Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
Introduction for EAL5+ Smartcard OS Evaluating Experience
2010. 7. 22
IT Security Evaluation facility
Hyun, Jin Su ( [email protected])
AISEC 2010 2
Statistics of Over EAL5 Evaluation
Other Devices and Systems (10%)
Operating System (7%)
Boundary Protection Devices and Systems (1%)
Network and Network related Devices and Systems (1%)
Ics, Smart Cards and Smart Card related Devices
and Systems (81%)
Smart Card IC (64%)
MCU (12%)
COS (5%)
Card Reader (2%)
(CC Portal, 2010.7.6)
AISEC 2010 3
2010
2008
2007
2006
2005
0 5 10 15 20
1
3
5
8
15
7
Statistics of E-Passport Evaluation
2009
EAL4+
EAL5+
AISEC 2010 4
• 2006
– MULTOS SM10 (EAL4+, Samsung SDS)
• 2008
– S3FS91J / S3FS91H / S3FS91V (EAL4+, Samsung)
– KCOS e-Passport V1.0 (EAL4+, KOMSCO)
– XSmart e-Passport V1.0 (EAL4+, LG CNS)
– Samsung SDS SPass V1.0 (EAL4+, Samsung SDS)
• 2009
– XSmart OpenPlatform V1.0 (EAL4+, LG CNS)
– S3FS91J / S3FS91H / S3FS91V / S3FS93I with SWP (EAL4+, Samsung)
• 2010
– KCOS e-Passport V1.1 (EAL4+, KOMSCO)
– Samsung SDS SPass V1.1 (EAL4+, Samsung SDS)
– SK e-Pass V1.0 (EAL4+, SK C&C)
– XSmart e-Passport V1.1 (EAL5+, LG CNS)
IC Chip/COS Evaluation in Korea
AISEC 2010 5
Target of Evaluation
TOE XSmart e-Passport V1.1
Level EAL5+ (ADV_IMP.2)
E-Passport Protection Profile V2.1 PP
Sponsor LG CNS
AISEC 2010 6
Class EAL4 EAL5+
(e-passport) Description
ADV
ADV_ARC.1 ADV_ARC.1 - Same - But, the level of description is related with ADV_TDS and ADV_IMP
ADV_FSP.4 ADV_FSP.5 - EAL5 Requirement - Semi-Formal - All error messages from TSFI/non-TSFI
ADV_IMP.1 ADV_IMP.2 - e-Passport PP Requirement - EAL6 Requirement
ADV_TDS.3 ADV_TDS.4 - EAL5 Requirement - Semi Formal
- ADV_INT.2 - EAL5 Requirement - Well-Structured Modularity
AGD
AGD_OPE.1 AGD_OPE.1 - Same
AGD_PRE.1 AGD_PRE.1 - Same
EAL4 vs EAL5+(1)
AISEC 2010 7
Class EAL4 EAL5+
(e-passport) Description
ALC
ALC_CMC.4 ALC_CMC.4 - Same
ALC_CMS.4 ALC_CMS.5 - EAL5 Requirement - Add development tools to Configuration Item
ALC_DEL.1 ALC_DEL.1 - Same
ALC_DVS.1 ALC_DVS.1 - Same
ALC_LCD.1 ALC_LCD.1 - Same
ALC_TAT.1 ALC_TAT.2 - EAL5 Requirement - Well-Defined development tools
ATE
ATE_COV.2 ATE_COV.2 - Same
ATE_DPT.2 ATE_DPT.3 - e-Passport PP Requirement - EAL5 Requirement - Testing for the All TSF Subsystem & Module
ATE_FUN.1 ATE_FUN.1 - Same
ATE_IND.2 ATE_IND.2 - Same
AVA AVA_VAN.3 AVA_VAN.4 - e-Passport PP Requirement - EAL5 Requirement - Moderate Attack Potential
EAL4 vs EAL5+(2)
AISEC 2010 8
Semi-Formal Method(1)
What is Semi Formal?
AISEC 2010 9
• Definition
– Restricted syntax language with defined semantics [AIS34]
• Data Flow
• State-Transition
• Entity-Relation-Ship
• Data or Process or Program Structure
• UML (Unified Modeling Language)
Semi-Formal Method(2)
AIS34 : Evaluation Methodology for CC Assurance Classes for EAL5+ (CC v2.3 & v3.1) and EAL6 (CC v3.1)
AISEC 2010 10
Semi-Formal Method(3)
State Diagram
UML
Data Flow
AISEC 2010 11
Well Structured Modularity(1)
Modularity
AISEC 2010 12
Well Structured Modularity(2)
Is well structured ?
AISEC 2010 13
Is well structured ?
Well Structured Modularity(3)
AISEC 2010 14
• Coding Standards
• Modular Decomposition Principle
– Coupling / Cohesion
Well Structured Modularity(4)
Cohesion
Coincidental
Logical
Communicational
Sequential
Functional W
ell S
tructu
red
Temporal
Coupling
Well
Struct
ure
d
Data
Stamp
External
Common
Content
Control
AISEC 2010 15
Attack Potential(1)
Range of Values
Range of Values
For Smartcard
TOE Resistant to Attackers with
Attack Potential
Maximum Assurance
Component
0 ~ 9 0 ~ 15 No rating -
10 ~ 13 16 ~ 20 Basic AVA_VAN.2
14 ~ 19 21 ~ 24 Enhanced-Basic AVA_VAN.3
20 ~ 24 25 ~ 30 Moderate AVA_VAN.4
25 ~ 31 ~ High AVA_VAN.5
AISEC 2010 16
• Attack Methods for COS – SPA/DPA
– Fault Analysis
– EMA
– Perturbation Attack
– Other Attack Methods listed in Guidance for Smartcard Evaluation v2.0 and Korea Scheme.
• Korea Scheme – Korea CB require additional vulnerability testing for cryptographic algo
rithms evaluated in IC Chip (AVA_VAN4 or VAN5) • HW masked Block Cipher : DES/TDES or AES Algorithm
• Library for Public Cryptographic Algorithm : RSA, ECC
Attack Potential(2)
AISEC 2010 17
Keyword Developer Evaluator
Semi Formal Method High High
Well Structured Modularity High High
Well Defined Development Tool Low Low
Module Testing Medium Low
Attack Potential Medium High
Effort for EAL5
• Level of Effort for preparing EAL5
AISEC 2010 18
Conclusion
Thank you