ATEN CS1182DP4 Instructions Manual
  1. Manuals
  2. Brands
  3. ATEN Manuals
  4. Switch
  5. CS1182DP4
  6. Instructions manual

ATEN CS1182DP4 Instructions Manual

Hide thumbs Also See for CS1182DP4:
Table of Contents

Advertisement

Quick Links

Download this manual
ATEN Secure KVM Switch Series (Non-CAC Models)
3F, No. 125, Section 2, Datung Road,
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive
Security Target
Version 1.1
2022-03-08
Prepared for:
ATEN
Sijhih District,
New Taipei City, 221
Taiwan
Prepared by:
Columbia, Maryland 21046

Advertisement

Table of Contents
loading

Related Manuals for ATEN CS1182DP4

Summary of Contents for ATEN CS1182DP4

  • Page 1 ATEN Secure KVM Switch Series (Non-CAC Models) Security Target Version 1.1 2022-03-08 Prepared for: ATEN 3F, No. 125, Section 2, Datung Road, Sijhih District, New Taipei City, 221 Taiwan Prepared by: Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia, Maryland 21046...
  • Page 2 Security Target Version 1.1 2022-03-08 Revision History Version Author Modifications Leidos Initial Version Leidos Minor update to add adapters Leidos Updates for validator check-in comments Leidos Minor updates for evaluator comments Leidos Updates for validator check-out comments...

  • Page 3: Table Of Contents

    Security Target Version 1.1 2022-03-08 Table of Contents Security Target Introduction ......................... 1 Security Target, Target of Evaluation, and Common Criteria Identification ........1 Conformance Claims ........................2 Conventions ............................ 3 1.3.1 Terminology ..........................3 1.3.2 Acronyms ..........................5 TOE Description ............................ 7 Product Overview ...........................
  • Page 4 List of Figures and Tables Figure 1: Simplified Block Diagram of a 2-Port KVM TOE ................10 Figure 2: Representative ATEN Secure KVM Switch TOE Model in its environment ........12 Table 1: ATEN Secure KVM Switch TOE Models ................... 1...
  • Page 5 2022-03-08 Table 3: Acronyms ............................5 Table 4: ATEN Secure KVM Switch Console Interfaces and TOE Models ............8 Table 5: ATEN Secure KVM Switch Computer Interfaces and TOE Models ..........9 Table 6: Security Objectives for the Operational Environment ..............16 Table 7: TOE Security Functional Components ...................

  • Page 6: Security Target Introduction

    Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is ATEN Secure KVM Switch Series (Non-CAC Models) provided by ATEN. The Security Target contains the following additional sections: •...

  • Page 7: Conformance Claims

    Security Target Version 1.1 2022-03-08 Conformance Claims This ST and the TOE it describes are conformant to the following CC specifications: • Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Components, Version 3.1 Revision 5, April 2017 •...

  • Page 8: Conventions

    Security Target Version 1.1 2022-03-08 Conventions The Security Functional Requirements included in this section are derived from Part 2 of the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, with additional extended functional components. The CC defines operations on Security Functional Requirements: assignments, selections, assignments within selections, iterations, and refinements.
  • Page 9 Security Target Version 1.1 2022-03-08 Term Definition Connected Peripheral A Peripheral that is connected to a PSD. A physical or logical conduit that enables Devices to interact through respective Connection interfaces. May consist of one or more physical (e.g., a cable) or logical (e.g., a protocol) components.

  • Page 10: Acronyms

    Security Target Version 1.1 2022-03-08 Term Definition TOE Security Functionality The combined hardware, software, and firmware capabilities of a TOE that are (TSF) responsible for implementation of its claimed SFRs. TOE Security Functionality Any external interface between the TOE and its Operational Environment that has Interface (TSFI) a security‐relevant purpose or is used to transmit security‐relevant data.
  • Page 11 Security Target Version 1.1 2022-03-08 Acronym Definition Personal Computer Peripheral Sharing Device Remote Port Selector Security Function Policy Universal Serial Bus...

