Certification Report
EAL 2 Evaluation of
EDATA ELEKTRONİK SAN. ve TİC. A.Ş.
CHANGE v01.00
issued by
Turkish Standards Institution
Common Criteria Certification Scheme
Certificate Number: 21.0.01/TSE-CCCS-26
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 2/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
TABLE OF CONTENTS
TABLE OF CONTENTS............................................................................................................................2
DOCUMENT INFORMATION .................................................................................................................3
DOCUMENT CHANGE LOG....................................................................................................................3
DISCLAIMER..........................................................................................................................................3
FOREWORD ..........................................................................................................................................3
RECOGNITION OF THE CERTIFICATE.....................................................................................................4
1 EXECUTIVE SUMMARY......................................................................................................................5
2 CERTIFICATION RESULTS ...................................................................................................................6
2.1 IDENTIFICATION OF TARGET OF EVALUATION / PP IDENTIFICATION* .........................................8
2.2 SECURITY POLICY............................................................................................................................9
2.3 ASSUMPTIONS AND CLARIFICATION OF SCOPE ...........................................................................10
2.4 ARCHITECTURAL INFORMATION..................................................................................................11
2.5 DOCUMENTATION / SECURITY FUNCTIONAL REQUIREMENTS**................................................11
2.6 IT PRODUCT TESTING / SECURITY ASSURANCE REQUIREMENTS***...........................................13
2.7 EVALUATED CONFIGURATION****..............................................................................................14
2.8 RESULTS OF THE EVALUATION.....................................................................................................14
2.9 EVALUATOR COMMENTS / RECOMMENDATIONS.......................................................................14
3 SECURITY TARGET/ PP DOCUMENT *****......................................................................................16
4 GLOSSARY........................................................................................................................................16
5 BIBLIOGRAPHY.................................................................................................................................17
6 ANNEXES..........................................................................................................................................18
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 3/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
Document Information
Date of Issue 12.04.2015
Version of Report v1.0
Author Zümrüt MÜFTÜOĞLU
Technical Responsible Zümrüt MÜFTÜOĞLU
Approved Mariye Umay AKKAYA
Date Approved 13.04.2015
Certification Report Number 21.0.01/15-031
Sponsor and Developer EDATA ELEKTRONİK SAN. Ve TİC. A.Ş.
Evaluation Lab TÜBİTAK BİLGEM OKTEM
TOE CHANGE v01.00
Pages 18
Document Change Log
Release Date Pages Affected Remarks/Change Reference
V1.0 12.04.2015 All Final Released
DISCLAIMER
This certification report and the IT product defined in the associated Common Criteria document has been
evaluated at an accredited and licensed evaluation facility conformance to Common Criteria for IT Security
Evaluation, version 3.1,revision 4., using Common Methodology for IT Products Evaluation, version 3.1,
revision 4. This certification report and the associated Common Criteria document apply only to the identified
version and release of the product in its evaluated configuration. Evaluation has been conducted in accordance
with the provisions of the CCCS, and the conclusions of the evaluation facility in the evaluation report are
consistent with the evidence adduced. This report and its associated Common Criteria document are not an
endorsement of the product by the Turkish Standardization Institution, or any other organization that
recognizes or gives effect to this report and its associated Common Criteria document, and no warranty is
given for the product by the Turkish Standardization Institution, or any other organization that recognizes or
gives effect to this report and its associated Common Criteria document.
FOREWORD
The Certification Report is drawn up to submit the Certification Commission the results and evaluation
information upon the completion of a Common Criteria evaluation service performed under the Common
Criteria Certification Scheme. Certification Report covers all non-confidential security and technical
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 4/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
information related with a Common Criteria evaluation which is made under the STCD Common Criteria
Certification Scheme. This report is issued publicly to and made available to all relevant parties for reference
and use.
The Common Criteria Certification Scheme (CCSS) provides an evaluation and certification service to ensure
the reliability of Information Security (IS) products. Evaluation and tests are conducted by a public or
commercial Common Criteria Evaluation Facility (CCTL) under CCCS’ supervision.
CCEF is a facility, licensed as a result of inspections carried out by CCCS for performing tests and evaluations
which will be the basis for Common Criteria certification. As a prerequisite for such certification, the CCEF
has to fulfill the requirements of the standard ISO/IEC 17025 and should be accredited by accreditation bodies.
