NXP JCOP 4 Security Target Lite v3.4 9

FMT_MSA.3.1[CFG]

The TSF shall enforce the [assignment: CONFIGURATION information flow control SFP] to provide [selection:restrictive] default values for security attributes that are used to enforce the SFP.

FMT_MSA.3.2[CFG]

The TSF shall allow the [assignment: nobody] to specify alternative initial values to override the default values when an object or information is created.

FMT_MSA.1[CFG]

Management of security attributes (CFG)

Hierarchical-To

No other components.

Dependencies

[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions

FMT_MSA.1.1[CFG]

The TSF shall enforce the [assignment: CONFIGURATION information flow control SFP] to restrict the ability to[selection: modify] the security attributes [assignment:  NXP Configuration Access and Customer Configuration Access]to[assignment: none].

FMT_SMR.1[CFG]

Security roles (CFG)

Hierarchical-To

No other components.

Dependencies

FIA_UID.1 Timing of identification

FMT_SMR.1.1[CFG]

The TSF shall maintain the roles [assignment: S.NXP and S.Customer].

FMT_SMR.1.2[CFG]

The TSF shall be able to associate users with roles.

AppNote

The roles of the CONFIGURATION information flow control SFP are defined by the NXP Configuration Token and the Customer Configuration Token.

FMT_SMF.1[CFG]

Specification of Management Functions (CFG)

Hierarchical-To

No other components.

Dependencies

No dependencies.

FMT_SMF.1.1[CFG]

The TSF shall be capable of performing the following management functions: [assignment: none.]

FIA_UID.1[CFG]

Timing of identification (CFG)

Hierarchical-To

No other components.

Dependencies

No dependencies.

FIA_UID.1.1[CFG]

The TSF shall allow [assignment: to select the ISD] on behalf of the user to be performed before the user is identified.

FIA_UID.1.2[CFG]

The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user.

•

Code assigned to S.SBNativeCode is only able to perform OP.SB_ACCESSto

O.SB_Content.The ROM, FLASH, and RAM which belongs to O.SB_Content

is controlled by the MMU Segment Table used by the Memory Management

Unit.

•

Code assigned to S.SBNativeCode is able to perform OP.SB_ACCESS_SFRto

O.SB_SFR.

].

FDP_ACF.1.3[SecureBox]

The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: none]

FDP_ACF.1.4[SecureBox]

The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment:

•

For S.SBNative Code it is not possible to perform OP.SB_ACCESS to O.NON_

SB_Content.

FMT_MSA.3.2[SecureBox]

The TSF shall allow the [assignment: S.JCRE] to specify alternative initial values to override the default values when an object or information is created.

AppNote

The dependency with FMT_SMR.1 is not applicable. The TOE does not allow to specify alternative initial values for the security attributes of the Secure Box.

FMT_SMF.1[SecureBox]

Specification of Management Functions (SecureBox)

Hierarchical-To

No other components.

Dependencies

No dependencies.

FMT_SMF.1.1[SecureBox]

The TSF shall be capable of performing the following management functions: [assignment:

•

Switch the CPU Mode

•

Change the values in the MMU Segment Table to assign RAM to the Secure Box

•

Change the values in the MMU Segment Table to assign FLASH to the Secure Box

the behalf of that user: [assignment: Package AID].

FIA_USB.1.2[MODULAR-DESIGN]

The TSF shall enforce the following rules on the initial association of user security

attributes with subjects acting on the behalf of users: [assignment:Each Module is

associated with an unique Package AID].

FIA_USB.1.3[MODULAR-DESIGN]

The TSF shall enforce the following rules governing changes to the user security at-

tributes associated with subjects acting on the behalf of users: [assignment:The Pack-

Age AIDofa Module is unchangeable].

AppNote

The user is a Module and the subjects are the S.APPLET, S.SD and S.JCRE.

Dependencies

No dependencies.

Hierarchical-To

No other components.

Dependencies

FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation

FDP_ACF.1.1[RM]

The TSF shall enforce the [assignment:Restricted Mode access control SFP] to objects based on the following [assignment:

Subject/Object

Security attributes

]

S.SD

D.ATTACK_COUNTER

FDP_ACF.1.2[RM]

The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: The D.ATTACK_COUNTER can be reset by ISD].

FDP_ACF.1.3[RM]

The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment:none].

FDP_ACF.1.4[RM]

The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: Deny all operations on all objects if the D.ATTACK_COUNTERhasreached its limit (restricted mode), except for operations listed in FMT_SMF.1[RM]].

Hierarchical-To

No other components.

Dependencies

FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles

FMT_MSA.3.1[RM]

The TSF shall enforce the [assignment: Restricted Mode access control SFP] to provide [selection: restrictive] default values for security attributes that are used to enforce the SFP.

FMT_MSA.3.2[RM]

The TSF shall allow the [assignment: nobody] to specify alternative initial values to override the default values when an object or information is created.

Hierarchical-To

No other components.

Dependencies

No dependencies.

FMT_SMF.1.1[RM]

The TSF shall be capable of performing the following management functions: [assignment:

•

select ISD,

•

authenticate against the ISD,

•

initialize a Secure Channel with the ISD,

• reset D.ATTACK_COUNTER,

•

identify the card,

• read CPLC data,

•

query the debug logging information.

FIA_UID.1[RM]

Timing of identification (RM)

Hierarchical-To

No other components.

Dependencies

No dependencies.

FIA_UID.1.1[RM]

The TSF shall allow [assignment:

•

select ISD,

•

identify the card,

•

query the debug logging information.

] on behalf of the user to be performed before the user is identified.

FIA_UID.1.2[RM]

The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user.

FIA_UAU.1[RM]

Timing of authentication (RM)

Hierarchical-To

No other components.

Dependencies

FIA_UID.1 Timing of identification

FIA_UAU.1.1[RM]

The TSF shall allow [assignment:

•

select ISD,

•

identify the card,

•

query the debug logging information.

] on behalf of the user to be performed before the user is authenticated.

FIA_UAU.1.2[RM]

The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user.

Dependencies

No other components.

FAU_SAS.1.1[SCP]

The TSF shall provide [assignment: test personnel before TOE Delivery] with the capability to store the [assignment: Initialisation Data and/or Prepersonalisation Data and/or supplements of the Smartcard Embedded Software] in the [assignment: audit records].

FCS_RNG.

Quality metric for random numbers

Hierarchical-To

No other components.

Dependencies

No dependencies

FCS_RNG.1.1

The TSF shall provide a [selection: deterministic] random number generator that implements [assignment:

• (DRG.3.1) If initialized with a random seed using a PTRNG of class PTG.2 (as defined in [41]) as random source, the internal state of the RNG shall have at least 256 bit of entropy.

•

(DRG.3.2) The RNG provides forward secrecy (as defined in [41]).

•

(DRG.3.3) The RNG provides enhanced backward secrecy even if the current inter-

nal state is known (as defined in [41])

]

FCS_RNG.1.2

The TSF shall provide [selection: octets of bits] that meet [assignment:

• (DRG.3.4) The RNG, initialized with a random seed using a PTRNG of class PTG.2 (as defined in [41]) as random source, generates output for which for AES-mode 2⁴⁸ and for TDEA-mode 2³⁵ strings of bit length 128 are mutually different with probability at least 1  2 ²⁴.

•

(DRG.3.5) Statistical test suites cannot practically distinguish the random numbers from output sequences of an ideal RNG. The random numbers must pass test procedure A (as defined in [41])

]

AppNote

This functionality is provided by the certified Crypto Lib, see [20]

FCS_RNG.1[HDT]

Quality metric for random numbers

Hierarchical-To

No other components.

Dependencies

No dependencies

FCS_RNG.1.1[HDT]

The TSF shall provide a [selection: hybrid deterministic] random number generator that implements [assignment:

• (DRG.4.1) The internal state of the RNG shall use PTRNG of class PTG.2 (as defined in [41]) as random source.

•

(DRG.4.2)The RNG provides forward secrecy (as defined in [41]).

•

(DRG.4.3) The RNG provides backward secrecy even if the current internal state is known (as defined in [41]).

• (DRG.4.4) The RNG provides enhanced forward secrecy on demand (as defined in [41]).

• (DRG.4.5) The internal state of the RNG is seeded by an PTRNG of class PTG.2 (as defined in [41]).

]

FCS_RNG.1.2[HDT]

The TSF shall provide [selection: random numbers] that meet [assignment:

• (DRG.4.6) The RNG generates output for which for AES-mode 2⁴⁸ and for TDEAmode 2³⁵ strings of bit length 128 are mutually different with probability at least 1  2 ²⁴.

•

(DRG.4.7) Statistical test suites cannot practically distinguish the random numbers

from output sequences of an ideal RNG. The random numbers must pass test pro-

cedure A (as defined in [41]).

]

AppNote

This functionality is provided by the certified Crypto Lib, see [20]

FIA_AFL.1[PIN]

Basic Authentication Failure Handling (PIN)

Hierarchical-To

No other components.

Dependencies

FIA_UAU.1 Timing of authentication.

FIA_AFL.1.1[PIN]

The TSF shall detect when [selection: an administrator configurable positive integer within [1 and 127]] unsuccessful authentication attempts occur related to [assignment: any user authentication using D.PIN].

FIA_AFL.1.2[PIN]

When the defined number of unsuccessful authentication attempts has been[selection: surpassed], the TSF shall [assignment:block the authentication with D.PIN].

AppNote

The dependency with FIA_UAU.1 is not applicable. The TOE implements the firewall access control SFP, based on which access to the object implementing FIA_AFL.1[PIN] is organized.

FPT_EMSEC.

TOE emanation

Hierarchical-To

No other components.

Dependencies

No dependencies.

FPT_EMSEC.1.1

The TOE shall not emit [assignment: variations in power consumption or timing during command execution] in excess of[assignment: non-useful information] enabling access to [assignment: TSF data: D.CRYPTO] and [assignment:User data: D.PIN, D.APP_KEYs].

FPT_EMSEC.1.2

The TSF shall ensure [assignment: that unauthorized users] are unable to use the following interface [assignment: electrical contacts or Radio Frequency (RF) field] to gain access to [assignment: TSF data: D.CRYPTO] and [assignment:User data: D.PIN, D.APP_KEYs].

FPT_PHP.

Resistance to physical attack

Hierarchical-To

No other components.

Dependencies

No dependencies.

FPT_PHP.3.1

The TSF shall resist [assignment: physical manipulation and physical probing] to the [assignment: TSF] by responding automatically such that the SFRs are always enforced.

Refinement

The TSF will implement appropriate mechanisms to continuously counter physical manipulation and physical probing. Due to the nature of these attacks (especially manipulation) the TSF can by no means detect attacks on all of its elements. Therefore, permanent protection against these attacks is required ensuring that security functional requirements are enforced. Hence, ”automatic response” means here (i) assuming that there might be an attack at any time and (ii) countermeasures are provided at any time.

AppNote

This SFR is taken from the certified Security IC Platform Protection Profile [24].

FCS_CKM.

Cryptographic key distribution

Hierarchical-To

No other components.

Dependencies

[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of userdata with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4Cryptographic key destruction

FCS_CKM.2.1

The TSF shall distribute cryptographic keys in accordance with a specified cryptographickey distribution method [assignment: methods: set keys and components of DES, AES, RSA, RSA-CRT, ECC and secure messaging] that meets the following: [assignment: [38], [14], [15]].

AppNote

• The keys can be accessed as specified in [38] Key class and [14], [15] for proprietary classes.

•

This component shall be instantiated according to the version of the Java Card API applying to the security target and the implemented algorithms [38] and [14], [15] for proprietary classes.

AppNote

•

FCS_CKM.2 for ECC keys is applicable only if the corresponding Module for the cryptographic operation is present in the TOE.

FCS_CKM.

Cryptographic key access

Hierarchical-To

No other components.

Dependencies

[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of userdata with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4Cryptographic key destruction

FCS_CKM.3.1

The TSF shall perform [assignment:management of DES, AES, RSA, RSA-CRT,

ECC, Diffie-Hellman and EC Diffie-Hellman] in accordance with a specified cryptographic key access method [assignment: methods/commands defined in packages

javacard.security of [38] and [14], [15] for proprietary classes] that meets the following: [assignment: [38], [14], [15]].

AppNote

• The keys can be accessed as specified in [38] Key class and [14], [15] for proprietary classes.

•

This component shall be instantiated according to the version of the Java Card API applicable to the security target and the implemented algorithms ([38]) and [14], [15] for proprietary classes.

AppNote

•

FCS_CKM.3 for ECC keys is applicable only if the corresponding Module for the cryptographic operation is present in the TOE.