Please read the Important Notice and Warnings at the end of this document 3.7 www.infineon.com 2018-08-17 Public Security Target Lite M9900, M9905, M9906 including optional Software Libraries 1 RSA-EC-SCL-HCL-PSL 2 According to Common Criteria CCv3.1 EAL5 augmented (EAL5+) 3 4 5 6 Version: 3.7 7 Date: 2018-08-17 8 2 Security Target Lite M9900, M9905, M9906 Public Table of Content 1 Security Target Introduction (ASE_INT) .............................................................................................4 1.1 Security Target and Target of Evaluation Reference .............................................................................4 1.2 Target of Evaluation overview................................................................................................................9 2 Target of Evaluation Description......................................................................................................13 2.1 Definition of the TOE.............................................................................................................................13 2.1.1 Hardware of the TOE........................................................................................................................15 2.1.2 Firmware of the TOE ........................................................................................................................18 2.1.3 Optional software of the TOE ..........................................................................................................19 2.1.4 Interfaces of the TOE........................................................................................................................21 2.1.5 Guidance documentation................................................................................................................21 2.1.6 Forms of delivery..............................................................................................................................22 2.1.7 Production sites ...............................................................................................................................22 2.1.8 TOE Configuration............................................................................................................................23 2.1.9 TOE initialization with Customer Software.....................................................................................24 3 Conformance Claims (ASE_CCL) ......................................................................................................26 3.1 CC Conformance Claim .........................................................................................................................26 3.2 PP Claim.................................................................................................................................................26 3.3 Package Claim.......................................................................................................................................26 3.4 Conformance Rationale ........................................................................................................................27 3.5 Application Notes..................................................................................................................................28 4 Security Problem Definition (ASE_SPD) ...........................................................................................29 4.1 Threats...................................................................................................................................................29 4.1.1 Additional Threat due to TOE specific Functionality......................................................................29 4.1.2 Assets regarding the Threats ...........................................................................................................30 4.2 Organizational Security Policies...........................................................................................................30 4.2.1 Augmented Organizational Security Policy ....................................................................................31 4.3 Assumptions..........................................................................................................................................32 4.3.1 Augmented Assumptions.................................................................................................................33 5 Security objectives (ASE_OBJ) .........................................................................................................34 5.1 Security objectives for the TOE.............................................................................................................34 5.2 Security Objectives for the development and operational Environment...........................................35 5.2.1 Clarification of “Usage of Hardware Platform (OE.Plat-Appl)” ......................................................35 5.2.2 Clarification of “Treatment of User Data (OE.Resp-Appl)”.............................................................36 5.2.3 Clarification of “Protection during Composite product manufacturing (OE.Process-Sec-IC)” ....36 5.3 Security Objectives Rationale...............................................................................................................36 6 Extended Component Definition (ASE_ECD)....................................................................................38 6.1 “Subset TOE security testing (FPT_TST)”.............................................................................................38 6.2 Definition of FPT_TST.2.........................................................................................................................38 6.3 TSF self test (FPT_TST)..........................................................................................................................39 6.4 Family “Generation of Random Numbers (FCS_RNG)”........................................................................39 6.5 Definition of FCS_RNG.1........................................................................................................................39 7 Security Requirements (ASE_REQ)...................................................................................................41 7.1 TOE Security Functional Requirements ...............................................................................................41 7.1.1 Extended Components FCS_RNG.1 and FAU_SAS.1.......................................................................42 7.1.1.1 FCS_RNG......................................................................................................................................42 7.1.1.2 FAU_SAS......................................................................................................................................44 7.1.2 Subset of TOE testing.......................................................................................................................44 3 Security Target Lite M9900, M9905, M9906 Public 7.2 Memory access control .........................................................................................................................45 7.2.1 Memory Access Control Policy.........................................................................................................45 7.3 Support of Cipher Schemes ..................................................................................................................49 7.3.1 Triple-DES Operation.......................................................................................................................51 7.3.2 AES Operation ..................................................................................................................................53 7.3.3 Rivest-Shamir-Adleman (RSA) operation........................................................................................55 7.3.4 Rivest-Shamir-Adleman (RSA) key generation................................................................................57 7.3.5 Elliptic Curve DSA (ECDSA) operation .............................................................................................58 7.3.6 Elliptic Curve (EC) key generation ...................................................................................................60 7.3.7 Elliptic Curve Diffie-Hellman (ECDH) key agreement .....................................................................60 7.3.8 Hash function ...................................................................................................................................62 7.4 Data Integrity.........................................................................................................................................63 7.5 TOE Security Assurance Requirements ................................................................................................64 7.5.1 Refinements .....................................................................................................................................65 7.6 Security Requirements Rationale.........................................................................................................65 7.6.1 Rationale for the Security Functional Requirements .....................................................................65 7.6.1.1 Dependencies of Security Functional Requirements ................................................................69 7.6.2 Rationale of the Assurance Requirements......................................................................................72 8 TOE Summary Specification (ASE_TSS) ...........................................................................................74 8.1 SF_DPM: Device Phase Management ...................................................................................................74 8.2 SF_PS: Protection against Snooping....................................................................................................75 8.3 SF_PMA: Protection against Modifying Attacks ...................................................................................76 8.4 SF_PLA: Protection against Logical Attacks.........................................................................................77 8.5 SF_CS: Cryptographic Support.............................................................................................................77 8.5.1 3DES encryption...............................................................................................................................78 8.5.2 3DES MAC..........................................................................................................................................78 8.5.3 AES encryption.................................................................................................................................79 8.5.4 AES MAC............................................................................................................................................79 8.5.5 RSA....................................................................................................................................................79 8.5.5.1 Encryption, Decryption, Signature Generation and Verification ..............................................79 8.5.5.2 Asymmetric Key Generation.......................................................................................................80 8.5.6 Elliptic Curves...................................................................................................................................81 8.5.6.1 Signature Generation and Verification.......................................................................................81 8.5.6.2 Asymmetric Key Generation.......................................................................................................81 8.5.6.3 Asymmetric Key Agreement .......................................................................................................82 8.5.7 Toolbox Library ................................................................................................................................82 8.5.8 Asymmetric Base Library .................................................................................................................83 8.5.9 Symmetric Crypto Library (SCL) ......................................................................................................83 8.5.1 Hash Crypto Library (HCL) ...............................................................................................................83 8.5.2 Platform Support Layer (PSL)..........................................................................................................83 8.5.3 TRNG.................................................................................................................................................83 8.6 Assignment of Security Functional Requirements to TOE’s Security Functionality...........................84 8.7 Security Requirements are internally Consistent ................................................................................85 9 References .......................................................................................................................................87 10 Appendix..........................................................................................................................................89 11 List of Abbreviations ........................................................................................................................98 12 Glossary .........................................................................................................................................100 Revision History.................................................................................................................................................101 4 Security Target Lite M9900, M9905, M9906 Public 1 Security Target Introduction (ASE_INT) 1 1.1 Security Target and Target of Evaluation Reference 2 The title of this document is “Security Target Lite M9900, M9905, M9906 including optional Software 3 Libraries RSA-EC-SCL-HCL-PSL”. 4 The Target of Evaluation (TOE) comprises the Infineon Technologies Smart Card IC (Security 5 Controller) M9900, M9905, M9906 with optional RSA v2.05.005/v2.07.003, EC v2.05.005/v2.07.003, 6 Toolbox v2.05.005/v2.07.003, Flash Translation Layer V1.01.0008, SCL v2.01.011/v2.02.010/v2.04.003, 7 PSL v4.00.10/v5.00.06 and HCL 1.01.003 libraries with specific IC dedicated software. The design step 8 is A22 and G11 for the M9900 and A11 for the M9905 and M9906. 9 The Security Target is based on the Protection Profile “Smartcard IC Platform Protection Profile” [1]. 10 The Protection Profile and the Security Target are built in compliance with Common Criteria v3.1. 11 The ST takes into account all relevant current final interpretations. 12 5 Security Target Lite M9900, M9905, M9906 Public Table 1 Identification 1 Type Version Date Registration Security Target 3.7 2018-08-17 Security Target Lite M9900, M9905, M9906 including optional Software Libraries RSA-EC-SCL-HCL-PSL Target of Evaluation A22, G11, C22, D22 See remark 1 A11 A11 M9900 with Firmware Identifier 80001141 and Firmware Identifier 80001142 M9905 with Firmware Identifier 80001151 M9906 with Firmware Identifier 80001150 and for M9900, M9905, M9906 with external Flash-memory (optional) and Management of Mifare-compatible Cards 01.03.0927 (optional) and Management of Mifare-compatible Cards 01.04.1275 (optional) and Mifare-compatible Reader Mode Support 01.02.0800 (optional) and RSA2048 V2.05.005 (optional) and RSA2048 V2.07.003 (optional) and RSA4096 V2.05.005 (optional) and RSA4096 V2.07.003 (optional) and EC V2.05.005 (optional) and EC V2.07.003 (optional) and Toolbox V2.05.005 (optional) and Toolbox V2.07.003 (optional) and Flash Translation Layer V1.01.0008 (optional) and SCL (optional) v2.01.011 and SCL (optional) v2.02.010 and SCL (optional) v2.04.003 and PSL Library (optional) v4.00.10 and PSL Library (optional) v5.00.06 and HCL library (optional) v1.01.003 and Guidance documentation Guidance Documen- tation Revision 2.2 ID021310 Rev. 3.7 2013-10-25 2010-02-12 2017-03-29 SLE97 M9900 Hardware Reference Manual ARMv7-M Architecture Reference Manual, ARM DDI 0403D ID021310, ARM Limited SLE97 Programmer´s Reference Manual 6 Security Target Lite M9900, M9905, M9906 Public Edition Aug 10, 2014 Edition 2018-07-03 Rev.2.1 Rev.2.2 V2.05.005 V2.07.003 Rev. 1.0 v2.01.011 v2.02.010 v2.04.003 v4.00.10 revision 1.6 revision 1.1 revision 5.4 2014-08-10 2018-07-03 2016-11-21 2017-01-30 2017-05-10 2018-05-24 2012-07-10 2016-08-02 2016-12-09 2018-05-22 2016-08-04 2018-06-07 2018-06-07 2018-07-06 SLE97 / SLC14 Family Production and Personalization User´s Manual M9900 Security Guidelines User´s Manual M9900 Errata Sheet M9905 M9906 Errata Sheet CL97 Asymmetric Crypto Library for Crypto@2304T RSA / ECC / Toolbox User Interface (optional) CL97 Asymmetric Crypto Library for Crypto@2304T RSA / ECC / Toolbox User Interface (optional) SLE 97 Flash Translation Layer User´s Guidance (optional) SCL97 Symmetric Crypto Library for SCPv3 DES/AES 32-bit Security Controller User Interface (optional) SCL97 Symmetric Crypto Library for SCPv3 DES/AES 32-bit Security Controller User Interface (optional) SCL97-SCP-v3-L90 Symmetric Crypto Library for SCP-v3 DES / AES 32-bit Security Controller (optional) SLI 97 Family PSL Reference Manual User’s Manual (optional) PSL Security Guidelines (optional) SLI 97 PSL Release Notes (optional) SLx97 Platform Support Layer Library 32-bit Security Controller Programmer’s Reference Manual (optional) 7 Security Target Lite M9900, M9905, M9906 Public revision 2.5 v 1.01.003 2018-07-06 2018-05-22 SLI97 Security Guidelines PSL V5.00.06 (optional) HCL97-CPU-L90 Hash Crypto Library for CPU SHA (optional) Protection Profile 1.0 2007-06-15 Security IC Platform Protection Profile BSI-PP-0035 The cert-id BSI-CC-PP-0035-2007 refers to the corresponding certification report. Common Criteria 3.1 Revision 5 2017-04 Security Evaluation Part 1: Introduction and general model CCMB-2017-04- 001 Part 2: Security functional requirements CCMB-2017- 04-002 Part 3: Security Assurance Components CCMB-2017-04- 003 1 This TOE is represented by a number of various products. They all differentiate by different mask sets 2 with slight - neither functional nor security relevant - modifications, various configuration 3 possibilities, done either by Infineon settings during production or, after delivery, by means of 4 blocking at customer premises. Despite these variation possibilities, all products are derived from the 5 same hardware design results, the M9900 A22, the M9900 G11, the M9905 A11 and the M9906 A11. 6 The TOE can be identified with the Generic Chip Identification Mode (GCIM). The M-number hardware 7 is identified by the bytes 05 and 06, which are the first two bytes of the chip identification number, 8 having for the M9900 always the hexadecimal value of 0x0007, for the M9905 the value 0x0010 and for 9 the M9906 the value 0x0011, the design step, firmware identifier, mask identifier, temperature range 10 and system frequency are also included in the GCIM. Additionally the customer can read the 11 configuration area as defined in the SLE97 Programmer´s Reference Manual [11]. 12 Remark 1: 13 The derivatives of the TOE produced in the factory Dresden with the additional top layer on board 14 (WLP, WLB) are managed with an own design step. These derivatives output a C22 in the GCIM for the 15 WLP derivative and a D22 for the WLB derivative, which is always linked to the A22 design step. The 16 C22 and D22 design step is only outputted at the derivatives with the additional top layer. All other 17 identification options, i.e. the various metal option identifiers of the GCIM remain unchanged. 18 The derivatives of the TOE produced in the factory TSMC coming with the additional top layer on 19 board (WLB) are managed with the same design step. These derivatives output a G11 in the GCIM for 20 WLB derivative. All other identification options, i.e. the various metal option identifiers of the GCIM 21 remain unchanged. 22 All products are identical with respect to module design and layout, but may include further package 23 options require flexibility in design and could also depend on user requirements. In these cases one or 24 more additional metal layer are added on top of one of the TOE mask set. These additional metal 25 layers, it could also be more than one, just reroute the pads. Therefore, this last rerouting on top does 26 not change the function of the TOE itself and is depending on the package only. These top metal 27 layers are flexible in design, could depend also on user requirements and are of course not relevant 28 for the security of the TOE. For these reasons, the metal layers are out the scope of the certification 29 and do not belong to the TOE. Of course, in all cases passivation and isolation coating is applied on 30 top of the last layers carrying wires. Further clear declaration and overview is given in chapter 2.1 31 Definition of the TOE. 32 8 Security Target Lite M9900, M9905, M9906 Public Despite all these options and the resulting flexibility, all differences are comparable to the scenario 1 where for example someone takes a piece of wire and reconnects the pads of the TOE using a 2 soldering bolt. This does not change anything on the TOE security or security policy. 3 To each of the TOE relevant optional different mask set variants, an individual value is assigned, which 4 is part of the data output of the Generic Chip Identification Mode (GCIM). By that the various hardware 5 mask sets can be clearly identified and differentiated by the GCIM output. The interpretation of the 6 output GCIM data is clearly explained in the user guidance, Hardware Reference Manual [7]. 7 There are no other differences between the mask sets the TOE is produced with, and all these changes 8 have no impact on the TOEs security policies and related functions. Details are explained in the user 9 guidance Hardware Reference Manual [7] and in the Errata Sheet [12]. 10 In addition to these hardware differences, the M9900, M9905, M9906 allows a maximum of 11 configuration possibilities defined by the customer order following the market needs. A detailed 12 description of the TOE configuration possibilities is given in chapter 2.1.8 TOE Configuration. 13 14 9 Security Target Lite M9900, M9905, M9906 Public 1.2 Target of Evaluation overview 1 The TOE comprises the Infineon Technologies AG security controller M9900, M9905, M9906 with 2 specific IC dedicated software and optional RSA, EC, SCL, PSL, HCL, Toolbox and Flash Translation 3 Layer (FTL) libraries. 4 The TOE is a member of the Infineon Technologies AG security controller family SLE97 meeting high 5 requirements in terms of performance and security. The SLE97 family has been developed with a 6 modular concept and different memory configurations, sets of peripherals and interfaces as well as 7 different security features to satisfy market requirements. A summary product description is given in 8 this Security Target (ST). 9 The TOE offer all functions that are both required and useful in security systems, and integrated 10 peripherals that are typically needed in chipcard applications, such as information security, 11 identification, access control, GSM and UMTS projects, electronic banking, digital signature and multi- 12 application cards, ID cards, transportation and e-purse applications. 13 The TOE implements a dedicated security 32-bit RISC CPU designed on the basis of the ARMv7_M 14 architecture designed in 90 nm CMOS technology. The integrated peripheral combine enhanced 15 performance and optimized power consumption for a minimized die size to make the SLE97 16 controllers ideal for chipcard applications. The TOE offer a wide range of peripherals, including a 17 UART (using the ISO interface), four timers, two watchdogs, a CRC module, a true RNG (TRNG), 18 coprocessors for symmetric (e.g. DES, AES) and asymmetric (e.g. RSA, EC) cryptographic algorithms. 19 Additionally a range of communication interfaces, such as GPIO, I2C, SWP, USB, SSC/SPI and a Mifare- 20 compatible Interface are offered to provide maximum flexibility in terms of simultaneously 21 communication ability. 22 The TOE provides a real 32-bit CPU-architecture and is compatible to the ARMv7-M instruction set 23 architecture. The major components of the core system are the 32-bit CPU as a variant of the ARM 24 Secure Core SC300, the Cache system, the Memory Protection Unit and the Memory 25 Encryption/Decryption Unit. The TOE implements a full 32-bit addressing with up to 4 GByte linear 26 addressable memory space, a simple scalable memory management concept and a scalable stack 27 size. The flexible memory concept is built on the non volatile memory, respectively SOLID FLASH™ 28 NVM1 . For the SOLID FLASH™ NVM the Unified Channel Programming (UCP) memory technology is 29 used. Additionally an optional external Flash-memory connected via the SPI interface is available. 30 The TOE provides the low-level firmware components Boot Software (BOS) and Resource 31 Management System (RMS) and the high-level firmware Flash Loader (FL) and Mifare-compatible 32 software. The RMS firmware providing some functionality via an API to the Smartcard Embedded 33 Software contains for example SOLID FLASH™ NVM service routines and functionality for the tearing 34 save write into the SOLID FLASH™ NVM. The BOS firmware (BOS-V1 and BOS-V2) is used for test 35 purposes during start-up and the FL allows downloading of user software to the NVM during the 36 manufacturing process. The BOS is implemented in a separated Test-ROM being part of the TOE. For 37 the M9900 two different versions of the BOS are provided (BOS-V1 and BOS-V2). The version BOS-V1 38 (Firmware Identifier 80001141, 80001150, 80001151) executes the UMSLC test during the startup 39 phase, the version BOS-V2 (Firmware Identifier 80001142) does not execute the UMSLC test during the 40 startup phase to short the time duration of the startup phase. The derivate M9906 with Firmware 41 Identifier 80001150 includes the feature “hardening” and the derivate M9905 with Firmware Identifier 42 80001151 includes the features “hardening” and the “Burn-In Test”. The feature “hardening” 43 analyzing a random SOLID FLASHTM NVM page after every regular program operation for written bits 44 1 SOLID FLASH™ is an Infineon Trade Mark and stands for the Infineon EEPROM working as Flash memory. The abbreviation NVM is short for Non Volatile Memory. 10 Security Target Lite M9900, M9905, M9906 Public that are losing their charge, and, in this very unlikely case, the page is rewritten. The “Burn-In Test” 1 during production is used to stress the chip in a high temperature, high internal voltage and active 2 operation for a certain time and filtering out defect parts to get a low failure rate. The derivatives 3 M9905 and M9906 are qualified for an extended temperature range from -40°C to +105°C. 4 The two cryptographic co-processors serve the need of modern cryptography: The symmetric co- 5 processor (SCP) combines both AES and Triple-DES with dual-key or triple-key hardware acceleration. 6 The Asymmetric Crypto Co-processor, called Crypto2304T in the following, supports RSA-2048 bit 7 (4096-bit with CRT) and Elliptic Curve (EC) cryptography with high performance. 8 A True Random Number Generator (TRNG) specially designed for smart card applications is 9 implemented. The TRNG fulfils the requirements from the functionality class PTG.2 of the AIS31 and 10 produces genuine random numbers which then can be used internally or by the user software. 11 The software part of the TOE consists of the cryptographic libraries RSA and EC and the supporting 12 Toolbox and asymmetric Base libraries and the optional Flash Translation Layer (FTL), the optional 13 Symmetric Crypto Libraries (SCL) and Platform Support Layer (PSL) libraries. The FTL can be used to 14 communicate with the optional external Flash-memory. If a RSA or EC or Toolbox library is part of the 15 shipment, the corresponding asymmetric Base library is automatically included. If the PSL library 16 v4.00.10 is part of the shipment, the RSA, EC, Base libraries v2.05.005 and the SCL library v2.01.011 are 17 automatically included. If the PSL library v5.00.06 is part of the shipment, the RSA, EC, Base libraries 18 v2.07.003, the SCL library v2.04.003 and the HCL library v1.01.003 are automatically included. 19 The RSA library is used to provide a high-level interface to RSA (Rivest, Shamir, Adleman) 20 cryptography implemented on the hardware component Crypto2304T and includes countermeasures 21 against SPA, DPA and DFA attacks. The routines are used for the generation of RSA key pairs1 , RSA 22 signature verification, RSA signature generation and RSA modulus recalculation.The hardware 23 Crypto2304T unit provides the basic long number calculations (add, subtract, multiply, square with 24 1100 bit numbers) with high performance. The RSA library is delivered as object code. The RSA library 25 can perform RSA operations from 512 to 4096 bits. Following the BSI2 recommendations, key lengths 26 below 1976 bits are not included in the certificate. 