Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 11 – Spring Security Target Version: 1.0 2021/03/11 Prepared for: Samsung Electronics Co., Ltd. 416 Maetan-3dong, Yeongtong-gu, Suwon-si, Gyeonggi-do, 443-742 Korea Prepared By: www.gossamersec.com Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 11 – Version: 1.0 Spring Security Target Date: 2021/03/11 Table of Contents 1 Security Target Introduction .......................................................................................................4 1.1 Security Target Reference ............................................................................................................. 5 1.2 TOE Reference ............................................................................................................................... 6 1.3 TOE Overview ................................................................................................................................ 6 1.4 TOE Description............................................................................................................................. 6 1.4.1 TOE Architecture ................................................................................................................. 11 1.4.2 TOE Documentation ............................................................................................................ 13 2 Conformance Claims ................................................................................................................. 14 2.1 Conformance Rationale .............................................................................................................. 15 3 Security Objectives ................................................................................................................... 16 3.1 Security Objectives for the Operational Environment ................................................................ 16 4 Extended Components Definition.............................................................................................. 17 5 Security Requirements.............................................................................................................. 20 5.1 TOE Security Functional Requirements ...................................................................................... 20 5.1.1 Security Audit (FAU) ............................................................................................................ 23 5.1.2 Cryptographic Support (FCS) ............................................................................................... 24 5.1.3 User Data Protection (FDP) ................................................................................................. 34 5.1.4 Identification and Authentication (FIA) .............................................................................. 36 5.1.5 Security Management (FMT) .............................................................................................. 41 5.1.6 Protection of the TSF (FPT) ................................................................................................. 49 5.1.7 TOE Access (FTA) ................................................................................................................. 52 5.1.8 Trusted Path/Channels (FTP) .............................................................................................. 52 5.2 TOE Security Assurance Requirements ....................................................................................... 53 5.2.1 Development (ADV) ............................................................................................................ 53 5.2.2 Guidance Documents (AGD) ............................................................................................... 54 5.2.3 Life-cycle Support (ALC) ...................................................................................................... 55 5.2.4 Tests (ATE) ........................................................................................................................... 56 5.2.5 Vulnerability Assessment (AVA) .......................................................................................... 56 6 TOE Summary Specification ...................................................................................................... 57 6.1 Security Audit .............................................................................................................................. 57 6.2 Cryptographic Support ................................................................................................................ 59 6.3 User Data Protection ................................................................................................................... 71 6.4 Identification and Authentication ............................................................................................... 75 6.5 Security Management ................................................................................................................. 81 6.6 Protection of the TSF .................................................................................................................. 82 6.7 TOE Access .................................................................................................................................. 86 6.8 Trusted Path/Channels ............................................................................................................... 87 6.9 Work Profile Functionality .......................................................................................................... 87 2 of 88 Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 11 – Version: 1.0 Spring Security Target Date: 2021/03/11 List of Tables Table 1 - Glossary .......................................................................................................................................... 5 Table 2 - Evaluated Devices .......................................................................................................................... 6 Table 3 - Equivalent Devices ......................................................................................................................... 7 Table 4 - Carrier Models ................................................................................................................................ 9 Table 5 - Technical Decisions ...................................................................................................................... 15 Table 6 - Extended SFRs and SARs .............................................................................................................. 19 Table 7 - TOE Security Functional Requirements ........................................................................................ 23 Table 8 - Security Management Functions ................................................................................................. 48 Table 9 - Audit Events ................................................................................................................................. 58 Table 10 - Asymmetric Key Generation per Module .................................................................................. 59 Table 11 - W-Fi Alliance Certificates ........................................................................................................... 60 Table 12 - Salt Creation ............................................................................................................................... 62 Table 13 - BoringSSL Cryptographic Algorithms ......................................................................................... 62 Table 14 - Samsung Crypto Extension Cryptographic Algorithms .............................................................. 62 Table 15 - Kernel Versions .......................................................................................................................... 63 Table 16 - Samsung Kernel Cryptographic Algorithms ............................................................................... 63 Table 17 - TEE Environments ...................................................................................................................... 63 Table 18 - SCrypto TEE Cryptographic Algorithms ...................................................................................... 64 Table 19 - Hardware Components .............................................................................................................. 64 Table 20 - FMP Driver Algorithms ............................................................................................................... 65 Table 21 - Storage Hardware Algorithms .................................................................................................... 65 Table 22 - Wi-Fi Hardware Components ..................................................................................................... 65 Table 23 - Wi-Fi Chip Algorithms ................................................................................................................ 65 Table 24 - Mutable Key Storage Components ............................................................................................ 65 Table 25 - Mutable Key Storage Cryptographic Algorithms........................................................................ 66 Table 26 - SoC Cryptographic Algorithms ................................................................................................... 67 Table 27 - Key Management Matrix...........................................................................................................