit logs  SSHv2 client for remote administration  Serial connection client for local administration 1.5.4 Summary of Out-of-Scope Items The only security functionality addressed by the evaluation is the functionality specified by the functional requirements in Section 6.1, and does not include additional product capabilities such as use of information flow control based on traffic filters. The following items are out of the scope of the evaluation:  Use of telnet, since it violates the Trusted Path requirement set (see Section 6.1)  Use of FTP, since it violates the Trusted Path requirement set (see Section 6.1)  Use of SNMP, since it violates the Trusted Path requirement set (see Section 6.1)  Use of SSL, including management via J-Web, JUNOScript and JUNOScope, since it violates the Trusted Path requirement set (see Section 6.1)  Media use (other than during installation of the TOE)  Use of root account, other than during initial installation and configuration. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 12 of 64 2 Conformance Claims 2.1 CC Conformance Claim The TOE is Common Criteria Version 3.1 Revision 3 (July 2009) Part 2 extended and Part 3 conformant. 2.2 PP Claim The TOE conforms (exact compliance) to the following Protection Profile:  Security Requirements for Network Devices, Version 1.1, 08June 2012, [NDPP]  Security Requirements for Network Devices Errata #3, 3 November 2014, [NDPPerr] It is understood that “exact compliance”, as specified in [NDPPerr], is a subset of strict conformance whereby the ST contains all of the requirements in [NDPP] section 4 and the relevant requirements from Appendix C [NDPP]. There is no iteration of requirements in this ST and no additional requirements (from [CC2] or [CC3]) in the ST. Further, no requirements in [NDPP] section 4 are omitted. The Security Problem definition in this Security Target is consistent with the security problem definition detailed in [NDPP] Section 2. The threats in this ST are the same as the resulting threats detailed in Table 4 of [NDPP] Annex A. The organizational security policies in this ST are the same as those specified in Table 5 of [NDPP] Annex A and the assumptions in this ST are the same as those in Table 3 of [NDPP] Annex A. The statement of security objectives in this ST is consistent with the statement of security objectives detailed in [NDPP] Section 3. The Security Objectives for the TOE specified in this ST are the same as those in Table 6 of [NDPP] Annex A and the Security Objectives for the Operational Environment specified in this ST are the same as those in Table 7 of [NDPP] Annex A. The statement of requirement sin this ST is consistent with the statement of requirements detailed in [NDPP] Section 4. The Security Functional Requirements specified in this ST are the same as those in [NDPP] Section 4.2, with all extended requirements taken from [NDPP] Section 4.2. The Security Assurance Requirements specified in this ST include all those in [NDPP] Section 4.3, with all refinements taken from [NDPP] Section 4.3. In addition to those Security Assurance Requirements specified in [NDPP] this ST includes the ASE requirements necessary to evaluate this Security Target as part of a TOE evaluation. From the additional requirements specified in [NDPP] Annex C, the (extended) requirement FCS_SSH_EXT.1 Explicit SSH is selected. There are no claims for IPSec, TLS or HTTPS included in this ST, so the extended requirements FCS_IPSEC_EXT.1, FCS_TLS_EXT.1, FCS_HTTPS_EXT.1 and FIA_PSK_EXT.1 detailed in Annex C of [NDPP] and [NDPPerr] are not included in this ST. In addition, as there are no separate parts of the TOE the additional requirementFPT_ITT.1 (also specified in [NDPP] Annex C) is not applicable and is not included in this ST. No requirements are contained in this ST that are in addition to those specified in [NDPP] & [NDPPerr]. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 13 of 64 3 Security Problem Definition The security problem to be addressed by the TOE is described by threats and policies that are common to network devices, as opposed to those that might be targeted at the specific functionality of a specific type of network device, as specified in [NDPP]. This chapter identifies assumptions as A.assumption, threats as T.threat and policies as P.policy. Note that the assumptions, threats, and policies are the same as those found in [NDPP] such that this TOE serves to address the Security Problem. 3.1 Threats The following threats are addressed by the TOE, as detailed in table 4 of [NDPP] Annex A. THREAT DESCRIPTION T.ADMIN_ERROR An authorized administrator may incorrectly install or configure the TOE incorrectly, resulting in ineffective security mechanisms. T.TSF_FAILURE Security mechanisms of the TOE may fail, leading to a compromise of the TSF. T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions that adversely affect the security of the TOE. These actions may remain undetected and thus their effects cannot be effectively mitigated. T.UNAUTHORIZED_ACCESS A user may gain unauthorized access to the TOE data and TOE executable code. A malicious user, process, or external IT entity may masquerade as an authorized entity in order to gain unauthorized access to data or TOE resources. A malicious user, process, or external IT entity may misrepresent itself as the TOE to obtain identification and authentication data. T.UNAUTHORIZED_UPDATE A malicious party attempts to supply the end user with an update to the product that may compromise the security features of the TOE. T.USER_DATA_REUSE User data may be inadvertently sent to a destination not intended by the original sender. Table 4 – Threats Addressed by the TOE 3.2 Organizational Security Policies An organizational security policy is a set of rules, practices, and procedures imposed by an organization to address its security needs. The TOE is required to meet the following organizational security policies, as specified in table 5 of [NDPP] Annex A. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 14 of 64 POLICY NAME POLICY DESCRIPTION P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the TOE. Table 5 – Organizational Security Policies 3.3 Assumptions This section contains assumptions regarding the security environment and the intended usage of the TOE, as specified in table 3 of [NDPP] Annex A. ASSUMPTION DESCRIPTION A.NO_GENERAL_PURPOSE It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. A.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment. A.TRUSTED_ADMIN TOE Administrators are trusted to follow and apply all admin guidance in a trusted manner. Table 6 – Assumptions Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 15 of 64 4 Security Objectives 4.1 Security Objectives for the TOE The IT Security Objectives for the TOE are detailed below, as specified in table 6 of [NDPP] Annex A. OBJECTIVE DESCRIPTION O.PROTECTED_COMMUNICATIONS The TOE will provide protected communication channels for administrators, other parts of a distributed TOE, and authorized IT entities. O.VERIFIABLE_UPDATES The TOE will provide the capability to help ensure that any updates to the TOE can be verified by the administrator to be unaltered and (optionally) from a trusted source. O.SYSTEM_MONITORING The TOE will provide the capability to generate audit data and send those data to an external IT entity. O.DISPLAY_BANNER The TOE will display an advisory warning regarding use of the TOE. O.TOE_ADMINISTRATION The TOE will provide mechanisms to ensure that only administrators are able to log in and configure the TOE, and provide protections for logged-in administrators. O.RESIDUAL_INFORMATION_CLEARING The TOE will ensure that any data contained in a protected resource is not available when the resource is reallocated. O.SESSION_LOCK The TOE shall provide mechanisms that mitigate the risk of unattended sessions being hijacked. O.TSF_SELF_TEST The TOE will provide the capability to test some subset of its security functionality to ensure it is operating properly. Table 7 – TOE Security Objectives 4.2 Security Objectives for the Operational Environment The security objectives for the operational environment are detailed below, as specified in table 7 of [NDPP] Annex A. OBJECTIVE DESCRIPTION OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is provided by the environment. OE.TRUSTED_ADMIN TOE Administrators are trusted to follow and apply all admin guidance in a trusted manner. Table 8– Operational Environment Security Objectives 4.3 Security Objectives Rationale As these objectives for the TOE and operational environment are the same as those specified in [NDPP], the rationales provided in the prose of [NDPP] Section 3 and in the tables in [NDPP] Annex A Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 16 of 64 are wholly applicable to this security target as the statements of threats, assumptions, OSPs and security objectives provided in this security target are the same as those defined in the [NDPP]. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 17 of 64 5 Extended Security Requirement Components Definition This section defines the extended Security Functional Requirements (SFRs) to be met by the TOE as drawn from [NDPP]. 5.1 Extended TOE Security Functional Requirement Components This section specifies the extended SFRs for the TOE. 5.1.1 FAU_STG_EXT.1 External Audit Trail Storage FAU_STG_EXT.1 External Audit Trail Storage requires the TSF to use an external IT entity for audit data storage. It is modeled after FAU_STG.1, and is considered to be part of the FAU_STG family. Management: FAU_STG_EXT.1 There are no management activities foreseen. Audit: FAU_STG_EXT.1 There are no auditable events foreseen. FAU_STG_EXT.1 External Audit Trail Storage Hierarchical to: No other components Dependencies: FAU_GEN.1 Audit data generation FTP_ITC.1 Inter-TSF trusted channel FAU_STG_EXT.1.1 The TSF shall be able to [selection: transmit the generated audit data to an external IT entity, receive and store audit data from an external IT entity] using a trusted channel implementing the [selection: Ipsec, SSH, TLS, TLS/HTTPS] protocol. 5.1.2 FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_CKM_EXT.4 Cryptographic key zeroization requires cryptographic keys and cryptographic critical security parameters to be zeroized. It is modeled after FCS_CKM.4, and is considered to be part of the FCS_CKM family. Management: FCS_CKM_EXT.4 There are no management activities foreseen. Audit: FCS_CKM_EXT.4 There are no auditable events foreseen. FCS_CKM_EXT.4Cryptographic Key Zeroization Hierarchical to: No other components Dependencies: FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 18 of 64 FCS_CKM_EXT.4.1 The TSF shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer required. 5.1.3 FCS_RBG_EXT.1 Extended: Random Bit Generation FCS_RBG_EXT.1 Extended: Random Bit Generation requires random bit generation to be performed in accordance with selected standards and seeded by an entropy source. It is modeled after FCS_COP.1, but belongs to a new family defined for the FCS Class. Management: FCS_RBG_EXT.1 There are no management activities foreseen. Audit: FCS_RBG_EXT.1 There are no auditable events foreseen. FCS_RBG_EXT.1 Extended: Random Bit Generation Hierarchical to: No other components Dependencies: None FCS_RBG_EXT.1.1 The TSF shall perform all random bit generation (RBG) services in accordance with [selection, choose one of: NIST16 Special Publication 800-90 using [selection: Hash_DRBG17 (any), HMAC18_DRBG (any), CTR19_DRBG (AES20), Dual_EC21_DRBG (any)]; FIPS Pub 140-2 Annex C: X9.31 Appendix 2.4 using AES] seeded by an entropy source that accumulated entropy from [selection, one or both of: a software-based noise source; a TSF-hardware-based noise source]. FCS_RBG_EXT.1.2 The deterministic RBG shall be seeded with a minimum of [selection, choose one of: 128 bits, 256 bits] of entropy at least equal to the greatest security strength of the keys and hashes that it will generate. 5.1.4 FCS_SSH_EXT.1 Explicit: SSH FCS_SSH_EXT.1 Extended: SSH requires that SSH be implemented. It belongs to a new family defined for the FCS Class. Management: FCS_SSH_EXT.1 There are no management activities foreseen. Audit: FCS_SSH_EXT.1 The following actions should be auditable if FAU_GEN Security audit data generation is included in the ST: a) Failure to establish a SSH session, and reason for failure; b) Establishment/Termination of a SSH session, and non-TOE endpoint of connection (IP address) for both successes and failures. FCS_SSH_EXT.1 Extended: SSH Hierarchical to: No other components Dependencies: FCS_COP.1(1) Cryptographic operation (for data encryption/decryption) Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 19 of 64 FCS_COP.1(2) Cryptographic operation (for cryptographic signature) FCS_COP.1(3) Cryptographic Operation (for cryptographic hashing) FCS_COP.1(4) Cryptographic Operation (for keyed-hash message authentication) FCS_RBG_EXT.1 Extended: Cryptographic Operation (Random Bit Generation) FCS_CKM.1 Cryptographic Key Generation FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies with RFCs 4251, 4252, 4253, and 4254, and [selection: 5656, 6668, no other RFCs]. FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, password-based. FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than [assignment: number of bytes] bytes in an SSH transport connection are dropped. FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms: AES-CBC-128, AES-CBC-256, [selection: AEAD_AES_128_GCM, AEAD_AES_256_GCM, no other algorithms]. FCS_SSH_EXT.1.5 The TSF shall ensure that the SSH transport implementation uses [selection: SSH_RSA, ecdsa-sh2-nistp256] and [selection: PGP-SIGN-RSA, PGP-SIGN-DSS, ecdsa-sha2-nistp384, no other public key algorithms,] as its public key algorithm(s). FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport connection is [selection: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac- sha2-512]. FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 and [selection: ecdh- sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, no other methods] are the only allowed key exchange methods used for the SSH protocol. 5.1.5 FIA_PMG_EXT.1 Password Management FIA_PMG_EXT.1 Password Management defines the password strength requirements that the TSF will enforce. It belongs to a new family defined for FIA class. Management: FIA_PMG_EXT.1 There are no management activities foreseen. Audit: FIA_PMG_EXT.1 There are no auditable events foreseen. FIA_PMG_EXT.1 Password Management Hierarchical to: No other components Dependencies: None FIA_PMG_EXT.1.1 The TSF shall provide the following password management capabilities for administrative passwords: Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 20 of 64 1. Passwords shall be able to be composed of any combination of upper and lower case letters, numbers, and special characters: [selection: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”, [assignment: other characters]]; 2. Minimum password length shall settable by the Security Administrator, and support passwords of 15 characters or greater; 5.1.6 FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism requires a local password-based authentication mechanism and the capability for passwords to expire. In addition, other authentication mechanisms can be specified. It is considered to be part of the FIA_UAU family. Management: FIA_UAU_EXT.2 There are no management activities foreseen. Audit: FIA_UAU_EXT.2 The following actions should be auditable if FAU_GEN Security audit data generation is included in the ST: a) All use of the authentication mechanisms. FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism Hierarchical to: No other components Dependencies: None FIA_UAU_EXT.2.1 The TSF shall provide a local password-based authentication mechanism, [selection: [assignment: other authentication mechanism(s)], none] to perform user authentication. 5.1.7 FIA_UIA_EXT.1 Extended: Password-based Authentication and Identification Mechanism FIA_UIA_EXT.1 Extended: Password-based Authentication and Identification Mechanism, requires a local password-based authentication mechanism and the capability for passwords to expire. In addition, other authentication mechanisms can be specified. It is based on a combination of FIA_UAU.1 and FIA_UID.1, and belongs to a new family defined for class FIA. Management: FIA_UIA_EXT.1 There are no management activities foreseen. Audit: FIA_UIA_EXT.1 The following actions should be auditable if FAU_GEN Security audit data generation is included in the ST: a) All use of the authentication mechanism with provided user identity and origin of the attempt (e.g. IP address). FIA_UIA_EXT.1 Extended: Password-based Authentication and Identification Mechanism Hierarchical to: FIA_UID.1 Timing of identification FIA_UAU.1 Timing of Authentication Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 21 of 64 Dependencies: None FIA_UIA_EXT.1.1 The TSF shall allow the following actions prior to requiring the non-TOE entity to initiate the identification and authentication process: o Display the warning banner in accordance with FTA_TAB.1; o [selection: no other actions, [assignment: list of services, actions performed by the TSF in response to non-TOE requests.]] FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that administrative user. 5.1.8 FPT_APW_EXT.1 Extended: Protection of Administrator Passwords FPT_APW_EXT.1 Extended: Protection of Administrator Passwords requires administrator passwords to be stored in non-plaintext form and requires the TOE to prevent reading of plaintext passwords. It is modeled after FPT_SSP.2, but it belongs to a new family defined for the FPT class. Management: FPT_APW_EXT.1 There are no management activities foreseen. Audit: FPT_APW_EXT.1 There are no audit activities foreseen. FPT_APW_EXT.1 Extended: Protection of Administrator Passwords Hierarchical to: No other components Dependencies: None FPT_APW_EXT.1.1 The TSF shall store passwords in non-plaintext form. FPT_APW_EXT.1.2 The TSF shall prevent the reading of plaintext passwords. 5.1.9 FPT_SKP_EXT.1 Extended: Protection of TSF data (for reading of all symmetric keys) FPT_SKP_EXT.1 Extended: Protection of TSF data (for reading of all symmetric keys) requires the TOE to prevent reading of all pre-shared, symmetric, and private keys. It is modeled after FPT_SSP.1, but it belongs to a new family defined for the FPT class. Management: FPT_SKP_EXT.1 There are no management activities foreseen. Audit: FPT_SKP_EXT.1 There are no audit activities foreseen. FPT_SKP_EXT.1 Extended: Protection of TSF data (for reading of all symmetric keys) Hierarchical to: No other components Dependencies: None FPT_SKP_EXT.1.1 The TSF shall prevent reading of all pre-shared keys, symmetric keys, and private keys. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 22 of 64 5.1.10 FPT_TST_EXT.1 Extended: TSF testing FPT_TST_EXT.1 Extended: TSF testing requires a suite of self-tests to be run during initial start-up in order to demonstrate correct operation of the TSF. It is modeled after FPT_TST.1, but belongs to a new family defined for class FPT. Management: FPT_TST_EXT.1 There are no management activities foreseen. Audit: FPT_TST_EXT.1 There are no audit activities foreseen. FPT_TST_EXT.1 TSF testing Hierarchical to: No other components Dependencies: None FPT_TST_EXT.1.1 The TSF shall run a suite of self-tests during initial start-up (on power on) to demonstrate the correct operation of the TSF. 5.1.11 FPT_TUD_EXT.1 Extended: Management of TSF Data FPT_TUD_EXT.1 Extended: Management of TSF Data, requires management tools be provided to update the TOE firmware and software, including the ability to verify the updates prior to installation. It belongs to a new family defined for the FPT class. Management: FPT_TUD_EXT.1 There are no management activities foreseen. Audit: FPT_TUD_EXT.1 The following actions should be auditable if FAU_GEN Security audit data generation is included in the ST: a) Initiation of update. FPT_TUD_EXT.1 Extended: Trusted Update Hierarchical to: No other components Dependencies: FCS_COP.1(2) Cryptographic operation (for cryptographic signature) FCS_COP.1(3) Cryptographic operation (for cryptographic hashing) FPT_TUD_EXT.1.1 The TSF shall provide security administrators the ability to query the current version of the TOE firmware/software. FPT_TUD_EXT.1.2 The TSF shall provide security administrators the ability to initiate updates to TOE firmware/software. FPT_TUD_EXT.1.3 The TSF shall provide a means to verify firmware/software updates to the TOE using a [selection: digital signature mechanism, published hash] prior to installing those updates. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 23 of 64 5.1.12 FTA_SSL_EXT.1 Extended: TSF-initiated Session Locking FTA_SSL_EXT.1 Extended: TSF-initiated Session Locking requires system initiated locking of an interactive session after a specified period of inactivity. It is part of the FTA_SSL family. Management: FTA_SSL_EXT.1 The following actions could be considered for the management functions in FMT: a) Specification of the time of user inactivity after which lock-out occurs for an individual user. Audit: FTA_SSL_EXT.1 The following actions should be auditable if FAU_GEN Security audit data generation is included in the ST: a) Any attempts at unlocking an interactive session. FTA_SSL_EXT.1 Extended: TSF-initiated Session Locking Hierarchical to: No other components Dependencies: FIA_UIA_EXT.1 Password-based Authentication and Identification Mechanism FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions, [selection:  lock the session – disable any activity of the user’s data access display devices other than unlocking the session, and requiring that the administrator re-authenticate to the TSF prior to unlocking the session;  terminate the session] after a Security Administrator-specified time period of inactivity. 5.2 Extended TOE Security Assurance Requirement Components There are no extended TOE Security Assurance Requirement Components required by [NDPP]. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 24 of 64 6 Security Requirements This section provides security functional and assurance requirements that must be satisfied by the TOE. These requirements consist of components from the CC Part 2 and Part 3, National Information Assurance Partnership (NIAP) interpreted requirements, and explicit requirements defined in [NDPP]. All extended components are taken from [NDPP] and as such are understood to be defined by [NDPP], hence no statement of extended components is required in this security target. 6.1 Security Functional Requirements This section specifies the security functional requirements (SFRs) for the TOE, organized by CC class as specified in [NDPP]. Table 8 identifies all the SFR’s implemented by the TOE. CLASS HEADING CLASS_FAMILY DESCRIPTION AUDIT FAU_GEN.1 Audit Data Generation FAU_GEN.2 User Identity Association FAU_STG_EXT.1 External Audit Trail Storage CRYPTOGRAPHIC SERVICES FCS_CKM.1 Cryptographic Key Generation (for asymmetric keys) FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_COP.1(1) Cryptographic Operation (for data encryption/decryption) FCS_COP.1(2) Cryptographic Operation (for cryptographic signature) FCS_COP.1(3) Cryptographic Operation (for cryptographic hashing) FCS_COP.1(4) Cryptographic Operation (for keyed-hash message authentication) FCS_RBG_EXT.1 Extended: Cryptographic Operation (Random Bit Generation) FCS_SSH_EXT.1 Explicit SSH Requirements USER DATA PROTECTION FDP_RIP.2 Full residual information protection FIA_PMG_EXT.1 Extended: Password Management IDENTIFICATION & FIA_UIA_EXT.1 User Identification and Authentication AUTHENTICATION FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism FIA_UAU.7 Protected Authentication Feedback SECURITY MANAGEMENT FMT_MTD.1 Management of TSF Data (for general TSF data) FMT_SMF.1 Specification of Management Functions FMT_SMR.2 Restrictions on Security Roles PROTECTION OF THE TOE FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of all symmetric keys) Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 25 of 64 CLASS HEADING CLASS_FAMILY DESCRIPTION FPT_APW_EXT.1.1 Extended: Protection of Administrator Passwords FPT_STM.1 Reliable Time Stamps FPT_TUD_EXT.1 Extended: Trusted Update FPT_TST_EXT.1 TSF Testing FTA_EXT_SSL.1 TSF-initiated session locking TOE FTA_SSL.3 TSF-initiated termination ACCESS FTA_SSL.4 User-initiated termination FTA_TAB.1 Default TOE access banners TRUSTED PATH/CHANNEL FTP_ITC.1 Inter-TSF trusted channel FTP_TRP.1 Trusted path Table 9– TOE Security Functional Requirements Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 26 of 64 6.1.1 Security Audit (FAU) 6.1.1.1 Audit data generation (FAU_GEN.1) FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shut-down of the audit functions; b) All auditable events for the not specified level of audit; c) All administrative actions; and d) [specifically defined auditable events listed in Table 17, Section 8]. FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event time, based on the auditable event definitions of the functional components included in the PP/ST, [information specified in column three of Table 1Table 17, Section 8]. 6.1.1.2 User identity association – human users (FAU_GEN.2) FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able to associate each auditable event with the identity of the user that caused the event. 6.1.1.3 Protected audit trail storage (FAU_STG_EXT.1) FAU_STG_EXT.1.1 The TSF shall be able to [transmit the generated audit data to an external IT entity] using a trusted channel implementing the [SSH] protocol. 6.1.2 Cryptographic Support (FCS) 6.1.2.1 Cryptographic Key Generation (for asymmetric keys) (FCS_CKM.1.1) FCS_CKM.1.1 The TSF shall generate asymmetric cryptographic keys used for key establishment in accordance with; [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” for finite field- based key establishment schemes, NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” for elliptic curve-based key establishment schemes and implementing “NIST curves” P- 256, P-384 and [P-521] (as defined in FIPS PUB 186-3, “Digital Signature Standard”)] and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of 112 bits. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 27 of 64 6.1.2.2 Cryptographic Key Zeroization (for asymmetric keys) (FCS_CKM_EXT.4) FCS_CKM_EXT.4 The TSF shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer required. 6.1.2.3 Cryptographic Operation (for data encryption/decryption) (FCS_COP.1) FCS_COP.1.1(1) The TSF shall perform [encryption and decryption] in accordance with a specified cryptographic algorithm [AES operating in [CBC mode]] and cryptographic key sizes 128-bits and 256-bits that meets the following:  FIPS PUB 197, “Advanced Encryption Standard (AES)”  [NIST SP 800-38A, NIST SP 800-38D] 6.1.2.4 Cryptographic Operation (for cryptographic signature) (FCS_COP.1(2)) FCS_COP.1.1(2) The TSF shall perform cryptographic signature services in accordance with a [: (3) Elliptic Curve Digital Signature Algorithm (ECDSA) with a key size of 256 bits or greater] that meets the following: Case: Elliptic Curve Digital Signature Algorithm  FIPS PUB 186-3, “Digital Signature Standard “  The TSF shall implement “NIST curves” P-256, P-384 and [P-521] (as defined in FIPS PUB 186-3, “Digital Signature Standard”).] Application Note: ECDSA (P-256) + SHA256 (FCS_COP.1(2)) is used for package verification by M/Mx/PTX-series, as required for FPT_TUD_EXT.1. ECDSA signature services are also used by the SSH module, in support of the FCS_SSH_EXT.1 requirements. 