Security Target: 20090406113650

Security Target: 20090406113650
Security Target Lite
KCOS e-Passport Version 1.0
Version: 1.0
Date: 2008. 10. 30
Filename: EPS-01-AN-ST (Lite-EN)
Korea Minting & Security
Printing Corporation
Technology Research Institute
IT Research Dept.
This page left blank on purpose for double-side printing
-Public-
Security Target Lite
[ Table of Contents ]
1. Introduction ................................................................................................................................ 1
1.1 Security Target Identification ..................................................................................................... 1
1.2 Security Target Overview ........................................................................................................... 1
1.3 CC Conformance ....................................................................................................................... 3
1.4 Conventions ............................................................................................................................... 3
1.5 Security Target Organization ..................................................................................................... 4
2. TOE Description ......................................................................................................................... 6
2.1 TOE Overview............................................................................................................................ 6
2.2 TOE Product Type ..................................................................................................................... 8
2.3 TOE Life Cycle and Environment .............................................................................................. 8
2.3.1 Life Cycle and Environment of TOE ....................................................................................... 8
2.4 TOE Scope ............................................................................................................................. 11
2.4.1 Physical Scope of the TOE .................................................................................................. 11
2.4.2 Logical Scope of the TOE .................................................................................................... 11
2.4.3 IT environment (a chip) ........................................................................................................ 22
2.4.4 External IT ........................................................................................................................... 22
3. TOE Security Environment .................................................................................................... 24
3.1 Assumptions ........................................................................................................................... 24
3.2 Threats .................................................................................................................................... 26
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
I
-Public-
Security Target Lite
3.3 Organizational Security Policies ............................................................................................. 30
4. Security Objectives ................................................................................................................ 33
4.1 Security Objectives for the TOE ............................................................................................. 33
4.2 Security Objectives for the Environment ................................................................................ 36
5. IT Security Requirements ...................................................................................................... 40
5.1 TOE Security Functional Requirements ................................................................................. 40
5.1.1 Cryptographic Support ......................................................................................................... 42
5.1.2 User Data Protection ........................................................................................................... 45
5.1.3 Identification and Authentication .......................................................................................... 50
5.1.4 Security Management .......................................................................................................... 56
5.1.5 Privacy ................................................................................................................................. 62
5.2 Security Requirements for the IT environment ....................................................................... 65
5.3 Security Assurance Requirements ......................................................................................... 68
6. TOE Summary Specification.................................................................................................. 71
6.1 Security Functions .................................................................................................................. 71
6.2 SF.MUT_AUTH (PAC security mechanism, BAC security mechanism) ................................. 71
6.3 SF.CHIP_AUTH ...................................................................................................................... 72
6.4 SF.TERMINAL_AUTH............................................................................................................. 72
6.5 SF.SEC_MESSAGE ............................................................................................................... 72
6.6 SF.ACTIVE_AUTH .................................................................................................................. 72
6.7 SF.ACC_CONTROL ............................................................................................................... 73
6.8 SF.RELIABILITY ..................................................................................................................... 73
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
II
-Public-
Security Target Lite
7. Acceptance of Protection Profile .......................................................................................... 74
7.1 Reference of Protection Profile............................................................................................... 74
7.2 Reconstruction of Protection Profile ....................................................................................... 74
7.3 Additional components of Protection Profile ........................................................................... 74
8. Rationale .................................................................................................................................. 75
8.1 Rationale of Security Objectives............................................................................................. 75
8.1.1 Rationale of TOE Security Objectives ................................................................................. 77
8.1.2 Rationale of Security Objective for Environment ................................................................. 81
8.2 Rationale of Security Requirements ....................................................................................... 85
8.2.1 Rationale of Security Functional Requirements .................................................................. 85
8.2.2 Rationale of IT Environment Security Requirements ...................................................... 100
8.2.3 Rationale of Assurance Requirements ............................................................................ 102
8.3 Rationale of Dependency ................................................................................................... 103
8.3.1 Dependency of TOE Security Functional Requirements ................................................. 103
8.3.2 Dependency of IT Environment Security Functional Requirements ................................ 106
8.3.3 Dependency of TOE Security Assurance Requirements ................................................. 107
8.4 Rationale of the Extended Security Requirements ............................................................. 107
8.5 Rationale of Assurance Measures ...................................................................................... 108
8.6 Rationale of Function Strength ........................................................................................... 110
8.6.1 Rationale for function strength of security functional requirements ................................ 110
8.6.2 Rationale of Strength of Function .................................................................................... 111
8.7 Rationale of Mutual Support and Internal Consistency ...................................................... 112
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
III
-Public-
Security Target Lite
8.8 Rationale of PP Claims ....................................................................................................... 113
8.8.1 Rationale for Conformance of Security Environment ...................................................... 113
8.8.2 Rationale for Conformance of Security Objective ........................................................... 114
8.8.3 Rationale for Security Functional Requirements ............................................................. 114
8.8.4 Rationale for Assurance Requirements ........................................................................... 114
[Works Cited] .......................................................................................................................... 115
[Abbreviations] ....................................................................................................................... 117
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
IV
-Public-
Security Target Lite
[ List of Tables ]
(Table 1) Type of Certificates .................................................................................................. 7
(Table 2) Life Cycle of the MRTD Chip and the TOE ............................................................. 9
(Table 3) Subsystems and Functions .................................................................................. 12
(Table 4) TOE Assets ........................................................................................................... 13
(Table 5) Content of the LDS in which the User Data are Stored........................................ 15
(Table 6) The ePassport Security Mechanisms ................................................................... 18
(Table 7) ePassport Access Control Policies in the Operational Use phase ....................... 31
(Table 8) Personalization Phase ePassport Access Control Policies .................................. 31
(Table 9) Security Functional Requirements ....................................................................... 40
(Table 10) Subject-relevant Security Attributes ................................................................... 46
(Table 11) Object-relevant Security Attributes ..................................................................... 46
(Table 12) Authentication failure handling ........................................................................... 51
(Table 13) Security Attributes ..............................................................................................57
(Table 14) Security Attributes .............................................................................................. 59
(Table 15) Security requirements for the IT environment .................................................... 65
(Table 16) Security Assurance Requirements ..................................................................... 69
(Table 17) TOE security functions .......................................................................................71
(Table 18) Additional ST items .............................................................................................74
(Table 19) Mapping between Security Environments and Security Objectives ................... 75
(Table 20) Mapping between Security Objectives and Security Functional Requirements . 85
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
V
-Public-
Security Target Lite
(Table 21) Mapping of Security Objectives for the IT environment by SFR .................... 100
(Table 22) Dependency of TOE Functional Components ................................................ 103
(Table 23) Dependency of IT Environment Functional Components ............................... 106
(Table 24) Dependency of the Added Assurance Components ...................................... 107
(Table 25) Assurance Measures ...................................................................................... 108
(Table 26) Function Strength of Security Functional Requirements ................................ 110
(Table 27) Strength of Security Function ......................................................................... 111
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
VI
-Public-
Security Target Lite
[ List of Figures ]
[Figure 1] Overall Configuration of the ePassport System ..................................................... 6
[Figure 2] The TOE Operation Environment ........................................................................ 10
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
VII
-Public-
Security Target Lite
1. Introduction
This document is the Security Target (ST) to describe KCOS e-Passport Version 1.0 developed by
the Korea Minting & Security Printing Corporation (KOMSCO).
This chapter identifies the ST and TOE and supports the ST overview, Common Criteria
conformance and other areas.
1.1 Security Target Identification
Title: EPS-01-AN-ST
ST Version Number: V1.6
TOE name: KCOS e-Passport Version 1.0
Author: IT Research Department, Technology Research Institute, KOMSCO
Applicant: Korea Minting & Security Printing Corporation
Evaluation Criteria: Common Criteria for Information Security Evaluation (Ministry of Public
Administration and Security Public Notice No. 2008-26)
Common Criteria Version: V2.3
Compliant to: ePassport Protection Profile V1.0 (KECS-PP-0084-2008)
Assurance Level: EAL4+ (ADV_IMP.2, ATE_DPT.2, AVA_VLA.3)
MRTD Chip: SLE66CLX800PE, Infineon Technologies AG
Keywords: ePassport, COS, MRTD, ICAO
1.2 Security Target Overview
This security target defines the security objectives and requirements for "KOMSCO KCOS ePassport Version 1.0(KCOS)".
TOE is the native chip operation system (COS), MRTD application and MRTD application data
implemented on the SLE66CLX800PE, which is a contactless IC Chip of Infineon
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
1
-Public-
Security Target Lite
Technologies and is certified according to CC EAL 5+(BSI-DSZ-CC-0482-2008).
The MRTD application of the TOE follows ePassport Spec. (ICAO "Machine Readable Travel
Documents, Doc 9303 Part1 Volume 2[1]) and EAC Spec. (BSI, Advanced Security Mechanisms
Machine Readable Travel Documents-Extended Access Control V1.1 (2007.08)).
Therefore, the TOE carries out the security mechanisms of the ePassport such as AA (Active
Authentication), BAC (Basic Access Control) and EAC (Extended Access Control). Additionally,
the TOE also carries out the PAC (Personalization Access Control), which is a security
mechanism for the secure personalization and management on the personalization phase at
the personalization agent. Also, PAC is the security mechanism of KCOS; it authenticates the
personalization agent and performs the function that grants the permission to personalize to
the Personalization agent by supporting the multi-authentication mechanism according to
departmentalizing the security roles of the personalization agent.
This ST includes the TOE description and the TOE Security Environment, Security Objectives and
IT Security Requirement, which are described in ePassport Protection Profile V1.0. This ST also
describes the security functions and assurance measures.
The TOE includes hash functions using random numbers. TDES, Retail MAC, RSA and ECC are
supported by the MRTD chip. Therefore, the random number, TDES, Retail MAC, RSA and ECC
are included in the TOE Security Environment.
This ST describes
• An overview of the TOE and the physical and logical scope of the TOE
• TOE Security Environment (assumptions, threats and organizational security policies)
• The security objective for the TOE and its IT environment
• IT security requirements (security requirements for TOE and IT environment) and assurance
requirements
• TOE summary specification (security functions, assurance measures)
• PP claims
• Rationales
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
2
-Public-
Security Target Lite
1.3 CC Conformance
This ST claims conformance to:
• ePassport Protection Profile V1.0 (KECS-PP-0084-2008)
This ST claims conformance to:
• Common Criteria for Information Technology Security Evaluation, part 1: Introduction and
general model, Version 2.3, Aug. 2005, CCMB-2005-08-001
• Common Criteria for Information Technology Security Evaluation, part 2: Security functional
requirements, Version 2.3, Aug. 2005, CCMB-2005-08-002
• Common Criteria for Information Technology Security Evaluation, part 3: Security assurance
requirements, Version 2.3, Aug. 2005, CCMB-2005-08-003
as follows:
• Part 2 Conformant
• Part 3 Conformant
• Package Conformant to EAL4 augmented with ADV_IMP2, ATE_DPT2 andAVA_VLA.3
1.4 Conventions
The notation, formatting and conventions used in this ST are consistent with the Common Criteria
for Information Technology Security Evaluation (hereafter referred to as “CC”).
The CC allows several operations to be performed on functional requirements, assignment,
iteration, refinement and selection. Each of these operations is used in this ST.
Iteration
This is used when a component is repeated with varying operations. The result of the iteration is
marked by an iteration number in parenthesis following the component identifier, i.e., (Iteration
No.).
Selection
This is used to select one or more options provided by the CC in stating a requirement. The result
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
3
-Public-
Security Target Lite
of a selection is shown as underlined and italicized.
Refinement
This is used to add detail to a requirement. It therefore restricts a requirement further. The result of
a refinement is shown in bold text.
Assignment
This is used to assign specific values to unspecified parameters (e.g., password length). The
result of an assignment is indicated in square brackets, i.e., [assignment_Value].
Application Notes
"Application Notes" are provided to help to clarify the intent of the TOE description, TOE security
environment, security objectives, IT security requirements and TOE summary specifications.
1.5 Security Target Organization
Chapter 1 provides the introductory material for the Security Target.
Chapter 2 defines the TOE and describes the TOE environment.
Chapter 3 describes the assumptions, threats and organizational security policies for the TOE and
TOE environment.
Chapter 4 describes the security objectives of the TOE and environment by supporting the
assumptions and organizational security policies to counter the threats.
Chapter 5 describes the security function requirements and assurance measures for the security
objectives.
Chapter 6 provides the TOE security functions. The TOE security functions contain IT security
functions and describe how to meet the requirement of the TOE security function. The assurance
measure describes the assurance declared for meeting the specified assurance requirements.
Chapter 7 describes the PP claims.
Chapter 8 describes rationale.
References contain references to noteworthy background information and/or supporting materials
for prospective users of the ST who may be interested in knowing more than what is specified
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
4
-Public-
Security Target Lite
herein.
Acronym is an acronym list that defines frequently used acronyms.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
5
-Public-
Security Target Lite
2. TOE Description
2.1 TOE Overview
ePassport
The ePassport is a passport embedding a contactless IC Chip in which the identity and other data
of the ePassport holder are stored according to the International Civil Aviation Organization
(ICAO) and the International Standard Organization (ISO). The contactless IC chip used in the
ePassport is referred to as a MRTD chip. The MRTD chip is loaded with the MRTD application and
IC chip operating system (COS) to support IT and information security technology for the
electronic storage, processing and handling of the ePassport identity data.
ePassport System
The [Figure 1] shows the overall configuration of the ePassport system.
[Figure 1] Overall Configuration of the ePassport System
The ePassport holder requests an issue of the ePassport and receives the ePassport issued
according to the Issuing Policy of the ePassport. The ePassport holder presents the ePassport
to an immigration officer so that the ePassport can be inspected at immigration control. For
immigration control, the ePassport is verified by an immigration officer or by an automatic
Inspection System according to the ePassport immigration control policy for each country.
The Reception organization collects personal and biometric data of the ePassport holder,
checks the identity of the ePassport holder through cooperation with the related organizations,
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
6
-Public-
Security Target Lite
such as National Police Agency, and sends to the personalization agent for the issuing of the
ePassport with these data collected.
The Personalization agent generates a Document Security Object (‘'SOD’' hereinafter) using a
digital signature on the user data (identity and authentication data) and records it in the MRTD
chip with the ePassport identity data sent from the reception organization. Also, after recording
the TSF data in secure memory, the personalization agent manufactures and issues the
ePassport-embedded MRTD chip to the passport. Details of data recorded in the ePassport are
described in (Table 4) of 2.2.3 Logical Scope in the TOE.
The Personalization agent generates a digital signature key to check against forgery and
corruption of the user data stored in the MRTD chip. Then, in accordance with the Certification
Practice Statement (CPS) of the ePassport PKI System, the personalization agent generates,
issues, and manages the CSCA Certificate and DS Certificate. According to the Issuing Policy of
the ePassport, the Personalization agent generates a digital signature key to verify access-rights
to the biometric data of the ePassport holder to support the EAC security mechanism. The
Personalization agent then generates, issues, and manages the CVCA Certificate, CVCA Link
Certificate and the DV Certificate. Details related to of the ePassport PKI System and certification
procedure, including the certification server, key generation devices and the physical and
procedural security measures depend on the Issuing Policy of the ePassport.
The Document verifier generates an IS Certificate using the CVCA and DV Certificates and then
provides these certificates to the Inspection System.
The types of certificates used in the ePassport system are shown in (Table 1) below.
(Table 1) Type of Certificates
Usage
To verify forgery and
corruption of the user data
ePassport PKI
System
Subject
Certificate
CSCA
CSCA Certificate
Personalization agent
DS Certificate
EAC-PKI
CVCA
CVCA Certificate
EAC-PKI
CVCA
CVCA Link Certificate
EAC-PKI
Document verifier
DV Certificate
PA-PKI
To verify the access-right
of the biometric data of the
ePassport holder
To verify the access-right
of the biometric data of the
ePassport holder
To verify the access-right
of the biometric data of the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
7
-Public-
Usage
Security Target Lite
ePassport PKI
System
Subject
Certificate
EAC-PKI
EAC supporting Inspection
System
IS Certificate
ePassport holder
To verify the access-right
of the biometric data of the
ePassport holder
Application Notes: The Personalization agent generates and issues certificates for the PA and
EAC and distributes the certificates online and/or offline according to the Issuing policy of the
ePassport. If the Issuing State of the ePassport has joined the ICAO-PKD, it is possible to register
a DS Certificate and distribute it online. Moreover, the Document verifier generates the IS
Certificate and distributes it to the Inspection System according to the Issuing policy of the
ePassport.
2.2 TOE Product Type
The TOE is the native chip operation system (COS), MRTD application and MRTD application
data implemented on SLE66CLX800PE, which is a contactless IC chip product of Infineon
Technologies and is certified according to CC EAL 5+.
The ePassport manufacturer makes an ePassport book by embedding a MRTD chip and RF
antenna into a passport book. The Personalization agent personalizes the MRZ information and
biometric data of the face and the finger print of the ePassport holder into the MRTD chip along
with the TSF data for authentication and secure messaging between the MRTD chip and the
inspection system. The inspection system verifies the ePassport presented by the ePassport
holder.
2.3 TOE Life Cycle and Environment
This section defines the life cycle of the TOE, including the development, manufacturing,
personalization and operational use of the ePassport. It also defines the TOE environment and
physical/ logical scope of the TOE.
2.3.1 Life Cycle and Environment of TOE
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
8
-Public-
Security Target Lite
The Life Cycle of the MRTD Chip and the TOE
(Table 2) shows the life cycle of the MRTD chip and the TOE. The transmission process in (Table
2) has been omitted. In the life cycle shown in (Table 2), the TOE development process
corresponds to phase 1 (Development) and phase 2 (Manufacturing), while the TOE operational
environment corresponds to phase 3 (Personalization) and phase 4 (Operational Use).
(Table 2) Life Cycle of the MRTD Chip and the TOE
Phase
Life Cycle of the MRTD Chip
Life Cycle of the TOE
① The IC chip developer to design the
IC chip and to develop the IC chip
Dedicated S/W.
② The S/W developer to develop the
TOE (COS, MRTD application) by
using the IC chip and the Dedicated
S/W.
Phase 1
(Development)
③ Delivery to IC chip manufacturer the
ROM code including the initial PAC
authentication key.
Phase 2
(Manufacturing)
④ The IC chip manufacturer to mask
the TOE in the ROM, to record the IC
chip identifier and to produce the IC
chip.
⑤ The ePassport manufacturer to
embed the IC chip in the passport book
by requesting the Personalization
agent.
⑥ The Personalization agent to
operate the functions of the PAC
authentication key update and patch.
⑦ The Personalization agent to create
a user data storage space according to
the LDS format or the ICAO document
and to record it in EEPROM.
⑧ The Personalization agent to create
a SOD using a digital signature on the
ePassport identity data.
Phase 3
⑨ The Personalization agent to record
the ePassport identity data, the
authentication data (including SOD)
and the TSF data (The TOE itself
creates the BAC authentication key
using
the
command
of
the
personalization agent) in the TOE.
(Personalization)
⑩ The Personalization agent to verify
the normal operation.
⑪ Issue, discard or re-personalization
according to the verifying result.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
9
-PublicPhase
Life Cycle of the MRTD Chip
Security Target Lite
Life Cycle of the TOE
⑫ The Inspection System to verify the
ePassport and to check identity of the
ePassport holder by communicating
with the TOE.
Phase 4
(Operational Use)
TOE Operational Environment
[Figure 2] shows the operational environment of the TOE in the phases of the ePassport
Personalization and Operational Use through the relationship with major security functions of the
TOE and external entities (the Personalization agent, the Inspection System) that interact with the
TOE.
[Figure 1] The TOE Operation Environment
TOE Personalization Phase
The TOE manages eight statuses as operational modes for secure personalization and
management. The personalization phase is divided into pre-personalization, personalization,
verification and the operational mode transition.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
10
-Public-
Security Target Lite
2.4 TOE Scope
In this section, the physical and logical scope of the TOE is defined.
2.4.1 Physical Scope of the TOE
The MRTD IC chip includes the native IC chip operating system (COS), the MRTD application, the
MRTD application data, cryptography operation and the IC chip constituent.
In the ST, the TOE is defined with the native IC chip operating system (COS), the MRTD
application and the MRTD application data.
The native IC chip operating system (COS) provides functions for the execution of the MRTD
application and management of the MRTD application data, including command processing and
file management, as defined in ISO/ IEC 7816-4, 8 and 9. In addition, the native IC chip operating
system (COS) carries out SHA-1, SHA-2224 and SHA-256 hash operations. SHA-1 is for creating
the BAC authentication key, the BAC session key and the EAC session key in the BAC and EAC
security mechanisms; SHA-256 is for AA security mechanism; and SHA-224 is for EAC security
mechanism. The native IC chip operating system (COS) is stored in the ROM of the MRTD IC chip.
The MRTD chip application is the IC chip application that implements the function to store and
process the ePassport identity data according to the LDS (Logical Data Structure) format
defined in the ICAO document in addition to the security mechanism to protect the function
securely. In addition, the MRTD application is added to the EAC security mechanism by the
EAC specifications, as the biometric data of the ePassport holder is included in the ePassport
identity data. The MRTD chip application also includes the PAC security mechanism, which is
the security mechanism of KCOS for ePassport personalization. The MRTD chip application is
stored in the ROM of the MRTD IC chip.
The MRTD application data consists of the user data, including the ePassport identity data
and the TSF data required in the security mechanism. The MRTD application data is stored
the ROM of the MRTD IC chip.
2.4.2 Logical Scope of the TOE
The TOE communicates with the Inspection System and Personalization agent according to the
transmission protocol defined in ISO/IEC 14443-4. The TOE implements the PAC security
mechanism and the security mechanism defined in the ICAO document and the EAC
specifications. It also provides access control and security management functions. In addition, the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
11
-Public-
Security Target Lite
TOE provides functions of TSF self-protection, such as TSF self-testing, preservation of a secure
state and domain separation.
The logical scope of the TOE is divided into subsystems and assets. The subsystems operate
security mechanisms, TOE access control, security management and the TOE protection functions.
The assets consist of MRTD user data and MRTD TSF data.
Subsystems
The functions of the subsystems are outlined below.
