THD89 1.0.3—EAL5A-ST-Lite THD89 1.0.3 Secure Element version 1.0 Security Target Lite Version 0.1 Tongxin Microelectronics Co., Ltd. 2023 – 06 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:2 of 33 Tongxin Microelectronics Co., Ltd. Revision History No. Version Date Change By 1 0.1 Jun. 2023 Create Sun Nan Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:3 of 33 Tongxin Microelectronics Co., Ltd. Contents 1. ST Introduction ...................................................................................................................... 5 1.1. ST and TOE reference..................................................................................................... 5 1.2. TOE overview ................................................................................................................. 5 1.2.1. TOE.......................................................................................................................... 5 1.2.2. Non-TOE.................................................................................................................. 6 1.3. TOE description .............................................................................................................. 6 1.3.1. Physical architecture ................................................................................................ 6 1.3.2. Logical Scope........................................................................................................... 7 1.3.3. TOE components...................................................................................................... 9 1.4. Life cycle and delivery.................................................................................................. 10 2. Conformance claim .............................................................................................................. 11 2.1. CC Conformance........................................................................................................... 11 2.2. PP Claim........................................................................................................................ 11 2.3. Package claim................................................................................................................ 11 2.4. Conformance claim rationale ........................................................................................ 11 3. Security problem definition.................................................................................................. 13 3.1. Description of Assets .................................................................................................... 13 3.2. Threats........................................................................................................................... 13 3.3. Organisational security policies .................................................................................... 13 3.4. Assumptions.................................................................................................................. 14 4. Security objectives ............................................................................................................... 15 4.1. Security objectives for the TOE.................................................................................... 15 4.2. Security objectives for the security IC embedded software.......................................... 16 4.3. Security objectives for the operational environment..................................................... 16 4.4. Security objectives rationale ......................................................................................... 16 5. Extended Components Definitions....................................................................................... 18 6. Security requirements........................................................................................................... 19 6.1. Definitions..................................................................................................................... 19 6.2. Security Functional Requirements (SFR) ..................................................................... 19 6.2.1. SFRs derived from the Security IC Platform Protection Profile............................ 19 6.2.2. SFRs regarding cryptographic functionality .......................................................... 22 6.3. Security Assurance Requirements (SAR) ..................................................................... 24 6.4. Security requirements rationale..................................................................................... 25 6.4.1. Security Functional Requirements (SFR) .............................................................. 25 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:4 of 33 Tongxin Microelectronics Co., Ltd. 6.4.2. Dependencies of the SFRs...................................................................................... 26 6.4.3. Security Assurance Requirements (SAR) .............................................................. 27 7. TOE summary specification................................................................................................. 28 7.1. Malfunction ................................................................................................................... 28 7.2. Leakage ......................................................................................................................... 28 7.3. Physical manipulation and probing............................................................................... 29 7.4. Abuse of functionality and Identification...................................................................... 29 7.5. Random numbers........................................................................................................... 29 7.6. Cryptographic functionality .......................................................................................... 29 8. References ............................................................................................................................ 31 9. Appendix .............................................................................................................................. 