6.1.2.5 Cryptographic Operation (for cryptographic hashing) (FCS_COP.1(3)) FCS_COP.1.1(3) The TSF shall perform [cryptographic hashing services] in accordance with a specified cryptographic algorithm [SHA-1, SHA-256, SHA-512] and message digest sizes [160, 256, 512] bits that meet the following: FIPS Pub 180-3, “Secure Hash Standard.” 6.1.2.6 Cryptographic Operation (for key-hash message authentication) (FCS_COP.1(4)) FCS_COP.1.1(4) The TSF shall perform [keyed-hash message authentication] in accordance with a specified cryptographic algorithm HMAC-[SHA1, SHA-256, SHA-512], key size [160, 256, 512 bits], and message digest sizes [160, 256, 512] bits that meet the following: FIPS Pub 198-1, “The Keyed-Hash Message Authentication Code, and FIPS Pub 180-3, “Secure Hash Standard.” Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 28 of 64 6.1.2.7 Extended: Cryptographic Operation (Random Bit Generation) (FCS_RBG_EXT.1) FCS_RBG_EXT.1.1 The TSF shall perform all random bit generation (RBG) services in accordance with [NIST Special Publication 800-90 using [HMAC_DRBG (any)]] seeded by an entropy source that accumulated entropy from [a software-based noise source; a TSF-hardware-based noise source]. FCS_RBG_EXT.1.2 The deterministic RBG shall be seeded with a minimum of [256 bits] of entropy at least equal to the greatest security strength of the keys and hashes that it will generate. 6.1.2.8 Explicit: SSH (FCS_SSH_EXT.1) FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies with RFCs 4251, 4252, 4253, and 4254, and [5656, 6668]. FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, password-based. FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than [256K] bytes in an SSH transport connection are dropped. FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms: AES-CBC-128, AES-CBC-256, [no other algorithms]. FCS_SSH_EXT.1.5 The TSF shall ensure that the SSH transport implementation uses [ecdsa-sha2- nistp256] and [no other public key algorithms] as its public key algorithm(s). FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport connection is [hmac-sha1, hmac-sha2-256, hmac-sha2-512]. FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 and [ecdh-sha2- nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521] are the only allowed key exchange methods used for the SSH protocol. 6.1.3 User Data Protection (FDP) 6.1.3.1 Full residual information protection (FDP_RIP.2) FDP_RIP.2.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [allocation of the resource to] all objects. 6.1.4 Identification and Authentication (FIA) 6.1.4.1 Password Management (FIA_PMG_EXT.1) FIA_PMG_EXT.1.1 The TSF shall provide the following password management capabilities for administrative passwords: 1. Passwords shall be able to be composed of any combination of upper and lower case letters, numbers, and the following special characters [“!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”]; Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 29 of 64 2. Minimum password length shall be settable by the Authorized6 Administrator, and support passwords of 15 characters or greater; 6.1.4.2 User Identification and Authentication (FIA_UIA_EXT.1) FIA_UIA_EXT.1.1 The TSF shall allow the following actions prior to requiring the non-TOE entity to initiate the identification and authentication process:  Display the warning banner in accordance with FTA_TAB.1;  [[routing/switching services, including ping, arp, BFD send (UDP port 49152), GRE OAM Keep-alive and SGR tunnel status (UDP port 49153) and HCM JVAS plugin (UDP port 49154) services]]. FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that administrative user. 6.1.4.3 Extended: Password-based Authentication mechanism (FIA_UAU_EXT.2) FIA_UAU_EXT.2.1 The TSF shall provide a local password-based authentication mechanism, [public key-based authentication] to perform administrative user authentication. Application Note: ECDSA is the public key algorithm supported for administrative user authentication. 6.1.4.4 Protected Authentication Feedback (FIA_UAU.7) FIA_UAU.7.1 The TSF shall provide only obscured feedback to the administrative user while the authentication is in progress at the local console7 . 6.1.5 Security Management (FMT) 6.1.5.1 Management of TSF data (For General TSF data) (FMT_MTD.1) FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the Authorized6 Administrators. 6.1.5.2 Specification of management functions (FMT_SMF.1) FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:  Ability to administer the TOE locally and remotely;  Ability to update the TOE, and to verify the updates using [digital signature] capability prior to installing those updates; 6 This is identified as a refinement as the PP uses the term “Security Administrator” in this instance, but defines the role “Authorized Administrator” in FMT_SMR.1 (see section 6.1.5.3). Therefore, the ST has adopted and applied the term “Authorized Administrator” for consistency reasons. 7 The refinement “at the local console” is not marked in [NDPP]. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 30 of 64  [No other capabilities]. Application Note: ECDSA is the supported digital signature algorithms (as specified in FCS_COP.1(2) for NDPP compliance. 6.1.5.3 Restrictions on security roles (FMT_SMR.2) FMT_SMR.2.1 The TSF shall maintain the roles:  Authorized Administrator. FMT_SMR.2.2 The TSF shall be able to associate users with roles. FMT_SMR.2.3 The TSF shall ensure that the conditions  Authorized Administrator role shall be able to administer the TOE locally;  Authorized Administrator role shall be able to administer the TOE remotely; are satisfied. 6.1.6 Protection of the TSF (FPT) 6.1.6.1 Extended: Protection of TSF Data (for reading of all symmetric keys) (FPT_SKP_EXT.1) FPT_SKP_EXT.1.1 The TSF shall prevent reading of all pre-shared keys, symmetric keys, and private keys. 6.1.6.2 Extended: Protection of Administrator Passwords (FPT_APW_EXT.1) FPT_APW_EXT.1.1 The TSF shall store passwords in non-plaintext form. FPT_APW_EXT.1.2 The TSF shall prevent the reading of plaintext passwords. 6.1.6.3 Reliable time stamps (FPT_STM.1) FPT_STM.1.1 The TSF shall be able to provide reliable time stamps for its own use. 6.1.6.4 Extended: Trusted Update (FPT_TUD_EXT.1) FPT_TUD_EXT.1.1 The TSF shall provide authorized6 administrators the ability to query the current version of the TOE firmware/software. FPT_TUD_EXT.1.2 The TSF shall provide authorized6 administrators the ability to initiate updates to TOE firmware/software. FPT_TUD_EXT.1.3 The TSF shall provide a means to verify firmware/software updates to the TOE using a [digital signature mechanism] prior to installing those updates. 6.1.6.5 Extended: TSF Testing (FPT_TST_EXT.1) FPT_TST_EXT.1.1 The TSF shall run a suite of self tests during initial start-up (on power on) to demonstrate the correct operation of the TSF. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 31 of 64 6.1.7 TOE Access (FTA) 6.1.7.1 TSF-initiated session locking (local sessions) (FTA_SSL_EXT.1) FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions, [terminate the session] after an Authorized6 Administrator-specified time period of inactivity. 6.1.7.2 TSF-initiated termination (remote sessions) (FTA_SSL.3) FTA_SSL.3.1 The TSF shall terminate a remote interactive session after an [Authorized6 Administrator-configurable time interval of session inactivity]. 6.1.7.3 User-initiated termination (FTA_SSL_EXT.4) FTA_SSL.4.1 The TSF shall allow Administrator-initiated termination of the Administrator’s own interactive session. 6.1.7.4 Default TOE access banners (FTA_TAB.1) FTA_TAB.1.1 Before establishing an administrative user session the TSF shall display an Authorized6 Administrator-specified advisory notice and consent warning message regarding use of the TOE. 6.1.8 Trusted Path/Channels (FTP) 6.1.8.1 Inter-TSF trusted channel (prevention of disclosure) (FTP_ITC.1) FTP_ITC.1.1 The TSF shall use [SSH] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: audit server, [[no other capabilities]] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. FTP_ITC.1.2 The TSF shall permit the TSF, or the authorized IT entities to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for [export of audit logs to syslog servers]. 6.1.8.2 Trusted path (FTP_TRP.1) FTP_TRP.1.1 The TSF shall use [SSH] to provide a trusted communication path between itself and remote administrators that is logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from disclosure and detection of modification of the communicated data. FTP_TRP.1.2 The TSF shall permit remote administrators to initiate communication via the trusted path. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 32 of 64 FTP_TRP.1.3 The TSF shall require the use of the trusted path for initial administrator authentication and all remote administration actions. 6.2 Security Assurance Requirements This section defines the assurance requirements for the TOE, which are summarized in Table 10 below. The security assurance requirements included in this Security Target include all those specified in [NDPP] for which conformance is claimed. In addition, Table 10 details the ASE Security Assurance Requirements to be applied for the evaluation of this ST, in the context of a TOE evaluation. ASSURANCE CLASS COMPONENTS DESCRIPTION ASE: Security Target ASE_INT.1 ST introduction ASE_CCL.1 Conformance claims ASE_OBJ.2 Security objectives ASE_ECD.1 Extended components definition ASE_REQ.2 Derived security requirements ASE_TSS.1 TOE Summary Specification ADV: Development ADV_FSP.1 Basic functional specification AGD: Guidance Documents AGD_OPE.1 Operational User Guidance AGD_PRE.1 Preparative User Guidance ALC: Lifecycle Support ALC_CMC.1 Labeling of the TOE ALC_CMS.1 TOE CM coverage ATE: Tests ATE_IND.1 Independent Testing – Conformance AVA: Vulnerability Assessment AVA_VAN.1 Vulnerability Analysis Table 10 – Security Assurance Requirements 6.3 Security Requirements Rationale 6.3.1 Security Functional Requirements Rationale The rationale of how the security functional requirements meet all objectives for the TOE is provided in the prose of [NDPP] Section 3. As all objectives and all SFRs in this Security Target are the same as those specified in [NDPP] the rationale provided in [NDPP] Section 3 is wholly applicable to this security target. All dependencies of security functional requirements are satisfied as demonstrated in below. SFR Dependency Satisfaction of dependency FAU_GEN.1 FPT_STM.1 Reliable time stamps FPT_STM.1 FAU_GEN.2 FAU_GEN.1 Audit data generation FIA_UID.1 Timing of identification FAU_GEN.1 FIA_UID.1 dependency satisfied by FIA_UIA_EXT.1 which authenticates administrator identity prior to interaction with TSF. FAU_STG_EXT.1 FAU_GEN.1 Audit data generation FTP_ITC.1 Inter-TSF trusted channel FAU_GEN.1 FTP_ITC.1 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 33 of 64 SFR Dependency Satisfaction of dependency FCS_CKM.1 [FCS_CKM.2 Cryptographic key distribution, or FCS_COP.1 Cryptographic operation] FCS_CKM.4 Cryptographic key destruction FCS_COP.1 (1-4) FCS_CKM.4 dependency met by FCS_CKM_EXT.4 FCS_CKM_EXT.4 [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.1 FCS_COP.1(1) [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1 FCS_CKM.4 dependency met by FCS_CKM_EXT.4 FCS_COP.1(2) [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1 FCS_CKM.4 dependency met by FCS_CKM_EXT.4 FCS_COP.1(3) [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1 FCS_CKM.4 dependency met by FCS_CKM_EXT.4 FCS_COP.1(4) [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1 FCS_CKM.4 dependency met by FCS_CKM_EXT.4 FCS_RBG_EXT.1 None n/a FCS_SSH_EXT.1 FCS_TLS_EXT.1 Extended: TLS FCS_TLS_EXT.1 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 34 of 64 SFR Dependency Satisfaction of dependency FDP_RIP.2 FCS_COP.1(1) Cryptographic operation (for data encryption/decryption) FCS_COP.1(2) Cryptographic operation (for cryptographic signature) FCS_COP.1(3) Cryptographic operation (for cryptographic hashing) FCS_COP.1(4) Cryptographic operation (for keyed-hash message authentication) FCS_RBG_EXT.1 Extended: Cryptographic Operation (Random Bit Generation) FCS_CKM.1 Cryptographic Key Generation FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_COP.1(1) FCS_COP.1(2) FCS_COP.1(3)) FCS_COP.1(4) FCS_RBG_EXT.1 FCS_CKM.1 FCS_CKM_EXT.4 FIA_PMG_EXT.1 FCS_COP.1(1) Cryptographic operation (for data encryption/decryption) FCS_COP.1(2) Cryptographic operation (for cryptographic signature) FCS_COP.1(3) Cryptographic operation (for cryptographic hashing) FCS_COP.1(4) Cryptographic operation (for keyed-hash message authentication) FCS_RBG_EXT.1 Extended: Cryptographic Operation (Random Bit Generation) FCS_CKM.1 Cryptographic Key Generation FCS_CKM_EXT.4 Cryptographic Key Zeroization FCS_COP.1(1) FCS_COP.1(2) FCS_COP.1(3)) FCS_COP.1(4) FCS_RBG_EXT.1 FCS_CKM.1 FCS_CKM_EXT.4 FIA_UIA_EXT.1 None n/a FIA_UAU_EXT.2 None n/a FIA_UAU.7 None n/a FMT_MTD.1 None n/a FMT_SMF.1 FIA_UAU.1 Timing of authentication FIA_UIA_EXT.1 which authenticates administrator identity prior to interaction with TSF. FMT_SMR.2 FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_SMR.1, FMT_SMF.1 FPT_SKP_EXT.1 None n/a Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 35 of 64 SFR Dependency Satisfaction of dependency FPT_APW_EXT.1.1 FIA_UID.1 Timing of identification FIA_UIA_EXT.1 which authenticates administrator identity prior to interaction with TSF. FPT_STM.1 None n/a FPT_TUD_EXT.1 None n/a FPT_TST_EXT.1 None n/a FTA_SSL_EXT.1 None n/a FTA_SSL.3 FCS_COP.1(2) Cryptographic operation (for cryptographic signature) FCS_COP.1(3) Cryptographic operation (for cryptographic hashing) FCS_COP.1(2) FCS_COP.1(3) FTA_SSL.4 None n/a FTA_TAB.1 FIA_UIA_EXT.1 Password-based Authentication and Identification Mechanism FIA_UIA_EXT.1 FTP_ITC.1 None n/a FTP_TRP.1 None n/a Table 11– Satisfaction of dependencies 6.3.2 Security Assurance Requirements Rationale The rationale provided in [NDPP] Section 4.3 for the selection of security assurance requirements is wholly applicable to this security target, as the security assurance requirements specified in this security target are the same as those specified in [NDPP]. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 36 of 64 7 TOE Summary Specification This section provides summary information on how the security requirements are met. The objective is to give a high-level view of the security requirements are satisfied by the TOE; therefore, the descriptions are not overly detailed. 7.1 Security Audit JUNOS creates and stores audit records for the following events (the detail of content recorded for each audit event is detailed in Table 17): a) Start-up and shutdown of the audit function8 ; b) All administrative actions; c) All events specified in Table 17. Auditing is done using syslog. Syslog can be configured to store the audit logs locally, and optionally to send them to one or more syslog log servers (via Netconf over SSH9 ). Local audit log are stored in /var/log/ in the underlying filesystem. Only an authorized administrator can read log files, or delete log and archive files through the CLI interface or through direct access to the filesystem having first authenticated as an authorized administrator (see Section 7.4 below). The syslogs are automatically deleted locally according to configurable limits on storage volume. The TOE defines an active log file and a number of “archive” files (10 by default, but configurable from 1 to 1000). When the active log file reaches its maximum size, the logging utility closes the file, compresses it, and names the compressed archive file ‘logfile.0.gz’. The logging utility then opens and writes to a new active log file. When the new active log file reaches the configured maximum size, ‘logfile.0.gz’ is renamed ‘logfile.1.gz’, and the active log file is closed, compressed, and renamed ‘logfile.0.gz’ (see [SLM] Chapter 1, Subsection ‘Specifying Log File Size, Number, and Archiving Properties’). When the maximum number of archive files is reached and when the size of the active file reaches the configured maximum size, the contents of the oldest archived file are deleted so the current active file can be archived. The maximum value that can be specified for the size of a log file is 1GB. However, the default maximum size depends on the platform type:  1 megabyte (MB) for M Series, Mx Series and PTX Series Routers  128KB for the EX Series switches These defaults maximum sizes can be modified by the user, as detailed in [SLM] Chapter 1, Subsection ‘Specifying Log File Size, Number, and Archiving Properties’. A 1GB syslog file takes approximately 25Mb of storage when archived. Syslog files can acquire complete storage allocated to /var filesystem which is platform specific. However, when the filesystem reaches 92% storage capacity an event is raised to the administrator but the eventd process (being a privileged process) still can continue using the reserved storage blocks. This allows the syslog to continue storing events while the administrator frees the storage. If the administrator does not free 8 Start-up and shutdown of the audit function are synonymous with start-up and shutdown of the TOE, as the audit functions cannot be enabled or disabled, and so form part of the TOE start-up and shutdown process, respectively. 9 In accordance with RFC 4741. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 37 of 64 the storage in time and the /var filesystem storage becomes exhausted a final entry is recorded in the log reporting “No space left on device” and logging is terminated. The appliance continues to operate in the event of exhaustion of audit log storage space. The minimum capacity available for the storage of audit files is detailed in Table 12. Series Models Minimum Storage Capacity for Audit Files Mx-Series Mx240 Mx480 Mx960 Mx2010 Mx2020 18Gb PTX-Series PTX3000 PTX5000 50Gb EX9200-Series EX9204, EX9208, EX9214 16Gb Table 12 – Minimum Storage Capacity for Audit File For more information about configuring event logging see [SLM] and [ECG]. The Audit function is designed to satisfy the following security functional requirements:  FAU_GEN.1  FAU_GEN.2  FAU_STG_EXT.1 7.2 Cryptographic Support All FIPS-approved cryptographic functions implemented by the secure network appliance are implemented in the Junos crypto module. The TOE evaluation provides a CAVP validation certificate for all FIPS-approved cryptographic functions implemented by the TOE. CAVP certificate details are provided in Table 13 – CAVP Certificate Results, below Implementation Algorithm Cert Number LibMD SHA #2960 HMAC #2295 OpenSSL AES #3597 DSA #1000 ECDSA #734 SHA #2959 HMAC #2294 DRBG_HMAC #932 Table 13 – CAVP Certificate Results The TOE meets the cryptographic requirements by allowing the administrator to run a FIPS install package (per platform guidance). The evaluated configuration of the TOE details that the FIPS operating mode should not be enabled10 . The Cryptographic security function is described in the context of how it satisfies the cryptographic security requirements. 10 The knob “set system fips level 1” (which is NOT set in the evaluated configuration) will enforce strict compliance to FIPS and enable restrictions on algorithms and keys sizes as required by FIPS requirements. While FIPS validated algorithms are invoked to provide the cryptographic operations necessary to support the evaluation configuration (including encryption, decryption, hashing services, signature services, random number generation and self-testing), FIPS mode should not be applied. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 38 of 64 The FIPS-approved crypto module implements Elliptic Curve Digital Signature Algorithm (ECDSA) with a key size of 256 bits or greater (as specified by the authorized administrator) with SHA256 for digital signature generation and verification. The TOE implements a timeout period for authentication for the SSHv2 protocol and provides a limit of three failed authentication attempts. The TOE uses public key-based authentication methods and password-based authentication for SSHv2. Packets greater than 256Kbytes in an SSH transport connection are dropped and the connection is terminated by the TOE. The TOE supports AES-CBC-128 and AES-CBC-256 encryption algorithms for SSH transport and uses “ecdsa-sha2-nistp256” as its public key algorithm. The data integrity algorithms used in SSH transport connection are “hmac-sha1”as required by [RFC4253] and hmac-sha2-256 and hmac-sha2-512 as required by [RFC6668]. Key exchange is done using one of “diffie-hellman-group14-sha1” [RFC4253] ecdh-sha2-nistp256, ecdh- sha2-nistp384, or ecdh-sha2-nistp521 [RFC5656]. No other key exchange methods are supported in the evaluated configuration, as detailed in [ECG]. The TOE supports cryptographic hashing via the SHA-1, SHA-256 and SHA-512 algorithms, provided it has a message digest size of 160, 256 or 512 bits. The TOE handles zeroization for all CSP, plaintext secret and private cryptographic keys according to Table 14– Key zeroization handling below. Zeroization is performed when then memory is called back for subsequent use, and is zeroized before it is re-used. The TOE performs random number generation in accordance with NIST Special Publication 800-90 using HMAC_DRBG, SHA-256 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 39 of 64 CSP Description How Stored Where Stored Zeroization Method SSH Private Host Key The first time SSH is configured, the key is generated. Used to identify the host. Plaintext Disk When the appliance is recommissioned, the config files (including CSP files such as SSH keys) are removed using "rm –rf". Files are overwritten three times using the zeroize option before they are deleted SSH Private Host Key Loaded into memory to complete session establishment Plaintext Memory Memory is overwritten upon session termination (erased on deallocation from a resource and also erased on (re)allocation to a resource) SSH Session Key Session keys used with SSH, AES 128, 256, HMAC-SHA-1, hmac-sha2- 256 or hmac-sha2-512 key (160, 256 or 512), DH Private Key (2048 or elliptic curve 256/384/521-bits) Plaintext Memory Memory is overwritten upon session termination (erased on deallocation from a resource and also erased on (re)allocation to a resource) User Password Plaintext value as entered by user Plaintext as entered Hashed when stored Processed in Memory Stored on disk Memory is overwritten once password verification is complete. When the appliance is recommissioned, the config files (including password hash file) are removed using "rm –rf". RNG State Internal state and seed key of RNG Plaintext Memory Handled by kernel, which zeroizes at power-cycle ecdh private keys Loaded into memory to complete key exchange in session establishment Plaintext Memory Memory is overwritten upon session termination (erased on deallocation from a resource and also erased on (re)allocation to a resource) Table 14– Key zeroization handling The Cryptographic support function is designed to satisfy the following security functional requirements:  FCS_CKM.1  FCS_CKM_EXT.4  FCS_COP.1(1)  FCS_COP.1(2)  FCS_COP.1(3)  FCS_COP.1(4)  FCS_RBG_EXT.1  FCS_SSH_EXT.1 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 40 of 64 7.3 User Data Protection The only resource made available to information flowing through a TOE is the temporary storage of packet information when access is requested and when information is being routed. User data is not persistent when resources are released by one user/process and allocated to another user/process. Temporary storage (memory) used to build network packets is erased when the resource is called into use by the next user/process. Junos knows, and keeps track of, the length of the packet. This means that when memory allocated from a previous user/process arrives to build the next network packet, Junos is aware of when the end of the packet is reached and pads a short packet with zeros accordingly. Hence, the memory content is overwritten by either the content of the subsequent packet or zeros and no residual information from packets in a previous information stream can traverse through the TOE. The User Data Protection function is designed to satisfy the following security functional requirements:  FDP_RIP.2 7.4 Identification and Authentication The TSF enforces binding between human users and subjects. The Authorized Administrator is responsible for provisioning user accounts, and only the Authorized Administrator can do so. User accounts in the TOE have the following attributes: user identity (user name), authentication data (password) and role (privilege). The Authorized Administrator is associated with a defined login class, which is assigned “permissions all”. Junos users are configured under “system login user” and are exported to the password database ‘/var/etc/master.passwd’. A Junos user is therefore an entry in the password database. Each entry in the password database has fields corresponding to the attributes of “system login user”, including username, (obfuscated) password and login class. The passwords are stored in obfuscated form using either sha1 or sha256 as detailed in [ECG]. Locally stored authentication data for fixed password authentication is a case-sensitive, alphanumeric value. The password has a minimum length of 1511 characters, must contain characters from at least two different character sets (upper, lower, numeric, punctuation), and can be up to 20 ASCII characters in length (control characters are not recommended).Authentication data for public key-based authentication methods are stored in a directory owned by the user (and typically with the same name as the user). This directory contains the files ‘.ssh/authorized_keys’ and ‘.ssh/authorized_keys2’ which are used for SSH public key authentication. The internal architecture supporting Authentication includes an active process, associated linked libraries and supporting configuration data. The Authentication process and library are  login()  PAM Library module Following TOE initialization, a ‘login’ process is listening for a connection at the local console. This ‘login’ process can be accessed through either direct connection to the local console or following 11 By default the minimum password length is 10, but this is configurable and can be set to another minimum length value, e.g. 15 using the command: set system login password minimum-length 15 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 41 of 64 successful establishment of a remote management connection over SSH (as detailed in Section 7.8), when a login prompt is displayed. This login process identifies and authenticates the user using PAM operations. The login process does two things; it first establishes that the requesting user is whom they claim to be and second provides them with an interactive Junos Command interactive command line interface (CLI). The SSH daemon supports public key authentication by looking up a public key in an authorized keys file located in the directory ‘.ssh’ in the user’s home directory (i.e. ‘~/.ssh/’) and this authentication method will be attempted before any other if the client has a key available. The SSH daemon