27 The EC library is used to provide a high-level interface to Elliptic Curve cryptography implemented on 28 the hardware component Crypto2304T and includes countermeasures against SPA, DPA and DFA 29 attacks. The routines are used for ECDSA signature generation, ECDSA signature cerification, ECDSA 30 key generation and Elliptic Curve Diffie-Hellman key agreement. The EC library is delivered as object 31 code. The certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key 32 lengths of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits, due to national AIS32 33 regulations by the BSI. Note that there are numerous other curve types, being also secure in terms of 34 side channel attacks on this TOE, which can the user optionally add in the composition certification 35 process. 36 The Toolbox library does not provide cryptographic support or additional security functionality as it 37 provides only the following basic long integer arithmetic and modular functions in software, 38 supported by the cryptographic coprocessor: Addition, subtraction, division, multiplication, 39 comparison, reduction, modular addition, modular subtraction, modular multiplication, modular 40 inversion and modular exponentiation. No security relevant policy, mechanism or function is 41 supported. The toolbox library is deemed for software developers as support for simplified 42 implementation of long integer and modular arithmetic operations. 43 1 Key generation functions are only provided by versions v2.05.005 and v2.07.003 of the RSA library 2 Bundesamt für Sicherheit in der Informationstechnik (BSI) is the German Federal Office for Information Security 11 Security Target Lite M9900, M9905, M9906 Public The asymmetric Base library provides the low level interface to the asymmetric cryptographic 1 coprocessor and has no user available interface. The asymmetric Base library does not provide any 2 security functionality, implements no security mechanisms and does not contribute to a security 3 functional requirement. 4 The Flash Translation Layer Library provides the interface to the external Flash-memory. The Flash 5 Translation Layer Library does not provide any security functionality, implements no security 6 mechanism, and does not contribute to a security functional requirement. 7 The Symmetric Crypto library (SCL) is used to provide a high level interface to DES/3DES and AES 8 symmetric cryptographic operations. It uses the SCP of the underlying hardware but implements also 9 countermeasures against all known weaknesses of the SCP (e.g. dummy calculations and block 10 repetitions). The symmetric crypto library consists of three C-library files Cipher.lib, AES.lib and 11 DES.lib. Those library files will not be distributed individually. Therefore we call those three library 12 files simply the Symmetric Crypto Library (SCL) 13 14 The Hash Library (HCL) provides the hash functions form the SHA-1 and SHA-2 family. The hash 15 functions are hardened against SPA template attacks. 16 The Platform Support Layer (PSL) library is used to provide a standardized interface to the hardware 17 by making use of the RSA, ECC, SCL and HCL libraries. The provided interfaces are syntactically similar 18 to Windows NT device driver calls. The drivers consist merely of wrapper code with no inherent 19 security relevant parts. 20 To fulfill the high security standards for smartcards today and also in the future, this TOE utilizes an 21 integral security concept comprising countermeasure mechanisms specially designed against 22 possible attack scenarios. The TOE provide a robust set of sensors for the purpose of monitoring 23 proper chip operating conditions and detecting fault attack scenarios. The sensors are complemented 24 with digital error detection mechanisms such as parities, error detection codes and instruction stream 25 signatures. Probing and forcing attacks will be counteracted by the security optimized wiring 26 approach, implemented by an Infineon-specific shielding combined with secure wiring of security 27 critical signals, partly masking of security critical signals and by encryption of all memories inside the 28 chip (RAM, ROM, NVM). A decentralized alarm propagation and system deactivation principle is 29 implemented, further decreasing the risk of manipulating and tampering. Additionally, an online 30 check of the security mechanisms is available by using the User Mode Security Life Control (UMSLC). 31 Side-channel attacks (e.g. Timing Attack, SPA, DPA, EMA) are typically defeated using a combination of 32 hardware and software mechanisms, for this the TOE provides several supporting features e.g. trash 33 register writes and instruction interrupt prevention. The Instruction Stream Signature Checking (ISS) 34 is a powerful countermeasure against fault attacks that try to manipulate the execution sequence of 35 the instruction stream. All executed instructions are hashed in the CPUs signature register and the 36 hardware automatically checks the fitting of the values. 37 In this security target the TOE is described and a summary specification is given. The security 38 environment of the TOE during its different phases of the lifecycle is defined. The assets are identified 39 which have to be protected through the security policy. The threats against these assets are 40 described. The security objectives and the security policy are defined, as well as the security 41 requirements. These security requirements are built up of the security functional requirements as part 42 of the security policy and the security assurance requirements. These are the steps during the 43 evaluation and certification showing that the TOE meets the targeted requirements. In addition, the 44 functionality of the TOE matching the requirements is described. 45 12 Security Target Lite M9900, M9905, M9906 Public The assets, threats, security objectives and the security functional requirements are defined in this 1 Security Target and in [1] and are referenced here. These requirements build up a minimal standard 2 common for all Smartcards. 3 The security functions are defined here in the security target as property of this specific TOE. Here it is 4 shown how this specific TOE fulfils the requirements for the standard defined in the Protection Profile 5 [1]. 6 The user software can be implemented in various options depending on the user’s choice and 7 described in chapter 2.1.8. Thereby the user software can be implemented the NVM or coming 8 without user software. In the latter case, the user downloads his entire software on his own using 9 the Flash Loader software. 10 11 The TOE uses also Special Function Registers SFR. These SFR registers are used for general purposes 12 and chip configuration. These registers are located in the SOLID FLASH™ NVM as configuration area 13 page. 14 A shielding algorithm finishes the upper layers above security critical signals and wires, finally 15 providing the so called “security optimized wiring”. 16 The TOE with its integrated security features meets the requirements of all smart card applications 17 such as information integrity, access control, mobile telephone and identification, as well as uses 18 in electronic funds transfer and healthcare systems. 19 To sum up, the TOE is a powerful smart card IC with a large amount of memory and special peripheral 20 devices with improved performance, optimized power consumption, at minimal chip size while 21 implementing high security. 22 13 Security Target Lite M9900, M9905, M9906 Public 2 Target of Evaluation Description 1 The TOE description helps to understand the specific security environment and the security policy. In 2 this context the assets, threats, security objectives and security functional requirements can be 3 employed. The following is a more detailed description of the TOE than in [1] as it belongs to the 4 specific TOE. 5 6 2.1 Definition of the TOE 7 The TOE comprises three parts: 8  Hardware of the smart card security controller including all configurations and derivatives 9  Associated firmware, software and optional software 10  Documents. 11 The hardware configuration options and configuration methods are described in the chapters 1.1 and 12 2.1.8. The second part of this TOE includes the associated firmware and software required for 13 operation. The TOE can be delivered in various configurations, achieved by means of blocking and 14 depending on the customer order. 15 The documents as described in section 2.1.5 and listed in Table 1, are supplied as user guidance. All 16 product derivatives of this TOE, including all configuration possibilities differentiated by the GCIM 17 data and the configuration information output, are manufactured by Infineon Technologies AG. In the 18 following descriptions, the term “manufacturer” stands short for Infineon Technologies AG, the 19 manufacturer of the TOE. The Smartcard Embedded Software respectively user software is not part of 20 the TOE. New configurations can occur at any time depending on the user blocking or by different 21 configurations applied by the manufacturer. In any case the user is able to clearly identify the TOE 22 hardware, its configuration and proof the validity of the certificate independently, meaning without 23 involving the manufacturer. The various blocking options, as well as the means used for the blocking, 24 are done during the manufacturing process or at user premises. Entirely all means of blocking and the 25 for the blocking involved firmware respectively software parts, used at Infineon Technologies AG 26 and/or the user premises, are subject of the evaluation. All resulting configurations of a TOE derivative 27 are subject of the certificate. All resulting configurations are either at the predefined limits or within 28 the predefined configuration ranges. 29 One or more additional metal layer may be added on top of one of the TOE mask set. These additional 30 metal layers, it could also be more than one, just reroute the pads. Therefore, this last rerouting on 31 top does not change the function of the TOE itself and is depending on the package only, and are not 32 relevant for the security of the TOE. For these reasons, the metal layers are out the scope of the 33 certification and do not belong to the TOE. Of course, in all cases passivation and isolation coating is 34 applied on top of the last layers carrying wires. 35 The firmware used for the TOE internal testing and TOE operation, the firmware and software parts 36 exclusively used for the blocking, the parts of the firmware and software required for cryptographic 37 support are part of the TOE and therefore part of the certification. The documents as described in 38 chapter 2.1.5 are supplied as user guidance. 39 Not part of the TOE and not part of the certification are: 40  the Smartcard Embedded Software respectively user software, and 41  the piece of software running at user premises and collecting the BPU receipts coming from the 42 TOE. This BPU software part is the commercially deemed part of the BPU software, not running on 43 14 Security Target Lite M9900, M9905, M9906 Public the TOE, but allowing refunding the customer, based on the collected user blocking information. 1 The receipt from each blocked TOE is collected by this software – chip by chip. 2  The Mifare compatible software 3 4 5 15 Security Target Lite M9900, M9905, M9906 Public 2.1.1 Hardware of the TOE 1 The hardware part of the TOE (see Figure 1) as defined in [1] is comprised of: 2 Core System 3  32-bit CPU implementation of ARM Secure Core SC300 based on ARMv7-M Instruction set 4 architecture including the Instruction Stream Signature Checking (ISS) 5  CACHE for code and data buffering 6  Memory Encryption/Decryption Unit (MED) and Error Detection Unit 7  Memory Protection Unit (MPU) 8  Nested Vectored Interrupt Controller (NVIC) 9 10 Memories 11  Read-Only Memory (ROM, for internal firmware) 12  Random Access Memory (RAM) 13  SOLID FLASH™ NVM memory (NVM) 14  External Flash-memory (EXF, optional) 15 Note that the TOE has implemented a SOLID FLASH™ NVM memory module. Parts of this memory 16 module are configured to work as an EEPROM. 17 18 Peripherals 19  Universal Asynchronous Receiver/Transmitter (UART) 20  Single-Wire Protocol (SWP) with Mifare-compatible interface 21  Inter Integrated Circuit (I2C) interface 22  General Purpose Input Output (GPIO) 23  Synchronous Serial Communication (SSC) which provides the 24 Serial Peripheral Interface (SPI) 25  Universal Serial Bus (USB) interface 26  Standard ISO Interface (PAD) 27  True Random Number Generator (TRNG) 28  Timers and Watchdog including a checkpoint register (T&W) 29  System Module (SYS) 30  Clock Unit (CLK) 31 32 Coprocessors 33  Crypto2304T co-processor for asymmetric algorithms like RSA and EC (Crypto, optional) 34  Symmetric Crypto co-processor for 3DES and AES Standards (SCP, optional) 35  Checksum module (CRC) 36 37 Analog Module (ANA) 38 16 Security Target Lite M9900, M9905, M9906 Public  Glitch Sensor 1  Temperature Sensor 2  Backside Light Detector 3  User Mode Security Life Control (UMSLC) 4 5 Buses 6  Memory Bus 7  Peripheral Bus 8 9 Core with CPU, MED, MPU NVIC, ISS and Cache ROM RAM NVM Crypto 2304T SCP CRC Memory Bus SYS TRNG CLK Peripheral Bus ANA ISO I2C SSC GPIO EXF SWP UART T&W USB 10 Core Core System ROM Read Only Memory 11 NVM SOLID FLASH™ NVM RAM Random Access Memory 12 CLK Clock Unit SYS System Module 13 Crypto Crypto2304T SCP Symmetric Crypto Processor 14 CRC Cyclic Redundancy Check TRNG True Random Number Generator 15 T&W Timer and Watchdog UART UART 16 I2C Inter Integrated Circuit GPIO General Purpose IO 17 SSC Synchronous Serial Communication SWP Single Wire Protocol 18 USB Universal Serial Bus ANA Analog Units 19 ISO Standard Interface ISO Standard ISO Interface 20 EXF External Flash-memory (optional) 21 22 Figure 1 Block diagram of the TOE 23 24 17 Security Target Lite M9900, M9905, M9906 Public The TOE consists of smart card ICs (Security Controllers) meeting high requirements in terms of 1 performance and security. They are manufactured by Infineon Technologies AG in a 90 nm CMOS- 2 technology (L90). This TOE is intended to be used in smart cards for particularly security-relevant 3 applications and for its previous use as developing platform for smart card operating systems 4 according to the lifecycle model from [1] 5 The term Smartcard Embedded Software is used in the following for all operating systems and 6 applications stored and executed on the TOE. The TOE is the platform for the Smartcard Embedded 7 Software. The Smartcard Embedded Software itself is not part of the TOE. 8 The TOE consists of a core system, memories, co-processors, security peripherals, control logic and 9 peripherals. The major components of the core system are the 32-bit CPU (Central Processing Unit), 10 the MPU (Memory Protection Unit), the MED (Memory Encryption/Decryption Unit), the Nested 11 Vectored Interrupt Controller (NVIC), the Instruction Stream Signature Checking (ISS) and the Cache 12 system. The TOE contains the co-processors for RSA/EC (Crypto2304T) and DES/AES (SCP) processing, 13 a CRC module and the peripherals random number generator, four timers and two watchdog timers 14 and several external interface services. All data of the memory block is encrypted, RAM and ROM are 15 equipped with an error detection code (EDC) and the SOLID FLASH™ NVM is equipped in addition with 16 an error correction code (ECC). 17 The memories are connected to the Core with the Memory Bus and the peripherals are connected 18 with the Peripheral Bus. 19 The Analog Modules (ANA) serve for operation within the specified range and manage the alarms. A set 20 of sensors (temperature sensor, backside light detector, glitch sensor) is used to detect excessive 21 deviations from the specified operational range and serve for robustness of the TOE and the UMSLC 22 function can be used to test the alarm lines. 23 The CPU is compatible with the instruction set of the ARMv7_M architecture. Despite its compatibility 24 the CPU implementation is entirely proprietary and not standard. 25 The CPU accesses the memory via the integrated Memory Encryption and Decryption unit (MED). The 26 memory model of the TOE provides two distinct, independent levels. Additionally up to eight regions 27 can be defined with different access rights controlled by the Memory Protection Unit (MPU). Errors in 28 RAM and ROM are automatically detected (EDC, Error Detection Code), in terms of the SOLID FLASH™ 29 NVM errors are detected and 1-Bit-errors are also corrected (ECC, Error Correction Code). 30 The controller of this TOE stores both code and data in a linear 4-GByte memory space, allowing direct 31 access without the need to swap memory segments in and out of memory using a memory protection 32 unit. 33 Additionally an optional external Flash-memory (EXF) connected via the SSC/GPIO interfaces is 34 available. The data stored in the external Flash-memory are not protected as the external Flash- 35 memory is not part of the security functional requirements (SFR) of the TOE and not in the scope of 36 the evaluation. 37 The CACHE is a high-speed memory-buffer located between the CPU and the (external) main 38 memories holding a copy of some of the memory contents to enable access, which is considerably 39 faster than retrieving the information from the main memory. In addition to its fast access speed, the 40 CACHE also consumes less power than the main memories. The CACHE is equipped with a integrity 41 check to verify the contents of the cache memories. 42 A True Random Number Generator (TRNG) specially designed for smart card applications is 43 implemented. The TRNG fulfils the requirements from the functionality class PTG.2 of the AIS31 and 44 produces genuine random numbers which then can be used internally or by the user software. 45 18 Security Target Lite M9900, M9905, M9906 Public The implemented sleep mode logic (clock stop mode per ISO/IEC 7816-3) is used to reduce the overall 1 power consumption. The timers permits easy implementation of communication protocols such as 2 T=1 and all other time-critical operations. The UART-controlled I/O interface allows the smart card 3 controller and the terminal interface to be operated independently. 4 The Clock Unit (CLKU) supplies the clocks for all components of the TOE. It generates the system clock 5 and an approximately 1MHz clock for the timers. The 1MHz clock is derived from an internal oscillator, 6 while the system clock may either be based on the internal oscillator clock (internal clock mode) or on 7 an external clock (external clock mode). Additionally a sleep mode is available. When operating in the 8 internal clock mode the system frequency can be configured by the user software combined with the 9 current limitation functionality. In the external clock mode the clock is derived from the external clock 10 and a parameter with the range of 1 to 8. The system frequency may be 1 up to 8 times the externally 11 applied frequency but is of course limited to the maximum system frequency and can be combined 12 with the current limitation function. 13 Two co-processors for cryptographic operations are implemented on the TOE. The Crypto2304T for 14 calculation of asymmetric algorithms like RSA and Elliptic Curve (EC) and the Symmetric 15 Cryptographic Processor (SCP) for dual-key or triple-key triple-DES and AES calculations. These co- 16 processors are especially designed for smart card applications with respect to the security and power 17 consumption. The SCP module computes the complete DES algorithm within a few clock cycles and is 18 especially designed to counter attacks like DPA, EMA and DFA. The Crypto2304T module provides 19 basic functions for the implementation of RSA and EC cryptographic libraries. 20 Note that this TOE can be delivered with both crypto co-processors accessible, or with a blocked SCP 21 or with a blocked Crypto2304T, or with both crypto co-processors blocked. The blocking depends on 22 the customer demands prior to the production of the hardware. No accessibility of the deselected 23 cryptographic co-processors is without impact on any other security policy of the TOE; it is exactly 24 equivalent to the situation where the user decides just not to use the cryptographic co-processors. 25 The cyclic redundancy check (CRC) module is a 16-bit checksum generator, which shall not be used for 26 security-critical data. The TOE includes two timer modules each with two 16-bit general purpose 27 timers. The timer module can be used also as watchdog timer to monitor system operation for 28 possible timeouts and to check the correct order of operation. 29 An Interface Management module, located in the System Module (SYS), provides the TOE with the 30 possibility to maintain two or more data interfaces simultaneously. The TOE is provided with, 31 dependent on the configuration, different peripherals and interfaces as the Universal Serial Bus (USB), 32 the SWP Slave Peripheral (SWP), the Synchronous Serial Communication (SSC), which provides the 33 serial Peripheral Interface (SPI), the GPIO module (GPIO), the Inter-Integrated Cirquit Module (I2C) and 34 the Standard ISO Interface (PAD) to satisfy the different market requirements. 35 36 2.1.2 Firmware of the TOE 37 The entire firmware and software of the TOE consists of different parts: 38 The BOS (Boot Software) and the RMS (Resource Management System) compose the TOE firmware 39 stored in the ROM and the patches hereof in the SOLID FLASH™ NVM. All mandatory functions for start- 40 up and internal testing (BOS) are protected by a dedicated hardware firewall. Additionally two levels 41 are provided, the privileged level and the non-privilege level, both are protected by a hardwired 42 Memory Protection Unit (MPU) setting. For the TOE two different versions of the BOS are provided 43 (BOS-V1 and BOS-V2). The version BOS-V1 (Firmware Identifier 80001141, 80001150, 80001151) 44 executes the UMSLC test during the startup phase, the version BOS-V2 (Firmware Identifier 80001142) 45 19 Security Target Lite M9900, M9905, M9906 Public does not execute the UMSLC test during the startup phase to shorten the time duration of the startup 1 phase. For the M9906 the BOS-V1 version (Firmware Identifier 80001150) includes the feature 2 “hardening” and for the M9905 the BOS-V1 version (Firmware Identifier 80001151) includes the 3 features “hardening” and the “Burn-In Test”. The feature “hardening” analyzing a random SOLID 4 FLASHTM NVM page after every regular program operation for written bits that are losing their charge, 5 and, in this very unlikely case, the page is rewritten. The “Burn-In Test” during production is used to 6 stress the chip in a high temperature, high internal voltage and active operation for a certain time and 7 filtering out defect parts to get a low failure rate. The derivatives M9905 and M9906 are qualified for an 8 extended temperature range from -40°C to +105°C. 9 The RMS is accessible in privileged level only. The FL (Flash Loader) and the Mifare-compatible 10 software compose the TOE software stored in the SOLID FLASH™ NVM. The FL allows downloading of 11 user software to the NVM during the manufacturing process and can be completely deactivated. 12 13 The Mifare-compatible software includes the Mifare-compatible Operating System and additionally 14 the optional library Management of Mifare-compatible Cards (version 01.03.0927 and 01.04.1275) and 15 the optional library Mifare-compatible Reader Mode Support (01.02.0800). The Management of Mifare- 16 compatible Cards provides an API for the management and generation of Mifare-compatible Cards 17 (note that the version 01.04.1275 provides an additionally command). The optional Mifare-compatible 18 Reader Mode support library (01.02.0800) enables an access to external Mifare-compatible cards. 19 The Mifare-compatible software is not part of the certification scope. 20 21 2.1.3 Optional software of the TOE 22 23 The optional software part of the TOE consists of the cryptographic libraries RSA and EC, the 24 supporting Toolbox and asymmetric Base libreries, the optional SCL, the optional Flash Translation 25 Layer (FTL), the optional Platform Support Library (PSL) and the Management of Mifare-compatible 26 Cards library and the Mifare-compatible Reader Mode Support library. 27 The Mifare-compatible software includes support for the optional Management of Mifare-compatible 28 Cards as well as support to ease the implementation of the optional Mifare-compatible Reader Mode 29 Support functionality. It does not support any security relevant policy or function. 30 The RSA library is used to provide a high-level interface to the RSA cryptography implemented on the 31 hardware component Crypto2304T and includes countermeasures against SPA, DPA and DFA attacks. 32 The routines are used for the generation of RSA Key Pairs1 , the RSA signature verification, the RSA 33 signature generation and the RSA modulus recalculation. The module provides the basic long number 34 calculations (add, subtract, multiply, square with 1100-bit numbers) with high performance. 35 The RSA library is delivered as object code and is integrated in this way into the user software. The 36 RSA library can perform RSA operations from 512 to 4096 bits. Depending on the customer’s choice, 37 the TOE can be delivered with the 4096 code portion or with the 2048 code portion only. The 2048 38 code portion is included in both. 39 Part of the evaluation are the RSA straight operations with key lengths from 1024 bits to 2048 bits, and 40 the RSA CRT operations with key lengths of 1024 bits to 4096 bits. Note that key lengths below 1024 41 bits are not included in the certificate. 42 The EC library is used to provide a high level interface to Elliptic Curve cryptography and includes 43 countermeasures against SPA, DPA and DFA attacks. The routines are used for ECDSA signature 44 generation, ECDSA signature verification, ECDSA key generation and Elliptic Curve Diffie-Hellman key 45 agreement. The EC library is delivered as object code and integrated in this way into the user 46 1 Key generation functions are only provided by versions v2.05.005 and v2.07.003 of the RSA library 20 Security Target Lite M9900, M9905, M9906 Public software. The certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key 1 lengths of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits, due to national AIS32 2 regulations by the BSI. Note that there are numerous other curve types, being also secure in terms of 3 side channel attacks on this TOE, which can the user optionally add in the composition certification 4 process. 5 The Toolbox library provides long integer and modular arithmetic operations. It does not support any 6 security relevant policy or function. 7 The Asymmetric Base library provides the low level interface to the asymmetric cryptographic 8 coprocessor for the RSA and ECC cryptographic libraries and has no user available interface. It does 9 not support any security relevant policy or function. The Base, ECC and RSA library can optionally be 10 delivered in two versions: 11  The version v2.05.005 for the PSL library v4.00.10 12  The version v2.07.003 for the PSL library v5.00.06 13 14 The Flash Translation Layer (FTL) is the interface to the external Flash-memory and is provided 15 optional to the customer as a binary link library. 16 The Symmetric Crypto library (SCL) is used to provide a high level interface to DES/3DES and AES 17 symmetric cryptographic operations. It uses the SCP of the underlying hardware but implements also 18 countermeasures against all known weaknesses of the SCP (e.g. dummy calculations). The symmetric 19 crypto library consists of three C-library files Cipher.lib, AES.lib and DES.lib. Those library files will not 20 be distributed individually. Therefore we call those three library files simply the Symmetric Crypto 21 Library (SCL). The SCL library can optionally delivered in three versions 22  The legacy version v2.01.011 for backward compatibility and the PSL v4.00.09 23  The legacy version v2.02.010 for backward compatibility 24  The most recent version v2.04.003 for the PSL v5.00.06 25 26 The Hash Cryptographic Library (HCL) provides interfaces to the SHA-1 and SHA-2 family. The HCL can 27 optionally be delivered. 28 29 The Platform Support Layer (PSL) library is used to provide a standardized interface to the hardware, 30 directly or via the RSA, ECC and SCL library. The provided interfaces are syntactically similar to 31 Windows NT device driver calls. The drivers consist only of wrapper code with no inherent security 32 relevant parts. The PSL library can optionally be delivered in two versions 33  V4.00.10 34  V5.00.06 35 36 Table 2 Chip and optional software delivery matrix 37 Chip Waferfab Toplayer Firmware-ID RSA/ECC lib SCL PSL HCL M9900 A22 Dresden none 80001141 (BOS-V1) 80001142 (BOS-V2) 2.05.005 2.07.003 2.01.011 2.02.010 2.04.003 4.00.10 5.00.06 1.01.003 M9900 C22 Dresden WLP 80001141 (BOS-V1) 80001142 (BOS-V2) 2.05.005 2.07.003 2.01.011 2.02.010 2.04.003 4.00.10 5.00.06 1.01.003 M9000 D22 Dresden WLB 80001141 (BOS-V1) 80001142 (BOS-V2) 2.05.005 2.07.003 2.01.011 2.02.010 2.04.003 4.00.10 5.00.06 1.01.003 21 Security Target Lite M9900, M9905, M9906 Public M9900 G11 TSMC WLB 80001141 (BOS-V1) 80001142 (BOS-V2) 2.07.003 n.A. n.A. n.A. M9905 A11 Dresden none 80001151 (BOS-V1) 2.05.005 2.07.003 2.01.011 2.02.010 2.04.003 4.00.10 5.00.06 1.01.003 M9906 A11 Dresden none 80001150 (BOS-V1) 2.05.005 2.07.003 2.01.011 2.02.010 2.04.003 4.00.10 5.00.06 1.01.003 1 2.1.4 Interfaces of the TOE 2  The physical interface of the TOE to the external environment is the entire surface of the IC. 3  The electrical interface of the TOE to the external environment is constituted by the pads of the 4 chip: 5 − The five ISO 7816 pads consist particularly of the contacted RES, I/O, CLK lines and supply lines 6 VCC and GND. The contact based communication is according to ISO 7816/ETSI/EMV. 7 The I2C communication can be driven via the ISO 7816 pads. In this case no other 8 communication using the ISO 7816 pads is possible. 