  • Page 12: Toe Description

    TOE Overview The TOE is the ATEN Secure Switch series of products without CAC. The TOE allows users to connect a single set of peripherals to its console ports to interact with multiple computers that are connected to it via its computer ports.
  • Page 13 Only speaker connections are supported and the use of an analog microphone or line-in audio device is prohibited. The tables below identify the interfaces of the Secure KVM console and computer ports according to model number. Table 4: ATEN Secure KVM Switch Console Interfaces and TOE Models Console Video Output Console...
  • Page 14 • CS1148D4 The ATEN Secure KVM products implement a secure isolation design for all models to share a single set of peripheral components. Each peripheral has its own dedicated data path. USB keyboard and mouse peripherals are filtered and emulated. DisplayPort video from the selected computer is converted internally to HDMI, then back to DisplayPort for communication with the connected video display and the AUX channel is monitored and converted to EDID.
  • Page 15 Security Target Version 1.1 2022-03-08 Figure 1: Simplified Block Diagram of a 2-Port KVM TOE As shown in Figure 1 above, the internal components of the KVM consist of switches, emulators, USB host controllers, processors, and embedded with non-updateable firmware v1.1.101. The internal hardware components are identified in Appendix A and include the manufacturer and the part number.

  • Page 16: Physical Boundary

    Security Target Version 1.1 2022-03-08 A detailed description of the TOE security features can be found in Section 6 (TOE Summary Specification). 2.3.1 Physical Boundary The TOE includes the RPS and hardware models identified in Section 1.1 along with embedded firmware v1.1.101 and corresponding documentation identified in Section 2.5 below.

  • Page 17: Logical Boundary

    Figure 2: Representative ATEN Secure KVM Switch TOE Model in its environment The ATEN Secure KVM devices do not include any wireless interfaces. The ATEN Secure KVM devices have been tested and found to comply with the radio frequency emissions limits for a Class A digital device, pursuant to Part 15 of the Federal Communications Commission rules.

  • Page 18: Security Audit

    Security Target Version 1.1 2022-03-08 2.4.1 Security Audit The TOE generates audit records for the authorized administrator actions. Each audit record records a standard set of information such as date and time of the event, type of event, and the outcome (success or failure) of the event.

  • Page 19: Toe Access

    Guidance Documentation: • ATEN PSD PP v4.0 Secure KVM Switch Series 2/4/8-Port USB DVI/HDMI/DisplayPort Single/Dual Display PP v4.0 Secure KVM Switch Administrator Guide, Version 1.03, 2021-1-25 • ATEN PSD PP v4.0 Secure KVM Switch Series 2/4/8-Port USB DVI/HDMI/DisplayPort Single/Dual Display PP v4.0 Secure KVM Switch User Manual, Version 1.03, 2021-1-25...

  • Page 20: Security Problem Definition

    In general, the [PSD] has presented a Security Problem Definition appropriate for peripheral sharing devices. The ATEN Secure KVM Switch Series supports KVM (USB Keyboard/Mouse, analog audio (out), DisplayPort, DVI-I and HDMI video) peripheral switch functionality by combining a 2/4/8 port KVM switch,...

  • Page 21: Security Objectives

    Security Target Version 1.1 2022-03-08 Security Objectives Like the Security Problem Definition, this Security Target includes by reference the Security Objectives from the [PSD], [MOD_VI_V1.0], [MOD_AO_V1.0], and [MOD_KM_V1.0]. The [PSD], [MOD_AO_V1.0], and [MOD_VI_V1.0] security objectives for the operational environment are reproduced below, since these objectives characterize technical and procedural measures each consumer must implement in their operational environment.

  • Page 22: Security Requirements

    Security Target Version 1.1 2022-03-08 IT Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) that serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation effort. The SFRs have all been drawn from the Protection Profile: [PSD] and the modules: [MOD_AO_V1.0], [MOD_KM_V1.0], and [MOD_VI_V1.0], and include some of the optional and selection-based SFRs.

  • Page 23: Toe Security Functional Requirements (Psd, Mod_Ao_V1.0, Mod_Km_V1.0)

    Security Target Version 1.1 2022-03-08 • FDP_UDF_EXT.1/KM – Unidirectional Data Flow (Keyboard/Mouse) • FDP_UDF_EXT.1/VI – Unidirectional Data Flow (Video Output) • FPT_FLS_EXT.1 – Failure with Preservation of Secure State • FPT_NTA_EXT.1 – No Access to TOE • FPT_TST_EXT.1 – TSF Testing •...

  • Page 24: Security Audit (Fau)

    Security Target Version 1.1 2022-03-08 Requirement Class Requirement Component FDP_SWI_EXT.2 – PSD Switching Methods FDP_SWI_EXT.3 – Tied Switching FDP_UDF_EXT.1/AO – Unidirectional Data Flow (Audio Output) FDP_UDF_EXT.1/KM – Unidirectional Data Flow (Keyboard/Mouse) FDP_UDF_EXT.1/VI – Unidirectional Data Flow (Video Output) FIA: Identification and FIA_UAU.2 –...