will ignore the authorized keys file if it or the directory ‘.ssh’ or the user’s home directory are not owned by the user or are writeable by anyone else. For password authentication, login() interacts with a user to request a username and password to establish and verify the user’s identity. The username entered by the administrator at the username prompt is reflected to the screen, but no feedback to screen is provided while the entry made by the administrator at the password prompt until the Enter key is pressed. Login() uses PAM Library calls for the actual verification of this data.The password is hashed and compared to the stored value, and success/failure is indicated to login(). PAM is used in the TOE support authentication management, account management, session management and password management. Login primarily uses the session management and password management functionality offered by PAM. Following authentication, login launches the CLI using an exec()12 system call. Such an invocation, results in the main() function for the CLI to be invoked. The TOE requires users to provide unique identification and authentication data (passwords/public key) before any access to the system is granted. A password is configured for each user allowed to log into the secure router. The TOE successfully authenticates if the authentication data provided matches that stored in conjunction with the provided identity. The TOE will permit support of the following services prior to identification and authentication of the administrator: ping, arp, BFD send (UDP port 49152), GRE OAM Keep-alive and SGR tunnel status (UDP port 49153) and HCM JVAS plug-in (UDP port 49154). These services are permitted by default once the evaluated configuration, as specified in [ECG], has been applied. No administrator functions are available prior to identification and authentication. Junos OS process permissions prevent the daemons associated with these listening services from accessing any TSF data. The Identification and Authentication function is designed to satisfy the following security functional requirements:  FIA_PMG_EXT.1  FIA_UIA_EXT.1  FIA_UAU_EXT.2  FIA_UAU.7 7.5 Security Management There is only one user role defined for the TOE: Authorized Administrator. The Authorized Administrator is responsible for provisioning user accounts. User accounts in the TOE have the following attributes: user identity (user name), authentication data (password/public key) and role 12 Any of the exec family of system calls may be used. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 42 of 64 (privilege). Locally stored authentication data for fixed password authentication is a case-sensitive, value comprised of any combination of upper and lower case letters, numbers, and punctuation (from the set [“!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”). Public keys are stored in ‘.ssh’ files in the user’s home directory (i.e. ‘~/.ssh/’). The TOE provides user access either through the system console or remotely over the Trusted Path using the SSHv2 protocol. Users are required to provide unique identification and authentication data (passwords/public key) before any access to the system is granted. A password is configured for each user allowed to log into the secure router. Password information is stored as hashed data (using hmac- sha1) in the authentication database and public keys are stored in plaintext in ‘.ssh’ files in the user’s home directory (i.e. ‘~/.ssh/’). The TOE successfully authenticates if the authentication data provided matches that stored in conjunction with the provided identity. The Authorized Administrator has the capability to:  Modify cryptographic security data (import of certificates for the establishment of SSH sessions) and date/time  Restrict the service available to unidentified or unauthenticated IT entities  Restrict TOE (release) updates13 Detailed topics on the secure management of Juniper’s routers & switches are discussed in [SSG], [CLI], [UAA] and [ECG]. The Security Management function is designed to satisfy the following security functional requirements:  FMT_MTD.1  FMT_SMF.1  FMT_SMR.2 7.6 Protection of the TSF The clock function of the TOE provides a source of date and time information for the appliance, used in audit timestamps. The clock function is reliant on the system clock provided by the underlying hardware. In addition, for each user session the TOE maintains a count of clock cycles (provided by the system clock) since last activity. The count is reset each time there is activity related to the user session. When the counter reaches the number of clock cycles equating to the configured period of inactivity the user session is locked out. Authorized administrators are able to query the current version of the TOE firmware/software. Junos does not provide partial updates for the TOE, customers requiring updates must migrate to a subsequent release. The kernel maintains a set of fingerprints (SHA1 digests) for executable files and other files which should be immutable. No executable can be run or shared object loaded unless the fingerprint is correct. The fingerprints are loaded as the filesystems are mounted, from digitally signed manifests. The manifest file is signed using the Juniper engineering private key, and is verified by the TOE using the Juniper engineering public key (stored on the TOE filesystem in clear, protected by filesystem access rights). 13 Patch updates are not included in the scope of the evaluation; only complete release updates are supported. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 43 of 64 ECDSA (P-256) with SHA-256 is used for package verification by M/Mx/PTX-series and EX-series The fingerprint loader will only process a manifest for which it can verify the signature. Thus without a valid digital signature an executable cannot be run. When the command is issued to install an update (e.g. request system software add jinstall), the manifest file for the update is verified and stored, and each executable/immutable file is verified before it is executed. If any of the fingerprints in an update are not correctly verified, the TOE rolls back to the last known verified image. The TOE will run the following set of self-tests during power on to check the correct operation of the TOE:  Power on test – determines the boot-device responds, and performs a memory size check to confirm the amount of available memory.  File integrity test –verifies integrity of all mounted signed packages, to assert that system files have not been tampered with.  Crypto integrity test – checks integrity of major CSPs, such as SSH hostkeys and iked credentials, such as Cas, CERTS, and various keys.  Authentication error – verifies that veriexec is enabled and operates as expected using /opt/sbin/kats/cannot-exec.real.  Kernel, libmd, OpenSSL, QuickSec, SSH Ipsec – verifies correct output from known answer tests for appropriate algorithms The power on self-tests are run in different modules for example: Testing kernel KATS: DES3-CBC Known Answer Test HMAC-SHA1 Known Answer Test HMAC-SHA2-256 Known Answer Test SHA-2 Known Answer Test AES128-CMAC Known Answer Test AES-CBC Known Answer Test Testing MacSec KATS: AES128-CMAC Known Answer Test Testing libmd KATS: HMAC-SHA1 Known Answer Test HMAC-SHA2-256 Known Answer Test SHA-2 Known Answer Test Testing OpenSSL KATS: FIPS RNG Known Answer Test NIST 800-90 HMAC DRBG Known Answer Test FIPS DSA Known Answer Test FIPS ECDSA Known Answer Test FIPS ECDH Known Answer Test FIPS RSA Known Answer Test DES3-CBC Known Answer Test HMAC-SHA1 Known Answer Test HMAC-SHA2-224 Known Answer Test HMAC-SHA2-256 Known Answer Test HMAC-SHA2-384 Known Answer Test Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 44 of 64 HMAC-SHA2-512 Known Answer Test SHA-2 Known Answer Test AES-CBC Known Answer Test AES-GCM Known Answer Test ECDSA-SIGN Known Answer Test KDF-IKE-V1 Known Answer Test KDF-SSH Known Answer Test Testing QuickSec KATS: NIST 800-90 HMAC DRBG Known Answer Test DES3-CBC Known Answer Test HMAC-SHA1 Known Answer Test HMAC-SHA2-224 Known Answer Test HMAC-SHA2-256 Known Answer Test HMAC-SHA2-384 Known Answer Test HMAC-SHA2-512 Known Answer Test AES-CBC Known Answer Test SSH-RSA-ENC Known Answer Test SSH-RSA-SIGN Known Answer Test KDF-IKE-V1 Known Answer Test KDF-IKE-V2 Known Answer Test Testing SSH Ipsec KATS: NIST 800-90 HMAC DRBG Known Answer Test DES3-CBC Known Answer Test HMAC-SHA1 Known Answer Test HMAC-SHA2-256 Known Answer Test SHA-2 Known Answer Test AES-CBC Known Answer Test SSH-RSA-ENC Known Answer Test SSH-RSA-SIGN Known Answer Test KDF-IKE-V1 Known Answer Test Testing file integrity: File integrity Known Answer Test Testing crypto integrity: Crypto integrity Known Answer Test Expect an exec Authentication error… /sbin/kats/run-tests: /sbin/kats/cannot-exec: Authentication error Junos OS is designed to fail securely. In the event of a transiently corrupt state or failure condition, the system will report an error; the event will be logged and the system restarted, having ceased to process network traffic. When the system restarts, the system boot process does not succeed without passing all self-tests for cryptographic algorithms, RNG tests, and software integrity tests. The logging of this self-test behavior is discussed in Chapter 10 of [ECG]. The TOE does not provide a CLI interface to permit the viewing of keys. Cryptographic keys are protected through the enforcement of kernel-level file access rights, limiting access to the contents of Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 45 of 64 cryptographic key containers to processes with cryptographic rights or shell users with root permission14 . The Protection of the TSF function is designed to satisfy the following security functional requirements:  FPT_SKP_EXT.1  FPT_APW_EXT.1  FPT_STM.1  FPT_TUD_(EXT).1  FPT_TST_EXT.1 7.7 TOE Access Junos enables Authorized Administrators to configure an access banner provided with the authentication prompt. The banner can provide warnings against unauthorized access to the secure router as well as any other information that the Authorized Administrator wishes to communicate. User sessions can be terminated by users. The Authorized Administrator can set the TOE so that a user session is terminated after a period of inactivity. The TSF overwrites the display device and makes the current contents unreadable after the local interactive session is terminated due to inactivity, thus disabling any further interaction with the TOE. This mechanism is the inactivity timer for administrative sessions. The Authorized Administrator can configure this inactivity timer on administrative sessions after which the session will be logged out. The local administrative user can logout of existing session by typing logout to exit the CLI admin session and the TSF makes the current contents unreadable after the admin initiates the termination. No user activity can take place until the user re-identifies and authenticates. The TOE Access function is designed to satisfy the following security functional requirements:  FTA_SSL_EXT.1.1  FTA_SSL.3  FTA_SSL.4  FTA_TAB.1 7.8 Trusted Path/Channels The TOE supports and enforces Trusted Channels that protect the communications between the TOE and a remote audit server from unauthorized disclosure or modification. It also supports Trusted Paths between itself and remote administrators so that the contents of administrative sessions are protected against unauthorized disclosure or modification. The TOE achieves Trusted Channels by use of the SSHv2 protocol which ensures the confidentiality and integrity of communication with the remote audit server. Export of audit information to a secure, remote server is achieved by setting up an event trace monitor that sends event log messages by using NETCONF over SSH to the remote system event logging server. Either the TOE or the remote audit server can initiate the connection, and mutual identification of the endpoints is guaranteed by using 14 [ECG] details the use of the root user is limited to initial installation and configuration and is not to be used in normal operation. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 46 of 64 public key certificate based authentication for SSH. The SSHv2 protocol ensures that the data transmitted over a SSH session cannot be disclosed or altered by using the encryption and integrity mechanisms of the protocol with the FIPS cryptographic module. The TOE achieves Trusted Paths by use of the SSHv2 protocol which ensures the confidentiality and integrity of user sessions. The encrypted communication path between the TSF and a remote administrator is provided by the use of an SSH session. Remote administrators of the TSF initiate communication with the TSF through the SSH tunnel created by the SSH session. Assured identification of the TSF is guaranteed by using public key based authentication for SSH. The SSHv2 protocol ensures that the data transmitted over a SSH session cannot be disclosed or altered by using the encryption and integrity mechanisms of the protocol with the FIPS cryptographic module. Local console access is gained by connecting an RJ-45 cable between the console port on the appliance and a workstation with a serial connection client. The Trusted Path/Channels function is designed to satisfy the following security functional requirements:  FTP_ITC.1  FPT_TRP.1 7.9 RFC Conformance Statements This section identifies, for the critical RFCs applied in the implementation of SSH, the options supported by the TOE. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 47 of 64 RFC RFC synopsis TOE Handling of Security-Related Protocol Options RFC 4251 The Secure Shell (SSH) Protocol Architecture Host Keys: The TOE uses an ECDSA Host Key for SSH v2, which is generated on initial setup of the TOE. It can be de-configured via the CLI and the key will be deleted and thus unavailable during connection establishment. This key is randomly generated to be unique to each TOE instance. The TOE presents the client with its public key and the client matches this key against its known_hosts list of keys. When a client connects to the TOE, the client will be able to determine if the same host key was used in previous connections, or if the key is different (per the SSHv2 protocol). Policy Issues: The TOE implements all mandatory algorithms and methods. The TOE can be configured to accept public-key based authentication and/or password-based authentication. The TOE does not require multiple authentication mechanisms for users. The TOE allows port forwarding and sessions to clients. The TOE has no X11 libraries or applications and X11 forwarding is prohibited. Confidentiality: The TOE does not accept the “none” cipher. For ciphers whose blocksize >= 16, the TOE rekeys every 2^32 blocks have been sent/received. For other ciphers, the TOE rekeys connections, after 2^27 blocks have been sent/received. (Rekeying can also be triggered by sending 2^31 + 1 packets, rather than blocks.) The client may explicitly request a rekeying event as a valid SSHv2message at any time and the TOE will honor this request. Denial of Service: When the SSH connection is brought down, the TOE does not attempt to re-establish it. Ordering of Key Exchange Methods: The TOE orders key exchange algorithms as follows: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie- hellman-group14-sha1. Debug Messages: The TOE sshd server does not support debug messages via the CLI. End Point Security: The TOE permits port forwarding. Proxy Forwarding: The TOE permits proxy forwarding. X11 Forwarding: The TOE does not support X11 forwarding. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 48 of 64 RFC RFC synopsis TOE Handling of Security-Related Protocol Options RFC 4252 The Secure Shell (SSH) Authentication Protocol Authentication Protocol: The TOE does not accept the “none” authentication method. The TOE disconnects a client after 30 seconds if authentication has not been completed. The TOE also allows authentication retries of three times before sending a disconnect to the client. Authentication Requests: The TOE does not accept authentication if the requested service does not exist. The TOE does not allow authentication requests for a non-existent username to succeed – it sends back a disconnect as it would for failed authentications and hence does not allow enumeration of valid usernames. The TOE denies “none” authentication method and replies with a list of permitted authentication methods. Public Key Authentication Method: The TOE supports public key authentication. Authentication succeeds if the correct private key is used. The TOE does not require multiple authentications (public key and password) for users. Password Authentication Method: The TOE supports password authentication. Expired passwords are not supported and cannot be used for authentication. Host-Based Authentication: The TOE does not support the configuration of host-based authentication methods. RFC 4253 The Secure Shell (SSH) Transport Layer Protocol Encryption: The TOE offers the following for encryption of SSH sessions: aes128-cbc and aes256-cbc 15 . The TOE permits negotiation of encryption algorithms in each direction. The TOE does not allow the “none” algorithm for encryption. Data Integrity: The TOE permits negotiation of HMAC-SHA1 in each direction. Key Re-Exchange: The TOE performs a re-exchange when SSH_MSG_KEXINIT is received. RFC 4254 Secure Shell (SSH) Connection Protocol Multiple channels: The TOE assigns each channel a number (as detailed in RFC 4251, see above). Data transfers: The TOE supports a maximum window size of 256K bytes for data transfer. Interactive sessions: The TOE only supports interactive sessions that do NOT involve X11 forwarding. Forwarded X11 connections: This is not supported in the TOE. Environment variable passing: The TOE only sets variables once the server process has dropped privileges. Starting shells/commands: The TOE supports starting one of shell, application program or command (only one request per channel). These will be run in the context of a channel, and will not halt the execution of the protocol stack. Window dimension change notices: The TOE will accept notifications of changes to the terminal size (dimensions) from the client. Port forwarding: This is fully supported by the TOE. 15 Others are supported by default, but these are the encryption algorithms [ECG] specifies are to be configured in the evaluated configuration. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 49 of 64 RFC RFC synopsis TOE Handling of Security-Related Protocol Options RFC5656 SSH ECC Algorithm Integration ECDH Key Exchange: The client matches the key against its known_hosts list of keys. Required Curves: All required curves are implemented: ecdh-sha2-nistp256, ecdh-sha2-nistp384, or ecdh-sha2-nistp521. None of the recommended curves are supported as they are not included in [NDPPerr]. RFC 6668 sha2-Transport Layer Protocol Data Integrity Algorithms: Both the recommended and optional algorithms hmac-sha2-256 and hmac-sha2-512 (respectively) are implemented. Table 15 – RFC Conformance Statements The RFC conformance statements support the satisfaction of FCS_SSH_EXT.1. 7.10 Conformance Statements for 800-56 The following sections detail all sections of the [800-56A] standard the TOE complies with for generation of asymmetric cryptographic keys (as claimed in FCS_CKM.1). The relevant sections of [800- 56A] are section 5.5 “Domain Parameters” and section 5.6 “Private and Public Keys”. All “SHALL” statements within the listed sections are implemented in the TOE and all “SHALL NOT” statements are adhered to within the TOE and the described functionality/behavior is not present. The implemented option associated with each “SHOULD” and “SHOULD NOT” statement in a referenced section is detailed. There are no TOE specific extensions relating to cryptographic key generation that are not included in this standard. 7.10.1 Finite Field-Based and Elliptic Curve-Based Key Establishment Schemes The requirements for both Finite Field-Based Key Establishment Schemes and Elliptic Curve-Based Key Establishment Schemes are specified in [800-56A]: 800-56A section 800-56A sub section Compliance 5.5 Domain Parameters General Comply with all “shall” statements. 5.5.1 Domain Parameter Generation 5.5.1.1 FFC Domain Parameter Generation Comply with all “shall” statements. 5.5.1.2 ECC Domain Parameter Generation Comply with all “shall” statements. 5.6 Key Establishment Key Pairs General No statements 5.6.1 Key Pair Generation 5.6.1.1 FFC Key Pair Generation Comply with all “shall” statements. 5.6.1.2 ECC Key Pair Generation Comply with all “shall” statements. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 50 of 64 800-56A section 800-56A sub section Compliance 5.6.2 Required Assurances General Comply with all “shall” statements. The TOE will determine and explicitly reflect whether or not key establishment is allowed based upon the method(s) of assurance that was used. 5.6.2.1 Assurances Required by the Key Pair Owner Owner Receives Assurance via Key Generation – The act of generating a key pair. Owner Full Validation – The owner performs a successful full public key validation, via pair-wise consistency check If consistency fails the key pair shall not be used. 5.6.2.2 Assurances Required by a Public Key Recipient The recipient receives assurance that a trusted third party (trusted by the recipient) has generated the public/private key pair in accordance with Section 5.6.1 and has provided the key pair to the owner. The TOE will be made aware of the method(s) used by the third party. The underlying key agreement used by the TOE is “dhOneFlow or (Cofactor) One-Pass Diffie- Hellman”. Comply with all “shall” statements. 5.6.2.3 Public Key Validation Routines Comply with all “shall” statements. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 51 of 64 800-56A section 800-56A sub section Compliance 5.6.3 Key Pair Management 5.6.4.1 Common Requirements on Static and Ephemeral Key Pairs Comply with all “shall” statements and the “shall not” statement. 5.6.4.2 Specific Requirements on Static Key Pairs Comply with all “shall” statements and the “shall not” statement. In item #3 – The TOE will determine whether or not key establishment is allowed based upon the method(s) of assurance that was used. 5.6.4.3 Specific Requirements on Ephemeral Key Pairs Comply with all “shall” statements. In item #2 – The TOE will generate an ephemeral key pair just before the ephemeral public key is transmitted. In item #3 – The TOE will determine whether or not to key establishment is allowed based upon the method(s) of assurance that was used. Table 16 – [800-56A] Conformance Statements Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 52 of 64 8 Audit Events The table below maps security requirements to auditable events and audit record contents, in support of FAU_GEN.1.1. REQUIREMENT AUDITABLE EVENTS AUDIT RECORD CONTENTS FAU_GEN.2 None FAU_STG_EXT.1 None FCS_CKM.1 None FCS_CKM_EXT.4 None FCS_COP.1(1) None FCS_COP.1(2) None FCS_COP.1(3) None FCS_COP.1(4) None. FCS_RBG_EXT.1 None. FCS_SSH_EXT.1 Failure to establish an SSH session Establishment/Termination of an SSH session Reason for failure :  Protocol version mismatch  cipher mismatch between client and server  mac algorithm mismatch  ssh hostkey mismatch  ssh key-exchange mismatch Non-TOE endpoint of connection (IP address) for both successes and failures. FDP_RIP.2 None. FIA_PMG_EXT.1 None. FIA_UAU_EXT.2 All use of the authentication mechanism. Origin of the attempt (e.g., IP address). FIA_UAU.7 None. FIA_UIA_EXT.1 All use of the identification and authentication mechanism. Provided user identity, origin of the attempt (e.g., IP address). FMT_MTD.1 None. FMT_SMF.1 None. FMT_SMR.2 None. FPT_SKP_EXT.1 None. FPT_APW_EXT.1 None. FPT_STM.1 Changes to the time. The old and new values for the time. Origin of the attempt (e.g., IP address). FPT_TUD_EXT.1 Initiation of update. No additional information. FPT_TST_EXT.1 None. FTA_SSL_EXT.1 Any attempts at unlocking of an interactive session. No additional information. FTA_SSL.3 The termination of a remote session by the session locking mechanism. No additional information. FTA_SSL.4 The termination of an interactive session. No additional information. FTA_TAB.1 None. FTP_ITC.1 Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions. Identification of the initiator and target of failed trusted channels establishment attempt. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 53 of 64 REQUIREMENT AUDITABLE EVENTS AUDIT RECORD CONTENTS FTP_TRP.1 Initiation of the trusted channel. Termination of the trusted channel. Failures of the trusted path functions. Identification of the claimed user identity. Table 17 – Security Audit Requirements 9 Install Packages This section details the install packages for the routers and switches. All of the support Mx, PTX and EX9200 appliances are Intel Xeon i386 based platforms. 9.1 Mx/PTX Routers The router install images (Mx/PTX) are all derived from one release branch, which is compiled into different install images according to the platforms, namely:  64 bit Junos image for Mx240 Mx480 Mx960 Mx2010 Mx2020. -> jinstall64-14.2R3.8-domestic-signed.tgz  64 bit Junos image for PTX3000, PTX5000. -> jinstall64-14.2R3.8-domestic-signed.tgz 9.2 EX9200 Switches The EX-9200(9204 & 9208, 9214) image is a 64-bit image.  EX9200 (9204 & 9208, 9214) -> jinstall64-ex92xx-14.2R3.8-domestic-signed.tgz 9.3 FIPS Install Packages For all appliances there is a single image for the FIPS install package that must be applied to the above router/switch images, namely:  fips-mode-i386-14.2R3.8-signed.tgz Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 54 of 64 10 TOE Network Interfaces 10.1 Mx 240, Mx 480 and Mx 960 10.1.1 MPCs Model Number Description MX-MPC1-3D MPC1 with port queuing; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC1-3D-Q MPC1 with per-IFL HQoS, 128,000 queues (maximum 64000 egress); includes full scale L2/L2.5 and reduced scale L3 features MX-MPC1-3D-Q-R-B MX-MPC1-3D-Q line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC1-3D-R-B MX-MPC1-3D line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC1E-3D Enhanced MPC1, port queuing; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC1E-3D-Q Enhanced MPC1, per-IFL HQoS, 128,000 queues (max 64,000 egress); includes full scale L2/L2.5 and reduced scale L3 features MX-MPC1E-3D-Q-R-B MX-MPC1E-3D-Q line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC1E-3D-R-B MX-MPC1E-3D line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC2-3D MPC2 with port queuing; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2-3D-EQ MPC2 with per-IFL HQoS, 512,000 queues; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2-3D-EQ-R-B MX-MPC2-3D-EQ line card bundle, includes full scale L3, L2 and L2.5 features MX-MPC2-3D-Q MPC2 with per-IFL HQoS, 256,000 queues (max 128,000 egress); includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2-3D-Q-R-B MX-MPC2-3D-Q line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC2-3D-R-B MX-MPC2-3D line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC2E-3D Enhanced MPC2 with port queuing; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2E-3D-EQ Enhanced MPC2 with per-IFL HQoS, 512,000 queues; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2E-3D-EQ-R-B MX-MPC2E-3D-EQ line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC2E-3D-P Enhanced MPC2 with 1588v2, port queuing; includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2E-3D-P-Q-B MX-MPC2E-3D-P line card bundle; includes 1588v2, per-IFL HQoS, 256,000 queues (maximum 128,000 egress), full scale L2/L2.5 and reduced scale L3 features MX-MPC2E-3D-P-Q-R-B MX-MPC2E-3D-P line card bundle; includes 1588v2, per-IFL HQoS, 256,000 queues (maximum 128,000 egress), full scale L3, L2, and L2.5 features MX-MPC2E-3D-P-R-B MX-MPC2E-3D-P line card bundle; includes 1588v2, full scale L3, L2, and L2.5 features MX-MPC2E-3D-Q Enhanced MPC2 with per-IFL HQoS, 256,000 queues (maximum 128,000 egress); includes full scale L2/L2.5 and reduced scale L3 features MX-MPC2E-3D-Q-R-B MX-MPC2E-3D-Q line card bundle; includes full scale L3, L2, and L2.5 features MX-MPC2E-3D-R-B MX-MPC2E-3D line card bundle; includes full scale L3, L2, and L2.5 features MPC2E-3D-NG Next-generation MPC2E with upgraded CPU and memory. Offers full feature parity with the MPC1E, MPC2E, and MPC3E. Includes full scale L2/L2.5 and reduced scale L3 features. Flexible queuing option enables hierarchical QoS support with up to 32,000 total queues. Supports all MICs supported by MPC1E and MPC2E. MPC2E-3D-NG-IR-B Next-generation MPC2E line card bundle. Offers full feature parity with MPC1E, MPC2E, and MPC3E. Includes full scale L2/L2.5, L3 features and up to 16 L3VPNs per MPC. Flexible queuing option enables hierarchical QoS support with up to 32,000 total queues. Supports all MICs supported by MPC1E and MPC2E. Some MPCs can accept 2 or 4 Modular Interface Cards (MICs), which are detailed in the following section (Section 10.2.2). 