The evaluation and tests related with the concerned product/PP have been performed by TUBİTAK BİLGEM
OKTEM, which is a public/commercial CCTL.
A Common Criteria Certificate given to a product means that such product meets the security requirements
defined in its security target document that has been approved by the CCCS. The Security Target document is
where requirements defining the scope of evaluation and test activities are set forth. Along with this
certification report, the user of the IT product should also review the security target document in order to
understand any assumptions made in the course of evaluations, the environment where the IT product will run,
security requirements of the IT product and the level of assurance provided by the product.
This certification report is associated with the Common Criteria Certificate issued by the CCCS for CHANGE
v01.00 whose evaluation was completed on 10/04/2015 and whose evaluation technical report was drawn up by
TUBİTAK BİLGEM OKTEM (as CCTL), and with the Security Target document with version no 4.2 of the
relevant product.
The certification report, certificate of product evaluation and security target document are posted on the STCD
Certified Products List at bilisim.tse.org.tr portal and the Common Criteria Portal (the official web site of the
Common Criteria Project).
RECOGNITION OF THE CERTIFICATE
The Common Criteria Recognition Arrangement logo is printed on the certificate to indicate that this certificate
is issued in accordance with the provisions of the CCRA.
The CCRA has been signed by the Turkey in 2003 and provides mutual recognition of certificates based on the
CC evaluation assurance levels up to and including EAL4. The current list of signatory nations and approved
certification schemes can be found on:
http://www.commoncriteriaportal.org.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 5/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
1 - EXECUTIVE SUMMARY
This report constitutes the certification results by the certification body on the evaluation results
applied with requirements of the Common Criteria for Information Security Evaluation.
Evaluated IT product name: CHANGE
IT Product version: v01.00
Developer’s Name: Edata Elektronik San. ve Tic. A.Ş.
Name of CCTL: TÜBİTAK BİLGEM OKTEM
Assurance Package: EAL 2
Completion date of evaluation: 10.04.2015 (DTR 41 TR 01)
1.1 Brief Description
The TOE addressed by this Security Target (ST) is an application software which is the main items
of a Fiscal Cash Register (FCR). TOE is used to process the transaction amount of purchases which
can be viewed by both seller and buyer. Since transaction amount is used to determine tax revenues;
secure processing, storing and transmission of this data is very important.
The FCR is mandatory for first-and second-class traders and is not mandatory for sellers who sell
the goods back to their previous seller as completely the same as the purchased good.
In addition to TOE, which is the main item of FCR, FCR may consist of several other hardware and
software components.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 6/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
Figure 1 TOE(CHANGE v 01.00) and Related Components
Figure 1 shows the general overview of the TOE and its related components as regarded in the ST.
The green part of Figure 1 is the TOE. Yellow parts given as Input/output interface, fiscal memory,
daily memory, database, ERU, fiscal certificate memory are non-TOE environments which are
crucial parts of the FCR for functionality and security. Connections between the TOE and its
environment are also subject to evaluation since these connections are made over the interfaces of
the TOE.
1.2 TOE Security Functions
The TOE provides following security features;
-TOE supports access control.
- For the cases where the main processor and the fiscal memory are included within the same
electronic seal secure communication is not mandatory. TOE is able to detect disconnection
between main processor and fiscal memory and enter into the maintenance mode.
- TOE supports usage of ITU X509 v3 formatted certificate and its protected private key for
authentication and secure communication with PRA- IS and TSM.
-TOE supports secure communication between FCR-PRA-IS and FCR–TSM.
-TOE ensures the integrity of event data, sales data, authentication data, characterization data and
FCR parameters.
-TOE records important events defined in PRA Messaging Protocol Document [5] and send urgent
event data immediately to PRA-IS in a secure way.
-TOE detects physical attacks to FCR and enters into the maintenance mode in such cases.
1.3 Threats
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 7/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
T.AccessControl
Adverse action: Authenticated users could try to use functions which are not allowed.
(e.g. FCR Users gaining access to FCR Authorized User management functions)
Threat agent: An attacker who has basic attack potential and has physical and logical
access to FCR.
Asset: Event data, sales data, time information.
T. Authentication
Adverse action: Unauthorized users could try to use FCR functions.
