BlackBerry Smartphones with OS 10.3.3 Security Target Doc No: 1958-001-D102 Version: 1.10 9 January 2017 BlackBerry 2200 University Ave. E Waterloo, Ontario, Canada N2K 0A7 Prepared by: EWA-Canada 1223 Michael Street, Suite 200 Ottawa, Ontario, Canada K1J7T2 BlackBerry Smartphones with OS 10.3.3 Security Target CONTENTS 1 SECURITY TARGET INTRODUCTION ............................................. 1 1.1 DOCUMENT ORGANIZATION............................................................. 1 1.2 SECURITY TARGET REFERENCE ........................................................ 1 1.3 TOE REFERENCE ............................................................................. 2 1.4 TOE OVERVIEW .............................................................................. 2 1.5 TOE DESCRIPTION .......................................................................... 3 1.5.1 Physical Scope ............................................................................... 3 1.5.2 TOE Guidance ................................................................................ 5 1.5.3 Logical Scope ................................................................................. 6 2 CONFORMANCE CLAIMS ............................................................... 8 2.1 COMMON CRITERIA CONFORMANCE CLAIM ........................................ 8 2.2 ASSURANCE PACKAGE CLAIM ........................................................... 8 2.3 PROTECTION PROFILE CONFORMANCE CLAIM .................................... 8 3 SECURITY PROBLEM DEFINITION .............................................. 10 3.1 THREATS ..................................................................................... 10 3.2 ORGANIZATIONAL SECURITY POLICIES ........................................... 11 3.3 ASSUMPTIONS ............................................................................. 11 4 SECURITY OBJECTIVES .............................................................. 13 4.1 SECURITY OBJECTIVES FOR THE TOE .............................................. 13 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ......... 14 4.3 SECURITY OBJECTIVES RATIONALE ................................................ 14 4.3.1 Security Objectives Rationale Related to Threats .............................. 15 4.3.2 Security Objectives Rationale Related to Organizational Security Policies 20 4.3.3 Security Objectives Rationale Related to Assumptions ....................... 21 5 EXTENDED COMPONENTS DEFINITION ...................................... 24 5.1 EXTENDED SECURITY FUNCTIONAL REQUIREMENTS ......................... 24 CLASS FAU: SECURITY AUDIT ................................................................... 25 5.1.1 FAU_ALT_EXT .............................................................................. 25 5.2 CLASS FCS: CRYPTOGRAPHIC SUPPORT .......................................... 26 5.2.1 FCS_CKM .................................................................................... 26 Doc No: 1958-001-D102 Version: 1.10 Date: 9 January 2017 Page i of vii BlackBerry Smartphones with OS 10.3.3 Security Target 5.2.2 FCS_HTTPS_EXT .......................................................................... 30 5.2.3 FCS_IV_EXT ................................................................................ 30 5.2.4 FCS_RBG_EXT ............................................................................. 32 5.2.5 FCS_SRV_EXT ............................................................................. 33 5.2.6 FCS_STG_EXT ............................................................................. 34 5.2.7 FCS_TLSC_EXT ............................................................................ 36 5.3 CLASS FDP: USER DATA PROTECTION ............................................. 39 5.3.1 FDP_ACF ..................................................................................... 40 5.3.2 FDP_DAR_EXT ............................................................................. 40 5.3.3 FDP_IFC ...................................................................................... 41 5.3.4 FDP_STG_EXT ............................................................................. 42 5.3.5 FDP_UPC_EXT .............................................................................. 42 5.4 CLASS FIA: IDENTIFICATION AND AUTHENTICATION ........................ 43 5.4.1 FIA_AFL ...................................................................................... 44 5.4.2 FIA_BLT_EXT ............................................................................... 45 5.4.3 FIA_ENR_EXT .............................................................................. 46 5.4.4 FIA_PAE_EXT ............................................................................... 47 5.4.5 FIA_PMG_EXT .............................................................................. 47 5.4.6 FIA_TRT_EXT ............................................................................... 48 5.4.7 FIA_UAU ..................................................................................... 49 5.4.8 FIA_X509_EXT ............................................................................. 50 5.5 CLASS FMT: SECURITY MANAGEMENT ............................................. 52 5.5.1 FMT_MOF .................................................................................... 53 5.5.2 FMT_POL_EXT .............................................................................. 54 5.5.3 FMT_SMF .................................................................................... 54 5.5.4 FMT_UNR_EXT ............................................................................. 61 5.6 CLASS FPT: PROTECTION OF THE TSF ............................................. 61 5.6.1 FPT_AEX_EXT .............................................................................. 62 5.6.2 FPT_BBD_EXT .............................................................................. 63 5.6.3 FPT_KST_EXT .............................................................................. 64 5.6.4 FPT_NOT_EXT .............................................................................. 65 5.6.5 FPT_TST ..................................................................................... 66 5.6.6 FPT_TUD_EXT .............................................................................. 67 5.7 CLASS FTA: TOE ACCESS .............................................................. 68 5.7.1 FTA_SSL ..................................................................................... 68 Doc No: 1958-001-D102 Version: 1.10 Date: 9 January 2017 Page ii of vii BlackBerry Smartphones with OS 10.3.3 Security Target 5.7.2 FTA_WSE_EXT ............................................................................. 70 5.8 CLASS FTP: TRUSTED PATH/CHANNEL ............................................ 71 5.8.1 FTP_ITC ...................................................................................... 71 5.9 EXTENDED SECURITY ASSURANCE REQUIREMENTS .......................... 72 5.9.1 ALC_TSU_EXT Timely Updates (ALC_TSU_EXT) ................................ 72 6 SECURITY REQUIREMENTS ........................................................ 74 6.1 CONVENTIONS ............................................................................. 74 6.2 TOE SECURITY FUNCTIONAL REQUIREMENTS................................... 74 6.2.1 Security Audit (FAU) ..................................................................... 77 6.2.2 Cryptographic Support (FCS) ......................................................... 78 6.2.3 User Data Protection (FDP) ............................................................ 86 6.2.4 Identification and Authentication (FIA) ............................................ 87 6.2.5 Security Management (FMT) .......................................................... 90 6.2.6 Protection of the TSF (FPT) ............................................................ 95 6.2.7 TOE Access (FTA) ......................................................................... 97 6.2.8 Trusted Path/Channels (FTP) ......................................................... 98 6.3 SECURITY FUNCTIONAL REQUIREMENTS RATIONALE ........................ 99 6.4 DEPENDENCY RATIONALE ............................................................ 103 6.5 TOE SECURITY ASSURANCE REQUIREMENTS ................................. 106 7 TOE SUMMARY SPECIFICATION ............................................... 108 7.1 SECURITY AUDIT ........................................................................ 108 7.1.1 Agent alerts ............................................................................... 108 7.2 CRYPTOGRAPHIC SUPPORT .......................................................... 108 7.2.1 Cryptographic Key Generation ..................................................... 108 7.2.2 Cryptographic Key Generation for WLAN ....................................... 109 7.2.3 Cryptographic Key Establishment ................................................. 111 7.2.4 Cryptographic Key Distribution (WLAN) ......................................... 112 7.2.5 Cryptographic Key Support (REK) ................................................. 112 7.2.6 Cryptographic Key Random Generation ......................................... 112 7.2.7 Cryptographic Key Generation ..................................................... 113 7.2.8 Cryptographic Key Destruction ..................................................... 113 7.2.9 TSF Wipe .................................................................................