10.1.2 MICs Model Number Description MIC3-3D-10XGE-SFPP MIC with 10x10GbE SFP+ interface MIC-3D-20GE-SFP 20 ports of 10/100/1000 Ethernet with small form-factor pluggable transceiver (SFP) interfaces MIC-3D-20GE-SFP-E 20 ports of 10/100/1000 Ethernet with enhanced small form-factor pluggable transceiver (SFP) interfaces MIC-3D-20GE-SFP-EH 20 ports of 10/100/1000 Ethernet with enhanced and temperature hardened small form- factor pluggable transceiver (SFP) interfaces Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 55 of 64 Model Number Description MIC-3D-2XGE-XFP 2 10GbE modular interface cards with XFP interfaces MIC-3D-4XGE-XFP 4 10GbE modular interface cards with XFP interfaces MIC-3D-40GE-TX 40 ports of 10/100/1000 Ethernet with TX interfaces MIC3-3D-1X100GE-CFP MIC with 1x100GbE C form-factor pluggable transceiver (CFP) interface MIC3-3D-1X100GE-CXP MIC with 1x100GbE CXP interface MIC3-3D-2X40GE-QSFPP MIC with 2x40GbE QSFP+ interfaces MIC-3D-4CHOC3-2CHOC12 4-port channelized OC3/2-port channelized OC12 (down to DS0) MIC MIC-3D-4COC3-1COC12-CE Multirate circuit emulation MIC, 4-port channelized OC3/STM1 (to DS0) or 1-port channelized OC12/STM4 (to DS0) MIC-3D-4OC3OC12-1OC48 4-port non-channelized OC3-OC12/1-port non-channelized OC48 MIC MIC-3D-4XGE-XFP 4x10GbE MIC for MX Series (supported on MX-MPC2 line cards) MIC-3D-8CHDS3-E3-B 8-port channelized DS3 (down to DS0)/non-channelized E3 MIC, 75 ohm mini SMB MIC-3D-8CHOC3-4CHOC12 High-density multi-rate MIC channelized, 8-port channelized OC3/4-port channelized OC12 (down to DS0) MIC MIC-3D-8DS3-E3 8-port non-channelized DS3/non-channelized E3 MIC, 75 ohm mini SMB MIC-3D-8OC3-2OC12-ATM Multirate 8-port non-channelized ATM OC3/STM1 or 2-port non-channelized OC12/STM4 ATM MIC MIC-3D-8OC3OC12-4OC48 Multirate 8-port non-channelized OC3-OC12/4-port non-channelized OC48 MIC 10.1.3 DPC Model Number Description DPCE-R-20GE-2XGE 20-port GbE + 2-port 10GbE DPC with L2+L3 features DPCE-R-Q-20GE-2XGE 20-port GbE + 2-port 10GbE enhanced queuing DPC with L2+L3 features DPCE-R-Q-20GE-SFP 20x1GbE L2/L3 capable with enhanced queuing DPCE-R-2XGE-XFP 2x10GbE Enhanced DPC for MX Series DPCE-R-40GE-SFP 40x1GbE L2/L3 capable DPCE-R-Q-40GE-SFP 40x1GbE enhanced queuing DPC for MX Series with L2/L3 features and VLAN-HQoS DPCE-R-40GE-TX 40-port 10/100/1000 RJ-45 DPC with L2+L3 features DPCE-X-40GE-SFP 40x1GbE L2+ capable DPCE-X-Q-40GE-SFP 40x10/100/1000 Ethernet L2/L3 capable with RJ45 DPCE-X-4XGE-XFP 4x10GbE L2+ capable DPCE-R-4XGE-XFP 4x10GbE Enhanced DPC with L2+L3 features DPCE-R-Q-4XGE-XFP 4x10GbE queuing DPC with L2/L3 features and VLAN-HQoS DPCE-X-Q-4XGE-XFP 4x10GbE L2+ capable board with enhanced queuing MX-FPC2 DPC with 2 slots for type 2 PICs 10.2 Mx 2010 and Mx 2020 10.2.1 Modular Port Concentrators (MPCs) Model Number Description MX-MPC1-3D 1xTrio chipset MPC, port queuing, price includes full scale L2/L2.5 and reduced scale L3 MX-MPC1-3D-Q 1xTrio chipset MPC, per-IFL HQoS, 128K queues (max 64K egress); full scale L2/L2.5 and reduced scale L3 MX-MPC1-3D-Q-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC1-3D-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC1E-3D 1xTrio chipset enhanced MPC, port queuing, price includes full scale L2/L2.5 and reduced scale L3 MX-MPC1E-3D-Q 1xTrio chipset enhanced MPC, per-IFL HQoS, 128K queues (max 64K egress); full scale L2/L2.5 and reduced scale L3 MX-MPC1E-3D-Q-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC1E-3D-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC2-3D 2xTrio chipset MPC, port queuing, price includes full scale L2/L2.5 and reduced scale L3 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 56 of 64 Model Number Description MX-MPC2-3D-EQ 2xTrio chipset MPC, per-IFL HQoS, 512K queues; full scale L2/L2.5 and reduced scale L3 MX-MPC2-3D-EQ-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC2-3D-Q 2xTrio chipset MPC, per-IFL HQoS, 256K queues (max 128K egress); full scale L2/L2.5 and reduced scale L3 MX-MPC2-3D-Q-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC2-3D-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC2E-3D 2xTrio chipset enhanced MPC, port queuing, price includes full scale L2/L2.5 and reduced scale L3 MX-MPC2E-3D-EQ 2xTrio chipset enhanced MPC, per-IFL HQoS, 512K queues; full scale L2/L2.5 and reduced scale L3 MX-MPC2E-3D-EQ-R-B Line-card bundle, price includes full scale L3, L2, and L2.5 MX-MPC2E-3D-P 2xTrio chipset enhanced MPC, 1588v2, port queuing, price includes full scale L2/L2.5 and reduced scale L3 MX-MPC2E-3D-P-Q-B Line-card bundle, 1588v2, per-IFL HQoS, 256K queues (max 128K egress), full scale L2/L2.5 and reduced scale L3 MX-MPC2E-3D-P-Q-R-B Line-card bundle, 1588v2, per-IFL HQoS, 256K queues (max 128K egress), full scale L3, L2, and L2.5 MX-MPC2E-3D-P-R-B Line-card bundle, price includes 1588v2, full scale L3, L2, and L2.5 MX-MPC2E-3D-Q 2xTrio chipset enhanced MPC, per-IFL HQoS, 256K queues (max 128K egress); full scale L2/L2.5 and reduced scale L3 MX-MPC2E-3D-Q-R-B Line-card bundle, full scale L3, L2, and L2.5 MX-MPC2E-3D-R-B Line-card bundle, full scale L3, L2, and L2.5 MX-MPC3E-3D MPC3 with support for 100GbE, 40GbE, and 10GbE interfaces, L2.5 MX-MPC3E-3D-R-B MPC3E with support for 100GbE, 40GbE, and 10GbE interfaces. full scale L2, L3, L3VPN MPC-3D-16XGE-SFPP 16x10GbE line card, full scale L2/L2.5 and reduced scale L3 MPC-3D-16XGE-SFPP-R-B 16x10GbE line card bundle, full scale L3, L2, and L2.5 MPC4E-3D-2CGE-8XGE 2x100GbE and 8x10GbE ports, full scale L2/L2.5 and reduced scale L3 features MPC4E-3D-32XGE-SFPP 32x10GbE SFP ports, full scale L2/L2.5 and reduced scale L3 features MPC4E-3D-2CGE8XGE-IR-B 2x100GbE and 8x10GbE ports, full scale L2/L2.5, L3 features, up to 16 L3VPNs per MPC MPC4E-3D-32XGE-IR-B 32x10GbE SFP ports, full scale L2/L2.5, L3 features, up to 16 L3VPNs per MPC MPC4E-3D-2CGE8XGE-R-B 2x100GbE and 8x10GbE ports, full scale L2/L2.5, L3, and L3VPN features MPC4E-3D-32XGE-R-B 32x10GbE SFP ports, full scale L2/L2.5, L3, and L3VPN features MPC5E-100G10G 2x100GbE and 4x10GbE ports; includes full scale L2/L2.5 and reduced scale L3 features; optional license permits up to 32,000 queues with HQoS MPC5E-100G10G-IRB 2x100GbE and 4x10GbE ports; includes full scale L2/L2.5, L3 features, and up to 16 L3VPN instances; optional license permits up to 32,000 queues with HQoS MPC5E-100G10G-RB 2x100GbE and 4x10GbE ports; includes full scale L2/L2.5, L3, and L3VPN features; optional license permits up to 32,000 queues with HQoS MPC5E-40G10G 6x40GbE or 24x10GbE ports; includes full scale L2/L2.5 and reduced scale L3 features; optional license permits up to 32,000 queues with HQoS MPC5E-40G10G-IRB 6x40GbE or 24x10GbE ports; includes full scale L2/L2.5, L3 features and up to 16 L3VPN instances; optional license permits up to 32,000 queues with HQoS MPC5E-40G10G-RB 6x40GbE or 24x10GbE; includes full scale L2/L2.5, L3, and L3VPN features; optional license permits up to 32,000 queues with HQoS MPC5EQ-100G10G 2x100GbE and 4x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/L2.5 and reduced scale L3 features MPC5EQ-100G10G-IRB 2x100GbE and 4x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/L2.5, L3 features, and up to 16 L3VPN instances MPC5EQ-100G10G-RB 2-port 100GbE and 4x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/L2.5, L3, and L3VPN features MPC5EQ-40G10G 6x40GbE or 24x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/ L2.5 and reduced scale L3 features MPC5EQ-100G10G-IRB 2x100GbE and 4x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/L2.5, L3 features, and up to 16 L3VPN instances MPC5EQ-100G10G-RB 2-port 100GbE and 4x10GbE ports with HQoS; supports 1 million queues and 128,000 sessions; includes full scale L2/L2.5, L3, and L3VPN features MX2K-MPC6E MPC6E with support for 4x100GbE CFP2, 48x10GbE SFP+, or 8x100GbE CXP interfaces; compatible with MX2020 and MX2010 only Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 57 of 64 Model Number Description MX2K-MPC6E-IRB MPC6E line card bundle with support for 4x100GbE CFP2, 48x10GbE SFP+, or 8x100GbE CXP interfaces; includes full scale L2/L2.5, L3 features and up to 16 L3VPN; instances; compatible with MX2020 and MX2010 only MX2K-MPC6E-RB MPC6E line card bundle with support for 4x100GbE CFP2, 48x10GbE SFP+, or 8x100GbE CXP interfaces; includes full scale L2/L2.5, L3 and L3VPN features; compatible with Some MPCs can accept 2 or 4 Modular Interface Cards (MICs), which are detailed in the following section (Section10.2.2). 10.2.2 Modular Interface Cards (MICs) Model Number Description MIC3-3D-10XGE-SFPP MIC with 10x10GbE small form-factor pluggable plus transceiver (SFP+) interface, optics sold separately MIC3-3D-1X100GE-CFP MIC with 1x100GbE C form-factor pluggable transceiver (CFP) interface, optics sold separately MIC3-3D-1X100GE-CXP MIC with 1x100GbE 100-gigabit small form-factor pluggable transceiver (CXP) interface, optics sold separately MIC3-3D-2X40GE-QSFPP MIC with 2x40GbE quad small form-factor pluggable plus transceiver (QSFP+) interface, optics sold separately MIC-3D-1CHOC48 1 port channelized OC48/channelized STM16 (down to DS0) MIC MIC-3D-1OC192-XFP 1 port OC192/STM64 MIC MIC-3D-20GE-SFP 20x10/100/1000 MIC for MX Series; requires optics sold separately MIC-3D-2XGE-XFP 2x10GbE MIC for MX Series; requires optics sold separately MIC-3D-40GE-TX 40x10/100/1000 RJ-45 full height MIC (fixed optics) MIC-3D-4CHOC3-2CHOC12 4 port channelized OC3/2 port channelized OC12 (down to DS0) MIC MIC-3D-4COC3-1COC12-CE Multirate circuit emulation MIC, 4 port channelized OC3/STM1 (to DS0) or 1 port channelized OC12/STM4 (to DS0) MIC-3D-4OC3OC12-1OC48 4 port non-channelized OC3-OC12/1 port non-channelized OC48 MIC MIC-3D-4XGE-XFP 4x10GbE MIC for MX Series (supported on MX-MPC2 line cards) MIC-3D-8CHDS3-E3-B 8 port channelized DS3 (down to DS0)/non-channelized E3 MIC, 75 ohm mini SMB MIC-3D-8CHOC3-4CHOC12 High-density multi-rate MIC channelized, 8 port channelized OC3/4 port channelized OC12 (down to DS0) MIC MIC-3D-8DS3-E3 8 port non-channelized DS3/non-channelized E3 MIC, 75 ohm mini SMB MIC-3D-8OC3-2OC12-ATM Multi-rate 8 port non-channelized ATM OC3/STM1 or 2 port non-channelized OC12/STM4 ATM MIC MIC-3D-8OC3OC12-4OC48 Multirate 8 port non-channelized OC3-OC12/4 port non-channelized OC48 MIC MIC6-10G 24x10GbE MIC for MPC6 only MIC6-100G-CXP 4x100GbE CXP MIC for MPC6 only MIC6-10G-OTN 24x10GbE SFP OTN MIC for MPC6 only MIC6-100G-CFP2 2x100GbE CFP2 OTN MIC for MPC6 only 10.3 PTX 5000 10.3.1 PTX5000 FPC and PICs Model Number Description FPC3-PTX-U1-L PTX5000 3rd generation 1 Tbps FPC3 for LSR application FPC3-PTX-U1-R PTX5000 3rd generation 1 Tbps FPC3 for IP application FPC3-PTX-U2-L PTX5000 3rd generation 2 Tbps FPC3 for LSR application FPC3-PTX-U2-R PTX5000 3rd generation 2 Tbps FPC3 for LSR application FPC3-PTX-U3-L PTX5000 3rd generation 3 Tbps FPC3 for LSR application FPC3-PTX-U3-R PTX5000 3rd generation 3 Tbps FPC3 for LSR application PTX-FPC3-U1-R-BNDL PTX5000 3rd generation 1 Tbps Bundle with FPC and PIC for full IP application (choose either one 3rd Gen PIC or two 2ndgen PICs) PTX-FPC3-U2-R-BNDL PTX5000 3rd generation 2 Tbps Bundle with FPC and PIC for full IP application PTX-FPC3-U3-R-BNDL PTX5000 3rd generation 3 Tbps Bundle with FPC and PIC for full IP application Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 58 of 64 Model Number Description PTX5K-FPC3-UPG-KIT PTX5000 3rd generation Upgrade Kit to support FPC3 line cards, includes 9 SIB3 and 2 FAN-H Only FPC2-PTX-P1A PTX 2nd generation FPC P2-100GE-CFP2 PTX, 4 x 100GbE PIC for second-generation FPC, CFP2 pluggable optics P2-100GE-OTN PTX 4 x 100GbE Ethernet/OTN PIC for second generation FPC, CFP2 pluggable optics P2-10G-40G-QSFPP PTX Flexible 48 x 10GbE/12 x 40GbE/OTN PIC for second generation FPC, QSFP+ pluggable optics FPC-PTX-P1-A First-generation FPC P1-PTX-2-100GE-CFP 2 x 100GbE PIC, first generation P1-PTX-2-40GE-CFP 2 x 40GbE PIC, first generation P1-PTX-24-10GE-SFPP 24 x 10GbE (LAN) PIC, first generation P1-PTX-2-100G-C-WDM-C 2-port 100G DWDM PIC, first generation P1-PTX-24-10G-W-SFPP 24 x 10GbE (LAN/WAN) PHY