Dell C5765DN MFP Color Laser Printer User Manual

Dell C5765dn Security Target

- 82 -

the communication data from modification or disclosure.

a) SSL/TLS

According to the SSL/TLS communication which is configured by a system administrator using

the system administrator mode, SSL/TLS ensuring secure data transmission is supported. This

protects the security of document data, security audit log data, and TOE setting data on the

internal network.

By supporting SSL/TLS, the TOE can act as SSL/TLS server or SSL/TLS client. Moreover,

SSL/TLS can protect data transmission between the TOE and the remote from interception and

alteration. Protection from interception is realized by encrypting transmission data with the

following cryptographic keys. A cryptographic key is generated at the time of starting a session

and lost at the time of ending the session or powering off the MFD main unit.

Cryptographic key generated as SSLv3/TLSv1/TLSv1.2 upon every session

Specifically, one of the cryptographic suites below is adopted:

Cryptographic Suites of SSL/TLS

Cryptographic Method and

Size of Secret Key

Hash Method

SSL_RSA_WITH_RC4_128_SHA

RC4 / 128 bits

SHA-1

SSL_RSA_WITH_3DES_EDE_CBC_SHA

3-Key Triple-DES / 168 bits

SHA-1

TLS_RSA_WITH_AES_128_CBC_SHA

AES / 128 bits

SHA-1

TLS_RSA_WITH_AES_256_CBC_SHA

AES / 256 bits

SHA-1

TLS_RSA_WITH_AES_128_CBC_SHA256

AES / 128 bits

SHA256

TLS_RSA_WITH_AES_256_CBC_SHA256

AES / 256 bits

SHA256

Protection from the alteration is realized by HMAC (Hashed Message Authentication Code -

IETF RFC 2104) of SSL/TLS.

When SSL/TLS communication is enabled on the Web client, requests from the client must be

received via HTTPS. The SSL/TLS communication needs to be enabled before IPSec, SNMPv3,

or S/MIME is enabled or before security audit log data are downloaded by a system administrator.

b) IPSec

According to the IPSec communication which is configured by a system administrator using the

system administrator mode, IPSec ensuring secure data transmission is supported. This protects

the security of document data, security audit log data, and TOE setting data on the internal

network.

IPSec establishes the security association to determine the parameters (e.g. private key and

cryptographic algorithm) to be used in the IPSec communication between the TOE and the

remote. After the association is established, all transmission data among the specified IP

addresses are encrypted by the transport mode of IPSec until the TOE is powered off or reset. A

cryptographic key is generated at the time of starting a session and lost at the time of ending the

session or powering off the MFD main unit.