www.GossamerSec.com Assurance Activity Report (MDFPP31/WLANCEP10) for Google Pixel Phones on Android 11.0 Version 0.4 02/04/2021 Prepared by: Gossamer Security Solutions Accredited Security Testing Laboratory – Common Criteria Testing Catonsville, MD 21228 Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Document: AAR-VID11124 © 2020 Gossamer Security Solutions, Inc. All rights reserved. Version 0.4, 02/04/2021 REVISION HISTORY Revision Date Authors Summary Version 0.1 12/11/20 Tammy Compton Initial draft Austin Kimbrell Version 0.2 01/21/21 Austin Kimbrell Address comments Version 0.3 01/29/21 Austin Kimbrell Address comments Version 0.4 02/04/21 Austin Kimbrell Address comments The TOE Evaluation was Sponsored by: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 Evaluation Personnel: Justin Bettencourt Tammy Compton Austin Kimbrell John Messiha Raymond Smoley Gossamer Security Solutions, Inc. Catonsville, MD Common Criteria Versions: Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version 3.1, Revision 5, April 2017 Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, Revision 5, April 2017 Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1, Revision 5, April 2017 Common Evaluation Methodology Versions: Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017 GSS CCT Assurance Activity Report Page 2 of 182 © 2020 Gossamer Security Solutions, Inc. Document: AAR-VID11124 All rights reserved. Version 0.4, 02/04/2021 TABLE OF CONTENTS 1. Introduction ........................................................................................................................................................... 7 1.1 Device Equivalence ...................................................................................................................................... 7 1.2 CAVP Algorithms .......................................................................................................................................... 7 2. Protection Profile SFR Assurance Activities ......................................................................................................... 10 2.1 Security audit (FAU) ................................................................................................................................... 10 2.1.1 Audit Data Generation (MDFPP31:FAU_GEN.1) ................................................................................... 10 2.1.2 Audit Storage Protection (MDFPP31:FAU_STG.1) ................................................................................ 12 2.1.3 Prevention of Audit Data Loss (MDFPP31:FAU_STG.4) ........................................................................ 13 2.2 Cryptographic support (FCS) ...................................................................................................................... 14 2.2.1 Cryptographic key generation (MDFPP31:FCS_CKM.1) ........................................................................ 14 2.2.2 Cryptographic Key Generation (Symmetric Keys for WPA2 Connections) (WLANCEP10:FCS_CKM.1/WLAN) ....................................................................................................................... 18 2.2.3 Cryptographic key establishment (MDFPP31:FCS_CKM.2(1)) .............................................................. 20 2.2.4 Cryptographic key establishment (While device is locked) (MDFPP31:FCS_CKM.2(2))........................ 24 2.2.5 Cryptographic Key Distribution (GTK) (WLANCEP10:FCS_CKM.2/WLAN)............................................. 25 2.2.6 Extended: Cryptographic Key Support (MDFPP31:FCS_CKM_EXT.1) ................................................... 26 2.2.7 Extended: Cryptographic Key Random Generation (MDFPP31:FCS_CKM_EXT.2) ................................ 28 2.2.8 Extended: Cryptographic Key Generation (MDFPP31:FCS_CKM_EXT.3) .............................................. 34 2.2.9 Extended: Key Destruction (MDFPP31:FCS_CKM_EXT.4) ..................................................................... 39 2.2.10 Extended: TSF Wipe (MDFPP31:FCS_CKM_EXT.5) ........................................................................... 42 2.2.11 Extended: Salt Generation (MDFPP31:FCS_CKM_EXT.6) ................................................................. 43 2.2.12 Cryptographic operation (MDFPP31:FCS_COP.1(1)) ........................................................................ 44 2.2.13 Cryptographic operation (MDFPP31:FCS_COP.1(2)) ........................................................................ 49 2.2.14 Cryptographic operation (MDFPP31:FCS_COP.1(3)) ........................................................................ 51 2.2.15 Cryptographic operation (MDFPP31:FCS_COP.1(4)) ........................................................................ 52 2.2.16 Cryptographic operation (MDFPP31:FCS_COP.1(5)) ........................................................................ 53 2.2.17 Extended: HTTPS Protocol (MDFPP31:FCS_HTTPS_EXT.1) ............................................................... 54 2.2.18 Extended: Initialization Vector Generation (MDFPP31:FCS_IV_EXT.1) ............................................ 56 2.2.19 Extended: Cryptographic Operation (Random Bit Generation) (MDFPP31:FCS_RBG_EXT.1) .......... 56 2.2.20 Extended: Cryptographic Algorithm Services (MDFPP31:FCS_SRV_EXT.1) ...................................... 59 GSS CCT Assurance Activity Report Page 3 of 182 © 2020 Gossamer Security Solutions, Inc. Document: AAR-VID11124 All rights reserved. Version 0.4, 02/04/2021 2.2.21 Extended: Cryptographic Algorithm Services (MDFPP31:FCS_SRV_EXT.2) ...................................... 59 2.2.22 Extended: Cryptographic Key Storage (MDFPP31:FCS_STG_EXT.1) ................................................. 60 2.2.23 Extended: Encrypted Cryptographic Key Storage (MDFPP31:FCS_STG_EXT.2) ................................ 63 2.2.24 Extended: Integrity of encrypted key storage (MDFPP31:FCS_STG_EXT.3) ..................................... 64 2.2.25 Extended: TLS Protocol (MDFPP31:FCS_TLSC_EXT.1) ...................................................................... 65 2.2.26 Extensible Authentication Protocol-Transport Layer Security (WLANCEP10:FCS_TLSC_EXT.1/WLAN)................................................................................................................ 71 2.2.27 Extended: TLS Protocol (MDFPP31:FCS_TLSC_EXT.2) ...................................................................... 74 2.2.28 TLS Client Protocol (WLANCEP10:FCS_TLSC_EXT.2/WLAN) ............................................................. 75 2.3 User data protection (FDP) ........................................................................................................................ 76 2.3.1 Extended: Security access control (MDFPP31:FDP_ACF_EXT.1) ........................................................... 76 2.3.2 Extended: Security access control (MDFPP31:FDP_ACF_EXT.2) ........................................................... 82 2.3.3 Extended: Protected Data Encryption (MDFPP31:FDP_DAR_EXT.1) .................................................... 82 2.3.4 Extended: Sensitive Data Encryption (MDFPP31:FDP_DAR_EXT.2) ...................................................... 84 2.3.5 Extended: Subset information flow control (MDFPP31:FDP_IFC_EXT.1) ............................................. 86 2.3.6 Extended: Storage of Critical Biometric Parameters (MDFPP31:FDP_PBA_EXT.1) ............................... 89 2.3.7 Extended: User Data Storage (MDFPP31:FDP_STG_EXT.1) .................................................................. 89 2.3.8 Extended: Inter-TSF user data transfer protection (MDFPP31:FDP_UPC_EXT.1) ................................. 90 2.4 Identification and authentication (FIA) ...................................................................................................... 92 2.4.1 Extended: Authentication failure handling (MDFPP31:FIA_AFL_EXT.1) ............................................... 93 2.4.2 Extended: Bluetooth User Authorization (MDFPP31:FIA_BLT_EXT.1) .................................................. 96 2.4.3 Extended: Bluetooth Mutual Authentication (MDFPP31:FIA_BLT_EXT.2)............................................ 97 2.4.4 Extended: Rejection of Duplicate Bluetooth Connections (MDFPP31:FIA_BLT_EXT.3) ........................ 98 2.4.5 Extended: Secure Simple Pairing (MDFPP31:FIA_BLT_EXT.4) .............................................................. 99 2.4.6 Extended: Bluetooth User Authorization (MDFPP31:FIA_BLT_EXT.6) ................................................ 100 2.4.7 Extended: Accuracy of Biometric Authentication (MDFPP31:FIA_BMG_EXT.1/Fingerprint) ............. 101 2.4.8 Extended: Accuracy of Biometric Authentication (MDFPP31:FIA_BMG_EXT.1/Face) ........................ 103 2.4.9 Port Access Entity Authentication (WLANCEP10:FIA_PAE_EXT.1) ...................................................... 104 2.4.10 Extended: Password Management (MDFPP31:FIA_PMG_EXT.1) ................................................... 105 2.4.11 Extended: Authentication Throttling (MDFPP31:FIA_TRT_EXT.1) .................................................. 106 2.4.12 Multiple Authentication Mechanisms (MDFPP31:FIA_UAU.5) .....................................................