9 − The GPIO interface consists of 4 pads which can be individually configured and combined in 10 various ways. 11 − Also the I2C and the SSC/SPI communication can be exclusively driven via the GPIO pads. In this 12 case no other communication using the GPIO pads is possible. 13 − The USB interface is build out of two dedicated pads for data communication and two pads 14 used from the ISO 7816 interface supplying power and ground. 15 − The SWP interface is build out of one pad to support the SWP slave functionality. 16  The data-oriented I/O interface to the TOE is formed by the I/O pad. 17  The interface to the firmware is constituted by special registers used for hardware configuration 18 and control (Special Function Registers, SFR). 19  The interface of the TOE to the operating system is constituted on one hand by the RMS routine 20 calls and on the other by the instruction set of the TOE. 21  The interface of the TOE to the test routines is formed by the BOS test routine call, i.e. entry to test 22 mode (OS-TM entry). 23  The interface to the RSA calculations is defined by the RSA library (optionally). 24  The interface to the EC calculations is defined by the EC library (optionally). 25  The interface to the Toolbox basic arithmetic functions is defined by the Toolbox library 26 (optionally). 27  The interface to the external Flash-memory is defined by the Flash Translation Layer (optionally). 28  The interface to the symmetric crypto operations DES/3DES/AES is defined by the SCL library 29 (optionally). 30  The interface to the PSL library is defined by the PSL Specification (optionally). 31 2.1.5 Guidance documentation 32 The guidance documentation is listed in Table 1 33 Finally the certification report may contain an overview of the recommendations to the software 34 developer regarding the secure use of the TOE. These recommendations are also included in the 35 ordinary documentation. 36 22 Security Target Lite M9900, M9905, M9906 Public 2.1.6 Forms of delivery 1 The TOE can be delivered in form of bare dies, in form of plain wafers, in form of complete modules 2 (wire bond module M4.x, provided as single chip wire bond or as stacked wire bond), or in one of the 3 following an IC cases: MFC5.8 (FCOS), PG-VQFN-8-1, PG-VQFN-32-13 (SMD) and P-M2M4.7-8-1 (for 4 M9905 and M9906). The form of delivery does not affect the TOE security and it can be delivered in any 5 form, as long as the processes applied and sites involved have been subject of the appropriate audit. 6 The delivery can therefore be at the end of phase 3 or at the end of phase 4 which can also include 7 pre-personalization steps according to PP [1]. Nevertheless in both cases the TOE is finished and the 8 extended test features are removed. In this document are always both cases mentioned to avoid 9 incorrectness but from the security policy point of view the two cases are identical. 10 The delivery to the software developer (phase 2  phase 1) contains the development package and is 11 delivered in form of documentation as described above, data carriers containing the tools and 12 emulators as development and debugging tool. 13 Part of the software delivery could also be the Flash Loader program, provided by Infineon 14 Technologies, running on the TOE and receiving via the UART interface the transmitted information of 15 the user software to be loaded into the SOLID FLASH™ NVM memory. The download is only possible 16 after successful authentication. The user software can also be downloaded in an encrypted way. In 17 addition, the user can permanently block further use of the Flash Loader. Whether the Flash Loader 18 program is present or not depends on the procurement order. 19 Table 3 TOE deliveries: forms and methods 20 TOE Component Delivered Format Delivery Method Comment M9900 C11/D11/G11/A22 See text above Postal transfer in cages All materials are delivered to distribution centers in cages, locked. M9905 A11/M9906 A11 See text above Postal transfer in cages All materials are delivered to distribution centers in cages, locked. All Firmware – – Stored on the delivered hardware. All software libraries ARM Library File (object code) Secured download1 – All User Guidance documents Personalized PDF Secured download – 21 22 2.1.7 Production sites 23 The silicon of the design A11, A22, C22 and D22 is produced in Dresden. 24 The silicon of the design G11 is produced at TSMC/Taiwan 25 The delivery measures are described in the ALC_DVS aspect. 26 27 1 Secured download is a way of delivery of documentation and TOE related software using a secure ishare connected to Infineon customer portal. The TOE user needs a DMZ Account to login (authenticate) via the Internet. 23 Security Target Lite M9900, M9905, M9906 Public Table 4 Production site in chip identification 1 Production Site Chip Identification Dresden, Germany byte number 13 (Fab number): 02H TSMC, Taiwan byte number 13 (Fab number): 09H 2 3 2.1.8 TOE Configuration 4 This TOE is represented by various configurations called products, which are all derived from the 5 equal hardware design M9900, M9905 and M9906. The same mask is used to produce different 6 products of the TOE. The first metal mask (called the M1 mask) contains the specific information to 7 identify the TOE. 8 The M9900, M9905 and M9906 product offers different configuration options, which a customer can 9 choose. The mechanism to choose a configuration can be done by the following methods: 10 1. by product selection or dialog-based in Tools, 11 2. via Bill-per-Use (BpU) and Flash Loader (FL), 12 The degree of freedom for configuring the TOE is predefined by Infineon Technologies AG. The list of 13 predefined TOE configurations is given, as an example in Table 5 and in the SLE97 Hardware 14 Reference Manual [7], section 18. Additional the Table 5 gives an overview about the maximum 15 configurable memory and frequency sizes of the TOE. 16 All these possible TOE configurations equal and/or within the specified ranges are covered by the 17 certificate. 18 19 For details about the TOE configurations, please see [ST] 20 21 Beside fix TOE configurations, which can be ordered as usual, this TOE implements optionally the so 22 called Bill-Per-Use (BPU) ability. This solution enables the customer to tailor the product on his own 23 to the required configuration by blocking parts of the chip on demand into the final configuration at 24 his own premises, without further delivery or involving support by Infineon Technology AG. 25 Customers, who are intended to use this feature receiving the TOE in a predefined configuration 26 including the Flash Loader software, enhanced with the BPU blocking software. The blocking 27 information is part of a chip configuration area and can be modified by customers using specific 28 APDUs. Once a final blocking is done, further modifications are disabled. 29 The BPU software part is only present on the products which have been ordered with the BPU option. 30 In all other cases this software is not present on the product. 31 Additionally the user can choose between different firmware BOS versions and optional software 32 libraries. 33 For the M9900 derivative the user can choose the TOE with the BOS firmware in the version BOS-V1 or 34 BOS-V2. 35 The user can choose between one of the Management of Mifare-compatible Cards libraries (version 36 01.03.0927 or 01.04.1275) and the Mifare-compatible Reader Mode Support library (01.02.0800) or the 37 user can choose only one of the three libraries. 38 In the case the TOE is equipped with the External Flash memory the user can choose the Flash 39 Translation Layer (V1.01.0008) library. 40 The hardware of this TOE can be delivered with the following configuration options: 41  both crypto co-processors accessible 42  with a blocked SCP 43 24 Security Target Lite M9900, M9905, M9906 Public  with a blocked Crypto2304T 1  both crypto co-processors blocked 2 In case the SCP is blocked, no AES and 3DES computation supported by hardware is possible. In the 3 case the Crypto2304T is blocked, no RSA and EC computation supported by hardware is possible. No 4 accessibility of the deselected cryptographic co-processors is without impact on any other security 5 policy of the TOE; it is exactly equivalent to the situation where the user decides just not to use the 6 cryptographic co-processors. 7 The TOE can be delivered with the following optional libraries 8  RSA 9  ECC 10  Asymmetric Base library for RSA and ECC 11  Toolbox 12  SCL for AES/DES 13  PSL 14  FTL 15 16 The libraries of this TOE can be delivered according to the following dependencies: 17  If one of the libraries RSA, EC or Toolbox is delivered, the corresponding asymmetric Base library is 18 automatically part of it. 19  If the PSL library v4 is delivered, the RSA, EC and Base v2.05.005 libraries as well as the SCL 20 v2.01.011 library are automatically part of it. 21  If the PSL library v5 is delivered, the RSA, EC and Base v2.07.003 libraries as well as the SCL 22 v2.04.003 library are automatically part of it. 23 24 In case of deselecting one or several of these libraries the TOE does not provide the respective 25 functionality. 26 27 2.1.9 TOE initialization with Customer Software 28 Beside the various TOE configurations further possibilities of how the user inputs his software on the 29 TOE are in place. This provides a maximum of flexibility and for this an overview is given in the 30 following table: 31 32 Table 5 Options to implement user software at Infineon production premises 33 1 The user or/and a subcontractor downloads the software into the SOLID FLASH™ NVM memory on his own. Infineon Technologies AG has not received user software and there are no user data in the ROM. The Flash Loader can be activated or reactivated by the user or subcontractor to download his software in the SOLID FLASH™ NVM memory. 2 The user provides software for the download into the SOLID FLASH™ NVM memory to Infineon Technologies AG. The software is downloaded to the SOLID FLASH™ NVM memory during chip production. There are no user data in the ROM. The Flash Loader is deactivated. 3 The user provides software for the download The Flash Loader is blocked afterwards but can 25 Security Target Lite M9900, M9905, M9906 Public into the SOLID FLASH™ NVM memory to Infineon Technologies AG. The software is downloaded to the SOLID FLASH™ NVM memory during chip production. There are no user data in the ROM be activated or reactivated by the user or subcontractor to download his software in the SOLID FLASH™ NVM memory. Precondition is that the user has provided an own reactivation procedure in software prior chip production to Infineon Technologies AG. 1 The Generic Chip Identification Mode (GCIM) data of the TOE allows a unique identification of each 2 TOE and provides several detailed production information. The Chip Identification Mode data is 3 accessible by a non-ISO reset or can be read directly from the configuration area located at the NVM 4 by the user operating system. The SLE97 Hardware Reference Manual [7] gives a detailed description 5 of the GCIM data. 6 26 Security Target Lite M9900, M9905, M9906 Public 3 Conformance Claims (ASE_CCL) 1 3.1 CC Conformance Claim 2 This Security Target (ST) and the TOE claim conformance to Common Criteria version v3.1 part 1 [2], 3 part 2 [3] and part 3 [4]. 4 Conformance of this ST is claimed for: 5 Common Criteria part 2 extended and Common Criteria part 3 conformant. 6 3.2 PP Claim 7 This Security Target is in strict conformance to the 8 Security IC Platform Protection Profile [1]. 9 The Security IC Platform Protection Profile is registered and certified by the Bundesamt für Sicherheit 10 in der Informationstechnik1 (BSI) under the reference BSI-PP-0035, Version 1.0, dated 15.06.2007. 11 The security assurance requirements of the TOE are according to the Security IC Platform Protection 12 Profile [1]. They are all drawn from Part 3 of the Common Criteria version v3.1. 13 The augmentations of the PP [1] are listed below. 14 15 Table 6 Augmentations of the assurance level of the TOE 16 Assurance Class Assurance components Description Life-cycle support ALC_DVS.2 Sufficiency of security measures Vulnerability assessment AVA_VAN.5 Advanced methodical vulnerability analysis 17 3.3 Package Claim 18 This Security Target does not claim conformance to a package of the PP [1]. 19 The assurance level for the TOE is EAL5 augmented with the components ALC_DVS.2 and AVA_VAN.5. 20 21 22 1 Bundesamt für Sicherheit in der Informationstechnik (BSI) is the German Federal Office for Information Security 27 Security Target Lite M9900, M9905, M9906 Public 3.4 Conformance Rationale 1 This security target claims strict conformance only to one PP, the PP [1]. 2 The Target of Evaluation (TOE) is a typical security IC as defined in PP chapter 1.2.2 comprising: 3  the circuitry of the IC (hardware including the physical memories), 4  configuration data, initialisation data related to the IC Dedicated Software and the behaviour of 5 the security functionality 6  the IC Dedicated Software with the parts 7  the IC Dedicated Test Software, 8  the IC Dedicated Support Software. 9 The TOE is designed, produced and/or generated by the TOE Manufacturer. 10 Security Problem Definition: 11 Following the PP [1], the security problem definition is enhanced by adding an additional threat, an 12 organization security policy and an augmented assumption. Including these add-ons, the security 13 problem definition of this security target is consistent with the statement of the security problem 14 definition in the PP [1], as the security target claimed strict conformance to the PP [1]. 15 Conformance Rationale: 16 The augmented organizational security policy P.Add-Functions, coming from the additional security 17 functionality of the cryptographic libraries, the augmented assumption A.Key-Function, related to the 18 usage of key-depending function, and the threat memory access violation T.Mem-Access, due to 19 specific TOE memory access control functionality, have been added. These add-ons have no impact 20 on the conformance statements regarding CC [2] and PP [1], with following rational: 21 The security target remains conformant to CC [2], claim 482 as the possibility to introduce additional 22 restrictions is given. 23 The security target fulfils the strict conformance claim of the PP [1] due to the application notes 5, 6 24 and 7 which apply here. By those notes the addition of further security functions and security services 25 are covered, even without deriving particular security functionality from a threat but from a policy. 26 Due to additional security functionality, one coming from the cryptographic libraries - O.Add- 27 Functions, the memory access control - O.Mem-Access, and the hash additional security objectives 28 have been introduced. These add-ons have no impact on the conformance statements regarding CC 29 [2] and PP [1], with following rational: 30 The security target remains conformant to CC [2], claim 482 as the possibility to introduce additional 31 restrictions is given. 32 The security target fulfils the strict conformance of the PP [1] due to the application note 9 applying 33 here. This note allows the definition of high-level security goals due to further functions or services 34 provided to the Security IC Embedded Software. 35 Therefore, the security objectives of this security target are consistent with the statement of the 36 security objectives in the PP [1], as the security target claimed strict conformance to the PP [1]. 37 38 28 Security Target Lite M9900, M9905, M9906 Public All security functional requirements defined in the PP [1] are included and completely defined in this 1 ST. The security functional requirements listed in the following are all taken from Common Criteria 2 part 2 [3] and additionally included and completely defined in this ST: 3  FDP_ACC.1 “Subset access control” 4  FDP_ACF.1 “Security attribute based access control” 5  FMT_MSA.1 “Management of security attributes” 6  FMT_MSA.3 “Static attribute initialisation” 7  FMT_SMF.1 “Specification of Management functions” 8  FCS_COP.1 “Cryptographic support” 9  FCS_CKM.1 “Cryptographic key generation” 10  FDP_SDI.1 “Stored data integrity monitoring 11  FDP_SDI.2 “Stored data integrity monitoring and action 12 The security functional requirement 13  FPT_TST.2 “Subset TOE security testing“(Requirement from [3]) 14  FCS_RNG.1 “Generation of Random Numbers” 15 is included and completely defined in this ST, section 6. 16 All assignments and selections of the security functional requirements are done in the PP [1] and in 17 this security target in section 7.5. 18 The Assurance Requirements of the TOE obtain the Evaluation Assurance Level 5 augmented with the 19 assurance components ALC_DVS.2 and AVA_VAN.5 for the TOE. 20 21 3.5 Application Notes 22 The functional requirement FCS_RNG.1 is a refinement of the FCS_RNG.1 defined in the Protection 23 Profile [1] according to “Anwendungshinweise und Interpretationen zum Schema (AIS)” [15]. 24 29 Security Target Lite M9900, M9905, M9906 Public 4 Security Problem Definition (ASE_SPD) 1 The content of the PP [1] applies to this chapter completely. 2 4.1 Threats 3 The threats are directed against the assets and/or the security functions of the TOE. For example, 4 certain attacks are only one step towards a disclosure of assets while others may directly lead to a 5 compromise of the application security. The more detailed description of specific attacks is given later 6 on in the process of evaluation and certification. An overview on attacks is given in PP [1] section 3.2. 7 The threats to security are defined and described in PP [1] section 3.2. 8 Table 7 Threats according PP [1] 9 T.Phys-Manipulation Physical Manipulation T.Phys-Probing Physical Probing T.Malfunction Malfunction due to Environmental Stress T.Leak-Inherent Inherent Information Leakage T.Leak-Forced Forced Information Leakage T.Abuse-Func Abuse of Functionality T.RND Deficiency of Random Numbers 4.1.1 Additional Threat due to TOE specific Functionality 10 The additional functionality of introducing sophisticated privilege levels and access control allows the 11 secure separation between the operation system(s) and applications, the secure downloading of 12 applications after personalization and enables multitasking by separating memory areas and 13 performing access controls between different applications. Due to this additional functionality “area 14 based memory access control” a new threat is introduced. 15 The Smartcard Embedded Software is responsible for its User Data according to the assumption 16 “Treatment of User Data (A.Resp-Appl)”. However, the Smartcard Embedded Software may comprise 17 different parts, for instance an operating system and one or more applications. In this case, such parts 18 may accidentally or deliberately access data (including code) of other parts, which may result in a 19 security violation. 20 The TOE shall avert the threat “Memory Access Violation (T.Mem-Access)” as specified below. 21 T.Mem-Access Memory Access Violation 22 Parts of the Smartcard Embedded Software may cause security violations by accidentally or 23 deliberately accessing restricted data (which may include code) or privilege levels. Any restrictions are 24 defined by the security policy of the specific application context and must be implemented by the 25 Smartcard Embedded Software. 26 Table 8 Additional threats due to TOE specific functions and augmentations 27 T.Mem-Access Memory Access Violation 28 For details see PP [1] section 3.2. 29 30 Security Target Lite M9900, M9905, M9906 Public 4.1.2 Assets regarding the Threats 1 The primary assets concern the User Data which includes the user data as well as program code 2 (Security IC Embedded Software) stored and in operation and the provided security services. These 3 assets have to be protected while being executed and or processed and on the other hand, when the 4 TOE is not in operation. 5 This leads to four primary assets with its related security concerns: 6  SC1 Integrity of User Data and of the Security IC Embedded Software (while being 7 executed/processed and while being stored in the TOE’s memories), 8  SC2 Confidentiality of User Data and of the Security IC Embedded Software (while being processed 9 and while being stored in the TOE’s memories) 10  SC3 Correct operation of the security services provided by the TOE for the Security IC Embedded 11 Software. 12  SC4 Continuous availability of random numbers 13 SC4 is an additional security service provided by this TOE which is the availability of random numbers. 14 These random numbers are generated either by a true random number or a deterministic random 15 number generator or by both, when a true random number is used as seed for the deterministic 16 random number generator. Note that the generation of random numbers is a requirement of the PP 17 [1]. 18 To be able to protect the listed assets the TOE shall protect its security functionality as well. Therefore 19 critical information about the TOE shall be protected. Critical information includes: 20  logical design data, physical design data, IC Dedicated Software, and configuration data 21  Initialisation Data and Pre-personalisation Data, specific development aids, test and 22 characterisation related data, material for software development support, and reticles. 23 The information and material produced and/or processed by the TOE Manufacturer in the TOE 24 development and production environment (Phases 2 up to TOE Delivery) can be grouped as follows: 25  logical design data, 26  physical design data, 27  IC Dedicated Software, Security IC Embedded Software, Initialisation Data and Pre-personalisation 28 Data, 29  specific development aids, 30  test and characterisation related data, 31  material for software development support, and 32  reticles and products in any form 33 as long as they are generated, stored, or processed by the TOE Manufacturer. 34 For details see PP [1] section 3.1. 35 4.2 Organizational Security Policies 36 The TOE has to be protected during the first phases of their lifecycle (phases 2 up to TOE delivery 37 which can be after phase 3 or phase 4). Later on each variant of the TOE has to protect itself. The 38 organizational security policy covers this aspect. 39 P.Process-TOE Protection during TOE Development and Production 40 31 Security Target Lite M9900, M9905, M9906 Public An accurate identification must be established for the TOE. This requires that each instantiation of the 1 TOE carries this unique identification. 2 The organizational security policies are defined and described in PP [1] section 3.3. Due to the 3 augmentations of PP [1] an additional policy is introduced and described in the next chapter. 4 Table 9 Organizational Security Policies according PP [1] 5 P.Process-TOE Protection during TOE Development and Production 4.2.1 Augmented Organizational Security Policy 6 Due to the augmentations of the PP [1] an additional policy is introduced. 7 The TOE provides specific security functionality, which can be used by the Smartcard Embedded 8 Software. In the following specific security functionality is listed which is not derived from threats 9 identified for the TOE’s environment because it can only be decided in the context of the smartcard 10 application, against which threats the Smartcard Embedded Software will use the specific security 11 functionality. 12 The IC Developer / Manufacturer must apply the policy “Additional Specific Security Functionality 13 (P.Add-Functions)” as specified below. 14 15 P.Add-Functions Additional Specific Security Functionality 16 The TOE shall provide the following specific security functionality to the Smartcard Embedded 17 Software: 18  Advanced Encryption Standard (AES) 19  Triple Data Encryption Standard (3DES) 20  Rivest-Shamir-Adleman Cryptography (RSA) 21  Elliptic Curve Cryptography (EC) 22  Hash Cryptographic Functions (SHA) 23 24 Note:This TOE can be delivered with the SCP accessible or blocked. The blocking depends on the 25 customer demands prior to the production of the hardware. In case the SCP is blocked, no 3DES or 26 AES computation supported by hardware is possible. The 3DES and AES functionality has then to 27 be removed from this policy. 28 Note:The TOE can also be delivered with an optional SCL. Any optional SCL contains AES and 3DES 29 algorithms with additional security countermeasures. The optional SCL needs an accessible SCP. 30 The 3DES and AES functionality has then to be removed from this policy. 31 Note:This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case the 32 Crypto2304T is blocked, no RSA or ECC computation supported by hardware is possible. The RSA 33 and ECC functionality has then to be removed from this policy. 34 Note:The TOE can also be delivered with the optional RSA library. The optional RSA library needs an 35 accessible Crypto2304T. If the optional RSA library is not delivered then RSA functionality has to 36 be removed from this policy. 37 32 Security Target Lite M9900, M9905, M9906 Public Note:The TOE can also be delivered with the optional ECC library. The optional ECC library needs an 1 accessible Crypto2304T. If the optional ECC library is not delivered then ECC functionality has to 2 be removed from this policy. 3 Note:The TOE can be delivered with the optional HCL library. If the optional HCL library is not delivered 4 then SHA functionality has to be removed from this policy. 5 6 4.3 Assumptions 7 The TOE assumptions on the operational environment are defined and described in PP [1] section 3.4. 8 The assumptions concern the phases where the TOE has left the chip manufacturer. 9 10 A.Process-Sec-IC Protection during Packaging, Finishing and Personalization: 11 It is assumed that security procedures are used after delivery of the TOE by the TOE Manufacturer up 12 to delivery to the end-consumer to maintain confidentiality and integrity of the TOE and of its 13 manufacturing and test data (to prevent any possible copy, modification, retention, theft or 14 unauthorised use). 15 16 A.Plat-Appl Usage of Hardware Platform: 17 The Security IC Embedded Software is designed so that the requirements from the following 18 documents are met: (i) TOE guidance documents (refer to the Common Criteria assurance class AGD) 19 such as the hardware data sheet, and the hardware application notes, and (ii) findings of the TOE 20 evaluation reports relevant for the Security IC Embedded Software as documented in the certification 21 report. 22 23 A.Resp-Appl Treatment of User Data: 24 All User Data are owned by Security IC Embedded Software. Therefore, it must be assumed that 25 security relevant User Data (especially cryptographic keys) are treated by the Security IC Embedded 26 Software as defined for its specific application context. 27 28 The support of cipher schemas needs to make an additional assumption. 29 Table 10 Assumption according PP [1] 30 A.Process-Sec-IC Protection during Packaging, Finishing and Personalization A.Plat-Appl Usage of Hardware Platform A.Resp-Appl Treatment of User Data 31 32 33 Security Target Lite M9900, M9905, M9906 Public 4.3.1 Augmented Assumptions 1 The developer of the Smartcard Embedded Software must ensure the appropriate “Usage of Key- 2 dependent Functions (A.Key-Function)” while developing this software in Phase 1 as specified below. 3 A.Key-FunctionUsage of Key-dependent Functions 4 Key-dependent functions (if any) shall be implemented in the Smartcard Embedded Software in a way 5 that they are not susceptible to leakage attacks (as described under T.Leak-Inherent and 6 T.Leak-Forced). 7 Note, that here the routines which may compromise keys when being executed are part of the 8 Smartcard Embedded Software. In contrast to this, the threats T.Leak-Inherent and T.Leak-Forced 9 address (i) the cryptographic routines which are part of the TOE (For details see PP [1] section 3.4.). 10 34 Security Target Lite M9900, M9905, M9906 Public 5 Security objectives (ASE_OBJ) 1 This section shows the subjects and objects where are relevant to the TOE. 2 A short overview is given in the following. 3 The user has the following standard high-level security goals related to the assets: 4  SG1 maintain the integrity of User Data and of the Security IC Embedded Software 5  SG2 maintain the confidentiality of User Data and of the Security IC Embedded Software 6  SG3 maintain the correct operation of the security services provided by the TOE for the Security IC 7 Embedded Software 8  SG4 provision of random numbers. 9 5.1 Security objectives for the TOE 10 The security objectives of the TOE are defined and described in PP [1] section 4.1. 11 12 Table 11 Objectives for the TOE according to PP [1] 13 O.Phys-Manipulation Protection against Physical Manipulation O.Phys-Probing Protection against Physical Probing O.Malfunction Protection against Malfunction O.Leak-Inherent Protection against Inherent Information Leakage O.Leak-Forced Protection against Forced Information Leakage O.Abuse-Func Protection against Abuse of Functionality O.Identification TOE Identification O.RND Random Numbers 14 The TOE provides “Additional Specific Security Functionality (O.Add-Functions)” as specified below. 15 O.Add-Functions : Additional Specific Security Functionality 16 The TOE must optionally provide the following specific security functionality to the Smartcard 17 Embedded Software: 18  Advanced Encryption Standard (AES) 19  Triple Data Encryption Standard (3DES) 20  Rivest-Shamir-Adleman (RSA) 21  Elliptic Curve Cryptography (EC) 22  Hash Cryptographic functions (SHA) 23 The hardware of this TOE can be delivered with the following configuration options: 24  both crypto co-processors accessible 25  with a blocked SCP 26  with a blocked Crypto2304T 27  both crypto co-processors blocked 28 35 Security Target Lite M9900, M9905, M9906 Public In case the SCP is blocked, no AES and 3DES computations supported by hardware are possible. In the 1 case the Crypto2304T is blocked, no RSA and EC computations supported by hardware are possible. 2 The optional security relevant software part of the TOE consists of the following optional libraries: 3  RSA Cryptographic Library 4  EC Cryptographic Library 5  Symmetric Cryptographic Library (SCL) 6  Hash cryptographic library (HCL) 7  Platform Support Library (PSL) 8 9 The TOE shall provide “Area based Memory Access Control (O.Mem-Access)” as specified below. 10 O.Mem-Access: Area based Memory Access Control 11 The TOE must provide the Smartcard Embedded Software with the capability to define restricted 12 access memory areas. The TOE must then enforce the partitioning of such memory areas so that 13 access of software to memory areas and privilege levels is controlled as required, for example, in a 14 multi-application environment. 15 Table 12 Additional objectives due to TOE specific functions and augmentations 16 O.Add-Functions Additional specific security functionality O.Mem-Access Area based Memory Access Control 5.2 Security Objectives for the development and operational 17 Environment 18 The security objectives for the security IC embedded software development environment and the 19 operational environment is defined in PP [1] section 4.2 and 4.3. The table below lists the security 20 objectives. 21 Table 13 Security objectives for the environment according to PP [1] 22 Phase 1 OE.Plat-Appl Usage of Hardware Platform OE.Resp-Appl Treatment of User Data Phase 5 – 6 optional Phase 4 OE.Process-Sec-IC Protection during composite product manufacturing 5.2.1 Clarification of “Usage of Hardware Platform (OE.Plat-Appl)” 23 Regarding the cryptographic services this objective of the environment has to be clarified. The TOE 24 supports cipher schemes as additional specific security functionality. If required the Smartcard 25 Embedded Software shall use these cryptographic services of the TOE and their interface as specified. 26 When key-dependent functions implemented in the Smartcard Embedded Software are just being 27 executed, the Smartcard Embedded Software must provide protection against disclosure of 28 confidential data (User Data) stored and/or processed in the TOE by using the methods described 29 under “Inherent Information Leakage (T.Leak-Inherent)” and “Forced Information Leakage (T.Leak- 30 Forced)“. 31 The objectives of the environment regarding the memory, software and firmware protection and the 32 SFR and peripheral-access-rights-handling have to be clarified. For the separation of different 33 36 Security Target Lite M9900, M9905, M9906 Public applications the Smartcard Embedded Software (Operating System) may implement a memory 1 management scheme based upon security functions of the TOE. 2 5.2.2 Clarification of “Treatment of User Data (OE.Resp-Appl)” 3 Regarding the cryptographic services this objective of the environment has to be clarified. By 4 definition cipher or plain text data and cryptographic keys are User Data. The Smartcard Embedded 5 Software shall treat these data appropriately, use only proper secret keys (chosen from a large key 6 space) as input for the cryptographic function of the TOE and use keys and functions appropriately in 7 order to ensure the strength of cryptographic operation. 8 This means that keys are treated as confidential as soon as they are generated. The keys must be 9 unique with a very high probability, as well as cryptographically strong. For example, it must be 10 ensured that it is beyond practicality to derive the private key from a public key if asymmetric 11 algorithms are used. If keys are imported into the TOE and/or derived from other keys, quality and 12 confidentiality must be maintained. This implies that appropriate key management has to be realized 13 in the environment. 14 Regarding the memory, software and firmware protection and the SFR and peripheral access rights 15 handling these objectives of the environment has to be clarified. The treatment of User Data is also 16 required when a multi-application operating system is implemented as part of the Smartcard 17 Embedded Software on the TOE. In this case the multi-application operating system should not 18 disclose security relevant user data of one application to another application when it is processed or 19 stored on the TOE. 20 5.2.3 Clarification of “Protection during Composite product 21 manufacturing (OE.Process-Sec-IC)” 22 The protection during packaging, finishing and personalization includes also the personalization 23 process (Flash Loader software) and the personalization data (TOE software components) during 24 Phase 4, Phase 5 and Phase 6. 25 5.3 Security Objectives Rationale 26 The security objectives rationale of the TOE are defined and described in PP [1] section 4.4. For 27 organizational security policy P.Add-Functions, OE.Plat-Appl and OE.Resp-Appl the rationale is given 28 in the following description. 29 Table 14 Security Objective Rationale 30 Assumption, Threat or Organisational Security Policy Security Objective P.Add-Functions O.Add-Functions A.Key-Function OE.Plat-Appl OE.Resp-Appl T.Mem-Access O.Mem-Access 31 The justification related to the security objective “Additional Specific Security Functionality 32 (O.Add-Functions)” is as follows: Since O.Add-Functions requires the TOE to implement exactly the 33 same specific security functionality as required by P.Add-Functions; the organizational security policy 34 is covered by the objective. 35 37 Security Target Lite M9900, M9905, M9906 Public Nevertheless the security objectives O.Leak-Inherent, O.Phys-Probing, O.Malfunction, O.Phys- 1 Manipulation and O.Leak-Forced define how to implement the specific security functionality required 2 by P.Add-Functions. (Note that these objectives support that the specific security functionality is 3 provided in a secure way as expected from P.Add-Functions.) Especially O.Leak-Inherent and O.Leak- 4 Forced refer to the protection of confidential data (User Data or TSF data) in general. User Data are 5 also processed by the specific security functionality required by P.Add-Functions. 6 Compared to PP [1] clarification has been made for the security objective “Usage of Hardware 7 Platform (OE.Plat-Appl)”: If required the Smartcard Embedded Software shall use these cryptographic 8 services of the TOE and their interface as specified. In addition, the Smartcard Embedded Software 9 must implement functions which perform operations on keys (if any) in such a manner that they do 10 not disclose information about confidential data. The non disclosure due to leakage A.Key-Function 11 attacks is included in this objective OE.Plat-Appl. This addition ensures that the assumption 12 A.Plat-Appl is still covered by the objective OE.Plat-Appl although additional functions are being 13 supported according to O.Add-Functions. 14 Compared to the PP [1] a clarification has been made for the security objective “Treatment of User 15 Data (OE.Resp-Appl)”: By definition cipher or plain text data and cryptographic keys are User Data. So, 16 the Smartcard Embedded Software will protect such data if required and use keys and functions 17 appropriately in order to ensure the strength of cryptographic operation. Quality and confidentiality 18 must be maintained for keys that are imported and/or derived from other keys. This implies that 19 appropriate key management has to be realized in the environment. That is expressed by the 20 assumption A.Key—Function which is covered from OE.Resp–Appl. These measures make sure that 21 the assumption A.Resp-Appl is still covered by the security objective OE.Resp-Appl although 22 additional functions are being supported according to P.Add-Functions. 23 Compared to the PP [1] an enhancement regarding memory area protection has been established. 24 The clear definition of privilege levels for operated software establishes the clear separation of 25 different restricted memory areas for running the firmware, downloading and/or running the 26 operating system and to establish a clear separation between different applications. Nevertheless, it 27 is also possible to define a shared memory section where separated applications may exchange 28 defined data. The privilege levels clearly define by using a hierarchical model the access right from 29 one level to the other. These measures ensure that the threat T.Mem-Access is clearly covered by the 30 security objective O.Mem-Access. 31 The justification of the additional policy and the additional assumption show that they do not 32 contradict to the rationale already given in the Protection Profile for the assumptions, policy and 33 threats defined there. 34 38 Security Target Lite M9900, M9905, M9906 Public 6 Extended Component Definition (ASE_ECD) 1 There are four extended components defined and described for the TOE: 2  the family FCS_RNG at the class FCS Cryptographic Support 3  the family FMT_LIM at the class FMT Security Management 4  the family FAU_SAS at the class FAU Security Audit 5  the component FPT_TST.2 at the class FPT Protection of the TSF 6 The extended components FMT_LIM and FAU_SAS are defined and described in PP [1] section 5. The 7 components FPT_TST.2 and FCS_RNG are defined in the following sections. 8 6.1 “Subset TOE security testing (FPT_TST)” 9 The security is strongly dependent on the correct operation of the security functions. Therefore, the 10 TOE shall support that particular security functions or mechanisms are tested in the operational 11 phase (Phase 7). The tests can be initiated by the Smartcard Embedded Software and/or by the TOE or 12 is done automatically and continuously. 13 Part 2 of the Common Criteria provides the security functional component “TSF testing (FPT_TST.1)”. 14 The component FPT_TST.1 provides the ability to test the TSF’s correct operation. 15 For the user it is important to know which security functions or mechanisms can be tested. The 16 functional component FPT_TST.1 does not mandate to explicitly specify the security functions being 17 tested. In addition, FPT_TST.1 requires verification of the integrity of TSF data and of the stored TSF 18 executable code which might violate the security policy. Therefore, the functional component”Subset 19 TOE security testing (FPT_TST.2)” of the family TSF self test has been newly created. This component 20 allows that particular parts of the security mechanisms and functions provided by the TOE are tested. 21 6.2 Definition of FPT_TST.2 22 The functional component “Subset TOE security testing (FPT_TST.2)” has been newly created 23 (Common Criteria Part 2 extended). This component allows that particular parts of the security 24 mechanisms and functions provided by the TOE can be tested after TOE Delivery or are tested 25 automatically and continuously during normal operation transparent for the user. 26 This security functional component is used instead of the functional component FPT_TST.1 from 27 Common Criteria Part 2. For the user it is important to know which security functions or mechanisms 28 can be tested. The functional component FPT_TST.1 does not mandate to explicitly specify the 29 security functions being tested. In addition, FPT_TST.1 requires verifying the integrity of TSF data and 30 stored TSF executable code which might violate the security policy. 31 The functional component “Subset TOE testing (FPT_TST.2)” is specified as follows (Common Criteria 32 Part 2 extended). 33 34 39 Security Target Lite M9900, M9905, M9906 Public 6.3 TSF self test (FPT_TST) 1 Family Behavior The Family Behavior is defined in [3] section 15.14 (442, 443). 2 Component leveling 3 FPT_TST TSF self test 1 2 4 FPT_TST.1 The component FPT_TST.1 is defined in [3] section 15.14 (444, 445, 446). 5 FPT_TST.2 Subset TOE security testing, provides the ability to test the correct operation of 6 particular security functions or mechanisms. These tests may be performed at start- 7 up, periodically, at the request of the authorized user, or when other conditions are 8 met. It also provides the ability to verify the integrity of TSF data and executable code. 9 Management: FPT_TST.2 10 The following actions could be considered for the management functions in FMT: 11 management of the conditions under which subset TSF self testing occurs, such as 12 during initial start-up, regular interval or under specified conditionsmanagement of 13 the time of the interval appropriate. 14 Audit: FPT_TST.2 15 There are no auditable events foreseen. 16 FPT_TST.2 Subset TOE testing 17 Hierarchical to: No other components. 18 Dependencies: No dependencies 19 FPT_TST.2.1 The TSF shall run a suite of self tests [selection: during initial start-up, periodically 20 during normal operation, at the request of the authorized user, and/or at the 21 conditions [assignment: conditions under which self test should occur]] to 22 demonstrate the correct operation of [assignment: functions and/or mechanisms]. 23 24 6.4 Family “Generation of Random Numbers (FCS_RNG)” 25 The component “Generation of Random Numbers (FCS_RNG.1)” has to be newly created according 26 the new version of the “Anwendungshinweise und Interpretationen zum Schema (AIS)” [15]. This 27 security functional component is used instead of the functional component FCS_RNG.1 defined in the 28 protection profile [1]. 29 The component “Generation of Random Numbers (FCS_RNG.1)” is specified as follows (Common 30 Criteria Part 2 extended). 31 32 6.5 Definition of FCS_RNG.1 33 This section describes the functional requirements for the generation of random numbers, which may 34 be used as secrets for cryptographic purposes or authentication. The IT security functional 35 40 Security Target Lite M9900, M9905, M9906 Public requirements for the TOE are defined in an additional family (FCS_RNG) of the Class FCS 1 (Cryptographic support). 2 3 FCS_RNG Generation of random numbers 4 Family Behaviour 5 This family defines quality requirements for the generation of random numbers that are intended 6 to be used for cryptographic purposes. 7 8 Component levelling: 9 FCS_RNG: Generation of random numbers TSF self test 1 10 11 FCS_RNG.1 Generation of random numbers, requires that the random number generator I 12 mplements defined security capabilities and that the random numbers meet a defined 13 quality metric. 14 Management: FCS_RNG.1 15 There are no management activities foreseen. 16 Audit: FCS_RNG.1 17 There are no actions defined to be auditable. 18 19 FCS_RNG.1 Random number generation 20 Hierarchical to: No other components. 21 Dependencies: No dependencies. 22 FCS_RNG.1.1: The TSF shall provide a [selection: physical, non-physical true, deterministic, 23 hybrid physical, hybrid deterministic] random number generator that imple- 24 ments: [assignment: list of security capabilities]. 25 FCS_RNG.1.2: The TSF shall provide random numbers that meet [assignment: a defined 26 quality metric]. 27 Note: The functional requirement FCS_RNG.1 is a refinement of the FCS_RNG.1 defined in the 28 Protection Profile [1] according to “Anwendungshinweise und Interpretationen zum Schema 29 (AIS)” [15]. 30 31 41 Security Target Lite M9900, M9905, M9906 Public 7 Security Requirements (ASE_REQ) 1 For this section the PP [1] section 6 can be applied completely. 2 7.1 TOE Security Functional Requirements 3 The security functional requirements (SFR) for the TOE are defined and described in the PP [1] section 4 6.1 and in the following description. 5 The Table 15 provides an overview of the functional security requirements of the TOE, defined in the 6 in PP [1] section 6.1. In the last column it is marked if the requirement is refined. The refinements are 7 also valid for this ST. 8 Table 15 Security functional requirements defined in PP [1] 9 Security Functional Requirement Refined in PP [1] FRU_FLT.2 Limited fault tolerance Yes FPT_FLS.1 Failure with preservation of secure state Yes FMT_LIM.1 Limited capabilities No FMT_LIM.2 Limited availability No FAU_SAS.1 Audit storage No FPT_PHP.3 Resistance to physical attack Yes FDP_ITT.1 Basic internal transfer protection Yes FPT_ITT.1 Basic internal TSF data transfer protection Yes FDP_IFC.1 Subset information flow control No 10 The Table 16 provides an overview about the augmented security functional requirements, which are 11 added additional to the TOE and defined in this ST. All requirements are taken from Common Criteria 12 Part 2 [3], with the exception of the requirement FPT_TST.2 and FCS_RNG.1, which are defined in this 13 ST completely. 14 15 Table 16 Augmented security functional requirements 16 Security Functional Requirement FPT_TST.2 Subset TOE security testing FDP_ACC.1 Subset access control FDP_ACF.1 Security attribute based access control FMT_MSA.1 Management of security attributes FMT_MSA.3 Static attribute initialization FMT_SMF.1 Specification of Management functions FCS_COP.1 Cryptographic support FCS_CKM.1 Cryptographic key generation FDP_SDI.1 Stored data integrity monitoring FDP_SDI.2 Stored data integrity monitoring and action FCS_RNG.1 Quality metric for random numbers 42 Security Target Lite M9900, M9905, M9906 Public 1 All assignments and selections of the security functional requirements of the TOE are done in PP [1] 2 and in the following description. 3 The above marked extended components FMT_LIM.1 and FMT_LIM.2 are introduced in PP [1] to define 4 the IT security functional requirements of the TOE as an additional family (FMT_LIM) of the Class FMT 5 (Security Management). This family describes the functional requirements for the Test Features of the 6 TOE. The new functional requirements were defined in the class FMT because this class addresses the 7 management of functions of the TSF. 8 The additional component FAU.SAS is introduced to define the security functional requirements of the 9 TOE of the Class FAU (Security Audit). This family describes the functional requirements for the 10 storage of audit data and is described in the next chapter. 11 The requirement FPT_TST.2 is the subset of TOE testing and originated in [3]. This requirement is 12 given as the correct operation of the security functions is essential. The TOE provides mechanisms to 13 cover this requirement by the smartcard embedded software and/or by the TOE itself. 14 7.1.1 Extended Components FCS_RNG.1 and FAU_SAS.1 15 7.1.1.1 FCS_RNG 16 To define the IT security functional requirements of the TOE an additional family (FCS_RNG) of the 17 class FCS (cryptographic support) is defined in chapter 6.5. This family describes the functional 18 requirements for random number generation used for cryptographic purposes. 19 20 FCS_RNG.1/HW Random Number Generation 21 Hierarchical to: No other components 22 Dependencies: No dependencies 23 FCS_RNG.1 Random numbers generation Class PTG.2 according to [6] 24 FCS_RNG.1.1 The TSF shall provide a physical random number generator which implements: 25 PTG.2.1A: total failure test detects a total failure of entropy source 26 immediately when the RNG has started. When a total failure is detected, no 27 random numbers will be output. 28 PTG.2.2: If a total failure of the entropy source occurs while the RNG is being 29 operated, the RNG prevents the output of any internal random number that 30 depends on some raw random numbers that have been generated after the 31 total failure of the entropy source. 32 33 PTG.2.3: The online test shall detect non-tolerable statistical defects of the 34 rawrandom number sequence (i) immediately when the RNG has started, and 35 (ii) while the RNG is being operated. The TSF must not output any random 36 numbers before the power-up online test has finished successfully or when a 37 defect has been detected. 38 43 Security Target Lite M9900, M9905, M9906 Public PTG.2.4:The online test procedure shall be effective to detect non-tolerable 1 weaknesses of the random numbers soon. 2 3 PTG.2.5 :The online test procedure checks the quality of the raw random num 4 ber sequence. It is triggered continuously. The online test is suitable for 5 detecting non-tolerable statistical defects of the statistical properties of the 6 raw random numbers within an acceptable period of time. 7 8 FCS_RNG.1.2 The TSF shall provide numbers in the format 8- or 16-bit that meet 9 PTG.2.6: Test procedure A, as defined in [6] does not distinguish the internal 10 random numbers from output sequences of an ideal RNG. 11 PTG.2.7: The average Shannon entropy per internal random bit exceeds 0.997. 12 Note: The functional requirement FCS_RNG.1/HW is a refinement of the FCS_RNG.1 defined in 13 chapter 6.5 14 15 FCS_RNG.1/PSL Random Number Generation 16 Hierarchical to: No other components 17 Dependencies: No dependencies 18 FCS_RNG.1 Random numbers generation Class PTG.2 according to [6] 19 FCS_RNG.1.1 The TSF shall provide a physical random number generator which implements: 20 PTG.2.1A: total failure test detects a total failure of entropy source 21 immediately when the RNG has started. When a total failure is detected, no 22 random numbers will be output. 23 PTG.2.2: If a total failure of the entropy source occurs while the RNG is being 24 operated, the RNG prevents the output of any internal random number that 25 depends on some raw random numbers that have been generated after the 26 total failure of the entropy source. 27 28 PTG.2.3: The online test shall detect non-tolerable statistical defects of the 29 rawrandom number sequence (i) immediately when the RNG has started, and 30 (ii) while the RNG is being operated. The TSF must not output any random 31 numbers before the power-up online test has finished successfully or when a 32 defect has been detected. 33 PTG.2.4:The online test procedure shall be effective to detect non-tolerable 34 weaknesses of the random numbers soon. 35 36 PTG.2.5 :The online test procedure checks the quality of the raw random num 37 ber sequence. It is triggered continuously. The online test is suitable for 38 detecting non-tolerable statistical defects of the statistical properties of the 39 raw random numbers within an acceptable period of time. 40 41 44 Security Target Lite M9900, M9905, M9906 Public FCS_RNG.1.2 The TSF shall provide a number n of caller requested bytes (n = 0…232 , 4 | n ) , 1 that meet 2 PTG.2.6: Test procedure A, as defined in [6] does not distinguish the internal 3 random numbers from output sequences of an ideal RNG. 4 PTG.2.7: The average Shannon entropy per internal random bit exceeds 0.997. 5 Note: The functional requirement FCS_RNG.1/PSL is a refinement of the FCS_RNG.1 defined in 6 chapter 6.5. 7 Note: The TOE can be delivered with the optional PSL library. If the optional PSL library is not 8 available then this SFR is not applicable. 9 10 7.1.1.2 FAU_SAS 11 To define the security functional requirements of the TOE an additional family (FAU_SAS) of the Class 12 FAU (Security Audit) is defined here. This family describes the functional requirements for the storage 13 of audit data. It has a more general approach than FAU_GEN, because it does not necessarily require 14 the data to be generated by the TOE itself and because it does not give specific details of the content 15 of the audit records. 16 The TOE shall meet the requirement “Audit storage (FAU_SAS.1)” as specified below (Common 17 Criteria Part 2 extended). 18 19 FAU_SAS.1 Audit Storage 20 Hierarchical to: No other components 21 Dependencies: No dependencies. 22 FAU_SAS.1.1 The TSF shall provide the test process before TOE Delivery with the capability 23 to store the Initialization Data and/or Pre-personalization Data and/or 24 supplements of the Security IC Embedded Software in the not changeable 25 configuration page area and non-volatile memory. 26 7.1.2 Subset of TOE testing 27 The security is strongly dependent on the correct operation of the security functions. Therefore, the 28 TOE shall support that particular security functions or mechanisms are tested in the operational 29 phase (Phase 7). The tests can be initiated by the Smartcard Embedded Software and/or by the TOE. 30 The TOE shall meet the requirement “Subset TOE testing (FPT_TST.2)” as specified below (Common 31 Criteria Part 2 extended). 32 33 FPT_TST.2 Subset TOE testing 34 Hierarchical to: No other components 35 Dependencies: No dependencies 36 45 Security Target Lite M9900, M9905, M9906 Public FPT_TST.2.1 The TSF shall run a suite of self tests at the request of the authorized user to 1 demonstrate the correct operation of the alarm lines and/or the 2 environmental sensor mechanisms 3 For details about the TOE sensors, please see [ST] 4 5 7.2 Memory access control 6 Usage of multiple applications in one Smartcard often requires code and data separation in order to 7 prevent that one application can access code and/or data of another application. For this reason the 8 TOE provides Area based Memory Access Control. The underlying Memory Protection Unit (MPU) is 9 documented in section 4 of the [7]. 10 The security service being provided is described in the Security Function Policy (SFP) Memory Access 11 Control Policy. The security functional requirement “Subset access control (FDP_ACC.1)” requires that 12 this policy is in place and defines the scope were it applies. The security functional requirement 13 “Security attribute based access control (FDP_ACF.1)” defines security attribute usage and 14 characteristics of policies. It describes the rules for the function that implements the Security 15 Function Policy (SFP) as identified in FDP_ACC.1. The decision whether an access is permitted or not is 16 taken based upon attributes allocated to the software. The Smartcard Embedded Software defines 17 the attributes and memory areas. The corresponding permission control information is evaluated “on- 18 the-fly” by the hardware so that access is granted/effective or denied/inoperable. 19 The security functional requirement “Static attribute initialisation (FMT_MSA.3)” ensures that the 20 default values of security attributes are appropriately either permissive or restrictive in nature. 21 Alternative values can be specified by any subject provided that the Memory Access Control Policy 22 allows that. This is described by the security functional requirement “Management of security 23 attributes (FMT_MSA.1)”. The attributes are determined during TOE manufacturing (FMT_MSA.3) or 24 set at run-time (FMT_MSA.1). 25 From TOE’s point of view the different roles in the Smartcard Embedded Software can be 26 distinguished according to the memory based access control. However the definition of the roles 27 belongs to the user software. 28 The following Security Function Policy (SFP) Memory Access Control Policy is defined for the 29 requirement “Security attribute based access control (FDP_ACF.1)”: 30 31 32 7.2.1 Memory Access Control Policy 33 The TOE shall support the standard ARMv7 Protected Memory System Architecture model. 34 The MPU provides full support for: 35  Protection regions. 36  Overlapping protection regions, with ascending region priority: 37 − Region 7 = highest priority. 38 − Region 0 = lowest priority. 39  Access permissions. 40 46 Security Target Lite M9900, M9905, M9906 Public  MPU mismatches and permission violations invoke the programmable-priority MemManage fault 1 handler. 2 The MPU can be used to: 3  Enforce privilege rules, preventing user applications from corrupting operating system data. 4  Separate processes, blocking the active task from accessing other tasks’ data. 5  Enforce access rules, allowing memory regions to be defined as read-only or detecting unexpected 6 memory accesses. 7 8 Subjects, Objects and Operations of the policy 9  Subjects: privilege or non-privilege level of the ARM processor 10  Objects: memory/code addresses 11  Operations: Read a/o write a/o execute access 12 13 Attributes of the policy: 14  MPU enable/disable bit. 15  8 regions with the following attributes 16 − A unique priority 17 − The enable bit 18 − the start address and size 19 − an access matrix which defines if an Operation of a Subject to an Object lying in the region is 20 allowed or denied 21  The default region with the following security attribute: 22 − A bit which defines if an Operation for the Subject (privilege level) is allowed or if no Operation 23 is allowed for any Subject. 24 25 Roles of the policy: 26 The roles correspond 1-1 to the subjects. 27 28 Properties of the policy: 29  If an address is contained in multiple enabled regions, then the region with the highest priority 30 defines the access rights. 31  If an address is contained in no region then the default region defines the access rights. 32  The region defining the access rights checks in the access matrix if the Subject has access to the 33 Object with respect to the desired Operation. In case the access is denied the MPU throws an 34 access violation exception. 35 36 The TOE shall meet the requirement “Subset access control (FDP_ACC.1)” as specified below. 37 38 FDP_ACC.1 Subset access control 39 Hierarchical to: No other components. 40 Dependencies: FDP_ACF.1 Security attribute based access control 41 FDP_ACC.1.1 The TSF shall enforce the Memory Access Control Policy on all Subjects, all 42 Objects and all Operations. 43 44 45 47 Security Target Lite M9900, M9905, M9906 Public The TOE shall meet the requirement “Security attribute based access control (FDP_ACF.1)” as 1 specified below. 2 3 FDP_ACF.1 Security attribute based access control 4 Hierarchical to: No other components. 5 Dependencies: FDP_ACC.1 Subset access control 6 FMT_MSA.3 Static attribute initialization 7 FDP_ACF.1.1 The TSF shall enforce the Memory Access Control Policy to objects based on 8 the following: As specified in the definition of the memory access control 9 policy . 10 11 FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among 12 controlled subjects and controlled objects is allowed: 13 As specified in the definition of the memory access control policy. 14 15 FDP_ACF.1.3 The TSF shall explicitly authorize access of subjects to objects based on the 16 following additional rules: none. 17 18 FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the 19 following additional rules: none. 20 21 22 The TOE shall meet the requirement “Static attribute initialisation (FMT_MSA.3)” as specified below. 23 24 FMT_MSA.3 Static attribute initialization 25 26 Hierarchical to: No other components. 27 28 Dependencies: FMT_MSA.1 Management of security attributes 29 FMT_SMR.1 security roles 30 31 FMT_MSA.3.1 The TSF shall enforce the Memory Access Control Policy to provide restrictive1 32 default values for security attributes that are used to enforce the SFP. 33 34 FMT_MSA.3.2 The TSF shall allow the privilege level to specify alternative initial values to 35 override the default values when an object or information is created. 36 37 38 The TOE shall meet the requirement “Management of security attributes (FMT_MSA.1)” as specified 39 below: 40 41 FMT_MSA.1 Management of security attributes 42 43 Hierarchical to: No other components. 44 45 1 The static definition of the access rules is documented in [7] 48 Security Target Lite M9900, M9905, M9906 Public Dependencies: [FDP_ACC.1 Subset access control or FDP_IFC.1 Subset information flow 1 control] 2 FMT_SMF.1 Specification of management functions 3 FMT_SMR.1 Security roles 4 5 FMT_MSA.1.1 The TSF shall enforce the Memory Access Control Policy to restrict the ability 6 to modify any security attributes1 to the privilege level. 7 8 The TOE shall meet the requirement “Specification of management functions (FMT_SMF.1)” as 9 specified below: 10 11 FMT_SMF.1 Specification of management functions 12 13 Hierarchical to: No other components 14 15 Dependencies: No dependencies 16 17 FMT_SMF.1.1 The TSF shall be capable of performing the following security management 18 functions: The privilege level shall be able to access the configuration registers 19 of the MPU. 20 21 1 editorially refined 49 Security Target Lite M9900, M9905, M9906 Public 7.3 Support of Cipher Schemes 1 The following additional specific security functionality is implemented in the TOE: 2 FCS_COP.1 Cryptographic operation requires a cryptographic operation to be performed in 3 accordance with a specified algorithm and with a cryptographic key of specified sizes. The specified 4 algorithm and cryptographic key sizes can be based on an assigned standard; dependencies are 5 discussed in Section 7.6.1.1. 6 The following additional specific security functionality is implemented in the TOE: 7  Advanced Encryption Standard (AES) 8  Triple Data Encryption Standard (3DES) 9  Elliptic Curve Cryptography (EC) 10  Rivest-Shamir-Adleman (RSA)1 11  Hash functions (SHA-x) 12 13 Preface regarding Security Level related to Cryptography: 14 The strength of the cryptographic algorithms was not rated in the course of the product certification 15 (see BSIG Section 9, Para.4, Clause 2). But Cryptographic Functionalities with a security level of 16 lower than 100 bits can no longer be regarded as secure without considering the application 17 context. Therefore for these functionalities it shall be checked whether the related crypto 18 operations are appropriate for the intended system. Some further hints and guidelines can be 19 derived from the 'Technische Richtlinie BSI TR-02102', www.bsi.bund.de. 20 Any Cryptographic Functionality that is marked in column 'Security Level above 100 Bits' of the 21 following table with 'no' achieves a security level of lower than 100 Bits (in general context). 22 23 Table 17 TOE cryptographic functionality 24 Purpose Cryptographic Mechanism Standard of Implemen- tation Key Size in Bits Security Level above 100 Bits Key Agreement ECDH [X963] [DSS] [ECC] Key sizes corresponding to the used elliptic curves P-192, K-163, B-163 [DSS] and brainpoolP{160, 192}r1, brainpoolP{160, 192}t1 [ECC] No ECDH [X963] [DSS] [ECC] Key sizes corresponding to the used elliptic curves P-{224, 256, 384, 521}, K-{233, 283, 409}, B-{233, 283, 409} [DSS], brainpoolP{224,256,320,384,512}r1, brainpoolP{224,256,320,384,512}t1 [ECC] Yes 1 In case a user deselects the RSA and/or EC library, the TOE provides basic HW-related routines for RSA and/or EC calculations. For a secure library implementation the user has to implement additional countermeasures. 50 Security Target Lite M9900, M9905, M9906 Public Cryptographic Primitive 3DES in CBC mode [N867] [N38A] |k| = 112 No 3DES in ECB mode [N867] [N38A] |k| = 112 No 3DES in CTR mode [N867] [N38A] |k| = 112 No 3DES in CFB mode [N867] [N38A] |k| = 112 No 3DES in CMAC mode [N867] [N38B] |k| = 112 No 3DES in CBC mode [N867] [N38A] |k| = 168 Yes 3DES in ECB mode [N867] [N38A] |k| = 168 Yes 3DES in CTR mode [N867] [N38A] |k| = 168 Yes 3DES in CFB mode [N867] [N38A] |k| = 168 Yes 3DES in CMAC mode [N867] [N38B] |k| = 168 Yes 3DES CBC-MAC mode [9797] [N867] |k| = 112 No 3DES MAC in CBC mode [9797] [N867] |k| = 168 Yes AES in CBC mode [N197] [N38A] |k| = 128, 192, 256 Yes AES in ECB mode [N197] [N38A] |k| = 128, 192, 256 No AES in CTR mode [N197] [N38A] |k| = 128, 192, 256 Yes AES in CFB mode [N197] [N38A] |k| = 128, 192, 256 Yes AES in CBC-MAC mode [9797] [N197] |k| = 128, 192, 256 Yes AES in CMAC mode [N38B] [N197]. |k| = 128, 192, 256 Yes RSA encryption / decryption / signature generation / verification (only modular exponentiation part) [PKCS] Modulus length = 1976 - 4096 Yes RSA encryption / [PKCS] Modulus length = No 51 Security Target Lite M9900, M9905, M9906 Public decryption / signature generation / verification (only modular exponentiation part) 1024 - 1975 ECDSA signature generation / verification [X962] [DSS] [ECC] Key sizes corresponding to the used elliptic curves P-192, K-163, B-163 [DSS] and brainpoolP{160, 192}r1, brainpoolP{160, 192}t1 [ECC] No ECDSA signature generation / verification [X962] [DSS] [ECC] Key sizes corresponding to the used elliptic curves P-{224, 256, 384, 521}, K-{233, 409, 283}, B-{233, 283, 409} [DSS], brainpoolP{224,256,320,384,512}r1, brainpoolP{224,256,320,384,512}t1 [ECC]) Yes Physical True RNG PTG.2 [6] N/A N/A SHA-1 Hash [SHS] N/A No SHA-2 Hash [SHS] N/A Yes 1 2 General statements with regard to Elliptic Curves: 3 The EC library is delivered as object code and in this way integrated in the user software. The 4 certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key lengths of 5 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits, due to national AIS32 regulations by 6 the BSI. Note that there are numerous other curve types, being also secure in terms of side channel 7 attacks on this TOE, which the user can optionally add in the composition certification process. 8 9 7.3.1 Triple-DES Operation 10 The DES Operation of the TOE shall meet the requirement “Cryptographic operation (FCS_COP.1)” as 11 specified below. 12 FCS_COP.1/DES Cryptographic operation 13 Hierarchical to: No other components. 14 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 15 Import of user data with security attributes, or 16 FCS_CKM.1 Cryptographic key management] 17 FCS_CKM.4 Cryptographic key destruction 18 FCS_COP.1.1/DES The TSF shall perform encryption and decryption in accordance with a 19 specified cryptographic algorithm Triple Data Encryption Standard (3DES) in 20 Electronic Codebook Mode (ECB) and in the Cipher Block Chaining Mode (CBC) 21 52 Security Target Lite M9900, M9905, M9906 Public and with cryptographic key sizes of 2 x 56 bit or 3 x 56 bit, that meet the 1 following standards: [N38A], [N867] 2 3 Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, no 4 3DES computation supported by hardware is possible and this SFR is not applicable. 5 6 FCS_COP.1/DES_SCL Cryptographic operation 7 8 Hierarchical to: No other components. 9 10 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 11 Import of user data with security attributes, or 12 FCS_CKM.1 Cryptographic key management] 13 FCS_CKM.4 Cryptographic key destruction 14 15 FCS_COP.1.1/DES_SCL The TSF shall perform encryption and decryption in accordance with a 16 specified cryptographic algorithm Triple Data Encryption Standard (3DES) in 17 Electronic Codebook mode (ECB),the Cipher Block Chaining mode (CBC), 18 Cipher Feedback mode (CFB) , Counter mode (CTR), CBC-MAC mode and with 19 cryptographic key sizes of 2 x 56 bit or 3 x 56 bit, that meet the following 20 standards: [N867], [N38A] 21 22 Note: This TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, no 23 3DES computation supported by hardware is possible and this SFR is not applicable. 24 Note: The TOE can be delivered with an optional SCL library. If no optional SCL library is available 25 then this SFR is not applicable. 26 Note: The CFB mode is only available in versions v2.02.010 and v2.04.003 of the SCL. 27 Note: The CMAC mode is only available in versions v2.04.003. 28 29 FCS_COP.1/DES_PSL Cryptographic operation 30 Hierarchical to: No other components. 31 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 32 Import of user data with security attributes, or 33 FCS_CKM.1 Cryptographic key management] 34 FCS_CKM.4 Cryptographic key destruction 35 36 FCS_COP.1.1/DES_PSL The TSF shall perform encryption and decryption in accordance with a 37 specified cryptographic algorithm Triple Data Encryption Standard (3DES) in 38 Electronic Codebook Mode (ECB) and in the Cipher Block Chaining Mode (CBC) 39 and with cryptographic key sizes of 2 x 56 bit or 3 x 56 bit, that meet the 40 following standards: [N867], [N38A] 41 42 53 Security Target Lite M9900, M9905, M9906 Public Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, 1 then this SFR is not applicable. 2 Note: The TOE can be delivered with an optional PSL library. If no optional PSL library is available 3 then this SFR is not applicable. 4 FCS_COP.1/DES_MAC_PSL Cryptographic operation 5 Hierarchical to: No other components. 6 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 7 Import of user data with security attributes, or 8 FCS_CKM.1 Cryptographic key management] 9 FCS_CKM.4 Cryptographic key destruction 10 11 FCS_COP.1.1/DES_MAC_PSL The TSF shall perform MAC calculation in accordance with a specified 12 cryptographic algorithm Triple Data Encryption Standard (3DES) in CBC MAC 13 mode and cryptographic key sizes of 2 x 56 bit or 3 x 56 bit that meet the 14 following standards: 15 [9797] with the following options/modifications: 16  MAC algorithm 1 17  Padding must be done by the caller 18  An Initialization Vector (IV) must be given by the caller 19 Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, 20 then this SFR is not applicable. 21 Note: The TOE can be delivered with an optional PSL library. If no optional PSL library is available 22 then this SFR is not applicable. 23 24 7.3.2 AES Operation 25 The AES Operation of the TOE shall meet the requirement “Cryptographic operation (FCS_COP.1)” as 26 specified below. 27 28 FCS_COP.1/AES Cryptographic operation 29 Hierarchical to: No other components. 30 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 31 FDP_ITC.2 Import of user data with security attributes, or 32 FCS_CKM.1 Cryptographic key generation] 33 FCS_CKM.4 Cryptographic key destruction 34 FCS_COP.1.1/AES The TSF shall perform encryption and decryption in accordance with a 35 specified cryptographic algorithm : Advanced Encryption Standard (AES) in 36 Electronic Codebook Mode (ECB) and in the Cipher Block Chaining Mode (CBC) 37 and cryptographic key sizes of 128 bit or 192 bit or 256 bit that meet the 38 following standards: [N197], [N38A] 39 54 Security Target Lite M9900, M9905, M9906 Public Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, no 1 AES computation supported by hardware is possible and this SFR is not applicable. 2 3 FCS_COP.1/AES_SCL Cryptographic operation 4 5 Hierarchical to: No other components. 6 7 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 8 Import of user data with security attributes, or 9 FCS_CKM.1 Cryptographic key generation] 10 FCS_CKM.4 Cryptographic key destruction 11 12 FCS_COP.1.1/AES_SCL The TSF shall perform encryption and decryption in accordance with a 13 specified cryptographic algorithm Advanced Encryption Standard (AES) in 14 Electronic Codebook mode (ECB), Cipher Block Chaining mode (CBC), Cipher 15 Feedback mode (CFB), CTR(counter) mode, CMAC mode and cryptographic 16 key sizes of 128 bit or 192 bit or 256 bit that meet the following standards: 17 [N197], [N38A], [N38B] 18 19 Note: This TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, no 20 AES computation supported by hardware is possible and this SFR is not applicable. 21 Note: The TOE can be delivered with an optional SCL library. If no optional SCL library is available 22 then this SFR is not applicable. 23 Note: The modes CFB mode is only available in versions v2.02.010 and v2.04.003 of the SCL 24 libraries 25 Note: The CMAC mode is only available in version v2.04.003 of the SCL library 26 27 FCS_COP.1/AES_PSL Cryptographic operation 28 Hierarchical to: No other components. 29 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 30 FDP_ITC.2 Import of user data with security attributes, or 31 FCS_CKM.1 Cryptographic key generation] 32 FCS_CKM.4 Cryptographic key destruction 33 34 FCS_COP.1.1/AES_PSL The TSF shall perform encryption and decryption in accordance with a 35 specified cryptographic algorithm Advanced Encryption Standard (AES) in 36 Electronic Codebook Mode (ECB) and in the Cipher Block Chaining Mode (CBC) 37 and cryptographic key sizes of 128 bit or 192 bit or 256 bit that meet the 38 following standards: [N197], [N38A] 39 40 55 Security Target Lite M9900, M9905, M9906 Public Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, 1 then this SFR is not applicable. 2 Note: The TOE can be delivered with an optional PSL library. If no optional PSL library is available 3 then this SFR is not applicable. 4 FCS_COP.1/AES_MAC_PSL Cryptographic operation 5 6 Hierarchical to: No other components. 7 8 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 9 FDP_ITC.2 Import of user data with security attributes, or 10 FCS_CKM.1 Cryptographic key generation] 11 FCS_CKM.4 Cryptographic key destruction 12 13 FCS_COP.1.1/AES_MAC_PSL The TSF shall perform MAC calculation in accordance with a specified 14 cryptographic algorithm Advanced Encryption Standard (AES) in CBC MAC 15 mode, CMAC mode and cryptographic key sizes of 128 bit or 192 bit or 256 bit 16 that meet the following standards: [9797], [N197], N38B] with the following 17 options/modifications: 18  MAC algorithm 1 19  Padding must be done by the caller 20  An Initialization Vector (IV) must be given by the caller 21 Note: The TOE can be delivered with the SCP accessible or blocked. In case the SCP is blocked, 22 then this SFR is not applicable. 23 Note: The CMAC mode is only available in the version v5.00.06 of thePSL library. If the optional PSL 24 library v5.00.06 is not available then this SFR is not applicable. 25 Note: The TOE can be delivered with an optional PSL library. If no optional PSL library is available 26 then this SFR is not applicable. 27 28 7.3.3 Rivest-Shamir-Adleman (RSA) operation 29 The Modular Arithmetic Operation of the TOE shall meet the requirement “Cryptographic operation 30 (FCS_COP.1)” as specified below. 31 32 FCS_COP.1/RSA Cryptographic operation 33 34 Hierarchical to: No other components. 35 36 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 37 FDP_ITC.2 Import of user data with security attributes, or 38 FCS_CKM.1 Cryptographic key generation] 39 FCS_CKM.4 Cryptographic key destruction 40 41 FCS_COP.1.1/RSA The TSF shall perform encryption, decryption, signature generation and 42 verification in accordance with a specified cryptographic algorithm Rivest- 43 56 Security Target Lite M9900, M9905, M9906 Public Shamir-Adleman (RSA) and cryptographic key sizes of 1024 - 4096 bit that meet 1 the following standards: 2 3 Encryption: 4 According to section 5.1.1 RSAEP in PKCS v2.2 RFC3447, 5 without 5.1.1(1). 6 7 Decryption (with or without CRT): 8 According to section 5.1.2 RSADP in PKCS v2.2 RFC3447 9 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, therefore without 5.1.2(2.b)(ii)&(v), 10 without 5.1.2(1), 5.1.2(2.a) only supported up to n < 22048 . 11 12 Signature Generation (with or without CRT): According to section 5.2.1 RSASP1 13 in PKCS v2.2 RFC3447 14 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, 15 therefore without 5.2.1(2.b) (ii)&(v), without 5.1.2(1), 16 5.2.1(2.a) only supported up to n < 22048 . 17 18 Signature Verification: 19 According to section 5.2.2 RSAVP1 in PKCS v2.2 RFC3447, 20 without 5.2.2(1). 21 22 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 23 the Crypto2304T is blocked, no RSA computation supported by hardware is possible and this 24 SFR is not applicable. 25 Note: The TOE can be delivered with an optional RSA library. Any optional RSA library contains the 26 RSA algorithms stated above. Any optional RSA library needs an accessible Crypto2304T. If 27 no optional RSA library is available then this SFR is not applicable. 28 29 FCS_COP.1/RSA_PSL Cryptographic operation 30 31 Hierarchical to: No other components. 32 33 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 34 FDP_ITC.2 Import of user data with security attributes, or 35 FCS_CKM.1 Cryptographic key generation] 36 FCS_CKM.4 Cryptographic key destruction 37 38 FCS_COP.1.1/RSA_PSL The TSF shall perform encryption, decryption, signature generation 39 and verification in accordance with a specified cryptographic algorithm Rivest- 40 Shamir-Adleman (RSA) and cryptographic key sizes of 1024 - 4096 bit that meet 41 the following standards: 42 43 Encryption: 44 According to section 5.1.1 RSAEP in PKCS v2.2 RFC3447, 45 without 5.1.1(1). 46 47 57 Security Target Lite M9900, M9905, M9906 Public Decryption (with or without CRT): 1 According to section 5.1.2 RSADP in PKCS v2.2 RFC3447 2 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, therefore without 5.1.2(2.b) (ii)&(v), 3 without 5.1.2(1), 5.1.2.(2.a), only supported up to n < 22048 4 5 Signature Generation (with or without CRT): According to section 5.2.1 RSASP1 6 in PKCS v2.2 RFC3447 7 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, 8 therefore without 5.2.1(2.b) (ii)&(v), without 5.2.1(1), 9 5.2.1(2.a) only supported up to n < 22048 10 11 Signature Verification: 12 According to section 5.2.2 RSAVP1 in PKCS v2.2 RFC3447, 13 without 5.2.2(1). 14 15 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 16 the Crypto2304T is blocked, no RSA computation supported by hardware is possible and this 17 SFR is not applicable. 18 Note: The TOE can be delivered with an optional PSL library. In case no PSL library is available 19 then this SFR is not applicable. 20 21 7.3.4 Rivest-Shamir-Adleman (RSA) key generation 22 The key generation for the RSA shall meet the requirement “Cryptographic key generation 23 (FCS_CKM.1)” as specified below. 24 25 FCS_CKM.1/RSA Cryptographic key generation 26 27 Hierarchical to: No other components. 28 29 Dependencies: [FCS_CKM.2 Cryptographic key distribution, or 30 FCS_COP.1 Cryptographic operation] 31 FCS_CKM.4 Cryptographic key destruction 32 33 FCS_CKM.1.1/RSA The TSF shall generate cryptographic keys in accordance with a specified 34 cryptographic algorithm RSA key generation in CRT and modulus/exp 35 representation and specified cryptographic key sizes of 1024 - 4096 bits that 36 meet the following standard: 37 According to section 3.2(2) in PKCS v2.2 RFC3447, 38 for u=2, i.e., without any (r_i, d_i, t_i), i > 2. 39 For p x q < 22048 additionally according to section 3.2(1). 40 41 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 42 the Crypto2304T is blocked, no RSA computation supported by hardware is possible and this 43 SFR is not applicable. 44 58 Security Target Lite M9900, M9905, M9906 Public Note: The TOE can be delivered with the optional RSA library v2.05.005 and/or v2.07.003. Either 1 optional RSA library contains the RSA algorithms stated above. Each optional RSA library 2 needs an accessible Crypto2304T. If neither optional RSA library is available then this SFR is 3 not applicable. 4 Note: For RSA library v2.07.003, the RSA key components can be generated by the following API 5 functions: 6 - CryptoRSAKeyGen 7 - CryptoRSAKeyGenMask_CRT plus CryptoGeneratePrime or CryptoGeneratePrimeMask 8 - CryptoRSAKeyGenMask_D plus CryptoGeneratePrime or CryptoGeneratePrimeMask 9 - CryptoRSAKeyGenMask_N plus CryptoGeneratePrime or CryptoGeneratePrimeMask 10 Note: For RSA library v2.05.005, the RSA key components can be generated by the API functions: 11 - CryptoRSAKeyGenMask_CRT plus CryptoGeneratePrimeMask 12 - CryptoRSAKeyGenMask_D plus CryptoGeneratePrimeMask 13 - CryptoRSAKeyGenMask_N plus CryptoGeneratePrimeMask 14 Note: Only the function CryptoGeneratePrime as implemented in library v2.07.003 has been 15 assigned to the appropriate security level by BSI. The proprietary 16 CryptoGeneratePrimeMask function has not been cryptographic-analytically evaluated and 17 certified by BSI in general. 18 19 7.3.5 Elliptic Curve DSA (ECDSA) operation 20 The Modular Arithmetic Operation of the TOE shall meet the requirement “Cryptographic operation 21 (FCS_COP.1)” as specified below. 22 23 FCS_COP.1/ECDSA Cryptographic operation 24 Hierarchical to: No other components. 25 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 26 FDP_ITC.2 Import of user data with security attributes, or 27 FCS_CKM.1 Cryptographic key generation] 28 FCS_CKM.4 Cryptographic key destruction 29 FCS_COP.1.1/ECDSA The TSF shall perform signature generation and signature verification in 30 accordance with a specified cryptographic algorithm ECDSA and cryptographic 31 key sizes 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 bits that 32 meet the following standard: 33 34 Signature Generation: 35 According to section 7.3 in ANSI X9.62 – 2005 36 Not implemented is step d) and e) thereof. 37 The output of step e) has to be provided as input to our function by 38 the caller. 39 Deviation of step c) and f): 40 The jumps to step a) were substituted by a return of 41 the function with an error code, the jumps are emulated by another 42 call to our function. 43 59 Security Target Lite M9900, M9905, M9906 Public 1 Signature Verification: 2 According to section 7.4.1 in ANSI X9.62–2005 3 Not implemented is step b) and c) thereof. 4 The output of step c) has to be provided as input to our function by 5 the caller. 6 Deviation of step d): 7 Beside noted calculation, our algorithm adds a random multiple of 8 BasepointerOrder n to the calculated values u1 and u2. 9 10 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 11 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 12 SFR is not applicable. 13 Note: The TOE can be delivered with an optional ECC library. Any optional ECC library contains the 14 ECC algorithms stated above. If no optional ECC library is available then this SFR is not 15 applicable. 16 17 FCS_COP.1/ECDSA_PSL Cryptographic operation 18 Hierarchical to: No other components. 19 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 20 FDP_ITC.2 Import of user data with security attributes, or 21 FCS_CKM.1 Cryptographic key generation] 22 FCS_CKM.4 Cryptographic key destruction 23 FCS_COP.1.1/ECDSA_PSL The TSF shall perform signature generation and signature verification 24 in accordance with a specified cryptographic algorithm ECDSA and 25 cryptographic key sizes 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 26 521 bits that meet the following standard: 27 Signature Generation: 28 According to section 7.3 in ANSI X9.62 – 2005 29 Not implemented is step d) and e) thereof. 30 The output of step e) has to be provided as input to our function by 31 the caller. 32 Deviation of step c) and f): 33 The jumps to step a) were substituted by a return of 34 the function with an error code, the jumps are emulated by another 35 call to our function. 36 37 Signature Verification: 38 According to section 7.4.1 in ANSI X9.62–2005 39 Not implemented is step b) and c) thereof. 40 The output of step c) has to be provided as input to our function by 41 the caller. 42 Deviation of step d): 43 60 Security Target Lite M9900, M9905, M9906 Public Beside noted calculation, our algorithm adds a random multiple of 1 BasepointerOrder n to the calculated values u1 and u2. 2 3 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 4 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 5 SFR is not applicable. 6 Note: The TOE can be delivered with an optional PSL library. Any optional PSL library contains the 7 ECC algorithms stated above. If no optional PSL library is available then this SFR is not 8 applicable. 9 10 7.3.6 Elliptic Curve (EC) key generation 11 The key generation for the EC shall meet the requirement “Cryptographic key generation 12 (FCS_CKM.1)” 13 FCS_CKM.1/EC Cryptographic key generation 14 15 Hierarchical to: No other components. 16 Dependencies: FCS_CKM.2 Cryptographic key distribution, or FCS_COP.1 Cryptographic 17 operation] 18 FCS_CKM.4 Cryptographic key destruction 19 20 FCS_CKM.1.1/EC The TSF shall generate cryptographic keys in accordance with a specified 21 cryptographic key generation algorithm Elliptic Curve EC specified in ANSI 22 X9.62-2005 and specified cryptographic key sizes 160, 163, 192, 224, 233, 256, 23 283, 320, 384, 409, 512 or 521 bits that meet the following standard: 24 25 ECDSA Key Generation: 26 According to the appendix A4.3 in ANSI X9.62-2005 27 the cofactor h is not supported. 28 29 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 30 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 31 SFR is not applicable. 32 Note: The TOE can be delivered with an optional ECC library. Any optional ECC library contains the 33 ECC algorithms stated above. If no optional ECC library is available then this SFR is not 34 applicable. 35 36 7.3.7 Elliptic Curve Diffie-Hellman (ECDH) key agreement 37 The Modular Arithmetic Operation of the TOE shall meet the requirement “Cryptographic 38 operation(FCS_COP.1)” as specified below. 39 61 Security Target Lite M9900, M9905, M9906 Public 1 FCS_COP.1/ECDH Cryptographic operation 2 3 Hierarchical to: No other components. 4 5 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 6 FDP_ITC.2 Import of user data with security attributes, or 7 FCS_CKM.1 Cryptographic key generation] 8 FCS_CKM.4 Cryptographic key destruction 9 10 FCS_COP.1.1/ECDH The TSF shall perform elliptic curve Diffie-Hellman key agreement in 11 accordance with a specified cryptographic algorithm ECDH and cryptographic 12 key sizes of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 bits that 13 meet the following standard: 14 According to section 5.4.1 in ANSI X9.63 – 2001: Unlike section 5.4.1.3 our, 15 implementation not only returns the x-coordinate of the shared secret, but 16 rather the x-coordinate and y-coordinate. 17 18 Note: The certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key 19 lengths of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits. Other types of 20 elliptic curves can be added by the user during a composite certification process. 21 Note: For easy integration of EC functions into the user’s operating system and/or application, the 22 library contains single cryptographic functions respectively primitives which are compliant 23 to the standard. The primitives are referenced above. Therefore, the library supports the 24 user to develop an application representing the standard if required. 25 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 26 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 27 SFR is not applicable. 28 Note: The TOE can be delivered with an optional ECC library. Any optional ECC library contains the 29 ECC algorithms stated above. If no optional ECC library is available then this SFR is not 30 applicable. 31 32 FCS_COP.1/ECDH_PSL Cryptographic operation 33 34 Hierarchical to: No other components. 35 36 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 37 FDP_ITC.2 Import of user data with security attributes, or 38 FCS_CKM.1 Cryptographic key generation] 39 FCS_CKM.4 Cryptographic key destruction 40 41 FCS_COP.1.1/ECDH_PSL The TSF shall perform elliptic curve Diffie-Hellman key agreement in 42 accordance with a specified cryptographic algorithm ECDH and cryptographic 43 key sizes of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 bits that 44 meet the following standard: 45 62 Security Target Lite M9900, M9905, M9906 Public According to section 5.4.1 in ANSI X9.63 – 2001: Unlike section 5.4.1.3 our, 1 implementation not only returns the x-coordinate of the shared secret, but 2 rather the x-coordinate and y-coordinate. 3 4 Note: The certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key 5 lengths of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits. Other types of 6 elliptic curves can be added by the user during a composite certification process. 