  • Page 25: User Data Protection (Fdp)

    Security Target Version 1.1 2022-03-08 a. Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b. For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [no other information].
  • Page 26 Security Target Version 1.1 2022-03-08 5.2.2.3 Active PSD Connections (Keyboard/Mouse) (FDP_APC_EXT.1/KM) FDP_APC_EXT.1.1/KM The TSF shall route user data only to the interfaces selected by the user. FDP_APC_EXT.1.2/KM The TSF shall ensure that no data or electrical signals flow between connected computers whether the TOE is powered on or powered off.
  • Page 27 Security Target Version 1.1 2022-03-08 FDP_PDC_EXT.1.2 The TSF shall reject connections with devices presenting unauthorized interface protocols upon TOE power up and upon connection of a peripheral device to a powered‐on TOE. FDP_PDC_EXT.1.3 The TOE shall have no external interfaces other than those claimed by the TSF. FDP_PDC_EXT.1.4 The TOE shall not have wireless interfaces.
  • Page 28 Security Target Version 1.1 2022-03-08 • authorized devices presenting authorized interface protocols as defined in ‐ the PP Module for Video/Display Devices, ] upon TOE power up and upon connection of a peripheral device to a powered- on TOE. 5.2.2.10 Peripheral Device Connection (Video Output) (FDP_PDC_EXT.2/VI) FDP_PDC_EXT.2.1/VI The TSF shall allow connections with authorized devices as defined in [Appendix E of the VI Module] and [...

  • Page 29: Identification And Authentication (Fia)

    Security Target Version 1.1 2022-03-08 5.2.2.15 Purge of Residual Information (FDP_RIP_EXT.2) FDP_RIP_EXT.2.1 The TOE shall have a purge memory or restore factory defaults function accessible to the administrator to delete all TOE stored configuration and settings except for logging. 5.2.2.16 PSD Switching (FDP_SWI_EXT.1) FDP_SWI_EXT.1.1 The TSF shall ensure that [switching can be initiated only through express user action].

  • Page 30: Security Management (Fmt)

    Security Target Version 1.1 2022-03-08 5.2.3.2 User Identification Before Any Action (FIA_UID.2) FIA_UID.2.1 The TSF shall require each administrator to be successfully identified before allowing any other TSF‐mediated actions on behalf of that administrator. 5.2.4 Security Management (FMT) 5.2.4.1 Management of Security Functions Behavior (FMT_MOF.1) FMT_MOF.1.1 The TSF shall restrict the ability to [modify the behavior of] the functions [TOE keyboard and mouse filtering blacklist, Reset to Factory Default, view audit...

  • Page 31: Toe Access (Fta)

    Security Target Version 1.1 2022-03-08 5.2.5.4 Resistance to Physical Attack (FPT_PHP.3) FPT_PHP.3.1 The TSF shall resist [a physical attack for the purpose of gaining access to the internal components, to damage the anti‐tamper battery, to drain or exhaust the anti‐tamper battery] to the [TOE enclosure and any remote controllers] by the attacked component becoming permanently disabled.

  • Page 32: Toe Security Functional Requirements (Dp Models)

    TOE Security Functional Requirements (DP Models) The following table identifies the [MOD_VI_V1.0] SFRs that are satisfied by DP Models, which include the following: • CS1182DP4, • CS1184DP4, • CS1188DP4, •...

  • Page 33: Toe Security Functional Requirements (H Models)

    Security Target Version 1.1 2022-03-08 FDP_PDC_EXT.3.2/VI(DP) The TSF shall apply the following rules to the supported protocols: [the TSF shall read the connected display EDID information once during power‐on or reboot]. 5.3.1.3 Sub-Protocol Rules (DisplayPort Protocol) (DP Models) FDP_SPR_EXT.1/DP(DP)) FDP_SPR_EXT.1.1/DP(DP) The TSF shall apply the following rules for the [DisplayPort] protocol: •...

  • Page 34: Toe Security Functional Requirements (D Models)

    Security Target Version 1.1 2022-03-08 5.4.1.2 Sub‐Protocol Rules (HDMI Protocol) (H Models) (FDP_SPR_EXT.1/HDMI(H)) FDP_SPR_EXT.1.1/HDMI(H) The TSF shall apply the following rules for the [HDMI] protocol: • block the following video/display sub‐protocols: o [ARC, o CEC, o EDID from computer to display, o HDCP, o HEAC, o HEC,...

