Aruba 620 Specifications

Aruba Mobility Controller and Access Point Series Security Target Version 1.0 09/29/2014 Prepared for: Aruba Networks, Inc. 1344 Crossm

Security Target Version 1.0 9/29/2014 10 traffic (data from wireless clients) over the IP wired network. As a result, APs can be distributed a

Security Target Version 1.0 9/29/2014 11 • Sends and receives IPsec-encapsulated PAPI5 protocol messages to and from managed APs as well as o

Security Target Version 1.0 9/29/2014 12 Product Max. # of APs Max. # of Users Typical Deployment Aruba 7200 Series 2,048 32,768 Headquarters/

Security Target Version 1.0 9/29/2014 13 • ArubaOS version 6.3.1.5-FIPS The differences in the models include the number of ports, interfaces

Security Target Version 1.0 9/29/2014 14 • Security audit • Cryptographic support • User data protection • Identification and authenticati

Security Target Version 1.0 9/29/2014 15 internal database or authentication server). The TOE requires identification and authentication (eith

Security Target Version 1.0 9/29/2014 16

Security Target Version 1.0 9/29/2014 17 3. Security Problem Definition The Security Problem Definition (composed of organizational policies,

Security Target Version 1.0 9/29/2014 18 T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions that adversel

Security Target Version 1.0 9/29/2014 19 4. Security Objectives Like the Security Problem Definition, the Security Objectives have been draw

Security Target Version 1.0 9/29/2014 2 1. SECURITY TARGET INTRODUCTION ...

Security Target Version 1.0 9/29/2014 20 O.SESSION_LOCK The TOE shall provide mechanisms that mitigate the risk of unattended sessions being

Security Target Version 1.0 9/29/2014 21 5. IT Security Requirements This section defines the Security Functional Requirements (SFRs) and Se

Security Target Version 1.0 9/29/2014 22 Requirement Class Requirement Component FAU: Security audit FAU_GEN.1: Audit Data Generatio

Security Target Version 1.0 9/29/2014 23 Requirement Class Requirement Component FPT_RPL.1: Replay Detection FPT_STM.1: Reliable Time St

Security Target Version 1.0 9/29/2014 24 Requirement Auditable Events Additional Audit Record Content Guidance Notes FCS_CKM.1(2) Failure of

Security Target Version 1.0 9/29/2014 25 Requirement Auditable Events Additional Audit Record Content Guidance Notes FCS_SSH_EXT.1 Protocol

Security Target Version 1.0 9/29/2014 26 Requirement Auditable Events Additional Audit Record Content Guidance Notes was loaded or removed.

Security Target Version 1.0 9/29/2014 27 Requirement Auditable Events Additional Audit Record Content Guidance Notes mechanism. FTP_ITC.1 Al

Security Target Version 1.0 9/29/2014 28 mechanisms directly. For example, testing to ensure the TOE can detect replay attempts will more than

Security Target Version 1.0 9/29/2014 29 Test 2 [conditional]: If the TSF supports specification of more complex audit pre-selection criteria

Security Target Version 1.0 9/29/2014 3 8.1.1 Security Objectives Rationale for the TOE and Environment ...

Security Target Version 1.0 9/29/2014 30 The evaluator shall examine the administrative guidance to ensure it instructs the administrator how

Security Target Version 1.0 9/29/2014 31 Component Assurance Activity: The evaluator shall use the key pair generation portions of 'The

Security Target Version 1.0 9/29/2014 32 distributed when multiple clients connect to the TOE. The evaluator shall also perform the following

Security Target Version 1.0 9/29/2014 33 5.2.2.7 Cryptographic Operation (Cryptographic Signature) (FCS_COP.1(2)) FCS_COP.1.1(2) Refinement:

Security Target Version 1.0 9/29/2014 34 The evaluator shall use tests from “The Counter with Cipher Block Chaining-Message Authentication

Security Target Version 1.0 9/29/2014 35 all statements that are not 'MUST' (for example, 'MAY', 'SHOULD', &apos

Security Target Version 1.0 9/29/2014 36 FCS_IPSEC_EXT.1.4 The TSF shall ensure that [IKEv1 SA lifetimes are able to be limited by number of

Security Target Version 1.0 9/29/2014 37 Assurance Activity: The evaluator shall check to ensure that the DH groups specified in the requirem

Security Target Version 1.0 9/29/2014 38 TSS shall also describe the checks that are done when negotiating IKEv1 Phase 2 and/or IKEv2 CHILD_SA