33 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:5 of 33 1. ST Introduction This Security Target (ST) is built upon the Security IC Platform Protection Profile with Augmentation Packages [1], registered and Certified by Das Bundesamt für Sicherheit in der Informationstechnik (BSI) under the reference BSI-CC-PP-0084-2014. This chapter presents the ST reference, the reference for the Target of Evaluation (TOE), a TOE overview description and a description of the logical and physical scope of the TOE. 1.1. ST and TOE reference Table 1 Description of ST reference and TOE reference ST reference: THD89 1.0.3 Secure Element version 1.0 Security Target, version 0.1 Jun. 2023. TOE reference: THD89 1.0.3 Secure Element version 1.0 Note: THD89 1.0.3 Secure Element version 1.0 also include Crypto Library version 2.1.0, Crypto SU library version 2.2.0, CryptoECCSec library version 1.0.0 and Boot code v1.0. 1.2. TOE overview 1.2.1. TOE The TOE is a secure element with 3 crypto libraries suitable for instance to support embedded SE, embedded SIM applications, etc. The TOE consists of hardware and IC dedicated software. The hardware is based on a 32-bit secure CPU with ROM (Non-Volatile Read-Only Memory), NVM (Non-volatile Programmable Memory) and RAM (Volatile Memory). The hardware of the TOE also incorporates communication peripherals and cryptographic coprocessors for execution and acceleration of symmetric and asymmetric cryptographic algorithms. The IC dedicated software consists of boot code and 3 libraries of cryptographic services. The TOE supports the following communication interfaces:  ISO/IEC 7816 contact interface.  Single-wire protocol (SWP) interface  SPI interface  I2C interface The TOE has been designed to provide a platform for Security IC Embedded Software which ensures that the critical user data of the Composite TOE are stored and processed in a secure way. To this end the TOE has the following security features:  Hardware coprocessor for TDES and AES,  True Random Number Generator, Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:6 of 33 Tongxin Microelectronics Co., Ltd.  Hardware for RSA-CRT and ECC support,  Protection against power analysis,  Protection against physical attacks,  Protection against perturbation attacks,  Software library with cryptographic services for TDES/AES, RSA-CRT/ECC and TRNG. 1.2.2. Non-TOE The TOE is delivered to a composite product manufacturer. The security IC embedded software is developed by the composite product manufacturer. The security IC embedded software is not part of the TOE. The Deterministic Random Number Generator hardware component is used internally by the TOE. However, the service provided to the user is not under the scope of the evaluation. 1.3. TOE description This section presents the physical and logical scope of the TOE. 1.3.1. Physical architecture The main functional blocks of the TOE hardware are depicted below. ROM Sensors 32-bit secure CPU AHBMMU RAM Interfaces/IO Clock Circuitry Reset Circuitry NVM TRNG BCE System control circuitry Security Circuitry Power Management Unit PKE Test circuitry Timers Figure 1 The block diagram of the TOE hardware The hardware of the TOE has the following components:  32-bit secure CPU  NVM  ROM  RAM  AHBMMU Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:7 of 33 Tongxin Microelectronics Co., Ltd.  Interfaces I/O o SWP interface o ISO/IEC 7816 contact interface o SPI interface o I2C interface  True Random Number Generator  Block Cryptography Engine for TDES supporting  Block Cryptography Engine for AES supporting  Public-Key Engine for RSA-CRT supporting  Public-Key Engine for ECC supporting  System control circuitry  Test circuitry  Timers  Security Circuitry  Sensors o Voltage sensor o Glitch sensor o Frequency sensor o Temperature sensor o Light sensor  Power Management Circuitry  Clock circuitry  Reset circuitry The AHBMMU is a bus component which also provides user controllable bus masking. 1.3.2. Logical Scope The TOE distinguishes three modes: 1. Boot mode 2. Test mode 3. Normal mode Boot mode is the initial mode after the chip is powered up. This mode is not available to the Security IC embedded software. It can either switch to test mode under the purpose of testing or initialization, or switch to normal mode. Test mode is also not available for the Security IC embedded software. It is utilized to perform the TOE testing before the TOE is delivered to the end user. Test mode is strictly protected by a combination of hardware and software security features. Normal mode is utilized for the end user, Security IC embedded software can be executed under this mode. Normal mode cannot switch back to boot mode and test mode. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:8 of 33 Tongxin Microelectronics Co., Ltd. The TOE provides ROM for executing the boot code and Crypto Library code, NVM for Crypto SU library code and CryptoECCSec library code, the other code and data access, and RAM for the temporary data access. The Memory management unit is performed by the AHBMMU, and it also performs the access control of boot mode, test mode and normal mode. There are four communication interfaces available, including SWP interface, ISO/IEC 7816 contact interface, SPI interface, I2C interface. The TOE provides the system control functions to handle the reset, clock, interrupt signals, etc. The TOE provides the test circuitry to perform the TOE testing under the test mode. The TOE provides the timers for the security IC embedded software to abort irregular executions of the program. The TOE provides power management functionality under boot mode, test mode, and normal mode, also contact and contactless interfaces. The TOE provides strong security functionalities against malfunction, including the environmental sensors to monitor if environmental conditions are within the specified range, the abnormality check of TRNG to verify the quality of the generated random data, also the integrity to monitor if the data is manipulated. The TOE provides strong security functionalities against leakage, including memory encryption, bus masking and random OSC clock jitter which configures the oscillator frequency to a random value for each cycle. The TOE provides strong security functionalities against