bbu3900 huawei

Download BBU3900 huawei

Post on 01-Jun-2018

231 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • 8/9/2019 BBU3900 huawei

    1/55

     

    Security Target of Huawei WiMAX BS Software

    Version: 0.94

    Last Update: 2011-10-10

     Author: Huawei Technologies Co., Ltd.

  • 8/9/2019 BBU3900 huawei

    2/55

  • 8/9/2019 BBU3900 huawei

    3/55

    Huawei WiMAX BS Software Security Target 

    5.1.2.3.  FCS_COP.1/ R1 Cryptographic operation _____________________________________32 

    5.1.2.4.  FCS_COP.1/ R6 Cryptographic operation _____________________________________32 

    5.1.2.5.  FCS_CKM.1/ SSL Cryptographic key generation _______________________________ 32 

    5.1.2.6.  FCS_CKM.1/ R1 Cryptographic key generation ________________________________32 

    5.1.2.7.  FCS_CKM.1/ R6 Cryptographic key generation ________________________________33 

    5.1.3. User Data Protection (FDP) _____________________________________________________33  5.1.3.1.  FDP_ACC.1/ Local Subset access control ______________________________________33 

    5.1.3.2.  FDP_ACF.1/ Local Security attribute based access control _______________________33 

    5.1.3.3.  FDP_ACC.1/ Domain Subset access control ____________________________________34 

    5.1.3.4.  FDP_ACF.1/ Domain Security attribute based access control _____________________34 

    5.1.3.5.  FDP_ACC.1/ EMSCOMM Subset access control________________________________34 

    5.1.3.6.  FDP_ACF.1/ EMSCOMM Security attribute based access control _________________34 

    5.1.4. Identification and Authentication (FIA) ___________________________________________35 

    5.1.4.1.  FIA_AFL.1 Authentication failure handling ___________________________________35 

    5.1.4.2.  FIA_ATD.1 User attribute definition _________________________________________35 

    5.1.4.3.  FIA_SOS.1 Verification of secrets ___________________________________________36  5.1.4.4.  FIA_UAU.1 Timing of authentication ________________________________________36 

    5.1.4.5.  FIA_UAU.5 Multiple authentication mechanisms_______________________________36 

    5.1.4.6.  FIA_UID.1 Timing of identification__________________________________________37 

    5.1.5. Security Management (FMT) ____________________________________________________37 

    5.1.5.1.  FMT_MSA.1 Management of security attributes _______________________________37 

    5.1.5.2.  FMT_MSA.3 Static attribute initialization ____________________________________37 

    5.1.5.3.  FMT_SMF.1 Specification of Management Functions ___________________________ 38 

    5.1.5.4.  FMT_SMR.1 Security roles_________________________________________________38 

    5.1.6. TOE access (FTA) _____________________________________________________________39 

    5.1.6.1.  FTA_TSE.1/ SEP TOE session establishment___________________________________39 

    5.1.6.2.  FTA_TSE.1/ Local TOE session establishment _________________________________39 

    5.1.7. Trusted Path/Channels (FTP)____________________________________________________39 

    5.1.7.1.  FTP_TRP.1/ WebLMT Trusted path _________________________________________39 

    5.1.7.2.  FTP_ITC.1/ IntegratedPort Inter-TSF trusted channel __________________________40 

    5.2.  Security Functional Requirements Rationale _______________________________________40 

    5.2.1. Coverage _____________________________________________________________________40 

    5.2.2. Sufficiency ___________________________________________________________________41 

    5.2.3. Security Requirements Dependency Rationale ______________________________________43 

    5.3.  Security Assurance Requirements ________________________________________________45 

    5.4.  Security Assurance Requirements Rationale _______________________________________45 

    6.  TOE Summary Specification ____________________________________________________46 

    6.1.  TOE Security Functionality _____________________________________________________46 

    6.1.1. Authentication ________________________________________________________________46 

    6.1.2. Access control_________________________________________________________________46 

    6.1.3. Auditing _____________________________________________________________________48 

    6.1.4. Communications security _______________________________________________________48 

    6.1.5. R1 Interface Encryption ________________________________________________________49 

    6.1.6. R6 Interface Encryption ________________________________________________________49 

    6.1.7. Resource management__________________________________________________________50 

    6.1.8. Security function management___________________________________________________51 

    6.1.9. Digital Signature ______________________________________________________________52  7.  Abbreviations, Terminology and References________________________________________53 

