Google Pixel Phones on Android 11.0 (MDFPP31/WLANCEP10) Security Target Version 1.6 2021/02/04 Prepared for: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA Prepared By: www.gossamersec.com Google Pixel Phones on Android 11.0 (MDFPP31/WLANCEP10) Security Target Version 1.6, 2021/02/04 1. SECURITY TARGET INTRODUCTION ........................................................................................................ 4 1.1 SECURITY TARGET REFERENCE ...................................................................................................................... 4 1.2 TOE REFERENCE ............................................................................................................................................ 4 1.3 TOE OVERVIEW ............................................................................................................................................. 5 1.4 TOE DESCRIPTION ......................................................................................................................................... 6 1.4.1 TOE Architecture ................................................................................................................................... 7 1.4.2 TOE Documentation .............................................................................................................................. 9 2. CONFORMANCE CLAIMS ............................................................................................................................ 10 2.1 CONFORMANCE RATIONALE ......................................................................................................................... 10 3. SECURITY OBJECTIVES .............................................................................................................................. 11 3.1 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ................................................................... 11 4. EXTENDED COMPONENTS DEFINITION ................................................................................................ 12 5. SECURITY REQUIREMENTS ....................................................................................................................... 15 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 15 5.1.1 Security audit (FAU) ............................................................................................................................ 17 5.1.2 Cryptographic support (FCS) .............................................................................................................. 19 5.1.3 User data protection (FDP) ................................................................................................................. 26 5.1.4 Identification and authentication (FIA) ............................................................................................... 27 5.1.5 Security management (FMT) ............................................................................................................... 31 5.1.6 Protection of the TSF (FPT) ................................................................................................................ 37 5.1.7 TOE access (FTA) ................................................................................................................................ 39 5.1.8 Trusted path/channels (FTP) ............................................................................................................... 39 5.2 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 40 5.2.1 Development (ADV) ............................................................................................................................. 40 5.2.2 Guidance documents (AGD) ................................................................................................................ 41 5.2.3 Life-cycle support (ALC) ..................................................................................................................... 42 5.2.4 Tests (ATE) .......................................................................................................................................... 43 5.2.5 Vulnerability assessment (AVA) ........................................................................................................... 43 6. TOE SUMMARY SPECIFICATION .............................................................................................................. 44 6.1 SECURITY AUDIT .......................................................................................................................................... 44 6.2 CRYPTOGRAPHIC SUPPORT ........................................................................................................................... 47 6.3 USER DATA PROTECTION .............................................................................................................................. 54 6.4 IDENTIFICATION AND AUTHENTICATION ....................................................................................................... 58 6.5 SECURITY MANAGEMENT ............................................................................................................................. 61 6.6 PROTECTION OF THE TSF ............................................................................................................................. 62 6.7 TOE ACCESS ................................................................................................................................................. 66 6.8 TRUSTED PATH/CHANNELS ........................................................................................................................... 67 LIST OF TABLES Table 1 TOE Security Functional Components ...................................................................................................... 17 Table 2 Audit Events ................................................................................................................................................. 19 Table 3 Security Management Functions ................................................................................................................ 32 Table 4 WLAN Security Management Functions ................................................................................................... 36 Table 5 Assurance Components ............................................................................................................................... 40 Table 6 Audit Events ................................................................................................................................................. 46 Table 7 Asymmetric Key Generation ....................................................................................................................... 47 Table 8 - WFA Certificates ....................................................................................................................................... 48 Table 9 - Salt Nonces ................................................................................................................................................. 49 Page 2 of 67 Google Pixel Phones on Android 11.0 (MDFPP31/WLANCEP10) Security Target Version 1.6, 2021/02/04 Table 10 BoringSSL Cryptographic Algorithms .................................................................................................... 49 Table 11 LockSettings Service KDF Cryptographic Algorithms .......................................................................... 49 Table 12 Titan M Hardware Cryptographic Algorithms ....................................................................................... 50 Table 13 SDM845, SDM670, SM7150 Hardware Cryptographic Algorithms ..................................................... 50 Table 14 SM8150 Hardware Cryptographic Algorithms ....................................................................................... 50 Table 15 SM7250 Hardware Cryptographic Algorithms ....................................................................................... 51 Table 16 – Functional Categories ............................................................................................................................. 55 Table 17 Power-up Cryptographic Algorithm Known Answer Tests ................................................................... 65 Page 3 of 67 Google Pixel Phones on Android 11.0 (MDFPP31/WLANCEP10) Security Target Version 1.6, 2021/02/04 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is Pixel Phones on Android 11.0 provided by Google LLC. The TOE is being evaluated as a mobile device. The Security Target contains the following additional sections: Conformance Claims (Section 2) Security Objectives (Section 3) Extended Components Definition (Section 4) Security Requirements (Section 5) TOE Summary Specification (Section 6) Conventions The following conventions have been applied in this document: Security Functional Requirements – Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. o Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by