Specifications
Security Target Version 1.0 9/29/2014
32
distributed when multiple clients connect to the TOE. The evaluator shall also perform the
following test:
Test 1: The evaluator shall successfully connect multiple clients to the TOE. As the clients are
connected, the evaluator shall observe that the GTK is not transmitted in the clear between the
client and the TOE.
Test 2: The evaluator shall cause a broadcast message to be sent to all clients connected to the
TOE. The evaluator shall ensure the message is encrypted and cannot be read.
Test 3: The evaluator shall create at least two multicast groups among a subset of clients
connected to the TOE, each consisting of at least two clients but less than all of the clients
connected to the TOE. Some (but not all) of the clients shall be in both groups. The evaluator shall
ensure that GTKs established are sent to the participating clients and cannot be determine from the
traffic flowing between the clients and the TOE.
Test 4: The evaluator shall cause a multicast message to be sent to the clients in each multicast
group connected to the TOE. The evaluator shall ensure each message is encrypted and cannot be
read.
5.2.2.5 Cryptographic Key Zeroization (FCS_CKM_EXT.4)
FCS_CKM_EXT.4.1
The TSF shall zeroize all plaintext secret and private cryptographic keys and cryptographic
security parameters when no longer required.
Component Assurance Activity:
The evaluator shall check to ensure the TSS describes each of the secret keys (keys used for
symmetric encryption), private keys, and critical security parameters used to generate keys; when
they are zeroized (for example, immediately after use, on system shutdown, etc.); and the type of
zeroization procedure that is performed (overwrite with zeros, overwrite three times with random
pattern, etc.). If different types of memory are used to store the materials to be protected, the
evaluator shall check to ensure that the TSS describes the zeroization procedure in terms of the
type of the memory or storage in which the data are stored (for example, 'secret keys stored on
flash are zeroized by overwriting once with zeros, while secret keys stored on the internal hard
drive are zeroized by overwriting three times with a random pattern that is changed before each
write').
5.2.2.6 Cryptographic Operation (Data Encryption/Decryption) (FCS_COP.1(1))
FCS_COP.1.1(1)
Refinement: The TSF shall perform [encryption and decryption] in accordance with a specified
cryptographic algorithm [AES operating in [CCM or GCM mode]] and cryptographic key sizes
128-bits, 256-bits, and [192 bits] that meets the following: FIPS PUB 197, 'Advanced Encryption
Standard (AES)' and [NIST SP 800-38A, NIST SP 800-38C, NIST SP 800-38D].
Component Assurance Activity:
The evaluator shall use tests appropriate to the modes selected in the above requirement from 'The
Advanced Encryption Standard Algorithm Validation Suite (AESAVS)', 'The XTS-AES
Validation System (XTSVS)', 'The CMAC Validation System (CMACVS)', 'The Counter with
Cipher Block Chaining-Message Authentication Code (CCM) Validation System (CCMVS)', and
'The Galois/Counter Mode (GCM) and GMAC Validation System (GCMVS)' (these documents
are available from http://csrc.nist.gov/groups/STM/cavp/index.html) as a guide in testing the
requirement above. This will require that the evaluator have a trusted reference implementation of
the algorithms that can produce test vectors that are verifiable during the test.