PIC, first generation P3-15-100GE-CFP4 PTX 15x100GE, CFP4, PIC for 3rd Generation FPC P3-10-100GE-CFP4 PTX 10x100GE, CFP4, PIC for 3rd Generation FPC P3-24-U-QSFP28 PTX 8x100GE QSFP28 or 24x40GE,96x10GE QSFPP, universal PIC for 3rd Generation FPC P3-10-U-QSFP28 PTX 10x100GE QSFP28 or 10x40GE, 40x10GE QSFPP, universal PIC for 3rd Generation FPC P3-15-U-QSFP28 PTX 15x100GE QSFP28 or 15x40GE, 50x10GE QSFPP, universal PIC for 3rd Generation FPC PIC-BLANK-PTX PIC Blank, Spare FPC-BLANK-PTX FPC Blank, Spare 10.3.2 PTX5000 Supported FPC and PIC Compatibility: PICs FPC1 FPC2 FPC3-2T FPC3-3T First-Generation PIC 24 x 10GbE LAN-PHY Yes Yes No No First-Generation PIC 24 x 10GbE Ethernet/OTN Yes Yes Yes Yes First-Generation PIC 2 x 100GbE Yes No No No First-Generation PIC 2 x 40GbE Yes Yes No No First-Generation PIC 2 x 100GbE OTN DWDM Yes Yes Yes Yes Second-Generation PIC 4 x 100GbE CFP2 No Yes No No Second-Generation PIC 48 x 10GbE / 12 x 40GbE Ethernet/OTN QSFPP No Yes Yes Yes Second-Generation PIC 4 x 100GbE Ethernet/ OTN CFP2 No Yes Yes Yes Second-Generation PIC 4 x 100GbE CXP (SR10) No Yes Yes Yes Third-Generation PIC 15 x 100GbE CFP4 No No Yes Yes Third-Generation PIC 96 x 10GbE/24 x 40GbE/8 x 100GbE QSFP28 Universal No No Yes Yes Third-Generation PIC 60 x 10GbE/15 x 40GbE/15 x 100GbE QSFP28 Universal No No Yes Yes Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 59 of 64 10.4 PTX3000 10.4.1 PTX3000 Supported FPCs Model Number Description FPC-SFF-PTX-P1-A Flexible PIC Concentrator (FPC) 10.4.2 PTX3000 Supported PICs Model Number Description P1-PTX-2-100G-C-WDM-C 2-port 100G DWDM PIC P1-PTX-2-100GE-CFP 2 x 100GbE PIC P1-PTX-2-40GE-CFP 2 x 40GbE PIC P1-PTX-24-10GE-SFPP 24 x 10GbE (LAN) PIC P1-PTX-24-10G-W-SFPP 24 x 10GbE (LAN/WAN) PHY PIC SFF-SLOT-BLNK FPC Slot filler/blank SFF-PSM-BLNK PSM Slot filler/blank PIC-BLANK-PTX PIC Slot filler/blank 10.4.3 PTX3000 Supported FPC and PIC Compatibility: PICs FPC1 FPC2 First Generation PIC 24x10GE LAN-PHY Yes No First Generation PIC 24x10GE Ethernet/OTN Yes Yes First Generation PIC 2x100GE Yes No First Generation PIC 2x40GE Yes No First Generation PIC 2x100GE OTN DWDM Yes Yes Second Generation PIC 4x100GE CFP2 No No Second Generation PIC - 48x10GE / 12x40GE Ethernet/ OTN QSFPP No Yes Second Generation PIC - 4x100GE Ethernet/OTN CFP2 No Yes Second Generation PIC 4x100GE CXP (SR10) No Yes Third Generation PIC - 15x100G Ethernet CFP4 No Yes Third Generation PIC 96x10GE/24x40GE/8x100GE QSFP28 Universal No Yes Third Generation PIC - 60x10GE/15x40GE/15x100GE QSFP28 Universal No Yes 10.5 EX9200 Model Number Description EX9200-40T 40-port 10/100/1000BASE-T RJ-45 line card EX9200-40F 40-port 100FX/1000BASE-X small form-factor pluggable transceiver (SFP) line card EX9200-32XS 32-port 10GbE SFP+ line card EX9200-4QS 4-port 40GbE quad SFP (QSFP+) line card EX9200-40F-M 40-port 100FX/1000BASE-X MACsec-capable SFP line card EX9200-6QS 6-port 40GbE QSFP+ or 24-port 10GbE SFP+ combo line card EX9200-2C-8XS 2-port 100GbE C form-factor pluggable (CFP) + 8-port 10GbE SFP+ line card 11 Appendices This section contains the appendices that accompany the Security Target and provide clarity and/or explanation for the reader. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 60 of 64 11.1 References [800-56A] NIST Special Publication 800-56A, Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography [CC1] Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Version 3.1 Revision 3, July 2009, CCMB-2009-07-001. [CC2] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, Version 3.1 Revision 3, July 2009, CCMB-2009-07-002. [CC3] Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components, Version 3.1 Revision 3, July 2009, CCMB-2009-07-003. [CEM] Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 3, July 2009, CCMB-2009-07-004. [CLI] Junos OS CLI User Guide, Release 14.2 [ECG] Junos OS Common Criteria Evaluation Configuration Guide for Mx Series, PTX Series and EX9200 Series Devices Release 14.2R3 [FIPS140] Federal Information Processing Standard Publication (FIPS-PUB) 140-2, Security Requirements for Cryptographic Modules, May 25, 2001. (Change notice (12-03-2002)) [FIPS197] Federal Information Processing Standard Publication (FIPS-PUB) 197, Advanced Encryption Standard (AES), November 2001. [GSG] Junos OS Getting Started Guide for Routing Devices, Release 14.2 [IUG] Installation and Upgrade Guide, Release 14.2 [NDPP] Security Requirements for Network Devices, Version 1.1, 08 June 2012 [NDPPerr] Security Requirements for Network Devices Errata #3, 3 November 2014 [RFC4251] Internet Engineering Task Force, The Secure Shell (SSH) Protocol Architecture, January 2006 [RFC4252] Internet Engineering Task Force, The Secure Shell (SSH) Authentication Protocol, January 2006 [RFC4253] Internet Engineering Task Force, The Secure Shell (SSH) Transport Layer Protocol, January 2006 [RFC4254] Internet Engineering Task Force, The Secure Shell (SSH) Connection Protocol, January 2006 [RFC5656] Internet Engineering Task Force, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer, December 2009 [RFC6668] Internet Engineering Task Force, SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol, July 2012 [SLM] Junos OS System Log Messages Reference, Release 14.2 [SSG] Junos OS Security Services Administration Guide for Routing Devices, Release 14.2 [UAA] Junos OS User Access and Authentication Feature Guide for Routing Devices, Release 14.2 Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 61 of 64 11.2 Glossary Access – Interaction between an entity and an object that results in the flow or modification of data. Access Control – Security service that controls the use of resources and the disclosure and modification of data. Administrator – A user who has been specifically granted the authority to manage some portion or the entire TOE and whose actions may affect the TSP. Administrators may possess special privileges that provide capabilities to override portions of the TSP. Assurance – A measure of confidence that the security features of an IT system are sufficient to enforce its security policy. Asymmetric Cryptographic System – A system involving two related transformations; one determined by a public key (the public transformation), and another determined by a private key (the private transformation) with the property that it is computationally infeasible to determine the private transformation (or the private key) from knowledge of the public transformation (and the public key). Asymmetric Key – The corresponding public/private key pair needed to determine the behavior of the public/private transformations that comprise an asymmetric cryptographic system Attack – An intentional act attempting to violate the security policy of an IT system. Authentication – Security measure that verifies a claimed identity. Authentication data – Information used to verify a claimed identity. Authorization – Permission, granted by an entity authorized to do so, to perform functions and access data. Authorized user – An authenticated user who may, in accordance with the TSP, perform an operation. Compromise – Violation of a security policy. Confidentiality – A security policy pertaining to disclosure of data. Critical Security Parameters (CSP) – Security-related information (e.g., cryptographic keys, authentication data such as passwords and pins, and cryptographic seeds) appearing in plaintext or otherwise unprotected form and whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module. Cryptographic boundary – An explicitly defined contiguous perimeter that establishes the physical bounds (for hardware) or logical bounds (for software) of a cryptographic module. Cryptographic key (key) – A parameter used in conjunction with a cryptographic algorithm that determines:  the transformation of plaintext data into ciphertext data,  the transformation of ciphertext data into plaintext data,  a digital signature computed from data,  the verification of a digital signature computed from data, or  a digital authentication code computed from data. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 62 of 64 Cryptographic Module – The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. Cryptographic Module Security Policy – A precise specification of the security rules under which a cryptographic module must operate, including the rules derived from the requirements of this PP and additional rules imposed by the vendor. Entity – A subject, object, user or another IT device, which interacts with TOE objects, data, or resources. External IT entity – Any trusted Information Technology (IT) product or system, outside of the TOE, which may, in accordance with the TSP, perform an operation. HCM JVAS – HTTP Content Management Juniper Value Added Software. This is an application used to inspect HTTP traffic; irrespective of the port on which the HTTP traffic arrives (i.e. it is not bound to port 80). Although use of this application is out of scope of the evaluation, the daemon supporting the service cannot be disabled. This service can only inspect http transit traffic, and cannot be used to undermine the configuration or operation of the TOE. Identity – A representation (e.g., a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. Integrity – A security policy pertaining to the corruption of data and TSF mechanisms. JUNOScope – A management framework that consists of tools for managing IP services for the M-Series Multiservice Edge Routers, Mx-Series 3D Universal Edge Routers, PTX-Series Routers and EX-Series Ethernet Switches. Use of JUNOScope is not supported in the evaluated configuration. JUNOScript – An XML-based API for managing devices, developed by Juniper Networks. Use of JUNOScript is not supported in the evaluated configuration. Mandatory Access Control (MAC) – A means of restricting access to objects based on subject and object sensitivity labels. Object – An entity within the TSC that contains or receives information and upon which subjects perform operations. Operating Environment – The total environment in which a TOE operates. It includes the physical facility and any physical, procedural, administrative and personnel controls. Operating System (OS) – An entity within the TSC that causes operations to be performed. Subjects can come in two forms: trusted and untrusted. Trusted subjects are exempt from part or all of the TOE security policies. Untrusted subjects are bound by all TOE security policies. Security attributes – TSF data associated with subjects, objects, and users that are used for the enforcement of the TSP. Security level – The combination of a hierarchical classification and a set of non-hierarchical categories that represent the sensitivity of the information. Sensitivity label – A security attribute that represents the security level of an object and that describes the sensitivity (e.g., Classification) of the data in the object. Sensitivity labels are used by the TOE as the basis for mandatory access control decision. Subject – An entity within the TSC that causes operation to be performed. Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 63 of 64 Symmetric key – A single, secret key used for both encryption and decryption in symmetric cryptographic algorithms. Threat – Capabilities, intentions and attack methods of adversaries, or any circumstance or event, with the potential to violate the TOE security policy. Threat Agent – Any human user or Information Technology (IT) product or system, which may attempt to violate the TSP and perform an unauthorized operation with the TOE. User – Any entity (human user or external IT entity) outside the TOE that interacts with the TOE. Vulnerability – A weakness that can be exploited to violate the TOE security policy. 11.3 Acronyms TERM DEFINITION AES Advanced Encryption Standard API Application Program Interface CC Common Criteria CCMB Common Criteria Management Board CM Configuration Management CSP Cryptographic security parameter DES Data Encryption Standard DH Diffie Hellman DPC Dense Port Concentrator EAL Evaluation Assurance Level ECDSA Elliptic Curve Digital Signature Algorithm ESP Encapsulating Security Payload FIPS Federal Information Processing Standard FIPS-PUB 140-2 Federal Information Processing Standard Publication FPC(s) Flexible PIC Concentrator(s) FTP File Transfer Protocol GRE Generic Routing Encapsulation GUI Graphical User Interface HCM HTTP Content Management HMAC Keyed-Hash Authentication Code HTTP Hypertext Transfer Protocol ID Identification IETF Internet Engineering Task Force IKE Internet Key Exchange IP Internet Protocol Ipsec Internet Protocol Security IT Information Technology Junos Juniper Operating System JVAS Juniper Value-Added Software MAC Mandatory Access Control MIC(s) Modular Interface Card(s) MPC(s) Modular Port Concentrator(s) Security Target Juniper Networks Mx Routers, PTX Routers and EX9200 Switches running Junos 14.2R3.8 Version 1.0 © 2015 Juniper Networks Page 64 of 64 TERM DEFINITION NDPP Network Devices Protection Profile NIAP National Information Assurance Program NIST National Institute of Standards Technology OAM Operations, Administration and Maintenance OSP Organizational Security Policy PAM Pluggable Authentication Module PFE Packet Forwarding Engine PIC Physical Interface Card PP Protection Profile RE Routing Engine RFC Request for Comment RNG Random Number Generator RNG Random Number Generator RSA Rivest, Shamir, Adelman SFR Security Functional Requirement SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Sockets Layer ST Security Target TOE Target of Evaluation TSC TOE Scope of Control TSF TOE Security Function TSFI TSF interfaces TSP TOE Security Policy UDP User Datagram Protocol Table 18 - Acronyms used in the Security Target