7 Note: For easy integration of EC functions into the user’s operating system and/or application, the 8 library contains single cryptographic functions respectively primitives which are compliant 9 to the standard. The primitives are referenced above. Therefore, the library supports the 10 user to develop an application representing the standard if required. 11 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 12 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 13 SFR is not applicable. 14 Note: The TOE can be delivered with an optional PSL library. Any PSL library contains a special 15 interface to the algorithms stated above.If no optional PSL library is available then this SFR 16 is not applicable. 17 18 7.3.8 Hash function 19 20 The TOE shall meet the requirement “Cryptographic operation – SHA (FCS_COP.1/SHA)” as specified 21 below. 22 23 FCS_COP.1/SHA Cryptographic operation 24 25 Hierarchical to: No other components. 26 27 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 28 FDP_ITC.2 Import of user data with security attributes, or 29 FCS_CKM.1 Cryptographic key generation] 30 FCS_CKM.4 Cryptographic key destruction 31 32 FCS_COP.1.1/ SHA The TSF shall perform hashing in accordance with a specified cryptographic 33 algorithm SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and cryptographic key 34 sizes none that meet the following FIPS 180-4 [SHS]. 35 Note: The TOE can be delivered with the optional HCL library. The optional HCL library contains 36 the hash algorithms stated above. If the optional HCLlibrary is not delivered then this SFR is 37 not applicable. 38 Note: This SFR claims countermeasures against SPA template attacks 39 Note: The SHA-1 algorithm shall only be used for session key derivation 40 FCS_COP.1/SHA_PSL Cryptographic operation 41 63 Security Target Lite M9900, M9905, M9906 Public 1 Hierarchical to: No other components. 2 3 Dependencies: [FDP_ITC.1 Import of user data without security attributes, or 4 FDP_ITC.2 Import of user data with security attributes, or 5 FCS_CKM.1 Cryptographic key generation] 6 FCS_CKM.4 Cryptographic key destruction 7 8 FCS_COP.1.1/ SHA_PSL The TSF shall perform hashing in accordance with a specified 9 cryptographic algorithm SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and 10 cryptographic key sizes none that meet the following FIPS 180-4 [SHS]. 11 Note: The TOE can be delivered with the optional PSL library v5.00.06. If the optional PSL library 12 v5.00.06 is not available then this SFR is not applicable. 13 Note: The SHA-1 algorithm shall only be used for session key derivation 14 15 7.4 Data Integrity 16 The TOE shall meet the requirement “Stored data integrity monitoring (FDP_SDI.1)” as specified 17 below: 18 19 FDP_SDI.1 Stored data integrity monitoring 20 21 Hierarchical to: No other components 22 23 Dependencies: No dependencies 24 25 FDP_SDI.1.1 The TSF shall monitor user data stored in containers controlled by the TSF for 26 inconsistencies between stored data and corresponding EDC on all objects, 27 based on the following attributes: EDC value for RAM and ROM and ECC value 28 for the SOLID FLASH™ NVM and verification of stored data in the SOLID FLASH™ 29 NVM. 30 31 The TOE shall meet the requirement “Stored data integrity monitoring and action (FDP_SDI.2)” as 32 specified below: 33 34 FDP_SDI.2 Stored data integrity monitoring and action 35 36 Hierarchical to: FDP_SDI.1 stored data integrity monitoring 37 38 Dependencies: No dependencies 39 40 FDP_SDI.2.1 The TSF shall monitor user data stored in containers controlled by the TSF for 41 data integrity and one- and/or more-bit-errors on all objects, based on the 42 following attributes: corresponding EDC value for RAM and ROM and error 43 correction ECC for the SOLID FLASH™ NVM. 44 45 64 Security Target Lite M9900, M9905, M9906 Public FDP_SDI.2.2 Upon detection of a data integrity error, the TSF shall correct 1 bit errors in the 1 SOLID FLASH™ NVM automatically and inform the user about more bit errors. 2 3 7.5 TOE Security Assurance Requirements 4 The evaluation assurance level is EAL5 augmented with ALC_DVS.2 and AVA_VAN.5. In the following 5 table, the security assurance requirements are given. The augmentation of the assurance 6 components compared to the Protection Profile [1] is expressed with bold letters. 7 Table 18 Assurance components 8 Aspect Acronym Description Refinement Development ADV_ARC.1 Security Architecture Description in PP [1] ADV_FSP.5 Complete semiformal functional specification with additional error information in ST ADV_IMP.1 Implementation representation of the TSF in PP [1] ADV_INT.2 Well-structured internals ADV_TDS.4 Semi-formal modular design Guidance Documents AGD_OPE.1 Operational user guidance in PP [1] AGD_PRE.1 Preparative procedures in PP [1] Life-Cycle Support ALC_CMC.4 Production support, acceptance procedures and automation in PP [1] ALC_CMS.5 Development tools CM coverage in ST ALC_DEL.1 Delivery procedures in PP [1] ALC_DVS.2 Sufficiency of security measures in PP [1] ALC_LCD.1 Developer defined life-cycle model ALC_TAT.2 Compliance with implementation standards in ST Security Target Evaluation ASE_CCL.1 Conformance claims ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_OBJ.2 Security objectives ASE_REQ.2 Derived security requirements ASE_SPD.1 Security problem definition ASE_TSS.1 TOE summary specification 65 Security Target Lite M9900, M9905, M9906 Public Tests ATE_COV.2 Analysis of coverage in PP [1] ATE_DPT.3 Testing: modular design in ST ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample Vulnerability Assessment AVA_VAN.5 Advanced methodical vulnerability analysis in PP [1] 7.5.1 Refinements 1 Some refinements are taken unchanged from the PP [1]. In some cases a clarification is necessary. In 2 Table 19 an overview is given where the refinement is done. 3 Two refinements from the PP [1] have to be discussed here in the Security Target, as the assurance 4 level is increased. 5 Life cycle support (ALC_CMS, ALC_TAT) 6 The refinement from the PP [1] can be applied even at the chosen assurance level EAL 5 augmented 7 with ALC_CMS.5 and ALC_TAT.2. The assurance package ALC_CMS.4 is extended to ALC_CMS.5 with 8 aspects regarding the configuration control system for the TOE. The assurance package ALC_TAT.1 is 9 extended to ALC_TAT.2 with aspects regarding the implementation standards for the TOE. The 10 refinements are not touched. 11 Functional Specification (ADV_FSP) 12 The refinement from the PP [1] can be applied even at the chosen assurance level EAL 5 augmented 13 with ADV_FSP.5. The assurance package ADV_FSP.4 is extended to ADV_FSP.5 with aspects regarding 14 the descriptive level. The level is increased from informal to semi-formal with informal description. 15 The refinement is not touched from this measure. 16 For details of the refinement see PP [1]. 17 Tests (ATE_DPT.3) 18 The refinement from the PP [1] can be applied even at the chosen assurance level EAL 5 augmented 19 with ATE_DPT.3. The assurance package ATE_DPT.2 is augmented to ATE_DPT.3 relating to the 20 requirements of the assurance level EAL 5. The refinement is not touched. 21 22 7.6 Security Requirements Rationale 23 7.6.1 Rationale for the Security Functional Requirements 24 The security functional requirements rationale of the TOE are defined and described in PP [1] section 25 6.3 for the following security functional requirements: FDP_ITT.1, FDP_IFC.1, FPT_ITT.1, FPT_PHP.3, 26 FPT_FLS.1, FRU_FLT.2, FMT_LIM.1, FMT_LIM.2, FCS_RNG.1/HW, FCS_RNG.1/PSL and FAU_SAS.1. 27 The security functional requirements FPT_TST.2, FDP_ACC.1, FDP_ACF.1, FMT_MSA.1, FMT_MSA.3, 28 FMT_SMF.1, FCS_COP.1, FCS_CKM.1, FDP_SDI.1 and FDP_SDI.2 are defined in the following 29 description: 30 66 Security Target Lite M9900, M9905, M9906 Public 1 Table 19 Rational for additional SFR 2 in the ST 3 Objective TOE Security Functional Requirements O.Add-Functions FCS_COP.1/DES FCS_COP.1/DES_SCL FCS_COP.1/DES_PSL FCS_COP.1/DES_MAC_PSL FCS_COP.1/AES FCS_COP.1/AES_SCL FCS_COP.1/AES_PSL FCS_COP.1/AES_MAC_PSL FCS_COP.1/RSA FCS_COP.1/RSA_PSL FCS_COP.1/ECDSA FCS_COP.1/ECDSA _PSL FCS_COP.1/ECDH FCS_COP.1/ECDH_PSL FCS_CKM.1/RSA1 FCS_CKM.1/EC FCS_COP.1/SHA FCS_COP.1/SHA_PSL O.Phys-Manipulation FPT_TST.2 O.Mem-Access FDP_ACC.1 FDP_ACF.1 FMT_MSA.3 FMT_MSA.1 FMT_SMF.1 O.Malfunction FDP_SDI.1 FDP_SDI.2 4 The table above gives an overview, how the security functional requirements are combined to meet 5 the security objectives. The detailed justification is given in the following: 6 The justification related to the security objective “Additional Specific Security Functionality 7 (O.Add-Functions)” is as follows: 8 The security functional requirement(s) “Cryptographic operation (FCS_COP.1)” exactly requires those 9 functions to be implemented which are demanded by O.Add-Functions. FCS_CKM.1/RSA supports the 10 generation of RSA keys, FCS_CKM.1/EC supports the generation of EC keys needed for this 11 cryptographic operations. Therefore, FCS_COP.1/RSA, FCS_COP.1/RSA_PSL, FCS_COP.1/ECDSA, 12 FCS_COP.1/ECDSA_PSL, FCS_COP.1/ECDH, FCS_COP.1/ECDH_PSL and FCS_CKM.1/RSA and 13 FCS_CKM/EC are suitable to meet the security objective. The use of the supporting libraries Toolbox 14 1 Key generation functions are only provided by versions v2.05.005 and v2.07.003 of the RSA library 67 Security Target Lite M9900, M9905, M9906 Public and Base has no impact on any security functional requirement nor does its use generate additional 1 requirements. 2 Nevertheless, the developer of the Smartcard Embedded Software must ensure that the additional 3 functions are used as specified and that the User Data processed by these functions are protected as 4 defined for the application context. These issues are addressed by the specific security functional 5 requirements: 6  [FDP_ITC.1 Import of user data without security attributes or 7 FDP_ITC.2 Import of user data with security attributes or 8 FCS_CKM.1 Cryptographic key generation], 9  FCS_CKM.4 Cryptographic key destruction. 10 All these requirements have to be fulfilled to support OE.Resp-Appl for FCS_COP.1/DES, 11 FCS_COP.1/DES_SCL, FCS_COP.1/DES_PSL, FCS_COP.1/DES_MAC_PSL and for FCS_COP.1/AES, 12 FCS_COP.1/AES_SCL, FCS_COP.1, FCS_COP.1/AES_PSL, FCS_COP.1/AES_MAC_PSL. For the 13 FCS_COP.1/RSA , FCS_COP.1/RSA _PSL and FCS_COP.1/ECDSA , FCS_COP.1/ECDSA_PSL and 14 FCS_COP.1/ECDH, FCS_COP.1/ECDH_PSL the FCS_CKM.1/RSA and FCS_CKM.1/EC are optional, since 15 they are fulfilled by the TOE or may be fulfilled by the environment as the user can generate keys 16 externally additionally. 17 The security functional requirements required to meet the security objectives O.Leak-Inherent, 18 O.Phys-Probing, O.Malfunction, O.Phys-Manipulation and O.Leak-Forced define how to implement the 19 specific security functionality. However, key-dependent functions could be implemented in the 20 Smartcard Embedded Software. 21 The usage of cryptographic algorithms requires the use of appropriate keys. Otherwise these 22 cryptographic functions do not provide security. The keys have to be unique with a very high 23 probability, and must have a certain cryptographic strength etc. In case of a key import into the TOE 24 (which is usually after TOE delivery) it has to be ensured that quality and confidentiality are 25 maintained. Keys for 3DES and AES are provided by the environment, the keys for RSA and EC 26 algorithms can be provided either by the TOE or the environment. 27 In this ST the objectives for the environment OE.Plat-Appl and OE.Resp-Appl have been clarified. The 28 Smartcard Embedded Software defines the use of the cryptographic functions FCS_COP.1 provided by 29 the TOE. The requirements for the environment FDP_ITC.1, FDP_ITC.2, FCS_CKM.1 and FCS_CKM.4 30 support an appropriate key management. These security requirements are suitable to meet OE.Resp- 31 Appl. 32 The justification of the security objective and the additional requirements (both for the TOE and its 33 environment) show that they do not contradict to the rationale already given in the Protection Profile 34 for the assumptions, policy and threats defined there. 35 The security functional component Subset TOE security testing (FPT_TST.2) has been newly created 36 (Common Criteria Part 2 extended). This component allows that particular parts of the security 37 mechanisms and functions provided by the TOE can be tested after TOE Delivery. This security 38 functional component is used instead of the functional component FPT_TST.1 from Common Criteria 39 Part 2. For the user it is important to know which security functions or mechanisms can be tested. The 40 functional component FPT_TST.1 does not mandate to explicitly specify the security functions being 41 tested. In addition, FPT_TST.1 requires verification of the integrity of TSF data and stored TSF 42 executable code which might violate the security policy. 43 The tested security enforcing functions are SF_DPM Device Phase Management and SF_PMA 44 Protection against modifying attacks. 45 68 Security Target Lite M9900, M9905, M9906 Public The security functional requirement FPT_TST.2 will detect attempts to conduce a physical 1 manipulation on the monitoring functions of the TOE. The objective of FPT_TST.2 is O.Phys- 2 Manipulation. The physical manipulation will be tried to overcome security enforcing functions. 3 The security functional requirement “Subset access control (FDP_ACC.1)” with the related Security 4 Function Policy (SFP) “Memory Access Control Policy” exactly require the implementation of an area 5 based memory access control as required by O.Mem-Access. The related TOE security functional 6 requirements FDP_ACC.1, FDP_ACF.1, FMT_MSA.3, FMT_MSA.1 and FMT_SMF.1 cover this security 7 objective. The implementation of these functional requirements is represented by the dedicated 8 privilege level concept. 9 The justification of the security objective and the additional requirements show that they do not 10 contradict to the rationale already given in the Protection Profile for the assumptions, policy and 11 threats defined there. Moreover, these additional security functional requirements cover the 12 requirements by [3] user data protection of chapter 11 which are not refined by the PP [1]. 13 Nevertheless, the developer of the Smartcard Embedded Software must ensure that the additional 14 functions are used as specified and that the User Data processed by these functions are protected as 15 defined for the application context. The TOE only provides the tool to implement the policy defined in 16 the context of the application. 17 The justification related to the security objective “Protection against Malfunction due to 18 Environmental Stress (O.Malfunction)” is as follows: 19 The security functional requirement “Stored data integrity monitoring (FDP_SDI.1)” requires the 20 implementation of an Error Detection (EDC) algorithm which detects integrity errors of the data stored 21 in RAM, ROM and SOLID FLASH™ NVM (in the SOLID FLASH™ NVM more bit errors are detected). By this 22 the malfunction of the TOE using corrupt data is prevented. Therefore FDP_SDI.1 is suitable to meet 23 the security objective. 24 The security functional requirement “Stored data integrity monitoring and action (FDP_SDI.2)” 25 requires the implementation of an integrity observation and correction which is implemented by the 26 Error Detection (EDC) and Error Correction (ECC) measures. The EDC is present in RAM and ROM of the 27 TOE while the ECC is realized in the SOLID FLASH™ NVM. These measures detect and inform about one 28 and more bit errors. In case of the SOLID FLASH™ NVM 1 bit errors of the data are corrected 29 automatically. By the ECC mechanisms it is prevented that the TOE uses corrupt data. Therefore 30 FDP_SDI.2 is suitable to meet the security objective. 31 The CC part 2 defines the component FIA_SOS.2, which is similar to FCS_RNG.1, as follows: 32 33 FIA_SOS.2 TSF Generation of secrets 34 Hierarchical to: No other components. 35 Dependencies: No dependencies. 36 FIA_SOS.2.1 The TSF shall provide a mechanism to generate secrets that meet 37 [assignment:adefined quality metric]. 38 FIA_SOS.2.2 The TSF shall be able to enforce the use of TSF generated secrets for 39 [assignment: list of TSF functions]. 40 41 The CC part 2, annex G.3 [3], states: “This family defines requirements for mechanisms that enforce 42 defined quality metrics on provided secrets, and generate secrets to satisfy the defined metric“. Even 43 69 Security Target Lite M9900, M9905, M9906 Public the operation in the element FIA_SOS.2.2 allows listing the TSF functions using the generated secrets. 1 Because all applications discussed in annex G.3 are related to authentication, the component 2 FIA_SOS.2 is also intended for authentication purposes while the term “secret” is not limited to 3 authentication data (cf. CC part 2, paragraphs 39-42). 4 Paragraph 685 in the CC part 2 [3] recommends to use the component FCS_CKM.1 to address random 5 number generation. However, this may hide the nature of the secrets used for key generation and 6 does not allow describing random number generation for other cryptographic methods (e.g., 7 challenges, padding), authentication (e.g., password seeds), or other purposes (e.g., blinding as a 8 countermeasure against side channel attacks). 9 The component FCS_RNG addresses general RNG, the use of which includes but is not limited to 10 cryptographic mechanisms. FCS_RNG allows specifying requirements for the generation of random 11 numbers including necessary information for the intended use. These details describe the quality of 12 the generated data where other security services rely on. Thus by using FCS_RNG a ST or PP author is 13 able to express a coherent set of SFRs that include or use the generation of random numbers as a 14 security service. 15 16 7.6.1.1 Dependencies of Security Functional Requirements 17 The dependence of security functional requirements are defined and described in PP [1] section 6.3.2 18 for the following security functional requirements: FDP_ITT.1, FDP_IFC.1, FPT_ITT.1, FPT_PHP.3, 19 FPT_FLS.1, FRU_FLT.2, FMT_LIM.1, FMT_LIM.2, FCS_RNG.1/HW, FCS_RNG.1/PSL and FAU_SAS.1. 20 The dependence of security functional requirements for the security functional requirements 21 FPT_TST.2, FDP_ACC.1, FDP_ACF.1, FMT_MSA.1, FMT_MSA.3, FMT_SMF.1, FCS_COP.1, FCS_CKM.1, 22 FDP_SDI.1 and FDP_SDI.2 are defined in the following description. 23 24 Table 20 Dependency for 25 cryptographic operation 26 requirement 27 Security Functional Requirement Dependencies Fulfilled by security requirements FCS_COP.1/DES FCS_COP.1/DES_SCL FCS_COP.1/DES_PSL FCS_COP.1/DES_MAC_PSL FCS_CKM.1 Yes, see comment FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1) FCS_CKM.4 Yes, see comment FCS_COP.1/AES FCS_COP.1/AES_SCL FCS_COP.1/AES_PSL FCS_COP.1/AES_MAC_PSL FCS_CKM.1 Yes, see comment FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1) FCS_CKM.4 Yes, see comment FCS_COP.1/RSA FCS_COP.1/RSA_PSL FCS_CKM.1 Yes, see comment FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1) FCS_CKM.4 Yes, see comment 70 Security Target Lite M9900, M9905, M9906 Public 1 Note:The dependency FMT_SMR.1 introduced by the two components FMT_MSA.1 and FMT_MSA.3 is 2 considered to be satisfied because the access control specified for the intended TOE is not role- 3 based but enforced for each subject. Therefore, there is no need to identify roles in form of a 4 security functional requirement FMT_SMR.1. 5 Comment: The security functional requirement “Cryptographic operation (FCS_COP.1)” met by the 6 TOE, has the following dependencies: 7  [FDP_ITC.1 Import of user data without security attributes, or 8  FDP_ITC.2 Import of user data with security attributes] 9  FCS_CKM.1 Cryptographic key generation 10  FCS_CKM.4 Cryptographic key destruction. 11 1 Key generation functions are only provided by versions v2.05.005 and v2.07.003 of the RSA library FCS_CKM.1/RSA1 FCS_CKM.2 or FCS_COP.1 Yes FCS_CKM.4 Yes, see comment FCS_COP.1/ECDSA FCS_COP.1/ECDSA_PSL FCS_CKM.1 Yes, see comment FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1) FCS_CKM.4 Yes, see comment FCS_CKM.1/EC FCS_CKM.2 or FCS_COP.1 Yes FCS_CKM.4 Yes, see comment FCS_COP.1/ECDH FCS_COP.1/ECDH_PSL FCS_CKM.1 Yes, see comment FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1) FCS_CKM.4 Yes, see comment FCS_COP.1/SHA FCS_COP.1/SHA_PSL FCS_CKM.1, FDP_ITC.1 or FDP_ITC.2 (if not FCS_CKM.1), FCS_CKM.4 Not required, see comment FPT_TST.2 None See comment FDP_ACC.1 FDP_ACF.1 Yes FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 Yes Yes FMT_MSA.3 FMT_MSA.1 FMT_SMR.1 Yes Not required, see comment FMT_MSA.1 FDP_ACC.1 or FDP_IFC.1 FMT_SMR.1 FMT_SMF.1 Yes See comment Yes FMT_SMF.1 None N/A FDP_SDI.1 None N/A FDP_SDI.2 None N/A 71 Security Target Lite M9900, M9905, M9906 Public The security functional requirement “Cryptographic key management (FCS_CKM)” met by TOE, has 1 the following dependencies: 2  [FCS_CKM.2 Cryptographic key distribution, or 3  FCS_COP.1 Cryptographic operation] 4  FCS_CKM.4 Cryptographic key destruction. 5 These requirements all address the appropriate management of cryptographic keys used by the 6 specified cryptographic function and are not part of the PP [1]. Most requirements concerning key 7 management shall be fulfilled by the environment since the Smartcard Embedded Software is 8 designed for a specific application context and uses the cryptographic functions provided by the TOE. 9 10 For the security functional requirement FCS_COP.1/DES, FCS_COP.1/DES_SCL, FCS_COP.1/DES_PSL, 11 FCS_COP.1/DES_MAC_PSL and FCS_COP.1/AES, FCS_COP.1/AES_SCL, FCS_COP.1/AES_PSL, 12 FCS_COP.1/AES_MAC_PSL the respective dependencies FCS_CKM.1, FCS_CKM.4 and FDP_ITC.1 or 13 FDP_ITC.2 have to be fulfilled by the environment. That mean, that the environment shall meet the 14 requirements FCS_CKM.1 and FCS_CKM.4 as defined in [3], section 10.1 and shall meet the 15 requirements FDP_ITC.1 or FDP_ITC.2 as defined in [3], section 11.7. 16 For the security functional requirement FCS_COP.1/RSA, FCS_COP.1/RSA_PSL, FCS_COP.1/ECDSA, 17 FCS_COP.1/ECDSA_PSL, and FCS_COP.1/ECDH, FCS_COP.1/ECDH_PSL, the respective dependencies 18 FCS_CKM.4 and FDP_ITC.1 or FDP_ITC.2 have to be fulfilled by the environment. That mean, that the 19 environment shall meet the requirements FDP_ITC.1 or FDP_ITC.2 as defined in [3], section 11.7. 20 For the security functional requirement FCS_COP.1/RSA, FCS_COP.1/RSA_PSL, FCS_COP.1/ECDSA, 21 and FCS_COP.1/ECDH, the respective dependency FCS_CKM.1 has to be fulfilled by the TOE with the 22 security functional requirement FCS_CKM.1/RSA (for FCS_COP.1/RSA) and FCS_CKM.1/EC (for 23 FCS_COP.1/ECDSA and FCS_COP.1/ECDH) as defined in section 7.1.4. Additionally the requirement 24 FCS_CKM.1 can be fulfilled by the environment as defined in [3], section 10.1. 25 For the security functional requirement FCS_COP.1/ECDSA_PSL and FCS_COP.1/ECDH_PSL, the 26 respective dependency FCS_CKM.1 does not apply, because the PSL does not provide a key 27 generation operation for elliptic curves. 28 For the security functional requirement FCS_CKM.1/RSA and FCS_CKM.1/EC the respective 29 dependency FCS_COP.1 is fulfilled by the TOE. The respective dependency FCS_CKM.4 has to be 30 fulfilled by the environment. That means, the environment shall meet the requirement FCS_CKM.4 as 31 defined in [3], section 10.1. 32 For the security functional requirement FCS_COP.1/SHA and FCS_COP.1/SHA_PSL the respective 33 dependencies are not applicable, because no keys are involved. 34 The cryptographic libraries RSA and EC and the Toolbox library are delivery options. If one of the 35 libraries RSA, EC or Toolbox are delivered, the asymmetric Base Lib is automatically part of it. 36 Therefore the user may choose a free combination of these libraries. In case of deselecting one or 37 several of these libraries the TOE does not provide the respective functionality Additional Specific 38 Security Functionality Rivest-Shamir-Adleman Cryptography (RSA) and/or Elliptic Curve Cryptography 39 (EC). The Toolbox and asymmetric Base Library are no cryptographic libraries and provide no 40 additional specific security functionality. 41 End of comment. 42 72 Security Target Lite M9900, M9905, M9906 Public 1 7.6.2 Rationale of the Assurance Requirements 2 The chosen assurance level EAL5 and the augmentation with the requirements ALC_DVS.2 and 3 AVA_VAN.5 were chosen in order to meet the assurance expectations explained in the following 4 paragraphs. In Table 18 the different assurance levels are shown as well as the augmentations. The 5 augmentations are in compliance with the Protection Profile. 6 An assurance level EAL5 with the augmentations ALC_DVS.2 and AVA_VAN.5 are required for this type 7 of TOE since it is intended to defend against highly sophisticated attacks without protective 8 environment. This evaluation assurance package was selected to permit a developer to gain 9 maximum assurance from positive security engineering based on good commercial practices. In order 10 to provide a meaningful level of assurance that the TOE provides an adequate level of defence against 11 such attacks, the evaluators should have access to all information regarding the TOE including the 12 TSF internals, the low level design and source code including the testing of the modular design. 13 Additionally the mandatory technical document “Application of Attack Potential to Smartcards” [10] 14 shall be taken as a basis for the vulnerability analysis of the TOE. 15 16 17 ALC_DVS.2 Sufficiency of security measures 18 Development security is concerned with physical, procedural, personnel and other technical 19 measures that may be used in the development environment to protect the TOE. 20 In the particular case of a Security IC the TOE is developed and produced within a complex and 21 distributed industrial process which must especially be protected. Details about the implementation, 22 (e.g. from design, test and development tools as well as Initialization Data) may make such attacks 23 easier. Therefore, in the case of a Security IC, maintaining the confidentiality of the design is very 24 important. 25 This assurance component is a higher hierarchical component to EAL5 (which only requires 26 ALC_DVS.1). ALC_DVS.2 has no dependencies. 27 73 Security Target Lite M9900, M9905, M9906 Public AVA_VAN.5 Advanced methodical vulnerability analysis 1 Due to the intended use of the TOE, it must be shown to be highly resistant to penetration attacks. 2 This assurance requirement is achieved by the AVA_VAN.5 component. 3 Independent vulnerability analysis is based on highly detailed technical information. The main intent 4 of the evaluator analysis is to determine that the TOE is resistant to penetration attacks performed by 5 an attacker possessing high attack potential. 6 AVA_VAN.5 has dependencies to ADV_ARC.1 “Security architecture description”, ADV_FSP.2 “Security 7 enforcing functional specification”, ADV_TDS.3 “Basic modular design”, ADV_IMP.1 “Implementation 8 representation of the TSF”, AGD_OPE.1 “Operational user guidance”, and AGD_PRE.1 “Preparative 9 procedures”. 10 All these dependencies are satisfied by EAL5. 11 It has to be assumed that attackers with high attack potential try to attack Security ICs like smart 12 cards used for digital signature applications or payment systems. Therefore, specifically AVA_VAN.5 13 was chosen in order to assure that even these attackers cannot successfully attack the TOE. 14 15 74 Security Target Lite M9900, M9905, M9906 Public 8 TOE Summary Specification (ASE_TSS) 1 The product overview is given in section 2.1. In the following the Security Features are described and 2 the relation to the security functional requirements is shown. 3 The TOE is equipped with following Security Features to meet the security functional requirements: 4  SF_DPM Device Phase Management 5  SF_PS Protection against Snooping 6  SF_PMA Protection against Modification Attacks 7  SF_PLA Protection against Logical Attacks 8  SF_CS Cryptographic Support 9 10 The following description of the Security Features is a complete representation of the TSF. 11 8.1 SF_DPM: Device Phase Management 12 The life cycle of the TOE is split-up in several phases. Chip development and production (phase 2, 3, 4) 13 and final use (phase 4-7) is a rough split-up from TOE point of view. These phases are implemented in 14 the TOE as test mode (phase 3) and user mode (phase 4-7). 15 In addition a chip identification mode exists which is active in all phases. The chip identification data 16 (O.Identification) is stored in a in the not changeable configuration page area and non-volatile 17 memory. In the same area further TOE configuration data is stored. In addition, user initialization data 18 can be stored in the non-volatile memory during the production phase as well. During this first data 19 programming, the TOE is still in the secure environment and in Test Mode. 20 The covered security functional requirement is FAU_SAS.1 “Audit storage”. 21 During start-up of the TOE the decision for one of the various operation modes is taken dependent on 22 phase identifiers. The decision of accessing a certain mode is defined as phase entry protection. The 23 phases follow also a defined and protected sequence. The sequence of the phases is protected by 24 means of authentication. 25 The covered security functional requirements are FMT_LIM.1 “Limited capabilities” and FMT_LIM.2 26 “Limited availability”. 