MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Table of Contents References .................................................................................................................................................4  Acronyms and definitions .........................................................................................................................5  Introduction  ...................................................................................................................................6  . 1.  1.1  Cryptographic Module Ports and Interfaces .............................................................. 7  1.1.1  Hardware and Physical Cryptographic Boundary ........................................................ 7  1.1.2  Physical Port – Contact mode .............................................................................. 8  Physical Port – Contactless mode ........................................................................ 10  1.1.3  Firmware and Logical Cryptographic Boundary ......................................................... 12  1.2  Versions and mode of operation .......................................................................... 13  1.3  1.4  Critical Security Parameters ............................................................................... 16  Public Keys ................................................................................................... 17  1.5  Roles, authentication and services ......................................................................................... 18  2.  Secure Channel Protocol Authentication Method ....................................................... 18  2.1  Demonstration applet Authentication Method ........................................................... 19  2.2  Services....................................................................................................... 19  2.3  Self-test ....................................................................................................................................... 21  3.  Power-on self-test ........................................................................................... 21  3.1  Conditional self-tests ........................................................................................ 21  3.2  4.  Physical security policy ............................................................................................................ 22  5.  Operational Environment ......................................................................................................... 22  6.  Electromagnetic interference and compatibility (EMI/EMC) ............................................... 22  Mitigation of other attacks policy ............................................................................................. 22  7.  Security Rules and Guidance .................................................................................................. 22  8.  Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 2/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Table of Tables Table 1 – References ................................................................................................... 5  Table 2 – Acronyms and Definitions .................................................................................. 5  Table 3 – Security Level of Security Requirements ................................................................ 6  Table 4 - Contact plate pin list – Contact mode ..................................................................... 8  Table 5 - Voltage and frequency ranges ............................................................................. 9  Table 6 - Contact plate pin list – Contactless mode ............................................................... 10  Table 7 - Voltage and frequency ranges ............................................................................ 11  Table 8 – FIPS Approved Cryptographic Functions ............................................................... 14  Table 9 – FIPS Non-Approved But Allowed Cryptographic Functions .......................................... 15  Table 10 -Critical Security Parameters .............................................................................. 16  Table 11 –Public Keys ................................................................................................. 17  Table 12 - Roles supported by the Module ......................................................................... 18  Table 13 - Unauthenticated Services ................................................................................ 19  Table 14 – Authenticated Services .................................................................................. 19  Table 15 – CSP Access by Service ................................................................................. 20  Table 16 – Power-On Self-Test ...................................................................................... 21  Table of Figures Figure 1 - Physical form and Cryptographic Boundary (P60D080/P60D144) .................................. 7  Figure 2 - Contact plate example – Contact physical interface ................................................... 8  Figure 3 - Contact plate example - Contactless antenna contacts .............................................. 10  Figure 4 - Dual mode example – World Combi module........................................................... 11  Figure 5 - Module Block Diagram .................................................................................... 12  Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 3/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy References Acronym Full Specification Name NIST, Security Requirements for Cryptographic Modules, May 25, 2001 [FIPS140-2] GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1, March 2003, http://www.globalplatform.org [GlobalPlatform] GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1 Amendment A, March 2004 GlobalPlatform Consortium: GlobalPlatform Card Specification 2.2 Amendment D, Sept 2009 ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics ISO/IEC 7816-2:2007 Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts -- Dimensions and location of the contacts [ISO 7816] ISO/IEC 7816-3:2006 Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface and transmission protocols ISO/IEC 7816-4:2005 Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange Identification cards – Contactless integrated circuit cards – Proximity cards ISO/IEC 14443-1:2008 Part 1: Physical characteristics ISO/IEC 14443-2:2010 Part 2: Radio frequency power and signal interface [ISO 14443] ISO/IEC 14443-3:2011 Part 3: Initialization and anticollision ISO/IEC 14443-4:2008 Part 4: Transmission protocol Java Card 2.2.2 Runtime Environment (JCRE) Specification Java Card 2.2.2 Virtual Machine (JCVM) Specification Java Card 2.2.2 Application Programming Interface [JavaCard] Java Card 3.0.1 Application Programming Interface [only for algos ECDSA, SHA2] Published by Sun Microsystems, March 2006 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key [SP800-131A] Lengths, January 2011 NIST Special Publication 800-90, Recommendation for the Random Number Generation Using [SP 800-90] Deterministic Random Bit Generators (Revised), March 2007 NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm [SP 800-67] (TDES) Block Cipher, version 1.2, July 2011 NIST, Computer Data Authentication, FIPS Publication 113, 30 May 1985. [FIPS113] NIST, Advanced Encryption Standard (AES), FIPS Publication 197, November 26, 2001. [FIPS 197] PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, June 14, 2002 [PKCS#1] NIST, Digital Signature Standard (DSS), FIPS Publication 186-4, July, 2013 [FIPS 186-4] NIST Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes [SP 800-56A] Using Discrete Logarithm Cryptography, March 2007 NIST, Secure Hash Standard, FIPS Publication 180-3, October 2008 [FIPS 180-3] Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 4/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Acronym Full Specification Name NIST, AES Key Wrap Specification, 16 November 2001. This document defines symmetric key [AESKeyWrap] wrapping, Use of 2-Key TDES in lieu of AES is described in [IG] D.2. NIST, Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation [IG] Program, last updated 29 June 2012. Table 1 – References Acronyms and Definitions Acronym Definition API Application Programming Interface CM Card Manager, see [GlobalPlatform] CSP Critical Security Parameter DAP Data Authentication Pattern, see [GlobalPlatform] DPA Differential Power Analysis GP Global Platform HID Human Interface Device (Microsoftism) IC Integrated Circuit ISD Issuer Security Domain, see [GlobalPlatform] KAT Known Answer Test OP Open Platform (predecessor to Global Platform) PCT Pairwise Consistency Test PKI Public Key Infrastructure SCP Secure Channel Protocol, see [GlobalPlatform] SPA Simple Power Analysis Table 2 – Acronyms and Definitions Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 5/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1. Introduction This document defines the Security Policy for the Gemalto MultiApp V31 cryptographic module, herein denoted the Module. The Module, validated to FIPS 140-2 overall Level 3, is a single-chip “contact-only”, “contactless-only” or “dual” module (P60D080/P60D144) implementing the Global Platform operational environment, with Card Manager and a Demonstration Applet. The Demonstration Applet is available only to demonstrate the complete cryptographic capabilities of the Module for FIPS 140-2 validation, and is not intended for general use. The term platform herein is used to describe the chip and operational environment, not inclusive of the Demonstration Applet. The Module is a limited operational environment under the FIPS 140-2 definitions. The Module includes a firmware load function to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-2 validation. The FIPS 140-2 security levels for the Module are as follows: Security Requirement Security Level Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 3 Roles, Services, and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks 3 Table 3 – Security Level of Security Requirements Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 6/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.1 Cryptographic Module Ports and Interfaces 1.1.1 Hardware and Physical Cryptographic Boundary The Module is designed to be generally embedded into plastic card body, passport, USB key, secure element etc., with a contact plate