Threat agent: An attacker who has basic attack potential, logical and physical access
to the FCR.
Asset: Sales data, event data, time information
T.MDData - Manipulation and disclosure of data
Adverse action: This threat deals with four types of data: event data, sales data,
characterization data and FCR parameters.
An attacker could try to manipulate the event data to hide its actions and
unauthorized access to the FCR; failure reports and deletion of logs. An attacker also
could try to disclose important events while transmitted between PRA-IS and FCR.
An attacker could try to manipulate or delete the sales data generated by TOE
which may result in tax fraud. In addition, an attacker also could try to disclose sales
data while transmitted between PRA-IS and FCR. Manipulation and deletion of sales
data may be caused by magnetic and electronic reasons.
An attacker could try to manipulate the characterization data to cover
information about tax fraud; to masquerade the user identity.
An attacker could try to manipulate the FCR parameters to use FCR in
undesired condition.
Threat agent: An attacker who has basic attack potential, physical and logical access
to the FCR.
Asset: Event data, sales data, characterization data, FCR parameters
T.Eavesdropping - Eavesdropping on event data, sales data and characterization
data
Adverse action : An attacker could try to eavesdrop event data, sales data and
characterization data transmitted between the TOE and the PRA-IS and also between
the TOE and the distributed memory units (Fiscal memory, Database, Daily
memory,ERU).
Threat agent : An attacker who has basic attack potential, physical and logical access
to the FCR.
Asset : Characterization data, sales data, and event data,
T.Skimming - Skimming the event data, sales data and characterization data
Adverse action: An attacker could try to imitate PRA-IS to receive information from
FCR and to imitate TSM to set parameters to FCR via the communication channel.
Threat agent: An attacker who has basic attack potential and logical access to the
FCR.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 8/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
Asset : Sales data, and event data, FCR parameters
T.Counterfeit - FCR counterfeiting
Adverse action : An attacker could try to imitate FCR by using sensitive(session
keys) data while communicating with PRA-IS and TSM to cover information about
tax fraud.
Threat agent : An attacker who has basic attack potential and has access to the FCR
communication channel.
Asset : Sensitive data(session keys)
T.Malfunction - Cause malfunction in FCR
Adverse action : An attacker may try to use FCR out of its normal operational
conditions to cause malfunction without the knowledge of TOE.
Threat agent : An attacker who has basic attack potential, has physical access to the
FCR.
Asset : Sales data, event data.
T.ChangingTime
Adverse action : An attacker may try to change time to invalidate the information
about logged events and reports in FCR.
Threat agent : An attacker who has basic attack potential, has physical and logical
access to the FCR.
Asset : Time information
2 CERTIFICATION RESULTS
2.1 Identification of Target of Evaluation
Certificate Number 21.0.01/TSE-CCCS-26
TOE Name and Version CHANGE v01.00
Security Target Document Title CHANGE v01.00 Security Target
Security Target Document Version V4.2
Security Target Document Date 12.04.2015
Assurance Level EAL 2
Criteria  Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model;
CCMB-2012-09-001, Version 3.1, Revision 4,
September 2012
 Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components;
CCMB-2012-09-002, Version 3.1 Revision 4, September
2012
 Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components;
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 9/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
CCMB-2012-09-003, Version 3.1 Revision 4, September
2012
Methodology  Common Criteria for Information Technology Security
Evaluation, Evaluation Methodology; CCMB-2012-09-
004, Version 3.1, Revision 4, September 2012
Protection Profile Conformance New Generation Fiscal Application Software Protection
Profile TSE-CCCS/PP-006, version 1.8, 18 December 2014
Common Criteria Conformance  Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components;
CCMB-2012-09-002, Version 3.1 Revision 4, September
2012, conformant
 Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components;
CCMB-2012-09-003, Version 3.1 Revision 4, September
2012, conformant
Sponsor and Developer EDATA ELEKTRONİK SAN. ve TİC. A.Ş.
Evaluation Facility TÜBİTAK BİLGEM OKTEM
Certification Scheme TSE-CCCS
2.2 Security Policy
Organizational Security Policies are;
P.Certificate
It has to be assured that certificates which are installed at initialization step, are
compatible with ITU X.509 v3 format. FCR contains FCR certificate, Certification
Authority root certificate, Certification Authority sub-root (subordinate) certificate
and UpdateControl certificate. UpdateControl certificate is used to verify the
signature of the TOE.