    - 3 -

  • 8/9/2019 BBU3900 huawei

    4/55

    Huawei WiMAX BS Software Security Target 

    7.1.  Abbreviations _________________________________________________________________ 53 

    7.2.  Terminology __________________________________________________________________55 

    7.3.  References____________________________________________________________________55  

    - 4 -

  • 8/9/2019 BBU3900 huawei

    5/55

    Huawei WiMAX BS Software Security Target 

    List of figures

    Figure 1 WiMAX network____________________________________________________________11   Figure 2 BBU3900 subrack __________________________________________________________11   Figure 3 Non TOE hardware and software environment   _________________________________12 

    Figure 4 Software architecture   _______________________________________________________16   Figure 5 TOE Logical Scope_________________________________________________________17  

    - 5 -

  • 8/9/2019 BBU3900 huawei

    6/55

    Huawei WiMAX BS Software Security Target 

    List of tables

    Table 1 Physical Scope _____________________________________________________________20   Table 2 TOE assets   ________________________________________________________________22  Table 3 Threats agents   _____________________________________________________________22  Table 4 Mapping of security objectives________________________________________________28 

     

    Table 5 Sufficiency analysis for threats________________________________________________29  

    Table 6 Sufficiency analysis for assumptions___________________________________________29   Table 7 Sufficiency analysis for organizational security policy   ____________________________29

     

    Table 8 Mapping SFRs to objectives __________________________________________________41   Table 9 SFR sufficiency analysis _____________________________________________________42

     

    Table 10 Dependencies between TOE Security Functional Requirements__________________45   Table 11 Security Assurance Requirements   ___________________________________________45

     

    - 6 -

  • 8/9/2019 BBU3900 huawei

    7/55

    Huawei WiMAX BS Software Security Target 

    Changes control

    Version Date  Author Changes to previous version

    V0.10 2010-12-13 XuYongxi,QianJianying  ---

    V0.20 2010-12-20 XuYongxi, QianJianying 

    Modify as suggestion as expert adviser

    V.30 2011-01-27 XuYongxi, QianJianying 

    Modify according to Observation report

    V.40 2011-02-12 XuYongxi   Modify according to Observation report

    V.50 2011-02-18 XuYongxi   Modify as suggestion as expert adviser

    V.60 2011-02-23 XuYongxi   Modify as suggestion as expert adviser

    V.70 2011-03-02 XuYongxi   Modify as suggestion as expert adviser

    V.91 2011-07-28 XuYongxi Modify as suggestion as expert adviser

    V.92 2011-08-05 XuYongxi Modify as suggestion as expert adviser

    V.93 2011-08-29 XuYongxi Modify as suggestion as expert adviser

    V.94 2011-10-10 XuYongxi Modify as suggestion as expert adviser

    - 7 -

  • 8/9/2019 BBU3900 huawei

    8/55

    Huawei WiMAX BS Software Security Target 

    1. Introduction

    1  This Security Target is for the CC evaluation of Huawei WiMAX (World Interoperability for Microwave Access) BS Software, the TOE Version is

    V300R003C01SPC100 and is based on Huawei HERT-BBU (Huawei Enhanced Radio Technology-Base Band Unit) V200R007C01.

    1.1. ST Reference

    Title Security Target of Huawei WiMAX BS Software

    Version v0.94  Author XuYongxi,QianJianying Publication Date 2011-10-10

    1.2. TOE Reference

    TOE Name Huawei WiMAX BS Software (a.k.a. WiMAX BS)

    TOE Version V300R003C01SPC100 TOE Developer Huawei

    1.3. TOE Overview

    2  World Interoperability for Microwave Access (WiMAX) is a next- generation IP-based wireless communication technology that can provide broadband wireless access in many scenarios, such as mobility, nomadic, portable, and mobile applications, under the non line sight circumstance. In the aspect of Specific support business, WiMAX technology, with its high bandwidth and improved quality of service (QoS) guarantees mechanism, to provide users with mobile or fixed scenarios of high-speed Internet access (HSI), high-quality Voice over IP (VoIP) service (based on NGN or IMS), video On-demand, mobile TV and other services.

    3  The Huawei WiMAX BS Software complies with IEEE 802.