Security Target
Version 1.1
2022-03-08
10
The TOEs proprietary design
ensures there is no possibility of data leakage from a user’s peripheral output
device to the input device; ensures that no unauthorized data flows from the monitor to a connected
computer; and unidirectional buffers ensure that the audio data can travel only from the selected
computer to the audio device. There is no possibility of data leakage between computers or from a
peripheral device connected to a console port to a non-selected computer. Each connected computer has
its own independent Device Controller, power circuit, and EEPROM. Additionally, keyboard and mouse
are always switched together.
All Secure KVM Switch components including the RPS, feature hardware security mechanisms including
tamper-evident labels, always active chassis-intrusion detection, and tamper-proof hardware
construction, while software security includes restricted USB connectivity (non-Human Interface Devices
(HIDs) are ignored when switching), an isolated channel per port that makes it impossible for data to be
communicated between computers, and automatic clearing of the keyboard and mouse buffer.
The IOGEAR Port Authentication Utility must be installed on a separate secure source computer using an
installation wizard. The utility supports Microsoft Windows 8 and higher. The Port Authentication Utility
computer connects to the TOE via USB connection to Computer Port 1. The dedicated secure source
computer must have its own monitor, keyboard, and mouse connected for installation and operation.
A detailed description of the TOE security features can be found in Section 6 (TOE Summary Specification).
2.3.1
Physical Boundary
The TOE includes the RPS and hardware models identified in Section 1.1 along with embedded firmware
v1.1.101 and corresponding documentation identified in Section 2.5 below.
An optional KVM cable set (not supplied with the TOE) is available as a separate purchase. The KVM cable
sets are built for the KVM connection to the PCs, providing better compatibility. Users can connect the
KVM and PCs using their own cable sets as long as the protocols are compatible but the vendor KVM cable
sets are recommended. The TOE was tested using the cable sets mentioned above and the following
adapters:
•
G2LU3CHD02 (USB-C to HDMI cable)
•
G2LU3CDP12 (USB-C to DP cable)
•
GDPHD4KA (Active DP-to-HDMI adapter)
•
GDPDVI4KA (Active DP-to-DVI adapter)
While the cable sets and adapters were supplied, they were not included in the evaluation because they
are considered part of the operational environment, along with the switched PCs, peripheral devices,
DisplayPort / HDMI / DVI-I monitors, USB keyboard, USB mouse, 3.5mm audio output (e.g. speakers),
smart card/CAC reader and the host computers.
The IOGEAR Port Authentication Utility requires a dedicated secure source computer with Microsoft
Windows 8 or higher, along with its own monitor, keyboard, and mouse.
The following figure shows a representative TOE and its environment. In particular, it shows a four port,
single-head KVM and its connections.