Smartcard Evaluation
description
Transcript of Smartcard Evaluation
Smartcard Evaluation
TM8104 – IT Security Evaluation
2008-11-13 Linda Ariani Gunawan
Document
• CCDB-2006-04-001• Version 1.3 Revision 1, March 2006• Type: guidance document• Intended for evaluation sponsor and
smartcard developers• Field of special use: smartcards and similar
devices
SMARTCARD OVERVIEWSMARTCARD OVERVIEW
Smartcard
• Plastic card embedded with a computer chip that stores and transacts data between users
• Usage:– Telecommunication: SIM card, pay phone– Banking: debit/credit cards– Transportation: pay toll, bus/tram/train card– E-passport, ID card, health card, access card and
many more
Smartcard Types
• Contact cards• Contactless cards• Dual interface cards
Smartcards Related Standards
• ISO 7816 “Identification cards – Integrated circuit cards with contacts”
• EMV – Europay, MasterCard, Visa• ETSI – GSM• FIPS 140 (1-3) and 201• OCF – Open Card Framework• PC/SC – Interoperability Specification for ICCs
and Personal Computer Systems
THE GUIDANCE DOCUMENTTHE GUIDANCE DOCUMENT
Definition – IC
• Integrated Circuit (IC)
Definition – Software
IC Dedicated Software• IC Firmware• proprietary, embedded• developed by IC Developer• 2 parts:
– IC Dedicated Test Software• Only used to test IC
– IC Dedicated Support Software• Provide functions after IC
manufacturing & testing process
Smartcard Embedded Software (ES)• embedded• NOT developed by IC Designer• But by embedded software
developer• 2 types:
– Basic Software (BS)• in charge of generic functions of
smart card IC• OS, general routines, interpreters
– Application Software (AS)• dedicated to applications
Definitions – Data
Identification data• defined by IC manufacturer• injected into non-volatile
memory during manufacturing process
• usage: traceability
IC Pre-personalization data• supplied by software
developer• injected into non-volatile
memory during manufacturing process
• customer data
Definitions – Personalization
IC Pre-personalization• process at IC manufacturer
site• load customer data onto IC• then IC is irreversibly set
into “issuer mode”
Smartcard Personalization• process at card issuer• smartcard is configured,
security parameters loaded, secret key set
• then smartcard is irreversibly set into “user mode”
Definitions – Product
IC platform• smartcard component• not an end-user product• may undergo evaluation• e.g. without AS
Smartcard product• fully operational smartcard• both IC+ES including AS
Smartcard Architectures
Closed architecture Open architecture
Smartcard Product Life-Cycle
Ph 1. Smartcard embedded software development
Smartcard EmbeddedSoftware Developer
Smartcard embedded software
Specification of IC pre-personalization requirements
Ph 2. IC development
IC Designer
IC design IC dedicated software
support
Smartcard IC database for IC photomask fabrication
Smartcard Product Life-Cycle
Ph 3. IC manufacturing
and testing
Ph 4. IC packaging and testing
IC ManufacturerIC product
•IC manufacturing•IC testing•IC pre-personalization
IC Packaging Manufacturer
Ph 5. Smartcard product finishing process
Smartcard Product Manufacturer
IC packaging and testing
Smartcard product finishing and testing
Smartcard Product Life-Cycle
Ph 6. Smartcard
personalization
Ph 7. Smartcard end-usage
Smartcard product delivery
PersonalizerSmartcard personalization
and final test
Smartcard Issuer Smartcard End-User
Roles in Evaluation Process
IC Manufacturer
ES/AS Developer
Card Manufacturer
Card Issuer
Sponsor
Evaluator
Certification Body
• Requesting evaluation and financing it• Maybe developer of TOE, card issuer or independent
• Laboratory performs the evaluation
• Issue certificate
Developer
Evaluation Preparation Steps
Roles Contributions
• IC Manufacturer– Evaluation scope: include IC– Provides ST for IC to sponsor– Provides evaluation deliverable to evaluation lab
• ES/AS Developer– Evaluation scope: include ES/AS– (Assist) write ST– Provides evaluation deliverable to evaluation lab– Provides IC pre-personalization data
Roles Contributions
• Card Issuer– Approve ST– Define Smartcard personalization data– Write smartcard product guidance documentation
• Sponsor– Write and/or approve ST– Ensure every required evaluation deliverable
available for evaluator
Roles Contributions
• Evaluator– Analyses evidences– Evaluation process:
• Conformance and penetration testing on TOE• Site visit to development premises• Site visit to production premises (evaluation incl. IC)• Write evaluation reports
Roles Contributions
• Certification body– Approve evaluation scope in ST before evaluation
process starts– Give advice– Monitor evaluation work– Issue certificate and certification report
Common Targeted EAL
• EAL1+– EAL1 augmented with AVA_VLA.2
• EAL4+– EAL4 augmented with ADV_IMP.2, ALC_DVS.2 and
AVA_VLA.4
• Detailed roles contribution are specified in detail for both EALs
• According CC v2
Theoretical Planning for EAL4+ Evaluation
• Assumption:– Evaluation phase only– IC is certified– Infinite # of evaluators with good knowledge– No delay– No iteration, developers are well trained
• 6 months is achievable
Theoretical Planning for EAL4+ Evaluation
Smartcard Sub-processes for EAL4+
• software development for smartcard only, not application development
• 4 sub processes:– Development environment– Security Target– Guidance documentation– Development/Test
• Reusability through training and document template
Testing Methodology
• Used by security evaluation laboratory• Define attack and strategies list