(Table 3) Subsystems and Functions
Subsystems
Functions
․ BAC mutual authentication and BAC session key generation
․ PAC mutual authentication and PAC session key generation
Authentication
․ EAC-CA and EAC session key generation
․ EAC-TA and CVCA Certificate verification/update
․ PAC authentication key update and BAC authentication key generation
․ Recording Security mechanism-related key information
․ APDU receiving/transmitting(Command access control according to the
operational mode)
Card Manager
․ Checking the status of patch for the TSF executable code and changing
the operational mode
․ The file table and security properties initialization, the TOE
personalization initialization, the TOE re-personalization initialization, and
the TOE Block operational mode release (Unblock)
․ Hash operation (SHA-1, SHA-224, SHA-256)
Crypto
Hardware Abstraction
Memory Manager
Secure Messaging
․ IC chip function call and handling to compute the TDES, Retail MAC,
random number generation and CRC
․ IC chip function call and handling to check for abnormal operation and
management of the residual information
․ LDS file system initialization
․ Access control reading and writing the user data
․ PAC trusted channel, BAC trusted channel, EAC trusted channel
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
12
-Public-
Security Target Lite
Assets
In order to protect the TOE assets shown in (Table 4), the TOE provides security functions such
as the confidentiality, the integrity, the authentication and the access control.
(Table 4) TOE Assets
Category
ePassport
Identity Data
User Data
Description
Personal Data of the
ePassport holder
EF.DG1, EF.DG2
Biometric Data of
the ePassport
holder
EF.DG3
Storage Space
ePassport Authentication Data
EF.SOD, EF.DG14 (EAC chip
authentication public key),
EF.DG15 (AA public key)
EF.CVCA
In EAC-TA, CVCA digital
signature verification key
identifier list used by the TOE to
authenticate the Inspection
System
EF.COM
LDS version info., tag list of DG
used, etc.
EAC Chip Authentication Private Key
In EAC-CA, Chip Private key
used by the TOE to demonstrate
a non-forged MRTD chip
CVCA Certificate
In personalization phase, Root
CA Certificate issued in EACPKI
CVCA Digital Signature Verification
Key
After the personalization phase,
CVCA Certificate Public key is
newly created by a certificate
update
Current Date
In the personalization phase, the
date of issue of the ePassport is
recorded. However, in the
operational use phase, the TOE
internally updates it as the latest
date among the issuing dates of
the CVCA Link Certificate, the
DV Certificate or the Issuing
State IS Certificate.
TSF Data
EF file
Secure
memory
BAC authentication encryption
key
BAC Authentication Key
BAC authentication MAC key
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
13
-Public-
Category
Security Target Lite
Description
Storage Space
AA Private Key
Private key of the chip used by
the TOE to prove that the chip is
not substituted
PAC Authentication Key
Symmetric key for PAC mutual
authentication and PAC
personalization management
authentication
BAC session encryption key
BAC Session Key
BAC session MAC key
EAC session encryption key
EAC Session Key
Temporary
memory
EAC session MAC key
PAC session encryption key
PAC Session Key
PAC session MAC key
Application Notes: The biometric data obtained from an ePassport holder include the face, the
fingerprint and the iris scan. It is mandatory to contain the face information according to the ICAO
document. The fingerprint and iris information is included optionally according to the issuing policy
of the ePassport. This security target includes security functional requirements for the EAC
specifications by assuming the fingerprint information to be contained.
Application Notes: A BAC authentication key is generated and saved in the secure memory of
the IC chip in the personalization phase by the command of the Personalization agent
Application Notes: To support the EAC, the Personalization agent generates the EAC chip
authentication public and private key and records them in the TOE. The CVCA digital signature
verification key is updated through the CVCA Link Certificate according to the EAC specifications.
However, the first CVCA digital signature verification key for verifying the CVCA Link Certificate
shall be recorded in the secure memory of the MRTD chip during the personalization phase. When
the CVCA digital signature verification key is updated, the TOE overwrites at the existing CVCA
digital signature verification key.
Application Notes: The Personalization agent generates the SOD through a digital signature on
the ePassport identity data.
The LDS in which the user data are stored defines the MF, DF and EF file structure. (Table 5)
shows the content of EF.DG1~EF.DG16, in which parts of the user data is stored.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
14
-Public-
Security Target Lite
(Table 5) Content of the LDS in which the User Data are Stored
Category
DG
Contents
Document (Passport) Type
Issuing State
Name (of Holder)
Document Number
Check Digit (of Doc Number)
Nationality
Detail(s)
DG1
in MRZ
Date of Birth
Check Digit (of DOB)
Sex
Data of Expiry of Valid Until Date
Check Digit (of DOE/VUD)
Composite Check Digit
Biometric
DG2
Encoded face info.
DG3
Encoded fingerprint info.
DG14
EAC Chip Authentication Public Key
DG15
AA Digital Signature Verification Key
EF.COM
LDS version info., tag list of DG used, etc.
EF.SOD
Document of security
EF.CVCA
In EAC-TA, CVCA digital signature verification
key identifier list
Data
Biometric
Data
ePassport
authentication
information
ePassport
authentication
information
ePassport
authentication
information
ePassport
authentication
information
ePassport
authentication
information
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
15
-Public-
Security Target Lite
Security Mechanisms
The TOE provides security functions such as confidentiality, integrity, access control and
authentication to protect the TSF data and the user data of the ePassport identity data and the
ePassport authentication data. These security functions are implemented with the PAC, the BAC
mechanism of the ICAO document and the EAC mechanism of the EAC specifications. Additionally,
the TOE provides the SOD to the BIS and the EIS, and the Inspection System detects forgery and
corruption of the user data through verification of the digital signature of the SOD.
< PAC (Personalization Access Control) >
The TOE provides a PAC (Personalization Access Control) security mechanism to control the
access-rights of the security role of the Personalization agent. The PAC is divided into PAC mutual
authentication, PAC session key generation and PAC personalization and management
authentication.
PAC mutual authentication is a TDES-based entity authentication protocol that modifies the BAC
security mechanism to authenticate between the Personalization agent and the TOE mutually in
the personalization phase.
PAC session key generation is implemented using the TDES-based key distribution protocol,
which is the function that generates the PAC session key (the PAC session encryption key and
PAC session MAC key) that is used to create the PAC secure messaging between the TOE and
the Personalization agent. This protocol is implemented by modifying the standard symmetric keybased key distribution protocol.
PAC personalization and management authentication is operated after TSF checks the operational
mode of the TOE when the Personalization agent requests the TOE security management or the
TSF data management. The Personalization agent issuing authorization is obtained when the
Personalization agent successfully establishes with the security management functions it will use.
The personalization right consists of the PAC authentication key update, operational mode
transition, executable code and data path, and the Unblock function.
< BAC (Basic Access Control) >
The BAC (Basic Access Control) provides confidentiality and integrity for the personal data of the
ePassport holder by secure messaging when controlling access to the personal data of the
ePassport holder stored in the TOE and transmitting it to the Inspection System with read-rights.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
16
-Public-
Security Target Lite
The BAC includes the BAC mutual authentication, the BAC key distribution and the BAC secure
messaging.
The TOE uses the BAC authentication key stored in secure memory and the BAC-supporting
Inspection System using the BAC authentication key generated from reading optically the MRZ.
The TOE and the Inspection System then perform encryption by a generated random number and
exchange the numbers. The TOE and the BAC-supporting Inspection System execute the BAC
mutual authentication by checking the exchanged random number. The session is ended in case
of a mutual authentication failure.
The TOE, to secure transmission of the personal data of the ePassport holder after checking the
read-rights of the Inspection System for the personal data of the ePassport holder through the
BAC mutual authentication, establishes BAC secure messaging through encryption of the BAC
session key shared by the BAC key distribution. It also generates the MAC.
< AA (Active Authentication) >
The AA security mechanism is implemented to prove the authenticity of the TOE to the inspection
system. The TOE generates and transmits the digital signature generated by the AA private key
on the random number transmitted by the inspection system. The inspection system then
authenticates the TOE by verifying the digital signature using the AA public key. Therefore, AA is
the security mechanism that prevents the substitution of the MRTD IC chip onto which the TOE is
loaded.
< EAC (Extended Access Control) >
The EAC (Extended Access Control) provides the confidentiality and the integrity for the biometric
data of the ePassport holder by secure messaging when controlling access to the biometric data
of the ePassport holder stored in the TOE and transmitting it to the Inspection System with readrights. The EAC includes the EAC-CA, the EAC secure messaging and the EAC-TA.
The EAC-CA implements the ephemeral-static DH key distribution protocol for the EAC session
key distribution and the chip authentication. The TOE transmits the EAC chip authentication public
key so that the Inspection System authenticates itself and executes the key distribution protocol by
using a temporary public key received from the Inspection System. The session is ended if the
EAC-CA fails. When the EAC-CA is successful, the TOE establishes the EAC secure messaging
using the EAC session key.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
17
-Public-
Security Target Lite
The EAC-TA is used by the TOE to implement the challenge-response authentication protocol
based on the digital signature in order to authenticate the EAC-supporting Inspection System. The
TOE authenticates the Inspection System, verifying the value of the digital signature by the
Inspection System in the temporary public key used for the EAC-CA using the IS Certificate. The
TOE, when receiving the CVCA Link Certificate, the DV Certificate and the IS Certificate from the
EAC-supporting Inspection System, verifies the CVCA Link Certificate using the CVCA digital
signature verification key in secure memory. Then, by verifying a valid date of the CVCA Link
Certificate, the TOE updates the CVCA digital signature verification key and the current date if
necessary. After verifying the IS Certificate and checking that it is a suitable certificate, the TOE
allows access of the EAC-supporting Inspection System to read the biometric data of the
ePassport holder and transmits the data through EAC secure messaging.
(Table 6) summarizes the ePassport security mechanisms.
(Table 6) The ePassport Security Mechanisms
IT Security Function of
the TOE
The ePassport Security Mechanisms
Security
Mechanism
Function
Cryptography
AA
Proving the
authenticity of
the ePassport
RSASSA
BAC Mutual
authentication
SHA-256
Symmetric keybased entity
authentication
protocol
TDES-CBC
Cryptographic
Key/Certificate Type
IT Security Function of
the TOE
RSA Digital
Signature Key
The TOE signs the
random number
transmitted from the IS
and then transmits to the
IS.
BAC Authentication
Key (encryption key,
MAC key)
SHA-1
Retail MAC
BAC
BAC Key
Distribution
Symmetric keybased key
distribution protocol
TDES-CBC
SHA-1
Secure Messaging
Copyright Ⓒ 2008 KOMSCO, All rights reserved
The TOE transmits the
value to the Inspection
System after encryption
and MAC operation for
authentication.
BAC Session Key
(encryption key,
MAC key)
Generating BAC session
key by using KDF from
the exchanged keysharing random number
on the basis of the
TDES-based key
distribution protocol
BAC Session Key
(encryption key,
MAC key)
Transmitting messages
by creating the MAC after
encryption with the BAC
session key. Receiving
messages by decrypting
them after verifying the
MAC with the BAC
Retail MAC
BAC Secure
messaging
The TOE verifies if the
Inspection System has
access-rights by
decryption and MAC
operation for the
transmitted value of the
Inspection System.
EPS-01-AN-ST(Lite-EN)-1.0
18
-Public-
Security Target Lite
IT Security Function of
the TOE
The ePassport Security Mechanisms
Security
Mechanism
Function
Cryptography
Cryptographic
Key/Certificate Type
IT Security Function of
the TOE
session key
EAC-CA
ECDH key
distribution protocol
EAC Chip
Authentication
Private Key
SHA-1
EAC
EAC Secure
messaging
EAC Chip
Authentication Public
Key
EAC Session Key
Secure Messaging
(encryption key,
MAC key)
CVCA Certificate
EAC-TA
CVCA Link
Certificate
ECDSA
SHA-224
DV Certificate
IS Certificate
Secure messaging using
the EAC session key
shared in the EAC-CA
Verifying the IS
Certificate using the
certificate chain and the
link certificate. Verifying
the digital signature for
transmitted messages of
the EIS for the EIS
authentication
TOE and the
Personalization agent
establishes with the
mutual authentication
using authentication key
and encryption key
PAC Mutual
Authentication
PAC Authentication
Key
TDES-CBC
PAC
The TOE executes the
ephemeral static DH key
distribution protocol
Generating the PAC
session encryption key
and PAC session MAC
key for secure
messaging during the
mutual authentication
Retail MAC
The TOE allows rights
using the relevant
authentication key to
authenticate that the
Personalization agent
has the issuing
authorization
PAC
Personalization
and
Management
Authentication
PAC Key
Distribution
PAC Session Key
(encryption key,
Copyright Ⓒ 2008 KOMSCO, All rights reserved
Generating the session
key using KDF for PAC
session key generation
EPS-01-AN-ST(Lite-EN)-1.0
19
-Public-
Security Target Lite
IT Security Function of
the TOE
The ePassport Security Mechanisms
Security
Mechanism
Function
Cryptography
Cryptographic
Key/Certificate Type
MAC key)
PAC Secure
messaging
IT Security Function of
the TOE
Generating the MAC with
the PAC session MAC
key after encrypting with
PAC session encryption
key and then transmitting
Decrypting the message
with PAC session
encryption key after
verifying the MAC with
the PAC session MAC
key
TOE Access Control and Security Management
The TOE Access control and Security Management is divided into the access control of the
Personalization, the access control of the IS, the personalization management of the
Personalization agent and the TOE self protection management.
< Access control of the Personalization agent>
The access control of the Personalization agent provides the Personalization agent with the
access control rules for the User Data and the TSF Data. If the Personalization agent has the
issuing authorization as the security property, the TOE allows read and writes operations for the
personal data and biometric data of ePassport holder, ePassport authentication data, EF.CVCA
and EF.COM.
< Access control of the IS >
In the Operational phase, the TOE provides the access control rules and management functions
for the User Data based on the security properties of the user.
In addition, in the Operational phase, the TOE provides the access control functions for the read
right of the User Data based on the access right of the IS, which is authenticated through
performance of the security mechanisms.
Therefore, if the IS succeeds with the BAC authentication, the TOE grants a BAC authorization
(the read-rights for the personal data of ePassport holder, ePassport authentication data,
EF.CVCA and EF.COM). If the IS also succeeds with the EAC authentication and the CVCA
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
20
-Public-
Security Target Lite
Certificate, DV Certificate and IS Certificate that the IS has included with the read-rights for the
biometric data, the TOE then grants the EAC authorization (the read-rights for the personal data of
ePassport holder, the biometric data of ePassport holder, ePassport authentication data,
EF.CVCA and EF.COM).
< Personalization management of the Personalization agent >
For the personalization management of the Personalization agent, the TOE provides the
Personalization agent with the EEPROM initialization, the operational mode transition, the
executable code, the data patch, the Unblock, the PAC authentication key update, and the BAC
authentication key generation and save functions.
< TOE self protection management >
The TOE initializes security attributes of the subject for preserving the inter-operational state when
detecting modifications to TSF data. When successfully generating the EAC session key, the TOE
initializes the SSC to shift from BAC secure messaging to EAC secure messaging.
Other TOE Protection
The TOE, in order to protect the TSF from interference and tampering by untrusted subjects,
ensures that the access control function is always invoked without bypassing and maintains
separation of the secure memory area where the TSF data is stored and the memory area where
the User Data is stored. The TOE only allows an authorized Personalization agent to use the
writing function for TSF data and does not allow use of the reading function for the TSF data.
Therefore, TSF data is protected against external interferences.
The TOE executes the functions to detect modifications of the transmitted TSF data using the
MAC function of the IC chip. When detecting a modification, the TOE performs the function of
session termination. Loading the TSF data from temporary memory to perform the security
mechanism, the TOE provides the integrity measure for the TSF data.
The IC chip provides the functions that consider countermeasures to the DPA/SPA, which is an
attack technique, by analyzing the physical phenomena (electric current, voltage, an
electromagnetism change) during the cryptographic algorithm (random number, TDES, Retail
MAC, RSA, ECC) for the TOE. If the IC chip detects an abnormal operation, it notifies the TSF
and then maintains a safe state which prevents the abnormal operation from occurring.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
21
-Public-
Security Target Lite
2.4.3 IT environment (a chip)
The IC Chip provides the TDES cryptographic algorithm, Retail MAC algorithm and RSA, ECC
cryptographic algorithm and CRC function for the TOE.
The IC Chip provides functions that consider countermeasures to the DPA/SPA, which is an attack
technique, by analyzing physical phenomena (electric current, voltage, an electromagnetism
change) during the cryptographic algorithm (random number, TDES, Retail MAC, RSA, ECC) for
the TOE.
In addition the IC Chip provides an inspect mechanism as to whether the TOE departs from the
normal operational range of the TSF with an ActiveShield and sensor test function for the TOE.
2.4.4 External IT
The ePassport PKI System provides certification functions that include the issuance of the
necessary certificates in the digital signature of ePassport and the management of certificationrelated records.
PA-PKI
PA (Passive Authentication) demonstrates that the identity data recorded in the ePassport has not
been forged of corrupted as the IS with the DS Certificate verifies the digital signature in the SOD
and the hash value of user data according to read-right of the ePassport access control policy.
CSCA (Country Signing Certification Authority) is the root CA that generates and issues the CSCA
Certificate and the DV Certificate by securely generating the digital signature key in the PA-PKI to
support the PA security mechanisms
The DS (Document Signer) Certificate is the certificate of the Personalization agent signed with
the digital signature generation key of the PA-PKI root CA used by the IS to verify the SOD of the
PA security mechanism. The DS Certificate may be saved in EF.SOD of TOE for PA.
EAC-PKI
EAC-TA (EAC-Terminal Authentication) is the security mechanism implementing the digital
signature-based Challenge-Response authentication protocol with which the TOE authenticates
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
22
-Public-
Security Target Lite
the EIS through verification of the digital signature with the IS Certificate. The digital signature is
the value with which the EIS takes e-signature temporary public key used in the EAC-CA using its
own digital signature key and transmits it to the TOE.
CVCA (Country Verifying Certification Authority) is the certificate that includes the digital signature
value by the EAC-PKI root CA with the digital signature generation key of the EAC-PKI root CA on
the digital signature verification key to demonstrate the validity of the CVCA Link Certificate and
the DV Certificate.
The DV (Document Verifier) generates and issues the IS Certificate.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
23
-Public-
Security Target Lite
3. TOE Security Environment
The TOE security environment defines the assumptions, threats and organizational security
policies to determine the scope of the expected operation environment of the TOE.
3.1 Assumptions
The assumptions describe the security aspects of the environment in which the TOE will be used
or is intended to be used.
A. Certificate Verification
The Inspection System of the BIS and the EIS verifies the SOD after verifying the validity of the
certificate chain for the PA (CSCA Certificate → DS Certificate) to guard against forgery and
corruption of the ePassport identity data recorded in the TOE. To do this, the DS Certificate and
CRL shall be verified periodically.
The EIS shall securely hold the digital signature generation key that corresponds to the IS
Certificate and shall provide the TOE with the CVCA Link Certificate, the DV Certificate and the IS
Certificate in the EAC-TA.
Application Notes: The distribution process of the certificates follows the ICAO PKD or diplomatic
policy of the country in which the ePassport is issued.
A. Inspection System
The Inspection System shall implement the security mechanisms of the PA, the BAC and the EAC
according to the ICAO document and EAC specifications on the basis of the verifying policy of the
ePassport for the ePassport holder.
Additionally, after the session ends, the BIS and the EIS shall securely destroy all information
used in communication and the TOE, such as the BAC session key, the EAC session key and the
session information.
Application Notes: The TOE denies the request to access EF.SOD by the Inspection System
when it fails the BAC mutual authentication procedure.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
24
-Public-
Security Target Lite
As the BIS supports the BAC and PA security mechanisms, it obtains the read-rights for the
personal and authentication data of the ePassport holder if the BAC mutual authentication using
the BAC authentication key succeeds. Subsequently, by establishing the BAC secure messaging
with the BAC session key, it ensures the confidentiality and integrity of all transmitted data. The
BIS verifies the SOD by executing the PA after the BAC, and by calculating and comparing a hash
value for the personal and authentication data of the ePassport holder, it then conforms the
absence of forgery or corruption of the personal and authentication data of the ePassport holder.
As the EIS supports the BAC, EAC and PA security mechanisms, it obtains the read-rights for the
personal, authentication and biometric data of the ePassport holder. The EIS, when the BAC
mutual authentication and secure messaging succeed, executes the EAC-CA using the EAC chip
authentication public key read in the BAC to verify the authenticity of the TOE. It then executes the
PA to verify the EAC chip authentication public key. When the EAC-CA succeeds, the BAC secure
messaging ends, the EAC secure messaging with the EAC session key starts, and the EAC-TA
with which the TOE authenticates the Inspection System is executed. When the EAC-TA succeeds,
the EIS obtains the read-rights for the biometric data of the ePassport holder and the TOE
provides the biometric data to EIS.
A. IC Chip
The IC chip, the underlying platform of the TOE, provides the random number generation and
cryptographic operation to support the security functions of the TOE. It also detects TOE
malfunctions outside the normal operating conditions and provides the functions of physical
protection to protect the TOE from physical attacks through probing and reverse engineering
analyses.
Application Notes: The cryptographic processor of an IC chip provides TDES, the Retail MAC to
support the security function of TOE. The cryptographic library provides the RSA and the ECC
cryptographic algorithm, and the RNG provides the random number. The CRC of an IC chip
provides the CRC algorithm, and the TOE executes the hash algorithm. The IC chip onto which
the TOE is loaded is an Infineon SLE66CLX800PE EAL5+ (ALC_ DVS.2, AVA_MSU.3,
AVA_VLA.4)
A. MRZ Entropy
The BAC authentication key seed uses the MRZ entropy to ensure the secure BAC authentication
key.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
25
-Public-
Security Target Lite
Application Notes: In order to provide resistance against a moderate-level threat agent and the
entropy of the passport number, the date of birth and the date of expiry and the check digit used
as the BAC authentication key seed in the MRZ in the current technological level shall be at least
56 bits.
3.2 Threats
The ePassport is used in the possession of individuals without the need for physically controlled
devices; therefore, both logical and physical threats can occur. A threat agent is an external entity
that attempts illegal access to assets protected by the TOE using physical or logical methods
outside the TOE.
In this document, the IC chip provides physical protection of the TOE according to the A.IC Chip.
Therefore, a physical threat to the IC chip itself by a high-level threat agent is not considered.
Consequently, a threat agent to the TOE requires the moderate level of expertise, resources and
motivation.
<Threats to the TOE in the Personalization phase>
T. Application Program Interference
The threat agent may attempt to access to the User and TSF data by exploiting other application
programs loaded in the MRTD chip and may deactivate or bypass the security functions of the
TOE.
T. TSF Data Modification
The threat agent can modify the transmitted TSF data when the Personalization agent records the
TSF data or attempts access to the stored TSF data using the external interface through the
Inspection System.