  • Page 35: Toe Security Assurance Requirements

    Security Target Version 1.1 2022-03-08 5.5.1.2 Sub‐Protocol Rules (DVI‐I Protocol) (D Models) (FDP_SPR_EXT.1/DVI-I(D)) FDP_SPR_EXT.1.1/DVI-I(D) The TSF shall apply the following rules for the [DVI‐I] protocol: • block the following video/display sub‐protocols: o [ARC, o CEC, o EDID from computer to display, o HDCP, o HEAC, o HEC,...

  • Page 36: Toe Summary Specification

    • peripheral device acceptance, • button jam test failure, and • all passing self-tests. During normal operation, the TOE provides administrator access to all audit records. ATEN's assistance is required to read audit records from an inoperable switch.

  • Page 37: User Data Protection

    Security Target Version 1.1 2022-03-08 The logs are stored on EEPROM on the KVM PCBoard component of the TOE. The logs can be extracted by the authorized administrator by entering Administrator Logon mode, logging on, and then issuing the command [LIST]. The TOE extracts the log data and displays them using the text editor. The administrator can view the logs but cannot erase or delete any of the information.

  • Page 38: Fdp_Cds_Ext.1 - Connected Displays Supported

    Because of this, the single selected source video feed is always the same channel and indication of the selected channel is through the channel selection LEDs on the TOE chassis. The DisplayPort models CS1182DP4, CS1184DP4, and CS1188DP4 each support one connected display. While CS1142DP4, CS1144DP4, and CS1148DP4 each support two connected displays at a time.

  • Page 39: Fdp_Pdc_Ext.1 - Peripheral Device Connection; Fdp_Pdc_Ext.2/Ao - Peripheral Device

    Security Target Version 1.1 2022-03-08 6.2.5 FDP_PDC_EXT.1 – Peripheral Device Connection; FDP_PDC_EXT.2/AO – Peripheral Device Connection (Audio Output); FDP_PDC_EXT.2/KM – Authorized Devices (Keyboard/Mouse); FDP_PDC_EXT.2/VI – Peripheral Device Connection (Video Output) The TOE allows the authorized devices and protocols for the PSD Console Ports as identified in the table below upon TOE power up and upon connection of a peripheral device to a powered-on TOE.

  • Page 40: Fdp_Pud_Ext.1 - Powering Unauthorized Devices

    TOE. During KVM operation, non-standard keyboards with integrated USB hubs and/or other USB-integrated devices may not be fully supported due to the strict security standards and policy for the ATEN Secure KVM Switch. If supported, only basic (HID) keyboard operations will function.

  • Page 41: Fdp_Swi_Ext.1 - Psd Switching; Fdp_Swi_Ext.2 - Psd Switching Methods; Fdp_Swi_Ext.3

    6.2.9.1 DP Models The following TOE models support DP 1.2 video input and output, and one or two displays. Table 14: DP Models Configuration 2-Port 4-Port 8-Port Single Head CS1182DP4 CS1184DP4 CS1188DP4 DisplayPort Dual Head CS1142DP4 CS1144DP4 CS1148DP4 These models accept DisplayPort for the computer video display interface. The TOE will convert the DP signal to HDMI inside the TOE and then back to DisplayPort for output to the console display(s).
  • Page 42 Security Target Version 1.1 2022-03-08 EDID from display to computer, HPD from display to computer, and Link Training are allowed for the DisplayPort interface. The TOE blocks CEC, EDID from computer to display, HDCP, and MCCS video/display sub‐protocols. The DP Models satisfy the following SFRs: •...

  • Page 43: Identification And Authentication (Fia_Uau.2/ Fia_Uid.2)

    Security Target Version 1.1 2022-03-08 The D Models satisfy the following SFRs: • FDP_PDC_EXT.3/VI(D)- Authorized Connection Protocols (Video Output) (D Models) • FDP_SPR_EXT.1/DVI-I(D) – Sub-Protocol Rules (DVI-I Protocol) (D Models) Identification and Authentication (FIA_UAU.2/ FIA_UID.2) Authentication is required to perform administrator functions such as configuring the keyboard/mouse device filtering (i.e.

  • Page 44: Fmt_Smr.1 - Security Roles

    Security Target Version 1.1 2022-03-08 The TOE provides a security management function to Reset to Factory Default (not to be confused with the front panel reset button). When a successfully authenticated authorized Administrator performs Reset to Factory Default, settings previously configured by the Administrator (such as USB keyboard/mouse device blacklist) will be cleaned and reset to factory default settings.

  • Page 45: Fpt_Nta_Ext.1 - No Access To Toe

    TOE user and the guidance documentation instructs the user to stop using the TOE, remove it from service and contact ATEN. The KVM and RPS contain internal batteries with a minimum lifetime of five years, are non-replaceable, and cannot be accessed without opening the device enclosure.
  • Page 46 Security Target Version 1.1 2022-03-08 • Firmware integrity: the TOE validates the integrity of firmware by calculating the checksum of the firmware binary file and comparing to a pre-calculated value that is stored in the TOE. Upon a failure, the TOE will be in a failure state (permanently inoperable). •...

  • Page 47: Toe Access

    Security Target Version 1.1 2022-03-08 • For a Key stuck test failure, the front panel Port LED of that jammed button port will flash. • For all other Self-test failures (Firmware integrity, Accessibility of internal memory of the micro- controller, Computer interfaces isolation functionality, Anti-tampering mechanism) all front panel LEDs (except for Power LED) flash.
  • Page 48 Security Target Version 1.1 2022-03-08 The TOE has a reset button that resets the switch to the default settings when pressed. The switch is then powered up and behaves as described above.

  • Page 49: Protection Profile Claims

    Security Target Version 1.1 2022-03-08 Protection Profile Claims This ST is conformant to the Protection Profile [PSD], including the following optional and selection-based SFRs: FAU_GEN.1, FDP_RIP_EXT.2, FDP_SWI_EXT.2, FIA_UAU.2, FIA_UID.2, FMT_MOF.1, FMT_SMF.1, FMT_SMR.1, FPT_PHP.3, FPT_STM.1, and FTA_CIN_EXT.1. The ST is also conformant to the following PP-Modules •...
  • Page 50 Security Target Version 1.1 2022-03-08 Requirement Class Requirement Component Source FDP_PDC_EXT.3/VI(DP) – Authorized Connection Protocols (Video [MOD_VI_V1.0] Output) (DP Models) FDP_PDC_EXT.3/VI(H) – Authorized Connection Protocols (Video [MOD_VI_V1.0] Output) (H Models) FDP_PDC_EXT.3/VI(D) – Authorized Connection Protocols (Video [MOD_VI_V1.0] Output) (D Models) FDP_PUD_EXT.1 –...

  • Page 51: Rationale

    Security Target Version 1.1 2022-03-08 Rationale This security target includes by reference the [PSD], [MOD_AO_V1.0], [MOD_KM_V1.0], and [MOD_VI_V1.0] Security Problem Definitions, Security Objectives, and Security Assurance Requirements. The security target makes no additions to the [PSD] or listed modules assumptions. The [PSD] and listed module’s security functional requirements have been reproduced with the Protection Profile operations completed.
  • Page 52 Security Target Version 1.1 2022-03-08 Specifications FDP_PDC_EXT.3/VI(DP) FDP_PDC_EXT.3/VI(H) FDP_PDC_EXT.3/VI(D) FDP_PUD_EXT.1 FDP_RIP.1/KM FDP_RIP_EXT.1 FDP_RIP_EXT.2 FDP_SPR_EXT.1/DP(DP) FDP_SPR_EXT.1/DVI-I(D) FDP_SPR_EXT.1/HDMI(H) FDP_SWI_EXT.1 FDP_SWI_EXT.2 FDP_UDF_EXT.1/AO FDP_UDF_EXT.1/KM FDP_UDF_EXT.1/VI FIA_UAU.2 FIA_UID.2 FMT_SMF.1 FMT_SMR.1 FPT_FLS_EXT.1 FPT_NTA_EXT.1 FPT_PHP.1 FPT_PHP.3 FPT_STM.1 FPT_TST.1 FPT_TST_EXT.1 FTA_CIN_EXT.1...

  • Page 53: Appendix A Letter Of Volatility

    User Data Manufacturer, and Type Technology Part number System Controller Embedded Undisclosed Volatile May contain user data Host Controller ATEN SICG8021A Host Controller Embedded Undisclosed Volatile May contain user data Device Emulators ATEN SICG8022A System EEPROM EEPROM 512K bits Non-volatile...
  • Page 54 Security Target Version 1.1 2022-03-08 ITE IT66354 Remarks (1) The Embedded RAM may contain user data. The Embedded RAM is cleared and user keyboard/mouse data is purged when the Secure KVM powers-off or power-cycles, after switching ports, after a KVM reset (reboot), or a trigger of the tamper-proof mechanism is detected.

This manual is also suitable for:

Cs1142dp4Cs1182h4Cs1142h4Cs1182d4Cs1142d4Cs1184dp4 ... Show all

Table of Contents