TD0817: MACsec Data Delay Protection, Key Agreement, and Conditional Support for Group CAK
Publication Date
2024.03.22
Protection Profiles
MOD_MACSEC_V1.0
Other References
FCS_MKA_EXT.1.4, FCS_MKA.1.7, FPT_DDP_EXT.1, MOD_MACSEC_V1.0-SD
Issue Description
FPT_DDP_EXT.1.1 is meant to be optional but an inconsistency with FCS_MKA_EXT.1.4 currently makes it mandatory. Group CAK support is not mandatory; however the generation of a Group CAK is still required for FCS_MKA_EXT.1 tests. Also, the current SFR implied that data delay protection was required for for MACsec frames instead of just MKA frames. Resolution
This TD supersedes TD0787 and TD0805, which are now archived.
FCS_MKA_EXT.1.4 in MOD_MACSEC_V1.0 is modified as follows, with green highlighted underlines denoting addition:
FCS_MKA_EXT.1.4: The TSF shall enforce an MKA Lifetime Timeout limit of 6.0 seconds and [selection: MKA Hello Time limit of 2 seconds, MKA Bounded Hello Time limit of 0.5 seconds]. Application Note: The key server may also distribute a group CAK established by pairwise CAKs. If optional requirement FPT_DDP_EXT.1 is claimed, then "MKA Bounded Hello Time limit of 0.5 seconds" must be selected.
FPT_DDP_EXT.1 Application Note in MOD_MACSEC_V1.0 is added as follows, with green highlighted underlines denoting addition: Application Note: if FPT_DDP_EXT.1 is claimed, then the corresponding selection of "MKA Bounded Hello Time limit of 0.5 seconds" must be made in FCS_MKA_EXT.1.4.
FCS_MKA_EXT.1 Tests 13, 14 and 15 in the MOD_MACSEC_V1.0-SD are modified as follows: Tests The tests below require the TOE to be deployed in an environment with two MACsec-capable peers, identified as devices B and C, that the TOE can communicate with. Prior to performing these tests, the evaluator shall follow the steps in the guidance documentation to configure the TOE as the key server and principal actor (peer). The evaluator shall then perform the following tests using a traffic sniffer to capture this traffic: - Test 13a: The evaluator shall configure the TOE to establish a MKA session with a new peer. The evaluator shall verify that the TOE sends a fresh SAK to the peer and sends other MKPDUs required for a new session. The evaluator shall verify from packet captures that MKPDUs are sent at least once every two seconds or every half-second, in accordance with the SFR selection. Test 13b: (Conditional - If "EAPTLS with DevIDs" is selected in FCS_MACSEC_EXT.4.1) The evaluator shall use EAP-TLS to derive a CAK and configure the TOE's peer to send "0" in the MKA parameter field for MACsec Capability (Table 11-6 in 802.1X-2020). The evaluator shall observe that the peer is deleted from the connection after MKA Life Time has passed. - Test 1 -Test 14b: (Conditional - if any "group CAK" selection is made in FCS_MKA_EXT.1.5) Disconnect one of the peers. Test 15: (Conditional - if any "group CAK" selection is made in FCS_MKA_EXT.1.5) The evaluator shall perform the following steps: 1. Load one PSK onto the TOE and device B and a second PSK onto the TOE and device C. This defines two pairwise CAs. 2. Generate a group CAK for the group of three devices using ieee8021XKayCreateNewGroup. 3. Observe via packet capture that the TOE distributes the group CAK to the two peers, protected by AES key wrap using their respective PSKs. 4. Verify that B can form an SA with C and connect securely. 5. Disable the KaY functionality of device C using ieee8021XPaePortKayMkaEnable. 6. Generate a group CAK for the TOE and B using ieee8021XKayCreateNewGroup and observe they can connect. 7. The evaluator shall have B attempt to connect to C and observe this fails. 8. Re-enable the KaY functionality of device C. 9. Invoke ieee8021XKayCreateNewGroup again. 10. Verify that both the TOE can connect to C and that B can connect to C.
Justification
Tests 14 and 15 were modified to make the group CAK tests conditional upon the selection and updated to address inconsistencies with the timeout limit, and tests 13 and 14 were modified to make clear that only MKA frames require data delay protection. |