T. Personal Agent Camouflage
A threat can attempt to personalize the ePassport using the write and management methods of
ePassport application data to forge the ePassport.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
26
-Public-
Security Target Lite
T. Issue organization forgery
A threat can attempt to write to the electronic passport application data; management in this case
refers to electronic passport forgery.
<BAC-related Threats in the Operational Use phase>
T. Eavesdropping
To determine the personal data of an ePassport holder, the threat agent may eavesdrop on the
transmitted data using a terminal capable of RF communication.
T. Forgery and Corruption of Personal Data
To forge and corrupt the personal data of the ePassport holder stored in the MRTD chip, a threat
agent may attempt to read the user data using an unauthorized Inspection System.
T. BAC Authentication Key Disclose
To determine the personal data of the ePassport holder, a threat agent may obtain read-rights of
the BAC authentication key located inside the TOE and disclose related information.
Application Notes: The BAC authentication key is generated by the Personalization agent in the
Personalization phase and saved in secure memory. A threat can attempt to access the BAC
authentication key that is saved in secure or in the temporary memory of the MRTD IC Chip.
T. BAC Replay Attack
The threat agent can bypass the BAC mutual authentication by replaying the data after
intercepting it as it is transmitted by the TOE and the Inspection System in the initial phase of the
BAC mutual authentication.
Application Notes: The TOE delivers a random number of plain text to the Inspection System
according to the ‘et_challenge’ instruction of the Inspection System in the BAC. Therefore, a threat
agent can bypass the BAC mutual authentication by intercepting the random number and
response value of the Inspection System and re-transmitting the response value of the Inspection
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
27
-Public-
Security Target Lite
System to the next session. Moreover, the threat agent can find the transmission data, as the
threat agent can generate the BAC session key after obtaining the BAC authentication key through
the T. BAC Authentication Key Disclose function.
<EAC-related Threats in the Operational Use phase>
T. Damage to Biometric Data
The threat agent can disclose, forge and corrupt the biometric data of the ePassport holder using
a terminal capable of unauthorized RF communications.
Application Notes: Only the EIS that succeeds with the EAC-TA can access the read-rights
regarding the biometric data of the ePassport holder. Therefore, a threat agent can attempt to
obtain the biometric data through such means as an unauthorized Inspection System and the BIS.
T. EAC-CA Bypass
A threat agent can bypass the authentication of the Inspection System and go through the EACCA using the EAC chip authentication public key generated by the threat agent.
T. IS Certificate Forgery
To obtain access rights to the biometric data of the ePassport holder, a threat agent can attempt to
bypass the EAC-TA by forging the CVCA Link Certificate, DV Certificate and IS Certificate and
requesting verification of the certificates by the TOE.
<BAC and EAC-related Threats in the Operational Use phase>
T. Session Data Reuse
To access the data transmitted through secure messaging, a threat agent can derive session keys
from a number of cryptographic communication texts collected using a terminal capable of wideranging RF communication.
Application Notes: When the TOE and Inspection System use the BAC authentication key as the
BAC session key, they are vulnerable to a cipher-text-only attack, as the same session key is used
in each BAC session. When the BAC session key is generated with the same random number
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
28
-Public-
Security Target Lite
used in the BAC mutual authentication process, the critical information necessary in deriving the
session key can be provided to an attacker because the first random number of the TOE is
transmitted as plain text. In case the EIS transmits a temporary public key in the EAC-CA and a
random number in the EAC-TA to other sessions in the same way and if the TOE continues to use
these data items, they may be vulnerable to cipher-text only attacks.
T. Skimming
A threat agent can read the information stored in the IC chip by communicating with the MRTD
Chip through an unauthorized RF communication terminal without the ePassport holder realizing it.
<Threats related to IC Chip Support>
T. Malfunction
To bypass security functions or to damage the TOE executable code and the TSF data stored in
the TOE, a threat agent can instigate a malfunction of the TOE in the environmental stress outside
the normal operating conditions.
<Other Threats in the Operational Use phase>
T. Leakage of the Cryptographic Key Information
By using electric power and wave analysis devices, a threat agent can obtain the key information
used in the cryptographic technique applied to the ePassport security mechanism by analyzing the
characteristics of the electric power and the wave emitted in the course of the TOE operation.
T. ePassport Reproduction
A threat agent can masquerade as the ePassport holder by reproducing the MRTD application
data stored in the TOE and forging the identity information page of the ePassport.
T. ePassport IC chip Replacement
A threat can forge an electronic passport and write the data onto another passport IC chip.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
29
-Public-
Security Target Lite
T. Residual Information
A threat agent can disclose the critical information using the residual information remaining while
the TSF data, such as the BAC authentication key, BAC session key, EAC session key, DV
Certificate and IS Certificate, are recorded and used in temporary memory.
3.3 Organizational Security Policies
The TOE shall comply with the following Organizational Security Policies (OSP) as security rules,
procedures, practices, or guidelines imposed by the organization of its operations.
P. International Compatibility
The Personalization agent shall ensure compatibility between the security mechanisms of the
ePassport and the security mechanism of the Inspection System for immigration.
Application Notes: International compatibility shall be ensured according to the ICAO document
and EAC specifications
P. Security Mechanism Application Procedures
The TOE shall ensure the order of the security mechanism application according to the type of
Inspection System so as not to violate the ePassport access control policies of the Personalization
agent
Application Notes: The operation flow of the TOE differs according to the type of security
mechanisms supported by the Inspection System. The basic operation flow depends on the
Standard ePassport Inspection Procedure described in 2.1.1 and Advanced ePassport Procedure
in 2.1.2 in the EAC specifications.
P. Application Program Loading
The Personalization agent shall approve the loading application program after checking that the
application programs loaded in the MRTD chip does not affect the security of the TOE.
Application Notes: Loading the application program can only be done by organizations holding
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
30
-Public-
Security Target Lite
the same authority as the Personalization agent.
P. Personalization Agent
The personalization agent shall issue the ePassport in a secure manner to confirm that the issuing
subject has not been changed and shall deliver the TOE to the Operational Use phase after
verifying that the data inside MRTD chip are operating normally after they are issued. The
Personalization agent shall deactivate the writing function before the TOE delivery to the
Operational Use phase.
P. ePassport Access Control
The Personalization agent and the TOE shall formulate the ePassport access control policies to
protect the MRTD application data. Additionally, the TOE shall regulate the roles of user.
Application Notes: The TOE shall build access control policies as follows according to the ICAO
document and EAC specifications.
(Table 7) ePassport Access Control Policies in the Operational Use phase
Objects List
Objects List
EF.CVCA
EF.COM
Security
Attributes Read Write Read Write Read Write Read Write Read Write
Security
Rights Rights Rights Rights Rights Rights Rights Rights Rights Rights
Attributes
Subjects
List
Subjects
Objects
Personal data The biometric
ePassport
of the
data of the
authentication
ePassport
ePassport
data
holder
holder
BIS
BAC Rights
allow
deny
deny
deny
allow
deny
allow
deny
allow
deny
EIS
BAC Rights
allow
deny
deny
deny
allow
deny
allow
deny
allow
deny
EIS
EAC Rights
allow
deny
allow
deny
allow
deny
allow
deny
allow
deny
(Table 8) Personalization Phase ePassport Access Control Policies
Objects List
Objects List
Subjects
List
Subjects
Personal
Agent
Objects
Personal data
of the
ePassport
holder
The biometric
data of the
ePassport
holder
ePassport
authentication
data
EF.CVCA
EF.COM
Security
Attributes Read Write Read Write Read Write Read Write Read Write
Security
Rights Rights Rights Rights Rights Rights Rights Rights Rights Rights
Attributes
Issuing Rights
allow
allow
allow
Copyright Ⓒ 2008 KOMSCO, All rights reserved
allow
allow
allow
allow
allow
allow
allow
EPS-01-AN-ST(Lite-EN)-1.0
31
-Public-
Objects
Objects
Subjects
Subjects
Personal
Agent
Security Target Lite
Objects
CVCA
Authentication
and
EAC Chip
BAC
PAC
CVCA Digital
Authentication
Authentication AA private key Authentication
Signature
private key
Key
Key
verification of
the Key
current date
Security
Attributes Read Write Read Write Read Write Read Write Read Write
Security
Rights Rights Rights Rights Rights Rights Rights Rights Rights Rights
Attributes
Issuing Rights
deny
allow
deny
allow
deny
allow
deny
allow
deny
allow
P. PKI
The Issuing State of the ePassport shall implement the PA-PKI and EAC-PKI security mechanism
according to the ePassport PKI System and execute the practice of certification (creating, issuing,
operating and destroying the certificates) by securely generating and managing digital signature
keys in accordance with the Certification Practice Statement (CPS)
In addition, the Issuing State of the ePassport shall update certificates according to the policies to
maintain a valid date of the certificates and securely delivery them to the Verifying State and
Inspection System. When the EAC-TA provides the TOE with a CVCA Link Certificate, a DV
Certificate and IS Certificate after the Inspection System, obtaining information from EF.CVCA
stored in the TOE, the TOE shall internally update certificates by verifying the validity of the
certificates.
P. Range of RF Communication
The RF communication distance between the MRTD chip and Inspection System shall be less
than 5cm, and the RF communication channel shall not be established if the page of the
ePassport with the IC chip attached is not opened.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
32
-Public-
Security Target Lite
4. Security Objectives
This security target defines security objectives by categorizing them into the TOE and the
environment. The security objectives for the TOE are directly handled by the TOE. The security
objectives for the environment are handled in relation to IT fields or by non-technical/processrelated means.
4.1 Security Objectives for the TOE
The following items are security objectives that are handled directly by the TOE.
O. Management
The TOE shall provide the means to manage the ePassport application data in the Personalization
phase to the authorized Personalization agent.
Application Note: In the Personalization phase, the TOE shall provide the personalization and
management functions (lifecycle change, execution code and data patch, PAC authentication
key update, and Unblock, among others) to the authorized Personalization agent.
The TOE divides EEPROM for the user data and the TSF data and manages the memory area of
each user separately. The Personalization agent deactivates the writing function by modifying the
lifecycle of the TOE after the Personalization agent writes the ePassport applicable data in the
Personalization phase. This operation is performed before the lifecycle of the TOE is transferred to
the Operational phase. The TOE stores the BAC authentication key in secure memory after it is
generated by request of the Personalization agent in the Personalization phase.
O. Security Mechanism Application Procedures
The TOE shall ensure the instruction flow according to the ePassport inspection procedures of the
EAC specifications.
Application note: The TOE shall ensure that the application order of the PA, AA, BAC and EAC
security mechanisms conforms to the 2.1.1 Standard ePassport Inspection Procedure and 2.1.2
Advanced ePassport Procedure of the EAC specification. In addition, it shall not allow requests
from the Inspection System that does not correspond to the security mechanism application order.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
33
-Public-
Security Target Lite
O. Session Termination
The TOE shall terminate the session if the BAC mutual authentication or the EAC-TA fails or if a
modification is detected in the transmitted TSF data.
O. Secure Messaging
The TOE shall ensure confidentiality and integrity to protect the transmitted user and TSF data.
Application Note: The TOE forms a secure communication channel using a PAC Session
key during the Personalization Phase. The TOE forms the secure communication channel
using the BAC Session key and the EAC Session key during the Operation Phase.
O. Domain Separation
The TOE shall provide the means to prevent interference and tampering of the TSF and TSF data
through external IT entities.
Application Note: The TOE is not infringed due to interference from other application programs
due to the closed-type COS. The TOE managing the storage scope is sectioned into user data on
the TSF data, and the TSF data are stored in the COS controls so that they cannot approach the
interface of the external IT and breach the area of the protective memory scope.
O. Certificate Verification
The TOE shall automatically update the certificate and current date by checking for validation on
the basis of the CVCA link certificate provided by the Inspection System.
O. Self-protection
The TOE shall protect itself so as to preserve a secure state from attempts to bypass and modify
the TSF executable code and data upon start-up.
O. Deleting Residual Information
When allocating resources, the TOE shall provide the means to ensure that previous securityCopyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
34
-Public-
Security Target Lite
related information (e.g., the BAC session key, the EAC session key) is not included.
O. Replay Prevention
The TOE shall ensure the generation and use of a different random number per session for the
secure cryptographic-related information that are used in the security mechanisms.
Application Note: The TOE shall generate the transmitted data to the Inspection System in the
BAC mutual authentication and EAC-TA, ensuring that it is different with every session. In addition,
it shall not use the BAC authentication key as the BAC session key. The TOE also shall not
provide the critical information necessary in deriving the session key by generating the BAC
session key with the same random number used in the BAC mutual authentication. The TOE shall
generate the data transmitted to the personalization agent in the PAC mutual authentication so
that it is different per each session. Additionally, it shall not use the PAC authentication key as the
PAC session key. The TOE shall not provide the critical information necessary in deriving the
session key by generating the PAC session key with the same random number used in the PAC
mutual authentication. The TOE shall not generate the RSA digital signature value with the Singleuse random number mechanisms used in the AA.
O. Access Control
The TOE shall provide an access control function so that access to the ePassport application data
is allowed only to external entities granted with access rights according to the ePassport access
control policies of the Personalization agent.
Application Note: Only the authorized Personalization agent in the Personalization phase can
record the ePassport application data. In addition, access control policies for the read-rights
according to the type of the Inspection System shall be built in the Operational Use phase.
O. AA
The TOE implements the AA mechanism to prove the authenticity of the TOE to the inspection
components. The TOE generates and transmits the digital signature by the AA private key on the
random number transmitted by the inspection system. The inspection system authenticates the
TOE by verifying the digital signature using the AA public key.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
35
-Public-
Security Target Lite
O. BAC
The TOE executes the BAC mutual authentication of the Inspection System with the TOE by
implementing a BAC security mechanism to allow read-rights for the personal data of the
ePassport holder only to the authorized Inspection System. The TOE generates the BAC session
key that is used for the BAC secure messaging.
O. EAC
The TOE authenticates the Inspection System by implementing the EAC security mechanism
(EAC-CA and EAC-TA) to allow read-rights for the biometric data of the ePassport holder only to
the authorized Inspection System. The TOE generates the EAC session key that is used for the
EAC secure messaging.
O. PAC
The TOE carries out PAC mutual authentication and PAC personalization and management
authentication to provide a means of management for electronic passport issue (PAC
authentication Key Update, lifecycle change, an execution code and data patch, Unblock, and TSF
data management) to only an authorized Personalization agent.
4.2 Security Objectives for the Environment
The following are security objectives handled in relation to IT fields or by non-technical/procedurerelated means.
OE. Passport Book Manufacturing Security
Physical security measures (security printing, etc.) for the ePassport shall be prepared to detect
reproduction of the ePassport chip and attack attempts against such factors as Grandmaster
chess, replacement of the portrait, or modification of the MRZ data.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
36
-Public-
Security Target Lite
OE. Procedures of the ePassport holder Check
The Immigration officer shall prepare for procedures to check the identity of the ePassport holder
against the printed identity information page of the ePassport.
OE. Application Program Loading
The Personalization agent shall approve application program loading after checking that the
application programs loaded in the ePassport chip do not affect the secure TOE.
OE. Certificate Verification
The Inspection System, including the BIS and the EIS, verifies the SOD after verifying the validity
of the certificate chain for the PA (CSCA Certificate → DS Certificate) to verify that forgery and
corruption of the ePassport identity data recorded in the TOE has not occurred. To do this, the DS
Certificate and CRL shall be verified periodically.
The EIS shall securely hold the digital signature generation key that corresponds to the IS
certificate and shall provide the TOE with a CVCA Link Certificate, a DV Certificate and an IS
Certificate in the EAC-TA.
OE. Personalization Agent
The personalization agent shall issue the ePassport in a secure manner so as to confirm that the
issuing subject has not been changed. It shall also deliver the TOE to the Operational Use phase
after verifying the normal operation and compatibility of the ePassport. The Personalization agent
shall deactivate the writing function before the TOE delivery to the Operational Use phase.
OE. Handling Information Leakage
The TOE shall implement countermeasures to prevent the exploitation of leaked information
during the cryptographic operation for the TSF.
Application Note: The IC chip of the TOE support functions as a countermeasure of the
DPA/SPA prevents the exploitation of leaked information (electric current, electric pressure,
electromagnetism etc) during crypto graphic operation.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
37
-Public-
Security Target Lite
OE. Inspection System
The Inspection System shall implement security mechanisms according to the type of Inspection
System so as not to violate the ePassport access control policies of the Personalization agent and
to ensure the application order. In addition, the Inspection System shall securely destroy all
information used in communication with the TOE after the termination of the session.
OE. IC Chip
The IC chip, the underlying platform of the TOE, provides the random number generation and
cryptographic operation to support security functions of the TOE. It also detects malfunctions of
the TOE outside the normal operating conditions and provides the function of physical protection
to protect the TOE from physical attacks using the probing and reverse engineering analyses.
Application Note: The IC chip support TDES, Retail MAC, the random number, RSA, ECC and
IC chip support functions that act as a countermeasure for the DPA/SPA to the TOE. The IC chip
supports an inspection mechanism that determines whether the TOE deviates from its normal
operational range of TSF via an ActiveShield and sensor test function of the TOE.
OE. MRZ Entropy
The Personalization agent shall ensure the MRZ entropy to ensure the security of the BAC
authentication key.
OE. PKI
The Issuing State of the ePassport shall execute certification procedures that securely generate
and manage a digital signature key and generate, issue, operate and destroy certificates
according to the CPS by implementing the PA-PKI and EAC-PKI according to the ePassport PKI
System.
The Issuing State of the ePassport shall also update the certificates according to the policies to
maintain a valid date for certificates and securely deliver them to the Verifying State and
Inspection System.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
38
-Public-
Security Target Lite
OE. Range of RF Communication
The RF communication distance between the ePassport chip and the Inspection System shall be
less than 5cm, and the RF communication channel shall not be established if the page of the
ePassport with the IC chip attached is not opened.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
39
-Public-
Security Target Lite
5. IT Security Requirements
IT security requirements specify security functional and assurance requirements that must be
satisfied by the TOE that conforms to this Security Target.
5.1 TOE Security Functional Requirements
The security functional requirements for this Security Target consist of the following components
from Part 2 of the CC and additional components, as summarized below (Table 9).
The strength of function (SOF) for security functional requirements of FCS_CKM.1(1), FDP_DAU.1,
FIA_UAU.5(1), FIA_UAU.5(2), FCS_COP.1(3) FPT_TST.1 in this ST is “SOF-high”.
(Table 9) Security Functional Requirements
Security functional
class
Security functional component
FCS_CKM.1(1)
Cryptographic key generation (Key Derivation Mechanism)
FCS_CKM.2(1)
Cryptographic key distribution (KDF Seed Distribution for
BAC session key generation)
FCS_CKM.2(2)
Cryptographic key distribution (KDF Seed Distribution for
EAC session key generation)
FCS_CKM.2(3)
Cryptographic key distribution (Seed Distribution for PAC
session key generation)
FCS_CKM.4
Cryptographic key destruction
FCS_COP.1(3)
Cryptographic operation (Hash Function)
FDP_ACC.1
Subset access control
FDP_ACF.1
Security attribute based access control
FDP_DAU.1
Basic data authentication
FDP_RIP.1
Subset residual information protection
FDP_UCT.1
Basic data exchange confidentiality
FDP_UIT.1
Data exchange integrity
Identification
FIA_AFL.1
Authentication failure handling
and
FIA_UAU.1(1)
Timing of authentication(BAC Mutual Authentication)
FIA_UAU.1(2)
Timing of authentication(EAC-TA)
FIA_UAU.1(3)
Timing of authentication(PAC Mutual Authentication)
Cryptographic
Support
(FCS)
User Data
Protection
(FDP)
Authentication
(FIA)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
40
-PublicSecurity functional
class
Security Target Lite
Security functional component
FIA_UAU.1(4)
Timing of authentication(PAC Personalization
management Authentication)
FIA_UAU.4
Single-use authentication mechanisms
FIA_UAU.5(1)
Multiple authentication mechanisms
FIA_UAU.5(2)
Multiple authentication mechanisms(PAC Mutual
Authentication and PAC personalization and management
Authentication)
FIA_UID.1
Timing of identification
FMT_MOF.1(1)
Management of security functions behavior
FMT_MOF.1(2)
Management of security functions behavior(initialization)
FMT_MSA.1
Management of security attributes
FMT_MSA.3
Static attribute initialization
FMT_MTD.1(1)
Management of TSF data (Certificate Verification
Information)
Security
FMT_MTD.1(2)
Management of TSF data (SSC initialization)
Management
FMT_MTD.1(3)
Management of TSF data (Key Write)
FMT_MTD.1(4)
Management of TSF data( TOE lifecycle and PAC
Authentication key management)
FMT_MTD.1(5)
Management of TSF data (TOE lifecycle change)
FMT_MTD.3
Secure TSF data
FMT_SMF.1
Specification of management functions
FMT_SMR.1
Security roles
FPT_AMT.1
Abstract machine testing
FPT_FLS.1
Failure to preserve a secure state
FPT_ITI.1
Inter-TSF detection of modification
FPT_RVM.1
Non-bypassability of the TSP
FPT_SEP.1
TSF domain separation
FPT_TST.1
TSF testing
Protection of
the TSF
(FPT)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
41
-Public-
Security Target Lite
5.1.1 Cryptographic Support
FCS_CKM.1(1) Cryptographic key generation (Key Derivation Mechanism)
Hierarchical to: No other components.
Dependencies: [FCS_CKM.2 Cryptographic key distribution, or
FCS_COP.1 Cryptographic operation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_CKM.1.1. The TSF shall generate encryption keys and MAC keys in accordance with a
specified cryptographic key generation algorithm [Appendix 5.1 Key Derivation Mechanism] and
specified cryptographic key sizes [112bit] that meet the following: [the ICAO document].
Application Notes: The TOE generates the BAC authentication key, BAC session key and EAC
session key using a key derivation mechanism. The BAC authentication key, which is generated
by the TOE, is stored in protected memory during the Personalization phase.
FCS_CKM.2(1) Cryptographic key distribution (KDF Seed Distribution for BAC session key
generation)
Hierarchical to: No other components.
Dependencies: [FCS_CKM.2 Cryptographic key distribution, or
FCS_COP.1 Cryptographic operation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_CKM.2.1. The TSF shall distribute the KDF Seed for the BAC session key generation in
accordance with a specified cryptographic key distribution method [Key Establishment mechanism
6] that meets the following: [ISO/IEC 11770].
FCS_CKM.2(2) Cryptographic key distribution (KDF Seed Distribution for EAC session key
generation)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
42
-Public-
Security Target Lite
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
The TSF shall distribute the KDF Seed for the EAC session key generation in accordance with
a specified cryptographic key distribution method [Elliptic Curve Diffie-Hellman key-agreement
protocol] that meets the following: [ISO/IEC 15946-3].
Application Notes: This process is included in the IT environment because the TOE uses the
ECC algorithm to generate the EAC session key.
FCS_CKM.2(3) Cryptographic key distribution (Seed Distribution for PAC session key
generation)
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
The TSF shall distribute the Seed for the PAC session key generation in accordance with a
specified cryptographic key distribution method [none] that meets the following: [none].
Application Notes: The PAC session key generation Seed value distribution procedures are
implemented by modifying a standard symmetric key distribution protocol (ISO/IEC 11770-2).
FCS_CKM.4 Cryptographic key destruction
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
43
-Public-
Security Target Lite
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FMT_MSA.2 Secure security attributes
FCS_CKM.4.1. The TSF shall destroy authentication keys, encryption keys and MAC keys in
accordance with a specified cryptographic key destruction method [none] that meets the following:
[delete by writing '0' in memory].
Application Notes: The TOE deletes the BAC authentication key, BAC session key, EAC session
key, PAC authentication key, PAC session key, AA private key, EAC chip authentication private
key, CVCA digital signature verification key and domain information in temporary memory by
writing '0' in the memory.
FCS_COP.1(3) Cryptographic operation (Hash Function)
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1. The TSF shall perform [a hash operation] in accordance with a specified
cryptographic algorithm [SHA-1, SHA-224, SHA-256] and cryptographic key sizes [none] that meet
the following: [FIPS PUB 180-2].
Application Notes: In the key derivation mechanism of the ICAO document, the SHA-1 is used as
a hash function to generate the session key used in the BAC or EAC. In addition, the SHA-1 is
used as a hash function to generate the BAC authentication key and verify the integrity of the
execution code. The SHA-224 is used for EAC-TA and the SHA-256 is used for AA.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
44
-Public-
Security Target Lite
5.1.2 User Data Protection
FDP_ACC.1 Subset access control
Hierarchical to: No other components.
Dependencies: FDP_ACF.1. Security attribute-based access control
FDP_ACC.1.1. The TSF shall enforce [the ePassport access control policy] on
a)
Subjects
(1) Personalization agent
(2) BIS
(3) EIS
(4) [None]
b)
Objects
(1) Personal data of the ePassport holder
: EF.DG1, EF.DG2, EF.DG5~EF.DG13, EF.DG16
(2) The biometric data of the ePassport holder
: EF.DG3, EF.DG4
(3) ePassport authentication data
: EF.DG14, EF.DG15, EF.SOD
(4) EF.CVCA
(5) EF.COM
(6) [None]
c)
Operations
(1) Read
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
45
-Public-
Security Target Lite
(2) Write
(3) [None]
]
FDP_ACF.1 Security attributes based access control
Hierarchical to: No other components.
Dependencies: FDP_ACC.1. Subset access control
FMT_MSA.3 Static attribute initialization
FDP_ACF.1.1 The TSF shall enforce [the ePassport access control policy] on objects based on
the following: (Table 10), (Table 11).
(Table 10) Subject-relevant Security Attributes
Subjects
Security attributes
BIS
BAC authorization
EIS
BAC authorization, EAC authorization
Personalization agent
Personalization agent issuing authorization
(Table 11) Object-relevant Security Attributes
Security attributes
Objects
Security attributes
of object’ operation
Security attributes of
object’ access-rights
BAC authorization,
Read-rights
Personal data of the ePassport holder
Write-rights
EAC authorization,
Personalization agent issuing
authorization
Personalization agent issuing
authorization
EAC authorization,
Read-rights
Biometric data of the ePassport holder
Write-rights
Copyright Ⓒ 2008 KOMSCO, All rights reserved
Personalization agent issuing
authorization
Personalization agent issuing
authorization
EPS-01-AN-ST(Lite-EN)-1.0
46
-Public-
Security Target Lite
Security attributes
Objects
Security attributes
of object’ operation
Security attributes of
object’ access-rights
BAC authorization,
Read-rights
EAC authorization,
Personalization agent issuing
authorization
ePassport authentication data
Write-rights
Personalization agent issuing
authorization
BAC authorization,
Read-rights
EAC authorization,
Personalization agent issuing
authorization
EF.CVCA
Write-rights
Personalization agent issuing
authorization
BAC authorization,
Read-rights
EAC authorization,
Personalization agent issuing
authorization
EF.COM
Write-rights
Operation
Personalization agent issuing
authorization
Security attributes
Read
none
Write
Application Notes: The BAC authorization is the right given to the user identified with the
Inspection System that supports the ePassport application by FIA_UID.1 when the BAC mutual
authentication succeeds.
The EAC authorization is the right given when the Inspection System with the BAC authorization
succeeds in the EAC-CA and the EAC-TA and the read-rights of the biometric data is included in
the CVCA certificate, the DV certificate and the IS certificate held by that Inspection System. Even
when the EAC-CA and the EAC-TA succeed, the Inspection System comprises only the BAC
authorization if the certificates do not include the read-rights.
Issuing authorization is the right given when PAC mutual authentication and PAC personalization
and management authentication succeed due to the personalization agent.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
47
-Public-
Security Target Lite
FDP_ACF.1.2. The TSF shall enforce the following rules to determine if an operation among
controlled subjects and controlled objects is allowed:
a)
Execution of the operation is allowed only when the security attributes of the subjects
are included in the security attributes of the object’s access-rights and if the operations
correspond to security attributes of the object’s operation.
b)
[none]
Application Notes: The TSF shall enforce the following ePassport access control policies: (Table
7), (Table 8):
FDP_ACF.1.3. The TSF shall explicitly authorize access for subjects to objects based on the
following additional rules: [none]
FDP_ACF.1.4. The TSF shall explicitly deny access for subjects to objects based on [the following
rules]:
a)
Explicitly deny access for subjects to objects, if the instructions order of the inspection
system is not correct in order to ensure the application order of security mechanisms
according to 2.1 Inspection Procedures of the EAC specification
b)
Explicitly deny reading for subjects to biometric data if there are no read-rights of
biometric data in the IS certificate of the EIS that has the EAC authorization
c)
Explicitly deny access (read, write, etc.) of the unauthorized Inspection System to all
objects
d)
[The TOE consists of eight lifecycles (Empty, Unissue, InitAuth, SecondAuth, StartIssue,
Issued, Block, and Discard), and Access to the object is explicitly rejected for the
commands that cannot be executed in each lifecycle of the TOE].
FDP_DAU.1 Basic data authentication
Hierarchical to: No other components.
Dependencies: No other components.
FDP_DAU.1.1. The TSF shall provide the capability to generate evidence that can be used as a
guarantee of the validity of [the AA private key].
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
48
-Public-
Security Target Lite
FDP_DAU.1.2. The TSF shall provide [BIS, EIS] with the ability to verify evidence of the validity of
the indicated information.
Application Notes: The TSF shall perform the 2048 bit RSA digital signature algorithm in AA.
FDP_RIP.1 Subset residual information protection
Hierarchical to: No other components.
Dependencies: No dependencies.
FDP_RIP.1.1. The TSF shall ensure that any previous information content of a resource is made
unavailable upon the deallocation from the following objects:[
a)
BAC session key
b)
EAC session key
c)
BAC authentication key
d)
[PAC session key,
e)
PAC authentication key,
f)
AA private key,
g)
EAC chip authentication private key,
h)
CVCA digital signature verification key and domain information]]
Application Notes: After
the
termination of the session,
the
TSF deletes the BAC
authentication key, BAC session key, EAC session key, PAC authentication key, PAC session key,
AA private key, EAC chip authentication key, CVCA digital signature verification key and domain
information in temporary memory by writing '0' in the memory.
FDP_UCT.1 Basic data exchange confidentiality
Hierarchical to: No other components.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
49
-Public-
Security Target Lite
Dependencies: [FTP_ITC.1 Inter-TSF trusted channel, or
FTP_TRP.1 Trusted path]
[FDP_ACC.1 Subset access control, or
FDP_IFC.1 Subset information flow control]
FDP_UCT.1.1. The TSF shall enforce [the ePassport access control policy] so that it can transmit,
and receive objects in a manner protected from unauthorized disclosure.
Application Notes: When the Inspection System successfully completes the BAC mutual
authentication, the TSF protects from disclosure using the BAC session encryption key. When the
EAC-CA is successfully executed, the data transmitted thereafter are protected from disclosure
using the EAC session encryption key. In addition, when the PAC mutual authentication is
successfully executed, data transmitted thereafter are protected from disclosure using the PAC
session encryption key.
FDP_UIT.1 Data exchange integrity
Hierarchical to: No other components.
Dependencies: [FDP_ACC.1 Subset access control, or
FDP_IFC.1 Subset information flow control]
[FTP_ITC.1 Inter-TSF trusted channel, or
FTP_TRP.1 Trusted path]
FDP_UIT.1.1. The TSF shall enforce [the ePassport access control policy] to be able to transmit,
receive user data in a manner protected from modification, deletion, insertion errors.
FDP_UIT.1.2. The TSF shall be able to determine upon receipt of the user data whether
modification, deletion, or insertion has occurred.
Application Notes: The TSF protects the integrity of the transmitted data using the MAC key for
the BAC session, the EAC session or the PAC session. This provides a method for protecting
against modification, deletion and insertion of user data.
5.1.3 Identification and Authentication
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
50
-Public-
Security Target Lite
FIA_AFL.1 Authentication failure handling
Hierarchical to: No other components.
Dependencies: FIA_UAU.1 Timing of authentication
FIA_AFL.1.1. The TSF shall detect when [a certain number of times (see table below)]
unsuccessful authentication attempts occur related to the following:
a) BAC mutual authentication
b) EAC-TA
c) [PAC mutual authentication,
d) PAC management authentication]
FIA_AFL.1.2. When the defined number of unsuccessful authentication attempts has been met or
surpassed, the TSF shall perform [the actions specified in the following table].
(Table 12) Authentication failure handling
Assignment: Number of
unsuccessful authentication
attempts
3
Assignment: Specified
Authentication events
Unsuccessful PAC Mutual
authentication
PAC personalization and
management authentication
Assignment: Actions
Session Termination and
operational mode transition
1
Unsuccessful BAC Mutual
authentication
Session Termination
3
Unsuccessful EAC-TA
authentication
Session Termination
FIA_UAU.1(1) Timing of authentication (BAC Mutual Authentication)
Hierarchical to: No other components.
Dependencies: FIA_UID.1 Timing of identification
FIA_UAU.1.1. The TSF shall allow
a) to indicate that supports the BAC mechanism
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
51
-Public-
Security Target Lite
b) [None]
These are done on behalf of the user to be performed before the user is authenticated.
FIA_UAU.1.2. The TSF shall require each user to be authenticated successfully before allowing
any other TSF-mediated actions on behalf of that user.
FIA_UAU.1(2) Timing of authentication(EAC-TA)
Hierarchical to: No other components.
Dependencies: FIA_UAU.1(1) Timing of authentication (BAC mutual authentication)
FIA_UAU.1.1. The TSF shall allow [
a) performance of the EAC-CA
b) reading of user data except for the biometric data of the ePassport holder
c) [None]
] on behalf of the user to be performed before the user is authenticated.
FIA_UAU.1.2. The TSF shall require each user to be authenticated successfully before allowing
any other TSF-mediated actions on behalf of that user.
FIA_UAU.1(3) authentications (PAC Mutual Authentication)
Hierarchical to: No other components.
Dependencies: FIA_UID.1 identification
FIA_UAU.1.1. The TSF shall allow [
a) TOE Personalization initialization of the Personalization phase
b) transmitting a crypto CSN and Ticket
c) transmitting a random number
] on behalf of the user to be performed before the user is authenticated.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
52
-Public-
Security Target Lite
FIA_UAU.1.2. The TSF shall require each user to be successfully authenticated before allowing
any other TSF-mediated actions on behalf of that user.
FIA_UAU.1(4) authentication (PAC personalization and management authentication)
Hierarchical to: No other components.
Dependencies: FIA_UID.1 identification
FIA_UAU.1.1. The TSF shall allow [
a) TOE Personalization initialization of the Personalization Phase
b) transmitting crypto CSN and Ticket
c) transmitting random number
d) PAC Mutual authentication
]on behalf of the user to be performed before the user is authenticated.
FIA_UAU.1.2. The TSF shall require each user to be authenticated successfully before allowing
any other TSF-mediated actions on behalf of that user.
Application Notes: According to the lifecycle of the TOE, some actions that the TSF of b), c), d)
listed in FIA_UAU.1.1 mediates may or may not be performed.
FIA_UAU.4 Single-use authentication mechanisms
Hierarchical to: No other components.
Dependencies: No dependencies.
FIA_UAU.4.1. The TSF shall prevent reuse of authentication data related to [
a) BAC mutual authentication
b) EAC-TA
c) [PAC Mutual authentication,
d) PAC personalization and management authentication,
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
53
-Public-
Security Target Lite
e) AA authentication]]
FIA_UAU.5(1) Multiple authentication mechanisms
Hierarchical to: No other components.
Dependencies: No dependencies.
FIA_UAU.5.1. The TSF shall provide [
a)
BAC mutual authentication
b)
EAC-TA
c)
[None]
] to support user authentication.
FIA_UAU.5.2. The TSF shall authenticate any user's claimed identity according to [
a)
The BIS or EIS shall succeed with BAC mutual authentication to allow BAC
authorization.
b)
The EIS, to succeed with EAC authorization, shall succeed with BAC mutual
authentication, EAC-CA, and EAC-TA, and shall include the read-rights of biometric
data in the CVCA Certificate, DV Certificate and IS Certificate. To do this, the TSF shall
provide the EAC-CA.
c)
[None]]
Application Notes: The TSF shall perform the 224 bit ECDSA digital signature algorithm in EACTA.
FIA_UAU.5(2) Multiple authentication mechanisms (PAC Mutual Authentication and PAC
personalization and management authentication)
Hierarchical to: No other components.
Dependencies: No dependencies.
FIA_UAU.5.1. The TSF shall provide [
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
54
-Public-
Security Target Lite
a) PAC mutual authentication
b) PAC personalization and management authentication (PAC-LifeCycle authentication, PACPatch authentication, PAC-KeyUpdate authentication, and PAC-Unblock authentication)
to support user authentication.
FIA_UAU.5.2. The TSF shall authenticate any user's claimed identity according to [
a)
In case the lifecycle of the TOE in Personalization phase is in Unissue status, PAC
mutual authentication has to be performed.
b)
When the lifecycle of the TOE in the Personalization phase is in InitAuth status, one of
the PAC personalization and management authentications, such as PAC-LifeCycle,
PAC-Patch, or PAC-KeyUpdate, has to be performed to activate the writing function of
the TSF.
c)
When the lifecycle of the TOE in the Personalization phase is in InitAuth status, PACKeyUpdate authentication has to be performed to update the function of the PAC
authentication key.
d)
In case the lifecycle of TOE in Personalization phase is in SecondAuth status and the
issuing right for updating the PAC authentication key is not obtained, PAC
personalization
and
management
authentication
along
with
PAC-KeyUpdate
authentication have to be performed successfully to update the PAC authentication key.
e)
When the lifecycle of the TOE in the Personalization phase is in InitAuth status, PACPatch authentication has to be performed to patch the function of the execution code
and data.
f)
In case the lifecycle of the TOE in the Personalization phase is in SecondAuth status
and the issuing right for patching the execution code and data is not obtained, PAC
personalization and management authentication along with PAC-Patch authentication
have to be performed successfully to patch the execution code and data.
g)
When the lifecycle of the TOE in the Personalization phase is in InitAuth status, PACLifeCycle authentication has to be performed to change the function of the lifecycle.
h)
In case the lifecycle of the TOE in Personalization phase is in SecondAuth status and
the issuing right for changing the lifecycle is not obtained, PAC personalization and
management authentication along with PAC-LifeCycle authentication have to be
performed successfully to change the lifecycle.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
55
-Public-
I)
Security Target Lite
When the lifecycle of the TOE in the Personalization phase is in StartIssue status, PACLifeCycle authentication has to be performed to change the function of the lifecycle.
j)
When the lifecycle of the TOE in the Personalization phase is in Block status, PACUnblock authentication has to be performed to unblock it.
]
FIA_UID.1 Timing of identification
Hierarchical to: No other components.
Dependencies: No dependencies.
FIA_UID.1.1. The TSF shall allow [
a) the establishment of a communication channel based on ISO/IEC 14443-4
] on behalf of the user to be performed before the user is identified.
FIA_UID.1.2. The TSF shall require each user to be identified successfully before allowing any
other TSF-mediated actions on behalf of that user.
Application Notes: When external entities that communicate with the TOE request the use of the
ePassport application, the TOE identifies it with the Inspection System. In addition, when external
entities that communicate with the TOE request the use of the personalization program, the TOE
identifies it with the personalization agent.
5.1.4 Security Management
FMT_MOF.1 Management of security functions behavior
Hierarchical to: No other components.
Dependencies: FMT_SMF.1 Specification of Management Functions
FMT_SMR.1 Security roles
FMT_MOF.1.1. The TSF shall restrict the ability to disable the functions [writing function] to [the
Personalization agent in the Personalization phase].
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
56
-Public-
Security Target Lite
Application Notes: To change the lifecycle, the write function is deactivated.
FMT_MOF.1(2) Management of security functions behavior(initialization)
Hierarchical to: No other components.
Dependencies: FMT_SMF.1 Specification of Management Functions
FMT_SMR.1 Security roles
FMT_MOF.1.1. The TSF shall restrict the ability to open [the functions (see table below] to [roles
(see table below)].
(Table 13) Security Attributes
Assignment: Functions
Assignment: Roles
Initialization of the TOE personalization
Personalization agent
Initialization of the TOE re-personalization
Personalization agent with personalization
authority
Initialization of LDS file system
Personalization agent with personalization authority
FMT_MSA.1 Management of security attributes
Hierarchical to: No other components.
Dependencies: [FDP_ACC.1 Subset access control, or
FDP_IFC.1 Subset information flow control]
FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MSA.1.1. The TSF shall enforce [the ePassport access control policy] to restrict the
ability to [initialize] the security attributes [security attributes of the subjects defined in
FDP_ACF.1] to [TSF].
Application Notes: As the action to be taken if the TSF detects modification of the transmitted
TSF data in FPT_ITI.1, the TSF shall reset the security attributes of the subjects defined in
FDP_ACF.1.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
57
-Public-
Security Target Lite
FMT_MSA.3 Static attribute Initialization
Hierarchical to: No other components.
Dependencies: FMT_MSA.1 Management of security attributes
FMT_SMR.1. Security roles
FMT_MSA.3.1. The TSF shall enforce [the ePassport access control policy] to provide
restrictive default values for the security attributes that are used to enforce the SFP.
FMT_MSA.3.2. The TSF shall allow [the Personalization agent in the Personalization
phase] to specify alternative initial values to override the default values when an object or
information is created.
Application Notes: When generating user data (EF.DG1~16, EF.SOD, EF.COM, EF.CVCA) in
the Personalization phase, the Personalization agent shall define the security attributes of
object’s operation and object’s access-rights in (Table 10) of FDP_ACF.1.1.
FMT_MTD.1(1) Management of TSF data (Certificate Verification Info.)
Hierarchical to: No other components.
Dependencies: FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MTD.1.1. The TSF shall restrict the ability to [write in secure memory] the
a)
EAC chip authentication private key
b)
initial current date
c)
initial CVCA Certificate
d)
initial CVCA digital signature verification key
e)
[None]
to [the Personalization agent in the Personalization phase].
Application Notes: After the TSF stores the first CVCA Certificates and the first CVCA digital
signature verification key in secure memory, the Personalization agent sends the command for
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
58
-Public-
Security Target Lite
verifying the validity of the first CVCA public key to the TOE. The TOE then verifies the signature
of the first CVCA certificate using the first CVCA digital signature verification key. The trust point
used in EAC-TA authentication consists of a CVCA digital signature verification key and the first
CVCA Certificates.
FMT_MTD.1(2) Management of TSF data (SSC Initialization)
Hierarchical to: No other components.
Dependencies: FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MTD.1.1. The TSF shall restrict the ability to modify the [ SSC(Send Sequence Counter) ] to
[ TSF ].
Application Notes: The TSF shall initialize SSC as ‘'0’' in order to terminate the BAC secure
messaging before establishing EAC secure messaging after generating the EAC session key.
FMT_MTD.1(3) Management of TSF data( Key Write)
Hierarchical to: No other components.
Dependencies: FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MTD.1.1. The TSF shall restrict the ability to [write in secure memory] the [TSF data (see
table below)] by [the restrictions (see table below)].
(Table 14) Security Attributes
Assignment: TSF data
Assignment: Restrictions
AA private key
Authorized Personalization agent according to
FIA_UAU.5(2) in the Personalization phase
TSF execution code and IC chip setting the
value for the patch
Authorized Personalization agent according to
FIA_UAU.5(2) in the Personalization phase
BAC authentication key
TSF
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
59
-Public-
Security Target Lite
FMT_MTD.1(4) Management of TSF data (lifecycle of TOE and PAC authentication key
management)
Hierarchical to: No other components.
Dependencies: FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MTD.1.1. The TSF shall restrict the ability to change the [PAC authentication key,
lifecycle of TOE in the Personalization Phase] to [Authorized Personalization agent
FIA_UAU.5(2).2]
Application Notes: The initial PAC authentication key is stored in ROM during the
Manufacturing phase.
FMT_MTD.1(5) Management of TSF data(internal change of lifecycle)
Hierarchical to: No other components.
Dependencies: FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MTD.1.1. The TSF shall restrict the ability to change the [lifecycle of the TOE in the
Personalization phase] to [TSF].
FMT_MTD.3 Secure TSF data
Hierarchical to: No other components.
Dependencies: ADV_SPM.1 Informal TOE security policy model
FMT_MTD.1 Management of TSF data
FMT_MTD.3.1. The TSF shall ensure that only secure values are accepted for TSF data.
Application Notes: The TSF shall use only secure values that are safe as random numbers
against a replay attack so as to satisfy the SOF-high condition. The TSF shall preserve secure
values by verifying valid data of the CVCA Link certificate, DV Certificate and IS Certificate
provided by the EIS when executing the EAC-TA and internally updating the CVCA Certificate,
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
60
-Public-
Security Target Lite
CVCA digital signature verification key, current date and EF.CVCA if necessary.
FMT_SMF.1 Specification of Management Functions
Hierarchical to: No other components.
Dependencies: No dependencies.