P.Comm_EXT - Communication between TOE and External Device
It has to be assured that communication between TOE and external devices is used to
encrypted using AES algorithm with 256 bits according to External Device
Communication Protocol Document [6].
P.InformationLeakage - Information leakage from FCR
It has to be assured that TOE’s environment provides a secure mechanism which
prevents attacker to obtain sensitive information (secret key, session key) when FCR
performs encryption operation by side channel attacks like SPA (Simple power
analysis), SEMA (Simple Electromagnetic Analysis), DPA (Differential power
analysis), DEMA (Differential electromagnetic analysis).
P.SecureEnvironment
It has to be assured that environment of TOE senses disconnection between fiscal
memory and main processor. Then TOE enters into the maintenance mode and logs
urgent event. Moreover, it has to be assured that fiscal memory doesn't accept
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 10/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
transactions with negative amounts which results in a decrease of total tax value. Also
it has to be assured that environment of TOE provides a mechanism that sales data in
daily memory which is not reflected to the fiscal memory cannot be deleted and
modified in an uncontrolled way. In addition to this, it has to be assured that sales
data in ERU cannot be deleted and modified.
P.PhysicalTamper
It has to be assured that TOE environment and TOE provide a tamper respondent
system which is formed by electromechanical seals. It has to be assured that physical
tampering protection system protects the keys (asymmetric key, symmetric key), the
certificates, event data, characterization data, FCR parameters and sales data in FCR.
It has to be assured that TOE logs this type of events and enters into the maintenance
mode when physical tampering protection system detect unauthorised access. On the
other hand it has to be assured that authorised access such as maintenance work or
service works are logged. It has to be also assured that physical tampering protection
system (mesh cover) protects fiscal memory.
P.PKI - Public key infrastructure
It has to be assured that IT environment of the TOE provides public key infrastructure
for encryption, signing and key aggreement.
P.Update Control
TOE is allowed to be updated by only TSM or Authorised Manufacturer User to
avoid possible threats during this operation, FCR shall verify the signature of the new
version of TOE to ensure that the TOE to be updated is signed by the correct
organisation. Thus, the TOE to be updated is ensured to be the correct certified
version because only the certified versions will be signed. In addition, FCR shall
check version of TOE to ensure that it is the latest version.
2.3 Assumptions and Clarification of Scope
TOE consists of the components which are defined in section 1 (Executive
Summary). Except the other components are not in the scope of Common Criteria
Evaluation.
Assumptions for the operational environment of the composite TOE are;
A.TrustedManufacturer
It is assumed that manufacturing is done by trusted manufacturers. They process
manufacturing step in a manner which maintains IT security.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 11/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
A.Control
It is assumed that PRA-IS personnel performs random controls on FCR. During these
controls PRA-IS personnel should check that if tax amount and total amount printed
values on receipt and sent to PRA-IS are the same. In addition to this, a similar check
should be made for events as well.
A.Initialisation
It is assumed that environment of TOE provides secure initialization steps.
Initialization step is consist of secure boot of operating system, and integrity check
for TSF data. Moreover, it is assumed that environment of TOE provides secure
installation of certificate to the FCR in initialization phase. Before certificate
installation it is assumed that asymmetric key pair generated in a manner which
maintains security posture.
A.TrustedUser
User is assumed to be trusted. It is assumed that for each sale a sales receipt is
provided to the buyer.
A.Activation
It is assumed that environment of TOE provides secure activation steps at the
beginning of the TOE operation phase and after each maintenance process.
A.AuthorizedService
It is assumed that repairing is done by trusted authorized services. The repairing step
is processed in a manner which maintains legal limits.
A.Ext_Key
It is assumed that External Device (EFT-POS) generates strong key for
communicating with TOE.
2.4 Architectural Information
TOE consists of a fiscal software running on top of Linux operating system that is run
by a secure processor; covered by a special(mesh) cover outside and inside together
composing the cash register hardware providing the following services;
 Storing sales data in fiscal memory
 Storing receipt details in daily memory
 Storing audit data inside a database
 Generating sales reports
 Transmitting sales reports and audit data to PRA-IS
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 12/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
with the following hardware and software components;
 A software controlled mesh which covers secure CPU, NAND flash memory,
DDR memory, daily memory and fiscal memory.
