Security Target of Huawei 3900 Series LTE eNodeB Access control

  • View
    214

  • Download
    1

Embed Size (px)

Text of Security Target of Huawei 3900 Series LTE eNodeB Access control

  • Security Target of Huawei 3900 Series LTE eNodeB Access control

    Software

    Version: 3.0 Last Update: 2014-11-24 Author: Huawei Technologies Co., Ltd.

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 2 -

    Table of Contents 1. Introduction ___________________________________________________________________71.1. ST Reference __________________________________________________________________71.2. TOE Reference_________________________________________________________________71.3. Product Overview ______________________________________________________________71.4. TOE Overview _________________________________________________________________81.4.1.TOE usage ____________________________________________________________________81.4.2.TOE major security features _____________________________________________________81.4.3.TOE type_____________________________________________________________________101.4.4.Non TOE Hardware and Software________________________________________________111.5. TOE Description ______________________________________________________________161.5.1.Logical Scope _________________________________________________________________161.5.2.Physical Scope ________________________________________________________________202. Conformance claim ____________________________________________________________223. Security Problem Definition _____________________________________________________233.1. Organizational Policies _________________________________________________________233.1.1.P1.Audit _____________________________________________________________________233.1.2.P2. Authorisation ______________________________________________________________233.1.3.P3. Resources _________________________________________________________________233.2. Assumptions __________________________________________________________________233.2.1.Physical ______________________________________________________________________233.2.2.Personnel ____________________________________________________________________233.2.3.Connectivity __________________________________________________________________233.2.4.Support ______________________________________________________________________244. Security Objectives ____________________________________________________________254.1. Security Objectives for the TOE__________________________________________________254.2. Security Objectives for the Operational Environment________________________________264.3. Security Objectives rationale ____________________________________________________274.3.1.Coverage _____________________________________________________________________274.3.2.Sufficiency ___________________________________________________________________275. Security Requirements for the TOE_______________________________________________295.1. Security Requirements _________________________________________________________295.1.1.Security Audit (FAU)___________________________________________________________295.1.1.1. FAU_GEN.1 Audit data generation __________________________________________295.1.1.2. FAU_GEN.2 User identity association ________________________________________295.1.1.3. FAU_SAR.1 Audit review __________________________________________________305.1.1.4. FAU_SAR.3 Selectable Audit review _________________________________________305.1.1.5. FAU_STG.1 Protected audit trail storage _____________________________________305.1.1.6. FAU_STG.3 Action in case of possible audit data loss ___________________________305.1.2.User Data Protection (FDP) _____________________________________________________305.1.2.1. FDP_ACC.1/Local Subset access control ______________________________________305.1.2.2. FDP_ACF.1/Local Security attribute based access control _______________________315.1.2.3. FDP_ACC.1/Domain Subset access control ____________________________________315.1.2.4. FDP_ACF.1/Domain Security attribute based access control _____________________315.1.2.5. FDP_ACC.1/EMSCOMM Subset access control________________________________325.1.2.6. FDP_ACF.1/EMSCOMM Security attribute based access control _________________32

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 3 -

    5.1.3.Identification and Authentication (FIA) ___________________________________________335.1.3.1. FIA_AFL.1 Authentication failure handling ___________________________________335.1.3.2. FIA_ATD.1 User attribute definition _________________________________________335.1.3.3. FIA_SOS.1 Verification of secrets ___________________________________________345.1.3.4. FIA_UAU.1/Local Timing of authentication ___________________________________345.1.3.5. FIA_UAU.2/EMSCOMM User authentication before any action __________________345.1.3.6. FIA_UAU.5 Multiple authentication mechanisms_______________________________355.1.3.7. FIA_UID.1/Local Timing of identification ____________________________________355.1.3.8. FIA_UID.2/ EMSCOMM User identification before any action ___________________355.1.4.Security Management (FMT) ____________________________________________________355.1.4.1. FMT_MSA.1 Management of security attributes _______________________________355.1.4.2. FMT_MSA.3 Static attribute initialization ____________________________________365.1.4.3. FMT_SMF.1 Specification of Management Functions ___________________________365.1.4.4. FMT_SMR.1 Security roles_________________________________________________365.1.5.TOE access (FTA) _____________________________________________________________375.1.5.1. FTA_TSE.1/SEP TOE session establishment___________________________________375.1.5.2. FTA_TSE.1/Local TOE session establishment _________________________________375.2. Security Functional Requirements Rationale _______________________________________375.2.1.Coverage _____________________________________________________________________375.2.2.Sufficiency ___________________________________________________________________395.2.3.Security Requirements Dependency Rationale ______________________________________405.3. Security Assurance Requirements ________________________________________________415.4. Security Assurance Requirements Rationale _______________________________________426. TOE Summary Specification ____________________________________________________436.1. TOE Security Functionality _____________________________________________________436.1.1.Identification and Authentication_________________________________________________436.1.2.Access control_________________________________________________________________446.1.3.Auditing _____________________________________________________________________456.1.4.Resource management__________________________________________________________456.1.5.Security function management ___________________________________________________467. Abbreviations, Terminology and References________________________________________487.1. Abbreviations _________________________________________________________________487.2. Terminology __________________________________________________________________497.3. References____________________________________________________________________49

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 4 -

    List of figures Figure 1 LTE/SAE network __________________________________________________________10 Figure 2 BBU3900/BBU3910 subrack_________________________________________________11 Figure 3 Non TOE hardware and software environment _________________________________12 Figure 4 Software architecture _______________________________________________________16 Figure 5 TOE Logical Scope_________________________________________________________17

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 5 -

    List of tables Table 1 Physical Scope _____________________________________________________________20 Table 2 Mapping of security objectives ________________________________________________27 Table 3 Sufficiency analysis for assumptions___________________________________________27 Table 4 Sufficiency analysis for organizational security policy ____________________________28 Table 5 Mapping SFRs to objectives__________________________________________________38 Table 6 SFR sufficiency analysis _____________________________________________________40 Table 7 Dependencies between TOE Security Functional Requirements ___________________41 Table 8 Security Assurance Requirements ____________________________________________42

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 6 -

    Changes control

    Version Date Author Changes to previous version

    V3.0 2014-11-24 Dong Changcong

  • Huawei 3900 Series LTE eNodeB Access control Software Security Target

    - 7 -

    1. Introduction 1 This Security Target is for the CC evaluation of Huawei 3900 Series

    LTE (Long Term Evolution) eNodeB Access Control Software, the TOE Version is V100R008C01SPC820 and is based on Huawei HERT-BBU (Huawei Enhanced Radio Technology-Base Band Unit) V3R3C01.

    1.1. ST Reference

    Title Security Target of Huawei 3900 Series LTE eNodeB Access Control Software

    Version V 3.0 Author Dong Changcong, Song Zhuo Publication Date 2014-11-24

    1.2. TOE Reference

    TOE Name Huawei 3900 Series LTE eNodeB Access control Software (a.k.a. eNodeB AC)

    TOE Version V100R008C01SPC820 TOE Developer Huawei

    1.3. Product Overview

    2 3GPP Long Term Evolution (LTE), is the latest standard in the mobile network technology tree that produced the GSM/EDGE and UMTS/HSDPA network technologies. It is a project of the 3rd Generation Partnership Project (3GPP), operating under a name trademarked by one of the associations within the partnership, the European Telecommunications Stan