STMicroelectronics
MIFARE® DESFire® EV2 on ST31P450 A04
Security Target for composition
Common Criteria for IT security evaluation
SMD_MFDFEV2_ST31P450_ST_21_002 Rev 01.0
March 2022
I
BLANK
March 2022 SMD_MFDFEV2_ST31P450_ST_21_002 Rev 01.0 3/81
MIFARE DESFire EV2 on ST31P450 A04
Security Target for composition
Common Criteria for IT security evaluation
1 Introduction (ASE_INT)
1.1 Security Target reference
1 Document identification: MIFARE DESFire EV2 on ST31P450 A04 SECURITY TARGET
FOR COMPOSITION.
2 Version number: Rev 01.0, issued in March 2022.
3 Registration: registered at ST Microelectronics under number
SMD_MFDFEV2_ST31P450_ST_21_002.
1.2 TOE reference
4 This document presents the Security Target for composition (ST) of the technology
library MIFARE® DESFire® EV2(a)
on the Security IC ST31P450 A04.
5 This TOE is a composite TOE, built up with the combination of:
• The Security IC ST31P450 A04, designed by STMicroelectronics, and used as certified
platform,
• The technology library MIFARE DESFire EV2, developed by STMicroelectronics, and
built to operate with this Security IC platform.
6 Therefore, this Security Target is built on the Security IC Security Target Eurosmart -
Security IC Platform Protection Profile with Augmentation Packages, referenced BSI-CC-
PP-0084-2014.
The Security IC Security Target is called “Platform Security Target” in the following.
7 The precise reference of the Target of Evaluation (TOE) is given in Section 1.4: TOE
identification and the TOE features are described in Section 1.6: TOE description.
8 A glossary of terms and abbreviations used in this document is given in Appendix A:
Glossary.
a. MIFARE and DESFire are registered trademarks of NXP B.V. and are used under license.
www.st.com
Contents MIFARE DESFire EV2 on ST31P450 Security Target for composition
4/81 SMD_MFDFEV2_ST31P450_ST_21_002
Contents
1 Introduction (ASE_INT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Security Target reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 TOE reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4 TOE identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.5 TOE overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6 TOE description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
1.6.1 TOE hardware description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.6.2 TOE software description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.6.3 TOE documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7 TOE life cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.7.1 TOE intended usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.7.2 Delivery format and method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 Conformance claims (ASE_CCL, ASE_ECD) . . . . . . . . . . . . . . . . . . . . 16
2.1 Common Criteria conformance claims . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2 PP Claims . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.1 PP Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.2 PP Additions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.3 PP Claims rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3 Security problem definition (ASE_SPD) . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1 Description of assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2 Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.3 Organisational security policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.4 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4 Security objectives (ASE_OBJ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.1 Security objectives for the TOE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.2 Security objectives for the environment . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3 Security objectives rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.3.1 Assumption "Usage of secure values" . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3.2 Assumption "Terminal support" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
MIFARE DESFire EV2 on ST31P450 Security Target for composition Contents
SMD_MFDFEV2_ST31P450_ST_21_002 5/81
4.3.3 Assumption "Usage of Key-dependent Functions" . . . . . . . . . . . . . . . . 33
4.3.4 TOE threat "Unauthorised data modification for MFDFEV2" . . . . . . . . . 33
4.3.5 TOE threat "Impersonating authorised users during authentication for
MFDFEV2" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.3.6 TOE threat "Cloning for MFDFEV2" . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.3.7 TOE threat "MFDFEV2 resource availability" . . . . . . . . . . . . . . . . . . . . 34
4.3.8 TOE threat "MFDFEV2 code confidentiality" . . . . . . . . . . . . . . . . . . . . . 34
4.3.9 TOE threat "MFDFEV2 data confidentiality" . . . . . . . . . . . . . . . . . . . . . 34
4.3.10 TOE threat "MFDFEV2 code integrity" . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.3.11 TOE threat "MFDFEV2 data integrity" . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3.12 Organisational security policy "Confidentiality during communication" . 35
4.3.13 Organisational security policy "Integrity during communication" . . . . . . 35
4.3.14 Organisational security policy "Un-traceability of end-users" . . . . . . . . . 35
4.3.15 Organisational security policy "Transaction mechanism" . . . . . . . . . . . 36
5 Security requirements (ASE_REQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.1 Security functional requirements for the TOE . . . . . . . . . . . . . . . . . . . . . 37
5.1.1 Additional Security Functional Requirements regarding access control 42
5.1.2 Additional Security Functional Requirements regarding confidentiality,
authentication and integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.1.3 Additional Security Functional Requirements regarding the robustness
and correct operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2 TOE security assurance requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.3 Refinement of the security assurance requirements . . . . . . . . . . . . . . . . 51
5.4 Security Requirements rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.4.1 Rationale for the Security Functional Requirements . . . . . . . . . . . . . . . 52
5.4.2 Additional security objectives are suitably addressed . . . . . . . . . . . . . . 57
5.4.3 Additional security requirements are consistent . . . . . . . . . . . . . . . . . . 60
5.4.4 Dependencies of Security Functional Requirements . . . . . . . . . . . . . . . 61
5.4.5 Rationale for the Assurance Requirements . . . . . . . . . . . . . . . . . . . . . . 65
6 TOE summary specification (ASE_TSS) . . . . . . . . . . . . . . . . . . . . . . . . 67
6.1 TOE Security Functional Requirements realisation . . . . . . . . . . . . . . . . . 67
6.1.1 Security roles (FMT_SMR.1) / MFDFEV2 . . . . . . . . . . . . . . . . . . . . . . . 67
6.1.2 Subset access control (FDP_ACC.1) / MFDFEV2 . . . . . . . . . . . . . . . . . 67
6.1.3 Security attribute based access control (FDP_ACF.1) / MFDFEV2 . . . . 67
6.1.4 Static attribute initialisation (FMT_MSA.3) / MFDFEV2 . . . . . . . . . . . . . 67
6.1.5 Management of security attributes (FMT_MSA.1) / MFDFEV2 . . . . . . . 67
Contents MIFARE DESFire EV2 on ST31P450 Security Target for composition
6/81 SMD_MFDFEV2_ST31P450_ST_21_002
6.1.6 Specification of Management Functions (FMT_SMF.1) / MFDFEV2 . . . 67
6.1.7 Import of user data with security attributes (FDP_ITC.2) / MFDFEV2 . . 68
6.1.8 Inter-TSF basic TSF data consistency (FPT_TDC.1) / MFDFEV2 . . . . 68
6.1.9 Cryptographic operation (FCS_COP.1) / MFDFEV2-DES . . . . . . . . . . . 68
6.1.10 Cryptographic operation (FCS_COP.1) / MFDFEV2-AES . . . . . . . . . . . 68
6.1.11 Cryptographic key destruction (FCS_CKM.4) / MFDFEV2 . . . . . . . . . . 68
6.1.12 User identification before any action (FIA_UID.2) / MFDFEV2 . . . . . . . 68
6.1.13 User authentication before any action (FIA_UAU.2) / MFDFEV2 . . . . . 68
6.1.14 Multiple authentication mechanisms (FIA_UAU.5) / MFDFEV2 . . . . . . 68
6.1.15 Management of TSF data (FMT_MTD.1) / MFDFEV2 . . . . . . . . . . . . . . 69
6.1.16 Trusted path (FTP_TRP.1) / MFDFEV2 . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.1.17 Basic rollback (FDP_ROL.1) / MFDFEV2 . . . . . . . . . . . . . . . . . . . . . . . 69
6.1.18 Replay detection (FPT_RPL.1) / MFDFEV2 . . . . . . . . . . . . . . . . . . . . . 69
6.1.19 Unlinkability (FPR_UNL.1) / MFDFEV2 . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.1.20 Minimum and maximum quotas (FRU_RSA.2) / MFDFEV2 . . . . . . . . . 69
6.1.21 Subset residual information protection (FDP_RIP.1) / MFDFEV2 . . . . . 69
6.2 Statement of compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.2.1 Compatibility of security objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.2.2 Compatibility of Security Functional Requirements . . . . . . . . . . . . . . . . 71
6.2.3 Compatibility of Security Assurance Requirements . . . . . . . . . . . . . . . . 73
7 Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Appendix A Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
A.1 Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
A.2 Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
MIFARE DESFire EV2 on ST31P450 Security Target for composition List of tables
SMD_MFDFEV2_ST31P450_ST_21_002 7/81
List of tables
Table 1. TOE components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Table 2. Composite product life cycle phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Table 3. Summary of security aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 4. Summary of security objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Table 5. Security Objectives versus Assumptions, Threats or Policies . . . . . . . . . . . . . . . . . . . . . . 30
Table 6. Summary of functional security requirements for the TOE . . . . . . . . . . . . . . . . . . . . . . . . . 37
Table 7. TOE security assurance requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Table 8. Impact of EAL5 selection on BSI-CC-PP-0084-2014 refinements . . . . . . . . . . . . . . . . . . . 52
Table 9. Security Requirements versus Security Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Table 10. Dependencies of security functional requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Table 11. Platform Security Objectives vs. TOE Security Objectives. . . . . . . . . . . . . . . . . . . . . . . . . 70
Table 12. Platform Security Objectives for the Environment vs. TOE Security Objectives for the Envi-
ronment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Table 13. Platform Security Functional Requirements vs. TOE Security Functional Requirements. . 71
Table 14. TOE components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Table 15. Guidance documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Table 16. Sites list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Table 17. Common Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 18. Platform Security Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 19. Protection Profile and other related standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 20. Other standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 21. List of abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
List of figures MIFARE DESFire EV2 on ST31P450 Security Target for composition
8/81 SMD_MFDFEV2_ST31P450_ST_21_002
List of figures
Figure 1. TOE overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 2. Security IC Life-Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
MIFARE DESFire EV2 on ST31P450 Security Target for composition
SMD_MFDFEV2_ST31P450_ST_21_002 9/81
1.3 Context
9 The Target of Evaluation (TOE) referred to in Section 1.4: TOE identification, is evaluated
under the French IT Security Evaluation and Certification Scheme and is developed by the
Secure Microcontrollers Division of STMicroelectronics (ST).
10 The assurance level of the performed Common Criteria (CC) IT Security Evaluation is EAL5
augmented by ASE_TSS.2, ALC_DVS.2, AVA_VAN.5 and ALC_FLR.1.
11 The intent of this Security Target is to specify the Security Functional Requirements (SFRs)
and Security Assurance Requirements (SARs) applicable to the TOE, and to summarise its
chosen TSF services and assurance measures.
Since the TOE is a composite TOE, this Security Target is built on the Security IC Security
Target ST31P450 A04 Security Target for composition, referenced
SMD_ST31P450_ST_19_006.
12 This ST claims to be an instantiation of the "Eurosmart - Security IC Platform Protection
Profile with Augmentation Packages" (PP) registered and certified under the reference BSI-
CC-PP-0084-2014 in the German IT Security Evaluation and Certification Scheme.
13 The Platform Security Target introduces the following augmentations:
• Addition #1: “Support of Cipher Schemes” from [AUG]
• Addition #4: “Area based Memory Access Control” from [AUG].
• Additions specific to the Platform Security Target, some in compliance with [JILSR] and
ANSSI-PP0084.03.
14 This Security Target introduces augmentations dedicated to MIFARE DESFire EV2.
The original text of the PP is typeset as indicated here, its augmentations from [AUG] as
indicated here, and text originating in [JILSR] as indicated here, when they are reproduced
in this document.
15 This ST makes various refinements to the above mentioned PP and [AUG]. They are all
properly identified in the text typeset as indicated here or here. The original text of the PP
is repeated as scarcely as possible in this document for reading convenience. All PP
identifiers have been however prefixed by their respective origin label: BSI for BSI-CC-PP-
0084-2014, AUG1 for Addition #1 of [AUG], AUG4 for Addition #4 of [AUG] and JIL for
[JILSR].
1.4 TOE identification
16 The Target of Evaluation (TOE) is the technology library MIFARE DESFire EV2 on
ST31P450 A04.
17 “MIFARE DESFire EV2 on ST31P450 A04” completely identifies the TOE including its
components listed in Table 1: TOE components, its guidance documentation detailed in
Table 15: Guidance documentation, and its development and production sites indicated in
Table 16: Sites list.
Refer also to the corresponding tables in the ST31P450 A04 Security Target for
composition.
MIFARE DESFire EV2 on ST31P450 Security Target for composition
10/81 SMD_MFDFEV2_ST31P450_ST_21_002
18 All along the product life, the marking on the die, a set of accessible registers and a set of
specific instructions allow the customer to check the product information, providing the
identification elements, as listed in Table 1: TOE components, and the configuration
elements as detailed in the Data Sheet, referenced in the ST31P450 A04 Security Target for
composition.
19 In this Security Target, the term "MFDFEV2" means MIFARE® DESFire® EV2 1.0.4.
20 The MIFARE DESFire EV2 User Manual, referenced in Table 15: Guidance documentation,
details how to check the library integrity and version.
1.5 TOE overview
21 This TOE consists of a certified hardware platform and an applicative embedded software,
MIFARE DESFire EV2, stored in the hardware User NVM of the Platform.
22 The hardware platform is the ST31P450 with its firmware. It is identified as ST31P450 A04
which means it includes the components listed in the “Platform identification” columns
inTable 1: TOE components, and detailed in the Security IC Security Target ST31P450 A04
Security Target for composition, referenced SMD_ST31P450_ST_19_006.
The ST31P450 is designed to enable an effective usage of MIFARE DESFire EV2, and
underly its security functionality.
The Platform Security Target references the guidance documentation directly related to the
hardware platform.
23 Figure 1 provides an overview of the TOE.
Figure 1. TOE overview
24 The TOE is primarily designed for secure contact-less transport applications, loyalty
programs and access control systems. It fully complies with the requirements for fast and
Table 1. TOE components
Platform identification Library identification
IC Maskset
name
IC
version
Master identification
number
Firmware
version
MIFARE DESFire EV2
version
K410A C 0x01F1h 3.1.1 and 3.1.2 1.0.4
MIFARE DESFire EV2 on ST31P450 Security Target for composition
SMD_MFDFEV2_ST31P450_ST_21_002 11/81
highly secure data transmission, flexible memory organization and interoperability with
existing infrastructure.
25 The MIFARE technology library MIFARE DESFire EV2 features a mutual three pass
authentication, a data encryption on RF channel, and a flexible self-securing file system.
26 MIFARE DESFire EV2 has its own guidance documentation, listed inTable 15: Guidance
documentation.
27 The hardware platform is not fully described in the present Security Target, all useful
information can be found in its dedicated Platform Security Target [PF-ST]. Nevertheless,
the related assets, assumptions, threats, objectives and SFRs are reproduced in this
document.
1.6 TOE description
1.6.1 TOE hardware description
28 The ST31P450 A04 is described in the Platform Security Target ST31P450 A04 Security
Target for composition.
29 Note that the usage of the hardware platform and associated firmware is not limited or
constrained when MIFARE DESFire EV2 is embedded. The functions provided by the
Security IC platform remain normally accessible to the ES, as well as its life-cycle.
30 The only exception is the Library Protection Unit (LPU) of the hardware platform which is
dedicated to the protection of MIFARE DESFire EV2, ensuring that no application can read,
write, compare any piece of data or code belonging to MFDFEV2. Thus, the LPU is not
available for any other usage.
1.6.2 TOE software description
31 The ST31P450 A04 firmware, included in the platform evaluation is described in the
ST31P450 A04 Security Target for composition.
32 The TOE comprises a secure applicative Embedded Software, a MIFARE technology
library, which is embedded in the User NVM of the Platform by ST, and protected for
confidentiality and integrity of code and data by the LPU. MFDFEV2 is used in the User
configuration mode of the hardware platform.
MIFARE DESFire EV2 on ST31P450 Security Target for composition
12/81 SMD_MFDFEV2_ST31P450_ST_21_002
33 MIFARE® DESFire® EV2, features:
• flexible self-securing file system that groups user data into applications and files within
each application,
• support for different file types like values or data records,
• mutual three pass authentication,
• authentication on application level with fine-grained access conditions for files,
• multi-application support that allows distributed management of applications and
ensures application segregation,
• delegated-application support that allows third party service providers to create their
applications onto the issued TOE,
• multiple application selection that allows transaction over files in two applications,
• data encryption on RF channel,
• message Authentication Codes (MAC) for replay attack protection,
• transaction system with rollback that ensures consistency for complex transactions,
• unique serial number for each device (UID) with optional random UID,
• key set rolling feature per application to switch to a predefined key set,
• transaction MAC feature to prevent fraudulent merchant attacks,
• originality functionality that allows verifying the authenticity of the TOE,
• Virtual Card architecture to allow multiple applications on one device,
• proximity check feature against replay attacks on the TOE.
34 If privacy is an issue, the TOE can be configured not to disclose any information to
unauthorized users.
35 The TOE supports a MIFARE DESFire EV0 backward compatible mode for authentication.
The backward compatible mode for authentication is not part of any Security Functional
Requirement of this Security Target and is therefore not in the scope of the evaluation.
36 The TOE supports a MIFARE DESFire EV1 backward compatible authentication with 2-key
Tripe-DES. 2-key Triple-DES authentication is not part of any Security Functional
Requirement of this Security Target and is therefore not in the scope of the evaluation.
37 Note: The ES is not part of the TOE and is out of the scope of the evaluation, except
MIFARE DESFire EV2.
38 The TOE doesn’t need non-TOE hardware, software or firmware.
39 Note that the notion of various different roles and privileges does not exist for the MFDFEV2
library. Only one role (the ES) is defined at the level of the MFDFEV2 library and there are
no privileges, the ES having access to all the functions of the MFDFEV2 API.
1.6.3 TOE documentation
40 The user guidance documentation, part of the TOE, consists of:
• the platform user guidance documentation listed in the ST31P450 A04 Security Target
for composition,
• the MIFARE DESFire EV2 user manual,
• the MIFARE DESFire EV2 interface specification.
41 The complete list and details of guidance documents is provided in Table 15, except those
of the platform, listed in the ST31P450 A04 Security Target for composition.
MIFARE DESFire EV2 on ST31P450 Security Target for composition
SMD_MFDFEV2_ST31P450_ST_21_002 13/81
1.7 TOE life cycle
42 This Security Target is fully conform to the claimed PP. In the following, just a summary and
some useful explanations are given. For complete details on the TOE life cycle, please refer
to the Eurosmart - Security IC Platform Protection Profile with Augmentation Packages
(BSI-CC-PP-0084-2014), section 1.2.3.
43 The composite product life cycle is decomposed into 7 phases. Each of these phases has
the very same boundaries as those defined in the claimed protection profile.
Figure 2. Security IC Life-Cycle
44 The life cycle phases are summarized in Table 2.
45 The security IC platform life cycle is described in the Platform Security Target, as well as its
delivery format.
46 All the sites likely to be involved in the complete TOE life cycle are listed in Table 16, except
those dedicated to the Security IC platform, already detailed in the Platform Security Target.
In Table 16, the library development centers are denoted by the activity “ES-DEV”. The IT
support centers are denoted by the activity "IT".
47 MFDFEV2 is developed as part of Phase 1, then embedded by ST in the User NVM of the
platform, in Phase 3, in one of the sites denoted by the activity “EWS” in the Platform
Security Target.
MIFARE DESFire EV2 on ST31P450 Security Target for composition
14/81 SMD_MFDFEV2_ST31P450_ST_21_002
48 The TOE is then delivered as described in the Platform Security Target, i.e. after Phase 3 in
form of wafers or after Phase 4 in packaged form, depending on the customer’s order.