FMT_SMF.1.1. The TSF shall be capable of performing the following security management
functions: [
a)
A function to write user data and TSF data in the Personalization phase
b)
A function to verify and update the CVCA Certificate, CVCA digital signature verification
key and current data in the Operational Use phase
c)
[A function to manage the TSF security: a function to verify the Security Attributes and
SSC initialization, random number reuse,
d)
A function to initialize personalization EEPROM in the Personalization phase,
e)
A function to manage personalization and management: a function to change the
lifecycle, function to patch the execution code and data, a function to unblock, a
function to update the PAC key, and a function to inactivate writing in the
Personalization phase] ]
FMT_SMR.1 Security roles
Hierarchical to: No other components.
Dependencies: FIA_UID.1 Timing of identification
FMT_SMR.1.1. The TSF shall maintain the following roles: [
a)
Authorized Personalization agent to update the PAC authentication key of the
PAC in the Personalization phase
Authorized Personalization agent to change the lifecycle in the Personalization
phase
Authorized Personalization agent for Unblock operations in the Personalization
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
61
-Public-
Security Target Lite
phase
Authorized Personalization agent for patching of the execution code and data
patch in the Personalization phase
b)
[None]]
FMT_SMR.1.2. The TSF shall be able to associate users with roles.
Application Notes: The Personalization agent is defined with the role to execute the security
management function of FMT_SMF.1. The TSF executes security management functions for
FMT_MTD.1 (2) and b) of FMT_SMF.1. However, the TSF is not defined with this, as it is not a
user.
5.1.5 Privacy
FPT_AMT.1 Abstract machine testing
Hierarchical to: No other components.
Dependencies: No dependencies.
FPT_AMT.1.1. The TSF shall run a suite of tests [before crypto operation] to demonstrate the
correct operation of security assumptions for the abstract machine.
Application Notes: The TOE shall perform the ActiveShield and IC chip sensor test before the
crypto operation.
FPT_FLS.1 Failure with preservation of secure state
Hierarchical to: No other components.
Dependencies: ADV_SPM.1 Informal TOE security policy model
FPT_FLS.1.1. The TSF shall preserve a secure state when the following types of failures occur: [
a)
Failure detected during self-testing by FPT_TST.1
b)
Conditions outside the normal operating conditions of the TSF detected by the IC chip
c)
[When the Operational mode is in InitAuth or SecondAuth mode and when the PAC
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
62
-Public-
Security Target Lite
secure channel is terminated]
]
FPT_ITI.1 Inter-TSF detection of modification
Hierarchical to: No other components.
Dependencies: No dependencies.
FPT_ITI.1.1. The TSF shall provide the capability to detect modification of all TSF data during
transmission between the TSF and a remote trusted IT product within the following metric:
[strength of the Retail MAC].
FPT_ITI.1.2. The TSF shall provide the capability to verify the integrity of all TSF data
transmitted between the TSF and a remote trusted IT product and perform [
a)
Termination of BAC secure messaging or EAC secure messaging
b)
Deletion of the BAC session key or the EAC session key
c)
Management action specified in FMT_MSA.1
d)
Termination of the BAC secure messaging and deletion of the PAC key
e)
[None]
] if modifications are detected
Application Notes: The strength of the Retail MAC is equivalent to the secure Retail MAC
specified in FCS_COP.1(2).
FPT_RVM.1 Non-bypassability of the TSP
Hierarchical to: No other components.
Dependencies: No dependencies.
FPT_RVM.1.1. The TSF shall ensure that TSP enforcement functions are invoked and succeed
before each function within the TSC is allowed to proceed.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
63
-Public-
Security Target Lite
Application Notes: The TOE consists of eight lifecycles, and each lifecycle consists of a suitable
command.
FPT_SEP.1 TSF domain separation
Hierarchical to: No other components.
Dependencies: No dependencies.
FPT_SEP.1.1. The TSF shall maintain a security domain for its own execution that protects it from
interference and tampering by untrusted subjects.
FPT_SEP.1.2. The TSF shall enforce separation between the security domains of subjects in the
TSC.
Application Notes: The TSF shall separate secure memory so as not to be affected by interference
and tampering from other memory domains. Additionally, the TSF shall separate the ePassport
application so as not to be affected by interference and tampering from other application programs.
FPT_TST.1 TSF testing
Hierarchical to: No other components.
Dependencies: FPT_AMT.1 Abstract machine testing
FPT_TST.1.1. The TSF shall run a suite of self tests [before executing the TSF] to demonstrate
the correct operation of the TSF.
FPT_TST.1.2. The TSF shall provide authorized users with the capability to verify the integrity of
TSF data.
FPT_TST.1.3. The TSF shall provide an authorized Personalization agent with the capability to
verify the integrity of stored TSF executable code.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
64
-Public-
Security Target Lite
5.2 Security Requirements for the IT environment
This section describes the security functional requirements for the IT environment.
(Table 15) Security requirements for the IT environment
Security
functional
class
Security functional component
FCS_CKM.1(2)
Cryptographic key generation (PAC session key)
Cryptographic operation
FCS_COP.1(1)
(Symmetric Key Cryptographic Operation)
Cryptographic
Support
FCS_COP.1(2)
Cryptographic operation (MAC)
FCS_COP.1(4)
Cryptographic operation (Digital signature Verification for
Certificates Verification)
FCS_COP.1(5)
Cryptographic operation (Digital signature generation)
FPR_UNO.1
Unobservable
(FCS)
Privacy
(FPR)
FCS_CKM.1(2) Cryptographic key generation (PAC session key)
Hierarchical to: No other components.
Dependencies: [FCS_CKM.2 Cryptographic key distribution, or
FCS_COP.1 Cryptographic operation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_CKM.1.1. The TSF shall generate PAC encryption keys and MAC keys in accordance with
a specified cryptographic key generation algorithm [none] with a specified cryptographic key size
[112 bits] that meets the following: [none].
FCS_COP.1(1) Cryptographic operation (Symmetric Key Cryptographic Operation)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
65
-Public-
Security Target Lite
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1. The TSF shall perform [message encryption and decryption operations] in
accordance with a specified cryptographic algorithm [TDES] with a cryptographic key size [112
bits] that meets the following: [ISO/IEC 18033-3].
Application Notes: The TOE uses the TDES cryptographic algorithm of Certified IC chip for the
confidentiality protection of the transmitted data of the BAC or EAC secure messaging, for the
BAC mutual authentication, and for the BAC key distribution. For the operation mode of the
cryptographic algorithm used, the CBC mode with IV=0 as defined in ISO/IEC 10116 is used.
FCS_COP.1(2) Cryptographic operation (MAC)
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1. The TSF shall perform [a MAC operation] in accordance with a specified
cryptographic algorithm [Retail MAC] with a cryptographic key size [112 bits] that meets the
following: [ISO/IEC 9797-1].
Application Notes: The TOE uses the Retail MAC algorithm of the Certified IC chip to protect the
integrity of the transmitted data of the BAC or EAC secure messaging and for BAC mutual
authentication. The Retail MAC uses MAC algorithm 3, the block cipher DES, the sequence
message counter and padding mode 2 as defined in ISO/IEC 9797-1.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
66
-Public-
Security Target Lite
FCS_COP.1(4) Cryptographic operation (Digital Signature Verification for Certificates
Verification)
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1. The TSF shall perform [Digital signature Verification] in accordance with a
specified cryptographic algorithm [ECDSA-SHA-224] with a cryptographic key size [224 bits] that
meets the following: [ISO/IEC 15946-2].
FCS_COP.1(5) Cryptographic operation (Digital Signature Generation)
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1. The TSF shall perform [Digital signature generation] in accordance with a specified
cryptographic algorithm [RSASSA-PKCS1-v1.5-SHA-256] and cryptographic key size [2048 bits]
that meets the following: [PKCS#1]
Application Notes: The TOE utilizes the RSA library for the AA-A digital signature algorithm
specified in the RSA library is used for the AA security mechanism.
FPR_UNO.1 Unobservability
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
67
-Public-
Security Target Lite
Hierarchical to: No other components.
Dependencies: No dependencies.
FPR_UNO.1.1. The TSF shall ensure that [external entities] are unable to observe the operation[
a)
FCS_COP.1(1) A cryptographic operation (Symmetric Key Cryptographic
Operation)
b)
FCS_COP.1(2) A Cryptographic operation (MAC)
c)
FCS_COP.1(4) A cryptographic operation (Digital signature Verification for Certificates
Verification)
d)
FCS_COP.1(5) A cryptographic operation (Digital signature Generation)
]on the following:[
a)
BAC authentication key
b)
BAC session key
c)
EAC session key
d)
EAC chip authentication private key
e)
[AA Private key
PAC authentication key
PAC session key]]
Application Notes: An external entity may discover and exploit the cryptographic-related data
from physical phenomena (change of current, voltage and electromagnetic, etc.) that occur when
the TSF performs cryptographic operations. The TSF provides the means to handle attacks such
as DPA and SPA.
5.3 Security Assurance Requirements
The security assurance requirements for this Security Target consist of the components from Part
3 of the CC summarized in (Table 16). The evaluation assurance level is EAL4+(ADV_IMP.2,
ATE_DPT.2, AVA_VLA.3).
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
68
-Public-
Security Target Lite
The assurance components are augmented follows:
• ADV_IMP.2 Implementation of the TSF
• ATE_DPT.2 Testing: low-level design
• AVA_VLA.3 Moderately resistant
(Table 16) Security Assurance Requirements
Assurance class
Configuration
Management
Assurance component
ACM_AUT.1
Partial CM automation
ACM_CAP.4
Generation support and acceptance procedures
ACM_SCP.2
Problem tracking CM coverage
ADO_DEL.2
Detection of modification
N/A
Delivery and operation
ADO_IGS.1
※ Installation, generation, and start-up procedures
for this TOE are not required.
ADV_FSP.2
Fully defined external interfaces
ADV_HLD.2
Security enforcing high-level design
ADV_IMP.2
Implementation of the TSF
ADV_LLD.1
Descriptive low-level design
ADV_RCR.1
Informal correspondence demonstration
ADV_SPM.1
Informal TOE security policy model
AGD_ADM.1
Administrator guidance
AGD_USR.1
User guidance
ALC_DVS.1
Identification of security measures
ALC_LCD.1
Developer defined life-cycle model
ALC_TAT.1
Well-defined development tools
ATE_COV.2
Analysis of coverage
ATE_DPT.2
Testing: low-level design
ATE_FUN.1
Functional testing
ATE_IND.2
Independent testing - sample
AVA_MSU.2
Validation of analysis
Development
Guidance documents
Life cycle support
Tests
Vulnerability
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
69
-Public-
Assurance class
assessment
Security Target Lite
Assurance component
AVA_SOF.1
Strength of TOE security function evaluation
AVA_VLA.3
Moderately resistant
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
70
-Public-
Security Target Lite
6. TOE Summary Specification
This chapter describes the TOE Security Functions and the Assurance Measures covering the
requirements of the previous chapter.
6.1 Security Functions
This chapter gives an overview of the TOE Security Functions composing the TSF.
In the following table, all TOE Security Functions are listed and if appropriate, a SOF claim is
stated.
(Table 17) TOE security functions
Security Functions
SOF
Description
SF.MUT_AUTH
high
PAC mutual authentication,
PAC session key generation,
PAC personalization and management authentication,
BAC mutual authentication
SF.CHIP_AUTH
high
EAC-CA authentication
SF.TERMINAL_AUTH
high
EAC-TA authentication
SF.SEC_MESSAGE
-
Secure messaging structure,
Secure communication channel mechanism.
SF.ACTIVE_AUTH
high
AA authentication
SF.ACC_CONTROL
high
SF.RELIABILITY
high
Personalization Agent access control,
Personalization Agent personalization and management
Inspection System access Control
Residual Information management,
Vulnerability countermeasure,
TSF self test,
Data integrity,
TSF domain separation
6.2 SF.MUT_AUTH (PAC security mechanism, BAC security
mechanism)
This security function includes a PAC security mechanism for the Personalization agent and a
BAC security mechanism for the Inspection System.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
71
-Public-
Security Target Lite
The PAC security mechanism provides authority control of the security role to the Personalization
agent in the issue stage. This security function is composed of PAC mutual authentication, PAC
session Key generation, and PAC personalization and management authentication.
The BAC security mechanism (Basic Access Control) provides confidentiality and integrity for the
personal data of the ePassport holder via secure messaging when controlling access to the
personal data of the ePassport holder records in the TOE and transmitting it to the Inspection
System with read-rights. This security function is composed of BAC mutual authentication and
session Key generation.
6.3 SF.CHIP_AUTH
This security function implements EAC-CA authentication. It includes the ephemeral-static EC
Diffie-Hellman key distribution protocol which provides the Inspection System with the generation
of the EAC session key for a secure communication channel between the TOE and the Inspection
System.
6.4 SF.TERMINAL_AUTH
This security function implements EAC-TA authentication. The EAC-TA is used by the TOE to
implement a challenge-response authentication protocol based on the digital signature to
authenticate the EAC-supporting Inspection System.
6.5 SF.SEC_MESSAGE
This security function provides a secure communication channel to protect the command message
(C-APDU) and response message (R-APDU) between the TOE and the Personalization agent or
the Inspection System.
.
6.6 SF.ACTIVE_AUTH
This security function provides an AA mechanism with which the TOE verifies that the MRTD chip
is genuine to the IS by signing the random number transmitted from the IS; the IS verifies the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
72
-Public-
Security Target Lite
authenticity of the MRTD chip through verification with the signed values.
6.7 SF.ACC_CONTROL
This security function provides access control and management of the TOE. The TOE provides
access control rules and management functions for the MRTD application data based on security.
6.8 SF.RELIABILITY
This function executes the residual information management and vulnerability countermeasures of
the TOE, TSF self-test, data integrity and TSF domain separation.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
73
-Public-
Security Target Lite
7. Acceptance of Protection Profile
This chapter describes the Protection Profile accepted in the Security Target, reconstruction, and
additional articles.
7.1 Reference of Protection Profile
This Security Target accepts the security and assurance requirements of the Protection Profile, as
follows:
• "Protection Profile V1.0"(KECS-PP-0084-2008)
7.2 Reconstruction of Protection Profile
This Security Target contains the reconstructed T.Residual Information and A.Inspection System,
the security objectives O.Session Terminate and O.Handling Information Leakage, and the
security objective for environment OE.ePassport Personalization agent. The security functional
requirements are reconstructed.
7.3 Additional components of Protection Profile
This Security Target has added the following security environments, security objectives and
security functional requirements to supplement the PAC and AA authentication function in
ePassport Protection Profile V1.0.
(Table 18) Additional ST items
Items
Components added in ST
T.Disguise of Personalization Agent,
Security Environment
T.Replacement of ePassport IC Chip
Security Objective
O.PAC, O.AA
FCS_CKM.1(2), FCS_CKM.2(3), FCS_COP.1(5), FDP_DAU.1,
SFR
FIA_UAU.1(3), FIA_UAU.1(4), FIA_UAU.5(2), FMT_MOF.1(2),
FMT_MTD.1(3), FMT_MTD.1(4), FMT_MTD.1(5), FPT_AMT.1
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
74
-Public-
Security Target Lite
8. Rationale
This chapter describes the rationale of Security Objectives and Security Requirements based on
Security Environments (Assumptions, Threats, and Organizational Security Policies). The rationale
demonstrates that the TOE supports efficient IT Security Countermeasures in Security
Environments.
8.1 Rationale of Security Objectives
The Rationale of the Security Objectives demonstrates that the specified Security Objectives are
appropriate, and that they can sufficiently trace security problems. It also shows that they are
essential and not excessive.
The Rationale of the Security Objectives demonstrates the following:
• Each assumption, threat or organizational security policy has at least one security objective
tracing to it.
• Each security objective traces to at least one assumption, threat or organizational security policy.
(Table 19) shows the mapping between security environments and security objectives.
(Table 19) Mapping between Security Environments and Security Objectives
Security
Objectives
TOE Security Objectives
Security Objectives for Environment
Security
Environment
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
75
-Public-
OE.Range of RF Communication
OE.PKI
OE.IC Chip
OE.MRZ Entropy
OE.Inspection System
OE.Handling Residual Information
OE.Personalization Agent
OE.Certificate Verification
OE.Application Program Loading
OE.Procedures of Passport Holder
Check
OE.Passport Book Manufacturing
Security
O. P A C
X
X X X
X
X
X
X
X
X
X
X
X
X
X
T.BAC Replay Attack
X
X
X
X
X
X X
T.EAC-CA Bypass
X
X
X
X
T.IS Certificate Forgery X
X
X X
X
X
X
X
X
T.Skimming
X
X
T.Malfunction
X X
X
X
T.Leakage to
Cryptographic Key
Information
T.ePassport
Reproduction
T.Replacement of
ePassport IC Chip
X
X
T.Session Data Reuse
X
X
X
X
X
X
X
X
X
T.Residual Information
X
P.International
Compatibility
P.Security Mechanism
Application Procedures
P.Application
ProgramLoading
X
X
X
X
P.Personalization Agent X
P.PKI
O. E A C
O. A A
X
T.Damage to Biometric
Data
P.ePassport Access
Control
O. B A C
O.Access Control
O.Replay Prevention
O.Self protection
O.Deleting residual Information
O.Domain Separation
X
T.Eavesdropping
T.Forgery and Corruption of
Personal Data
T.BAC Authentication
Key Disclose
O.Certificate Verification
T.Application Program
Interference
T.TSF Data
Modi ficati on
T.Disguise of
Personalization Agent
O.Secure Messaging
Security
Environment
O.Session Termination
O.Security Mechanism Application
Procedures
O.Management
Security
Objectives
Security Target Lite
X
X
X
X
X X X
X
X
X
X
P.Range of RF
Communication
X
A.Certificate Verification
X
A.Inspection System
X
X
X
A.IC Chip
X
A.MRZ Entropy
X
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
76
-Public-
Security Target Lite
8.1.1 Rationale of TOE Security Objectives
O. Management
This security objective ensures that the TOE provides the means to write user data in the EF
domain, the means to write TSF data in secure memory, and the means to store the BAC
authentication key in secure memory only to the authorized Personalization agent in the
Personalization phase. It also prevents unauthorized access using an external interface by
deactivating the MRTD application data writing function of the Personalization agent in the
Operational Use phase. Therefore, this Security Objective is required to counter the threats of T.
TSF Data Modification and T. BAC Authentication Key Disclose. It enforces the organizational
security policies of P. ePassport Access Control and P. Personalization Agent to prevent the
forgery and corruption of the user data and the Security Function through abuse of the functions
related to personalization.
In addition, this security objective provides the Personalization agent with the means to record the
CVCA Certificate in secure memory in the Personalization phase. Therefore, this objective is
required to counter the threat of T. IS Certificate Forgery.
O. Security Mechanism Application Procedures
This security objective is required to enforce the organizational security policies of the P.Security
Mechanism Application Procedures, as the TOE ensures that the application order of the PA, AA,
BAC and EAC security mechanisms according to the 2.1.1 Standard ePassport Inspection
Procedure and the 2.1.2 Advanced ePassport Procedure of the EAC specification by not allowing
requests from the Inspection System that does not correspond to the security mechanism
application order.
In addition, this security objective is required to counter T. EAC-CA Bypass threats by eliminating
cases in which the genuine TOE is shown to an unauthorized Inspection System, as it ensures the
application order of security mechanisms so as to enable EAC-CA executions by only an
Inspection System with access rights to the EAC chip authentication public key through the BAC
execution.
O.Session Termination
This security objective prevents the attacker to attempt continuous authentication who tries to
forge and corrupt the personal or biometric data of the ePassport holder. In addition, the TOE
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
77
-Public-
Security Target Lite
terminates the session when it detects any modification of the transmitted TSF data. Therefore,
this security objective is required to counter the threats T. Forgery and the Corruption of Personal
Data, T. Damage to Biometric Data, T. BAC Authentication Key Disclosure and T. TSF Data
Modification. Moreover, this security objective is required to counter the threat of T. Eavesdropping
and T. Damage to the Biometric Information, as the user data for ePassport Personalization is
transmitted using the PAC secure channel when it is written in the TOE.
O. Secure Messaging
This security objective ensures that the TOE establishes BAC or EAC secure messaging for
secure transmission of the personal and biometric data of the ePassport holder to the Inspection
System. It also provides the confidentiality and integrity of the transmitted personal and biometric
data of the ePassport holder. Therefore, this security objective is required to counter the threats of
T. Damage to Biometric Data and T.Eavesdropping. It is also required to counter the threat of T.
TSF Data Modification by establishing secure messaging when the authorized Personalization
agent records the TSF data in the Personalization phase, therefore providing integrity for the TSF
data.
O. Domain Separation
This security objective is required to counter the threat of T. Application Program Interference
because the TOE provides the means to prevent interference and tampering by the external IT
entities through the separation of the execution domains between the TSF loaded in the MRTD
chip and other application programs.
This security objective is required to counter the threat of T. TSF Data Modification by preventing
TSF data modification, as the COS blocks access by the external entities when the TOE records
the TSF data in secure memory.
This security objective is required to counter the threat of T. IS Certificate Forgery by protecting
the CVCA certificate recorded by the Personalization agent in secure memory to detect forgery of
the CVCA link certificate via external interference and tampering.
This security objective is required to counter the threat of T. ePassport Reproduction and T.
Replacement of the ePassport IC Chip because reproduction of the TSF data stored in secure
memory is not possible, even when an attacker reproduces the user data in the EF domain by
manufacturing an illegal chip.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
78
-Public-
Security Target Lite
O. Certificate Verification
This security objective is required to enforce the organizational security policies of P. PKI as it
enables the TOE to check for a valid date on the basis of the CVCA link certificate provided by the
Inspection System and therefore to update the certificate and the current date automatically.
This security objective is required to counter the threats of T. Damage to Biometric Data and T. IS
Certificate Forgery by determining the presence of forgery as the TOE verifies the validity of the
CVCA Link Certificate, the DV Certificate and the IS Certificate in the EAC-TA.
O. Self-protection
This security objective is required to counter the threat of T. Malfunction as the TOE detects
modification of the TOE executable code and data through self-testing. It also provides the means
to prevent TOE security function bypassing attempts and protects the TOE itself by preserving a
secure state so that malfunction of the TSF does not occur.
O. Deleting Residual Information
This security objective is required to counter the threat of T. Residual Information, as the TOE
deletes all the previous security-related information (including the BAC session key and the EAC
session key) so that this information is not included and becomes unavailable when allocating or
deallocating memory resources.
This security objective is required to counter the threat of T. BAC Authentication Key Disclosure by
providing the means to ensure that the residual information remaining in the temporary memory is
not available.
O. Replay Prevention
This security objective is required to counter the threat of T. BAC Replay Attack by ensuring that
the TOE generates different values per session when the values are transmitted to the Inspection
System during the BAC mutual authentication process. This security objective is also required to
counter the threat of T. Session Data Reuse by ensuring that the different random numbers are
generated and used for each session of the security mechanism, as the TOE ensures that the
BAC authentication key is not used as the BAC session key during the BAC mutual authentication
process. It also ensures that the BAC session key is not generated with the same random number
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
79
-Public-
Security Target Lite
used in the BAC mutual authentication process and checks the replay status of the random
number transmitted by the EIS in the EAC.
O. Access Control
This security objective is required to counter the threats of T. Forgery and Corruption of Personal
Data, T. Damage to Biometric Data and T. Skimming and enforce the organizational security
policies of P. ePassport Access Control by implementing the rules of allowing or denying the
Inspection System to read user data in accordance with the ePassport access control policies by
the Personalization agent.
This security objective allows read-rights and write-rights of ePassport user data in the
Personalization phase and enforces the organizational security policies of P. ePassport Access
Control by simply approving specific functions according to the Security role of the Personalization
agent.
This security objective enforces the organizational security policies of P. ePassport Access Control
by controlling each issuing management function after departmentalizing the role of the
Personalization agent in accordance with the PAC authentication key in the Personalization phase.
O. AA
This security objective is required to counter the threats of T. Replacement of the ePassport IC Chip
by implementing the AA security mechanism so that the Inspection System can verify the
genuineness of the IC chip TOE is embedded.
O. BAC
This security objective is required to enforce the organizational security policies of P. ePassport
Access Control as the TOE implements the BAC security mechanism to control access to the
personal data of the ePassport holder. It thus gives read-rights of the personal data of the
ePassport holder only to an authorized Inspection System for which the BAC mutual
authentication is successfully completed.
This security objective is required to counter the threats of T. Forgery and Corruption of Personal
Data and T. Skimming as the TOE allows read-rights of the personal data of the ePassport holder
only to an authorized Inspection System by generating the BAC session key during the BAC
mutual authentication. It also denies access for an Inspection System that does not have readrights.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
80
-Public-
Security Target Lite
O. EAC
This security objective is required to enforce the organizational security policies of P. ePassport
Access Control as the TOE implements the EAC-CA and EAC-TA to control access to the
biometric data of the ePassport holder. It therefore gives read-rights of the biometric data of the
ePassport holder only to an authorized Inspection System for which the EAC-TA is successfully
completed.
This security objective is required to counter the threats of T. Damage to Biometric Data and T.
Skimming as the TOE allows read-rights of the biometric data of the ePassport holder only to an
authorized Inspection System through the EAC-TA by generating the EAC session key during the
EAC-CA and denies access by an Inspection System that does not have read-rights.
This security objective enforces the organizational security policies of P. ePassport Access Control
as the access right is assigned in accordance with the PAC authentication key; specific functions
can only be performed by an authorized Personalization agent for which PAC is successfully
completed.
O. PAC
This security objective is required to enforce the organizational security policies of the P.
ePassport Access Control and P. Personalization Agent as the TOE implements PAC mutual
authentication and PAC issuing management authentication to assign the ePassport issuing
functionality to the authorized Personalization agent only and the issuing right regarding each
functionality of the Personalization agent, such as updating of the PAC authentication key,
modification of the life cycle, patch, and unblocking in accordance with the PAC authentication key.
This security objective is required to counter the threats of T. modification of the TSF data and T.
Disguise of the Personalization Agent, as the TOE only allows access for an authorized
Personalization Agent for which PAC mutual authentication is successfully completed. Secure
communication between the TOE and the Personalization Agent is performed using the PAC
session key generated.
8.1.2 Rationale of Security Objective for Environment
OE. Passport Book Manufacturing Security
This security objective for the environment is required to counter the threat of T. ePassport
Reproduction by ensuring that Physical security measures (security printing, etc.) for the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
81
-Public-
Security Target Lite
ePassport are prepared to detect reproduction of the MRTD chip and attack attempts of the
Grandmaster chess, replacement of the portrait, and modification of the MRZ data, among others.
OE. Procedures of Passport Holder Check
This security objective for the environment is required to counter the threats of T. ePassport
Reproduction, T. BAC Authentication Key Disclosure and T. EAC-CA Bypass by implementing
procedural security measures in the immigration process, such as procedures to check the printed
identify information page of the ePassport and procedures to determine the forgery status of the
ePassport book, among others.
OE. Application Program Loading
This security objective for the environment is required to enforce the organizational security
policies of P. Application program loading by ensuring that only the application programs are
loaded to the MRTD chip in a secure manner by the Personalization agent.
This security objective for the environment is required to counter the threat of T. Application
Program Interference by providing the means to prevent interference and tampering with the TSF
as an attacker loads any application program onto the IC chip through the restriction that stipulates
that only the authorized Personalization agent can load application programs.
OE. Certificate Verification
This security objective for the environment verifies the SOD after regularly verifying the DS
certificate and CRL so that the Inspection System of the BIS and EIS can verify against forgery
and corruption of the ePassport identity data recorded in the TOE. This security objective for the
environment also ensures that the EIS securely maintains the digital signature generation key that
corresponds to the IS certificate and provides the TOE with the CVCA Link Certificate, DV
Certificate and IS Certificate in the EAC-TA. Therefore, this security objective for the environment
is required to counter the threats of T. Damage to Biometric Data, T. EAC-CA Bypass and T. IS
Certificate Forgery and is required to support the assumption of A. Certificate Verification.
OE. Personalization Agent
This security objective for environment is required to enforce the organizational security policies of
P. International Compatibility and P. Personalization Agent by ensuring that the TOE is delivered
to the Operational Use phase after securely issuing the ePassport so that the Personalization
agent can check that the issuing subject has not been changed, verifying normal operation and
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
82
-Public-
Security Target Lite
compatibility of the ePassport in the Personalization phase and deactivating the writing function.
This security objective for the environment also is required to enforce the organizational security
policies of P. ePassport Access Control as it defines the role of the Personalization agent. It is also
required to support the assumption of A. Certificate Verification because the Personalization agent
makes certificates necessary for PA and EAC support available to the Inspection System.
This security objective for the environment is required to counter the threat of T. TSF Data
Modification because the Personalization agent deactivates the writing function in the Operational
Use phase, thereby disabling the writing function for modification of the TSF data.
OE.Handling Information Leakage
This security objective for the environment is required to counter the threat of T. Leakage of the
Cryptographic Key Information as the TOE provides the means to prevent the analysis of the
leakage information (electric power, wave, and other information) during cryptographic operations
and prevents the key information from being obtained.
OE. Inspection System
This security objective for environment is required to support the assumption of the A. Inspection
System and must also enforce the organizational security policies of the P. Security Mechanism
Application Procedures and P. ePassport Access Control as the Inspection System implements
and ensures the application order of the security mechanisms in accordance with the type of the
Inspection System so as not to violate the ePassport access control policies of the Personalization
agent. This ensures that the information used in communication with the TOE is securely
destroyed after session termination.
This security objective for the environment is required to counter the threat of T. Eavesdropping,
as the confidentiality and integrity of the transmitted data are ensured by establishing BAC secure
messaging after the generation of the BAC session key through the BAC key distribution when the
Inspection System communicates with the TOE.
This security objective for the environment is required to counter the threats of T. Forgery and
Corruption of the Personal Data, T. Damage to the Biometric Data, T. Skimming, and T. EAC-CA
Bypass as the Inspection System supports BAC mutual authentication, EAC and PA.
This security objective for the environment is required to counter the threat of T. Session Data
Reuse as the Inspection System generates a different temporary public key per session and
transmits it to the TOE in the EAC-CA.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
83
-Public-
Security Target Lite
OE. IC Chip
This security objective for the environment is required to support the assumption of the A. IC Chip
as it uses the EAL5+ IC chip that generates the random number and provides the cryptographic
operation to support the security functions of the TOE. This also provides the malfunction
detection and physical protection other operations.
This security objective for the environment is also required to counter the threat of T. Malfunction
as the IC chip detects malfunctions outside the normal operating conditions.
It is also required to counter the threat of T. Leakage of the Cryptographic Key Information as the
IC chip performs the TDES, Retail MAC, and ECC cryptographic operations and supports
DPA/SPA countermeasures.
OE. MRZ Entropy
This security objective for the environment is required to support the assumption of A. MRZ
Entropy by providing the MRZ entropy necessary for the Personalization agent to ensure a secure
BAC authentication key.
OE. PKI
This security objective for the environment is required to enforce the organizational security
policies of P. PKI and supports the assumption of A. Certificate Verification by implementing and
operating the ePassport PKI System that executes the certification practice according to the
Certification Practice Statement (CPS). These operations include generating a digital signature
key and generating, issuing, and distributing the certificates necessary in support of the PA and
EAC security mechanisms.
This security objective for the environment is also required to counter the threat of T. Damage to
Biometric Data by generating, issuing and distributing the certificates necessary in the EAC
through implementation of the EAC-PKI.
OE. Range of RF Communication
This security objective for the environment is required to counter the threat of T. Skimming and
enforce the organizational security policies of P. Range of RF Communication by ensuring that the
RF communication distance between the MRTD chip and Inspection System shall be less than
5cm and that the RF communication channel shall not be established if the page of the ePassport
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
84
-Public-
Security Target Lite
with the IC chip is not opened.
8.2 Rationale of Security Requirements
The rationale for the security requirements demonstrates that the described security requirements
properly satisfy the security objectives and, as a result, are appropriate to address security
problems.
8.2.1 Rationale of Security Functional Requirements
The rationale of the security functional requirements demonstrates the following:
• Each TOE security objective has at least one TOE security function requirement tracing to it.
• Each TOE security functional requirement traces back to at least one TOE security objectives.
(Table 20) presents the mapping between the security objectives and the security functional
requirements.
(Table 20) Mapping between Security Objectives and Security Functional Requirements
O. EAC
O. PAC
O. BAC
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
FDP_UIT.1
X
FIA_UAU.1(1)
FIA_UAU.1(2)
X
X
X
FDP_UCT.1
FIA_UAU.1(3)
FIA_UAU.1(4)
X
X
FCS_COP.1(3)
FIA_AFL.1
O.AA
X
FCS_CKM.4
FDP_ACC.1
FDP_ACF.1
FDP_DAU.1
FDP_RIP.1
O.Access Control
FCS_CKM.2(1)
FCS_CKM.2(2)
FCS_CKM.2(3)
O.Replay Prevention
O.Deleting Residual
Information
O.Self Protection
O.Certificate
Verification
O.Domain
Separation
O.Session
Termination
O.Security
Mechanism
Application
Procedures
O.Management
Security Functional
Requirements
FCS_CKM.1(1)
O.Secure Messaging
Security Objectives
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Copyright Ⓒ 2008 KOMSCO, All rights reserved
X
X
X
EPS-01-AN-ST(Lite-EN)-1.0
85
-Public-
O. BAC
O. EAC
O. PAC
X
X
X
X
X
X
X
X
X
X
X
O.AA
O.Access Control
O.Replay Prevention
O.Deleting Residual
Information
O.Self Protection
O.Certificate
Verification
O.Domain
Separation
O.Session
Termination
O.Security
Mechanism
Application
Procedures
O.Management
Security Functional
Requirements
FIA_UAU.4
FIA_UAU.5(1)
FIA_UAU.5(2)
FIA_UID.1
FMT_MOF.1(1)
FMT_MOF.1(2)
FMT_MSA.1
O.Secure Messaging
Security Objectives
Security Target Lite
X
X
X
X
X
X
X
X
X
X
X
X
FMT_MSA.3
X
X
X
FMT_MTD.1(1)
X
X
X
FMT_MTD.1(2)
X
FMT_MTD.1(3)
X
X
FMT_MTD.1(4)
X
X
FMT_MTD.1(5)
FMT_MTD.3
FMT_SMF.1
X
X
FMT_SMR.1
FPT_AMT.1
FPT_FLS.1
X
X
X
X
FPT_ITI.1
X
X
X
X
X
X
X
X
FPT_RVM.1
FPT_SEP.1
X
X
X
X
FPT_TST.1
X
FCS_CKM.1(1) Cryptographic Key Generation (Key Derivation Mechanism)
This component requires generation of the 112-bit BAC authentication key, the BAC and EAC
session keys according to the cryptographic key generation algorithm specified in the ICAO
document. Through this, the BAC authentication key is generated for use in the BAC mutual
authentication process, and the BAC/EAC session key is generated for use in the BAC/EAC
secure messaging. Therefore, this component satisfies the security objectives of O.BAC and
O.EAC.
FCS_CKM.2(1) Cryptographic Key Distribution (KDF Seed Distribution for BAC Session Key
Generation)
This component defines the method to distribute the seed of the key derivation mechanism
necessary in generating the BAC session key to the Inspection System (ISO/IEC 11770-2 Key
Establishment Mechanism 6).
The distribution method defined in this component satisfies the security objective of O.Replay
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
86
-Public-
Security Target Lite
Prevention as it uses random numbers and O. BAC as it enables generation of the BAC session
key of FCS_CKM.1(1) by generating the KDF seed.
FCS_CKM.2(2) Cryptographic Key Distribution (KDF Seed Distribution for EAC Session Key
Generation)
This component defines the method of distributing the seed of the key derivation mechanism
necessary in generating the EAC session key to the Inspection System (ECDH key distribution
protocol).
The distribution method defined in this component satisfies the security objective of O.EAC as it
enables the generation of the EAC session key of FCS_CKM.1(1) by generating the KDF seed.
FCS_CKM.2(3) Cryptographic Key Distribution (Seed Distribution for PAC Session Key
Generation)
This component is an additional key derivation mechanism and defines the method to distribute
the seed of the key derivation mechanism necessary in generating the PAC session key to the
Inspection System.
This component defines a method to distribute the seed values necessary to generate the PAC
session key to the Personalization Agent as a key-derivation mechanism is developed by itself.
The distribution method defined in this component satisfies the security objective of O.Replay
Prevention as it uses random numbers and O. PAC as it enables the generation of the PAC
session key of FCS_CKM.1(2) by generating the seed.
FCS_CKM.4 Cryptographic Key Destruction
This component defines the method to destroy the key generated by key derivation mechanism of
FCS_CKM.1(1) and FCS_CKM.1(2) securely.
This component satisfies the security objective of O. Deleting Residual Information as it provides
the method of destroying the key generated by the TSF and that which remains in temporary
memory via its defined method.
FCS_COP.1(3) Cryptographic Operation(Hash Function)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
87
-Public-
Security Target Lite
This component defines the SHA-1 hash function necessary in KDF implementation according to
FCS_CKM.1(1) and the SHA-256 hash function necessary in RSA digital signature algorithm
implementation according to FCS_COP.1(5). This component also defines the SHA-224 hash
function necessary in the ECDSA digital signature algorithm implementation according to
FCS_COP.1(4) and the SHA-1 hash function necessary in generating the BAC authentication key
and verifying the integrity of the executable code.
The hash function defined in this component satisfies the security objective of O. BAC, O. EAC,
and O. AA as it enables the KDF to generate the BAC authentication key, the BAC and the EAC
session key. It also supports the RSA digital signature necessary in the AA authentication process
and the ECDSA digital signature necessary in the EAC-TA authentication process.
FDP_ACC.1 Subset Access Control
This component defines the list of subjects, objects and operations to determine the scope of
control for the ePassport access control policies.
The ePassport access control policies defined in this component satisfy the security objective of O.
Access Control because they define the Personalization agent, BIS and EIS as subjects and the
personal data and biometric data of the ePassport holder and ePassport authentication data
objects. They also define their relationships as operations.
FDP_ACF.1 Security Attributes based Access Control
To enforce the ePassport access control policies, this component defines the security attributes of
the subjects and objects defined in FDP_ACC.1 and specifies the ePassport access control rules.
The security attributes and the ePassport access control rules defined in this component satisfy
the security objectives of O. Management and O. Access Control because only an authorized
Personalization agent with a Personalization agent issuing authorization can perform management
functions.
This component also satisfies the security objectives of O. BAC, O. EAC, O. PAC and O. Access
Control because the read-rights of the personal data of the ePassport holder and ePassport
authentication data are allowed only to subjects holding BAC authorization, read-rights of the
biometric data of the ePassport holder are allowed only to subjects holding EAC authorization, and
the issuing rights for ePassport personalization are allowed only to subjects holding PAC
authorization.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
88
-Public-
Security Target Lite
The explicit deny rules of FDP_ACF.1.4 defined in this component satisfy the security objective of
the O. Security Mechanism Application Procedures because the application order of the security
mechanisms is ensured; access by the Inspection System is denied when the order of the
transmitted instructions specified in the Inspection Procedures in 2.1 of the EAC specifications are
violated.
FDP_DAU.1 Basic Data Authentication
This component supports the ability to generate the evidence used for ensuring the validity of the
genuineness of the MRTD IC chip and stipulates that it has to be supported to the BIS and EIS,
which can verify the validity of the indicated information.
To demonstrate to the Inspection System that this ePassport was justifiably issued by the
Personalization Agent, the TOE provides proof of the genuineness of the MRTD IC chip by
verifying that the AA security mechanism is implemented and the validity of the AA private key is
guaranteed. Therefore, this component satisfies the security objective of O. AA.
FDP_RIP.1 Subset Residual Information Protection
This component ensures that previous information is not included when the TSF allocates or
deallocates memory resources for the BAC authentication key, BAC session key, EAC session
key, PAC session key, PAC authentication key, AA private key, EAC chip authentication private
key, CVCA digital signature verification key, and domain information.
This component satisfies the security objective of O. Deleting Residual Information as it ensures
that previous information of the BAC authentication key, BAC session key, EAC session key, PAC
session key, PAC authentication key, AA private key, EAC chip authentication private key, CVCA
digital signature verification key, and domain information are not available when these keys are
destroyed according to the method of destruction defined in FCS_CKM.4. This component also
satisfies the security objective of O. Replay Prevention by ensuring that the previous information
pertaining to the random numbers used for the PAC mutual authentication, PAC issuing
management authentication, BAC mutual authentication, AA authentication, EAC-TA, and
generation of the session key is not available.
FDP_UCT.1 Basic Data Exchange Confidentiality
This component defines the method to protect from disclosure when transmitting objects
information such as the personal data and the biometric data of the ePassport holder within the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
89
-Public-
Security Target Lite
scope of the ePassport access control policies.
This component establishes the BAC or EAC secure messaging by performing cryptographic
operations for the personal data of the ePassport holder as it is transmitted between the TOE and
the Inspection System with the BAC session encryption key. This is also done for the biometric
data of the ePassport holder as it is transmitted between the TOE and the Inspection System with
the EAC session encryption key. This component also establishes PAC secure messaging by
performing cryptographic operations for data such as the ePassport applicable data as it is
transmitted between the TOE and the Inspection System with the PAC session encryption key.
Therefore, this component satisfies the security objective of O. Secure Messaging as the
confidentiality of user data is ensured.
This component satisfies the security objective of O. Replay Prevention both by ensuring that the
BAC session encryption key used is not identical to the BAC authentication key when BAC secure
messaging is established and by ensuring that the PAC session encryption key used is not
identical to the PAC authentication key when PAC secure messaging is established.
FDP_UIT.1 Data Exchange Integrity
This component defines the protection method against modification, deletion, and insertion when
transmitting information such as the personal data and the biometric data of the ePassport holder
within the scope of the ePassport access control policies.
This component establishes BAC or EAC secure messaging by performing cryptographic
operations for the personal data of the ePassport holder as it is transmitted between the TOE and
the Inspection System with the BAC session MAC key. This is also done for the biometric data of
the ePassport holder as it is transmitted between the TOE and the Inspection System with the
EAC session MAC key. This component also establishes PAC secure messaging by performing
cryptographic operations for the ePassport applicable data as it is transmitted between the TOE
and the Inspection System with the PAC session MAC key. Therefore, this component satisfies
the security objective of O. Secure Messaging as the integrity of user data is ensured.
This component satisfies the security objective of O. Replay Prevention both by ensuring that the
BAC session MAC key used is not identical to the BAC authentication key when BAC secure
messaging is established and by ensuring that the PAC session MAC key used is not identical to
the PAC authentication key when PAC secure messaging is established.
FIA_AFL.1 Authentication Failure Handling
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
90
-Public-
Security Target Lite
If the authentication attempt failure number of the BAC mutual authentication, PAC mutual
authentication, PAC issuing management authentication and EAC-TA is surpassed, this
component detects it and requires termination of the user session and modification of the life cycle.
This component satisfies the security objective of O. Session Termination as the session is
terminated if the authentication attempt failure number of the BAC mutual authentication, PAC
mutual authentication, PAC issuing management authentication and EAC-TA integrity verification
is surpassed. This component also satisfies the security objective of the O. Security Mechanism
Application Procedures by preventing the unauthorized external entity from moving to the next
phase of the inspection procedures by terminating the session if the BAC mutual authentication
fails.
This component satisfies the security objective of O. PAC as the session is terminated. The life
cycle is modified if the authentication attempt failure number of the PAC mutual authentication and
PAC issuing management authentication is surpassed.
In addition, this component satisfies the security objectives of O. BAC, O. EAC and O. Access
Control because access to user data is denied by session termination as BAC mutual
authentication or EAC-TA failure indicates no access rights for user data.
FIA_UAU.1(1) Authentication (BAC Mutual Authentication)
This component defines the user functions to be performed before BAC mutual authentication and
executes BAC mutual authentication for the user.
In this component, BAC mutual authentication is executed to enable the Inspection System
identified in FIA_UID.1 to execute the indication function to support the BAC mechanism and to
read the personal data of the ePassport holder. This component satisfies the security objectives of
O. Session Termination, O. BAC and O. Access Control, as it enables detection of whether
authentication fails through FIA_AFL. 1 and allows read-rights to the personal data of the
ePassport holder if authentication succeeds.
FIA_UAU.1(2) Authentication (EAC-TA)
This component defines the user functions to be performed before the EAC-TA and executes the
EAC-TA for user.
In this component, only the Inspection System for which BAC mutual authentication succeeds in
FIA_UAU.1(1) can execute EAC-CA and the reading of the user data (except the biometric data of
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
91
-Public-
Security Target Lite
the ePassport holder). To read the biometric data of the ePassport holder, the EAC-TA shall be
executed. This component satisfies the security objectives of O. Security Mechanism Application
Procedures, O. Session Termination, O. EAC and O. Access Control, as it enables detection of
whether authentication fails through FIA_AFL. 1 and allows read-rights to the biometric data of the
ePassport holder if authentication succeeds.
FIA_UAU.1(3) Authentication (PAC Mutual Authentication)
This component defines the user functions to be performed before PAC mutual authentication and
executes PAC mutual authentication for Personalization Agent.
In this component, the Personalization Agent must be allowed to obtain the CSN and Ticket before
the PAC mutual authentication process. This component satisfies the security objectives of O.
Session Termination, O. Access Control, and O. PAC, as it enables detection of whether
authentication fails through FIA_AFL. 1 and allows the environment for PAC secure messaging if
authentication succeeds.
FIA_UAU.1(4) Authentication (PAC Issuing Management Authentication)
This component defines the user functions to be performed before the PAC issuing management
authentication process and executes PAC issuing management authentication for the
Personalization Agent.
In this component, the Personalization Agent must be allowed to transmit a random number and
execute PAC mutual authentication before the PAC issuing management authentication process.
This component satisfies the security objectives of O. Session Termination, O. Access Control,
and O. PAC, as it enables detection of whether authentication fails through FIA_AFL.1 and allows
issuing rights if authentication succeeds.
FIA_UAU.4 Single-use Authentication Mechanisms
This component requires that the authentication-related information sent by the TSF to the
Inspection System during the PAC mutual authentication and the PAC issuing management
authentication process is not replayed. It also requires that the authentication-related information
sent by the TSF to the Inspection System during the BAC mutual authentication, the AA, and the
EAC-TA process is not replayed.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
92
-Public-
Security Target Lite
This component satisfies the security objectives of O.Replay Prevention and O.PAC by performing
PAC mutual authentication with a mechanism that prevents a replay of the random number used
in PAC mutual authentication and the PAC personalization and management authentication
processes.
This component satisfies the security objectives of O. Replay Prevention, O. BAC, O. AA, and O.
EAC as the TSF executes BAC mutual authentication, AA, and EAC-TA by generating different
random numbers that are used in BAC mutual authentication, AA and EAC-TA for each session
and transmitting them to the Inspection System.
FIA_UAU.5(1) Multiple Authentication Mechanisms
This component defines multiple authentication mechanisms and the rules of applying the
authentication mechanisms according to type of user data to be accessed by the Inspection
System.
This component satisfies the security objectives of the O. Security Mechanism Application
Procedures, O. Access Control, O. BAC and O. EAC as the Inspection System holds the BAC
authorization process by succeeding in BAC mutual authentication and the EAC authorization
process by succeeding in EAC-CA, EAC-TA and certificate verification after BAC mutual
authentication according to the application rules of the authentication mechanism.
FIA_UAU.5(2) Multiple Authentication Mechanisms (PAC Mutual Authentication and PAC
Issuing Management Authentication)
This component defines the PAC mutual authentication and PAC issuing management
authentication mechanisms and the rules of applying the authentication mechanisms according to
the type of issuing rights to be accessed by the Personalization agent.
This component satisfies the security objectives of O. Access Control and O. PAC as the
Personalization Agent holds the issuing authorization by succeeding in the PAC mutual
authentication and PAC issuing management authentication processes.
FIA_UID.1 Identification
This component requires establishing a communication channel based on a contactless IC card
transmission protocol (ISO/ IEC 14443-4) as the user functions to be performed before the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
93
-Public-
Security Target Lite
identification process to identify the user.
This component satisfies the security objectives of O. BAC, O. AA, and O. EAC as the external
entity is identified with the Inspection System and of O. PAC as the external entity is identified with
the Personalization agent if an external entity seeks to establish a communication channel request
to use a MRTD application.
FMT_MOF.1(1) Management of Security Functions Behavior
This component stipulates that the ability to disable the writing function is given only to the
Personalization agent in the Personalization phase.
This component satisfies the security objectives of O. Management, O. Access Control and O.
PAC by deactivating the writing function of the Personalization Agent in the Personalization phase
and by modifying the life cycle to the Operational Use phase so that the TOE in the Operational
Use phase cannot record any data. The writing function can be performed when the lifecycle of the
TOE is in SecondAuth status. By performing PAC personalization and management (PACLifeCycle) authentication, the lifecycle of the TOE moves into StartIssue status to test the written
data. After finishing the test, the lifecycle moves into Issued status to deactivate the writing
function of the Personalization agent by performing PAC personalization and management (PACLifeCycle) authentication.
FMT_MOF.1(2) Management of Security Functions Behavior (Initialization)
This component stipulates that the initialization of TOE issuance, TOE re-issuance, and LDS file
system are performed only by an authorized Personalization Agent with issuing rights and that the
initialization of the variables is performed only by TSF.
This component satisfies the security objectives of O.Access Control, O.Management, and O.PAC
by ensuring that a file table and a data pointer are initialized and the lifecycle of the TOE, Empty
status, moves into Unissue status by performing TOE issuance initialization. Additionally, the LDS
file system and temporary memories are initialized.
FMT_MSA.1 Management of Security Attributes
This component requires restriction of the ability to initialize user security attributes only to the TSF
as an action to be taken if the TSF detects modification of the transmitted TSF data in FPT_ITI.1.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
94
-Public-
Security Target Lite
This component satisfies the security objectives of O. Secure Messaging and O. Access Control
as the integrity is ensured, and access to the MRTD application data is blocked by resetting the
previously given security attributes of the Personalization Agent or the Inspection System as an
action to be taken if the TSF detects modification of the transmitted TSF data.
FMT_MSA.3 Static Attribute Initialization
This component requires the Personalization agent to specify initial values in order to restrict
default values for security attributes when an object is created.
This component satisfies the security objectives of O. Management, O. Access Control, and O.
PAC as only the authorized Personalization agent generates user data to enforce the ePassport
access control policies in the Personalization phase. It also specifies the initial values to restrict
the security attributes of the data.
FMT_MTD.1(1) TSF Management of TSF Data (Certification Verification Information)
This component stipulates the restriction in which only Personalization agents in the
Personalization phase write the certificate verification information necessary for the EAC-TA in
secure memory.
This component satisfies the security objectives of O. Management, O. Access Control, and O.
PAC by enabling only an authorized Personalization agent to have the ability to write TSF data
such as the EAC chip authentication private key, current data, CVCA Certificate and CVCA digital
signature verification key in secure memory in the Personalization phase.
FMT_MTD.1(2) Management of TSF Data (SSC Initialization)
This component requires termination of BAC secure messaging before EAC secure messaging is
established.
This component satisfies the security objective of the O. Security Mechanism Application
Procedures by initializing the SSC (send sequence counter) at '0' in order to terminate the BAC
secure messaging after generating the EAC session key and newly establishing EAC secure
messaging.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
95
-Public-
Security Target Lite
FMT_MTD.1(3) Management of TSF Data (Writing Key)
This component stipulates a restriction in which only an authorized Personalization agent in the
Personalization phase writes the AA private key, TSF executable code and IC chip RF settings in
secure memory and that only the TSF writes the BAC authentication key in secure memory.
This component satisfies the security objective of O.Management and O.Access Control by
stipulating a restriction in which only an authorized Personalization agent in the Personalization
phase writes the AA private key, TSF executable code and IC chip RF settings in secure memory.
This component satisfies the security objective of O.Management and O.Access Control by
stipulating a restriction in which only the TSF writes the BAC authentication key in secure memory.
FMT_MTD.1(4) Management of TSF Data (TOE Lifecycle and PAC Authentication Key
Management)
This component stipulates a restriction in which only an authorized Personalization agent in the
Personalization phase modifies the lifecycle of the TOE.
This component satisfies the security objective of O.Management, O.Access Control and O.PAC
by stipulating a restriction in which only authorized Personalization agents in the Personalization
phase modify the PAC authentication key and the TOE lifecycle.
FMT_MTD.1(5) Management of TSF Data (Internal Modification of TOE Lifecycle)
This component stipulates a restriction in which only the TSF modifies the lifecycle of the TOE.
This component satisfies the security objective of O.Management, O.Access Control and O.PAC
by stipulating a restriction in which only the TSF modifies the lifecycle of the TOE according to the
result after PAC mutual authentication, PAC issuing management authentication and the TOE
initialization for personalization.
If the initialization command for personalization is performed by the Personalization agent, the
lifecycle of the TOE moves from the Empty status to the Unissue status. If verification of the
integrity of the executable code fails, the lifecycle of the TOE moves from Empty status to Discard
status via the TSF. When the lifecycle of the TOE is in InitAuth or SecondAuth status in the
personalization phase, the lifecycle moves to Unissue status if a communication channel between
the TOE and the inspection system becomes disconnected. The lifecycle changes from Unissue
status into InitAuth status by the TSF, if PAC mutual authentication is performed successfully, and
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
96
-Public-
Security Target Lite
the lifecycle changes from InitAuth status to SecondAuth status if PAC personalization and
management
(PAC-KeyUpdate,
PAC-LifeCycle,
PAC-Patch)
authentication
is
performed
successfully in the personalization phase. If PAC mutual authentication or PAC personalization
and management authentication fails three times, the lifecycle changes into Block status; if PACUnblock authentication fails three times, the lifecycle changes from Block status to Discard status.
FMT_MTD.3 Secure TSF Data
This component requires allowing only secure values as the TSF data to ensure secure random
numbers by preventing replay of the random numbers and ensuring that certificates with valid and
unexpired dates are used in EAC-TA. This component satisfies the security objective of O.Replay
Prevention because only secure random numbers are used, which prevents a replay attack when
the TSF generates the session key.
This component satisfies the security objective of O.Replay Prevention because the TSF uses
only secure random numbers when performing PAC, BAC, EAC and AA authentication.
Additionally, the TSF compares the CVCA Link Certificate provided by the Inspection System with
the CVCA Certificate stored in the TOE for verification of the IS Certificate used in the EAC-TA. If
CVCA Certificate updating is necessary, the TSF internally updates the CVCA Certificate, the
CVCA digital signature verification key, the current dates and EF.CVCA. Thus, it maintains the
TSF data as secure values. This component satisfies the security objectives of O. Certificate
Verification and O. EAC because the EAC-TA can be executed successfully by verifying the DV
Certificate and IS Certificate with the secure CVCA Certificate.
FMT_SMF.1 Specification of management functions
This component provides the means to manage the MRTD application data in the Personalization
phase.
This component satisfies the security objective of O. Management as it defines the writing function
of the user data and the TSF data in the Personalization phase and the security management
function of the TOE.
This component also satisfies the security objective of O. Certificate Verification as it provides the
function for the TSF to update the CVCA certificate, the CVCA digital signature verification key
and the current dates by itself in the Operational Use phase.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
97
-Public-
Security Target Lite
FMT_SMR.1 Security roles
This component defines the role of the Personalization agent to manage the MRTD application
data.
This component satisfies the security objective of O. Management as it defines the role of the
Personalization agent that has the rights for updating the PAC authentication key, modifying the
lifecycle, unblocking and patching the executable code and the data in the Personalization phase.
FPT_AMT.1 Abstract machine testing
To show that TSF is exactly performed according to security assumptions, this component
requires performing the sequential test periodically in the general operations.
This component satisfies the security objective of O.Self-protection because the ActiveShield and
sensor testing supported by the IC chip are preformed before the cryptographic operation.
FPT_FLS.1 Failure with preservation of the secure state
This component must preserve a secure state when different types of failure occur, such as the
failure detected from the self-testing, abnormal operating conditions detected by the IC chip, or the
condition in which the PAC secure channel disengages during the InitAuth or SecondAuth phase.
In this component, the TOE is safely preserved by changing the operational mode to a safe mode
if the PAC secure channel is terminated when the operational mode of the TSF is in InitAuth or
SecondAuth mode. The TOE initializes RAM and falls into ‘panic’ status if any failures of the TSF
are detected by the IC chip. Additionally, the TOE is safely preserved by changing the operational
mode to a safe mode if verification of the integrity of the executable code fails. Therefore, this
component satisfies the security objective of O.Self-protection.
FPT_ITI.1 Inter-TSF detection of modification
This component requires detection modification of the transmitted TSF data and defines an action
to be taken if modifications are detected.
This component satisfies the security objectives of O. Secure Messaging and O. Session
Termination by detecting modification of the transmitted TSF data in the Personalization and
Operational Use phases and by performing a specified action, such as terminating the related
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
98
-Public-
Security Target Lite
communication channels, deleting the related session key and modifying the previous condition of
PAC mutual authentication or PAC issuing management authentication while deleting the
Personalization rights of the Personalization agent if modifications are detected.
FPT_RVM.1 Non-bypassability of the TSP
This component always requires invocation of the ePassport access control function as a
reference monitor to protect the TSF from manipulating the operation and bypassing access
control policy with untrusted subjects.
This component satisfies the security objectives of O. Self-protection and O. Access Control
together with FPT_SEP.1 as the ePassport access control function is always invoked; therefore, it
serves as a reference monitor to protect all subjects, objects and operations included within the
scope of control of the ePassport access control policies defined in FDP_ACC.1.
FPT_SEP.1 TSF Domain Separation
This component defines the security domains to protect subjects, objects, operations and the TSF
data included within the scope of control of the ePassport access control policies from external
interference and tampering by untrusted subjects.
As this COS is native, this component satisfies the security objectives of O. Access Control and O.
Domain Separation by separating the domains used by untrusted subjects, such as other
application programs, from the domain in which the ePassport access control function is executed.
This component also satisfies the security objective of O. Domain Separation by separating the
secure memory domain from other memory domains and therefore protecting the TSF data from
external IT entities.
FPT_TST.1 TSF testing
This component requires self-testing to detect a loss of the TSF executable code and the TSF
data by various failures (such as an unexpected failure mode, lack of an IC chip design or
intentional damage to the TSF).
This component satisfies the security objective of O.Self-protection because the TOE checks the
patch status of the TSF. To demonstrate the correct operation of the TSF, each TSF does a self-
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
99
-Public-
Security Target Lite
test and ensures correct operation before it runs the TSF. If the TSF is patched, the patched code
is executed.
This component satisfies the security objective of O.Self-protection by verifying the integrity of the
TSF data with using a 16-bit checksum generated by the CRC function of the IC chip when the
TSF data is internally used.
To verify the integrity of the TSF execution code, the TOE compares a previously saved hash
value and another hash value in which the ROM area is calculated in Empty status. Therefore, this
component satisfies the security objective of O.Self-protection by verifying the integrity of the TSF
execution code.
8.2.2 Rationale of IT Environment Security Requirements
(Table 21) presents the mapping between the security objectives and the security functional
requirements for the IT environment.
(Table 21) Mapping of Security Objectives for the IT environment by SFR
FCS_COP.1(1)
X
FCS_COP.1(2)
X
FCS_COP.1(4)
X
FCS_COP.1(5)
X
FPR_UNO.1
X
OE. Range of RF
Communication
X
OE. PKI
FCS_CKM.1(2)
OE. MRZ Entropy
OE. IC Chip
OE. Inspection System
O.Handling Information
Leakage
OE. Personalization Agent
OE. Certificate Verification
OE. Application Program
Loading
OE. Procedures of
ePassport holder Check
Security functional
requirements
for the IT environment
OE. Passport Book
Manufacturing Security
Security objectives
for
the IT environment
X
FCS_CKM.1(2) Cryptographic key generation (PAC Session Key)
FCS_CKM.1(2) requires the generation of a 112-bit PAC authentication key according to the
cryptographic key generation algorithm specified in the PAC.
This component satisfies the security objectives of OE.IC chip by performing the cryptographic
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
100
-Public-
Security Target Lite
operations defined in this component using the functions supported in the IC chip.
FCS_COP.1(1) Cryptographic operation (Symmetric Key Cryptographic Operation)
This component defines the TDES cryptographic operation used to authenticate the Inspection
System that supports the PAC and BAC or to protect the transmitted user data from disclosure.
This component satisfies the security objectives of the OE.IC chip by performing the cryptographic
operations defined in this component using the functions supported in the IC chip.
FCS_COP.1(2) Cryptographic operation (MAC)
This component defines the Retail MAC (ISO/IEC 9797-1) used to authenticate the Inspection
System that supports the PAC and BAC or to detect modification of the transmitted user data.
This component satisfies the security objectives of the OE.IC chip by performing the cryptographic
operations defined in this component using the functions supported in the IC chip.
FCS_COP.1(4) Cryptographic operation (Digital signature Verification for Certificate
Verification)
This component defines the method of digital signature verification (ECDSA-SHA-224) necessary
in the EAC-TA.
This component satisfies the security objectives of the OE.IC chip by performing the cryptographic
operations defined in this component using the functions supported in the IC chip and RSA library.
FCS_COP.1(5) Cryptographic operation (Digital signature Generation)
This component defines the method of digital signature generation (RSASSA- PKCS1- v1.5 -SHA256) necessary in the AA authentication mechanism.
This component satisfies the security objectives of the OE.IC chip by performing the cryptographic
operations defined in this component using the functions supported in the IC chip and ECC
cryptographic library.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
101
-Public-
Security Target Lite
FPR_UNO.1 Unobservability
This component ensures that external entities are unable to observe the cryptographic-related
data, such as the PAC authentication key, PAC Session key, BAC authentication key, BAC
session key, EAC session key and EAC chip authentication private key, AA private key and CVCA
digital signature verification key when the TSF performs a cryptographic operation.
This component satisfies the security objectives of the OE.IC chip by providing countermeasures
for DPA/SPA in the IC chip.
This component satisfies the security objectives of OE.Handling Information Leakages by
providing the means to prevent extrusion of the key information in the IC chip.
8.2.3 Rationale of Assurance Requirements
The EAL (Evaluation Assurance Level) of this Security Target was selected as EAL4+
(ADV_IMP.2, ATE_DPT.2, AVA_VLA.3) after considering factors such as the value of the assets
protected by the TOE and the level of the threats.
EAL4 permits a developer to gain maximum assurance from positive security engineering based
on good commercial development practices which, though rigorous, do not require substantial
specialist knowledge, skills or other resources. EAL4 is the highest level at which it is likely to be
economically feasible to retrofit to an existing product line.
EAL4 is therefore applicable in those circumstances where developers or users require a
moderate to high level of independently assured security in conventional commodity TOEs and are
prepared to incur additional security-specific engineering costs.
This Security Target partially selected assurance components that are higher than EAL4. The
rationale of the augmented with assurance components are given below.
ADV_IMP.2 Implementation of the TSF, ATE_DPT.2 Testing: low-level design, AVA_VLA.3
Moderately resistant
The TOE is an operating system and application program that operates in the MRTD chip.
Therefore, it largely depends on the IC chip in terms of a cryptographic operation function and
physical security. To ensure a secure MRTD chip, the reliability and secure operation of not only
the TOE but also the IC chip must be verified.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
102
-Public-
Security Target Lite
The TOE is developed using publicly available standard implementation specifications. Therefore,
it is easy to obtain information related to the design and operation of the TOE. Moreover, the TOE
is easily accessible, as it is used in an open environment, making it difficult to trace an attack.
However, as the IC chip is not included in the scope of the TOE, it does not require understanding
of the hardware structure or any advanced specialized equipments. Therefore, considering the
resources, motivation and expertise of attackers, the TOE must counter attackers possessing
moderate attack potential. EAL4 includes AVA_VLA.2, which is resistant to low-level attack
potential. Therefore, AVA_VLA.3 is augmented to require execution of systematic vulnerability
analysis and is resistant to attackers possessing moderate attack potential. However, there still
exists direct attack potential to the IC chip by a threat agent possessing a high level of attack
potential. Evaluation and verification of this may be assigned to the IC chip manufacturer.
It is difficult to correct defects, even if they occur after the ePassport loaded with the IC chip is
issued. This can be exploited by attackers. Therefore, ADV_IMP.2 is augmented to enable
analysis of the entire implementation representation in order to check if the TSF is accurately
implemented and that defective code does not exist. Additionally, ATE_DPT.2 is augmented to
enable detection of defects not discovered while the TOE is developed through testing of the
subsystems and modules closely related to the internal structure of the TSF.
8.3 Rationale of Dependency
8.3.1 Dependency of TOE Security Functional Requirements
(Table 22) shows the dependency of the TOE functional components.
(Table 22) Dependency of TOE Functional Components
No.
1
2
3
Functional
Component
Dependency
Ref. No.
[FCS_CKM.2 or FCS_COP.1]
2, (Table 23) 2
FCS.CKM.4
5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
1
FCS_CKM.4
5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
1
FCS_CKM.4
5
FMT_MSA.2
None
FCS_CKM.1(1)
FCS_CKM.2(1)
FCS_CKM.2(2)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
103
-PublicNo.
4
5
6
Functional
Component
Dependency
Ref. No.
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 23) 1
FMT_CKM.4
5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
1, (Table 23) 1
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
1
FCS_CKM.4
5
FMT_MSA.2
None
FDP_ACF.1
8
FDP_ACC.1
7
FMT_MSA.3
25
FCS_CKM.2(3)
FCS_CKM.4
Security Target Lite
FCS_COP.1(3)
7
FDP_ACC.1
8
FDP_ACF.1
9
FDP_DAU.1
-
-
10
FDP_RIP.1
-
-
11
FDP_UCT.1
[FTP_ITC.1 or FTP_TRP.1]
None
[FDP_ACC.1 or FDP_IFC.1]
7
12
FDP_UIT.1
[FDP_ACC.1 or FDP_IFC.1]
7
[FTP_ITC.1 or FTP_TRP.1]
None
13
FIA_AFL.1
FIA_UAU.1
14,15,16,17
14
FIA_UAU.1(1)
FIA_UID.1
21
15
FIA_UAU.1(2)
FIA_UAU.1(1)
14
16
FIA_UAU.1(3)
FIA_UID.1
21
17
FIA_UAU.1(4)
FIA_UID.1
21
18
FIA_UAU.4
-
-
19
FIA_UAU.5(1)
-
-
20
FIA_UAU.5(2)
-
-
21
FIA_UID.1
-
-
22
FMT_MOF.1(1)
FMT_SMF.1
32
FMT_SMR.1
33
23
FMT_MOF.1(2)
FMT_SMF.1
32
FMT_SMR.1
33
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
104
-PublicNo.
24
Functional
Component
FMT_MSA.1
Security Target Lite
Dependency
Ref. No.