Security Target Version 1.0 9/29/2014 39 The evaluators shall perform a Variable Seed Test. The evaluators shall provide a set of 128 (Seed, D

Security Target Version 1.0 9/29/2014 4 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evalua

Security Target Version 1.0 9/29/2014 40 evaluator shall check the operational guidance to ensure that it contains instructions for configurin

Security Target Version 1.0 9/29/2014 41 may have to be restricted to meet the requirements). The evaluator shall also perform the following t

Security Target Version 1.0 9/29/2014 42 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WIT

Security Target Version 1.0 9/29/2014 43 5.2.4 Identification and authentication (FIA) 5.2.4.1 Extended: 802.1X Port Access Entity (Authent

Security Target Version 1.0 9/29/2014 44 Component Assurance Activity: The evaluator shall examine the TSS to determine that it contains a

Security Target Version 1.0 9/29/2014 45 specified in the requirement. The evaluator shall then, for each set of rules, compose passwords that

Security Target Version 1.0 9/29/2014 46 repeat Test 1 using the minimum length; the maximum length; and an invalid length. The minimum and ma

Security Target Version 1.0 9/29/2014 47 5.2.4.8 User Identification and Authentication (FIA_UIA_EXT.1) FIA_UIA_EXT.1.1 The TSF shall allow

Security Target Version 1.0 9/29/2014 48 For each section of RFC 5280, any non-conformance to 'MUST' or 'SHOULD' statemen

Security Target Version 1.0 9/29/2014 49 Component Assurance Activity: Since administrative functions manipulate the TSF data, the analysis

Security Target Version 1.0 9/29/2014 5 Product Part Number(s) Required Software Licenses Firmware Version Aruba 7210 Mobility Controller (

Security Target Version 1.0 9/29/2014 50 ability to remotely administer the TOE remotely from a wireless client shall be disabled by default;

Security Target Version 1.0 9/29/2014 51 Test 2: The evaluator shall ensure, for each method of communication, the channel data is not sent in

Security Target Version 1.0 9/29/2014 52 the product. The evaluator obtains a legitimate update using procedures described in the operational

Security Target Version 1.0 9/29/2014 53 Component Assurance Activity: The evaluator shall perform the following test: Test 1: The evaluat

Security Target Version 1.0 9/29/2014 54 based on a specific value of the attribute. The evaluator shall then attempt to establish a session i

Security Target Version 1.0 9/29/2014 55 FTP_TRP.1.2 Refinement: The TSF shall permit remote administrators to initiate communication via th

Security Target Version 1.0 9/29/2014 56 5.3.1 Development (ADV) 5.3.1.1 Basic functional specification (ADV_FSP.1) ADV_FSP.1.1d The devel

Security Target Version 1.0 9/29/2014 57 operation following failure or operational error), their consequences and implications for maintainin

Security Target Version 1.0 9/29/2014 58 Appendix C and the assurance activities associated with those requirements provide details on the gui

Security Target Version 1.0 9/29/2014 59 ATE_IND.1.2e The evaluator shall test a subset of the TSF to confirm that the TSF operates as speci

Security Target Version 1.0 9/29/2014 6 Aruba 620 Branch Office Controller (FIPS) • 620-F1 • 620-USF1 • Policy Enforcement Firewall • RFpr

Security Target Version 1.0 9/29/2014 60 determine the vulnerabilities that have been found in WLAN Access System products in general, as well

Security Target Version 1.0 9/29/2014 61 6. TOE Summary Specification This chapter describes the security functions: • Security audit • Cry

Security Target Version 1.0 9/29/2014 62 interface (part of operating environment) to read audit logs. Though not required by PP, the TOE also

Security Target Version 1.0 9/29/2014 63 indicate such a failure. An administrator must take action to manually re-synchronize the remote aud

Security Target Version 1.0 9/29/2014 64 HMAC-SHA-384, and SHA-1-96 (digest sizes 160, 256, and 384 bits) FIPS Pub 180-3 1663, 1666 Random bi

Security Target Version 1.0 9/29/2014 65 NIST SP800-56B Section Reference “should”, “should not”, or “shall not” Implemented? Rationale for d

Security Target Version 1.0 9/29/2014 66 DRBG Key SP800-90a (256 bits) Generated per SP800-90A Stored in plaintext in volatile memory. Zeroiz

Security Target Version 1.0 9/29/2014 67 EC Diffie-Hellman shared secret Elliptic Curve Diffie-Hellman ( P-256 and P-384) Established during E

Security Target Version 1.0 9/29/2014 68 IPSec session encryption keys Triple-DES (168 bits / AES (128/196/256 bits) Established during the IP

Security Target Version 1.0 9/29/2014 69 ECDSA Private Key ECDSA suite B P-256 and P-384 curves Generated in the module Stored in flash memory

Security Target Version 1.0 9/29/2014 7 1.2 Conformance Claims This TOE is conformant to the following CC specifications: • Protection Profi

Security Target Version 1.0 9/29/2014 70 The supporting cryptographic functions are included to support the HTTPS/TLS (RFCs 2818 TLS 1.0 (RFC

Security Target Version 1.0 9/29/2014 71 • FCS_CKM.1(1): See table above. • FCS_CKM.1(2): See table above. • FCS_CKM.2(1): See table above.

Security Target Version 1.0 9/29/2014 72 account in the internal database and assign a predefined role to that account. User log in to the Con

Security Target Version 1.0 9/29/2014 73 interoperability testing through custom-built automated test beds which contain numerous client opera

Security Target Version 1.0 9/29/2014 74 into the controller using the “Certificate Manager” section of the Web-based user interface. The con

Security Target Version 1.0 9/29/2014 75 • FMT_MTD.1(2): The TOE provides no interfaces that allow user passwords to be read. Passwords are n

Security Target Version 1.0 9/29/2014 76 CPU and electronic fuses are blown to protect it from overwrite. On bootup, the controller performs

Security Target Version 1.0 9/29/2014 77 • Monitoring > Controller > Clients • Monitoring > WLAN > [ESSID_NAME] > Access Poin

Security Target Version 1.0 9/29/2014 78 The TOE uses the IPsec/IKE protocol with pre-shared keys or certificates to establish a trusted chann

Security Target Version 1.0 9/29/2014 79 7. Protection Profile Claims The ST conforms to the Protection Profile for Wireless Local Area Netwo

Security Target Version 1.0 9/29/2014 8 CLI Command Line Interface CP Control Plane DP Data Plane DoS Denial of Service EAP Extensible Authen

Security Target Version 1.0 9/29/2014 80 8. Rationale This section provides the rationale for completeness and consistency of the Security Ta

Security Target Version 1.0 9/29/2014 81 8.1.1.1 P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, lega

Security Target Version 1.0 9/29/2014 82 8.1.1.6 T.ADMIN_ERROR An administrator may unintentionally install or configure the TOE incorrectly,

Security Target Version 1.0 9/29/2014 83 • O.TOE_ADMINISTRATION: Requires the TOE to provide mechanisms (e.g., local authentication, remote a

Security Target Version 1.0 9/29/2014 84 intruders into the TOE environment, but it does not include physical destructive actions that might b

Security Target Version 1.0 9/29/2014 85 O.AUTH_COMM O.CRYPTOGRAPHIC_FUNCTIONS O.DISPLAY_BANNER O.FAIL_SECURE O.PROTECTED_COMMUNICATIONS

Security Target Version 1.0 9/29/2014 86 • FCS_IPSEC_EXT.1: Requires the TOE provide a mechanism that creates a distinct communication channe

Security Target Version 1.0 9/29/2014 87 8.2.1.3 O.DISPLAY_BANNER The TOE will display an advisory warning regarding use of the TOE. This TO

Security Target Version 1.0 9/29/2014 88 • FCS_HTTPS_EXT.1: References the applicable standards (and indicates any restrictions on those stan

Security Target Version 1.0 9/29/2014 89 • FIA_UAU.7: Ensures that authentication feedback is obscured at the local console. • FIA_UAU_EXT.5

Security Target Version 1.0 9/29/2014 9 2. TOE Description The Target of Evaluation (TOE) consists of Aruba Mobility Controller appliances

Security Target Version 1.0 9/29/2014 90 8.2.1.13 O.TIME_STAMPS The TOE shall provide reliable time stamps and the capability for the adminis

Security Target Version 1.0 9/29/2014 91 This TOE Security Objective is satisfied by ensuring that: • FTA_TSE.1: Provides the capability to

Security Target Version 1.0 9/29/2014 92 ST Requirement CC Dependencies ST Dependencies FPT_FLS.1 none none FPT_ITT.1 none none FPT_R

Security Target Version 1.0 9/29/2014 93 Security audit Cryptographic support User data protection Identification and authentication Sec