physical manipulation and probing, including the dedicated shielding techniques, data integrity checks for verifying the integrity of the data, also the memory and bus encryption. The TOE provides strong security functionalities against abuse of functionality and identification by the means of test access control mechanism. It is implemented by a combination with hardware fuse and software access control mechanism. The TOE provides a true random number generator, which is accessible by the crypto library. The true random number generator is composed of entropy sources, self-test circuit and post- processing circuit. The self-test circuit includes the total failure test and online test. The total failure test is performed on the entropy source. The on line testing is performed on the raw random number sequence, aiming to prevent malfunctioning. The true random number also fulfils the AIS20/31 PTG.2 level. The TOE provides the following cryptographic services to the Security IC embedded software:  TDES  AES Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:9 of 33 Tongxin Microelectronics Co., Ltd.  RSA-CRT  ECC The TOE implements Triple-DES algorithm by means of a hardware co-processor and a software crypto library. It supports the Triple-DES algorithm with three 56 bit keys for 3-key Triple DES supporting ECB mode. The keys for the TDES algorithms shall be provided by the security IC embedded software. The TOE implements AES algorithm by means of a hardware co-processor and a software crypto library. It supports AES algorithm with key size of 128, 192 and 256 in ECB mode. The keys for the AES algorithm shall be provided by the security IC embedded software. The TOE provides RSA-CRT algorithm according to the paper [10] to meet the security requirement FCS_COP.1[RSA-CRT]. The TSF implements the RSA-CRT algorithm with the cryptographic key size from 1900 bits to 4096 bits. The RSA-CRT algorithm is accessed by the crypto library. The TOE provides ECC algorithm according to the paper [14] to meet the security requirement FCS_COP.1[ECC]. The TSF implements the ECC algorithm with the cryptographic key sizes 224, 256, 320, 384, 512 and 521 bits. The ECC algorithm is accessed by the crypto library. 1.3.3. TOE components The TOE consists of the following components that are delivered to the composite product manufacturer: Table 2 List of TOE components Type Name Version Package Format Delivery method Hash value Hardware THD89 1.0.3 1.0.3 Module Module Courier delivery See chapter 9 Software Crypto Library 2.1.0 Software library in ROM Binary Masked in ROM See chapter 9 Crypto SU library 2.2.0 Software library in NVM Binary Pre-Install in NVM See chapter 9 CryptoECCSec library 1.0.0 Software library in NVM Binary Pre-Install in NVM See chapter 9 Boot code 1.0 Boot in ROM Binary Masked in ROM See chapter 9 Header file 0.1 cryptolib.h .h Encrypted e-mail See chapter 9 Document Operational guidance[6] 0.8 Document .pdf Encrypted e-mail See chapter 9 Preparatory guidance[7] 1.2 Document .pdf Encrypted e-mail See chapter 9 Security guidelines[11] 2.0 Document .pdf Encrypted e-mail See chapter 9 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:10 of 33 Tongxin Microelectronics Co., Ltd. Cryptographic API[12] 0.8 Document .pdf Encrypted e-mail See chapter 9 1.4. Life cycle and delivery The end-consumer environment of the TOE is phase 7 of the Security IC product life-cycle as defined in the PP [1]. In this phase the TOE is in usage by the end-consumer. Its method of use now depends on the Security IC Embedded Software. Examples of use cases are eSIM or eSE. The scope of the assurance components referring to the TOE’s life cycle is limited to phases 2, 3 and 4. These phases are under the control of the TOE manufacturer. At the end of phase 4 the TOE components described in 1.3.3 are delivered to the Composite Manufacturer. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:11 of 33 Tongxin Microelectronics Co., Ltd. 2. Conformance claim This chapter presents conformance claim and the conformance claim rationale. 2.1. CC Conformance This Security Target and the TOE claim to be conformant to the Common Criteria version 3.1: • Part 1 revision 5 [2]. • Part 2 revision 5 [3] • Part 3 revision 5 [4] For the evaluation will be used the methodology in Common Criteria Evaluation Methodology version 3.1 CEM revision 5 [5] This Security Target and the TOE claim to be CC Part 2 extended and CC Part 3 conformant. 2.2. PP Claim This Security Target claims strict conformance to the Security IC Platform Protection Profile with augmentation packages [1]. The TOE also provides additional functionality, which is not covered in the Security IC Platform Protection Profile with augmentation packages [1]. 2.3. Package claim This Security Target claims conformance to the assurance package EAL5 augmented with AVA_VAN.5 and ALC_DVS.2. This assurance level is in line with the Security IC Platform Protection Profile [1]. 2.4. Conformance claim rationale The TOE is a Security IC equivalent to the TOE type defined in [1] as it is composed by:  Processing unit (32-bit secure CPU)  Security components (e.g. sensors)  I/O ports (ISO 7816, SWP, SPI and I2C interfaces)  Volatile memory (e.g. RAM)  Non-Volatile memory (e.g. NVM)  Dedicated software (Crypto library) The TOE provides additionally cryptographic functionalities which are not part of the claimed Security IC Platform Protection Profile [1]:  Organisational Security Policy P.Crypto-Service is defined to require TDES, AES, ECC and RSA-CRT cryptographic functions.  Security Objectives O.TDES, O.AES, O.ECC and O.RSA are included in the ST to meet P.Crypto-Service. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:12 of 33 Tongxin Microelectronics Co., Ltd.  Security Functional Requirements FCS_COP.1[TDES], FCS_COP.1[AES], FCS_COP.1[ECC] and FCS_COP.1[RSA-CRT] are included in the ST to meet O.TDES, O.AES, O.ECC and O.RSA. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:13 of 33 Tongxin Microelectronics Co., Ltd. 3. Security problem definition This chapter presents the threats, organisational security policies and assumptions for the TOE. The Assets, Assumptions, Threats and Organisational Security Policies are completely taken from the Security IC Platform Protection Profile [1]. 3.1. Description of Assets Since this Security Target claims conformance to the Security IC Platform Protection Profile [1], the assets defined in section 3.1 of the Protection Profile are applied. 3.2. Threats This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The Threats that apply to this Security Target are defined in section 3.2 of the Protection Profile. The following table lists the threats of the Protection Profile. Table 3 Threats defined in the Protection Profile Threat Title T.Leak-Inherent Inherent Information Leakage T.Phys-Probing Physical Probing T.Malfunction Malfunction due to Environmental Stress T.Phys- Manipulation Physical Manipulation T.Leak-Forced Forced Information Leakage T.Abuse-Func Abuse of Functionality T.RND Deficiency of Random Numbers 3.3. Organisational security policies This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The Organisational Security Policies that apply to this Security Target are defined in section 3.3 of the Protection Profile, they are: P.Process-TOE Identification during TOE Development and Production The following Organisational Security is the additional Organisational security policy defined by the TOE : P.Crypto-Service Cryptographic services of the TOE The TOE provides secure hardware based cryptographic services for the IC Embedded Software. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:14 of 33 Tongxin Microelectronics Co., Ltd. 3.4. Assumptions This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The assumptions claimed in this Security Target defined in section 3.4 of the Protection Profile. They are specified below. Table 4 Assumptions defined in the Protection Profile Assumption Title A.Process-Sec-IC Protection during Packaging, Finishing and Personalisation A.Resp-Appl Treatment of User Data of the Composite TOE Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:15 of 33 Tongxin Microelectronics Co., Ltd. 4. Security objectives This chapter provides the statement of security objectives and the security objective rationale. For this chapter the Security IC Platform Protection Profile [1] can be applied completely. Only a short overview is given in the following. 4.1. Security objectives for the TOE All objectives described in the section 4.1 of the Security IC Platform Protection Profile [1] are claimed for the TOE, these are: Table 5 Security objectives for the TOE defined in the Protection Profile Security Objective Title O.Phys- Manipulation Protection against Physical Manipulation O.Phys-Probing Protection against Physical Probing O.Malfunction Protection against Malfunctions O.Leak-Inherent Protection against Inherent Information Leakage O.Leak-Forced Protection against Forced Information Leakage O.Abuse-Func Protection against Abuse of Functionality O.Identification TOE Identification O.RND Random Numbers In addition the TOE defines the following objectives: O.TDES TDES functionality The TOE shall provide secure cryptographic services implementing the TDES cryptographic algorithm for encryption and decryption. O.AES AES functionality The TOE shall provide secure cryptographic services implementing the AES cryptographic algorithm for encryption and decryption. O.RSA RSA functionality The TOE shall provide secure cryptographic services implementing the RSA- CRT cryptographic algorithm for decryption. O.ECC ECC functionality The TOE shall provide secure cryptographic services implementing the ECC cryptographic algorithm. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:16 of 33 Tongxin Microelectronics Co., Ltd. 4.2. Security objectives for the security IC embedded software The security IC Embedded Software defines the operational use of the TOE. This section describes the security objective for the Security IC Embedded Software, which is taken from section 4.2 of the Security IC Platform Protection Profile [1]. Table 6 Security Objectives for the security IC embedded software environment defined in the Protection Profile Security Objective Title OE.Resp-Appl Treatment of User Data of the composite TOE 4.3. Security objectives for the operational environment This section describes the security objective for the operational environment, which is taken from section 4.3 of the Security IC Platform Protection Profile [1]. Table 7 Security Objectives for the operational environment defined in the Protection Profile Security Objective Title OE.Process-Sec-IC Protection during composite product manufacturing 4.4. Security objectives rationale Section 4.4 in the Protection Profile provides a rationale how the assumptions, threats and organisational security policies are addressed by the objectives. The table below shows this relationship. Table 8 Addressing of assumptions, threats and organisational security policies to objectives Assumption, Threat or Organisational Security Policy Security Objective A.Resp-Appl OE.Resp-Appl P.Process-TOE O.Identification A.Process-Sec-IC OE.Process-Sec-IC T.Leak-Inherent O.Leak-Inherent T.Phys-Probing O.Phys-Probing T.Malfunction O.Malfunction T.Phys-Manipulation O.Phys-Manipulation T.Leak-Forced O.Leak-Forced T.Abuse-Func O.Abuse-Func T.RND O.RND For the justification of the above mapping please refer to the Protection Profile. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:17 of 33 Tongxin Microelectronics Co., Ltd. The table below shows how the additional organisational security policies are addressed by objectives for the TOE. Table 9 Addressing of assumptions, threats and organisational security policies to additional objectives Assumption, Threat or Organisational Security Policy Security Objective P.Crypto-Service O.TDES O.AES O.RSA O.ECC The objective O.TDES, O.AES, O.RSA and O.ECC implements specific crypto services as required by P.Crypto-Service. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:18 of 33 Tongxin Microelectronics Co., Ltd. 5. Extended Components Definitions This Security Target uses the extended security functional requirements defined in chapter 5 of the Security IC Platform Protection Profile [1]. This Security Target does not define extended components in addition to the Protection Profile. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:19 of 33 Tongxin Microelectronics Co., Ltd. 6. Security requirements This chapter presents the statement of security requirements for the TOE and the security requirements rationale. This chapter applies the Security IC Platform Protection Profile [1]. 6.1. Definitions In the next sections the following notation is used:  The iteration operation is used when a component is claimed with varying operations, it is denoted by adding “[XXX]” to the component name.  Refinement, selection or assignment operations are used to add details or assign specific values to components, they are indicated by italic text and explained in footnotes. 6.2. Security Functional Requirements (SFR) To support a better understanding of the combination Security IC Platform Protection Profile vs. Security Target, the TOE Security Functional Requirements are presented in the following several different sections. 6.2.1. SFRs derived from the Security IC Platform Protection Profile The table below lists the Security Functional Requirements that are directly taken from the Security IC Platform Protection Profile. Table 10 List of Security Functional Requirements on the security IC platform Protection Profile Security functional requirement Title FRU_FLT.2 “Limited fault tolerance“ FPT_FLS.1 “Failure with preservation of secure state” FMT_LIM.1 “Limited capabilities” FMT_LIM.2 “Limited availability” FAU_SAS.1 “Audit storage” FPT_PHP.3 “Resistance to physical attack” FDP_ITT.1 “Basic internal transfer protection” FDP_IFC.1 “Subset information flow control” FPT_ITT.1 “Basic internal TSF data transfer protection” FDP_SDC.1 “Stored data confidentiality” FDP_SDI.2 “Stored data integrity monitoring and action” FCS_RNG.1[PTG.2] “Quality metric for random numbers” The SFRs FRU_FLT.2, FMT_LIM.1, FMT_LIM.2, FDP_ITT.1, FDP_IFC.1 and FPT_ITT.1 are copied directly from the IC Platform Protection Profile. All the assignments, refinements and selections operations are taken as defined in the protection profile. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:20 of 33 Tongxin Microelectronics Co., Ltd. The FAU_SAS.1, FDP_SDC.1, FDP_SDI.2 and FCS_RNG.1[PTG.2] are taken from the IC Platform Protection Profile. The open assignments and selection operations are instantiated in the following way:  In FAU_SAS.1 the left open assignment is the type of persistent memory;  In FDP_SDC.1 the left open assignment is the memory area;  In FDP_SDI.2 the left open assignments are the user data attributes and the action to be taken;  In the FCS_RNG.1[PTG.2] the left open definition is the quality metric for the random numbers. The following statements define these completed SFRs. FAU_SAS.1 Audit storage Hierarchical to: No other components. FAU_SAS.1.1 The TSF shall provide the test process before TOE Delivery1 with the capability to store the Initialisation Data 2 in the OTP (One Time Programmable)3 . Dependencies: No dependencies. FDP_SDC.1 Stored data confidentiality Hierarchical to: No other components. FDP_SDC.1.1 The TSF shall ensure the confidentiality of the information of the user data while it is stored in the NVM, ROM and RAM4 . Dependencies: No dependencies. FDP_SDI.2 Stored data integrity monitoring and action Hierarchical to: FDP_SDI.1 Stored data integrity monitoring FDP_SDI.2.1 The TSF shall monitor user data stored in containers controlled by the TSF for integrity errors5 on all objects, based on the following attributes: redundancy bits6 . FDP_SDI.2.2 Upon detection of a data integrity error, the TSF shall reset7 . Dependencies: No dependencies. FCS_RNG.1 [PTG.2] Random number generation Hierarchical to: No other components. FCS_RNG.1.1[PTG.2] The TSF shall provide a physical8 random number generator that 1 [assignment: list of subjects] 2 [assignment: list of audit information] 3 [assignment: type of persistent memory] 4 [assignment: memory area] 5 [assignment: integrity errors] 6 [assignment: user data attributes] 7 [assignment: action to be taken] 8 [selection: physical, non-physical true, deterministic, hybrid physical, hybrid deterministic] Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:21 of 33 Tongxin Microelectronics Co., Ltd. Implements:  A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output.  If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source.  The online test shall detect non-tolerable statistical defects of the raw random number sequence (i) immediately when the RNG has started. And (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test has finished successfully or when a defect has been detected.  The online test procedure shall be effective to detect non-tolerable weakness of the random numbers soon.  The online test procedure checks the quality of the raw random number sequence. It is triggered applied upon specified internal events. The online test is suitable for detecting non-tolerable statistical defects of the statistical properties of the raw random numbers within an acceptable period of time.9 FCS_RNG.1.2[PTG.2] The TSF shall provide 32 bit random number words10 that meet:  Test procedure A and no other test suites does not distinguish the internal random numbers from output sequences of an ideal RNG.  The average Shannon entropy per internal random bit exceeds 0.997.11 Dependencies: No dependencies. FPT_FLS.1 Failure with preservation of secure state Hierarchical to: No other components. Dependencies: No dependencies. FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of failures occur: exposure to operating conditions which may not be tolerated according to the requirement Limited fault tolerance (FRU_FLT.2) and where therefore a malfunction could occur12 . Refinement: The term “failure” above also covers “circumstances”. The TOE prevents failures for the “circumstances” defined above. Application note: The occurred failures will cause the alarm signals to be triggered, which will result in a reset (secure state). 