Smartcard Evaluation TM8104 – IT Security Evaluation Linda Ariani Gunawan

Document CCDB Version 1.3 Revision 1, March 2006 Type: guidance document Intended for evaluation sponsor and smartcard developers Field of special use: smartcards and similar devices

SMARTCARD OVERVIEW

Smartcard Plastic card embedded with a computer chip that stores and transacts data between users Usage: – Telecommunication: SIM card, pay phone – Banking: debit/credit cards – Transportation: pay toll, bus/tram/train card – E-passport, ID card, health card, access card and many more

Smartcard Types Contact cards Contactless cards Dual interface cards

Smartcards Related Standards ISO 7816 “Identification cards – Integrated circuit cards with contacts” EMV – Europay, MasterCard, Visa ETSI – GSM FIPS 140 (1-3) and 201 OCF – Open Card Framework PC/SC – Interoperability Specification for ICCs and Personal Computer Systems

THE GUIDANCE DOCUMENT

Definition – IC Integrated Circuit (IC)

Definition – Software IC Dedicated Software IC Firmware proprietary, embedded developed by IC Developer 2 parts: – IC Dedicated Test Software Only used to test IC – IC Dedicated Support Software Provide functions after IC manufacturing & testing process Smartcard Embedded Software (ES) embedded NOT developed by IC Designer But by embedded software developer 2 types: – Basic Software (BS) in charge of generic functions of smart card IC OS, general routines, interpreters – Application Software (AS) dedicated to applications

Definitions – Data Identification data defined by IC manufacturer injected into non-volatile memory during manufacturing process usage: traceability IC Pre-personalization data supplied by software developer injected into non-volatile memory during manufacturing process customer data

Definitions – Personalization IC Pre-personalization process at IC manufacturer site load customer data onto IC then IC is irreversibly set into “issuer mode” Smartcard Personalization process at card issuer smartcard is configured, security parameters loaded, secret key set then smartcard is irreversibly set into “user mode”

Definitions – Product IC platform smartcard component not an end-user product may undergo evaluation e.g. without AS Smartcard product fully operational smartcard both IC+ES including AS

Smartcard Architectures Closed architectureOpen architecture

Smartcard Product Life-Cycle Ph 1. Smartcard embedded software development Smartcard Embedded Software Developer Smartcard embedded software Specification of IC pre- personalization requirements Ph 2. IC development IC Designer IC design IC dedicated software support Smartcard IC database for IC photomask fabrication

Smartcard Product Life-Cycle Ph 3. IC manufacturing and testing Ph 4. IC packaging and testing IC Manufacturer IC product IC manufacturing IC testing IC pre-personalization IC Packaging Manufacturer Ph 5. Smartcard product finishing process Smartcard Product Manufacturer IC packaging and testing Smartcard product finishing and testing

Smartcard Product Life-Cycle Ph 6. Smartcard personalization Ph 7. Smartcard end-usage Smartcard product delivery Personalizer Smartcard personalization and final test Smartcard Issuer Smartcard End-User

Roles in Evaluation Process IC Manufacturer ES/AS Developer Card Manufacturer Card Issuer Sponsor Evaluator Certification Body Requesting evaluation and financing it Maybe developer of TOE, card issuer or independent Laboratory performs the evaluation Issue certificate Developer

Evaluation Preparation Steps

Roles Contributions IC Manufacturer – Evaluation scope: include IC – Provides ST for IC to sponsor – Provides evaluation deliverable to evaluation lab ES/AS Developer – Evaluation scope: include ES/AS – (Assist) write ST – Provides evaluation deliverable to evaluation lab – Provides IC pre-personalization data

Roles Contributions Card Issuer – Approve ST – Define Smartcard personalization data – Write smartcard product guidance documentation Sponsor – Write and/or approve ST – Ensure every required evaluation deliverable available for evaluator

Roles Contributions Evaluator – Analyses evidences – Evaluation process: Conformance and penetration testing on TOE Site visit to development premises Site visit to production premises (evaluation incl. IC) Write evaluation reports

Roles Contributions Certification body – Approve evaluation scope in ST before evaluation process starts – Give advice – Monitor evaluation work – Issue certificate and certification report

Common Targeted EAL EAL1+ – EAL1 augmented with AVA_VLA.2 EAL4+ – EAL4 augmented with ADV_IMP.2, ALC_DVS.2 and AVA_VLA.4 Detailed roles contribution are specified in detail for both EALs According CC v2

Theoretical Planning for EAL4+ Evaluation Assumption: – Evaluation phase only – IC is certified – Infinite # of evaluators with good knowledge – No delay – No iteration, developers are well trained 6 months is achievable

Theoretical Planning for EAL4+ Evaluation

Smartcard Sub-processes for EAL4+ software development for smartcard only, not application development 4 sub processes: – Development environment – Security Target – Guidance documentation – Development/Test Reusability through training and document template

Testing Methodology Used by security evaluation laboratory Define attack and strategies list