NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0813:  GCM Nonce Reuse Test for MOD_VPNGW

Publication Date

Protection Profiles

Other References

Issue Description

A test needs to be added to provide verification against nonce reuse. 

In other PPs there are such requirements, such as FCS_SNI_EXT.1 in FDE EE. Specifically need a test in IKE to ensure reuse does not occur.


The following modification is made to the Tests Evaluation Activity for FCS_IPSEC_EXT.1 in Section of the MOD_VPNGW_V1.3 SD:


The following conditional test is added for FCS_IPSEC_EXT.1.6, with red highlighted strikethroughs denoting deletion and green highlights denoting additions:


[conditional]: If AES-GCM-256 (specified in RFC 5282) is chosen in FCS_IPSEC_EXT.1.6, the evaluator shall perform the following steps:

a. Initiate VPN connection.

b. Capture packets of IKE SA negotiation and Child SA negotiation.

c. Note the nonce values used in Child SA establishment.

d. Leave connection open long enough for Child SA rekey to occur.

e. Note nonce values used during the rekey.

f. Confirm the nonce values are different.

There are no additional testing activities.



See issue description.

Site Map              Contact Us              Home