9 [assignment: list of security capabilities] 10 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] 11 [assignment: a defined quality metric] 12 [assignment: list of types of failures in the TSF] Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:22 of 33 Tongxin Microelectronics Co., Ltd. FPT_PHP.3 Resistance to physical attack Hierarchical to: No other components. Dependencies: No dependencies. FPT_PHP.3.1 The TSF shall resist physical manipulation and physical probing13 to the TSF14 by responding automatically such that the SFRs are always enforced. Refinement: The TSF will implement appropriate mechanism to continuously counter physical manipulation and physical probing. Due to the nature of these attacks (especially manipulation) the TSF can by no means detect attacks on all of its elements. Therefore, permanent protection against these attack is required ensuring that security functional requirements are enforced. Hence, “automatic response” means here (i) assuming that there might be an attack at any time and (ii) countermeasures are provided at any time. Application note: If a physical manipulation or physical probing attack is detected, an alarm will be automatically triggered by the hardware, which will cause the chip to be reset. 6.2.2. SFRs regarding cryptographic functionality FCS_COP.1 [TDES] Cryptographic operation – TDES Hierarchical to: No other components. FCS_COP.1.1 [TDES] The TSF shall perform encryption and decryption15 in accordance with a specified cryptographic algorithm TDES in ECB mode16 and cryptographic key sizes of 112/168 bit17 that meet the following: NIST SP800-67[8] and NIST SP800-38A18 [9]. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction Application note: The security IC embedded software shall note that encryption and decryption TDES algorithm is legacy in agreed by SOG-IS ACM [18]. The current expiration date of TDES algorithm in [18] is until 31st December 2024 for 112 bits key size and until at least 2027 for 168 bits key size. And the ECB mode is not listed as a recommended symmetric encryption/decryption mode in [18]. It is in the scope for compatibility with composite that requires use of TDES ECB mode (i.e. payment applications). FCS_COP.1 [AES] Cryptographic operation – AES 13 [assignment: physical tampering scenarios] 14 [assignment: list of TSF devices/elements] 15 [assignment: list of cryptographic operations] 16 [assignment: cryptographic algorithm] 17 [assignment: cryptographic key sizes] 18 [assignment: list of standards] Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:23 of 33 Tongxin Microelectronics Co., Ltd. Hierarchical to: No other components. FCS_COP.1.1 [AES] The TSF shall perform encryption and decryption19 in accordance with a specified cryptographic algorithm AES in ECB mode 20 and cryptographic key sizes of 128/192/256 bit21 that meet the following: AES standard22 [13]. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction Application note: The ECB mode is not listed as a recommended symmetric encryption/decryption mode in [18]. It is in the scope for compatibility with composite that requires use of AES ECB mode (i.e. payment applications). FCS_COP.1 [RSA-CRT] Cryptographic operation – RSA-CRT Hierarchical to: No other components. FCS_COP.1.1[RSA-CRT] The TSF shall perform decryption23 in accordance with a specified cryptographic algorithm RSA-CRT24 and cryptographic key sizes modulus N size of 1900 bits to 4096 bits25 that meet the following: RSA standard [10]26 . Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction Application note: Decryption RSA-CRT algorithm with key sizes <3000 bits is in the scope for compatibility with composite that require use of RSA-CRT (i.e. payment applications). However, key lengths >= 3000 bits is the recommended. For RSA-CRT with keys between 1900-bits and 2999- bits, the current expiration date in [18] is until 31st December 2025. FCS_COP.1 [ECC] Cryptographic operation – ECC Hierarchical to: No other components. FCS_COP.1.1[ECC] The TSF shall perform signature, verification, point multiplication and key pair generation27 in accordance with a specified cryptographic algorithm ECC over GF(p) 28 and cryptographic key sizes 224, 256, 19 [assignment: list of cryptographic operations] 20 [assignment: cryptographic algorithm] 21 [assignment: cryptographic key sizes] 22 [assignment: list of standards] 23 [assignment: list of cryptographic operations] 24 [assignment: cryptographic algorithm] 25 [assignment: cryptographic key sizes] 26 [assignment: list of standards] 27 [assignment: list of cryptographic operations] 28 [assignment: cryptographic algorithm] Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:24 of 33 Tongxin Microelectronics Co., Ltd. 320, 384, 512 and 521 bits29 that meet the following: ECC standards [14], RFC 5639[15], ANSI X9.62-2005[16]30 . Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction Application note: The security functionality is resistant against side channel analysis and other attacks described in [JIL-ATT-SC][17]. The certification covers the standard curves , ansix9p224r1, ansix9p256r1, ansix9p384r1 and ansix9p521r1 from ANSI X9.62-2005, brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1 and brainpoolP512r1 curves from RFC 5639. This SFR depends on the availability of the THD89 1.0.3 CryptoLibrary. The curves ansix9p224r1, brainpoolP224r1 and brainpoolP320r1 are not recommended in [18]. They are in the scope for compatibility with composite that requires use of ansix9p224r1, brainpoolP224r1 and brainpoolP320r1(i.e. payment applications). 6.3. Security Assurance Requirements (SAR) This Security Target will be evaluated according to Security Target evaluation (Class ASE) The Security Assurance Requirements for the evaluation of the TOE are the components in Assurance Evaluation level EAL5 augmented by the components ALC_DVS.2 and AVA_VAN.5. Refer to CC Part3[4] for the details of these assurance requirements. Table 11 TOE assurance requirements Security assurance requirements Titles Class ADV: Development ADV_ARC.1 Architectural design ADV_FSP.5 Functional specification ADV_IMP.1 Implementation representation ADV_INT.2 TSF internals ADV_TDS.4 TOE design Class AGD: Guidance documents AGD_OPE.1 Operational user guidance AGD_PRE.1 Preparative user guidance Class ALC: Life-cycle support ALC_CMC.4 CM capabilities ALC_CMS.5 CM scope ALC_DEL.1 Delivery 29 [assignment: cryptographic key sizes] 30 [assignment: list of standards] Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:25 of 33 Tongxin Microelectronics Co., Ltd. ALC_DVS.2 Development security ALC_LCD.1 Life-cycle definition ALC_TAT.2 Tools and techniques Class ASE: Security Target evaluation ASE_CCL.1 Conformance claims ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_OBJ.2 Security objectives ASE_REQ.2 Derived security requirements ASE_SPD.1 Security problem definition ASE_TSS.1 TOE summary specification Class ATE: Tests ATE_COV.2 Coverage ATE_DPT.3 Depth ATE_FUN.1 Functional testing ATE_IND.2 Independent testing Class AVA: Vulnerability analysis AVA_VAN.5 Vulnerability analysis 6.4. Security requirements rationale 6.4.1. Security Functional Requirements (SFR) The table below provides an overview of how the security functional requirements are combined to meet the security objectives. Table 12 Mapping of security functional requirements to security objectives Security Objectives for the TOE Security Functional Requirements Fulfilment of mapping O.Leak-Inherent FDP_ITT.1 FDP_IFC.1 FPT_ITT.1 See PP O.Phys-Probing FDP_SDC.1 FPT_PHP.3 See PP O.Malfunction FRU_FLT.2 FPT_FLS.1 See PP O.Phys- Manipulation FDP_SDI.2 FPT_PHP.3 See PP O.Leak-Forced FDP_ITT.1 FDP_IFC.1 FPT_ITT.1 FRU_FLT.2 FPT_FLS.1 FPT_PHP.3 See PP O.Abuse-Func FMT_LIM.1 See PP Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:26 of 33 Tongxin Microelectronics Co., Ltd. FMT_LIM.2 FDP_ITT.1 FPT_ITT.1 FDP_IFC.1 FPT_PHP.3 FRU_FLT.2 FPT_FLS.1 O.Identification FAU_SAS.1 See PP O.RND FCS_RNG.1[PTG. 2] FDP_ITT.1 FPT_ITT.1 FDP_IFC.1 FPT_PHP.3 FRU_FLT.2 FPT_FLS.1 See PP O.TDES FCS_COP.1 [TDES] O.TDES requires the TOE to support TDES encryption and decryption with its specified key lengths. The claim for FCS_COP.1 [TDES] is suitable to meet the objective O.TDES. O.AES FCS_COP.1 [AES] O.AES requires the TOE to support AES encryption and decryption with its specified key lengths. The claim for FCS_COP.1 [AES] is suitable to meet the objective O.AES. O.RSA FCS_COP.1 [RSA- CRT] O.RSA requires the TOE to support RSA- CRT decryption with its specified key lengths. The claim for FCS_COP.1 [RSA- CRT] is suitable to meet the objective O. RSA. O.ECC FCS_COP.1 [ECC] O.ECC requires the TOE to support ECC signature, verification, point multiplication and key pair generation with its specified key lengths. The claim for FCS_COP.1 [ECC] is suitable to meet the objective O. ECC. 6.4.2. Dependencies of the SFRs The dependencies for the SFRs claimed according to the Protection Profile are all satisfied in the set of SFRs claimed in the Protection Profile. In the following table the dependencies of the SFRs claimed in addition to Protection Profile is indicated. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:27 of 33 Tongxin Microelectronics Co., Ltd. Table 13 Dependencies of SFRs in addition to PP Security functional requirement Dependencies Fulfilled by security requirements in this Security Target FCS_COP.1[TDES] FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1, FCS_CKM.4 See explanation below this table FCS_COP.1[AES] FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1, FCS_CKM.4 See explanation below this table FCS_COP.1[RSA- CRT] FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1, FCS_CKM.4 See explanation below this table FCS_COP.1[ECC] FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1, FCS_CKM.4 See explanation below this table The developer of the Security IC Embedded Software must ensure that the implemented additional security functional requirements FCS_COP.1[TDES], FCS_COP.1[AES], FCS_COP.1[RSA-CRT], FCS_COP.1[ECC] and FCS_RNG.1[PTG.2] are used as specified and that the User Data processed by the related security functionality is protected as defined for the application context. The dependent requirements for FCS_COP.1[TDES] , FCS_COP.1[AES], FCS_COP.1[RSA- CRT] and FCS_COP.1[ECC] address the appropriate management of cryptographic keys used by the specified cryptographic function. All requirements concerning these management functions shall be fulfilled by the environment (Security IC Embedded Software). The functional requirements [FDP_ITC.1, or FDP_ITC.2 or FCS_CKM.1] and FCS_CKM.4 are not included in this Security Target since the TOE only provides a pure engine for encryption and decryption without additional features for the handling of cryptographic keys. Therefore the Security IC Embedded Software must fulfil these requirements related to the needs of the realised application. 6.4.3. Security Assurance Requirements (SAR) The chosen assurance package EAL5 is augmented with AVA_VAN.5 and ALC_DVS.2. This assurance level is chosen in order to meet assurance expectations of financial applications. Moreover, the conformity with Security IC Platform Protection Profile [1] is satisfied given that the PP requires at least EAL4. The TOE intends to be used in scenario with high security requirements. Therefore, it should provide adequate level of defence against sophisticated attacks. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:28 of 33 Tongxin Microelectronics Co., Ltd. This assurance level is chosen because the product is designed to give maximum security assurance from application of security engineering techniques based on good commercial practices in order to produce a premium TOE for protecting against significant risks. EAL5 is chosen to ensure by semiformal methods that the TOE has been well designed and to improve mechanism and procedure that provide confidence that the TOE will not be tampered with during development. AVA_VAN.5 augmentation is chosen because vulnerability analysis deals with the threats that an attacker will be able to discover flaws that will allow unauthorized access to data and functionality. The high level of security assurance of TOE is very essential especially in financial applications. AVA_VAN.5 gives the security assurance assuming an attack potential of High. ALC_DVS.2 augmentation is chosen because the Life-cycle support is an aspect of establishing discipline and control in the processes of refinement of the TOE during its development and maintenance. The security measures deployed to remove or reduce the threats that existing at the developer’s site are critical to ensure the confidentiality and maintenance of the TOE. ALC_DVS.2 gives a sufficient security measures in the developer’s site. 7. TOE summary specification This chapter provides general information to potential users of the TOE on how the TOE implements the Security Functional Requirements in terms of “Security Functionality”. 7.1. Malfunction Malfunctioning relates to the security functional requirements FRU_FLT.2 and FPT_FLS.1. The TOE meets these SFRs by a group of security measures that guarantee correct operation of the TOE. The TOE ensures its correct operation and prevents any malfunction while the security IC embedded software is executed by implementation of the following security features: • Environmental sensors 7.2. Leakage Leakages relates to the security functional requirements FDP_ITT.1, FDP_IFC.1 and FPT_ITT.1. The TOE meets these SFRs by implementing several measures that provide logical protection against leakage: • Bus masking • Random OSC clock jitter Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:29 of 33 Tongxin Microelectronics Co., Ltd. 7.3. Physical manipulation and probing Physical manipulation and probing relates to the security functional requirements FPT_PHP.3, FDP_SDC.1 and FDP_SDI.2. The TOE meets this SFR by implementing security measures that provides physical protection against physical probing and manipulation. The security measures protect the TOE against manipulation of (i) The hardware. (ii) The security IC embedded software in the ROM (iii) The application data in the NVM including the configuration data. It also protects User Data or TSF data against disclosure by physical probing when stored or while being processed by the TOE. The protection of the TOE comprises different features within the design and construction, which make reverse-engineering and tamper attacks more difficult. These features comprise of • Active shielding • Data integrity checking • Memory encryption 7.4. Abuse of functionality and Identification Abuse of functionality and Identification relates to the security functional requirements FMT_LIM.1, FMT_LIM.2, FAU_SAS.1 by implementation of a test mode access control mechanism that prevents abuse of test functionality delivered as part of the TOE. 7.5. Random numbers Random numbers relate to the security requirement FCS_RNG.1[PTG.2]. The TOE meets this SFR by providing a random number generator. 7.6. Cryptographic functionality The TOE provides the single and Triple-DES algorithm according to the NIST SP800-67[8], NIST SP800-38A [9] Standard to meet the security requirement FCS_COP.1[TDES]. The TOE provides the AES algorithm according to the paper [13] Standard to meet the security requirement FCS_COP.1[AES]. The TOE provides the RSA-CRT algorithm according to the paper [10] to meet the security requirement FCS_COP.1[RSA-CRT]. The TSF implement the RSA-CRT algorithm with the cryptographic key sizes is 1900 bits to 4096 bits. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:30 of 33 Tongxin Microelectronics Co., Ltd. The TOE provides the ECC algorithm according to the paper [14] to meet the security requirement FCS_COP.1[ECC]. The TSF implement the ECC algorithm with the cryptographic key sizes 224, 256, 320, 384, 512 and 521 bits. Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:31 of 33 Tongxin Microelectronics Co., Ltd. 8. References Ref Title Version Date [1] Security IC Platform Protection Profile, BSI-CC- PP-0084-2014 Version 1.0 13.01.2014 [2] Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model CCMB-2012-09-001 Version 3.1 Revision 5 April 2017 [3] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements CCMB-2012-09-002 Version 3.1 Revision 5 April 2017 [4] Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements CCMB-2012-09-003 Version 3.1 Revision 5 April 2017 [5] Common Methodology for Information Technology Security Evaluation (CEM), Evaluation Methodology CCMB-2012-09-004 Version 3.1 Revision 5 April 2017 [6] AGD_OPE OG EAL5+ for TMC THD89 1.0.3 Version 0.8 Mar. 2023 [7] AGD_PRE EAL5+ for TMC THD89 1.0.3 Version 1.2 Apr. 2023 [8] NIST SP 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, revised November 2017, National Institute of Standards and Technology Revision 2 November 2017 [9] NIST SP 800-38A Recommendation for Block Cipher Modes of Operation, 2001, with Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, October 2010 2001 ED October 2010 [10] PKCS #1: RSA Cryptography Standard, RSA Laboratories Version 2.2 2012 [11] AGD_OPE SG EAL5+ for TMC THD89 1.0.3 Version 2.0 Mar. 2023 [12] AGD_OPE API EAL5+ for TMC THD89 1.0.3 Version 0.8 Mar. 2023 [13] FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001 Version 1 November 2001 [14] Technical Guideline TR-03111, Elliptic Curve Cryptography, BSI Version 2.10 01.06.2018 [15] RFC 5639: J. Merkle, ECC Brainpool Standard Curves and Curve Generation, BSI, March 2010. Version 1 2010 [16] ANS X9.62-2005: Public Key Cryptography for the Financial Services Industry: the Elliptic Version 1 Nov 2005 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:32 of 33 Tongxin Microelectronics Co., Ltd. Curve Digital Signature Algorithm (ECDSA), American National Standards Institute (ANSI), 2005 [17] JIL-ATT-SC: Joint Interpretation Library – Attack Methods for Smartcards and Similar Devices, Version 2.2, 2013-01. Part of [AIS26]. Version 2.2 Jan 2013 [18] SOG-IS Crypto Evaluation Scheme Agreed Cryptographic Mechanisms Version 1.2 January 2020 Document:ST for TMC THD89 1.0.3 Version:V 0.1 Confidential level: Public Page:33 of 33 Tongxin Microelectronics Co., Ltd. 9. Appendix This section records the hash values of the guidance documents of THD89 1.0.3: Name Version Hash value(SHA-256) Crypto Library 2.1.0 0d42bffc05da237987fbe2cf7a9257af7bd86dcc5c2748bd915029fc5693622e Crypto SU library 2.2.0 46d1946ca91444c072d705e2a28d622995d7eb77e3750c7095efc594f352c57d CryptoECCSec library 1.0.0 94b0f33b5fd0f8279d2e0585ef5106da92803d5b56406efe1033fe51e78f9587 Boot code 1.0 11f0ac2e020e86fd64cbe7eea3175595b8f7763b85bab189c06ebde632e68946 Header file 0.1 a22336ef7966134ed3fa38e134dd4514ac21bf5e57138e536d4f04481301d63c Operational guidance 0.8 a015e9050cac7fd00c61561e6bb32bd5249a2769993836308b9816ea004160d4 Preparatory guidance 1.2 bd9dd024b7d105ab876fe86117f66083d8d90d153e2b4c718bc9e2395fe0fcc2 Security guidelines 2.0 f87d0d22ce3d760818f5b30f97c6f118921f633d042045d59bd606db63c14fb6 Cryptographic API 0.8 812fcefadaa0b007d50be55b7f45fd0171506af0de59b81a2162a1a2cc61c147