27 During the production phase (phase 3 and 4) or after the delivery to the customer (phase 5 or phase 6), 28 the TOE provides the possibility to download a user specific encryption key and user code and data 29 into the empty (erased) SOLID FLASH™ NVM memory area as specified by the associated control 30 information of the Flash Loader software. After finishing the load operation, the Flash Loader can be 31 permanently deactivated, so that no further load operation with the Flash Loader is possible. These 32 procedures are defined as phase operation limitation. 33 The covered security functional requirement is FMT_LIM.2 “Limited availability”. 34 During operation within a phase the accesses to memories are granted by the MPU controlled access 35 rights and related levels. 36 The covered security functional requirements are FDP_ACC.1 “Subset access control”, FDP_ACF.1 37 “Security attribute based access control” and FMT_MSA.1 “Management of security attributes”. 38 In addition, during each start-up of the TOE the address ranges and access rights are initialized by the 39 Boot Software (BOS) with predefined values. 40 The covered security functional requirement is FMT_MSA.3 “Static attribute initialisation”. 41 75 Security Target Lite M9900, M9905, M9906 Public The TOE clearly defines access rights and levels in conjunction with the appropriate key management 1 in dependency of the firmware or software to be executed. 2 The covered security functional requirement is FMT_SMF.1 “Specification of Management functions”. 3 Each operation phase is protected by means of authentication and encryption. 4 The covered security functional requirements are FPT_ITT.1 “Basic internal TSF data transfer 5 protection” and FDP_IFC.1 “Subset information flow control”. If any comparison of the authentication 6 code fails a direct security reset is performed. The covered security functional requirements is 7 FPT_FLS.1 ”Failure with preservation of secure state”. 8 The SF_DPM “Device Phase Management” covers the security functional requirements FPT_FLS.1, 9 FAU_SAS.1, FMT_LIM.1, FMT_LIM.2, FDP_ACC.1, FDP_ACF.1, FMT_MSA.1, FMT_MSA.3, FMT_SMF.1, 10 FPT_ITT.1 and FDP_IFC.1. 11 12 8.2 SF_PS: Protection against Snooping 13 Several mechanisms protect the TOE against snooping the design or the user data during operation 14 and even if it is out of operation (power down). 15 The entire design is kept in a non standard way to prevent attacks using standard analysis methods. 16 Important parts of the chip are especially designed to counter leakage or side channel attacks like 17 DPA/SPA or EMA/DEMA. Therefore, even the physical data gaining is difficult to perform, since timing 18 and current consumption is independent of the processed data. In the design a number of 19 components are automatically synthesized and mixed up to disguise an attacker and to make an 20 analysis more difficult. 21 The covered security functional requirement is FPT_PHP.3 “Resistance to physical attack”. 22 A further protective design method used is secure wiring. All security critical wires have been 23 identified and protected by special routing measures against probing. Additionally the wires are 24 embedded into shield lines and used as normal signal lines for operation of the chip to prevent 25 successful probing. This measurement is called “security optimized wiring”. 26 The covered security functional requirements are FPT_PHP.3 “Resistance to physical attack”, 27 FPT_ITT.1 “Basic internal TSF data transfer protection”, FPT_FLS.1 “Failure with preservation of 28 secure state” and FDP_ITT.1 “Basic internal transfer protection”. 29 All contents of the memories RAM, ROM and SOLID FLASH™ NVM of the TOE are encrypted on chip to 30 protect them against data analysis. The external Flash-memory is not encrypted and not a part of the 31 security functional requirements. 32 In addition the data transferred over the memory bus to and from (bi-directional encryption) the CPU, 33 Co-processor (Crypto2304T and SCP), the special SFRs and the peripheral devices (CRC, RNG and 34 Timer) are transported encrypted with an automatically dynamic key change. 35 The encryption of the memory content is done by the MED using a proprietary cryptographic 36 algorithm and a complex key management providing protection against cryptographic analysis 37 attacks. This means that the SOLID FLASH™ NVM, RAM, ROM and the bus are encrypted with module 38 dedicated and dynamic keys. The only key remaining static over the product life cycle is the specific 39 ROM key changing from mask to mask. 40 All security relevant transfer of addresses or data via the peripheral bus is dynamically masked and 41 thus protected against readout and analysis. 42 The function Trash Register Writes can be activated by the user to hide the fact if an register has been 43 written. 44 The covered security functional requirements are FDP_IFC.1 “Subset information flow control“, 45 76 Security Target Lite M9900, M9905, M9906 Public FPT_PHP.3 “Resistance to physical attack”, FPT_ITT.1 “Basic internal TSF data transfer protection, 1 FPT_FLS.1 “Failure with preservation of secure state” and FDP_ITT.1 “Basic internal transfer 2 protection”. 3 4 The SF_PS “Protection against Snooping” covers the security functional requirements FPT_PHP.3, 5 FDP_IFC.1, FPT_ITT.1, FPT_FLS.1 and FDP_ITT.1. 6 8.3 SF_PMA: Protection against Modifying Attacks 7 The TOE is equipped with an error detection code (EDC) for protecting RAM and ROM and an ECC, 8 which is realized in the SOLID FLASH™ NVM. Thus introduced failures are securely detected and, in 9 terms of single bit errors in the SOLID FLASH™ NVM also automatically corrected (FDP_SDI.2). For 10 SOLID FLASH™ NVM in case of more than one bit errors and for RAM in case of any bit errors detected, 11 a security alarm is triggered. 12 In order to prevent accidental bit faults during production in the ROM, over the data stored in ROM an 13 EDC value is calculated (FDP_SDI.1). 14 The covered security functional requirements are FRU_FLT.2 “Limited fault tolerance“, FDP_PHP.3 15 “Resistance to physical attack“, FDP_SDI.1 “Stored data integrity monitoring” and FDP_SDI.2 “Stored 16 data integrity monitoring and action”. 17 If a user tears the card resulting in a power off situation during an SOLID FLASH™ NVM programming 18 operation or if other perturbation is applied, no data or content loss occurs and the TOE restarts 19 power on. The NVM tearing save write functionality covers FDP_SDI.1 “Stored data integrity 20 monitoring” as the new data to be programmed are checked for integrity and correct programming 21 before the page with the old data becomes valid. 22 23 The covered security functional requirement are FPT_PHP.3 “Resistance to physical attack“, since 24 these measures make it difficult to manipulate the write process of the NVM, FPT_FLS.1 “Failure with 25 preservation of secure state“and FDP_SDI.1 “Stored data integrity monitoring”. 26 In the case that a physical manipulation or a physical probing attack is detected, the processing of the 27 TOE is immediately stopped and the TOE enters a secure state called security reset. 28 The covered security functional requirements are FPT_FLS.1 “Failure with preservation of secure 29 state”, FPT_PHP.3 “Resistance to physical attack” and FPT_TST.2 “Subset TOE security testing“. 30 As physical effects or manipulative attacks may also address the program flow of the user software, 31 two watchdog timers each with a check point register function are implemented. This feature allows 32 the user to check the correct processing time and the integrity of the program flow of the user 33 software. 34 The Instruction Stream Signature Checking (ISS) calculates a hash about all executed instructions and 35 automatically checks the correctness of this hash value. If the code execution follows an illegal path 36 an alarm is triggered. 37 Another measure against modifying and perturbation respectively differential fault attacks (DFA) is 38 the implementation of backward calculation in the SCP. By this induced errors are discovered. 39 The covered security functional requirements are FPT_FLS.1 “Failure with preservation of secure 40 state”, FDP_IFC.1 “Subset information flow control”, FPT_ITT.1 “Basic internal transfer protection”, 41 FDP_ITT.1 “Basic internal transfer protection” and FPT_PHP.3 “Resistance to physical attack”. 42 77 Security Target Lite M9900, M9905, M9906 Public During start up, the TOE performs various configurations and subsystem tests. After the TOE startup 1 has finished, the operating system or application can call the User Mode Security Life Control (UMSLC) 2 test provided by the Resource Management System. The UMSLC checks the alarm lines and/or the 3 different security functions and sensors for correct operation. The test can be triggered by user 4 software during normal operation. As attempts to modify the security features will be detected from 5 the test, the covered security functional requirement is FPT_TST.2 “Subset TOE security testing“. 6 The correct function of the TOE is only given in the specified range of the environmental operating 7 parameters. To prevent an attack exploiting that circumstance the TOE is equipped with a 8 temperature sensor, glitch sensor and backside light detection. The TOE falls into the defined secure 9 state in case of a specified range violation. The defined secure state causes the chip internal reset 10 process. Note that the specified range checking can only work when the TOE is running and can not 11 prevent reverse engineering. 12 The covered security functional requirements are FRU_FLT.2 “Limited fault tolerance” and FPT_FLS.1 13 “Failure with preservation of secure state“. 14 The SF_PMA “Protection against Modifying Attacks” covers the security functional requirements 15 FPT_PHP.3, FDP_IFC.1, FPT_ITT.1, FDP_ITT.1, FPT_TST.2, FDP_SDI.1, FDP_SDI.2, FRU_FLT.2 and 16 FPT_FLS.1. 17 18 8.4 SF_PLA: Protection against Logical Attacks 19 The memory model of the TOE provides two distinct, independent levels called the privileged and 20 non-privilege level and the possibility to define up to eight memory regions with different access 21 rights enforced by the Management Protection Unit (MPU). This gives the user software the possibility 22 to define different access rights for the regions 0 to 7 for privilege or non-privilege level. In the case of 23 an access violation the MPU will trigger a trap. The policy of setting up the MPU and specifying the 24 memory ranges for the regions (0 to 7) is defined from the user software. 25 The covered security functional requirements are FDP_ACC.1 “Subset access control”, FDP_ACF.1 26 “Security attribute based access control”, FMT_MSA.1 “Management of security attributes”, 27 FMT_MSA.3 “Static attribute initialisation” and FMT_SMF.1 “Specification of Management functions”. 28 All memories present on the TOE (NVM, ROM, RAM) are encrypted using individual keys assigned by 29 complex key management. In case of security critical error a security alarm is generated and the TOE 30 ends up in a secure state. 31 The covered security functional requirements are FDP_ACF.1 “Security attribute based access 32 control” and FPT_FLS.1 “Failure with preservation of secure state”. 33 The SF_PLA “Protection against Logical Attacks” covers the security functional requirements 34 FDP_ACC.1, FDP_ACF.1, FMT_MSA.1, FMT_MSA.3, FPT_FLS.1 and FMT_SMF.1. 35 36 8.5 SF_CS: Cryptographic Support 37 The TOE is equipped an asymmetric and a symmetric hardware accelerators to support the standard 38 symmetric and asymmetric cryptographic operations. This security function is introduced to include 39 the cryptographic operation in the scope of the evaluation as the cryptographic function respectively 40 mathematic algorithm itself is not used from the TOE security policy. The components are a co- 41 processor supporting the DES and AES algorithms and a co-processor and software modules to 42 support RSA cryptography, RSA key generation, EC signature generation and verification, ECDH key 43 78 Security Target Lite M9900, M9905, M9906 Public agreement and EC public key calculation and testing. Additionally the TOE is equipped with a True 1 Random Number Generator for the generation of random numbers. 2 8.5.1 3DES encryption 3 The TOE supports the encryption and decryption in accordance with the specified cryptographic 4 algorithm Triple Data Encryption Standard (3DES) in the Electronic Codebook Mode (ECB),Cipher 5 Block Chaining Mode (CBC), Cipher Feedback Mode (CFB) , Counter Mode (CTR) and CMAC mode and 6 with cryptographic key sizes of 112 bit or 168 bit meeting the standard: [N867], [N38A], [N38B]. 7 The covered security functional requirements are FCS_COP.1/DES , FCS_COP.1/DES_SCL, 8 FCS_COP.1/DES_ PSL 9 10 This SFR is implemented in 3 ways: 11 1. By directly programming the hardware registers of the symmetric coprocessor. 12 2. By using the interface of the optional SCL. This library contains additional countermeasures. 13 3. By using the interface of the optional PSL. This library uses the SCL library to access the symmetric 14 coprocessor. 15 Note: This TOE can be delivered with the SCP accessible or blocked. The blocking depends on the 16 customer demands prior to the production of the hardware. In case the SCP is blocked, no 17 DES computation supported by hardware is possible and this TSF will not be provided. 18 Note: The TOE can also be delivered with the optional SCL library. The optional SCL library 19 contains hardened DES algorithms. The optional SCL library needs an accessible SCP. 20 Note: The TOE can be delivered with the optional PSL library. The PSL library contains a 21 standardized interface to the functions of the DES library. The optional PSL library depends 22 on the optional SCL library. 23 8.5.2 3DES MAC 24 The TSF supports MAC calculation with the cryptographic algorithm Triple Data Encryption Standard 25 (3DES) in CBC MAC mode and cryptographic key sizes of 2 x 56 bit or 3 x 56 bit according to the 26 standards: [N867], [9797] with the following options/modifications: 27  MAC algorithm 1 28  Padding must be done by the caller 29  An Initialization Vector (IV) must be given by the caller 30  The covered security functional requirements are FCS_COP.1/DES_MAC_PSL 31 Note: This TOE can be delivered with the SCP accessible or blocked and optional SCL and PSL 32 library. The blocking depends on the customer demands prior to the production of the 33 hardware. In case the SCP is blocked, no DES computation supported by hardware is 34 possible and this TSF will not be provided.This TOE can be delivered with the optional SCL 35 and PSL librariy. In case that either SCL and/or PSL library are not available, this TSF will not 36 be provided. 37 38 79 Security Target Lite M9900, M9905, M9906 Public 8.5.3 AES encryption 1 The TSF supports the encryption and decryption in accordance with the specified cryptographic 2 algorithm Advanced Encryption Standard (AES) ) in the Electronic Codebook Mode (ECB), Cipher Block 3 Chaining Mode (CBC), Cipher Feedback Mode (CFB), CTR (Counter) Mode and CMAC mode and 4 cryptographic key sizes of 128 bit or 192 bit or 256 bit according to the standard: [N197], [N38A], 5 [N38B]. 6 The covered security functional requirement is FCS_COP.1/AES, FCS_COP.1/AES_SCL, 7 FCS_COP.1/AES_PSL. 8 This TSF is implemented in 3 ways: 9 1. By directly programming the hardware registers of the symmetric coprocessor. 10 2. By using the interface of the optional SCL. This library contains additional countermeasures. 11 3. By using the interface of the optional PSL. This library uses the SCL library to access the symmetric 12 coprocessor. 13 Note: This TOE can be delivered with the SCP accessible or blocked. The blocking depends on the 14 customer demands prior to the production of the hardware. In case the SCP is blocked, no 15 AES computation supported by hardware is possible and this TSF will not be provided. 16 Note: The TOE can also be delivered with the optional SCL library. The optional SCL library 17 contains hardened AES algorithms. The optional AES library needs an accessible SCP. 18 Note: The TOE can be delivered with the optional PSL library. The PSL library contains a 19 standardized interface to the functions of the AES library. 20 8.5.4 AES MAC 21 The TSF supports MAC calculation with the cryptographic algorithm Advanced Encryption Standard 22 (AES) in CBC MAC mode and CMAC mode and cryptographic key sizes of 128 bit or 192 bit or 256 bit 23 according to the standards: [N197],[N38B], [9797] with the following options/modifications: 24  MAC algorithm 1 25  Padding must be done by the caller 26  An Initialization Vector (IV) must be given by the caller 27  The covered security functional requirements are FCS_COP.1/AES_MAC_PSL 28 Note: This TOE can be delivered with the SCP accessible or blocked and optional SCL and PSL 29 library. The blocking depends on the customer demands prior to the production of the 30 hardware. In case the SCP is blocked, no AES computation supported by hardware is 31 possible and this TSF will not be provided.This TOE can be delivered with the optional SCL 32 and PSL librariy. In case that either SCL and/or PSL library are not available, this TSF will not 33 be provided. 34 35 8.5.5 RSA 36 8.5.5.1 Encryption, Decryption, Signature Generation and Verification 37 The TSF shall perform encryption and decryption in accordance with a specified cryptographic 38 80 Security Target Lite M9900, M9905, M9906 Public algorithm Rivest-Shamir-Adleman (RSA) and cryptographic key sizes 1024 - 4096 bits that meet 1 the following standards: 2 Encryption: 3 According to section 5.1.1 RSAEP in PKCS v2.2 RFC3447, without 5.1.1(1). 4 Decryption (with or without CRT): 5 According to section 5.1.2 RSADP in PKCS v2.2 RFC3447 6 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, therefore without 5.1.2(2.b) (ii)&(v), without 5.1.2(1), 7 5.1.2(2.a) only supported up to n < 22048 . 8 Signature Generation (with or without CRT): 9 According to section 5.2.1 RSASP1 in PKCS v2.2 RFC3447 10 for u = 2, i.e., without any (r_i, d_i, t_i), i >2, 11 therefore without 5.2.1(2.b) (ii)&(v), without 5.2.1(1), 12 5.2.1(2.a) only supported up to n < 22048 . 13 Signature Verification: 14 According to section 5.2.2 RSAVP1 in PKCS v2.2 RFC3447, 15 without 5.2.2(1). 16 The covered security functional requirement is FCS_COP.1/RSA, FCS_COP.1/RSA_PSL. 17 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 18 the Crypto2304T is blocked, no RSA computation supported by hardware is possible and this 19 SFR is not applicable. 20 Note: The TOE can also be delivered with the optional RSA library. The optional RSA library 21 contains the RSA algorithms stated above. The optional RSA library needs an accessible 22 Crypto2304T. If the optional RSA library is not delivered then this SFR is not applicable. 23 8.5.5.2 Asymmetric Key Generation 24 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key 25 generation algorithm RSA specified in PKCS#1 v2.2 and specified cryptographic key sizes of 1024 – 26 4096 bits that meet the following standard: 27 According to section 3.2(2) in PKCS v2.2 RFC3447, 28 for u=2, i.e., without any (r_i, d_i, t_i), i > 2. 29 For p x q < 22048 additionally according to section 3.2(1). 30 The covered security functional requirement is FCS_CKM.1/RSA. 31 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 32 the Crypto2304T is blocked, no RSA computation supported by hardware is possible and this 33 TSF is not provided. 34 Note: The TOE can also be delivered with the optional RSA library. The optional RSA library 35 contains the RSA algorithms stated above. The optional RSA library needs an accessible 36 Crypto2304T. If the optional RSA library is not delivered then this TSF is not provide. 37 81 Security Target Lite M9900, M9905, M9906 Public 8.5.6 Elliptic Curves 1 The certification covers the standard NIST [DSS] and Brainpool [ECC] Elliptic Curves with key 2 lengths of 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 Bits, due to national AIS32 3 regulations by the BSI. Note that there are numerous other curve types, being also secure in 4 terms of side channel attacks on this TOE, which can the user optionally add in the composition 5 certification process. 6 7 8.5.6.1 Signature Generation and Verification 8 The TSF shall perform signature generation and signature verification in accordance with a specified 9 cryptographic algorithm ECDSA and cryptographic key sizes 160, 163, 192, 224, 233, 256, 283, 320, 384, 10 409, 512 or 521 bits that meet the following standard: 11 12 Signature Generation: 13 According to section 7.3 in ANSI X9.62 – 2005: 14 Not implemented is step d) and e) thereof. 15 The output of step e) has to be provided as input to our function by the caller. 16 Deviation of step c) and f): 17 The jumps to step a) were substituted by a return of the function with an error code, the jumps are 18 emulated by another call to our function. 19 20 Signature Verification: 21 According to section 7.4.1 in ANSI X9.62–2005: 22 Not implemented is step b) and c) thereof. 23 The output of step c) has to be provided as input to our function by the caller. 24 Deviation of step d): 25 Beside noted calculation, our algorithm adds a random multiple of the group order n to the calculated 26 values u1 and u2. 27 28 The covered security functional requirement is FCS_COP.1/ECDSH, FCS_COP.1/ECDSH_PSL. 29 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 30 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 31 TSF is not provided. 32 Note: The TOE can also be delivered with the optional ECC library. The optional ECC library 33 contains the ECC algorithms stated above. The optional ECC library needs an accessible 34 Crypto2304T. If the optional ECC library is not delivered then this TSF is not provided. 35 Note: The TOE can be delivered with the optional PSL library. The PSL library contains a 36 standardized interface to the functions of the ECC library. 37 8.5.6.2 Asymmetric Key Generation 38 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key 39 generation algorithm Elliptic Curve EC specified in ANSI X9.62-1998 and specified cryptographic key 40 sizes 160, 163, 192, 224, 233, 256, 283, 320, 384, 409, 512 or 521 bits that meet the following standard: 41 82 Security Target Lite M9900, M9905, M9906 Public 1 ECDSA Key Generation: 2 According to the appendix A4.3 in ANSI X9.62-2005 the cofactor h is not supported. 3 4 The covered security functional requirement is FCS_CKM.1/EC. 5 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 6 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 7 TSF is not provided. 8 Note: The TOE can also be delivered with the optional ECC library. The optional ECC library 9 contains the ECC algorithms stated above. The optional ECC library needs an accessible 10 Crypto2304T. If the optional ECC library is not delivered then this TSF is not provided. 11 12 8.5.6.3 Asymmetric Key Agreement 13 The TSF shall perform elliptic curve Diffie-Hellman key agreement in accordance with a specified 14 cryptographic algorithm ECDH and cryptographic key sizes 160, 163, 192, 224, 233, 256, 283, 320, 384, 15 409, 512 or 521 bits that meet the following standard: 16 According to section 5.4.1 in ANSI X9.63 -2001 Unlike section 5.4.1.3 our implementation not only 17 returns the x-coordinate of the shared secret, but rather the x-coordinate and y-coordinate. 18 19 The covered security functional requirement is FCS_COP.1/ECDH, FCS_COP.1/ECDH_PSL. 20 Note: This TOE can be delivered with the Crypto2304T coprocessor accessible or blocked. In case 21 the Crypto2304T is blocked, no ECC computation supported by hardware is possible and this 22 TSF is not provided. 23 Note: The TOE can also be delivered with the optional ECC library. The optional ECC library 24 contains the ECC algorithms stated above. The optional ECC library needs an accessible 25 Crypto2304T. If the optional ECC library is not delivered then this TSF is not provided. 26 Note: The TOE can be delivered with the optional PSL library. The PSL library contains a 27 standardized interface to the functions of the ECC library. 28 8.5.7 Toolbox Library 29 The toolbox provides the following basic long integer arithmetic and modular functions in software, 30 supported by the cryptographic coprocessor: Addition, subtraction, division, multiplication, 31 comparison, reduction, modular addition, modular subtraction, modular multiplication, modular 32 inversion and modular exponentiation. No security relevant policy, mechanism or function is 33 supported. The toolbox library is deemed for software developers as support for simplified 34 implementation of long integer and modular arithmetic operations. 35 The toolbox does not cover security functional requirements. 36 83 Security Target Lite M9900, M9905, M9906 Public 8.5.8 Asymmetric Base Library 1 The asymmetric Base library provides the low level interface to the asymmetric cryptographic 2 coprocessor and has no user available interface. The asymmetric Base library does not provide 3 any security functionality, implements no security mechanism, and does not provide additional 4 specific security functionality. The asymmetric Base library does not cover security functional 5 requirements. 6 8.5.9 Symmetric Crypto Library (SCL) 7 The symmetric crypto Library provides an interface to the SCP for AES and 3DES operations. The 8 SCL contains additional software countermeasures to harden the restance against side channel 9 and fault attacks. The SCL consists of three files “AES.lib”, “DES.lib” and “cipher.lib”. Those 10 library files will only distributes together. 11 The covered security functional requirements are FCS_COP.1/DES_SCL, FSC_COP.1/AES_SCL. 12 8.5.1 Hash Crypto Library (HCL) 13 The hash crypto Library provides an interface to SHA-1 and SHA-2 hash operations. The HCL 14 contains additional software countermeasures to harden the restance against single side channel 15 template attacks. The HCL consists of the files “HCL97-CPU-L90-hash.lib” and “HCL97-CPU-L90- 16 sha.lib” 17 The covered security functional requirements are FCS_COP.1/SHA. 18 19 8.5.2 Platform Support Layer (PSL) 20 The Platform Support Layer (PSL) library is used to provide a standardized interface to the hardware, 21 directly or via the RSA, ECC and SCL lib 22 rary. The provided interfaces are syntactically similar to Windows NT device driver calls. The PSL 23 provides as additional cryptographic operations a MAC calculation with AES and 3DES keys. 24 The covered security functional requirements are FCS_COP.1/DES_PSL, FCS_COP.1/DES_MAC_PSL, 25 FSC_COP.1/AES_PSL, FSC_COP.1/AES_MAC_PSL, FCS_COP.1/RSA_PSL, FSC_COP.1/ECDSH_PSL, 26 FCS_COP.1/ECDH_PSL, FCS_COP.1/SHA_PSL, FCS_RNG.1/PSL. 27 28 8.5.3 TRNG 29 Random data is essential for cryptography as well as for security mechanisms. The TOE is equipped 30 with a physical True Random Number Generator (TRNG, FCS_RNG.1/HW and FCS_RNG.1/PSL). The 31 random data can be used from the Smartcard Embedded Software and is also used from the security 32 features of the TOE, like masking. The TRNG implements also self testing features. The TRNG fulfils the 33 requirements from the functionality class PTG.2 of [6]. 34 The covered security functional requirement is FCS_RNG.1/HW and FCS_RNG.1/PSL “Quality metric 35 for random numbers”, FPT_PHP.3 “Resistance to physical attack”, FDP_ITT.1 “Basic internal transfer 36 protection”, FPT_ITT.1 “Basic internal TSF data transfer protection, FDP_IFC.1 “Subset information 37 flow control“, FPT_TST.2 “Subset TOE security testing“ and FPT_FLS.1“Failure with preservation of 38 secure state”. 39 40 The SF_CS “Cryptographic Support” covers the security functional requirements FCS_COP.1/DES, 41 FCS_COP.1/DES_SCL, FCS_COP.1/DES_PSL, FCS_COP.1/DES_MAC_PSL, FSC_COP.1/AES, 42 FSC_COP.1/AES_SCL, FSC_COP.1/AES_PSL, FSC_COP.1/AES_MAC_PSL, FCS_COP.1/RSA, 43 84 Security Target Lite M9900, M9905, M9906 Public FCS_COP.1/RSA_PSL, FSC_COP.1/ECDSH, FSC_COP.1/ECDSH_PSL, FCS_COP.1/ECDH, 1 FCS_COP.1/ECDH_PSL, FSC_CKM.1/RSA, FSC_CKM.1/RSA_PSL, FCS_CKM.1/EC, FPT_PHP.3, FDP_ITT.1, 2 FPT_ITT.1, FPT_FLS.1 ,FCS_RNG.1/HW and FCS_RNG.1/PSL, FDP_IFC.1. 3 8.6 Assignment of Security Functional Requirements to TOE’s 4 Security Functionality 5 The justification and overview of the mapping between security functional requirements (SFR) and 6 the TOE’s security functionality (SF) is given in sections the sections above. The results are shown in 7 Table 21. The security functional requirements are addressed by at least one relating security feature. 8 The various functional requirements are often covered manifold. As described above the 9 requirements ensure that the TOE is checked for correct operating conditions and if a not correctable 10 failure occurs that a stored secure state is achieved, accompanied by data integrity monitoring and 11 actions to maintain the integrity although failures occurred. An overview is given in following table: 12 Table 21 Mapping of SFR and SF 13 SFR SF_DPM SF_PS SF_PMA SF_PLA SF_CS FAU_SAS.1 X FMT_LIM.1 X FMT_LIM.2 X FDP_ACC.1 X X FDP_ACF.1 X X FPT_PHP.3 X X X FDP_ITT.1 X X X FDP_SDI.1 X FDP_SDI.2 X FDP_IFC.1 X X X X FMT_MSA.1 X X FMT_MSA.3 X X FMT_SMF.1 X X FRU_FLT.2 X FPT_ITT.1 X X X X FPT_TST.2 X FPT_FLS.1 X X X X X FCS_RNG.1/HW X FCS_RNG.1/PSL X FCS_COP.1/DES X FCS_COP.1/DES_SCL X FCS_COP.1/DES_PSL X FCS_COP.1/DES_MAC_PSL X FCS_COP.1/AES X FCS_COP.1/AES_SCL X FCS_COP.1/AES_PSL X 85 Security Target Lite M9900, M9905, M9906 Public FCS_COP.1/AES_MAC_PSL X FCS_COP.1/RSA X FCS_COP.1/RSA_PSL X FCS_COP.1/ ECDSA X FCS_COP.1/ ECDSA_PSL X FCS_COP.1/ECDH X FCS_COP.1/ECDH_PSL X FCS_COP.1/SHA X FCS_COP.1/SHA_PSL X FCS_CKM.1/RSA X FCS_CKM.1/EC X 1 2 8.7 Security Requirements are internally Consistent 3 For this chapter the PP [1] section 6.3.4 can be applied completely. 