Windows 10, Windows 10 Mobile Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 Microsoft Windows 10 Mobile Security Target Document Information Version Number 0.09 Updated On April 12, 2016 Microsoft © 2016 Page 1 of 161 Windows 10, Windows 10 Mobile Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2016 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft © 2016 Page 2 of 161 Windows 10, Windows 10 Mobile Security Target TABLE OF CONTENTS SECURITY TARGET .........................................................................................................................1 TABLE OF CONTENTS ........................................................................................................................3 LIST OF TABLES .................................................................................................................................7 1 SECURITY TARGET INTRODUCTION ......................................................................................9 1.1 SECURITY TARGET, TOE, AND COMMON CRITERIA (CC) IDENTIFICATION ..............................................9 1.2 CC CONFORMANCE CLAIMS ..................................................................................................... 10 1.3 CONVENTIONS, TERMINOLOGY, ACRONYMS ................................................................................ 10 1.3.1 CONVENTIONS ................................................................................................................................ 10 1.3.2 TERMINOLOGY ................................................................................................................................ 10 1.3.3 ACRONYMS..................................................................................................................................... 14 1.4 ST OVERVIEW AND ORGANIZATION ........................................................................................... 14 2 TOE DESCRIPTION ............................................................................................................. 14 2.1 SECURITY ENVIRONMENT AND TOE BOUNDARY ............................................................................ 15 2.1.1 LOGICAL BOUNDARIES ...................................................................................................................... 15 2.1.2 PHYSICAL BOUNDARIES ..................................................................................................................... 16 2.2 TOE SECURITY SERVICES ......................................................................................................... 16 3 SECURITY PROBLEM DEFINITION ........................................................................................ 18 3.1 THREATS TO SECURITY ............................................................................................................ 18 3.2 ORGANIZATIONAL SECURITY POLICIES ......................................................................................... 18 3.3 SECURE USAGE ASSUMPTIONS .................................................................................................. 19 4 SECURITY OBJECTIVES ....................................................................................................... 20 4.1 TOE SECURITY OBJECTIVES ...................................................................................................... 20 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT .......................................................... 20 5 SECURITY REQUIREMENTS ................................................................................................. 22 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................... 22 Microsoft © 2016 Page 3 of 161 Windows 10, Windows 10 Mobile Security Target 5.1.1 CRYPTOGRAPHIC SUPPORT (FCS) ....................................................................................................... 24 5.1.1.1 Cryptographic Key Generation (FCS_CKM.1(ASYM KA)) ............................................................. 24 5.1.1.2 WLAN Cryptographic Key Generation (FCS_CKM.1(WLAN384)) ................................................ 25 5.1.1.3 WLAN Cryptographic Key Generation (FCS_CKM.1(WLAN704)) ................................................ 25 5.1.1.4 Cryptographic Key Establishment (FCS_CKM.2(ASYM AU)) ........................................................ 25 5.1.1.5 Cryptographic Key Establishment for Group Temporal Key (FCS_CKM.2(GTK))......................... 25 5.1.1.6 Extended: Cryptographic Key Support (FCS_CKM_EXT.1) .......................................................... 26 5.1.1.7 Extended: Cryptographic Key Random Generation (FCS_CKM_EXT.2(128)) .............................. 26 5.1.1.8 Extended: Cryptographic Key Random Generation (FCS_CKM_EXT.2(256)) .............................. 26 5.1.1.9 Extended: Cryptographic Key Generation (FCS_CKM_EXT.3) ..................................................... 26 5.1.1.10 Extended: Key Destruction (FCS_CKM_EXT.4) ........................................................................ 26 5.1.1.11 Extended: TSF Wipe (FCS_CKM_EXT.5) ................................................................................... 27 5.1.1.12 Extended: Salt Generation (FCS_CKM_EXT.6) ........................................................................ 27 5.1.1.13 Cryptographic Operation for Data Encryption/Decryption (FCS_COP.1(SYM)) ...................... 27 5.1.1.14 Cryptographic Operation for Hashing (FCS_COP.1(HASH)) .................................................... 27 5.1.1.15 Cryptographic Operation for Signature Algorithms (FCS_COP.1(SIGN)) ................................. 28 5.1.1.16 Cryptographic Operation for Keyed Hash Algorithms (FCS_COP.1(HMAC)) ........................... 28 5.1.1.17 Cryptographic Operation for Password-Based Key Derivation (FCS_COP.1(PBKD64)) ........... 28 5.1.1.18 Cryptographic Operation for Password-Based Key Derivation (FCS_COP.1(PBKDARM)) ....... 28 5.1.1.19 Extended: Initialization Vector Generation (FCS_IV_EXT.1) ................................................... 29 5.1.1.20 Extended: Random Bit Generation (FCS_RBG_EXT.1) ............................................................ 29 5.1.1.21 Extended: Cryptographic Algorithm Services (FCS_SRV_EXT.1) ............................................. 29 5.1.1.22 Extended: Cryptographic Key Storage (FCS_STG_EXT.1(C)).................................................... 29 5.1.1.23 Extended: Cryptographic Key Storage (FCS_STG_EXT.1(M)) .................................................. 30 5.1.1.24 Extended: Encrypted Cryptographic Key Storage (FCS_STG_EXT.2) ....................................... 30 5.1.1.25 Extended: Encrypted Integrity of Cryptographic Key Storage (FCS_STG_EXT.3) .................... 30 5.1.1.26 Extended: EAP TLS Protocol (FCS_TLSC_EXT.1(C)) .................................................................. 31 5.1.1.27 Extended: EAP TLS Protocol (FCS_TLSC_EXT.1(M)) ................................................................. 32 5.1.1.28 Extended: TLS Protocol (FCS_TLSC_EXT.2) .............................................................................. 32 5.1.1.29 Extended: HTTPS Protocol (FCS_HTTPS_EXT.1) ...................................................................... 33 5.1.2 USER DATA PROTECTION (FDP) ......................................................................................................... 33 5.1.2.1 Extended: Security Access Control (FDP_ACF_EXT.1) ................................................................