 A fiscal memory storing all the sales data under the mesh cover
 A daily memory storing daily sales data under the mesh cover
 Electronic recording unit
 A secure CPU under the mesh coverAnd a fiscal software running on top of
above hardware providing necessary services to TSM unit.
TOE is composed of the environmental elements;
 Processor, MAX32590; that supports Secure Boot
 Linux operating system with kernel version of 2.6.36
 SQLite DBMS of v3
 OpenSSL library of version 1.0.1h for cryptographic operations
 Fiscal memory for storing sales data
 Daily memory for copying daily sales data
 Electronic recording unit for storing receipts
 Ethernet, GPRS( optional) and PSTN(optional) network adapters
 Iptables for controlling the network flow
 A printer for printing receipts
 Keyboard, display and battery
each of which plays important role on security and/or functionality of TOE.
TOE is not subject to known vulnerabilities of OpenSSL version 1.0.1h because of
the following:

 TOE uses TLS v1.2, not DTLS.
 TOE does not use SRP.
 TOE only acts as a client and always TOE starts the SSL communication.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 13/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
2.5 Documentation
Name of Document Version Number Publication Date
CHANGE v01.00 Security
Target
1.16 12.04.2015
CHANGE v01.00 Security
Architecture Description
0.7 17.03.2015
CHANGE v01.00 v01.00
Configuration Management
Plan
2.5 31.03.2015
2.6 IT Product Testing
During the evaluation, all evaluation evidences of TOE were delivered and transferred completely
to CCTL by the developers. All the delivered evaluation evidences which include software,
documents, etc. are mapped to the assurance families Common Criteria and Common Methodology;
so the connections between the assurance families and the evaluation evidences has been
established. The evaluation results are available in the final Evaluation Technical Report (ETR) of
CHANGE v01.00
It is concluded that the TOE supports EAL 2. There are 19 assurance families which are all
evaluated with the methods detailed in the ETR.
IT Product Testing is mainly described in two parts:
2.6.1 Developer Testing:
 TOE Test Coverage: Developer has prepared TOE System Test Document according to the
TOE Functional Specification documentation.
 TOE Test Depth: Developer has prepared TOE System Test Document according to the
TOE Design documentation which include TSF subsystems and its interactions.
 TOE Functional Testing: Developer has made functional tests according to the test
documentation. Test plans, test scenarios, expected test results and actual test results are in
the test documentation.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 14/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
2.6.2 Evaluator Testing:
 Independent Testing: Evaluator has done a total of 10 sample independent tests. 5 of them
are selected from developer`s test plans. The other 5 tests are evaluator`s independent tests.
All of them are related to TOE security functions.
 Penetration Testing: Evaluator has done 8 penetration tests to find out if TOE`s
vulnerabilities can be used for malicious purposes. The potential vulnerabilities and the
penetration tests are in “TOE Security Functions Penetration Tests Scope” which is in
Annex-D of the ETR and the penetration tests and their results are available in detail in the
ETR document as well.
2.7 Evaluated Configuration
During the evaluation; the configuration of evaluation evidences which are composed of Common
Criteria documents, sustenance documents and guides are shown below;
Name of Document Version
Number
Publication Date
CHANGE v01.00 Security Target 1.16 12.04.2015
CHANGE v01.00 Security Architecture
Description
0.7 17.03.2015
CHANGE v01.00 v01.00 Configuration
Management Plan
2.5 31.03.2015
Table 2 – Documentation
2.8 Results of the Evaluation
Table 3 below provides a complete listing of the Security Assurance Requirements for the TOE.
These requirements consists of the Evaluation Assurance Level 2 (EAL 2) components as specified
in Part 3 of the Common Criteria;
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 15/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
Assurance Class Component Component Title
Development
ADV_ARC.1 Security Architecture Description
ADV_FSP.4 Security-enforcing functional specification
ADV_TDS.1 Basic Design
Guidance
Documents
AGD_OPE.1 Operational User Guidance
AGD_PRE.1 Preparative Procedures
Life-Cycle
Support
ALC_CMC.2 Use of a CM system
ALC_CMS.2 Parts of the TOE CM coverage
ALC_DEL.1 Delivery Procedures
Security Target
Evaluation
ASE_CCL.1 Conformance Claims
ASE_ECD.1 Extended Components Definition
ASE_INT.1 ST Introduction
ASE_OBJ.2 Security Objectives
ASE_REQ.2 Derived Security Requirements
ASE_SPD.1 Security Problem Definition
ASE_TSS.1 TOE Summary Specification
Tests
ATE_COV.1 Evidence of coverage
ATE_FUN.1 Functional Testing
ATE_IND.2 Independent Testing
Vulnerability
Analysis
AVA_VAN.2 Vulnerability analysis
Table 2 – Security Assurance Requirements of TOE
The Evaluation Team assigned a Pass, Fail, or Inconclusive verdict to each work unit of each EAL 2
assurance component. For Fail or Inconclusive work unit verdicts, the Evaluation Team advised the
developer about the issues requiring resolution or clarification within the evaluation evidence. In
this way, the Evaluation Team assigned an overall Pass verdict to the assurance component only
when all of the work units for that component had been assigned a Pass verdict. So for TOE
“CHANGE v01.00” the results of the assessment of all evaluation tasks are “Pass”.
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 16/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
The result of AVA_VAN.2 evaluation is given below:
It is determined that TOE, in its operational environment, is resistant to an attacker possessing
“Basic” attack potential.
2.9 Evaluator Comments / Recommendations
No recommendations or comments have been communicated to CCCS by the evaluators related to
the evaluation process of “CHANGE v01.00” product, result of the evaluation, or the ETR.
3 SECURITY TARGET
The Security Target associated with this Certification Report is identified by the following
terminology:
Title: CHANGE v01.00 Security Target
Version: v1.16
Date of Document: 13.04.2015
A public version has been created and verified according to ST-Santizing:
Title: CHANGE v01.00 Security Target Lite
Version: 1.0
Date of Document: 13.04.2015
This Security Target describes the TOE, intended IT environment, security objectives, security
requirements (for the TOE and IT environment), TOE security functions and all necessary rationale.
4 GLOSSARY
ADV : Assurance of Development
AGD : Assurance of Guidance Documents
ALC : Assurance of Life Cycle
ASE : Assurance of Security Target Evaluation
ATE : Assurance of Tests Evaluation
AVA : Assurance of Vulnerability Analysis
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 17/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
BİLGEM : Bilişim ve Bilgi Güvenliği İleri Teknolojiler Araştırma Merkezi
CC : Common Criteria (Ortak Kriterler)
CCCS : Common Criteria Certification Scheme (TSE)
CCRA : Common Criteria Recognition Arrangement
CCTL : Common Criteria Test Laboratory (OKTEM)
CEM :Common Evaluation Methodology
CMC : Configuration Management Capability
CMS : Configuration Management Scope
DEL : Delivery
EAL : Evaluation Assurance Level
FCR: Fiscal Cash Register
GR : Observation Report
OKTEM : Ortak Kriterler Test Merkezi
OPE : Opretaional User Guidance
OSP : Organisational Security Policy
PP : Protection Profile
PRA: Presidency of Revenue Administration
PRE : Preperative Procedures
SAR : Security Assurance Requirements
SFR : Security Functional Requirements
ST : Security Target
STCD :Software Test and Certification Department
TOE : Target of Evaluation
TSF : TOE Secırity Functionality
TSFI : TSF Interface
5 BIBLIOGRAPHY
1] Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4,
September 2012
[2] Common Methodology for Information Technology Security Evaluation, CEM, Version 3.1
Revision 4, September 2012
[3] CC Supporting Document Guidance, Mandatory Technical Document Composife Product
Evaluation for Smart Cards and Similar Devices,April,2012,CCDB-2012-04-001
YAZILIM TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI
Doküman No YTBD-01-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 23/01/2015
RevizyonTarihi No 00
Sayfa 18/18
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Basım tarih ve saati: 30.11.2016 11:44
[4] YTBD-01-01-TL-01 Certification Report Preparation Instructions, Rel.Date: July,30,2013
[5] PRA Messaging Protocol, v2.02
[6] External Device Communication Protocol Document, version 1.0
6 ANNEXES
There is no additional information which is inappropriate for reference in other sections