4 In addition to the discussion in section 6.3 of PP [1] the security functional requirement FCS_COP.1 is 5 introduced. The security functional requirements required to meet the security objectives O.Leak- 6 Inherent, O.Phys-Probing, O.Malfunction, O.Phys-Manipulation and O.Leak-Forced also protect the 7 cryptographic algorithms implemented according to the security functional requirement FCS_COP.1. 8 Therefore, these security functional requirements support the secure implementation and operation 9 of FCS_COP.1. 10 As disturbing, manipulating during or forcing the results of the test checking the security functions 11 after TOE delivery, this security functional requirement FPT_TST.2 has to be protected. An attacker 12 could aim to switch off or disturb certain sensors or filters and preserve the detection of his 13 manipulation by blocking the correct operation of FPT_TST.2. The security functional requirements 14 required to meet the security objectives O.Leak-Inherent, O.Phys-Probing, O.Malfunction, O.Phys- 15 Manipulation and O.Leak-Forced also protect the security functional requirement FPT_TST.2. 16 Therefore, the related security functional requirements support the secure implementation and 17 operation of FPT_TST.2. 18 The requirement FPT_TST.2 allows testing of some security mechanisms by the Smartcard Embedded 19 Software after delivery. In addition, the TOE provides an automated continuous user transparent 20 testing of certain functions. 21 The implemented level concept represents the area based memory access protection enforced by the 22 MPU. As an attacker could attempt to manipulate the privilege level definition as defined and present 23 in the TOE, the functional requirement FDP_ACC.1 and the related other requirements have to be 24 protected themselves. The security functional requirements required to meet the security objectives 25 O.Leak-Inherent, O.Phys-Probing, O.Malfunction, O.Phys-Manipulation and O.Leak-Forced also 26 protect the area based memory access control function implemented according to the security 27 functional requirement described in the security functional requirement FDP_ACC.1 with reference to 28 the Memory Access Control Policy and details given in FDP_ACF.1. Therefore, those security functional 29 requirements support the secure implementation and operation of FDP_ACF.1 with its dependent 30 security functional requirements. 31 86 Security Target Lite M9900, M9905, M9906 Public The requirement FDP_SDI.2.1 allows detection of integrity errors of data stored in memory. 1 FDP_SDI.2.2 in addition allows correction of one bit errors or taking further action. Both meet the 2 security objective O.Malfunction. The requirements FRU_FLT.2, FPT_FLS.1, and FDP_ACC.1 which also 3 meet this objective are independent from FDP_SDI.2 since they deal with the observation of the 4 correct operation of the TOE and not with the memory content directly. 5 87 Security Target Lite M9900, M9905, M9906 Public 9 References 1 [1] Security IC Platform Protection Profile, Version 1.0, 15.06.2007, BSI-PP-0035 [2] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and General Model; Version 3.1 Revision 5, April 2017, CCMB-2017-04-001 [3] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Requirements; Version 3.1 Revision 5, April 2017, CCMB-2017-04-002 [4] Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance Requirements; Version 3.1 Revision 5, September 2017, CCMB-2017-04--003 [5] ARMv7-M Architecture Reference Manual, ARM DDI 0403D ID021310, 12. February 2010, ARM Limited [6] A proposal for: Functionality classes for random number generators, Version 2.0, 18. September 2011 [7] SLE97 Hardware Reference Manual, Infineon Technologies AG [10] Joint Interpretation Library, Application of Attack Potential to Smartcards, Version 2.9, January 2013 [11] SLE97 Programmer’s Reference Manual, Infineon Technologies AG [12] M9900 Errata Sheet, Infineon Technologies AG M9905 M9906 Errata Sheet, Infineon Technologies AG [15] Anwendungshinweise und Interpretationen zum Schema (AIS), AIS31, Version 3, 2013-05- 15, Bundesamt für Sicherheit in der Informationstechnik [SHS] NIST: FIPS publication 180-4: Secure Hash Standard (SHS), August 2015 [DSS] NIST: FIPS publication 186-4: Digital Signature Standard (DSS), July 2013 [ECC] IETF: RFC 5639, Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation, March 2010, http://www.ietf.org/rfc/rfc5639.txt [BSIG] Act on the Federal Office for Information Security (BSI-Gesetz - BSIG) of 14 August 2009, Bundesgesetzblatt I p. 2821 [9797] ISO/IEC 9797-1: 2011 [N867] National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Commerce, NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revised January 2012, Revision 1 [N197] U.S. Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory (ITL), Advanced Encryption Standard (AES), FIPS PUB 197 [N38A] National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Data Encryption Standard, NIST Special Publication 800-38A, Edition 2001 [N38B] [PKCS] National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Data Encryption Standard, NIST Special Publication 800-38B, Edition 2005 PKCS #1: RSA Cryptography Standard, v2.2, October 27, 2012, RSA Laboratories [X962] American National Standard for Financial Services ANS X9.62-2005, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature 88 Security Target Lite M9900, M9905, M9906 Public Algorithm (ECDSA), November 16, 2005, American National Standards Institute [X963] American National Standard for Financial Services X9.63-2001, Public Key Cryptograph for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography, November 20, 2001, American National Standards Institute [ST] Confidential Security Target M9900, M9905, M9906 including optional Software Libraries RSA-EC-SCL-HCL-PSL, v3.7, 2018-08-17, Infineon Technologies AG 89 Security Target Lite M9900, M9905, M9906 Public 10 Appendix 1 In the following tables, the hash signatures of the respective CL97 Crypto Library files are 2 documented. For convenience purpose several hash values are referenced. 3 4 Table 22 Reference hash values of the FTL V1.01.0008 library 5 MD5 5abc1dca 0d92375d 3101a3cd de11faf8 SHA1 0201487a eb93b1a9 b766c02d 43a17c97 fe4c1106 SHA256 0438971c 5845d797 8d176578 b601812d e8d8e663 a09e3dc2 662b0999 7f473ea2 6 7 8 Table 23 Reference hash values of the CL97 v 2.05.005 Crypto libraries 9 Library Hash Value Cl97-LIB-base.lib: MD5 8a4a99be8204e99db9f3b409fae756f1 SHA1 dc8911a4ea23924d8dcc05429793e9d0c23504ba SHA256 1e1e8e4b8d2ca53985e5257626db8b5c7f439b2cc88c35eede3 a34f521de8530 Cl97-LIB-ecc.lib MD5 e27681989fd2891e856baa03f7ac7d4a SHA1 4a36bb058cb193db593b194ad8d6f29491afb996 SHA256 4172c0445e511e90b55f273985d90b4399ff9effb1608f18c6581 2f1efbd7453 Cl97-LIB-2k.lib MD5 17b01b76d3353b3a6710c2ee19f1e8b0 SHA1 0011e3f4678ebecf614796d7ba697eb55ac0870d SHA256 9dc4c346602ce6a9586ef62d4f1108b60a81e01c0e8753bf6d40 26a5ba6f59d4 Cl97-LIB-4k.lib MD5 d8c77f9f5a47dd587f219f73c66c82de SHA1 f2f4169cc2331732d234848cf771c7e73341e4ae SHA256 ac9866759a32cfca44377a88384a32bd27345cbacf2de30c4af3 1aefd4872928 Cl97-LIB-toolbox.lib MD5 e85484a56c08343a3bfb8bc57a9f3691 SHA1 51e8329a4013f130c4ef31ca6dcd2fb311d7fc6c SHA256 e383c7934627c6e4638b6e5b6b224913d6fc4e216431bc1b513 01a02b9b6bf25 90 Security Target Lite M9900, M9905, M9906 Public 1 Table 24 Reference hash values of the CL97 v2.07.003 Crypto libraries 2 Library Hash Value Cl97-LIB-base.lib: MD5 0581debbbc6bf992c1b979bcedb731c5 SHA1 d1afcc8ec1c898774f238568c7d8e159e4dd5f68 SHA256 02009f6c7b84b6e3d148dfa761143052720361c14babccc265a a8ce5a22a947a Cl97-LIB-ecc.lib MD5 6542752d79576891580c2daa395ef66b SHA1 097047756b24bf138b384357d6751ea8e33d8dff SHA256 8f72c8ebdad3c99c59e9d115b284e6245122bb9ab38bd93da2 47c282c1526383 Cl97-LIB-2k.lib MD5 7ab7f68c7eb0e8a0c6ea97c3185d882c SHA1 0e33b00961cba3d0be34352a6e7d9ddb6e12961e SHA256 701ecd9bcd4cd828982e7a9db35820c2e4482b98263492b907 2230a352d4d2e8 Cl97-LIB-4k.lib MD5 f5a36e6b9ff47d877c0e74e823e03d56 SHA1 bbb4fed8e9c37c180417602ac8395130b6c0fea5 SHA256 a8b6654f1302a9766ded5102b0ac6f93795bba1163885c44d02 09df137b1fb7e Cl97-LIB-toolbox.lib MD5 016053d0479897706ccd0638c39fd8f2 SHA1 ef499d2d497a5797e4ebf376b011d3ce41391d3b SHA256 5efc01016edbfc3e5de35e7c58700a63f1c1bcbea35be277e774 3659587aa22c 3 Table 25 Reference hash values of the SCL97 v2.01.011 crypto libraries 4 Scl97-SCP-v3-LIB-cipher.lib: MD5 a4c45e84dd9e2f651edf1ffaa077190d SHA1 4cbda743be21b29de6e826112120ea11a10c2641 SHA256 998ea5e14a36ef20fc6c7c5d6c511adaac8dfa0a411bd2b96e1c bd9eee3596eb Scl97-SCP-v3-LIB-des.lib: MD5 041abd8e8233e1b407d777b2734fbbd6 SHA1 ebfe549e8ac2092f1b03438f2ecb4995839b0c9a SHA256 784ed8ca5b60ee0ac91df10b6871429a3db77e1166b2142116f 4f0b61258d83d 91 Security Target Lite M9900, M9905, M9906 Public Scl97-SCP-v3-LIB-aes.lib: MD5 fd061c43a23c3a256ee2aa89dbfc3d27 SHA1 c3516afe6cf16f635704ebbc751ec2763b8115bd SHA256 57e6a9100d635d6df05241edb2874e3cbc2006927361ba4976 044f7d996e48ae Table 26 Reference hash values of the SCL97 v2.02.010 crypto libraries 1 Scl97-SCP-v3-LIB-cipher.lib: MD5 4d8cb3b84d95c386fb87ef6028d56404 SHA1 70f41981bd933db8f603b493c5fb035162e7758e SHA256 848f57e48083a8b76c1e45de4dc006e3ed9b8bcf08a683d4d 9466b56b924c6d2 Scl97-SCP-v3-LIB-des.lib: MD5 25b52ec314713ac21e9b3300011f0c6f SHA1 6ff3713a41413b0fc1badef971c4ff55a6fd5d5b SHA256 a633636604ab515251370fdfe28007ad2cb3baa190340c4a3e b88e2fcbf815b7 Scl97-SCP-v3-LIB-aes.lib: MD5 c8ca2dc013450d67d17d74deaeda79f0 SHA1 6bf7b1e082235ca5c0239ad070214a0337b89a13 SHA256 702653de911da2e3f5baa4ff7ff541a8ee43452dd2439373d55 c876027125598 Table 27 Reference hash values of the SCL97 v2.04.003 crypto libraries 2 Scl97-SCP-v3-LIB-cipher.lib: MD5 c33ce9fbf3bedb584d89cf5e63852e7d SHA1 6da3147ec2d9b764d9063216259b996cf2c8c86d SHA256 2d6334be629fd395fe7f7a090ec370c006c2ae6ec25b64b74a 1f1f3ab98685d1 Scl97-SCP-v3-LIB-des.lib: MD5 28e2e8228fcef90b83ae73016ed3e4eb SHA1 defe428b2b7387a97e76cea723f820d7c6051fe0 SHA256 f7f20c0f6616a7116ec1a1ff41c5665dc31e8c00e3179a93f255 676bd82ee555 Scl97-SCP-v3-LIB-aes.lib: MD5 b960280b103f2b7bb8c4283d4a51efdf SHA1 f06519c840ef4c3a5280301fc71f6778df5ca705 SHA256 5ad8ee3e8ee554c1de0ee8759f5ead51c8bc84d564ffbe2128 c818a592edaa60 Table 28 Reference hash values of the Mifare libraries 3 Library/object file Hash Value 92 Security Target Lite M9900, M9905, M9906 Public MifareManagement- 01.04.1275-M9900.lib MD5 96479e6e912754f7e1b46a51b6b21e86 SHA1 cbf54d59872af8703dd4694f42a3e9c0d274041c SHA256 d9adbd3b920347bebc1a778e233e2f36cf7e9ba012059742af 3c12053422ff05 MFM_BuildManufBlock.o MD5 db6555ece28bef262ef35653e142d4c9 SHA1 85c42ef153bbe31ed3e78ccce0506406d9e2a025 SHA256 29abeb9dfcedd84cbbc5c682221f3dbd3ee594ec6789b0592 63653603572bf36 MFM_DbC.o MD5 6d252e30cce9b2bcf179e20a96fdc9e2 SHA1 b3ea3c1b07f0766b8416d302c90cf3ed93ed1e3f SHA256 ba0073ba2a655120cd74d1f3572a16f8b26674178991f01c24 1fb6989693e89b MFM_GetUid.o MD5 66b88f06d72e97a485684fed780a1ac6 SHA1 6b981f5e3f6558e192f65b2fe83318865f324151 SHA256 52c858a07f517881add033bed9ad81a2d541c6b72cada5f2ff 9ad9467bc46923 MFM_InitializeCard.o MD5 0d86588f8ef6ad894195570afe8e93b6 SHA1 79c9227ba1f8d92a787581caf2eb7190ef5610e3 SHA256 6394f85fcf856d48f4843ada0e7ba9d078f02611f7b81ee767c 015bb0ab59d3f MFM_Version.o MD5 8f06a7bdb00d8b32381a3504b03b67c0 SHA1 cbc8af6f6bf7aca63fbf396b7c960c7f9002d0b9 SHA256 e8697d6432130b01fc1b70566dcb95e9e00feb7ef72722173c be250993d1717c MIF_ChangeAuthUidFrac.o MD5 15bf55cd40fa0627ed8c8172e1daa458 SHA1 933ce7482811887079374d8ce3f24941c70a2744 SHA256 309669f1806a5d7df1be9689273f2eea4bda64a62857ac480a 8ff59dc26e7a4b MIF_CreateCard.o MD5 2e717768e0ed3adc677956d688f6fccf SHA1 18fe13d1bc18744fe0f39c847949eb1449c48fef SHA256 33c1c8c7b398e2d6664f9c26180280395c3347c92ed8073f64 bcae146509686e MIF_CreateCard2.o 93 Security Target Lite M9900, M9905, M9906 Public MD5 19edf0e2ab03a6dfa9df8efb04acee07 SHA1 e57ef41fbac8fd9b8b66f5536d4b46a5a90c6745 SHA256 319c44e9c0f26159b3096d9aa14fef77a68d4d7d57c367de48 43a00a661f899d MIF_GetCardManagementInf o.o MD5 84cc0f64b983e7d6154c514f0f986a1b SHA1 c184b3f01a35431a127056d250d74911c83a8ca3 SHA256 be99647c532c7bf5888571f1d81fabb2b2caccad3568861ff25 0fa2be11ee0a4 MIF_GetSerialNumber.o MD5 8660d3bda3993ac7f397c148d2fc3219 SHA1 d1e74cb761b5b066dc2fc3e91dc10e6434b39cf8 SHA256 a31ec0bf93aad2412d071f469fab60e7fcd5bb2620c9bf7f7cc 5840219f19aae MIF_PersonalizeSector.o MD5 d7ebf18e189ba3b71ac6038a56e3f9c6 SHA1 a15cb233a876e40677faa1391df36fffe30d4471 SHA256 72f7f2cf4eaf10128cc96c4dd50e446283d5cda21b9ec01aceb 3458ccd9e04b MIF_ReadBlock.o MD5 fd335bdd81f095cf7295dfbdfd40fc8c SHA1 01697d26a03156fb7109ef68df82cc74c2031205 SHA256 39e1f779b6c64c18e96f2c97ade07de5c7b24b4490452fac6a a3a7d0f88ce7e7 MIF_ReleaseCard.o MD5 d0591c49f710bf2acac40e36bc1d992a SHA1 f026348cda84903e1046959cda237f2797679117 SHA256 279212992105f27c697bdb20fc98d50b4a65c3a90841db5ee6 db344edf8680ab MIF_WriteBlock.o MD5 bb9550c75a1ed791bbf9b27c1b72de5e SHA1 db7d47b723d4d571ea647f8120c5e712961e6842 SHA256 d2b057beb07defe9ab1fdfaf02046ac47b60ba7025d930280c 4ef1dcd7962c1e MifareManagement- 01.03.0927-M9900.lib MD5 d813db73036d96fa5f15c26e65ab505c SHA1 e6ce16d5d8e9af8c094c2d29347a9dba48e1c0c0 SHA256 cc9de5bf3cea917d1917875f27cbb6bc3104495737213c0750 107cbb917a11c2 94 Security Target Lite M9900, M9905, M9906 Public MFM_BuildManufBlock.o MD5 25e7c77efc2067959f2446ad550770a9 SHA1 34510ff5b2ff44786eda120d266ffc3c248ec269 SHA256 c50151de10b5de294f24827eabfdef96d3022b77b550d23227 2bbb1827ac791b MFM_DbC.o MD5 7d5b328a85ed341c45e8cbc2638006b0 SHA1 240313f94f31726a5ac774a51af1d3dbdb8af79d SHA256 8123b6925f3f4b387e37d752f3705fc8e388e2cf17da00f4f033 78e4f85ed5e MFM_GetUid.o MD5 d23bc2d0db1432a022010142a5bcbf44 SHA1 6da35bf697f6ba5e30606105eeecd6bef7326787 SHA256 e7fd30e1e67be19ae2e9d990e50b96841cf05a47c6f6a16e8b 2d82a7324cbd1c MFM_InitializeCard.o MD5 085a0883d1c97fe542ba02ad2c4221b1 SHA1 12c5fa65324c3d41fca0af84343d5fb19b50a47f SHA256 627d7c55a38dcd5e870df3e5bcfef039f208fbe0d332dc95cd1 43ef0ab522891 MFM_Version.o MD5 f2663fa192d94fa814a1b8dcd4453e86 SHA1 3229337c69f06c8a4284480e3097775189a2e4bc SHA256 7fca0cc8ef99c5cda3d3cd8167518c7d7a877050ea6c29f1655 bb2c44ad02f11 MIF_ChangeAuthUidFrac.o MD5 f0c1234092b1524809ca85aa7add0f9e SHA1 6e3b826c4eedbcb36d5f616a09563b7b0af1a543 SHA256 e3052fc5f6ac515d285de9c2b47a7e7aa24b56902f8d7fc7145 8746796a0bad1 MIF_CreateCard.o MD5 33905712b11e2db50bd84df35d187e9c SHA1 0c5bb952d29ced6413a6eb30e74757d16312d13b SHA256 951c0908b0b0bda0456f66490931b44915617bd44925efd7c 1597a2480094b30 MIF_GetCardManagementInf o.o MD5 20320b1fe31cb23643848c9ef2685f0b SHA1 eab96447a69edda577dd9b73b531f614f300bfe8 SHA256 bd2e81074b505ed2056040b043bf286da8883f30c9516d68b 00a84cb4fe152cd 95 Security Target Lite M9900, M9905, M9906 Public MIF_GetSerialNumber.o MD5 8a2e258d073b4c758a1db226ecf6cea7 SHA1 fa9cfcbbb10039ee1b5b8f64ddbcea0f46f5eaf3 SHA256 e16f66d734b61fb0f906576348e44b9eddf3a8c2d6985e299fc 8e92717bd7bf7 MIF_PersonalizeSector.o MD5 d89273b519a3eb0e3d52658332a36c00 SHA1 39a2dae1c2fad6e52b06f88304eb518974288f57 SHA256 e462c4717fbb40c57f58e9467b5a1e76d6077b79241dd9641 dc1294ecdf4d234 MIF_ReadBlock.o MD5 4b89ae0384dfd643050a0354990bd4dc SHA1 d3cf8d710d39e435d4052d0c162e08c8ffdadc2b SHA256 21e8e9debaf4d51679267ed66996a0c605c64c7b3a67623e9 5ac5081d3c7511f MIF_ReleaseCard.o MD5 6024f413ec32cd08fd5483b4d1c2c05f SHA1 ef5c45fd72b3f2258545655b63885de8970911d8 SHA256 b5aec17609d25629cbf2d72ef5de2cde47c33b5e1bd3c5eb0 e40fa1e3279668e MIF_WriteBlock.o MD5 1429c61a088d2d3c27b9bef3eda027b9 SHA1 28e39d08db6e74fc8973d399292666b5ab312cc0 SHA256 dcfedc0d4e87d4a902b5193aa54ebf3ce5eb38e9ad04bbdf7 8b3f71723d65013 MifareReader-01.02.0800- M9900.lib MD5 b7060def3f64e600c8d8b0291a0a4ba2 SHA1 8ade647dc615a91fd934d8e26325218fc98fe4da SHA256 9ef4e1737018cd86c99464d2bbee44c84937243437ca4eb0e 4ccbb03bc8df01f MFR_Crypt.o MD5 ccf1e31cc484f534234898148ab83265 SHA1 bcb4742bc22b6852fa1464e424220917c1c23062 SHA256 596c7886786b93516dad21dede9caf34542f12e4a939657b05 d345a1da730f69 MFR_DbC.o MD5 1e96928bea958e94457c9ced5ed70487 SHA1 abcc5c050ddb96307429959bceaa2e4f04a837bc SHA256 d9d6c496e5f5e0ef914c5a9ecd673aeb7c2a6e28fdd02d9089 76e1e2e823d4b3 96 Security Target Lite M9900, M9905, M9906 Public MFR_Prng.o MD5 dc9aacd0ff1fc75f6da0070f481060bb SHA1 977989a49c92a1fb208495ad09489eb53c27076f SHA256 32011fe4f2045122aa25375a15cc803f04c9301b360da7f9e79 9b53280702033 MFR_Version.o MD5 eb9ace0c2face772b6e8547e76facafc SHA1 48a69927c4aa4896f7230766f783f4465f22d85e SHA256 8da087cad186d4e3c43553368df62361796d68ff28f8fbfa0af9 05ecbf6505c4 MIF_ReaderModeAuthCard.o MD5 890bb995c4cb5219578beda31f40cf32 SHA1 9db5a58ae7293911368739b2669d9c24dc882502 SHA256 3b30d2faf23ba91a87b3f7c1c954c161807eab9a68891d99a0 7e75901d82ce9b MIF_ReaderModeAuthReader. o MD5 73ec1fc5c14b003423ab39688d379f40 SHA1 e492835ba1e5f249a3846e932ccc652b1f0a01fa SHA256 418c69c4be557db5f1592aa80c55449f7367c64c56521bd0a2 c4a5fd6012d901 MIF_ReaderModeDecrypt.o MD5 28691eaca450f5feef647ae2dc1d77f3 SHA1 1d05839a7ec29646a61ba58bbf0b1b9d496a22e0 SHA256 0e7e2bf0250543382f5bbd3378b7e8a2c46171f8dded7c527f 5971e7f6f4c08e MIF_ReaderModeEncrypt.o MD5 d496dd6788a68241bc1d1d1a19341b8a SHA1 ddfafba105305ca5918045eb249e5efab1dec651 SHA256 8c3b17d18f5d2f6e2312ca1db0d069126d3daf895fde1a477e 462ef523d292f4 MIF_ReaderModeEnd.o MD5 1ce2a83b12207e56b9d00a07ff117bb2 SHA1 1571c8aa80b756075fc3f3cfefcd20b5b57ba30d SHA256 de575fe8ce82a824b045a4ac2af3753f847d6b0eafd39f998b7 eb23c4d5bf475 MIF_ReaderModeGetInfo.o MD5 4a368a350f6b5cfc2b3b7dbc6c38d66a SHA1 0cde36ccb40cece1a7591c7ceadee1988fad0160 SHA256 10a4c957c12c49f80c2a2b0dc227addeeeec2fa708fb656a7d d336ab78a09bb0 MIF_ReaderModeSetup.o 97 Security Target Lite M9900, M9905, M9906 Public MD5 75b6bbbf1333f63289f069c4528eb803 SHA1 8c3300bc1d9d5d0977390585d327bdc0683bdb2f SHA256 4d193499cce7c2544a9b135c90ff7d05d635f11ec94ce6ae191 4a24d4be50982 1 Table 29 PSL library v4.00.10 2 Psl90.lib MD5 4263eb7321e170d89199593bf915faa5 SHA1 2f46f032e919991d93ea1fae9f9db3f096044d6a SHA256 9451d17d6876d38b19613241220fdc0574b7d88319d2f3218 1b819d34ea3eef7 3 Table 30 PSL library v5.00.06 4 Psl90.lib MD5 b41ba56c9239124f10a241ed1ac775f3 SHA1 2c3cfc01e66ad307deb43d835db5a4d85a03286f SHA256 ac256bd880d528b33ffe0594265378d3142b912357ea616b5 e68a06eecd83572 5 Table 31 HCL library v1.01.003 6 HCL97-CPU-L90-hash.lib MD5 d83d1294aa70fdf9b4b3883d617990a SHA1 44db57a695407da941b351fd909d460fbfa10825 SHA256 3d8712eaf73fe89c83b978c8ba583329df2762086c7b876751 5d3c3ef4560ede HCL97-CPU-L90-sha.lib MD5 b76d81c778e8ecb7efd5d20ac8d8f011 SHA1 0bcf346dc501c685616bf4f18ed90ea0640d1699 SHA256 50a0117ae0392a3928735fb9d777dcd5dd551b2c296317185 b50bf2e6c184b79 7 98 Security Target Lite M9900, M9905, M9906 Public 11 List of Abbreviations 1 2 AES Advanced Encryption Standard 3 AIS31 “Anwendungshinweise und Interpretationen zu ITSEC und CC 4 Funktionalitätsklassen und Evaluationsmethodologie für physikalische 5 Zufallszahlengeneratoren” 6 API Application Programming Interface 7 BOS Boot Software 8 CC Common Criteria 9 CPU Central Processing Unit 10 CRC Cyclic Redundancy Check 11 Crypto2304T Asymmetric Cryptographic Processor 12 CRT Chinese Reminder Theorem 13 DPA Differential Power Analysis 14 DFA Differential Failure Analysis 15 EC Elliptic Curve 16 ECC Error Correction Code 17 EDC Error Detection Code 18 EDU Error Detection Unit 19 GCIM Generic Chip Identification Mode (BOS-CIM) 20 EEPROM Electrically Erasable and Programmable Read Only Memory 21 EMA Electro magnetic analysis 22 HW Hardware 23 IC Integrated Circuit 24 ID Identification 25 IMM Interface Management Module 26 I/O Input/Output 27 MED Memory Encryption and Decryption 28 MPU Memory Protection Unit 29 O Objective 30 OS Operating system 31 PSL Platform Support Layer 32 RAM Random Access Memory 33 RMS Resource Management System 34 RNG Random Number Generator 35 ROM Read Only Memory 36 RSA Rives-Shamir-Adleman Algorithm 37 99 Security Target Lite M9900, M9905, M9906 Public SCL Symmetric Crypto Library 1 SCP Symmetric Cryptographic Processor 2 SF Security Feature 3 SFR Special Function Register, as well as Security Functional Requirement 4 SPA Simple power analysis 5 SW Software 6 T Threat 7 TM Test Mode (BOS) 8 TOE Target of Evaluation 9 TRNG True Random Number Generator 10 TSF TOE Security Functionality 11 UART Universal Asynchronous Receiver/Transmitter 12 UM User Mode (BOS) 13 UMSLC User Mode Security Life Control 14 3DES Triple DES Encryption Standard 15 100 Security Target Lite M9900, M9905, M9906 Public 12 Glossary 1 2 Boot System Part of the firmware with routines for controlling the operating 3 state and testing the TOE hardware 4 Central Processing Unit Logic circuitry for digital information processing 5 Chip Integrated Circuit] 6 Chip Identification Mode data Data stored in the SOLID FLASH™ NVM containing the chip 7 type, lot number (including the production site), die position on 8 wafer and production week and data stored in the ROM 9 containing the BOS version number 10 Chip Identification Mode Operational status phase of the TOE, in which actions for 11 identifying the individual chip by transmitting the Chip 12 Identification Mode data take place 13 Controller IC with integrated memory, CPU and peripheral devices 14 Crypto2304T Cryptographic coprocessor for asymmetric cryptographic 15 operations (RSA, Elliptic Curves) 16 Cyclic Redundancy Check Process for calculating checksums for error detection 17 Electrically Erasable and Programmable Read Only Memory (SOLID FLASH™ NVM) 18 Non-volatile memory permitting electrical read and write 19 operations 20 Firmware Part of the software implemented as hardware 21 Hardware Physically present part of a functional system (item) 22 Integrated Circuit Component comprising several electronic circuits 23 implemented in a highly miniaturized device using 24 semiconductor technology 25 Memory Encryption and Decryption 26 Method of encoding/decoding data transfer between CPU and 27 memory 28 Memory Hardware part containing digital information (binary data) 29 Microprocessor CPU with peripherals 30 Non-privilege level Restricted (non Supervisor) mode of the CPU 31 Object Physical or non-physical part of a system which contains 32 information and is acted upon by subjects 33 Operating System Software which implements the basic TOE actions necessary 34 for operation 35 Privilege level Supervisor mode of the CPU 36 Programmable Read Only Memory 37 Non-volatile memory which can be written once and then only 38 permits read operations 39 Random Access Memory Volatile memory which permits write and read operations 40 101 Security Target Lite M9900, M9905, M9906 Public Random Number Generator Hardware part for generating random numbers 1 Read Only Memory Non-volatile memory which permits read operations only 2 Resource Management System Part of the firmware containing SOLID FLASH™ NVM 3 programming routines, AIS31 testbench etc. 4 Security Mechanism Logic or algorithm which implements a specific security 5 function in hardware or software 6 SCP Symmetric cryptographic coprocessor for symmetric 7 cryptographic operations (3DES, AES). 8 Security Function Part(s) of the TOE used to implement part(s) of the security 9 objectives 10 Security Target Description of the intended state for countering threats 11 Smart Card Plastic card in credit card format with built-in chip 12 Software Information (non-physical part of the system) which is required 13 to implement functionality in conjunction with the hardware 14 (program code) 15 Subject Entity, generally in the form of a person, who performs actions 16 Target of Evaluation Product or system which is being subjected to an evaluation 17 Test Mode Operational status phase of the TOE in which actions to test 18 the TOE hardware take place 19 Threat Action or event that might prejudice security 20 User Person in contact with a TOE who makes use of its 21 operational capability 22 User Mode Operational status phase of the TOE in which actions 23 intended for the user takes place 24 WLB Wafer Level Ballgrid Array 25 WLP Wafer Level Package 26 27 28 Revision History 29 Major changes since the last revision 30 Page or Reference Description of change 3.0 Initial draft version 3.1 Corrections after TüvIT OR v1 3.2 Changed SHA notes 3.3 Update to latest PSL, SCL, HCL versions 3.4 Corrections after TüvIT OR v2 3.5 Minor corrections 3.6 Update of PSL, removed ACL v1.03.006 102 Security Target Lite M9900, M9905, M9906 Public Page or Reference Description of change 3.7 Changes according to BSI comments Trademarks of Infineon Technologies AG AURIX™, C166™, CanPAK™, CIPOS™, CoolGaN™, CoolMOS™, CoolSET™, CoolSiC™, CORECONTROL™, CROSSAVE™, DAVE™, DI-POL™, DrBlade™, EasyPIM™, EconoBRIDGE™, EconoDUAL™, EconoPACK™, EconoPIM™, EiceDRIVER™, eupec™, FCOS™, HITFET™, HybridPACK™, Infineon™, ISOFACE™, IsoPACK™, i-Wafer™, MIPAQ™, ModSTACK™, my-d™, NovalithIC™, OmniTune™, OPTIGA™, OptiMOS™, ORIGA™, POWERCODE™, PRIMARION™, PrimePACK™, PrimeSTACK™, PROFET™, PRO-SIL™, RASIC™, REAL3™, ReverSave™, SatRIC™, SIEGET™, SIPMOS™, SmartLEWIS™, SOLID FLASH™, SPOC™, TEMPFET™, thinQ!™, TRENCHSTOP™, TriCore™. Trademarks updated August 2015 Other Trademarks All referenced product or service names and trademarks are the property of their respective owners. ifx1owners. Edition 2018-08-17 Doc_Number Published by Infineon Technologies AG 81726 Munich, Germany © 2018 Infineon Technologies AG. All Rights Reserved. Do you have a question about this document? Email: erratum@infineon.com Document reference IMPORTANT NOTICE The information contained in this application note is given as a hint for the implementation of the product only and shall in no event be regarded as a description or warranty of a certain functionality, condition or quality of the product. Before implementation of the product, the recipient of this application note must verify any function and other technical information given herein in the real application. Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind (including without limitation warranties of non-infringement of intellectual property rights of any third party) with respect to any and all information given in this application note. The data contained in this document is exclusively intended for technically trained staff. It is the responsibility of customer’s technical departments to evaluate the suitability of the product for the intended application and the completeness of the product information given in this document with respect to such application. For further information on the product, technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies office (www.infineon.com). WARNINGS Due to technical requirements products may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies office. Except as otherwise explicitly approved by Infineon Technologies in a written document signed by authorized representatives of Infineon Technologies, Infineon Technologies’ products may not be used in any applications where a failure of the product or any consequences of the use thereof can reasonably be expected to result in personal injury. Trademarks of Infineon Technologies AG µHVIC™, µIPM™, µPFC™, AU-ConvertIR™, AURIX™, C166™, CanPAK™, CIPOS™, CIPURSE™, CoolDP™, CoolGaN™, COOLiR™, CoolMOS™, CoolSET™, CoolSiC™, DAVE™, DI-POL™, DirectFET™, DrBlade™, EasyPIM™, EconoBRIDGE™, EconoDUAL™, EconoPACK™, EconoPIM™, EiceDRIVER™, eupec™, FCOS™, GaNpowIR™, HEXFET™, HITFET™, HybridPACK™, iMOTION™, IRAM™, ISOFACE™, IsoPACK™, LEDrivIR™, LITIX™, MIPAQ™, ModSTACK™, my-d™, NovalithIC™, OPTIGA™, OptiMOS™, ORIGA™, PowIRaudio™, PowIRStage™, PrimePACK™, PrimeSTACK™, PROFET™, PRO-SIL™, RASIC™, REAL3™, SmartLEWIS™, SOLID FLASH™, SPOC™, StrongIRFET™, SupIRBuck™, TEMPFET™, TRENCHSTOP™, TriCore™, UHVIC™, XHP™, XMC™ Trademarks updated November 2015 Other Trademarks All referenced product or service names and trademarks are the property of their respective owners. ifx1owners. Edition 2018-08-17 ifx1 Published by Infineon Technologies AG 81726 Munich, Germany © 2018 Infineon Technologies AG. All Rights Reserved. Do you have a question about this document? Email: erratum@infineon.com Document reference IMPORTANT NOTICE The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics (“Beschaffenheitsgarantie”) . With respect to any examples, hints or any typical values stated herein and/or any information regarding the application of the product, Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind, including without limitation warranties of non-infringement of intellectual property rights of any third party. In addition, any information given in this document is subject to customer’s compliance with its obligations stated in this document and any applicable legal requirements, norms and standards concerning customer’s products and any use of the product of Infineon Technologies in customer’s applications. The data contained in this document is exclusively intended for technically trained staff. It is the responsibility of customer’s technical departments to evaluate the suitability of the product for the intended application and the completeness of the product information given in this document with respect to such application. For further information on the product, technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies office (www.infineon.com). WARNINGS Due to technical requirements products may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies office. Except as otherwise explicitly approved by Infineon Technologies in a written document signed by authorized representatives of Infineon Technologies, Infineon Technologies’ products may not be used in any applications where a failure of the product or any consequences of the use thereof can reasonably be expected to result in personal injury.