49 In the following, the term "TOE delivery" is uniquely used to indicate:
• after Phase 3 (or before Phase 4) if the TOE is delivered in form of wafers or sawn
wafers (dice) or
• after Phase 4 (or before Phase 5) if the TOE is delivered in form of packaged products.
50 The sites potentially involved in the complete TOE life cycle are listed in Table 16, except
those dedicated to the Security IC platform, already detailed in the Platform Security Target.
1.7.1 TOE intended usage
51 In Phase 7, the TOE is in the end-user environments. Depending on the application, the
composite products are used in a wide range of applications to assure authorised
conditional access. Examples of such are secure contact-less transport applications and
related loyalty programs, access control systems, closed loop payment systems.
52 The end-user environment therefore covers a wide range of very different functions. The
TOE is designed to be used in unsecured and unprotected environments.
1.7.2 Delivery format and method
53 MIFARE DESFire EV2 is delivered with the Security IC, already embedded by ST, in phase
3 or 4.
54 The Security IC platform can be delivered in form of wafers, micromodules or packages, as
described in the ST31P450 A04 Security Target for composition.
55 All the possible forms of delivery are equivalent from a security point of view.
Table 2. Composite product life cycle phases
Phase Name Description
1
IC embedded software
development
security IC embedded software development
specification of IC pre-personalization requirements
2
IC development IC design
IC dedicated software development
3
IC manufacturing integration and photomask fabrication
IC production
IC testing
Initialisation
pre-personalisation if necessary
4
IC packaging security IC packaging (and testing)
pre-personalisation if necessary
5
Composite product
integration
composite product finishing process
6
Personalisation composite product personalisation
composite product testing
7 Operational usage composite product usage by its issuers and consumers
MIFARE DESFire EV2 on ST31P450 Security Target for composition
SMD_MFDFEV2_ST31P450_ST_21_002 15/81
56 All the guidance documents are delivered as ciphered pdf files.
Conformance claims (ASE_CCL, ASE_ECD) MIFARE DESFire EV2 on ST31P450 Security Target
16/81 SMD_MFDFEV2_ST31P450_ST_21_002
2 Conformance claims (ASE_CCL, ASE_ECD)
2.1 Common Criteria conformance claims
57 The MIFARE DESFire EV2 on ST31P450 A04 Security Target claims to be conformant to
the Common Criteria version 3.1 revision 5.
58 Furthermore it claims to be CC Part 2 (CCMB-2017-04-002 R5) extended and CC Part 3
(CCMB-2017-04-003 R5) conformant.
59 The extended Security Functional Requirements are all defined in the Eurosmart - Security
IC Platform Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014):
• FCS_RNG Generation of random numbers,
• FMT_LIM Limited capabilities and availability,
• FAU_SAS Audit data storage,
• FDP_SDC Stored data confidentiality,
• FIA_API Authentication proof of identity.
The reader can find their certified definitions in the text of the "Eurosmart - Security IC
Platform Protection Profile with Augmentation Packages".
60 The assurance level for the MIFARE DESFire EV2 on ST31P450 A04 Security Target is
EAL5 augmented by ASE_TSS.2, ALC_DVS.2, AVA_VAN.5 and ALC_FLR.1.
61 The ST31P450 A04 platform has been evaluated according to the evaluation level EAL5
augmented by ALC_DVS.2 and AVA_VAN.5, thus ensuring compatibility between the
assurance levels chosen for the platform and the composite evaluations.
2.2 PP Claims
2.2.1 PP Reference
62 The MIFARE DESFire EV2 on ST31P450 A04 Security Target claims strict conformance to
the Eurosmart - Security IC Platform Protection Profile with Augmentation Packages (BSI-
CC-PP-0084-2014), as required by this Protection Profile.
63 The following packages have been selected from the BSI-CC-PP-0084-2014, and
completely addressed by the Security IC platform:
• Package “Authentication of the Security IC”,
• Packages for Loader:
– Package 1: Loader dedicated for usage in Secured Environment only,
– Package 2: Loader dedicated for usage by authorized users only.
2.2.2 PP Additions
64 The main additions operated on the BSI-CC-PP-0084-2014 are:
• Those described in the ST31P450 A04 Security Target for composition,
• Specific additions for MFDFEV2.
65 These additions are used to address additional functionality provided by the TOE, and not
covered by the Eurosmart - Security IC Platform Protection Profile with Augmentation
MIFARE DESFire EV2 on ST31P450 Security Target for composition Conformanceclaims
SMD_MFDFEV2_ST31P450_ST_21_002 17/81
Packages, nor by the Platform Security Target ST31P450 A04 Security Target for
composition. They address the additional security functionality provided by MFDFEV2.
66 All refinements are indicated with type setting text as indicated here, original text from the
BSI-CC-PP-0084-2014 being typeset as indicated here and here. Text originating in [AUG]
is typeset as indicated here. Text originating in [JILSR] is typeset as indicated here.
67 The security environment additions relative to the PP are summarized in Table 3.
68 The additional security objectives relative to the PP are summarized in Table 4.
69 The additional SFRs for the TOE relative to the PP are summarized in Table 6.
70 The additional SARs relative to the PP are summarized in Table 7.
2.2.3 PP Claims rationale
71 The differences between this Security Target security objectives and requirements and
those of BSI-CC-PP-0084-2014, to which conformance is claimed, have been identified and
justified in Section 4 and in Section 5. They have been introduced in the previous section.
72 In the following, the statements of the security problem definition, the security objectives,
and the security requirements are consistent with those of the BSI-CC-PP-0084-2014.
73 The security problem definition presented in Section 3, clearly shows the additions to the
security problem statement of the PP.
74 The security objectives rationale presented in Section 4.3 clearly identifies modifications
and additions made to the rationale presented in the BSI-CC-PP-0084-2014.
75 Similarly, the security requirements rationale presented in Section 5.4 has been updated
with respect to the protection profile.
76 All PP requirements have been shown to be satisfied in the extended set of requirements
whose completeness, consistency and soundness have been argued in the rationale
sections of the present document.
Security problem definition (ASE_SPD) MIFARE DESFire EV2 on ST31P450 Security Target for
18/81 SMD_MFDFEV2_ST31P450_ST_21_002
3 Security problem definition (ASE_SPD)
77 This section describes the security aspects of the environment in which the TOE is intended
to be used and addresses the description of the assets to be protected, the threats, the
organisational security policies and the assumptions.
78 Since this Security Target claims strict conformance to the Eurosmart - Security IC Platform
Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014), all the security
aspects defined in the Protection Profile apply to the TOE.
In order to address complementary TOE security functionality not defined in the Protection
Profile, some security aspects have been introduced in the Platform Security Target and in
this one.
79 Note that the origin of each security aspect is clearly identified in the prefix of its label. Most
of these security aspects can therefore be easily found in the Eurosmart - Security IC
Platform Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014), section
3.
80 A summary of all these security aspects with their respective origin and status of inclusion in
the ST31P450 A04 Security Target for composition is provided in Table 3.
All the security aspects defined in the ST31P450 A04 Security Target for composition are
valid for the present Security Target.
81 Only the ones introduced in this Security Target, are detailed in the following sections
(column “In [PF-ST] ” = No).
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security problem definition
SMD_MFDFEV2_ST31P450_ST_21_002 19/81
Table 3. Summary of security aspects
Label Title Origin In [PF-ST]
TOE
threats
BSI.T.Leak-Inherent Inherent Information Leakage [PP0084] Yes
BSI.T.Phys-Probing Physical Probing [PP0084] Yes
BSI.T.Malfunction Malfunction due to Environmental Stress [PP0084] Yes
BSI.T.Phys-Manipulation Physical Manipulation [PP0084] Yes
BSI.T.Leak-Forced Forced Information Leakage [PP0084] Yes
BSI.T.Abuse-Func Abuse of Functionality [PP0084] Yes
BSI.T.RND Deficiency of Random Numbers [PP0084] Yes
BSI.T.Masquerade-TOE Masquerade the TOE [PP0084] Yes
AUG4.T.Mem-Access Memory Access Violation [AUG] Yes
JIL.T.Open-Samples-Diffusion Diffusion of open samples [JILSR] Yes
T.Data-Modification-MFDFEV2 Unauthorised data modification for
MFDFEV2
No
T.Impersonate-MFDFEV2 Impersonating authorised users during
authentication for MFDFEV2
No
T.Cloning-MFDFEV2 Cloning for MFDFEV2 No
T.Confid-Applic-Code-
MFDFEV2
MFDFEV2 code confidentiality No
T.Confid-Applic-Data-
MFDFEV2
MFDFEV2 data confidentiality No
T.Integ-Applic-Code-MFDFEV2 MFDFEV2 code integrity No
T.Integ-Applic-Data-MFDFEV2 MFDFEV2 data integrity No
T.Resource-MFDFEV2 MFDFEV2 resource availability No
OSPs
BSI.P.Process-TOE Protection during TOE Development and
Production
[PP0084] Yes
BSI.P.Lim-Block-Loader Limiting and blocking the loader
functionality
[PP0084] Yes
BSI.P.Ctrl-Loader Controlled usage to Loader Functionality [PP0084] Yes
AUG1.P.Add-Functions Additional Specific Security Functionality [AUG] Yes
P.Encryption Confidentiality during communication No
P.MAC Integrity during communication No
P.No-Trace Un-traceability of end-users No
P.Transaction Transaction mechanism No
Assumptions
BSI.A.Process-Sec-IC Protection during Packaging, Finishing
and Personalisation
[PP0084] Yes
BSI.A.Resp-Appl Treatment of User Data [PP0084] Yes
A.Secure-Values Usage of secure values No
A.Terminal-Support Terminal support No
A.KeyFunction Usage of Key-dependent Functions No
Security problem definition (ASE_SPD) MIFARE DESFire EV2 on ST31P450 Security Target for
20/81 SMD_MFDFEV2_ST31P450_ST_21_002
3.1 Description of assets
82 Since this Security Target claims strict conformance to the Eurosmart - Security IC Platform
Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014), the high-level
concerns defined in section 3.1 of the Protection Profile are related to standard functionality
and are applied and the assets regarding threats are clarified in the ST31P450 A04 Security
Target for composition.
• Integrity and confidentiality of User Data stored and in operation,
• Integrity and confidentiality of the Security IC Embedded Software, stored and in
operation,
• Correct operation of the Security Services provided by the TOE for the Security IC
Embedded Software,
• Deficiency of random numbers.
83 To be able to protect the assets based on this concerns, the TOE shall protect its security
functionality. Therefore, critical information about the TOE shall be protected. Critical
information includes:
• Logical design data, physical design data, IC Dedicated Software, Security IC
Embedded Software and configuration data.
• Initialization Data and Pre-personalization Data, specific development aids, test and
characterization related data, material for software development support, and photo
masks.
84 Note that the keys for the cryptographic co-processors are seen as User Data.
3.2 Threats
85 These threats are described in the Platform Security Target [PF-ST], and just recalled here.
BSI.T.Leak-Inherent Inherent Information Leakage
BSI.T.Phys-Probing Physical Probing
BSI.T.Malfunction Malfunction due to Environmental Stress
BSI.T.Phys-Manipulation Physical Manipulation
BSI.T.Leak-Forced Forced Information Leakage
BSI.T.Abuse-Func Abuse of Functionality
BSI.T.RND Deficiency of Random Numbers
BSI.T.Masquerade-TOE Masquerade the TOE
AUG4.T.Mem-Access Memory Access Violation
JIL.T.Open-Samples-Diffusion Diffusion of open samples
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security problem definition
SMD_MFDFEV2_ST31P450_ST_21_002 21/81
86 The following additional threats are related to MFDFEV2.
T.Data-Modification-
MFDFEV2
Unauthorised data modification for MFDFEV2:
User data stored by the TOE may be modified by unauthorised
subjects. This threat applies to the processing of modification
commands received by the TOE, it is not concerned with
verification of authenticity.
T.Impersonate-
MFDFEV2
Impersonating authorised users during authentication for
MFDFEV2:
An unauthorised subject may try to impersonate an authorised
subject during the authentication sequence, e.g. by a man-in-the
middle or replay attack.
T.Cloning-MFDFEV2 Cloning for MFDFEV2:
User and TSF data stored on the TOE (including keys) may be read
out by an unauthorised subject in order to create a duplicate.
T.Confid-Applic-Code-
MFDFEV2
MFDFEV2 code confidentiality:
MIFARE DESFire EV2 Licensed product code must be protected
against unauthorized disclosure. This relates to attacks at runtime
to gain read access to memory area where the
MIFARE DESFire EV2 licensed product executable code is stored.
The attacker executes an application to disclose code belonging to
MIFARE DESFire EV2 Licensed product.
T.Confid-Applic-Data-
MFDFEV2
MFDFEV2 data confidentiality:
MIFARE DESFire EV2 Licensed product data must be protected
against unauthorized disclosure. This relates to attacks at runtime
to gain read access to the MIFARE DESFire EV2 licensed product
data by another application.
For example, the attacker executes an application that tries to read
data belonging to MIFARE DESFire EV2 Licensed product.
T.Integ-Applic-Code-
MFDFEV2
MFDFEV2 code integrity:
MIFARE DESFire EV2 Licensed product code must be protected
against unauthorized modification. This relates to attacks at runtime
to gain write access to memory area where the
MIFARE DESFire EV2 Licensed product executable code is stored.
The attacker executes an application that tries to alter (part of) the
DESFire EV2 Licensed product code.
T.Integ-Applic-Data-
MFDFEV2
MFDFEV2 data integrity:
MIFARE DESFire EV2 Licensed product data must be protected
against unauthorized modification. This relates to attacks at runtime
to gain write access to the MIFARE DESFire EV2 Licensed product
data by another application.
The attacker executes an application that tries to alter (part of) the
DESFire EV2 Licensed product data.
Security problem definition (ASE_SPD) MIFARE DESFire EV2 on ST31P450 Security Target for
22/81 SMD_MFDFEV2_ST31P450_ST_21_002
3.3 Organisational security policies
87 These security policies are described in the Platform Security Target [PF-ST], and just
recalled here.
88 The TOE provides specific security functionality that can be used by MFDFEV2. In the
following specific security functionality is listed which is not derived from threats identified
for the TOE’s environment because it can only be decided in the context of the Security IC
application, against which threats MFDFEV2 will use the specific security functionality.
89 New Organisational Security Policies (OSPs) are defined here below:
90 P.Confidentiality, P.MAC, P.Transaction and P.No-Trace are related to MFDFEV2.
T.Resource-MFDFEV2 MFDFEV2 resource availability:
The availability of the TOE resources for the MIFARE DESFire EV2
Licensed product shall be controlled to prevent denial of service or
malfunction.
An attacker prevents correct execution of MIFARE DESFire EV2
Licensed product through consumption of some resources of the
card: e.g. RAM or non-volatile RAM.
BSI.P.Process-TOE Identification during TOE Development and Production
BSI.P.Lim-Block-Loader Limiting and blocking the loader functionality
BSI.P.Ctrl-Loader Controlled usage to Loader Functionality
AUG1.P.Add-Functions Additional Specific Security Functionality
P.Encryption Confidentiality during communication:
The TOE shall provide the possibility to protect selected data
elements from eavesdropping during contact-less
communication.
P.MAC Integrity during communication:
The TOE shall provide the possibility to protect the contact-less
communication from modification or injections. This includes
especially the possibility to detect replay or man-in-the-middle
attacks within a session.
P.Transaction Transaction mechanism:
The TOE shall provide the possibility to combine a number of
data modification operations in one transaction, so that either all
operations or no operation at all is performed.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security problem definition
SMD_MFDFEV2_ST31P450_ST_21_002 23/81
3.4 Assumptions
91 These assumptions are described in the Platform Security Target [PF-ST] and in the BSI-
CC-PP-0084-2014, section 3.4.
92 The following assumptions are added for MFDFEV2. They are required for the correct
functioning of MFDFEV2 security functionality.
They do not contradict with the security problem definition of the BSI-CC-PP-0084-2014,
since they are only related to assets which are out of the scope of this PP.
93 In consequence, the addition of these assumptions does not contradict with the strict
conformance claim on the BSI-CC-PP-0084-2014.
P.No-Trace Un-traceability of end-users:
The TOE shall provide the ability that authorised subjects can
prevent that end-user of TOE may be traced by unauthorised
subjects without consent. Tracing of end-users may happen by
performing a contact-less communication with the TOE when the
end-user is not aware of it. Typically this involves retrieving the
UID or any freely accessible data element.
BSI.A.Process-Sec-IC Protection during Packaging, Finishing and Personalisation
BSI.A.Resp-Appl Treatment of User Data of the Composite TOE
A.Secure-Values Usage of secure values:
Only confidential and secure cryptographically strong keys shall
be used to set up the authentication. These values are generated
outside the TOE and they are downloaded to the TOE.
A.Terminal-Support Terminal support:
The terminal verifies information sent by the TOE in order to
ensure integrity and confidentiality of the communication.
Furthermore, the terminal shall provide random numbers
according to AIS20 or AIS31 [1] for the authentication
A.KeyFunction Usage of Key-dependent Functions:
Key-dependent Functions (if any) shall be implemented in the
Security IC Embedded Software in a way that they are not
susceptible to leakage attacks (as described under T.Leak-
Inherent and T.Leak-Forced).
Note that here the routines which may compromise keys when
being executed are part of the Security IC Embedded Software.
In contrast to this, the threats T.Leak-Inherent and T.Leak-Forced
address (i) the cryptographic routines which are part of the TOE
(ii) the processing of User Data including cryptographic keys.
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
24/81 SMD_MFDFEV2_ST31P450_ST_21_002
4 Security objectives (ASE_OBJ)
94 The security objectives of the TOE cover principally the following aspects:
• integrity and confidentiality of assets,
• protection of the TOE and associated documentation during development and
production phases,
• provide random numbers,
• provide access control functionality,
• provide cryptographic support.
95 Since this Security Target claims strict conformance to the Eurosmart - Security IC Platform
Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014), all the security
objectives defined in the Protection Profile apply to the TOE.
In order to address complementary TOE security functionality not defined in the Protection
Profile, some security objectives have been introduced in the Platform Security Target and
in this one.
96 Note that the origin of each security objective is clearly identified in the prefix of its label.
Most of these security aspects can therefore be easily found in the Eurosmart - Security IC
Platform Protection Profile with Augmentation Packages (BSI-CC-PP-0084-2014), section
3.
97 A summary of all the TOE security objectives with their respective origin and status of
inclusion in the ST31P450 A04 Security Target for composition is provided in Table 4.
All the security objectives defined in the ST31P450 A04 Security Target for composition are
valid for the present Security Target.
98 Only the ones introduced in this Security Target, are detailed in the following sections.
Table 4. Summary of security objectives
Label Title Origin In [PF-ST]
TOE
BSI.O.Leak-Inherent Protection against Inherent Information
Leakage
[PP0084] Yes
BSI.O.Phys-Probing Protection against Physical Probing [PP0084] Yes
BSI.O.Malfunction Protection against Malfunctions [PP0084] Yes
BSI.O.Phys-Manipulation Protection against Physical Manipulation [PP0084] Yes
BSI.O.Leak-Forced Protection against Forced Information
Leakage
[PP0084] Yes
BSI.O.Abuse-Func Protection against Abuse of Functionality [PP0084] Yes
BSI.O.Identification TOE Identification [PP0084] Yes
BSI.O.RND Random Numbers [PP0084] Yes
BSI.O.Cap-Avail-Loader Capability and Availability of the Loader [PP0084] Yes
BSI.O.Ctrl-Auth-Loader Access control and authenticity for the
Loader
[PP0084] Yes
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 25/81
TOE
JIL.O.Prot-TSF-Confidentiality Protection of the confidentiality of the
TSF
[JILSR] Yes
JIL.O.Secure-Load-ACode Secure loading of the Additional Code [JILSR] Yes
JIL.O.Secure-AC-Activation Secure activation of the Additional Code [JILSR] Yes
JIL.O.TOE-Identification Secure identification of the TOE [JILSR] Yes
O.Secure-Load-AMemImage Secure loading of the Additional Memory
Image
[PF-ST] Yes
O.MemImage-Identification Secure identification of the Memory
Image
[PF-ST] Yes
BSI.O.Authentication Authentication to external entities [PP0084] Yes
AUG1.O.Add-Functions Additional Specific Security Functionality [AUG] Yes
AUG4.O.Mem-Access Area based Memory Access Control [AUG] Yes
O.Access-Control-MFDFEV2 Access Control for MFDFEV2 No
O.Authentication-MFDFEV2 Authentication for MFDFEV2 No
O.Encryption-MFDFEV2 MFDFEV2 Confidential Communication No
O.MAC-MFDFEV2 MFDFEV2 Integrity-protected
Communication
No
O.Type-Consistency-MFDFEV2 MFDFEV2 Data type consistency No
O.Transaction-MFDFEV2 MFDFEV2 Transaction mechanism No
O.No-Trace-MFDFEV2 Preventing Traceability for MFDFEV2 No
O.Resource-MFDFEV2 Resource availability for MFDFEV2 No
O.Firewall-MFDFEV2 MFDFEV2 firewall No
O.Shr-Res-MFDFEV2 MFDFEV2 data cleaning for resource
sharing
No
O.Verification-MFDFEV2 MFDFEV2 code integrity check No
Table 4. Summary of security objectives (continued)
Label Title Origin In [PF-ST]
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
26/81 SMD_MFDFEV2_ST31P450_ST_21_002
4.1 Security objectives for the TOE
99 These security objectives are described in the Platform Security Target [PF-ST]
Environments
BSI.OE.Resp-Appl Treatment of User Data of the Composite
TOE
[PP0084] Yes
BSI.OE.Process-Sec-IC Protection during composite product
manufacturing
[PP0084] Yes
BSI.OE.Lim-Block-Loader Limitation of capability and blocking the
Loader
[PP0084] Yes
BSI.OE.Loader-Usage Secure communication and usage of the
Loader
[PP0084] Yes
BSI.OE.TOE-Auth External entities authenticating of the
TOE
[PP0084] Yes
OE.Composite-TOE-Id Composite TOE identification [PF-ST] Yes
OE.TOE-Id TOE identification [PF-ST] Yes
OE.Enable-Disable-Secure-
Diag
Enabling or disabling the Secure
Diagnostic
[PF-ST] Yes
OE.Secure-Diag-Usage Secure communication and usage of the
Secure Diagnostic
[PF-ST] Yes
OE.Secure-Values Generation of secure values No
OE.Terminal-Support Terminal support to ensure integrity,
confidentiality and use of random
numbers
No
Table 4. Summary of security objectives (continued)
Label Title Origin In [PF-ST]
BSI.O.Leak-Inherent Protection against Inherent Information Leakage
BSI.O.Phys-Probing Protection against Physical Probing
BSI.O.Malfunction Protection against Malfunctions
BSI.O.Phys-Manipulation Protection against Physical Manipulation
BSI.O.Leak-Forced Protection against Forced Information Leakage
BSI.O.Abuse-Func Protection against Abuse of Functionality
BSI.O.Identification TOE Identification
BSI.O.RND Random Numbers
BSI.O.Cap-Avail-Loader Capability and Availability of the Loader
BSI.O.Ctrl-Auth-Loader Access control and authenticity for the Loader
BSI.O.Authentication Authentication to external entities
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 27/81
100 The following objectives are added for MFDFEV2:
JIL.O.Prot-TSF-Confidentiality Protection of the confidentiality of the TSF
JIL.O.Secure-Load-ACode Secure loading of the Additional Code
JIL.O.Secure-AC-Activation Secure activation of the Additional Code
JIL.O.TOE-Identification Secure identification of the TOE
O.Secure-Load-AMemImage Secure loading of the Additional Memory Image
O.MemImage-Identification Secure identification of the Memory Image
AUG4.O.Mem-Access Area based Memory Access Control
AUG1.O.Add-Functions Additional Specific Security Functionality
O.Access-Control-MFDFEV2 Access Control for MFDFEV2:
The TOE must provide an access control mechanism for data stored by
it. The access control mechanism shall apply to read, modify, create
and delete operations for data elements and to reading and modifying
security attributes as well as authentication data. It shall be possible to
limit the right to perform a specific operation to a specific user. The
security attributes (keys) used for authentication shall never be output.
O.Authentication-MFDFEV2 Authentication for MFDFEV2:
The TOE must provide an authentication mechanism in order to be able
to authenticate authorised users. The authentication mechanism shall
be resistant against replay and man-in-the-middle attacks.
O.Encryption-MFDFEV2 MFDFEV2 Confidential Communication:
The TOE must be able to protect the communication by encryption.
This shall be implemented by security attributes that enforce encrypted
communication for the respective data elements.
O.MAC-MFDFEV2 MFDFEV2 Integrity-protected Communication:
The TOE must be able to protect the communication by adding a MAC.
This shall be implemented by security attributes that enforce integrity
protected communication for the respective data elements. Usage of
the protected communication shall also support the detection of
injected and bogus commands within the communication session
before the protected data transfer.
O.Type-Consistency-MFDFEV2 MFDFEV2 Data type consistency:
The TOE must provide a consistent handling of the different supported
data types. This comprises over- and underflow checking for values, for
data file sizes and record handling.
O.Transaction-MFDFEV2 MFDFEV2 Transaction mechanism:
The TOE must be able to provide a transaction mechanism that allows
to update multiple data elements either all in common or none of them.
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
28/81 SMD_MFDFEV2_ST31P450_ST_21_002
4.2 Security objectives for the environment
101 The following security objectives for the environment are detailed in the ST31P450 A04
Security Target for composition and still valid in the same terms for this Security Target. The
clarifications made there also apply.
102 Security Objectives for the Security IC Embedded Software development environment
(phase 1):
O.No-Trace-MFDFEV2 Preventing Traceability for MFDFEV2:
The TOE must be able to prevent that the TOE end-user can be traced.
This shall be done by providing an option that disables the transfer of
any information that is suitable for tracing an end-user by an
unauthorised subject.
O.Resource-MFDFEV2 Resource availability for MFDFEV2:
The TOE shall control the availability of resources for
MIFARE DESFire EV2 Licensed product.
O.Firewall-MFDFEV2 MFDFEV2 firewall:
The TOE shall ensure isolation of data and code between
MIFARE DESFire EV2 and the other applications. An application shall
not read, write, compare any piece of data or code belonging to the
MIFARE DESFire EV2 Licensed product.
O.Shr-Res-MFDFEV2 MFDFEV2 data cleaning for resource sharing:
It shall be ensured that any hardware resource, that is shared by
MIFARE DESFire EV2 and other applications or by any application
which has access to such hardware resource, is always cleaned (using
code that is part of the MIFARE DESFire EV2 system and its
certification) whenever MIFARE DESFire EV2 is interrupted by the
operation of another application. The only exception is buffers as long
as these buffers do not contain other information than what is
communicated over the contactless interface or has a form that is no
different than what is normally communicated over the contacless
interface.
For example, no data shall remain in a hardware crytographic
coprocessor (e.g. DES or AES coprocessor) when
MIFARE DESFire EV2 is interrupted by another application.
O.Verification-MFDFEV2 MFDFEV2 code integrity check:
The TOE shall ensure that MIFARE DESFire EV2 code is verified prior
being executed.
BSI.OE.Resp-Appl Treatment of User Data of the Composite TOE
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 29/81
103 Security Objectives for the operational Environment (phase 4 up to 7):
104 The following security objectives for the operational environment (phase 5 up to 7) are
added for MFDFEV2:
4.3 Security objectives rationale
105 The main line of this rationale is that the inclusion of all the security objectives of the BSI-
CC-PP-0084-2014 protection profile, those already introduced in the ST31P450 A04
Security Target for composition and those introduced in this ST, guarantees that all the
security environment aspects identified in Section 3 are addressed by the security
objectives stated in this chapter.
BSI.OE.Process-Sec-IC Protection during composite product
manufacturing
Up to phase 6
BSI.OE.Lim-Block-Loader Limitation of capability and blocking the Loader Up to phase 6
BSI.OE.Loader-Usage Secure communication and usage of the Loader Up to phase 7
BSI.OE.TOE-Auth External entities authenticating of the TOE Up to phase 7
OE.Composite-TOE-Id Composite TOE identification Up to phase 7
OE.TOE-Id TOE identification Up to phase 7
OE.Enable-Disable-
Secure-Diag
Enabling or disabling the Secure Diagnostic Up to phase 7
OE.Secure-Diag-Usage Secure communication and usage of the Secure
Diagnostic
Up to phase 7
OE.Secure-Values Generation of secure values:
The environment shall generate confidential and
cryptographically strong secure keys for authentication purpose.
These values are generated outside the TOE and they are
downloaded to the TOE during the personalisation or usage in
phase 5 to 7.
OE.Terminal-Support Terminal support to ensure integrity, confidentiality and use of
random numbers:
The terminal shall verify information sent by the TOE in order to
ensure integrity and confidentiality of the communication. This
involves checking of MAC values, verification of redundancy
information according to the cryptographic protocol and secure
closing of the communication session.Furthermore, the terminal
shall provide random numbers according to AIS20 or AIS31 [1]
for the authentication.
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
30/81 SMD_MFDFEV2_ST31P450_ST_21_002
106 Thus, it is necessary to show that:
• security environment aspects from this ST, are addressed by security objectives stated
in this chapter,
• security objectives from this ST, are suitable (i.e. they address security environment
aspects),
• security objectives from this ST, are consistent with the other security objectives stated
in this chapter (i.e. no contradictions).
107 All security aspects are already justified in the Platform Security Target [PF-ST], except the
ones denoted by “New” in Table 5.
108 The augmentation made in this ST introduces the following security environment aspects:
• TOE threats "Unauthorised data modification for MFDFEV2, (T.Data-Modification-
MFDFEV2)", "Impersonating authorised users during authentication for MFDFEV2,
(T.Impersonate-MFDFEV2)", "Cloning for MFDFEV2, (T.Cloning-MFDFEV2)",
"MFDFEV2 code confidentiality, (T.Confid-Applic-Code-MFDFEV2)", "MFDFEV2 data
confidentiality, (T.Confid-Applic-Data-MFDFEV2)", "MFDFEV2 code integrity, (T.Integ-
Applic-Code-MFDFEV2)", "MFDFEV2 data integrity, (T.Integ-Applic-Data-MFDFEV2)",
and "MFDFEV2 resource availability, (T.Resource-MFDFEV2)".
• organisational security policies "Confidentiality during communication, (P.Encryption)",
“Integrity during communication, (P.MAC)", "Un-traceability of end-users, (P.No-Trace)",
and "Transaction mechanism, (P.Transaction)".
• assumptions "Usage of secure values, (A.Secure-Values)", "Terminal support,
(A.Terminal-Support)", and “Usage of Key-dependent Functions, (A.KeyFunction)”.
109 The justification of the additional policies, additional threats, and additional assumptions
provided in the next subsections shows that they do not contradict to the rationale already
given in the protection profile BSI-CC-PP-0084-2014 and ST31P450 A04 Security Target for
composition for the assumptions, policy and threats defined there.
110 In particular, the added assumptions do not contradict with the policies, threats and
assumptions of the BSI-CC-PP-0084-2014 Protection Profile, to which strict conformance is
claimed, because they are all exclusively related to MFDFEV2, which is out of the scope of
this protection profile.
111 Only the security aspects denoted by “New” in Table 5 will be detailed in the following.
Table 5. Security Objectives versus Assumptions, Threats or Policies
Assumption, Threat or
Organisational Security Policy
Security Objective Notes
BSI.T.Leak-Inherent BSI.O.Leak-Inherent
BSI.T.Phys-Probing BSI.O.Phys-Probing
BSI.T.Malfunction BSI.O.Malfunction
BSI.T.Phys-Manipulation BSI.O.Phys-Manipulation
BSI.T.Leak-Forced BSI.O.Leak-Forced
BSI.T.Abuse-Func BSI.O.Abuse-Func
OE.Enable-Disable-Secure-Diag
OE.Secure-Diag-Usage
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 31/81
BSI.T.RND BSI.O.RND
BSI.T.Masquerade-TOE BSI.O.Authentication
BSI.OE.TOE-Auth
AUG4.T.Mem-Access AUG4.O.Mem-Access
JIL.T.Open-Samples-Diffusion JIL.O.Prot-TSF-Confidentiality
BSI.O.Leak-Inherent
BSI.O.Leak-Forced
T.Data-Modification-MFDFEV2 O.Access-Control-MFDFEV2
O.Type-Consistency-MFDFEV2
OE.Terminal-Support
New
T.Impersonate-MFDFEV2 O.Authentication-MFDFEV2 New
T.Cloning-MFDFEV2 O.Access-Control-MFDFEV2
O.Authentication-MFDFEV2
New
T.Confid-Applic-Code-MFDFEV2 O.Firewall-MFDFEV2 New
T.Confid-Applic-Data-MFDFEV2 O.Firewall-MFDFEV2 New
T.Integ-Applic-Code-MFDFEV2 O.Verification-MFDFEV2
O.Firewall-MFDFEV2
New
T.Integ-Applic-Data-MFDFEV2 O.Shr-Res-MFDFEV2
O.Firewall-MFDFEV2
New
T.Resource-MFDFEV2 O.Resource-MFDFEV2 New
BSI.P.Process-TOE BSI.O.Identification Phase 2-3
optional
Phase 4
BSI.P.Lim-Block-Loader BSI.O.Cap-Avail-Loader
BSI.OE.Lim-Block-Loader
BSI.P.Ctrl-Loader BSI.O.Ctrl-Auth-Loader
JIL.O.Secure-Load-ACode
JIL.O.Secure-AC-Activation
JIL.O.TOE-Identification
O.Secure-Load-AMemImage
O.MemImage-Identification
BSI.OE.Loader-Usage
OE.TOE-Id
OE.Composite-TOE-Id
AUG1.P.Add-Functions AUG1.O.Add-Functions
P.Encryption O.Encryption-MFDFEV2 New
Table 5. Security Objectives versus Assumptions, Threats or Policies (continued)
Assumption, Threat or
Organisational Security Policy
Security Objective Notes
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
32/81 SMD_MFDFEV2_ST31P450_ST_21_002
4.3.1 Assumption "Usage of secure values"
112 The justification related to the assumption “Usage of secure values, (A.Secure-Values)” is
as follows:
113 OE.Secure-Values is an immediate transformation of this assumption, therefore it covers
the assumption.
114 A.Secure-Values and OE.Secure-Values do not contradict with the security problem
definition of the BSI-CC-PP-0084-2014, because they are only related to MFDFEV2, which
is out of the scope of this protection profile.
4.3.2 Assumption "Terminal support"
115 The justification related to the assumption “Terminal support, (A.Terminal-Support)” is as
follows:
116 The objective OE.Terminal-Support is an immediate transformation of the assumption,
therefore it covers the assumption. The TOE can only check the integrity of data received
from the terminal. For data transferred to the terminal, the receiver must verify the integrity
of the received data. Furthermore the TOE cannot verify the entropy of the random number
sent by the terminal. The terminal itself must ensure that random numbers are generated
with appropriate entropy for the authentication. This is assumed by the related assumption,
therefore the assumption is covered.
117 A.Terminal-Support and OE.Terminal-Support do not contradict with the security problem
definition of the BSI-CC-PP-0084-2014, because they are only related to MFDFEV2, which
is out of the scope of this protection profile.
P.MAC O.MAC-MFDFEV2 New
P.No-Trace O.No-Trace-MFDFEV2
O.Access-Control-MFDFEV2
O.Authentication-MFDFEV2
New
P.Transaction O.Transaction-MFDFEV2 New
BSI.A.Resp-Appl BSI.OE.Resp-Appl Phase 1
BSI.A.Process-Sec-IC BSI.OE.Process-Sec-IC Phase 5-6
optional
Phase 4
A.KeyFunction BSI.OE.Resp-Appl Phase 1
A.Secure-Values OE.Secure-Values New
Phases 5-7
A.Terminal-Support OE.Terminal-Support New
Phase 7
Table 5. Security Objectives versus Assumptions, Threats or Policies (continued)
Assumption, Threat or
Organisational Security Policy
Security Objective Notes
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 33/81
4.3.3 Assumption "Usage of Key-dependent Functions"
118 The justification related to the assumption “Usage of Key-dependent Functions,
(A.KeyFunction)” is as follows:
119 BSI.OE.Resp-Appl requires the Security IC Embedded Software to implement measures to
manage the cryptographic keys appropriately to ensure the strength of the cryptographic
operation, therefore it covers the assumption.
120 A.KeyFunction does not contradict with the security problem definition of the BSI-CC-PP-
0084-2014, because it is only related to MFDFEV2, which is out of the scope of this
protection profile.
4.3.4 TOE threat "Unauthorised data modification for MFDFEV2"
121 The justification related to the threat “Unauthorised data modification for MFDFEV2,
(T.Data-Modification-MFDFEV2)” is as follows:
122 According to threat T.Data-Modification-MFDFEV2, the TOE shall avoid that user data
stored by the TOE may be modified by unauthorised subjects. The objective O.Access-
Control-MFDFEV2 requires an access control mechanism that limits the ability to modify
data and code elements stored by the TOE. O.Type-Consistency-MFDFEV2 ensures that
data types are adhered, so that TOE data cannot be modified by abusing type-specific
operations. The terminal must support this by checking the TOE responses, which is
required by OE.Terminal-Support. Therefore T.Data-Modification-MFDFEV2 is covered by
these three objectives.
123 The added objectives for the TOE O.Access-Control-MFDFEV2 and O.Type-Consistency-
MFDFEV2 do not introduce any contradiction in the security objectives for the TOE.
4.3.5 TOE threat "Impersonating authorised users during authentication for
MFDFEV2"
124 The justification related to the threat “Impersonating authorised users during authentication
for MFDFEV2, (T.Impersonate-MFDFEV2)” is as follows:
125 The threat is related to the fact that an unauthorised subject may try to impersonate an
authorised subject during authentication, e.g. by a man-in-the middle or replay attack.
O.Authentication-MFDFEV2 requires that the authentication mechanism provided by the
TOE shall be resistant against attack scenarios targeting the impersonation of authorized
users. Therefore the threat is covered by O.Authentication-MFDFEV2.
126 The added objective for the TOE O.Authentication-MFDFEV2 does not introduce any
contradiction in the security objectives for the TOE.
4.3.6 TOE threat "Cloning for MFDFEV2"
127 The justification related to the threat “Cloning for MFDFEV2, (T.Cloning-MFDFEV2)” is as
follows:
128 The concern of T.Cloning-MFDFEV2 is that all data stored on the TOE (including keys) may
be read out in order to create a duplicate.
O.Access-Control-MFDFEV2 requires that unauthorized users can not read any information
that is restricted to the authorized subjects. The cryptographic keys used for the
authentication are stored inside the TOE and are protected by this objective. This objective
states that no keys used for authentication shall ever be output. O.Authentication-MFDFEV2
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
34/81 SMD_MFDFEV2_ST31P450_ST_21_002
requires that users are authenticated before they can read any information that is restricted
to authorized users. Therefore the two objectives cover T.Cloning-MFDFEV2.
4.3.7 TOE threat "MFDFEV2 resource availability"
129 The justification related to the threat “MFDFEV2 resource availability, (T.Resource-
MFDFEV2)” is as follows:
130 The concern of T.Resource-MFDFEV2 is to prevent denial of service or malfunction of
MFDFEV2, that may result from an unavailability of resources. The goal of O.Resource-
MFDFEV2 is to control the availability of resources for MFDFEV2. Therefore the threat is
covered by O.Resource-MFDFEV2.
131 The added objective for the TOE O.Resource-MFDFEV2 does not introduce any
contradiction in the security objectives for the TOE.
4.3.8 TOE threat "MFDFEV2 code confidentiality"
132 The justification related to the threat “MFDFEV2 code confidentiality, (T.Confid-Applic-Code-
MFDFEV2)” is as follows:
133 Since O.Firewall-MFDFEV2 requires that the TOE ensures isolation of code between
MFDFEV2 and the other applications, the code of MFDFEV2 is protected against
unauthorised disclosure, therefore T.Confid-Applic-Code-MFDFEV2 is covered by
O.Firewall-MFDFEV2.
134 The added objective for the TOE O.Firewall-MFDFEV2 does not introduce any contradiction
in the security objectives for the TOE.
4.3.9 TOE threat "MFDFEV2 data confidentiality"
135 The justification related to the threat “MFDFEV2 data confidentiality, (T.Confid-Applic-Data-
MFDFEV2)” is as follows:
136 Since O.Firewall-MFDFEV2 requires that the TOE ensures isolation of data between
MFDFEV2 and the other applications, the data of MFDFEV2 is protected against
unauthorised disclosure, therefore T.Confid-Applic-Data-MFDFEV2 is covered by
O.Firewall-MFDFEV2.
4.3.10 TOE threat "MFDFEV2 code integrity"
137 The justification related to the threat “MFDFEV2 code integrity, (T.Integ-Applic-Code-
MFDFEV2)” is as follows:
138 The threat is related to the alteration of MFDFEV2 code by an attacker. O.Verification-
MFDFEV2 requires that the TOE verifies the code integrity before its execution.
Complementary, O.Firewall-MFDFEV2 requires that the TOE ensures isolation of code
between MFDFEV2 and the other applications, thus protecting the code of MFDFEV2
against unauthorised modification. Therefore the threat is covered by O.Verification-
MFDFEV2 together with O.Firewall-MFDFEV2.
139 The added objective for the TOE O.Verification-MFDFEV2 does not introduce any
contradiction in the security objectives for the TOE.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Security objectives (ASE_-
SMD_MFDFEV2_ST31P450_ST_21_002 35/81
4.3.11 TOE threat "MFDFEV2 data integrity"
140 The justification related to the threat “MFDFEV2 data integrity, (T.Integ-Applic-Data-
MFDFEV2)” is as follows:
141 The threat is related to the alteration of MFDFEV2 data by an attacker. Since O.Firewall-
MFDFEV2 and O.Shr-Res-MFDFEV2 require that the TOE ensures isolation of data
between MFDFEV2 and the other applications, the data of MFDFEV2 is protected against
unauthorised modification, therefore T.Integ-Applic-Data-MFDFEV2 is covered by
O.Firewall-MFDFEV2 together with O.Shr-Res-MFDFEV2.
142 The added objective for the TOE O.Shr-Res-MFDFEV2 does not introduce any
contradiction in the security objectives for the TOE.
4.3.12 Organisational security policy "Confidentiality during communication"
143 The justification related to the organisational security policy "Confidentiality during
communication, (P.Encryption)” is as follows:
144 O.Encryption-MFDFEV2 is an immediate transformation of the security policy, therefore it
covers the Security Policy.
145 The added objective for the TOE O.Encryption-MFDFEV2 does not introduce any
contradiction in the security objectives.
4.3.13 Organisational security policy "Integrity during communication"
146 The justification related to the organisational security policy "Integrity during communication,
(P.MAC)” is as follows:
147 O.MAC-MFDFEV2 is an immediate transformation of the security policy, therefore it covers
the Security Policy.
148 The added objective for the TOE O.MAC-MFDFEV2 does not introduce any contradiction in
the security objectives.
4.3.14 Organisational security policy "Un-traceability of end-users"
149 The justification related to the organisational security policy "Un-traceability of end-users,
(P.No-Trace)” is as follows:
150 This policy requires that the TOE has the ability to prevent tracing of end-users. Tracing can
be performed with the UID or with any freely accessible data element stored by the TOE.
151 O.Access-Control-MFDFEV2 provides means to implement access control to data elements
on the TOE and O.Authentication-MFDFEV2 provides means to implement authentication
on the TOE, in order to prevent tracing based on freely accessible data elements. O.No-
Trace-MFDFEV2 requires that the TOE shall provide an option to prevent the transfer of any
information that is suitable for tracing an end-user by an unauthorized subject, which
includes the UID. Therefore the policy is covered by these three objectives.
152 The added objective for the TOE O.No-Trace-MFDFEV2 does not introduce any
contradiction in the security objectives.
Security objectives (ASE_OBJ) MIFARE DESFire EV2 on ST31P450 Security Target for composi-
36/81 SMD_MFDFEV2_ST31P450_ST_21_002
4.3.15 Organisational security policy "Transaction mechanism"
153 The justification related to the organisational security policy "Transaction mechanism,
(P.Transaction)” is as follows:
154 O.Transaction-MFDFEV2 is an immediate transformation of the security policy, therefore it
covers the Security Policy.
155 The added objective for the TOE O.Transaction-MFDFEV2 does not introduce any
contradiction in the security objectives.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 37/81
5 Security requirements (ASE_REQ)
156 This chapter on security requirements contains a section on security functional
requirements (SFRs) for the TOE (Section 5.1), a section on security assurance
requirements (SARs) for the TOE (Section 5.2), a section on the refinements of these SARs
(Section 5.3) as required by the "BSI-CC-PP-0084-2014" Protection Profile. This chapter
includes a section with the security requirements rationale (Section 5.4).
5.1 Security functional requirements for the TOE
157 The selected security functional requirements (SFRs) for this TOE (MIFARE DESFire EV2
on ST31P450 A04) are summarized in Table 6.
This table also specifies:
• Their type i.e. drawn from CCMB-2017-04-002 R5 or extended,
• Their origin i.e. defined in the BSI-CC-PP-0084-2014 Protection Profile, in [AUG], or in
the Platform Security Target [PF-ST]. All SFRs are inherited from [PF-ST], except those
identified by “This ST”.
158 The extended SFRs are defined in the "BSI-CC-PP-0084-2014" Protection Profile.
159 All extensions to the SFRs of the "BSI-CC-PP-0084-2014" Protection Profiles (PPs) are
exclusively drawn from CCMB-2017-04-002 R5.
160 All iterations, assignments, selections, or refinements on SFRs have been performed
according to section C.4 of CCMB-2017-04-001 R5. They are easily identified in the
following text since they appear as indicated here.
Table 6. Summary of functional security requirements for the TOE
Label Title Addressing Origin Type
FRU_FLT.2 Limited fault tolerance
Malfunction
BSI-CC-PP-
0084-2014
CCMB-2017-04-002
R5
FPT_FLS.1 Failure with preservation
of secure state
FMT_LIM.1 / Test Limited capabilities Abuse of Test
functionality
BSI-CC-PP-
0084-2014
Extended
FMT_LIM.2 / Test Limited availability
FAU_SAS.1 Audit storage
Lack of TOE
identification
BSI-CC-PP-
0084-2014
Operated
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
38/81 SMD_MFDFEV2_ST31P450_ST_21_002
FDP_SDC.1 Stored data confidentiality
Physical manipulation &
probing
BSI-CC-PP-
0084-2014
Operated
Extended
FDP_SDI.2 Stored data integrity
monitoring and action
CCMB-2017-04-002
R5
FPT_PHP.3 Resistance to physical
attack
BSI-CC-PP-
0084-2014
FDP_ITT.1 Basic internal transfer
protection
Leakage
FPT_ITT.1 Basic internal TSF data
transfer protection
FDP_IFC.1 Subset information flow
control
FCS_RNG.1 Random number
generation
Weak cryptographic
quality of random
numbers
BSI-CC-PP-
0084-2014
Operated
Extended
FCS_COP.1 /
TDES
Cryptographic operation -
TDES
Cipher scheme support
[AUG] #1
Operated /
[PF-ST]
CCMB-2017-04-002
R5
FCS_COP.1 / AES Cryptographic operation -
AES
FDP_ACC.1 /
Memories
Subset access control
Memory access violation
[PF-ST]
FDP_ACF.1 /
Memories
Security attribute based
access control
[AUG] #4
Operated
FMT_MSA.3 /
Memories
Static attribute
initialisation
Correct operation
FMT_MSA.1 /
Memories
Management of security
attribute
FMT_SMF.1 /
Memories
Specification of
management functions
[PF-ST]
FIA_API.1 Authentication Proof of
Identity
Masquerade
BSI-CC-PP-
0084-2014
Operated
Extended
FMT_LIM.1 /
Loader
Limited capabilities
Abuse of Loader
functionality
FMT_LIM.2 /
Loader
Limited availability
Table 6. Summary of functional security requirements for the TOE (continued)
Label Title Addressing Origin Type
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 39/81
FTP_ITC.1 /
Loader
Inter-TSF trusted channel
- Loader
Loader violation
BSI-CC-PP-
0084-2014
Operated
CCMB-2017-04-002
R5
FDP_UCT.1 /
Loader
Basic data exchange
confidentiality - Loader
FDP_UIT.1 /
Loader
Data exchange integrity -
Loader
FDP_ACC.1 /
Loader
Subset access control -
Loader
FDP_ACF.1 /
Loader
Security attribute based
access control - Loader
FMT_MSA.3 /
Loader
Static attribute
initialisation - Loader
Correct Loader operation
[PF-ST]
FMT_MSA.1 /
Loader
Management of security
attribute - Loader
FMT_SMR.1 /
Loader
Security roles - Loader
FIA_UID.1 /
Loader
Timing of identification -
Loader
FIA_UAU.1 /
Loader
Timing of authentication -
Loader
FMT_SMF.1 /
Loader
Specification of
management functions -
Loader
FPT_FLS.1 /
Loader
Failure with preservation
of secure state - Loader
FAU_SAR.1 /
Loader
Audit review - Loader
Lack of TOE
identification
FAU_SAS.1 /
Loader
Audit storage - Loader
Extended
Table 6. Summary of functional security requirements for the TOE (continued)
Label Title Addressing Origin Type
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
40/81 SMD_MFDFEV2_ST31P450_ST_21_002
FTP_ITC.1 / Sdiag Inter-TSF trusted channel
- Secure Diagnostic
Abuse of Secure
Diagnostic functionality
[PF-ST]
CCMB-2017-04-002
R5
FAU_SAR.1 /
Sdiag
Audit review - Secure
Diagnostic
FMT_LIM.1 / Sdiag Limited capabilities -
Secure Diagnostic
Extended
FMT_LIM.2 / Sdiag Limited availability -
Secure Diagnostic
FMT_SMR.1 /
MFDFEV2
Security roles
MFDFEV2
access control
This ST
CCMB-2017-04-002
R5
FDP_ACC.1 /
MFDFEV2
Subset access control
FDP_ACF.1 /
MFDFEV2
Security attribute based
access control
FMT_MSA.3 /
MFDFEV2
Static attribute
initialisation
FMT_MSA.1 /
MFDFEV2
Management of security
attribute
FMT_SMF.1 /
MFDFEV2
Specification of
management functions
FDP_ITC.2 /
MFDFEV2
Import of user data with
security attributes
FPT_TDC.1 /
MFDFEV2
Inter-TSF basic TSF data
consistency
Table 6. Summary of functional security requirements for the TOE (continued)
Label Title Addressing Origin Type
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 41/81
161 All these SFRs have already been stated in the ST31P450 A04 Security Target for
composition, and are satisfied by the ST31P450 platform, except the following ones,
dedicated to MFDFEV2: FMT_SMR.1 / MFDFEV2, FDP_ACC.1 / MFDFEV2, FDP_ACF.1 /
MFDFEV2, FMT_MSA.3 / MFDFEV2, FMT_MSA.1 / MFDFEV2, FMT_SMF.1 / MFDFEV2,
FDP_ITC.2 / MFDFEV2, FPT_TDC.1 / MFDFEV2, FIA_UID.2 / MFDFEV2, FIA_UAU.2 /
MFDFEV2, FIA_UAU.5 / MFDFEV2, FMT_MTD.1 / MFDFEV2, FTP_TRP.1 / MFDFEV2,
FCS_COP.1 / MFDFEV2-DES, FCS_COP.1 / MFDFEV2-AES, FCS_CKM.4 / MFDFEV2,
FDP_ROL.1 / MFDFEV2, FPT_RPL.1 / MFDFEV2, FPR_UNL.1 / MFDFEV2, FRU_RSA.2 /
MFDFEV2, FDP_RIP.1 / MFDFEV2.
162 The SFRs from the Platform Security Target are detailed in the ST31P450 A04 Security
Target for composition [PF-ST].
163 The following SFRs are extensions to "BSI-CC-PP-0084-2014" Protection Profile (PP),
related to the capabilities and protections of MFDFEV2.
FIA_UID.2 /
MFDFEV2
User identification before
any action
MFDFEV2
confidentiality,
authentication and
integrity
This ST
CCMB-2017-04-002
R5
FIA_UAU.2 /
MFDFEV2
User authentication
before any action
FIA_UAU.5 /
MFDFEV2
Multiple authentication
mechanisms
FMT_MTD.1 /
MFDFEV2
Management of TSF data
FTP_TRP.1 /
MFDFEV2
Trusted path
FCS_COP.1 /
MFDFEV2-DES
Cryptographic operation -
MFDFEV2-DES
FCS_COP.1 /
MFDFEV2-AES
Cryptographic operation -
MFDFEV2-AES
FCS_CKM.4 /
MFDFEV2
Cryptographic key
destruction
FDP_ROL.1 /
MFDFEV2
Basic rollback
MFDFEV2
robustness
FPT_RPL.1 /
MFDFEV2
Replay detection
FPR_UNL.1 /
MFDFEV2
Unlinkability
FRU_RSA.2 /
MFDFEV2
Minimum and maximum
quotas
MFDFEV2
correct operation
FDP_RIP.1 /
MFDFEV2
Subset residual
information protection
MFDFEV2
intrinsic confidentiality
and integrity
Table 6. Summary of functional security requirements for the TOE (continued)
Label Title Addressing Origin Type
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
42/81 SMD_MFDFEV2_ST31P450_ST_21_002
5.1.1 Additional Security Functional Requirements regarding access control
Security roles (FMT_SMR.1) / MFDFEV2
164 The TSF shall maintain the roles Admin, AppMgr, DelAppMgr, AppUser,
AppChangeUser, AppRollUser, OrigKeyUser and Anybody.
165 The TSF shall be able to associate users with roles.
Subset access control (FDP_ACC.1) / MFDFEV2
166 The TSF shall enforce the MFDFEV2 Access Control Policy on all subjects, objects,
operations and attributes defined by the MFDFEV2 Access Control Policy.
Security attribute based access control (FDP_ACF.1) / MFDFEV2
167 The TSF shall enforce the MFDFEV2 Access Control Policy to objects based on the
following: all subjects, objects and attributes.
168 The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed:
• The Admin is allowed to perform Application.Create and Application.Delete.
• The Admin is allowed to perform DelApplication.Delete.
• The AppMgr is allowed to perform File.Create and File.Delete.
• The DelAppMgr is allowed to perform DelApplication.Create with valid DAMMAC
and valid DAMENC.
169 The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules:
• The AppMgr is allowed to perform Application.Delete if the attribute
PICCLevelData.PICCKeySettings grants this right.
• The AppUser is allowed to perform File.Read or File.Write or File.ReadWrite or
File.Change on File if the File.AccessRights grant these rights.
• The Anybody is allowed to perform Application.Create if the attribute
PICCLevelData.PICCKeySettings grant this right.
• The Anybody is allowed to perform File.Create and File.Delete if the
Application.AppKeySettings grant these rights.
• The Anybody is allowed to perform File.Read or File.Write or File.ReadWrite or
File.Change on File if the File.AccessRights grant these rights.
170 The TSF shall explicitly deny access of subjects to objects based on the following additional
rules:
• No one but Nobody is allowed to perform File.Read or File.Write or
File.ReadWrite or File.Change on File if the File.AccessRights do not grant this
right.
• OrigKeyUser is not allowed to perform any operation on objects.
• No one but Nobody is allowed to perform any operation on OriginalityKey.
171 The following SFP MFDFEV2 Access Control Policy is defined for the requirement
"Security attribute based access control (FDP_ACF.1) / MFDFEV2":
172 SFP_1: MFDFEV2 Access Control Policy
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 43/81
The Security Function Policy (SFP) MFDFEV2 Access Control Policy uses the following
definitions:
The subjects are:
• Admin: Administrator
The Admin is the subject that owns or has access to the PICCMasterKey.
The Admin is the subject that distributes the PICCDAMAuthKey, DAMMACs, and
DAMENCs containing the AppDAMDefaultKey, to the DelAppMgr.
• AppMgr: Application Manager
The AppMgr is the subject that owns or has access to an AppMasterKey. Note that the
TOE supports multiple Applications and therefore multiple AppMgr, however for one
Application there is only one AppMgr.
• DelAppMgr: Delegated Application Manager
The DelAppMgr is the subject that has access to a valid DAMMAC, the
PICCDAMAuthKey, and a DAMENC containing the AppDAMDefaultKey. Note that the
TOE supports multiple DelApplications and therefore multiple DelAppMgr.
• AppUser: Application User
The AppUser is the subject that owns or has access to an AppKey. Note that the TOE
supports multiple AppUser within each Application and the assigned rights to the
AppUser can be different, xwhich allows to have more or less powerful AppUser.
• AppChangeUser: Application Change User
The AppChangeUser is the subject that owns or has access to an AppChangeKey.
• AppRollUser: Application Roll Key Set User
The AppRollUser is the subject that owns or has access to an AppRollKey.
• OrigKeyUser: Originality Key User
The OrigKeyUser is the subject that owns or has access to an OriginalityKey. The
OrigKeyUser can authenticate with the TOE to prove the authenticity of the Security IC.
• Anybody: Anybody
Any subject that does not belong to one of the roles Admin, AppMgr, DelAppMgr,
AppUser, AppChangeUser, AppRollUser or OrigKeyUser belongs to the role Anybody.
This role includes the card holder (also referred to as end-user), and any other subject
like an attacker for instance. The subjects belonging to Anybody do not possess any
key and therefore are not able to perform any operation that is restricted to one of the
roles which are explicitly excluded from the role Anybody.
• Nobody: Nobody
Any subject that does not belong to one of the roles Admin, AppMgr, DelAppMgr,
AppUser, AppChangeUser, AppRollUser, OrigKeyUser or Anybody, belongs to the role
Nobody. Due to the definition of Anybody, the set of all subjects belonging to the role
Nobody is the empty set.
The objects are:
• PICCLevelData: PICC Level Data
The PICC level is the lowest level of the MFDFEV2 Software (PICC level, Application
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
44/81 SMD_MFDFEV2_ST31P450_ST_21_002
level, File level). On the PICC level Application and DelApplication can be created or
deleted. Hence to the PICCLevelData belong Application and DelApplication.
• Application: Application
The card can store a number of Application. An Application can store a number of File.
• DelApplication: Delegated Application
The card can store a number of DelApplication. After creation the DelApplication has
the same attributes as an Application.
• File: File
An Application can store a number of File of different types.
• PICCMasterKey: PICC Master Key
The Card Master Key.
• PICCAppDefaultKey: PICC Application Default Key
The Default Application Master Key and Application Keys that are used when an
Application is created and when a KeySet is initialized.
• PICCDAMAuthKey: PICC DAM Authentication Key
Delegated Application Management Authentication Key.
• PICCDAMENCKey: PICC DAM Encryption Key
Delegated Application Management Encryption Key to generate DAMENC.
• PICCDAMMACKey: PICC DAM MAC Key
Delegated Application Management MAC Key to generate DAMMAC.
• OriginalityKey: Originality Key
Key to check the originality of the card.
• AppMasterKey: Application Master Key
Application Master Key.
• AppChangeKey: Application Change Key
Application Change Key.
• AppKey: Application Key
Application Key.
• AppTransactionMACKey: Application Transaction MAC Key
Application Transaction MAC Key.
• AppRollKey: Application Roll Keyset Key
Application Roll Key Set Key.
• AppDAMDefaultKey: Application DAM Default Key
Delegated Application Management Default Authentication Key.
• KeySet: Key Set
AppKeys are grouped into KeySets.
The security attributes are:
• PICCLevelData.PICCKeySettings: Generic PICC key settings.
• Application.AppKeySettings: Generic Application key settings.
• File.AccessRights:Generic access rights for File.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 45/81
The operations that can be performed with the objects are:
• PICCLevelData.Modify: Modify attribute PICCLevelData.PICCKeySettings.
• PICCLevelData.Freeze: Freeze attribute PICCLevelData.PICCKeySettings.
• Application.Modify: Modify attribute Application.AppKeySettings.
• Application.Freeze: Freeze attribute Application.AppKeySettings.
• Application.Create: Create an Application.
• Application.Delete: Delete an Application.
• Application.Select: Select an Application.
• DelApplication.Create: Create a DelApplication.
• DelApplication.Delete: Delete a DelApplication.
• File.Create: Create a File.
• File.Delete: Delete a File.
• File.Freeze: Freeze attributes of File.
• File.Read: Read operations accessing the content of a File.
• File.Write: Write operations accessing the content of a File.
• File.ReadWrite: ReadWrite operations accessing the content of a File.
• File.Change: Change operation to change the attribute File.AccessRights.
• PICCMasterKey.Change: Change the PICCMasterKey.
• PICCMasterKey.Freeze: Freeze the PICCMasterKey.
• PICCAppDefaultKey.Change: Change the PICCAppDefaultKey.
• PICCDAMAuthKey.Change: Change the PICCDAMAuthKey.
• PICCDAMENCKey.Change: Change the PICCDAMENCKey.
• PICCDAMMACKey.Change: Change the PICCDAMMACKey.
• AppMasterKey.Change: Change the AppMasterKey.
• AppMasterKey.Freeze: Freeze the AppMasterKey.
• AppChangeKey.Change: Change the AppChangeKey.
• AppKey.Change: Change the AppKey.
• AppTransactionMACKey.Create: Create the AppTransactionMACKey.
• AppTransactionMACKey.Delete: Delete the AppTransactionMACKey.
• AppRollKey.Change: Change the AppRollKey.
• KeySet.Roll: Roll the KeySet.
Note that subjects are authorised by cryptographic keys. These keys are considered as
authentication data and not as security attributes of the subjects. The card has a card
master key PICCMasterKey. Every application has an AppMasterKey and a variable
number of AppKeys organized in KeySet used for operations on Files (all these keys are
called Application Keys). The Application Keys and Key Sets within an application are
numbered.
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
46/81 SMD_MFDFEV2_ST31P450_ST_21_002
Implications of the MFDFEV2 Access Control Policy:
The MFDFEV2 Access Control Policy has some implications, that can be drawn from the
policy and that are essential parts of the TOE security functions.
• The TOE end-user does normally not belong to the group of authorised users (Admin,
AppMgr, DelAppMgr, AppUser), but regarded as Anybody by the TOE. This means that
the TOE cannot determine if it is used by its intended end-user (in other words: it
cannot determine if the current card holder is the owner of the card).
• The Admin can have the exclusive right to create and delete Applications on the Card,
however he can also grant this privilege to Anybody. In the case of DelApplications the
Admin can grant this privilege to the AppMgr. Additionally, changing the
PICCLevelData is reserved for the Admin. AppKeys, at delivery time should be
personalized to a preliminary, temporary key only known to the Admin and the AppMgr.
• At Application personalization time, the AppMgr uses the preliminary AppKey in order
to personalize the AppKeys, whereas all keys, except the AppMasterKey, can be
personalized to a preliminary, temporary key only known to the AppMgr and the
AppUser. Furthermore, the AppMgr has the right to create Files within his Application
scope.
Static attribute initialisation (FMT_MSA.3) / MFDFEV2
173 The TSF shall enforce the MFDFEV2 Access Control Policy to provide permissive default
values for security attributes that are used to enforce the SFP.
174 The TSF shall allow the no one but Nobody to specify alternative initial values to override
the default values when an object is created.
175 Application note:
The only initial attributes are the card attributes. All other attributes have to be defined at the
same time the respective object is created.
Management of security attributes (FMT_MSA.1) / MFDFEV2
176 The TSF shall enforce the MFDFEV2 Access Control Policy to restrict the ability to
modify or freeze and change the security attributes of the objects PICCLevelData,
Application and the security attribute File.AccessRights to the Admin, AppMgr and
AppChangeUser, respectively.
177 Refinement:
The detailed management abilities are:
• Only the Admin is allowed to perform PICCLevelData.Modify or
PICCLevelData.Freeze on PICCLevelData.PICCKeySettings.
• Only the AppMgr is allowed to perform Application.Modify or Application.Freeze
on Application.AppKeySettings.
• The AppChangeUser is allowed to perform File.Freeze on File.AccessRights.
Management of TSF data (FMT_MTD.1) / MFDFEV2
178 The TSF shall restrict the ability to perform the operations PICCMasterKey.Change,
PICCMasterKey.Freeze, PICCAppDefaultKey.Change, AppMasterKey.Change,
AppMasterKey.Freeze, AppChangeKey.Change to the Admin, AppMgr and AppUser.
179 Refinement:
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 47/81
The detailed management abilities are:
• Only the Admin is allowed to perform PICCMasterKey.Change or
PICCMasterKey.Freeze.
• The Admin is allowed to perform PICCAppDefaultKey.Change.
• The Admin is allowed to perform PICCDAMAuthKey.Change.
• The Admin is allowed to perform PICCDAMENCKey.Change.
• The Admin is allowed to perform PICCDAMMACKey.Change.
• The AppMgr is allowed to perform AppMasterKey.Change and
AppMasterKey.Freeze.
• The AppMgr is allowed to perform AppChangeKey.Change.
• The AppMgr is allowed to perform AppKey.Change.
• The AppMgr is allowed to perform AppRollKey.Change.
• The AppMgr is allowed to perform AppTransactionMACKey.Create and
AppTransactionMACKey.Delete.
• The AppChangeUser is allowed to perform AppChangeKey.Change.
• The AppChangeUser is allowed to perform AppKey.Change.
• The AppUser is allowed to perform AppKey.Change on AppKey if
Application.AppKeySettings grant this right.
• The AppUser is allowed to perform AppTransactionMACKey.Create and
AppTransactionMACKey.Delete on AppTransactionMACKey if
Application.AppKeySettings grant this right.
• The AppRollUser is allowed to perform KeySet.Roll.
Specification of Management Functions (FMT_SMF.1) / MFDFEV2
180 The TSF shall be capable of performing the following security management functions:
• Authenticating a user,
• Invalidating the current authentication state based on the functions: Selecting an
application or the card, Changing the key corresponding to the current
authentication, Occurrence of any error during the execution of a command,
Starting a new authentication, Rolling key set, Failed Proximity Check, Deleting
an Application as AppMgr, Reset,
• Changing a security attribute,
• Rolling the key set,
• Creating or deleting an application, a delegated application or a file,
• Selection of the Virtual Card.
Import of user data with security attributes (FDP_ITC.2) / MFDFEV2
181 The TSF shall enforce the MFDFEV2 Access Control Policy when importing user data,
controlled under the SFP, from outside of the TOE.
182 The TSF shall use the security attributes associated with the imported user data.
183 The TSF shall ensure that the protocol used provides for the unambiguous association
between the security attributes and the user data received.
184 The TSF shall ensure that interpretation of the security attributes of the imported user data
is as intended by the source of the user data.
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
48/81 SMD_MFDFEV2_ST31P450_ST_21_002
185 The TSF shall enforce the following rules when importing user data controlled under the
SFP from outside the TOE: no additional rules.
5.1.2 Additional Security Functional Requirements regarding confidentiality,
authentication and integrity
Cryptographic operation (FCS_COP.1) / MFDFEV2-DES
186 The TSF shall perform encryption and decryption used for authentication in accordance
with the specified algorithm Triple-DES in one of the following modes of operation: CBC
and 3-key Triple-DES and cryptographic key sizes 168 bits that meet the following
standards: NIST SP 800-67 (TDES), NIST SP 800-38A (CBC mode).
Cryptographic operation (FCS_COP.1) / MFDFEV2-AES
The TSF shall perform encryption and decryption and cipher based MAC for
authentication and communication in accordance with the specified algorithm Advanced
Encryption Standard (AES) in one of the following modes of operation: CBC, CMAC
and cryptographic key sizes 128 bits that meet the following standards: FIPS 197 (AES),
NIST SP 800-38A (CBC mode), NIST SP 800-38B (CMAC mode).
187 Refinement:
For the MIFARE DESFire EV1 secure messaging, the TOE uses the cryptographic
algorithm for CMAC according to NIST SP 800-38B (CMAC mode) with the following
modification: the TOE does not use the standard zero byte IV, instead it uses an IV
defined by the previous cryptographic operation (chaining mode).
Cryptographic key destruction (FCS_CKM.4) / MFDFEV2
188 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key
destruction method overwriting that meets the following: none.
User identification before any action (FIA_UID.2) / MFDFEV2
189 The TSF shall require each user to be successfully identified before allowing any other TSF-
mediated actions on behalf of that user.
Application note:
Identification of a user is performed upon an authentication request based on the currently
selected context and the key number. For example, if an authentication request for key
number 0 is issued after selecting a specific application, the user is identified as the
Application Manager of the respective application. Before any authentication request is
issued, the user is identified as “Everybody”.
User authentication before any action (FIA_UAU.2) / MFDFEV2
190 The TSF shall require each user to be successfully authenticated before allowing any other
TSF-mediated actions on behalf of that user.
Multiple authentication mechanisms (FIA_UAU.5) / MFDFEV2
191 The TSF shall provide ‘none’ and cryptographic authentication to support user
authentication.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 49/81
192 The TSF shall authenticate any user's claimed identity according to the following rules:
• The ‘none’ authentication is performed with anyone who communicates with the
TOE without issuing an explicit authentication request. The ‘none’ authentication
implicitly and solely authorises the “Everybody” subject.
• The cryptographic authentication is used to authorise the Administrator,
Application Manager, Delegated Application Manager and Application User.
Trusted path (FTP_TRP.1) / MFDFEV2
193 The TSF shall provide a communication path between itself and remote users that is
logically distinct from other communication paths and provides assured identification of its
end points and protection of the communicated data from modification, disclosure or only
modification.
194 The TSF shall permit remote users to initiate communication via the trusted path.
195 The TSF shall require the use of the trusted path for authentication requests with 3-key
Triple-DES or AES, confidentiality and/or integrity verification for data transfers
protected with AES based on a setting in the file attributes.
Inter-TSF basic TSF data consistency (FPT_TDC.1) / MFDFEV2
196 The TSF shall provide the capability to consistently interpret data files and values when
shared between the TSF and another trusted IT product.
197 The TSF shall use the rule: data files or values can only be modified by their dedicated
type-specific operations honouring the type-specific boundaries when interpreting the
TSF data from another trusted IT product.
5.1.3 Additional Security Functional Requirements regarding the robustness
and correct operation
Basic rollback (FDP_ROL.1) / MFDFEV2
198 The TSF shall enforce the MFDFEV2 Access Control Policy to permit the rollback of the
operations that modify the value or data file objects on the backup files.
199 The TSF shall permit operations to be rolled back within the scope of the current
transaction, which is defined by the following limitative events: chip reset, select
command, deselect command, explicit commit, explicit abort, command failure.
Replay detection (FPT_RPL.1) / MFDFEV2
200 The TSF shall detect replay for the following entities: authentication requests with 3-key
Tripe-DES or AES, confidentiality and/or data integrity verification for data transfers
protected with AES and based on a setting in the file attributes.
201 The TSF shall perform rejection of the request when replay is detected.
Unlinkability (FPR_UNL.1) / MFDFEV2
202 The TSF shall ensure that unauthorised subjects other than the card holder are unable
to determine whether any operation of the TOE were caused by the same user.
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
50/81 SMD_MFDFEV2_ST31P450_ST_21_002
Minimum and maximum quotas (FRU_RSA.2) / MFDFEV2
203 The TSF shall enforce maximum quotas of the following resources NVM and RAM that
subjects can use simultaneously.
204 The TSF shall ensure the provision of minimum quantity of the NVM and the RAM that is
available for subjects to use simultaneously.
Application note:
The subjects addressed here are MFDFEV2, and all other applications running on the TOE.
The goal is to ensure that MFDFEV2 always have enough NVM and RAM for its own usage.
Subset residual information protection (FDP_RIP.1) / MFDFEV2
205 The TSF shall ensure that any previous information content of a resource is made
unavailable upon the deallocation of the resource from the following objects: MFDFEV2.
5.2 TOE security assurance requirements
206 Security Assurance Requirements for the TOE for the evaluation of the TOE are those taken
from the Evaluation Assurance Level 5 (EAL5) and augmented by taking the following
components:
• ALC_DVS.2,
• AVA_VAN.5,
• ASE_TSS.2,
• ALC_FLR.1.
207 Regarding application note 22 of BSI-CC-PP-0084-2014, the continuously increasing
maturity level of evaluations of Security ICs justifies the selection of a higher-level
assurance package.
208 The component ASE_TSS.2 is chosen as an augmentation in this ST to give architectural
information on the security functionality of the TOE.
209 The component ALC_FLR.1 is chosen as an augmentation in this ST because a solid flaw
management is key for the continuous improvement of the security IC platforms, especially
on markets which need highly resistant and long lasting products.
210 The set of security assurance requirements (SARs) is presented in Table 7, indicating the
origin of the requirement.
Table 7. TOE security assurance requirements
Label Title Origin
ADV_ARC.1 Security architecture description EAL5/BSI-CC-PP-0084-2014
ADV_FSP.5 Complete semi-formal functional specification with
additional error information
EAL5
ADV_IMP.1 Implementation representation of the TSF EAL5/BSI-CC-PP-0084-2014
ADV_INT.2 Well-structured internals EAL5
ADV_TDS.4 Semiformal modular design EAL5
AGD_OPE.1 Operational user guidance EAL5/BSI-CC-PP-0084-2014
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 51/81
5.3 Refinement of the security assurance requirements
211 As BSI-CC-PP-0084-2014 defines refinements for selected SARs, these refinements are
also claimed in this Security Target.
212 Regarding application note 23 of BSI-CC-PP-0084-2014, the refinements for all the
assurance families have been reviewed for the hierarchically higher-level assurance
components selected in this Security Target.
213 An impact summary is provided in Table 8.
AGD_PRE.1 Preparative procedures EAL5/BSI-CC-PP-0084-2014
ALC_CMC.4 Production support, acceptance procedures and
automation
EAL5/BSI-CC-PP-0084-2014
ALC_CMS.5 Development tools CM coverage EAL5
ALC_DEL.1 Delivery procedures EAL5/BSI-CC-PP-0084-2014
ALC_DVS.2 Sufficiency of security measures BSI-CC-PP-0084-2014
ALC_FLR.1 Basic flaw remediation Security Target
ALC_LCD.1 Developer defined life-cycle model EAL5/BSI-CC-PP-0084-2014
ALC_TAT.2 Compliance with implementation standards EAL5
ASE_CCL.1 Conformance claims EAL5/BSI-CC-PP-0084-2014
ASE_ECD.1 Extended components definition EAL5/BSI-CC-PP-0084-2014
ASE_INT.1 ST introduction EAL5/BSI-CC-PP-0084-2014
ASE_OBJ.2 Security objectives EAL5/BSI-CC-PP-0084-2014
ASE_REQ.2 Derived security requirements EAL5/BSI-CC-PP-0084-2014
ASE_SPD.1 Security problem definition EAL5/BSI-CC-PP-0084-2014
ASE_TSS.2 TOE summary specification with architectural design
summary
Security Target
ATE_COV.2 Analysis of coverage EAL5/BSI-CC-PP-0084-2014
ATE_DPT.3 Testing: modular design EAL5
ATE_FUN.1 Functional testing EAL5/BSI-CC-PP-0084-2014
ATE_IND.2 Independent testing - sample EAL5/BSI-CC-PP-0084-2014
AVA_VAN.5 Advanced methodical vulnerability analysis BSI-CC-PP-0084-2014
Table 7. TOE security assurance requirements (continued)
Label Title Origin
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
52/81 SMD_MFDFEV2_ST31P450_ST_21_002
5.4 Security Requirements rationale
5.4.1 Rationale for the Security Functional Requirements
214 Just as for the security objectives rationale of Section , the main line of this rationale is that
the inclusion of all the security requirements of the BSI-CC-PP-0084-2014 protection profile,
together with those introduced in the Platform Security Target [PF-ST], and those introduced
in this Security Target, guarantees that all the security objectives identified in Section 4 are
suitably addressed by the security requirements stated in this chapter, and that the latter
together form an internally consistent whole.
Table 8. Impact of EAL5 selection on BSI-CC-PP-0084-2014 refinements
Assurance
Family
BSI-CC-PP-
0084-2014
Level
ST
Level
Impact on refinement
ALC_DVS 2 2 None
ALC_CMS 4 5 None, refinement is still valid
ALC_CMC 4 4 None
ADV_ARC 1 1 None
ADV_FSP 4 5 None, presentation style changes
ADV_IMP 1 1 None
ATE_COV 2 2 None
AGD_OPE 1 1 None
AVA_VAN 5 5 None
Table 9. Security Requirements versus Security Objectives
Security Objective TOE Security Functional and Assurance Requirements
BSI.O.Leak-Inherent Basic internal transfer protection FDP_ITT.1
Basic internal TSF data transfer protection FPT_ITT.1
Subset information flow control FDP_IFC.1
BSI.O.Phys-Probing Stored data confidentiality FDP_SDC.1
Resistance to physical attack FPT_PHP.3
BSI.O.Malfunction Limited fault tolerance FRU_FLT.2
Failure with preservation of secure state FPT_FLS.1
BSI.O.Phys-Manipulation Stored data integrity monitoring and action FDP_SDI.2
Resistance to physical attack FPT_PHP.3
BSI.O.Leak-Forced All requirements listed for BSI.O.Leak-Inherent
FDP_ITT.1, FPT_ITT.1, FDP_IFC.1
plus those listed for BSI.O.Malfunction and BSI.O.Phys-
Manipulation
FRU_FLT.2, FPT_FLS.1, FDP_SDI.2, FPT_PHP.3
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 53/81
BSI.O.Abuse-Func Limited capabilities FMT_LIM.1 / Test
Limited availability FMT_LIM.2 / Test
Limited capabilities - Secure Diagnostic FMT_LIM.1 / Sdiag
Limited availability - Secure Diagnostic FMT_LIM.2 / Sdiag
Inter-TSF trusted channel - Secure Diagnostic FTP_ITC.1 / Sdiag
Audit review - Secure Diagnostic FAU_SAR.1 / Sdiag
plus those for BSI.O.Leak-Inherent, BSI.O.Phys-Probing,
BSI.O.Malfunction, BSI.O.Phys-Manipulation, BSI.O.Leak-Forced
FDP_ITT.1, FPT_ITT.1, FDP_IFC.1, FDP_SDC.1, FDP_SDI.2,
FPT_PHP.3, FRU_FLT.2, FPT_FLS.1
BSI.O.Identification Audit storage FAU_SAS.1
BSI.O.RND Random number generation FCS_RNG.1
plus those for BSI.O.Leak-Inherent, BSI.O.Phys-Probing,
BSI.O.Malfunction, BSI.O.Phys-Manipulation, BSI.O.Leak-Forced
FDP_ITT.1, FPT_ITT.1, FDP_IFC.1, FDP_SDI.2, FDP_SDC.1,
FPT_PHP.3, FRU_FLT.2, FPT_FLS.1
BSI.OE.Resp-Appl Not applicable
BSI.OE.Process-Sec-IC Not applicable
BSI.OE.Lim-Block-Loader Not applicable
BSI.OE.Loader-Usage Not applicable
BSI.OE.TOE-Auth Not applicable
OE.Enable-Disable-Secure-Diag Not applicable
OE.Secure-Diag-Usage Not applicable
BSI.O.Authentication Authentication Proof of Identity FIA_API.1
BSI.O.Cap-Avail-Loader Limited capabilities FMT_LIM.1 / Loader
Limited availability FMT_LIM.2 / Loader
BSI.O.Ctrl-Auth-Loader “Inter-TSF trusted channel - Loader” FTP_ITC.1 / Loader
“Basic data exchange confidentiality - Loader” FDP_UCT.1 / Loader
“Data exchange integrity - Loader” FDP_UIT.1 / Loader
“Subset access control - Loader” FDP_ACC.1 / Loader
“Security attribute based access control - Loader” FDP_ACF.1 /
Loader
“Static attribute initialisation - Loader” FMT_MSA.3 / Loader
“Management of security attribute - Loader” FMT_MSA.1 / Loader
“Specification of management functions - Loader” FMT_SMF.1 /
Loader
“Security roles - Loader” FMT_SMR.1 / Loader
“Timing of identification - Loader” FIA_UID.1 / Loader
“Timing of authentication - Loader” FIA_UAU.1 / Loader
Table 9. Security Requirements versus Security Objectives
Security Objective TOE Security Functional and Assurance Requirements
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
54/81 SMD_MFDFEV2_ST31P450_ST_21_002
JIL.O.Prot-TSF-Confidentiality “Inter-TSF trusted channel - Loader” FTP_ITC.1 / Loader
“Basic data exchange confidentiality - Loader” FDP_UCT.1 / Loader
“Data exchange integrity - Loader” FDP_UIT.1 / Loader
“Subset access control - Loader” FDP_ACC.1 / Loader
“Security attribute based access control - Loader” FDP_ACF.1 /
Loader
“Static attribute initialisation - Loader” FMT_MSA.3 / Loader
“Management of security attribute - Loader” FMT_MSA.1 / Loader
“Specification of management functions - Loader” FMT_SMF.1 /
Loader
“Security roles - Loader” FMT_SMR.1 / Loader
“Timing of identification - Loader” FIA_UID.1 / Loader
“Timing of authentication - Loader” FIA_UAU.1 / Loader
JIL.O.Secure-Load-ACode “Inter-TSF trusted channel - Loader” FTP_ITC.1 / Loader
“Basic data exchange confidentiality - Loader” FDP_UCT.1 / Loader
“Data exchange integrity - Loader” FDP_UIT.1 / Loader
“Subset access control - Loader” FDP_ACC.1 / Loader
“Security attribute based access control - Loader” FDP_ACF.1 /
Loader
“Static attribute initialisation - Loader” FMT_MSA.3 / Loader
“Management of security attribute - Loader” FMT_MSA.1 / Loader
“Specification of management functions - Loader” FMT_SMF.1 /
Loader
“Security roles - Loader” FMT_SMR.1 / Loader
“Timing of identification - Loader” FIA_UID.1 / Loader
“Timing of authentication - Loader” FIA_UAU.1 / Loader
“Audit storage - Loader” FAU_SAS.1 / Loader
JIL.O.Secure-AC-Activation “Failure with preservation of secure state - Loader” FPT_FLS.1 /
Loader
JIL.O.TOE-Identification “Audit storage - Loader” FAU_SAS.1 / Loader
“Audit review - Loader” FAU_SAR.1 / Loader
“Stored data integrity monitoring and action” FDP_SDI.2
Table 9. Security Requirements versus Security Objectives
Security Objective TOE Security Functional and Assurance Requirements
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 55/81
O.Secure-Load-AMemImage “Inter-TSF trusted channel - Loader” FTP_ITC.1 / Loader
“Basic data exchange confidentiality - Loader” FDP_UCT.1 / Loader
“Data exchange integrity - Loader” FDP_UIT.1 / Loader
“Subset access control - Loader” FDP_ACC.1 / Loader
“Security attribute based access control - Loader” FDP_ACF.1 /
Loader
“Static attribute initialisation - Loader” FMT_MSA.3 / Loader
“Management of security attribute - Loader” FMT_MSA.1 / Loader
“Specification of management functions - Loader” FMT_SMF.1 /
Loader
“Security roles - Loader” FMT_SMR.1 / Loader
“Timing of identification - Loader” FIA_UID.1 / Loader
“Timing of authentication - Loader” FIA_UAU.1 / Loader
“Audit storage - Loader” FAU_SAS.1 / Loader
O.MemImage-Identification “Failure with preservation of secure state - Loader” FPT_FLS.1 /
Loader
“Audit storage - Loader” FAU_SAS.1 / Loader
“Audit review - Loader” FAU_SAR.1 / Loader
“Stored data integrity monitoring and action” FDP_SDI.2
OE.Composite-TOE-Id Not applicable
OE.TOE-Id Not applicable
AUG1.O.Add-Functions “Cryptographic operation - TDES” FCS_COP.1 / TDES
“Cryptographic operation - AES” FCS_COP.1 / AES
AUG4.O.Mem-Access “Subset access control” FDP_ACC.1 / Memories
“Security attribute based access control” FDP_ACF.1 / Memories
“Static attribute initialisation” FMT_MSA.3 / Memories
“Management of security attribute” FMT_MSA.1 / Memories
“Specification of management functions” FMT_SMF.1 / Memories
O.Access-Control-MFDFEV2 “Security roles” FMT_SMR.1 / MFDFEV2
“Subset access control” FDP_ACC.1 / MFDFEV2
“Security attribute based access control” FDP_ACF.1 / MFDFEV2
“Static attribute initialisation” FMT_MSA.3 / MFDFEV2
“Management of security attribute” FMT_MSA.1 / MFDFEV2
“Specification of management functions” FMT_SMF.1 / MFDFEV2
“Import of user data with security attributes” FDP_ITC.2 / MFDFEV2
“Cryptographic key destruction” FCS_CKM.4 / MFDFEV2
“Management of TSF data“ FMT_MTD.1 / MFDFEV2
Table 9. Security Requirements versus Security Objectives
Security Objective TOE Security Functional and Assurance Requirements
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
56/81 SMD_MFDFEV2_ST31P450_ST_21_002
215 All justifications for Security Objectives and SFRs have been already provided in the
Platform Security Target [PF-ST], except for O.Access-Control-MFDFEV2,
O.Authentication-MFDFEV2, O.Encryption-MFDFEV2, O.MAC-MFDFEV2, O.Type-
Consistency-MFDFEV2, O.Transaction-MFDFEV2, O.No-Trace-MFDFEV2, O.Resource-
MFDFEV2, O.Verification-MFDFEV2, O.Firewall-MFDFEV2 and O.Shr-Res-MFDFEV2 and
their associated SFRs.
O.Authentication-MFDFEV2 “Cryptographic operation - MFDFEV2-DES” FCS_COP.1 /
MFDFEV2-DES
“Cryptographic operation - MFDFEV2-AES” FCS_COP.1 /
MFDFEV2-AES
“User identification before any action” FIA_UID.2 / MFDFEV2
“User authentication before any action” FIA_UAU.2 / MFDFEV2
“Multiple authentication mechanisms” FIA_UAU.5 / MFDFEV2
“Specification of management functions” FMT_SMF.1 / MFDFEV2
“Trusted path” FTP_TRP.1 / MFDFEV2
“Replay detection” FPT_RPL.1 / MFDFEV2
O.Encryption-MFDFEV2 “Cryptographic key destruction” FCS_CKM.4 / MFDFEV2
“Cryptographic operation - MFDFEV2-AES” FCS_COP.1 /
MFDFEV2-AES
“Trusted path” FTP_TRP.1 / MFDFEV2
O.MAC-MFDFEV2 “Cryptographic key destruction” FCS_CKM.4 / MFDFEV2
“Cryptographic operation - MFDFEV2-AES” FCS_COP.1 /
MFDFEV2-AES
“Trusted path” FTP_TRP.1 / MFDFEV2
“Replay detection” FPT_RPL.1 / MFDFEV2
O.Type-Consistency-MFDFEV2 “Inter-TSF basic TSF data consistency” FPT_TDC.1 / MFDFEV2
O.Transaction-MFDFEV2 “Basic rollback” FDP_ROL.1 / MFDFEV2
O.No-Trace-MFDFEV2 “Unlinkability” FPR_UNL.1 / MFDFEV2
O.Resource-MFDFEV2 “Minimum and maximum quotas” FRU_RSA.2 / MFDFEV2
O.Verification-MFDFEV2 “Failure with preservation of secure state” FPT_FLS.1
“Subset access control” FDP_ACC.1 / Memories
“Security attribute based access control” FDP_ACF.1 / Memories
“Static attribute initialisation” FMT_MSA.3 / Memories
O.Firewall-MFDFEV2 “Subset access control” FDP_ACC.1 / Memories
“Security attribute based access control” FDP_ACF.1 / Memories
“Static attribute initialisation” FMT_MSA.3 / Memories
O.Shr-Res-MFDFEV2 “Subset residual information protection” FDP_RIP.1 / MFDFEV2
OE.Secure-Values Not applicable
OE.Terminal-Support Not applicable
Table 9. Security Requirements versus Security Objectives
Security Objective TOE Security Functional and Assurance Requirements
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 57/81
216 This rationale must show that security requirements suitably address these objectives.
217 The justification that the additional security objectives are suitably addressed, that the
additional security requirements are mutually supportive and that, together with those
already in BSI-CC-PP-0084-2014 and in [PF-ST], they form an internally consistent whole,
is provided in the next subsections.
5.4.2 Additional security objectives are suitably addressed
Security objective “Access control for MFDFEV2 (O.Access-Control-MFDFEV2)”
218 The justification related to the security objective “Access control for MFDFEV2 (O.Access-
Control-MFDFEV2)” is as follows:
219 The security functional requirement "Security roles (FMT_SMR.1) / MFDFEV2" defines the
roles of the MFDFEV2 Access Control Policy.
The security functional requirements "Subset access control (FDP_ACC.1) / MFDFEV2"
and "Security attribute based access control (FDP_ACF.1) / MFDFEV2" define the rules and
"Static attribute initialisation (FMT_MSA.3) / MFDFEV2" and "Management of security
attributes (FMT_MSA.1) / MFDFEV2" the attributes that the access control is based on.
The security functional requirement "Management of TSF data (FMT_MTD.1) / MFDFEV2"
provides the rules for the management of the authentication data.
The management functions are defined by "Specification of Management Functions
(FMT_SMF.1) / MFDFEV2".
Since the TOE stores data on behalf of the authorised subjects, import of user data with
security attributes is defined by "Import of user data with security attributes (FDP_ITC.2) /
MFDFEV2".
Since cryptographic keys are used for authentication (refer to O.Authentication-MFDFEV2),
these keys have to be removed if they are no longer needed for the access control (i.e. an
application is deleted). This is required by "Cryptographic key destruction (FCS_CKM.4) /
MFDFEV2".
These nine SFRs together provide an access control mechanism as required by the
objective O.Access-Control-MFDFEV2.
Security objective “Authentication for MFDFEV2 (O.Authentication-MFDFEV2)”
220 The justification related to the security objective “Authentication for MFDFEV2
(O.Authentication-MFDFEV2)” is as follows:
221 The two security functional requirements "Cryptographic operation - MFDFEV2-DES" and
"Cryptographic operation - MFDFEV2-AES" require that the TOE provides the basic
cryptographic algorithms that can be used to perform the authentication.
The security functional requirements "User identification before any action (FIA_UID.2) /
MFDFEV2", "User authentication before any action (FIA_UAU.2) / MFDFEV2" and "Multiple
authentication mechanisms (FIA_UAU.5) / MFDFEV2" together define that users must be
identified and authenticated before any action. The ‘none’ authentication of "Multiple
authentication mechanisms (FIA_UAU.5) / MFDFEV2" also ensures that a specific subject
is identified and authenticated before an explicit authentication request is sent to the TOE.
"Specification of Management Functions (FMT_SMF.1) / MFDFEV2" defines security
management functions the TSF shall be capable to perform.
"Trusted path (FTP_TRP.1) / MFDFEV2" requires a trusted communication path between
the TOE and remote users; FTP_TRP.1.3 especially requires “authentication requests”.
Together with "Replay detection (FPT_RPL.1) / MFDFEV2" which requires a replay
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
58/81 SMD_MFDFEV2_ST31P450_ST_21_002
detection for these authentication requests, the eight security functional requirements fulfil
the objective O.Authentication-MFDFEV2.
Security objective “MFDFEV2 Confidential Communication (O.Encryption-
MFDFEV2)”
222 The justification related to the security objective “MFDFEV2 Confidential communication
(O.Encryption-MFDFEV2)” is as follows:
223 The security functional requirement "Cryptographic operation - MFDFEV2-AES" requires
that the TOE provides the basic cryptographic algorithm AES that can be used to protect the
communication by encryption.
"Trusted path (FTP_TRP.1) / MFDFEV2" requires a trusted communication path between
the TOE and remote users; FTP_TRP.1.3 especially requires “confidentiality and/or data
integrity verification for data transfers protected with AES and based on a setting in the file
attributes”.
"Cryptographic key destruction (FCS_CKM.4) / MFDFEV2" requires that cryptographic keys
used for encryption have to be removed after usage.
These three security functional requirements fulfill the objective O.Encryption-MFDFEV2.
Security objective “MFDFEV2 Integrity-protected Communication (O.MAC-
MFDFEV2)”
224 The justification related to the security objective “MFDFEV2 Integrity-protected
Communication (O.MAC-MFDFEV2)” is as follows:
225 The security functional requirement "Cryptographic operation - MFDFEV2-AES" requires
that the TOE provides the basic cryptographic algorithms that can be used to compute a
MAC which can protect the integrity of the communication.
"Trusted path (FTP_TRP.1) / MFDFEV2" requires a trusted communication path between
the TOE and remote users; FTP_TRP.1.3 especially requires “confidentiality and/or data
integrity verification for data transfers on request of the file owner”.
"Cryptographic key destruction (FCS_CKM.4) / MFDFEV2" requires that cryptographic keys
used for MAC operations have to be removed after usage.
Together with "Replay detection (FPT_RPL.1) / MFDFEV2" which requires a replay
detection for these data transfers, the four security functional requirements fulfill the
objective O.MAC-MFDFEV2.
Security objective “MFDFEV2 Data type consistency (O.Type-Consistency-
MFDFEV2)”
226 The justification related to the security objective “MFDFEV2 Data type consistency (O.Type-
Consistency-MFDFEV2)” is as follows:
227 The security functional requirement "Inter-TSF basic TSF data consistency (FPT_TDC.1) /
MFDFEV2" requires the TOE to consistently interpret data files and values. The TOE will
honor the respective file formats and boundaries (i.e. upper and lower limits, size
limitations). This meets the objective O.Type-Consistency-MFDFEV2.
Security objective “MFDFEV2 Transaction mechanism (O.Transaction-
MFDFEV2)”
228 The justification related to the security objective “MFDFEV2 Transaction mechanism
(O.Transaction-MFDFEV2)” is as follows:
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 59/81
229 The security functional requirement "Basic rollback (FDP_ROL.1) / MFDFEV2" requires the
possibility to rollback a set of modifying operations on backup files in total. The set of
operations is defined by the scope of the transaction, which is itself limited by some
boundary events. This fulfills the objective O.Transaction-MFDFEV2.
Security objective “Preventing traceability for MFDFEV2 (O.No-Trace-
MFDFEV2)”
230 The justification related to the security objective “Preventing traceability for MFDFEV2
(O.No-Trace-MFDFEV2)” is as follows:
231 The security functional requirement "Unlinkability (FPR_UNL.1) / MFDFEV2" requires that
unauthorised subjects other than the card holder are unable to determine whether any
operation of the TOE were caused by the same user. This meets the objective O.No-Trace-
MFDFEV2.
Security objective “NVM resource availability for MFDFEV2 (O.Resource-
MFDFEV2)”
232 The justification related to the security objective “Resource availability for MFDFEV2
(O.Resource-MFDFEV2)” is as follows:
233 The security functional requirement "Minimum and maximum quotas (FRU_RSA.2) /
MFDFEV2" requires that sufficient parts of the NVM and RAM are reserved for MFDFEV2
use. This fulfills the objective O.Resource-MFDFEV2.
Security objective “MFDFEV2 code integrity check (O.Verification-MFDFEV2)”
234 The justification related to the security objective “MFDFEV2 code integrity check
O.Verification-MFDFEV2)” is as follows:
235 The security functional requirements "Subset access control FDP_ACC.1 / Memories " and
"Security attribute based access control FDP_ACF.1 / Memories", supported by "Static
attribute initialisation FMT_MSA.3 / Memories", ensure that MFDFEV2 code integrity is
protected. In addition, the security functional requirement "Failure with preservation of
secure state FPT_FLS.1" ensures that in case of error on NVM, MFDFEV2 execution is
stopped. This meets the objective O.Verification-MFDFEV2.
Security objective “MFDFEV2 firewall (O.Firewall-MFDFEV2)”
236 The justification related to the security objective “MFDFEV2 firewall (O.Firewall-
MFDFEV2)” is as follows:
237 The security functional requirements "Subset access control FDP_ACC.1 / Memories" and
"Security attribute based access control FDP_ACF.1 / Memories", supported by "Static
attribute initialisation FMT_MSA.3 / Memories", require that no application can read, write,
compare any piece of data or code belonging to MFDFEV2. This meets the objective
O.Firewall-MFDFEV2.
Security objective “MFDFEV2 data cleaning for resource sharing (O.Shr-Res-
MFDFEV2)”
238 The justification related to the security objective “MFDFEV2 data cleaning for resource
sharing (O.Shr-Res-MFDFEV2)” is as follows:
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
60/81 SMD_MFDFEV2_ST31P450_ST_21_002
239 The security functional requirement "Subset residual information protection (FDP_RIP.1) /
MFDFEV2" requires that the information content of a resource is made unavailable upon its
deallocation from MFDFEV2. This meets the objective O.Shr-Res-MFDFEV2.
5.4.3 Additional security requirements are consistent
"Security roles (FMT_SMR.1 / MFDFEV2),
Subset access control (FDP_ACC.1 / MFDFEV2),
Security attribute based access control (FDP_ACF.1 / MFDFEV2),
Static attribute initialisation (FMT_MSA.3 / MFDFEV2),
Management of security attributes (FMT_MSA.1 / MFDFEV2),
Specification of TSF data (FMT_MTD.1 / MFDFEV2)
Specification of management function (FMT_SMF.1 / MFDFEV2)
Import of user data with security attributes (FDP_ITC.2 / MFDFEV2)
Cryptographic key destruction (FCS_CKM.4 / MFDFEV2)"
240 These security requirements have already been argued in Section : Security objective
“Access control for MFDFEV2 (O.Access-Control-MFDFEV2)” above.
"User identification before any action (FIA_UID.2 / MFDFEV2),
User authentication before any action (FIA_UAU.2 / MFDFEV2),
Multiple authentication mechanisms (FIA_UAU.5 / MFDFEV2)"
241 These security requirements have already been argued in Section : Security objective
“Authentication for MFDFEV2 (O.Authentication-MFDFEV2)” above.
"Trusted path (FTP_TRP.1 / MFDFEV2),
Replay detection (FPT_RPL.1 / MFDFEV2)"
242 These security requirements have already been argued in Section : Security objective
“MFDFEV2 Integrity-protected Communication (O.MAC-MFDFEV2)” above.
"Inter-TSF basic TSF data consistency (FPT_TDC.1 / MFDFEV2)"
243 This security requirement has already been argued in Section : Security objective
“MFDFEV2 Confidential Communication (O.Encryption-MFDFEV2)” above.
"Basic rollback (FDP_ROL.1 / MFDFEV2)"
244 This security requirement has already been argued in Section : Security objective
“MFDFEV2 Transaction mechanism (O.Transaction-MFDFEV2)” above.
"Unlinkability (FPR_UNL.1 / MFDFEV2)"
245 This security requirement has already been argued in Section : Security objective
“Preventing traceability for MFDFEV2 (O.No-Trace-MFDFEV2)” above.
"Minimum and maximum quotas (FRU_RSA.2 / MFDFEV2)"
246 This security requirement has already been argued in Section : Security objective “NVM
resource availability for MFDFEV2 (O.Resource-MFDFEV2)” above.
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 61/81
"Subset residual information protection (FDP_RIP.1 / MFDFEV2)"
247 This security requirement has already been argued in Section : Security objective
“MFDFEV2 data cleaning for resource sharing (O.Shr-Res-MFDFEV2)” above.
5.4.4 Dependencies of Security Functional Requirements
248 All dependencies of Security Functional Requirements have been fulfilled in this Security
Target except :
• those justified in the BSI-CC-PP-0084-2014 protection profile security requirements
rationale,
• those justified in the ST31P450 A04 Security Target for composition [PF-ST] security
requirements rationale,
• those justified in [AUG] security requirements rationale.
249 Details are provided in Table 10 below.
250 Note that in order to avoid repetitions of the SFRs iterated in this Security Target, and
improve readability, some are mentioned in a generic form in this table.
Table 10. Dependencies of security functional requirements
Label Dependencies
Fulfilled by security
requirements in this
Security Target
Dependency already
in BSI-CC-PP-0084-2014, in
[PF-ST] or in [AUG]
FRU_FLT.2 FPT_FLS.1 Yes Yes, BSI-CC-PP-0084-2014
FPT_FLS.1 None No dependency Yes, BSI-CC-PP-0084-2014
FMT_LIM.1 / Test FMT_LIM.2 / Test Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.2 / Test FMT_LIM.1 / Test Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.1 / Loader FMT_LIM.2 / Loader Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.2 / Loader FMT_LIM.1 / Loader Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.1 / Stest FMT_LIM.2 / Stest Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.2 / Stest FMT_LIM.1 / Stest Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.1 / Sdiag FMT_LIM.2 / Sdiag Yes Yes, BSI-CC-PP-0084-2014
FMT_LIM.2 / Sdiag FMT_LIM.1 / Sdiag Yes Yes, BSI-CC-PP-0084-2014
FAU_SAS.1 None No dependency Yes, BSI-CC-PP-0084-2014
FDP_SDC.1 None No dependency Yes, BSI-CC-PP-0084-2014
FDP_SDI.2 None No dependency Yes, BSI-CC-PP-0084-2014
FPT_PHP.3 None No dependency Yes, BSI-CC-PP-0084-2014
FDP_ITT.1
FDP_ACC.1 or
FDP_IFC.1
Yes, by FDP_ACC.1 /
Memories and
FDP_IFC.1
Yes, BSI-CC-PP-0084-2014
FPT_ITT.1 None No dependency Yes, BSI-CC-PP-0084-2014
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
62/81 SMD_MFDFEV2_ST31P450_ST_21_002
FDP_IFC.1 FDP_IFF.1
No, see BSI-CC-PP-
0084-2014
Yes, BSI-CC-PP-0084-2014
FCS_RNG.1 None No dependency Yes, BSI-CC-PP-0084-2014
FCS_COP.1
[FDP_ITC.1 or
FDP_ITC.2 or
FCS_CKM.1]
Yes, by FCS_CKM.1, see
[PF-ST]
Yes, [AUG] #1
FCS_CKM.4 No, see [PF-ST]
FCS_CKM.1
[FDP_CKM.2 or
FCS_COP.1]
Yes, by FCS_COP.1
FCS_CKM.4 No, see [PF-ST]
FDP_ACC.1 /
Memories
FDP_ACF.1 /
Memories
Yes Yes, [PF-ST]
FDP_ACF.1 /
Memories
FDP_ACC.1 /
Memories
Yes, by FDP_ACC.1 /
Memories
Yes, [PF-ST]
FMT_MSA.3 /
Memories
Yes
FMT_MSA.3 /
Memories
FMT_MSA.1 /
Memories
Yes
Yes, [PF-ST]
FMT_SMR.1 /
Memories
No, see [AUG] #4
FMT_MSA.1 /
Memories
[FDP_ACC.1 /
Memories or
FDP_IFC.1]
Yes, by FDP_ACC.1 /
Memories and
FDP_IFC.1
Yes, [PF-ST]
FMT_SMF.1 /
Memories
Yes Yes, [PF-ST]
FMT_SMR.1 /
Memories
No Yes, [PF-ST]
FMT_SMF.1 /
Memories
None No dependency Yes, [PF-ST]
FIA_API.1 None No dependency Yes, BSI-CC-PP-0084-2014
FTP_ITC.1 / Loader None No dependency Yes, BSI-CC-PP-0084-2014
FDP_UCT.1 /
Loader
[FTP_ITC.1 / Loader
or FTP_TRP.1 /
Loader]
Yes, by FTP_ITC.1 /
Loader
Yes, BSI-CC-PP-0084-2014
[FDP_ACC.1 /
Loader or
FDP_IFC.1 / Loader]
Yes, by FDP_ACC.1 /
Loader
Table 10. Dependencies of security functional requirements (continued)
Label Dependencies
Fulfilled by security
requirements in this
Security Target
Dependency already
in BSI-CC-PP-0084-2014, in
[PF-ST] or in [AUG]
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 63/81
FDP_UIT.1 / Loader
[FTP_ITC.1 / Loader
or FTP_TRP.1 /
Loader]
Yes, by FTP_ITC.1 /
Loader
Yes, BSI-CC-PP-0084-2014
[FDP_ACC.1 /
Loader or
FDP_IFC.1 / Loader]
Yes, by FDP_ACC.1 /
Loader
FDP_ACC.1 /
Loader
FDP_ACF.1 / Loader Yes Yes, [PF-ST]
FDP_ACF.1 /
Loader
FDP_ACC.1 /
Loader
Yes
Yes, [PF-ST]
FMT_MSA.3 /
Loader
Yes
FMT_MSA.3 /
Loader
FMT_MSA.1 /
Loader
Yes
Yes, [PF-ST]
FMT_SMR.1 /
Loader
Yes
FMT_MSA.1 /
Loader
[FDP_ACC.1 /
Loader or
FDP_IFC.1]
Yes
Yes, [PF-ST]
FDP_SMF.1 / Loader Yes
FDP_SMR.1 /
Loader
Yes
FMT_SMR.1 /
Loader
FIA_UID.1 / Loader Yes Yes, [PF-ST]
FIA_UID.1 / Loader None No dependency Yes, [PF-ST]
FIA_UAU.1 / Loader FIA_UID.1 / Loader Yes Yes, [PF-ST]
FDP_SMF.1 /
Loader
None No dependency Yes, [PF-ST]
FPT_FLS.1 / Loader None No dependency Yes, [PF-ST]
FAU_SAS.1 /
Loader
None No dependency Yes, BSI-CC-PP-0084-2014
FAU_SAR.1 /
Loader
FAU_GEN.1
No, by FAU_SAS.1 /
Loader instead, see [PF-
ST]
Yes, [PF-ST]
FTP_ITC.1 / Sdiag None No dependency Yes, [PF-ST]
FAU_SAR.1 / Sdiag FAU_GEN.1 No, see [PF-ST] Yes, [PF-ST]
Table 10. Dependencies of security functional requirements (continued)
Label Dependencies
Fulfilled by security
requirements in this
Security Target
Dependency already
in BSI-CC-PP-0084-2014, in
[PF-ST] or in [AUG]
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
64/81 SMD_MFDFEV2_ST31P450_ST_21_002
FMT_SMR.1 /
MFDFEV2
FIA_UID.1 /
MFDFEV2
Yes, by FIA_UID.2 /
MFDFEV2
No, CCMB-2017-04-002 R5
FDP_ACC.1 /
MFDFEV2
FDP_ACF.1 /
MFDFEV2
Yes No, CCMB-2017-04-002 R5
FDP_ACF.1 /
MFDFEV2
FDP_ACC.1 /
MFDFEV2
Yes
No, CCMB-2017-04-002 R5
FMT_MSA.3 /
MFDFEV2
Yes
FMT_MSA.3 /
MFDFEV2
FMT_MSA.1 /
MFDFEV2
Yes
No, CCMB-2017-04-002 R5
FMT_SMR.1 /
MFDFEV2
Yes
FMT_MSA.1 /
MFDFEV2
[FDP_ACC.1 /
MFDFEV2 or
FDP_IFC.1]
Yes, by FDP_ACC.1 /
MFDFEV2
No, CCMB-2017-04-002 R5
FMT_SMF.1 /
MFDFEV2
Yes
FMT_SMR.1 /
MFDFEV2
Yes
FMT_SMF.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FDP_ITC.2 /
MFDFEV2
[FDP_ACC.1 /
MFDFEV2 or
FDP_IFC.1]
Yes, by FDP_ACC.1 /
MFDFEV2
No, CCMB-2017-04-002 R5
[FTP_ITC.1 or
FTP_TRP.1 /
MFDFEV2]
Yes, by FTP_TRP.1 /
MFDFEV2
FPT_TDC.1 /
MFDFEV2
Yes
FPT_TDC.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FIA_UID.2 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FIA_UAU.2 /
MFDFEV2
FIA_UID.1
Yes, by FIA_UID.2 /
MFDFEV2
No, CCMB-2017-04-002 R5
FIA_UAU.5 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
Table 10. Dependencies of security functional requirements (continued)
Label Dependencies
Fulfilled by security
requirements in this
Security Target
Dependency already
in BSI-CC-PP-0084-2014, in
[PF-ST] or in [AUG]
MIFARE DESFire EV2 on ST31P450 Security Target for composition Securityrequirements
SMD_MFDFEV2_ST31P450_ST_21_002 65/81
5.4.5 Rationale for the Assurance Requirements
Security assurance requirements added to reach EAL5
251 Regarding application note 22 of BSI-CC-PP-0084-2014, this Security Target chooses EAL5
because developers and users require a high level of independently assured security in a
planned development and require a rigorous development approach without incurring
unreasonable costs attributable to specialist security engineering techniques.
252 EAL5 represents a meaningful increase in assurance from EAL4 by requiring semiformal
design descriptions, a more structured (and hence analyzable) architecture, extensive
testing, and improved mechanisms and/or procedures that provide confidence that the TOE
will not be tampered during development.
253 The assurance components in an evaluation assurance level (EAL) are chosen in a way that
they build a mutually supportive and complete set of components. The requirements chosen
for augmentation do not add any dependencies, which are not already fulfilled for the
corresponding requirements contained in EAL5. Therefore, these components add
additional assurance to EAL5, but the mutual support of the requirements and the internal
consistency is still guaranteed.
FMT_MTD.1 /
MFDFEV2
FMT_SMR.1 /
MFDFEV2
Yes
No, CCMB-2017-04-002 R5
FMT_SMF.1 /
MFDFEV2
Yes
FTP_TRP.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FCS_CKM.4 /
MFDFEV2
[FDP_ITC.1 or
FDP_ITC.2 /
MFDFEV2 or
FCS_CKM.1]
Yes, by FDP_ITC.2 /
MFDFEV2
No, CCMB-2017-04-002 R5
FDP_ROL.1 /
MFDFEV2
[FDP_ACC.1 /
MFDFEV2 or
FDP_IFC.1]
Yes, by FDP_ACC.1 /
MFDFEV2
No, CCMB-2017-04-002 R5
FPT_RPL.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FPR_UNL.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FRU_RSA.2 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
FDP_RIP.1 /
MFDFEV2
None No dependency No, CCMB-2017-04-002 R5
Table 10. Dependencies of security functional requirements (continued)
Label Dependencies
Fulfilled by security
requirements in this
Security Target
Dependency already
in BSI-CC-PP-0084-2014, in
[PF-ST] or in [AUG]
Security requirements (ASE_REQ)MIFARE DESFire EV2 on ST31P450 Security Target for compo-
66/81 SMD_MFDFEV2_ST31P450_ST_21_002
254 Note that detailed and updated refinements for assurance requirements are given in
Section 5.3.
Dependencies of assurance requirements
255 Dependencies of security assurance requirements are fulfilled by the EAL5 package
selection.
256 The augmentation to this package identified in Section 5.2 does not introduce dependencies
not already satisfied by the EAL5 package, and is considered as consistent augmentation:
• ASE_TSS.2 dependencies (ASE_INT.1, ASE_REQ.1 and ADV_ARC.1) are fulfilled by
the assurance requirements claimed by this ST,
• ALC_DVS.2 and AVA_VAN.5 dependencies have been justified in BSI-CC-PP-0084-
2014,
• ALC_FLR.1 has no dependency.
MIFARE DESFire EV2 on ST31P450 Security Target for composition TOE summary specification
SMD_MFDFEV2_ST31P450_ST_21_002 67/81
6 TOE summary specification (ASE_TSS)
257 This section demonstrates how the TOE meets each Security Functional Requirement, and
includes a statement of compatibility vs. the Platform Security Target [PF-ST].
6.1 TOE Security Functional Requirements realisation
258 This section argues how the TOE meets each SFR.
259 The TOE is evaluated as a composite TOE, made of the underlying hardware platform and
the MIFARE DESFire EV2 library on top of it.
260 Consequently, the ST31P450 A04 Security Target for composition details how all the
platform SFRs are met, and in the following only the SFRs related to MFDFEV2 are
addressed.
6.1.1 Security roles (FMT_SMR.1) / MFDFEV2
261 MFDFEV2 supports the assignment of roles to users through the assignment of different
keys for the different roles and through the structure and configuration of the access rights.
This allows to distinguish between the roles of Admin, AppMgr, DelAppMgr, AppUser,
AppChangeUser, AppRollUser and OrigKeyUser.
6.1.2 Subset access control (FDP_ACC.1) / MFDFEV2
262 For each MFDFEV2 command subject to access control, the MFDFEV2 library verifies if the
MFDFEV2 access conditions are satisfied and returns an error when this is not the case.
6.1.3 Security attribute based access control (FDP_ACF.1) / MFDFEV2
263 The MFDFEV2 library verifies the MFDFEV2 security attributes during the execution of
MFDFEV2 commands to enforce the Access Control Policy defined by the MFDFEV2
interface specification.
6.1.4 Static attribute initialisation (FMT_MSA.3) / MFDFEV2
264 The MFDFEV2 library initialises all the static attributes to the values defined by MFDFEV2
interface specifications before they can be used by the Embedded Software.
6.1.5 Management of security attributes (FMT_MSA.1) / MFDFEV2
265 The MFDFEV2 library verifies the MFDFEV2 security attributes during the execution of
MFDFEV2 commands to enforce the Access Control Policy on the security attributes.
6.1.6 Specification of Management Functions (FMT_SMF.1) / MFDFEV2
266 The MFDFEV2 library implements the management functions defined by the MFDFEV2
interface specifications for authentication, changing security attributes and creating or
deleting an application, a value or a data file.
TOE summary specification (ASE_TSS) MIFARE DESFire EV2 on ST31P450 Security Target for
68/81 SMD_MFDFEV2_ST31P450_ST_21_002
6.1.7 Import of user data with security attributes (FDP_ITC.2) / MFDFEV2
267 The MFDFEV2 library implements the MFDFEV2 interface specifications and enforces the
Access Control Policy to associate the user data to the security attributes.
6.1.8 Inter-TSF basic TSF data consistency (FPT_TDC.1) / MFDFEV2
268 The MFDFEV2 library implements the MFDFEV2 interface specifications, supporting
consistent interpretation and modification control of inter-TSF exchanges.
6.1.9 Cryptographic operation (FCS_COP.1) / MFDFEV2-DES
269 The MFDFEV2 library uses Triple DES as cryptographic operation (EDES+ accelerator), to
perform encryption and decryption used for authentication in accordance with NIST SP 800-
67 and NIST SP 800-38A, in one of the following modes of operation: CBC and 3-key Triple-
DES with a cryptographic key size of 168 bits.
6.1.10 Cryptographic operation (FCS_COP.1) / MFDFEV2-AES
270 The MFDFEV2 library uses AES as cryptographic operation (AES accelerator), to perform
encryption and decryption and cipher based MAC for authentication and communication in
accordance with FIPS 197, NIST SP 800-38A and NIST SP 800-38B, in one of the following
modes of operation: CBC, CMAC with a cryptographic key size of 128 bits.
271 Cryptographic operations are used for setting up the mutual authentication, for encryption
and message authentication.
6.1.11 Cryptographic key destruction (FCS_CKM.4) / MFDFEV2
272 The MFDFEV2 library erases key values from memory after their context becomes
obsolete.
6.1.12 User identification before any action (FIA_UID.2) / MFDFEV2
273 The MFDFEV2 library identifies the user through the key selected for authentication as
specified by the MFDFEV2 Interface Specification.
6.1.13 User authentication before any action (FIA_UAU.2) / MFDFEV2
274 During the authentication, the MFDFEV2 library verifies that the user knows the selected
key.
275 After this authentication, both parties share a session key.
6.1.14 Multiple authentication mechanisms (FIA_UAU.5) / MFDFEV2
276 The MFDFEV2 library implements the MFDFEV2 Interface Specification, that has a
mechanism to authenticate Admin, AppMgr, DelAppMgr, AppUser, AppChangeUser,
AppRollUser and OrigKeyUser, while Anybody is assumed when there is no valid
authentication state.
277 Two types of authentication are supported: the native MFDFEV2 3-pass authentication and
the ISO authentication.
MIFARE DESFire EV2 on ST31P450 Security Target for composition TOE summary specification
SMD_MFDFEV2_ST31P450_ST_21_002 69/81
6.1.15 Management of TSF data (FMT_MTD.1) / MFDFEV2
278 The MFDFEV2 library implements the MFDFEV2 Interface Specification, restricting key
modifications in ways configurable through the security attributes to authenticated users, or
disabling key modification capabilities.
6.1.16 Trusted path (FTP_TRP.1) / MFDFEV2
279 The MFDFEV2 library implements the MFDFEV2 Interface Specification allowing to
establish and enforce a trusted path between itself and remote users.
6.1.17 Basic rollback (FDP_ROL.1) / MFDFEV2
280 The MFDFEV2 library implements the MFDFEV2 transaction mechanism ensuring that
either all or none of the (modifying) file commands within a transaction are performed. If not,
they are rolled back.
6.1.18 Replay detection (FPT_RPL.1) / MFDFEV2
281 The MFDFEV2 library implements the MFDFEV2 authentication command, and
authenticated commands, that allow replay detection.
6.1.19 Unlinkability (FPR_UNL.1) / MFDFEV2
282 MFDFEV2 provides an Administrator option to use random UID during the ISO 14443 anti-
collision sequence, preventing the traceability through UID. At higher level, the MFDFEV2
access control - when configured for this purpose - provides traceability protection.
6.1.20 Minimum and maximum quotas (FRU_RSA.2) / MFDFEV2
283 The MFDFEV2 library ensures the memory required for its operation is available.
6.1.21 Subset residual information protection (FDP_RIP.1) / MFDFEV2
284 At the end of commands execution or upon interrupt, the MFDFEV2 library cleans the
confidential data from registers it uses.
6.2 Statement of compatibility
285 This section details the statement of compatibility between this Security Target and the
Platform Security Target [PF-ST].
286 The following mappings regarding SFRs, objectives and assurance requirements
demonstrate that there is no inconsistency between this composite Security Target and the
ST31P450 A04 Security Target for composition.
6.2.1 Compatibility of security objectives
287 There is no conflict between the security objectives of this Security Target and those of the
Platform Security Target [PF-ST]:
TOE summary specification (ASE_TSS) MIFARE DESFire EV2 on ST31P450 Security Target for
70/81 SMD_MFDFEV2_ST31P450_ST_21_002
288 There is no conflict between the security objectives for the environment of this Security
Target and those of the Platform Security Target [PF-ST]:
Table 11. Platform Security Objectives vs. TOE Security Objectives
Platform Security Objectives TOE Security Objectives
BSI.O.Leak-Inherent BSI.O.Leak-Inherent
BSI.O.Phys-Probing BSI.O.Phys-Probing
BSI.O.Malfunction BSI.O.Malfunction
BSI.O.Phys-Manipulation BSI.O.Phys-Manipulation
BSI.O.Leak-Forced BSI.O.Leak-Forced
BSI.O.Abuse-Func BSI.O.Abuse-Func
BSI.O.Identification BSI.O.Identification
BSI.O.RND BSI.O.RND
BSI.O.Authentication BSI.O.Authentication
BSI.O.Cap-Avail-Loader BSI.O.Cap-Avail-Loader
BSI.O.Ctrl-Auth-Loader BSI.O.Ctrl-Auth-Loader
JIL.O.Prot-TSF-Confidentiality JIL.O.Prot-TSF-Confidentiality
JIL.O.Secure-Load-ACode JIL.O.Secure-Load-ACode
JIL.O.Secure-AC-Activation JIL.O.Secure-AC-Activation
JIL.O.TOE-Identification JIL.O.TOE-Identification
O.Secure-Load-AMemImage O.Secure-Load-AMemImage
O.MemImage-Identification O.MemImage-Identification
AUG1.O.Add-Functions AUG1.O.Add-Functions
O.Authentication-MFDFEV2
O.Encryption-MFDFEV2
O.MAC-MFDFEV2
AUG4.O.Mem-Access AUG4.O.Mem-Access
O.Firewall-MFDFEV2
O.Verification-MFDFEV2
Additional objectives:
O.Access-Control-MFDFEV2
O.Type-Consistency-MFDFEV2
O.Transaction-MFDFEV2
O.No-Trace-MFDFEV2
O.Resource-MFDFEV2
O.Shr-Res-MFDFEV2
MIFARE DESFire EV2 on ST31P450 Security Target for composition TOE summary specification
SMD_MFDFEV2_ST31P450_ST_21_002 71/81
6.2.2 Compatibility of Security Functional Requirements
289 All platform SFRs are relevant for this Composite ST.
290 The Composite ST SFRs do not show any conflict with the platform SFRs.
291 The following platform SFRs are used by this Composite ST because of their security
properties providing protection against attacks to the TOE as a whole:
• FRU_FLT.2,
• FDP_SDC.1,
• FDP_SDI.2,
• FPT_PHP.3,
• FDP_ITT.1,
• FPT_ITT.1,
• FDP_IFC.1,
FPT_FLS.1 in order to generate a software reset,
FCS_RNG.1 for the provision of random numbers,
FDP_ITT.1, FPT_ITT.1, FDP_IFC.1 for side-channel protection.
292 Complementary, the Table 13 below shows the mapping between the Platform SFRs
specifically used to implement a security service by SFRs of this Composite ST.
Table 12. Platform Security Objectives for the Environment vs. TOE Security Objectives for the
Environment
Platform Security Objectives for the Environment TOE Security Objectives for the Environment
BSI.OE.Resp-Appl BSI.OE.Resp-Appl
BSI.OE.Process-Sec-IC BSI.OE.Process-Sec-IC
BSI.OE.Lim-Block-Loader BSI.OE.Lim-Block-Loader
BSI.OE.Loader-Usage BSI.OE.Loader-Usage
BSI.OE.TOE-Auth BSI.OE.TOE-Auth
OE.Enable-Disable-Secure-Diag OE.Enable-Disable-Secure-Diag
OE.Secure-Diag-Usage OE.Secure-Diag-Usage
OE.Composite-TOE-Id OE.Composite-TOE-Id
OE.TOE-Id OE.TOE-Id
Additional objectives for the environment:
OE.Secure-Values
OE.Terminal-Support
Table 13. Platform Security Functional Requirements vs. TOE Security Functional
Requirements
Platform SFR Composite ST SFRs
FRU_FLT.2 FRU_FLT.2
FPT_FLS.1 FPT_FLS.1
TOE summary specification (ASE_TSS) MIFARE DESFire EV2 on ST31P450 Security Target for
72/81 SMD_MFDFEV2_ST31P450_ST_21_002
FMT_LIM.1 / Test FMT_LIM.1 / Test
FMT_LIM.2 / Test FMT_LIM.2 / Test
FAU_SAS.1 FAU_SAS.1
FDP_SDC.1 FDP_SDC.1
FDP_SDI.2 FDP_SDI.2
FPT_PHP.3 FPT_PHP.3
FDP_ITT.1 FDP_ITT.1
FPT_ITT.1 FPT_ITT.1
FDP_IFC.1 FDP_IFC.1
FCS_RNG.1 FCS_RNG.1
FCS_COP.1 / TDES FCS_COP.1 / TDES
FCS_COP.1 / MFDFEV2-DES
FCS_COP.1 / AES FCS_COP.1 / AES
FCS_COP.1 / MFDFEV2-AES
FDP_ACC.2 / Memories FDP_ACC.2 / Memories
FDP_ACF.1 / Memories FDP_ACF.1 / Memories
FMT_MSA.3 / Memories FMT_MSA.3 / Memories
FMT_MSA.1 / Memories FMT_MSA.1 / Memories
FMT_SMF.1 / Memories FMT_SMF.1 / Memories
FIA_API.1 FIA_API.1
FMT_LIM.1 / Loader FMT_LIM.1 / Loader
FMT_LIM.2 / Loader FMT_LIM.2 / Loader
FTP_ITC.1 / Loader FTP_ITC.1 / Loader
FDP_UCT.1 / Loader FDP_UCT.1 / Loader
FDP_UIT.1 / Loader FDP_UIT.1 / Loader
FDP_ACC.1 / Loader FDP_ACC.1 / Loader
FDP_ACF.1 / Loader FDP_ACF.1 / Loader
FMT_MSA.3 / Loader FMT_MSA.3 / Loader
FMT_MSA.1 / Loader FMT_MSA.1 / Loader
FMT_SMR.1 / Loader FMT_SMR.1 / Loader
FIA_UID.1 / Loader FIA_UID.1 / Loader
FIA_UAU.1 / Loader FIA_UAU.1 / Loader
Table 13. Platform Security Functional Requirements vs. TOE Security Functional
Requirements (continued)
Platform SFR Composite ST SFRs
MIFARE DESFire EV2 on ST31P450 Security Target for composition TOE summary specification
SMD_MFDFEV2_ST31P450_ST_21_002 73/81
6.2.3 Compatibility of Security Assurance Requirements
293 The level of assurance of the TOE is EAL5 augmented with ASE_TSS.2, ALC_DVS.2,
AVA_VAN.5 and ALC_FLR.1, while the level of assurance of the Platform is EAL5
augmented with ALC_DVS.2 and AVA_VAN.5.
294 Therefore, the set of Security Assurance Requirements of this composite evaluation is
identical to the Security Assurance Requirements of the underlying platform, except
ASE_TSS.2 and ALC_FLR.1 which are specific to the Security Target.
295 There is no conflict regarding the Security Assurance Requirements.
FMT_SMF.1 / Loader FMT_SMF.1 / Loader
FPT_FLS.1 / Loader FPT_FLS.1 / Loader
FAU_SAR.1 / Loader FAU_SAR.1 / Loader
FAU_SAS.1 / Loader FAU_SAS.1 / Loader
FTP_ITC.1 / Sdiag FTP_ITC.1 / Sdiag
FAU_SAR.1 / Sdiag FAU_SAR.1 / Sdiag
FMT_LIM.1 / Sdiag FMT_LIM.1 / Sdiag
FMT_LIM.2 / Sdiag FMT_LIM.2 / Sdiag
Table 13. Platform Security Functional Requirements vs. TOE Security Functional
Requirements (continued)
Platform SFR Composite ST SFRs
Identification MIFARE DESFire EV2 on ST31P450 Security Target for composition
74/81 SMD_MFDFEV2_ST31P450_ST_21_002
7 Identification
Table 14. TOE components
Platform identification Library identification
IC Maskset
name
IC version
Master identification
number
Firmware
version
MIFARE DESFire EV2 version
K410A C 0x01F1h 3.1.1 and 3.1.2 1.0.4
Table 15. Guidance documentation
Component description Reference Version
MIFARE® DESFire® EV2 library v1.0 for the ST31P platform
devices - User manual
UM_ST31P_MFD_EV2_1.0 2
MIFARE DESFire EV2 interface specification - Technical
note
TN_MIFARE_DESFire_EV2 1
Release note: MIFARE DESFire® EV2 library 1.0.4 on
ST31P450
RN_ST31P_MFD_EV2_1.0
.4
1
Table 16. Sites list
Site Address Activities(1)
ST Grenoble STMicroelectronics
12 rue Jules Horowitz, BP 217
38019 Grenoble Cedex
France
ES-DEV
ST Rousset STMicroelectronics
190 Avenue Célestin Coq
ZI de Rousset-Peynier
13106 Rousset Cedex
France
ES-DEV
MIFARE DESFire EV2 on ST31P450 Security Target for composition Identification
SMD_MFDFEV2_ST31P450_ST_21_002 75/81
ST Tunis STMicroelectronics
Elgazala Technopark, Raoued,
Gouvernorat de l’Ariana,
PB21, 2088 cedex, Ariana,
Tunisia
IT
ST Zaventem STMicroelectronics
Green Square, Lambroekstraat 5,
Building B 3d floor
1831 Diegem/Machelen
Belgium
ES-DEV
1. ES-DEV = development, IT = Network infrastructure
Table 16. Sites list (continued)
Site Address Activities(1)
References MIFARE DESFire EV2 on ST31P450 Security Target for composition
76/81 SMD_MFDFEV2_ST31P450_ST_21_002
8 References
Table 17. Common Criteria
Component description Reference Version
Common Criteria for Information Technology Security
Evaluation - Part 1: Introduction and general model, April 2017
CCMB-2017-04-001 R5 3.1 Rev 5
Common Criteria for Information Technology Security
Evaluation - Part 2: Security functional components, April 2017
CCMB-2017-04-002 R5 3.1 Rev 5
Common Criteria for Information Technology Security
Evaluation - Part 3: Security assurance components, April 2017
CCMB-2017-04-003 R5 3.1 Rev 5
Table 18. Platform Security Target
Ref Component description Reference Version
[PF-ST] ST31P450 A04 Security Target for composition SMD_ST31P450_ST_19
_006
A04.1
Table 19. Protection Profile and other related standards
Ref Component description Reference Version
[PP0084] Eurosmart - Security IC Platform Protection Profile
with Augmentation Packages
BSI-CC-PP-0084-2014 1.0
[AUG] Smartcard Integrated Circuit Platform
Augmentations, March 2002.
1.0
[JILSR] Security requirements for post-delivery code loading,
Joint Interpretation Library, February 2016
1.0
Table 20. Other standards
Ref Identifier Description
[1] BSI-AIS20/AIS31 A proposal for: Functionality classes for random number generators,
W. Killmann & W. Schindler
BSI, Version 2.0, 18-09-2011
[2] NIST SP 800-67 NIST SP 800-67 Rev.2, Recommendation for the Triple Data Encryption
Algorithm (TDEA) Block Cipher, November 2017, National Institute of
Standards and Technology
[3] FIPS 197 FIPS 197, Advanced Encryption Standard (AES), National Institute of
Standards and Technology (NIST), November 2001
[4] NIST SP 800-38A NIST SP 800-38A: Recommendation for Block Cipher Modes of
Operation, 2001, with Addendum Recommendation for Block Cipher
Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode,
October 2010
MIFARE DESFire EV2 on ST31P450 Security Target for composition References
SMD_MFDFEV2_ST31P450_ST_21_002 77/81
[5] NIST SP 800-38B NIST special publication 800-38B: Recommendation for Block Cipher
Modes of Operation: The CMAC Mode for Authentication, National
Institute of Standards and Technology (NIST), June 2016
[6] ANSSI-PP0084.03 PP0084: Interpretations, ANSSI, April 2016
Table 20. Other standards
Ref Identifier Description
Glossary MIFARE DESFire EV2 on ST31P450 Security Target for composition
78/81 SMD_MFDFEV2_ST31P450_ST_21_002
Appendix A Glossary
A.1 Terms
Authorised user
A user who may, in accordance with the TSP, perform an operation.
Composite product
Security IC product which includes the Security Integrated Circuit (i.e. the TOE) and the
Embedded Software and is evaluated as composite target of evaluation.
End-consumer
User of the Composite Product in Phase 7.
Integrated Circuit (IC)
Electronic component(s) designed to perform processing and/or memory functions.
IC Dedicated Software
IC proprietary software embedded in a Security IC (also known as IC firmware) and
developed by ST. Such software is required for testing purpose (IC Dedicated Test
Software) but may provide additional services to facilitate usage of the hardware and/or
to provide additional services (IC Dedicated Support Software).
IC Dedicated Test Software
That part of the IC Dedicated Software which is used to test the TOE before TOE
Delivery but which does not provide any functionality thereafter.
IC developer
Institution (or its agent) responsible for the IC development.
IC manufacturer
Institution (or its agent) responsible for the IC manufacturing, testing, and pre-
personalization.
IC packaging manufacturer
Institution (or its agent) responsible for the IC packaging and testing.
Initialisation data
Initialisation Data defined by the TOE Manufacturer to identify the TOE and to keep
track of the Security IC’s production and further life-cycle phases are considered as
belonging to the TSF data. These data are for instance used for traceability and for
TOE identification (identification data)
Object
An entity within the TSC that contains or receives information and upon which subjects
perform operations.
Packaged IC
Security IC embedded in a physical package such as micromodules, DIPs, SOICs or
TQFPs.
Pre-personalization data
Any data supplied by the Card Manufacturer that is injected into the non-volatile
memory by the Integrated Circuits manufacturer (Phase 3). These data are for instance
used for traceability and/or to secure shipment between phases. If "Package 2: Loader
dedicated for usage by authorized users only" is used the Pre-personalisation Data
MIFARE DESFire EV2 on ST31P450 Security Target for composition Glossary
SMD_MFDFEV2_ST31P450_ST_21_002 79/81
may contain the authentication reference data or key material for the trusted channel
between the TOE and the authorized users using the Loader.
Secret
Information that must be known only to authorised users and/or the TSF in order to
enforce a specific SFP.
Security IC
Composition of the TOE, the Security IC Embedded Software, User Data, and the
package.
Security IC Embedded SoftWare (ES)
Software embedded in the Security IC and not developed by the IC designer. The
Security IC Embedded Software is designed in Phase 1 and embedded into the
Security IC in Phase 3.
Security IC embedded software (ES) developer
Institution (or its agent) responsible for the security IC embedded software
development and the specification of IC pre-personalization requirements, if any.
Security attribute
Information associated with subjects, users and/or objects that is used for the
enforcement of the TSP.
Sensitive information
Any information identified as a security relevant element of the TOE such as:
– the application data of the TOE (such as IC pre-personalization requirements, IC
and system specific data),
– the security IC embedded software,
– the IC dedicated software,
– the IC specification, design, development tools and technology.
Smartcard
A card according to ISO 7816 requirements which has a non volatile memory and a
processing unit embedded within it.
Subject
An entity within the TSC that causes operations to be performed.
Test features
All features and functions (implemented by the IC Dedicated Software and/or
hardware) which are designed to be used before TOE Delivery only and delivered as
part of the TOE.
TOE Delivery
The period when the TOE is delivered which is after Phase 3 or Phase 1 in this
Security target.
TSF data
Data created by and for the TOE, that might affect the operation of the TOE.
User
Any entity (human user or external IT entity) outside the TOE that interacts with the
TOE.
User data
All data managed by the Smartcard Embedded Software in the application context.
User data comprise all data in the final Smartcard IC except the TSF data.
Glossary MIFARE DESFire EV2 on ST31P450 Security Target for composition
80/81 SMD_MFDFEV2_ST31P450_ST_21_002
A.2 Abbreviations
Table 21. List of abbreviations
Term Meaning
AIS Application notes and Interpretation of the Scheme (BSI).
BSI Bundesamt für Sicherheit in der Informationstechnik.
CBC Cipher Block Chaining.
CC Common Criteria Version 3.1. R5.
CMAC Cipher-based Message Authentication Code
DES Data Encryption Standard.
EAL Evaluation Assurance Level.
ES Security IC Embedded Software.
ES-DEV Embedded Software Development.
FIPS Federal Information Processing Standard.
IC Integrated Circuit.
ISO International Standards Organisation.
IT Information Technology.
NIST National Institute of Standards and Technology.
NVM Non Volatile Memory.
OSP Organisational Security Policy.
PP Protection Profile.
PUB Publication Series.
RAM Random Access Memory.
SAR Security Assurance Requirement.
SFP Security Function Policy.
SFR Security Functional Requirement.
ST Context dependent : STMicroelectronics or Security Target.
TDES Triple Data Encryption Standard
TOE Target of Evaluation.
TRNG True Random Number Generator.
TSC TSF Scope of Control.
TSF TOE Security Functionality.
TSP TOE Security Policy.
TSS TOE Summary Specification.
MIFARE DESFire EV2 on ST31P450 Security Target for composition
SMD_MFDFEV2_ST31P450_ST_21_002 81/81
IMPORTANT NOTICE – PLEASE READ CAREFULLY
STMicroelectronics NV and its subsidiaries (“ST”) reserve the right to make changes, corrections, enhancements, modifications, and
improvements to ST products and/or to this document at any time without notice. Purchasers should obtain the latest relevant information on
ST products before placing orders. ST products are sold pursuant to ST’s terms and conditions of sale in place at the time of order
acknowledgement.
Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or
the design of Purchasers’ products.
No license, express or implied, to any intellectual property right is granted by ST herein.
Resale of ST products with provisions different from the information set forth herein shall void any warranty granted by ST for such product.
ST and the ST logo are trademarks of ST. For additional information about ST trademarks, please refer to www.st.com/trademarks. All other
product or service names are the property of their respective owners.
Information in this document supersedes and replaces information previously supplied in any prior versions of this document.
© 2022 STMicroelectronics – All rights reserved