[FDP_ACC.1 or FDP_IFC.1]
7
FMT_SMF.1
32
FMT_SMR.1
33
FMT_MSA.1
24
FMT_SMR.1
33
FMT_SMF.1
32
FMT_SMR.1
33
FMT_SMF.1
32
FMT_SMR.1
33
FMT_SMF.1
32
FMT_SMR.1
33
FMT_SMF.1
32
FMT_SMR.1
33
FMT_SMF.1
32
FMT_SMR.1
33
ADV_SPM.1
EAL4
FMT_MTD.1
26
25
FMT_MSA.3
26
FMT_MTD.1(1)
27
FMT_MTD.1(2)
28
FMT_MTD.1(3)
29
FMT_MTD.1(4)
30
FMT_MTD.1(5)
31
FMT_MTD.3
32
FMT_SMF.1
-
-
33
FMT_SMR.1
FIA_UID.1
21
34
FPT_AMT.1
-
-
35
FPT_FLS.1
ADV_SPM.1
EAL4
36
FPT_ITI.1
-
-
37
FPT_RVM.1
-
-
38
FPT_SEP.1
-
-
39
FPT_TST.1
FPT_AMT.1
34
FCS_CKM.1(1),
FCS_CKM.2(1),
FCS_CKM.2(2),
FCS_CKM.2(3),
FCS_CKM.4
and
FCS_COP.1(3) have dependency with FMT_MSA.2, but the dependency in this Security Target is
not satisfied. The target of generating, operating and destroying cryptographic key of FCS is the
TSF data. Therefore, rather than secure security attributes (FMT_MSA.2), FMT_MTD.3 of the
secure TSF data is satisfied.
FDP_UCT.1 and FDP_UIT.1 have dependency with FTP_ITC.1 or FTP_TRP.1, but the
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
105
-Public-
Security Target Lite
dependency in this Security Target is not satisfied. FDP_UCT.1 and FDP_UIT.1 require secure
messaging between the Inspection System and the TOE. As secure messaging between the
Inspection System and TOE uses an unique channel, it is not necessary for it to be logically
separated from other communicational channels. Therefore, in this protection profile, requirements
of FTP_ITC.1 are not defined.
FIA_UAU.1(2) has dependency with FIA_UID.1, but the dependency in this Security Target is not
satisfied. Since the EAC-TA is executed after the BAC mutual authentication, FIA_UAU.1(2)
depends on FIA_UAU.1(1) and FIA_UAU.1(1) depends on FIA_UID.1. Therefore, the dependency
is satisfied indirectly.
8.3.2 Dependency of IT Environment Security Functional
Requirements
(Table 23) shows the dependency of the IT environment functional components.
(Table 23) Dependency of IT Environment Functional Components
No.
1
2
3
4
5
Assurance
Component
Dependency
Ref. No.
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 22) 1
FCS_CKM.4
(Table 22) 5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 22) 1
FCS_CKM.4
(Table 22) 5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 22) 1
FCS_CKM.4
(Table 22) 5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 22) 1
FCS_CKM.4
(Table 22) 5
FMT_MSA.2
None
[FDP_ITC.1 or FDP_ITC.2 orFCS_CKM.1]
(Table 22) 1
FCS_CKM.4
(Table 22) 5
FMT_MSA.2
None
FCS_CKM.1(2)
FCS_COP.1(1)
FCS_COP.1(2)
FCS_COP.1(4)
FCS_COP.1(5)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
106
-Public6
FPR_UNO.1
Security Target Lite
-
-
FCS_CKM.1(2), FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(4) and FCS_COP.1(5) have
dependency with FMT_MSA.2, but the dependency in this Security Target is not satisfied. The
target of generating, operating and destroying the cryptographic key of FCS is TSF data.
Therefore, rather than secure security attributes (FMT_MSA.2), FMT_MTD.3 of the secure TSF
data is satisfied.
8.3.3 Dependency of TOE Security Assurance Requirements
The dependency of EAL4 provided in the Common Criteria is already satisfied. Therefore, the
rationale for this is omitted. The dependency of the augmented security assurance requirements is
as shown in (Table 24).
AVA_VLA.3 has dependency with ADV_FSP.1 and ADV_IMP.1. This is satisfied by ADV_FSP.2
and ADV_IMP.2 in a hierarchical relationship with ADV_FSP.1 and ADV_IMP.1
(Table 24) Dependency of the Added Assurance Components
No.
1
2
3
Assurance Component
ADV_IMP.2
ATE_DPT.2
AVA_VLA.3
Dependency
Ref. No.
ADV_LLD.1
EAL4
ADV_RCR.1
EAL4
ALC_TAT.1
EAL4
ADV_HLD.2
EAL4
ADV_LLD.1
EAL4
ATE_FUN.1
EAL4
ADV_FSP.1
EAL4
ADV_HLD.2
EAL4
ADV_IMP.1
1
ADV_LLD.1
EAL4
AGD_ADM.1
EAL4
AGD_USR.1
EAL4
8.4 Rationale of the Extended Security Requirements
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
107
-Public-
Security Target Lite
There are no expended security requirements in this Security Target.
8.5 Rationale of Assurance Measures
The following table demonstrates the coverage of the Assurance Requirements by the Assurance
measures by indicating the correspondence with crosses.
(Table 25) Assurance Measures
Assurance Requirements
Assurance class
Configuration
Management
Configuration
Management
Configuration
Management
Delivery and
operation
Assurance Measures
Assurance component
Assurance Measures
ACM_AUT.1
Partial CM automation
EPS-01-QT-ACM-1.5
ACM_CAP.4
Generation support and
acceptance procedures
EPS-01-QT-ACM-1.5
ACM_SCP.2
Problem tracking CM coverage
EPS-01-QT-ACM-1.5
ADO_DEL.2
Detection of modification
EPS-01-QT-ADO-1.5
N/A
Delivery and
operation
ADO_IGS.1
Development
ADV_FSP.2
Fully defined external
interfaces
EPS-01-DG-FSP-1.4
Development
ADV_HLD.2
Security enforcing high-level
design
EPS-01-DG-HLD-1.3
Development
ADV_IMP.2
Implementation of the TSF
EPS-01-DG-IMP-1.3
Development
ADV_LLD.1
Descriptive low-level design
EPS-01-DG-LLD-1.3
※ Does not require Installation,
generation, or start-up
procedures for this TOE
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-QT-ADO-1.5
EPS-01-AN-ST(Lite-EN)-1.0
108
-Public-
Assurance Requirements
Assurance class
Assurance component
Security Target Lite
Assurance Measures
Assurance Measures
EPS-01-AN-ST-1.6
EPS-01-DG-FSP-1.4
Development
Informal correspondence
demonstration
ADV_RCR.1
EPS-01-DG-HLD-1.3
EPS-01-DG-IMP-1.3
EPS-01-DG-LLD-1.3
EPS-01-AN-SPM-1.3
Development
ADV_SPM.1
Informal TOE security policy
model
EPS-01-AN-SPM-1.4
Guidance
documents
AGD_ADM.1
Administrator guidance
EPS-01-QT-AGD_ADM-1.5
Guidance
documents
AGD_USR.1
User guidance
EPS-01-QT-AGD_USR-1.5
Life cycle
support
ALC_DVS.1
Identification of security
measures
EPS-01-QT-ALC-1.5
Life cycle
support
ALC_LCD.1
Developer defined life-cycle
model
EPS-01-QT-ALC-1.5
Life cycle
support
ALC_TAT.1
Well-defined development tools
EPS-01-QT-ALC-1.5
Tests
ATE_COV.2
Analysis of coverage
EPS-01-TS-ATE-1.1
Tests
ATE_DPT.2
Testing: low-level design
EPS-01-TS-ATE-1.1
Tests
ATE_FUN.1
Functional testing
EPS-01-TS-ATE-1.1
Tests
ATE_IND.2
Independent testing - sample
EPS-01-TS-ATE-1.1
Vulnerability
assessment
Vulnerability
assessment
EPS-01-TS-MSU-1.3
AVA_MSU.2
Validation of analysis
EPS-01-QT-AGD_ADM-1.5
EPS-01-QT-AGD_USR-1.5
AVA_SOF.1
Strength of TOE security
function evaluation
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-TS-SOF-1.2
EPS-01-AN-ST(Lite-EN)-1.0
109
-Public-
Assurance Requirements
Assurance class
Vulnerability
assessment
Assurance component
AVA_VLA.3
Moderately resistant
Security Target Lite
Assurance Measures
Assurance Measures
EPS-01-TS-VLA-1.0
8.6 Rationale of Function Strength
8.6.1 Rationale for function strength of security functional
requirements
This Security Target requires ‘SOF-high’ for the security functional requirements of FCS_CKM.1(1),
FDP_DAU.1, FIA_UAU.5(1), FIA_UAU.5(2), FCS_COP.1(3) and FPT_TST.1.
(Table 26) Function Strength of Security Functional Requirements
Security Functional
Strength of Function
Requirements
Rationale
SOF-high
FCS_CKM.1(1) has set the length of the encryption key
and MAC key to 112 bits to obtain resistance against
high-level attacks according to ePassport specification.
Therefore, it satisfies 'SOF-high'.
SOF-high
FDP_DAU.1 has set the key length of RSA digital
signature to 2048 bits to obtain resistance against highlevel attacks during AA authentication. Therefore, it
satisfies 'SOF-high'.
SOF-high
FIA_UAU.5(1) has set the length of the ECDSA digital
signature to 224 bits to obtain resistance against highlevel attacks during EAC-TA authentication. Therefore, it
satisfies 'SOF-high'.
SOF-high
FIA_UAU.5(2) has set the length of PAC key to 112 bits
to obtain resistance against high-level attacks in PAC
mutual authentication, generating the PAC session key,
PAC personalization, and management authentication.
Therefore, it satisfies 'SOF-high'.
FCS_COP.1(3)
SOF-high
FCS_COP.1(3) has used 160bit SHA-1, 224bit SHA-224
and 256bit SHA-256 to obtain resistance against highlevel attacks in verifying the TSF integrity. Therefore, it
satisfies 'SOF-high'.
FPT_TST.1
SOF-high
FPT_TST.1 has used a SHA-1 hash algorithm of 160 bits
to verify the integrity of the executable code. Therefore, it
satisfies 'SOF-high'.
FCS_CKM.1(1)
FDP_DAU.1
FIA_UAU.5(1)
FIA_UAU.5(2)
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
110
-Public-
Security Target Lite
Therefore, if attackers have expert knowledge, resources and the proper motivation, as mentioned
in the Security environment, the TOE nonetheless has resistance against their attacks.
8.6.2 Rationale of Strength of Function
This Security Target requires ‘SOF-high’ for the security function of SF.MUT_AUTH,
SF.ACTIVE_AUTH,
SF.CHIP_AUTH,
SF.TERMINAL_AUTH,
SF.ACC_CONTROL
and
SF.RELIABILITY.
(Table 27) Strength of Security Function
Security function
Strength of
Function
Rationale
TOE has implemented a TDES-based mutual
authentication protocol in the PAC mutual authentication of
SF.MUT_AUTH; this satisfies 'SOF-high' because the key
length used is 112 bits.
TOE has implemented a TDES-based authentication
protocol in the PAC personalization and management
authentication of SF.MUT_AUTH; this satisfies 'SOF-high'
because the key length used is 112 bits.
SF.MUT_AUTH
SOF-high
TOE has implemented a TDES-based authentication
protocol to generate the PAC session key in the PAC
mutual authentication of SF.MUT_AUTH; this satisfies
'SOF-high' because the key length used is 112 bits.
TOE has implemented a TDES-based key distribution
protocol to generate the BAC session key in the BAC
mutual authentication of SF.MUT_AUTH; this satisfies
'SOF-high' because the key length used is 112 bits and the
length of the hash algorithm is 160 bits.
SF.CHIP_AUTH
SF.TERMINAL_AUTH
SF.ACTIVE_AUTH
SOF-high
TOE has implemented a 224bit ECDH-based key
distribution protocol in the EAC-CA authentication of
SF.CHIP_AUTH; this satisfies 'SOF-high' because a 160bit
hash algorithm is used at the step to generate the EAC
session key.
SOF-high
TOE has used a 224bit ECDSA digital signature algorithm
and a 224bit hash algorithm in EAC-TA authentication of
SF.TERMINAL_AUTH so that TOE verifies the inspection
system. Therefore, it satisfies 'SOF-high'.
SOF-high
TOE has implemented the AA authentication mechanism of
SF.ACTIVE_AUTH and it satisfies 'SOF-high' because a
2048bit RSA algorithm and a 256bit hash algorithm are
used.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
111
-Public-
Security Target Lite
Security function
Strength of
Function
Rationale
SF.ACC_CONTROL
SOF-high
TOE has used a 160bit SHA-1 hash algorithm at the step
to generate the BAC session key of SF.ACC_CONTROL.
Therefore, it satisfies 'SOF-high'.
SF.RELIABILITY
SOF-high
TOE has used a 160bit SHA-1 hash algorithm at the step
to verify the TSF integrity of SF.RELIABILITY. Therefore, it
satisfies 'SOF-high'.
Therefore, if the attackers have expert knowledge, resources and the proper motivation, as
mentioned in the Security environment, the TOE nonetheless has a resistance against their
attacks.
8.7 Rationale of Mutual Support and Internal Consistency
This rationale demonstrates that the TOE security requirements have mutual support and
internally consistency.
In "8.3.1 Dependency of TOE security functional requirements" and "8.3.2 Dependency of TOE
security assurance requirements"', the dependency is analyzed as a supportive relationship
among security requirements in which it is necessary to depend on other security requirements to
achieve a security objective when a security requirement is insufficient. In case the dependency
was not satisfied, an additional rationale is provided.
Moreover, the security functional requirements, although there is no dependency among security
functional requirements, are mutually supportive and have internally consistency in relation to the
TSF operations, as shown below.
In the Personalization phase, the Personalization agent records the MRTD application data
(FMT_MTD.1(1), FMT_MSA.3) and deactivates the writing function so that the TOE is not modified
by external entities when delivering the TOE to the Operational Use phase (FMT_MOF.1,
FMT_SMF.1). The role of the Personalization agent as such is defined as the security role
(FMT_SMR.1) and is controlled by the ePassport access control policies (FDP_ACC.1,
FDP_ACF.1). It separates the execution domain of subjects and objects within the scope of control
of the ePassport access control policies from other domains (FPT_SEP.1) and is thus ensured to
invoke the access control function at all times as a reference monitor to protect these subjects and
objects (FPT_RVM.1). Therefore, these security requirements are mutually supportive and
internally consistent.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
112
-Public-
Security Target Lite
The TSF, after identifying the Inspection System (FIA_UID.1), executes the BAC mutual
authentication (FIA_UAU.1(1)) and the EAC-TA (FIA_UAU.1(2)) according to the authentication
mechanism application rules (FIA_UAU.5(1)). If the Inspection System fails in authentication, the
session is terminated (FIA_AFL.1). Random numbers must be used so as to prevent reuse of
authentication-related data used in authentication (FIA_UAU.4). To ensure that secure random
numbers are used and that secure certificates are used in the EAC-TA, the certificates must be
verified and updated (FMT_MTD.3). Therefore, these security requirements are mutually
supportive and internally consistent.
The TSF must initialize SSC to 0 (FMT_MTD.1(2)) to indicate the termination of the channel when
terminating the BAC secure messaging (FDP_UCT.1, FDP_UIT.1) that was established to protect
the transmitted user data. Therefore, these security requirements are mutually supportive and
internally consistent.
The cryptographic-related data created in temporary memory after cryptographic operations must
be destroyed to prevent reuse (FCS_CKM.4, FDP_RIP.1). Therefore, these security requirements
are mutually supportive and internally consistent.
In case modification of the transmitted TSF data is detected, the TSF must terminate the session
(FPT_ITI.1) and reset the access rights of the Inspection System (FMT_MSA.1). Therefore, these
security requirements are mutually supportive and internally consistent.
The TSF must execute self-testing under the conditions decided by the ST author (FPT_TST.1). In
case failure is detected, the TOE must preserve a secure state (FPT_FLS.1). Therefore, these
security requirements are mutually supportive and internally consistent.
8.8 Rationale of PP Claims
This security target is conformable to all requirements of the PP (KECS-PP-0084 -2008).
8.8.1 Rationale for Conformance of Security Environment
This Security Target is conformable to all security environments, except that the T. Residual
Information and A.Inspection system of the ePassport Protection Profile are reconstructed.
T.Residual Information defined in ePassport Protection Profile is reconstructed in this Security
Target by adding a PAC authentication key and a Session key to perform PAC authentication
functionality to the residual information.
The A.Inspection System defined in the ePassport Protection Profile is reconstructed in this
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
113
-Public-
Security Target Lite
security target by adding the AA authentication functionality of the TOE to the inspection system.
Therefore, this Security Target is conformable to the security environment of ePassport Protection
Profile.
8.8.2 Rationale for Conformance of Security Objective
In
this
Security
Target,
Security
objectives,
O.Session
Terminate
and
OE.ePassport
Personalization agent are reconstructed and the O.Handling Information leakage is reconstructed
as the OE.Handling Information Leakage because all functions concerning the handling of
information leakage are supported in the IC chip. All of the other security objectives are
conformable to those of the ePassport Protection Profile, and the O.AA and O.PAC are added to
this security target because the AA and PAC authentication functions are added.
O. Session Terminate defined in the ePassport Protection Profile is reconstructed in this security
target by adding a function to terminate the PAC session. Therefore, this security target is
conformable to the security objectives of the ePassport Protection Profile.
The OE.ePassport Personalization Agent defined in the ePassport Protection Profile is
reconstructed in this security target by adding that it has to hold the PAC authentication key
necessary to issue the TOE, implement the security mechanism, and guarantee the application
order according to the issuing type so as not to violate the access control policy of the
personalization agent. Therefore, this security target is conformable to the security objectives of
ePassport Protection Profile.
8.8.3 Rationale for Security Functional Requirements
This Security Target is conformable to all security functional requirements of the ePassport
Protection Profile and reconstructs the operations according to the allowed rules for the security
functional requirements. In addition, the security functional requirements added to this Security
Target are related to the PAC and AA function. Therefore, this Security Target is conformable to
the security functional requirements of the ePassport Protection Profile.
8.8.4 Rationale for Assurance Requirements
This Security Target is conformable to all the assurance requirements of the EAL 4+(ADV_IMP.2,
ATE_DPT.2, AVA_VLA.3) assurance level required in the ePassport Protection Profile. There are
no additionally defined assurance requirements in this Security Target.
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
114
-Public-
Security Target Lite
[Works Cited]
[1] Doc 9303 "Machine Readable Travel Documents" Part 1 "Machine Readable Passports"
Volume 1 "Specification for Electronically Enabled Passports with Biometric Identification
Capability" Sixth Edition, International Civil Aviation Organization(ICAO), 2006. 8
[2] Doc 9303 "Machine Readable Travel Documents" Part 1 "Machine Readable Passports"
Volume 2 "Passports with Machine Readable Data Stored in Optical Character Recognition
Format" Sixth Edition, International Civil Aviation Organization(ICAO), 2006. 8
[3] Technical Guideline Advanced Security Mechanisms for Machine Readable Travel
Documents - Extended Access Control (EAC), Version 1.01, TR-03110, Bundesamt für
Sicherheit in der Informationstechnik (BSI)
[4] Machine Readable Travel Documents Technical Report, PKI for Machine Readable Travel
Documents Offering ICC Read-Only Access, Version - 1.1, Date - October 01,2004, published by
authority of the secretary general, International Civil Aviation Organization
[5] Machine Readable Travel Documents Technical Report, Development of a Logical Data
Structure – LDS, For Optional Capacity Expansion Technologies, Revision –1.7, published by
authority of the secretary general, International Civil Aviation Organization, LDS 1.7, 2004-05-18
[6] Common Criteria Protection Profile, Machine Readable Travel Document with ICAO Application,
Basic Access Control, Bundesamt für Sicherheit in der Informationstechnik (BSI), 2005. 8
[7] Common Criteria Protection Profile, Machine Readable Travel Document with ICAO Application,
Extended Access Control, Bundesamt für Sicherheit in der Informationstechnik (BSI), 2006. 9
[8] SHARP Passport Booklet module Security Target - lite, ST Version 1.13-1, SHARP Corporation
IC Card Development Dept, 2006. 11
[9] Common Criteria for Information Technology Security Evaluation, Version 3.1, CCMB, 2006. 9.
[10] Common Methodology for Information Technology Security Evaluation, Version 3.1, CCMB,
2006. 9.
[11] 국가기관용 개방형 스마트카드 플랫폼 Security 목표명세서 V1.1, 국가정보원 ITSecurity
authentication 사무국, 한국정보보호진흥원, 2006. 5
[12] Supporting Document Mandatory Technical Document, Application of Attack Potential to
Smartcards, Version 2.1, CCDB, 2006. 4
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
115
-Public-
Security Target Lite
[13] Supporting Document Mandatory Technical Document, The Application of CC to Integrated
Circuits, Version 2.0, CCDB, 2006. 4
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
116
-Public-
Security Target Lite
[Abbreviations]
AA
Active Authentication
BAC
Basic Access Control
PAC
Personalization Access Control
BIS
BAC Inspection System
CA
Chip Authentication
CC
Common Criteria
CCMB
Common Criteria Maintenance Board
CCRA
Common Criteria Recognition Arrangement
COS
Card Operating System
CSCA
Country Signing Certification Authority
CVCA
Country Verifying Certification Authority
DES
Data Encryption Standard
DF
Dedicated File
DG
Data Group
DH
Diffie-Hellman
DPA
Differential Power Analysis
DS
Document Signer
DV
Document Verifier
EAC
Extended Access Control
EAL
Evaluation Assurance Level
ECDH
Elliptic Curve Diffie-Hellman
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
117
-Public-
EEPROM
Electrically Erasable Programmable Read-Only Memory
EF
Elementary File
EIS
EAC Inspection System
IC
Integrated Circuit
ICAO
International Civil Aviation Organization
IS
Inspection System
ISO
International Organization for Standardization
IT
Information Technology
KDF
Key Derivation Function
LDS
Logical Data Structure
MAC
Message Authentication Code
MF
Master File
MRTD
Machine Readable Travel Document
MRZ
Machine Readable Zone
PA
Passive Authentication
PIS
PA Inspection System
PKI
Public Key Infrastructure
PP
Protection Profile
RAM
RF
Security Target Lite
Random Access Memory
Radio Frequency
ROM
Read Only Memory
SFP
Security Function Policy
SOD
Security Object of Document
SOF
Strength of Function
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
118
-Public-
SPA
Simple Power Analysis
SSC
Send Sequence Counter
ST
Security Target
TA
Terminal Authentication
TDES
Security Target Lite
Triple-DES
TSC
TSF Scope of Control
TOE
Target of Evaluation
TSF
TOE Security Functions
TSP
TOE Security Policy
Copyright Ⓒ 2008 KOMSCO, All rights reserved
EPS-01-AN-ST(Lite-EN)-1.0
119
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement