Security Target
Version 1.1
2022-03-08
45
•
Firmware integrity: the TOE validates the integrity of firmware by calculating the checksum of the
firmware binary file and comparing to a pre-calculated value that is stored in the TOE. Upon a
failure, the TOE will be in a failure state (permanently inoperable).
•
Accessibility of internal memory of the micro-controller: the TOE writes a block of predefined data
to SRAM and then reads the block out to compare if it is identical. TOE. Upon a failure, the TOE will
be in a failure state (permanently inoperable).
•
Computer interfaces isolation functionality: the TOE validates correct functionality of isolation by
generating data flow on one port and checking that it is not received on another port. TOE. Upon a
failure, the TOE will be in a failure state (permanently inoperable).
•
Key stuck test (KVM front panel Push button jam test): the TOE will check that the status of all
button values in the micro-controller to ensure the push buttons are operational. Upon a test
failure, the TOE does not shut down, the front panel Port LED and CAC LED of that jammed button
port will flash. The TOE will resume operable once after the key stuck is fixed and power cycled.
•
Anti-tampering mechanism test: the TOE will verify if the tamper detection switch is triggered
(includes KVM and RPS battery is damaged or exhausted tests). Upon a test failure, the TOE will be
in a failure state (permanently inoperable).
•
RPS connection self-tests. Upon a test failure, the TOE does not shut down.
The anti-tampering self-tests include the correct operation and tampering of the internal KVM and RPS
batteries.
•
A KVM detecting tampering during normal operation will trigger the KVM inoperable.
•
A connected and aligned RPS detecting tampering (including damaged or exhausted battery) during
normal operation will trigger the RPS inoperable and also directly trigger the KVM inoperable in
parallel.
•
A damaged or exhausted KVM battery will be detected during self-test will trigger the KVM
permanently inoperable.
RPS Connection test failure results from the following:
•
Connecting a “tampered” RPS to KVM (before KVM power
-
up) → This RPS was already tampered
before connecting to KVM, and therefore the RPS will not be detected and aligned with the KVM →
The TOE does not shut down.
•
Connecting a RPS with battery damaged or exhausted to KVM (before KVM power-up)
→
This RPS
will not be detected and aligned with the KVM → The TOE does not shutdown
.
•
Connecting any other cable, RPS from other vendor
s, etc. →
will not be detected by KVM
→ TOE
does
not shutdown.
Though the RPS Connection test failures do not result in a TOE shut down, this does not affect the TSF
because the TOE can function normally without a remote control connected and the TSF does not
interface with the remote control while it is in a failure state. This means that a compromised remote
control cannot be used as a vector to operate the TOE maliciously.
Connecting a normal (non-tampered) and functional RPS, before KVM power-up, will be detected and
aligned with KVM after KVM boots up and results in RPS connection self-test PASS.
The status indicators on the KVM are as follows: