Smart Card Open Platform Protection Profile V2.1 Certification Report



Similar documents
EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

Firewall Protection Profile V

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP Version 1.0

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

Common Criteria Evaluation for a Trusted Entrust/PKI

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

BSI-PP for. Smart Card Security User Group Smart Card Protection Profile (SCSUG-SCPP) Version 3.0. developed by

Certification Report

Protection Profile for UK Dual-Interface Authentication Card

CardOS V4.4 CNS. Edition 04/2010. Security Target CardOS V4.4 CNS with Application for QES

Low Assurance Security Target for a Cisco VoIP Telephony System

C038 Certification Report

CERTIFICATION REPORT

Joint Interpretation Library. Guidance for smartcard evaluation

BSI-PP for. Protection Profile Secure Signature-Creation Device Type 1, Version developed by

Certification Report on REDOWL SecuOS V4.0 for RHEL4 of TSonNet Co., Ltd.

Smartcard IC Platform Protection Profile

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

Joint Interpretation Library. Security Evaluation and Certification of Digital Tachographs

Common Criteria for Information Technology Security Evaluation. Part 2: Security functional components. September Version 3.

ΙΒΜ SECURITY TARGET LITE. NXP P521G072V0P (JCOP 21 v2.3.1) Secure Smart Card Controller. Version 1.0

Network Intrusion Prevention System Protection Profile V1.1

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

Computer and Network Security

Security IC Platform Protection Profile

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Protection Profile Secure Signature-Creation Device Type 3

Certification Report

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

Common Criteria for Information Technology Security Evaluation. Part 2: Security functional requirements. August Version 2.

Common Criteria Requirement of Data Leakage Protection System

MIFARE DESFire EV1 MF3ICD81

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Trust Technology Assessment Program. Validation Report

Canon ir6570/ir5570 Series ir Security Kit-B3. Security Target

AppGate Security Server, Version Security Target. Document Version: 2.9 Date:

Firewall Protection Profile

Criteria Requirements of Mobile Payment Application

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

How To Manage Security In A Network Security System (Tsi)

Certification Report

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

McAfee Firewall Enterprise v Security Target

U.S. DoD. Remote Access. Protection Profile. for. High Assurance Environments

COMMON CRITERIA PROTECTION PROFILE. for NEW GENERATION CASH REGISTER FISCAL APPLICATON SOFTWARE (NGCRFAS PP) TSE-CCCS/PP-002

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Mobile Billing System Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Joint Interpretation Library

Security Target for Citrix Presentation Server 4.0 For Windows

Common Criteria for Information Technology Security Evaluation

EMC Corporation Data Domain Operating System Version Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

LINQUS USIM 128K Smartcard

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP Version 1.01 (15 th April 2010)

Certification Report

Certification Report

Certification Report

Check Point Endpoint Security Full Disk Encryption Security Target

Teradata Database Version 2 Release (V2R6.1.0) Security Target

CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target

Secuware Virtual System (SVS)

SenSage, Inc. SenSage Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2

JMCS Northern Light Video Conferencing System Security Target

Certification Report

Security Target. NetIQ Access Manager 4.0. Document Version August 7, Security Target: NetIQ Access Manager 4.0

CERTIFICATION REPORT

Green Hills Software INTEGRITY-178B Separation Kernel Security Target

Security Target. McAfee Enterprise Mobility Management Document Version 1.16

RSA, The Security Division of EMC envision platform v4.0 SP 1. Security Target

LUNA PCI CONFIGURED FOR USE IN LUNA SA 4.1 WITH BACKUP SECURITY TARGET

Security Target Microsoft SQL Server Team

How To Evaluate Watchguard And Fireware V11.5.1

Supporting Document Guidance. ETR template for composite evaluation of Smart Cards and similar devices. September Version 1.

SAMSUNG SDS FIDO Server Solution V1.1 Certification Report

Common Criteria Evaluation Challenges for SELinux. Doc Shankar IBM Linux Technology Center

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN CERTIFICATION REPORT

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Understanding changes to the Trust Services Principles for SOC 2 reporting

LEGIC advant Series. LEGIC card-in-card AFS4096-JP12 V1.2. Security Target Lite. Common Critera ISO EAL4+

Transcription:

KECS-CR-10-36 Smart Card Open Platform Protection Profile V2.1 Certification Report Certificate No. : KECS-PP-0097-2010 June, 2010 National Intelligence Service IT Security Certification Center

This document is the certification report for Smart Card Open Platform Protection Profile V2.1. Certification Body IT Security Certification Center, National I ntelligence Service Evaluation Body Korea Internet & Security A gency

Table of Contents 1. Summary 1 2. I nformation for I dentification 4 3. Security Policies 5 4. A ssumptions and Scope 5 4.1 Assumptions 5 4.2 Scope to Counter Threats 6 5. PP I nformation 7 5.1 Security Functional Requirements 7 5.2 Assurance Packages 7 6. E v aluation R esults 8 7. R ecommendations 9 8. A crony ms 9 9. R eferences 10

1. Summary This report states the outcome of the [ Smart Card Open Platform Protection Profile V2.1 ] ev aluation. This Chapter summarizes the Smart Card Open Platform PP evaluation results and confirms the overall results, i.e. that the PP evaluation has been properly carried out, that Class A PE of CC Part 3 V3.1 R3 and Class APE of CEM V3.1 R3 have been correctly applied. The Smart Card Open Platform PP evaluation was conducted by Korea Internet & Security Ag ency ( KI SA). I t was completed on M ay 2, 2010 and validated by N ational I ntellig ence Serv ice(n I S) in June, 2010. The Evaluation Technical Report (ETR) for Smart Card Open Platform PP was written by KISA and serv ed as the principal basis for this Certification Report( CR). The Smart Card Open Platform PP ev aluation has met all ev aluator activ ities for a PP evaluation in both the APE CC Part 3 V3.1 R3 and CEM V3.1 R3. At the conclusion of the Smart Card Open Platform PP ev aluation all A PE CC and CEM evaluator activ ities were passed. The TOE is the Smart Card operating system, and interface between loaded application prog ram and operating system except for I C chip which is hardw are part of Smart Card and loaded application prog ram. I n g eneral, Smart Card is a dev ice built in with central processing unit (CPU ) and memory that is capable of information processing and storage. Supporting multiple functions, Smart Card mainly consists with the hardware element of IC chip, card operating sy stem for resource and data manag ement, interface between the loaded application prog ram and card operating system, and application prog ram to provide specific functions. I C chip, the hardware part of Smart Card, generally consists with central processing unit (CPU), coprocessor, input/ output port, RA M, R OM and EEPR OM. The Smart Card Operating System is designed for operation with the Smart Card terminal throug h bi- directional serial interface. The tasks include input/output data transmission, instruction execution manag ement, file manag ement, cry ptog raphic function, etc. [ F ig ure 1] shows the env ironment in which Smart Card is actually operated and the scope of the TOE and hierarchy of Smart Card that provides multiple functions. The TOE is an open platform that includes the Smart Card operating sy stem, execution env ironment and the management program, etc. with the - 1 -

exception of I C chip and the loaded application prog ram. The I C chip, the software for the IC chip and the firmware are IT environment in which the TOE is operated. [F ig ure1] TOE Config uration Smart card holder and issuer g enerally execute operations through communication with Smart Card terminal. Issuer executes management operations of loading, deleting and modify ing application by using Smart Card terminal. The holder uses Smart Card functions by using terminal. Here, Smart Card terminal and the operating serv er becomes the I T env ironment for the TOE operation. The TOE can be loaded with the application prog ram. H owever, security requirements for this will not be discussed in this Protection Profile. I n case the Smart Card dev eloped by conforming this Protection Profile includes the application, the dev eloper must describe in the security target specifications that security of the Smart Card operating platform is not damag ed and must include, when applicable, security req uirements for the application prog ram. M aj or assets to be protected by the TOE in this Protection Profile are the data managed in the card. The TOE data are largely divided into 2 types, such as - 2 -

the user data and the TSF data necessary in the TOE operation. Also, documents created in the course of the TOE production are additional assets to be protected as they affect the integ rity and the confidentiality of the TOE. Security Violation Analysis TOE detects security violation events security violation in relation to checksum value of internal data or incidents, such as the resource allocation error or the authentication failure, etc and takes actions such as the card function disablement and memory data deletion, etc Cry ptog raphic F unction TOE executes cryptog raphic key g eneration/ destruction. Also, it ensures that cryptographic-related information cannot be found out by exploiting phy sical state ( chang es of the electrical current, v oltage and the electromag netic, etc) that occurred in cryptog raphic operation. Access Control The TOE provides access control rules to ensure that only the authorized user can access data. I dentification and Authentication TOE ensures that it identifies and authenticates the identity of user and provides action in case of the authentication failure. Security Manag ement TOE manag es security capability, security attribute, TSF data and security role etc. Other TSF Security TOE conducts self-test to v erify the integ rity of TSF data and executable code, provides capability to recov er to secure state when the failure occurred. TOE can req uire additional hardw are, softw are or firmw are for operation. This protection profile was dev eloped to reflect TOE that implemented in various types and required for TOE execution when ST author accept this protection profile, but shall describe all non- TOE hardware, software or firmw are. - 3 -

The CB(Certification Body) has examined the evaluation activities, provided the guidance for the technical problems and evaluation procedures, and reviewed each WPR(Work Package Report), OR(Observation Report) and ETR(Evaluation Technical Report). The CB confirmed that this PP is complete, consistent and technically sound through the evaluation results. Therefore, the CB certified that observation and evaluation results by evaluator are accurate and reasonable. Certification v alidity : Information in this certification report does not guarantee that [ Smart Card Open Platform Protection Profile V2.1 ] is permitted for use within the government of Republic of Korea, or that its qualityis assured. 2. I nformation for I dentification [ Table 1] shows information for the PP identification. [Table 1] Information for the PP Identification Korea evaluation and certification guidelines for IT security (16 Scheme July, 2008) Korea Evaluation and Certification Scheme for IT Security (20 March, 2009) TOE Smart Card Open Platform Protection Profile V2.1 ETR Smart Card Open Platform Protection Profile V2.1 ETR V1.0 (2 May, 2010) Verdict for APE Class : Pass Evaluation Results Conformance claim : Common Criteria V3.1r3 - CC Part 2 Conformant - CC Part 3 Conformant Evaluation Common Criteria for Information Technology Security Evaluation, Version Criteria 3.1r3, CCMB, 2009. 7. Evaluation Common Methodology for Information Technology Security Methodology Evaluation, Version 3.1r3, CCM B, 2009. 7. Sponsor Developer Evaluation Body Certification Body Korea Internet & Security Agency Korea Internet & Security Agency & Sungkyunkwan University IT Security Evaluation Division, Korea Internet & Security Agency National Intelligence Service - 4 -

3. Security Policies The TOE of [ Smart Card Open Platform Protection Profile V2.1 ]shall comply with the following Organizational Security Policies. P. Open_Platform P. Role_Division The TOE must be developed as open platform that can be loaded with a variety of application programs. The role is divided per each responsible person from the stage of the Smart Card manufacturing to the stage of use. The TOE must be manufactured and managed with secure method according to the role. 4. A ssumptions and Scope 4.1 A ssumptions The TOE of [ Smart Card Open Platform Protection Profile V2.1 ] shall be installed and operated with the following assumptions in consideration. A.Trusted_Path A.Application_Program There is trusted path between the TOE and the Smart Card terminal, the communication target of the TOE. When installing the application program in the TOE, the approved procedures must be followed. Also, the legitimately installed the application program does not contain malicious code. The underlying hardware in which the TOE is operated A.Underlying_Hardware provides cryptographic function to support security function and it is physically secure. A. TOE_Management The stage from the TOE manufacturing to use is divided of the roles, such as the manufacturer, the issuer and the holder. Appropriate training is necessary according to the regulations prescribed per each role. Also, repair and replacement due to defect of the TOE or the Smart Card are processed with secure method. - 5 -

A. TSF_Data The TSF data exported to the outside of the TOE, therefore handled in the course of the TOE operation are securely managed. 4.2 Scope to Counter Threats [ Smart Card Open Platform Protection Profile V2.1 ] defines security threats possible to be caused on the protected assets of the TOE by threat ag ents. Threat ag ents are g enerally I T entity or users that illeg ally accesses and abnormally damag e TOE and security targ et system. Threat ag ents hold medium level of professional knowledg e, resources and motiv es. T. Logical_Attack T. Issuance_Misuse T. Illegal_Terminal _Use T. Illegal Program T. Unintentional_Failure T. Continuous_ Authentication_Attempt T. Intentional_Triggering _of_failures T. Residual_Information The threat agent may change or disclose the user data or the TSF data by exploiting logical interface. The threat agents may exploit the TOE in the process issuing the Smart Card that includes the TOE. The threat agent may change and disclose the user data or the TSF data by using unauthorized the Smart Card terminal. The threat agent may change and disclose the user data or the TSF data by illegally installing the application program that includes malicious code in the TOE. The threat agent may exploit disclosure of and damage to the user data and the TSF data caused by suspension of the power supply during the card use or incomplete ending of the TSF service due to impact, etc. The threat agent may access the TOE by continuously attempting authorization. The threat agent may change and disclose the user data or the TSF data by incompletely ending the TSF service with attack using physical stress to the Smart Card. In case the TOE reuses resources, the threat agent may illegally access information as information of the object is not properly removed. T. Information Disclosure The threat agent may exploit the information disclosed from the TOE during normal use of the TOE. - 6 -

5. PP I nformation 5.1 Security F unctional R eq uirements The TOE of [ Smart Card Open Platform Protection Profile V2.1 ] defines security functional requirements as of the following. [ Table 2] Security Functional Req uirements Security Functional Classes Security Functional Components Security Audit FAU_ARP.1 Security Alarms FAU_SAA.1 Potential violation analysis FCS_CKM.1 Cryptographic key generation Cryptographic support FCS_CKM.4 Cryptographic key destruction FCS_COP.1 Cryptographic operation FDP_ACC.2 Complete access control User Data Protection FDP_ACF.1 Security attribute based access control FDP_RIP.1 Subset residual information protection FIA_AFL.1 Authentication failure handling FIA_ATD.1 User attribute definition FIA_SOS.1 Verification of secrets Identification and Authentication FIA_UAU.1 Timing of authentication FIA_UAU.4 Single-use authentication mechanisms FIA_UAU.6 Re-authenticating FIA_UID.1 Timing of identification FMT_MOF.1 Management of security functions behavior FMT_MSA.1 Management of security attributes Security Management FMT_MSA.3 Static attribute initialization FMT_MTD.1 Management of TSF data FMT_MTD.2 Management of limits on TSF data Privacy FPR_UNO.1 Unobservability FPT_FLS.1 Failure with preservation of secure state TSF Protection FPT_RCV.3 Automated recovery without undue loss FPT_RCV.4 Function recovery FPT_TST.1 TSF testing 5.2 A ssurance Pack ag es Assurance requirements of [ Smart Card Open Platform Protection Profile V2.1 ] consist with assurance components in CC Part 3 and evaluation assurance lev el is EAL4+. The augmented assurance components are ATE_DPT.2 and AVA_VAN.4. - 7 -

6. E v aluation R esults The evaluation is performed with reference to the CC V3.1 and CEM V3.1. The verdict of [ Smart Card Open Platform Protection Profile V2.1 ] is the pass as it satisfies all requirements of APE( Protection Profile, Evaluation) Class of CC. Therefore, the ev aluation results were decided to be suitable. Refer to the ETR for more details. The PP introduction of [ Smart Card Open Platform Protection Profile V2.1 ] consistently prov ides information necessary in PP identification. As a result of the evaluation the v erdict PASS is confirmed for the assurance component APE_INT.1 of the class APE. The conformance claim of [ Smart Card Open Platform Protection Profile V2.1 ] properly describes the PP and CC conformed. As a result of the evaluation the verdict PASS is confirmed for the assurace component APE_CCL.1 of the class APE. The security problem definition of [ Smart Card Open Platform Protection Profile V2.1 ] clearly defines the security problems which shall be addressed in the TOE and its operational environment. As a result of the evaluation the v erdict PA SS is confirmed for the assurance component APE_ SPD.1 of the class APE. The security objectives of [ Smart Card Open Platform Protection Profile V2.1 ] adeq uately and completely address the security problem definition and clearly define the division of the problem between the TOE and its operational env ironment. As a result of the ev aluation the v erdict PASS is confirmed for the assurance component APE_ OBJ.2 of the class APE. [ Smart Card Open Platform Protection Profile V2.1 ] doesn' t include the extended components and all work units in this section are not applicable and considered to be satisfied. A s a result of the ev aluation the verdict PASS is confirmed for the assurance component APE_ ECD.1 of the class A PE. The security requirements of [ Smart Card Open Platform Protection Profile V2.1 ] are clear, unambiguous and well defined. As a result of the evaluation the verdict PA SS is confirmed for the assurance component APE_ REQ.2 of the class APE. The ev aluators determine the result of [ Smart Card Open Platform Protection Profile V2.1 ] ev aluation as of the following. [ Smart Card Open Platform Protection Profile V2.1 ] is complete, consistent and technically sound, therefore is suitable to lead to the dev elopment of the ST. The ov erall v erdict PA SS is confirmed for the assurance components of the class APE as show n in [Table 3]. - 8 -

[Table 3] TOE Evaluation Results Assurance class APE Assurance Components Evaluator Requirements Evaluator Requirements Evaluation Results Assurance Components APE_INT.1 APE_INT.1.1E Pass Pass APE_CCL.1 APE_CCL.1.1E Pass Pass APE_SPD.1 APE_SPD.1.1E Pass Pass APE_OBJ.2 APE_OBJ.2.1E Pass Pass APE_ECD.1.1E Pass APE_ECD.1 Pass APE_ECD.1.2E Pass APE_REQ.2 APE_REQ.2.1E Pass Pass Assurance class Pass 7. R ecommendations [ Smart Card Open Platform Protection Profile V2.1 ] includes the minimum security requirements and does not make definition on implementation model of the TOE. In relation to security problems possible to occur according to the TOE implementation model, the developer shall define additional security problems, security objectives and security requirements. 8. A crony ms ( 1) Common abbrev iations CC Common Criteria EAL Evaluation Assurance Level R AM R andom A ccess M emory SF P Security F unction Policy TOE Targ et of Ev aluation TSF TOE Security F unctionality ( 2) Terminolog ies - Smart Card Terminal : Device mounted with Smart Cardreader/ recorder function as well as keypad, display and security module, etc. - Authorized Issuer : Authorized user that securely operates and manages functions according to TOE security policies - Authentication Data : Information used to verify the claimed identity of a user. - 9 -

- EEPROM (Electrically Erasable Programmable Read-Only Memory) : This is nonvolatilememory device that stably remembers memory over a longperiod of time without requiring power. As a modified version of EPROM (Electrically Programmable Read-only Memory), EEPROM can electrically erase and re-record data. Therefore, this can be conveniently used in application that requires to re-record program. Data are recorded and erased by electrically changing the electric charge of elements that consists a chip. As electric reading or recording is possible, reprogramming is possible while loaded inside system. - IC Chip (Integrated Circuit Chip) : As an important semiconductor to process the functions of Smart Card, IC chip is a processing device that includes the four functional units of mask ROM, EEPROM, RAM and I/O port. - RAM (Random Access Memory) : RAM is a storage that maintains operating system application program and the currently used data in order to enable quick access by computer processor. RAM if capable of reading and wri ting faster than any other computer storage devices, such as hard disk,floppy disk and CD-ROM, etc. However, data stored in RAM are maintained only during the computer is in operation. Data in RAM disappear when computer is turned off. When computer is turned on again, operating system or other files in hard disk are loaded in RAM again. - ROM (Read-Only Memory) : As a semiconductor memory device, ROM can read, but cannot change contents. This is compared with RAM, which is capable of both reading and writing. Since contents of data are maintained even when computer is turned off, ROM is generally used to load the basic operating system function or language interpreter in computer. 9. R eferences The CB has used the following documents to produce this certification report. [ 1] Common Criteria for I nformation Technolog y Security Evaluation, Version 3.1r3, CCM B, 2009. 7. [ 2] Common Methodology for I nformation Technology Security Evaluation, Version 3.1r3, CCM B, 2009. 7. [ 3] Korea Ev aluation and Certification Guidelines for I T Security ( 16 J uly, 2008) [ 4] Korea Ev aluation and Certification Scheme for I T Security (20 M arch, 2009) [ 5] Smart Card Open Platform Protection Profile V2.1 E TR V1.0 (2 M ay, 2010) - 10 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information