connection and/or RF antenna. The physical form of the Module is depicted in Figure 1 (to scale). The red outline depicts the physical cryptographic boundary, representing the surface of the chip and the bond pads. The cross-hatching indicates the presence of the hard opaque outer layer shielding. In production use, the Module is wire-bonded to a frame connected to a contact plate (pads CLK, RST, VDD, I/O and VSS) and/or to an RF antenna (pads LA and LB), enclosed in epoxy and mounted in a card body. The Module relies on [ISO 7816] and/or [ISO 14443] card readers as input/output devices. Figure 1 - Physical form and Cryptographic Boundary (P60D080/P60D144) Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 7/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.1.2 Physical Port – Contact mode 1.1.2.1 PIN assignments and Contact Dimensions: The Module follows the standards [ISO 7816] part 1 and part 2. Figure 2 - Contact plate example – Contact physical interface Contact No. Description Logical interface type C1 VCC (supply voltage) Power C2 RST (Reset signal) Control in C3 CLK (Clock signal) Control in C4 Not connected N/A C5 GND (Ground) N/A C6 Not connected N/A C7 I/O Data in, data out, control in, status out C8 Not connected N/A Table 4 - Contact plate pin list – Contact mode Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 8/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.1.2.2 Conditions of Use The electrical signals and transmission protocols follow the [ISO 7816] part 3. The conditions of use are the following: Conditions Range Voltage 3 V and 5.5 V Frequency 1MHz to 10MHz Table 5 - Voltage and frequency ranges Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 9/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.1.3 Physical Port – Contactless mode 1.1.3.1 Contacts Assignments In the contactless mode the Module follows the standard [ISO 14443] part 1 and only uses two connections that are physically different and distinct from the connections used in the contact mode. Those electrical connections, LA and LB, are placed on the module backside and are used to connect an external antenna loop that is not within the cryptographic boundaries of the module. C1 C5 C2 C6 LA LB C3 C7 C4 C8 Figure 3 - Contact plate example - Contactless antenna contacts Contact No. Description Logical interface type Power IN, Data in, Data out, Control IN, Status out ‘FIPS’ LA (Antenna coil connection) LA interfaces Power IN, Data in, Data out, Control IN, Status out ‘FIPS’ LB LB (Antenna coil connection) interfaces Table 6 - Contact plate pin list – Contactless mode Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 10/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.1.3.2 Condition of uses The radio frequencies and transmission protocols follow the [ISO 14443] parts 2, 4 and 4. The conditions of use are the following: Conditions Range Supported bit rate 106 Kbits/s, 212 Kbits/s, 424 Kbits/s, 848 Kbits/s Operating field Between 1.5 A/m and 7.5 A/m rms Frequency 13.56 MHz +- 7kHz Table 7 - Voltage and frequency ranges 1.1.3.3 Pictures – Dual Mode In Dual mode the properties of both Contact mode and Contactless mode apply. The dual mode module has contact points for both types of signals. World Combi Thermal black resin process, contact and contactless technology Module design and thermal black resin technology Figure 4 - Dual mode example – World Combi module Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 11/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.2 Firmware and Logical Cryptographic Boundary Figure 5 depicts the Module operational environment and applets. Figure 5 - Module Block Diagram The JavaCard API is an internal interface, available to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). The Cryptography Libraries implement the algorithms listed in Section 2. The Javacard Runtime Environment implements the dispatcher, registry, loader, and logical channel functionalities. The Virtual Machine implements the byte code interpreter, firewall, exception management and byte code optimizer functionalities. The Card Manager is the card administration entity, allowing authorized users to manage the card content, keys, and life cycle states. The Card Manager behaves similarly to an applet, but is properly represented as a constituent of the platform. The Memory Manager implements functions such as memory access, allocation, deletion and garbage collection. The Communication handler implements the ISO 7816 and ISO 14443 communications protocols in contactless mode and dual mode. Section 3 describes applet functionality in greater detail. Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 12/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.3 Versions and Mode of Operation Hardware: NXP P60D080P VC (MPH132) NXP P60D144P VA (MPH149) Firmware: MultiApp V31 patch 1.4, Demonstration Applet version V1.3 The Module implements only an Approved mode of operation, as delivered from the manufacturing environment. The explicit indicator of FIPS mode is available using the Module Information service (specifically, the GET DATA command with tag 0103). The Module responds with a multi-byte data set; the most significant bit of the 5th byte set to 1 is the explicit indicator of the FIPS approved mode. Specifically, the first six bytes will be: FOR MPH132 B0 85 47 43 81 32 (represented in hexadecimal with the 5th byte shown in bold red font) Where the 5th byte is 1000 0001 (represented in binary, with FIPS Approved mode indicator in bold red font). FOR MPH149 B0 85 49 45 81 32 (represented in hexadecimal with the 5th byte shown in bold red font) Where the 5th byte is 1000 0001 (represented in binary, with FIPS Approved mode indicator in bold red font). Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 13/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Cryptographic functionality  The Module operating system implements the FIPS Approved and Non- Approved but Allowed cryptographic function listed in Table 8 and Table 9 below : Algorithm Description Cert # DRBG [SP 800-90] Deterministic Random Bits Generator (CTR-D RBG based on AES) 900 [SP 800-67] Triple Data Encryption Algorithm. The Module supports the 3-Key options; CBC and 1984 ECB modes. Note that the Module does not support a mechanism that would allow collection of Triple DES plaintext / ciphertext pairs aside from authentication, limited in use by a counter. Triple DES [FIPS 113] Triple DES Message Authentication Code. Vendor affirmed, based on validated Triple 1984 MAC DES. [FIPS 197] Advanced Encryption Standard algorithm. The Module supports 128-, 192- and 256- 3543 AES bit key lengths with ECB and CBC modes. AES CMAC [SP 800-38D] The Module supports 128-, 192- and 256-bit key lengths. 3543 KDF AES [SP 800-108] The Module supports 128-, 192- and 256-bit key lengths 85 CMAC [FIPS 186-2] [PKCS#1] RSA algorithms. 1822  Signature verification using 4096-bit key (any SHA size). [FIPS 186-4] [PKCS#1] RSA algorithms RSA  Key pair generation using 2048-bit keys  Signature generation using 2048-bit keys using with SHA-2  Signature verification using 1024, 2048-bit and 3072-bit keys (any SHA size) [FIPS 186-2] [PKCS#1] RSA CRT algorithm. 1823  Signature verification using 4096-bit key with SHA-2. [FIPS 186-4] [PKCS#1] RSA CRT algorithm.  Key pair generation using 2048-bit keys; RSA CRT  Signature generation using 2048-and 3072-bit keys with SHA-2;  Signature verification using 1024-, 2048-and 3072-bit keys (any SHA size). [FIPS 186-4] Elliptic Curve Digital Signature Algorithm using the NIST defined curves 721  Key pair generation: P-224, P-256, P-384 and P-521 curves ECDSA  Signature generation: P-224, P-256, P-384 and P-521 curves with SHA-2  Signature verification: P-192, P-224, P-256, P-384 and P-521 curves (any SHA size). [SP 800-56A] The Section 5.7.1.2 ECC CDH Primitive using the NIST defined curves: P-224, P- 597 CVL (ECC 256, P-384 and P-521. CDH) SHA-1 2921 [FIPS 180-4] Secure Hash Standard compliant one-way (hash) algorithms. The Module supports the SHA-1 (160 bits), SHA-2 (224- bit, 256-bit, 384-bit, 512-bit) variants. SHA-2 Table 8 – FIPS Approved Cryptographic Functions Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 14/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Algorithm Description EC Diffie-Hellman key Non SP 800-56A compliant - NIST defined P-224, P-256, P-384 and P-521 curves; agreement provides between 112 and 256 bits of security Triple-DES key wrap 3-key Triple-DES key wrapping ; provides 112 bits of security AES key wrapping using 128, 192, or 256-bit keys : provides between 128 and 256 bits AES key wrap of security Table 9 – FIPS Non-Approved But Allowed Cryptographic Functions Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 15/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.4 Critical Security Parameters All CSPs used by the Module are described in this section. All usage of these CSPs by the Module are described in the services detailed in Section 4. In the tables below, the OS prefix denotes operating system, the SD prefix denotes the Global Platform Security Domain, the DAP prefix denotes the Global Platform Data Authentication Protocol, and the DEM prefix denotes a Demonstration Applet CSP. Key Description / Usage AES-128 random key generated by the card during startup is used as a seed key for OS-RNG-SEED-KEY the [SP800-90A] DRBG implementation. 16-byte AES state V and 16-byte AES key used in the [SP800-90A] CTR DRBG OS-RNG-STATE implementation. OS-GLOBALPIN 6 to 16 byte Global PIN value. Character space is not restricted by the module. OS-MKDK AES-128/192/256 (SCP03) key used to encrypt OS-GLOBALPIN value AES-128/192/256 (SCP03) encryption master key used to derive SD-SENC SD-KENC AES-128/192/256 (SCP03) Security Domain MAC master key, used derive SD- SD-KMAC SMAC SD-KDEK AES-128/192/256 (SCP03) Security Domain Sensitive data decryption key. AES-128/192/256 (SCP03) Security Domain Session decryption key used to decrypt SD-SENC secure channel messages. AES-128/192/256 (SCP03) Security Domain Session MAC key, used to verify secure SD-SMAC channel message integrity. SD-SDEK AES-128/192/256 (SCP03) Session DEK key used by the CO role to decrypt CSPs. AES-128/192/256 (SCP03) key optionally loaded in the field and used to verify the DAP-SYM MAC of packages loaded into the Module. AES-128/192/256 or 3-Key TDES encryption / decryption key used by the DEM-EDK Demonstration Applet Symmetric Cipher service. P-224, P-256, P-384, P-521 ECDSA private key used by the Demonstration Applet DEM-KAP-PRI Key Agreement Primitives service. 2048-bit RSA or P-224, P-256, P-384, P-521 ECDSA private key used by DEM-KGS-PRI Demonstration Applet Generate Asymmetric Key Pair service. AES-128/192/256 CMAC or 3-Key TDES key used by Demonstration Applet Message DEM-MAC Authentication service. 3-Key Triple-DES master key used to encrypt or decrypt Demonstration Applet CSPs DEM-MK exported out of or imported into the Module. 2048-, 3072-, 4096-bit RSA or P-224, P-256, P-384, P-521 ECDSA private key used DEM-SGV-PRI by Demonstration Applet Asymmetric Signature service. Table 10 -Critical Security Parameters It is the responsibility of the applet to ensure that algorithms, modes, and key sizes Disallowed per NIST SP 800-131A are not used. The provided demonstration applet does enforce these restrictions. Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 16/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 1.5 Public Keys Key Description / Usage P-224, P-256, P-384, P-521 ECDSA public key used by the Demonstration Applet Key DEM-KAP-PUB Agreement Primitives service. 2048-bit RSA or P-224, P-256, P-384, P-521 ECDSA public key used by Demonstration DEM-KGS-PUB Applet Generate Asymmetric Key Pair service. 1024-, 2048-, 3072-, 4096-bit RSA or P-192, P-224, P-256, P-384, P-521 ECDSA public key DEM-SGV-PUB used by Demonstration Applet Asymmetric Signature service. Table 11 –Public Keys Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 17/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 2. Roles, Authentication and Services The Module:  Does not support a maintenance role.  Clears previous authentications on power cycle.  Supports Global Platform SCP logical channels, allowing concurrent operators in a limited fashion. Authentication of each operator and their access to roles and services is as described below, independent of logical channel usage. Only one operator at a time is permitted on a channel. Applet deselection (including Card Manager), card reset or power down terminates the current authentication; re-authentication is required after any of these events for access to authenticated services. Authentication data is encrypted during entry (by SD-SDEK), is stored in plaintext and is only accessible by authenticated services. Table 12 lists all operator roles supported by the Module. Role ID Role Description CO Cryptographic Officer - Role that manages Module content and configuration , including issuance and management of Module data via the ISD authenticated as described in Secure Channel Protocol Authentication below. User User - The user role for FIPS 140-2 validation purposes, authenticated as described in Demonstration Applet Authentication below.. Table 12 - Roles supported by the Module 2.1 Secure Channel Protocol Authentication Method The Secure Channel Protocol authentication method is provided by the Secure Channel service. The SD- KENC and SD-KMAC keys are used to derive the SD-SENC and SD-SMAC keys, respectively. The SD- SENC key is used to create a cryptogram; the external entity participating in the mutual authentication also creates this cryptogram. Each participant compares the received cryptogram to the calculated cryptogram and if this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the Module in the CO role). The probability that a random attempt will succeed using this authentication method is:  1/2^128 = 2.9E-39 (for any of AES-128/192/256 SD-KENC/SD-SENC, assuming a 128-bit block) The Module enforces a maximum of 255 failed SCP authentication attempts. The probability that a random attempt will succeed over a one minute interval is:  255/2^128 = 7.5E-37 (for any of AES-128/192/256 SD-KENC/SD-SENC, assuming a 128-bit block) Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 18/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 2.2 Demonstration applet Authentication Method This authentication method compares a PIN value sent to the Module over an encrypted channel to be stored OS-GLOBALPIN values; if the two values are equal, the operator is authenticated. This method is used in the Demonstration Applet services to authenticate to the User role. The module enforces OS-GLOBALPIN string length of 6 bytes minimum (16 bytes maximum), allowing all characters, so the strength of this authentication method is as follows: • The probability that a random attempt at authentication will succeed is 1/256^6. • Based on a maximum count of 15 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is 15/256^6. 2.3 Services All services implemented by the Module are listed in the tables below. Service Description Context Select an applet or manage logical channels. Read unprivileged data objects, e.g., module configuration or status information. Module Info (Unauth) Module Reset Power cycle or reset the Module. Includes Power-On Self-Test. Table 13 - Unauthenticated Services Service CO User Description Lifecycle X Modify the card or applet life cycle status. X Manage Content Load and install application packages and associated keys and data. Module Info Read module configuration or status information (privileged data X objects) (Auth) X Secure Channel Establish and use a secure communications channel. Demonstrate RSA and ECDSA digital signature X Digital Signature generation and verification. X Generate Key Pair* Demonstrate RSA and ECDSA key generation Key Agreement Demonstrate Approved FFC and EC Diffie-Hellman key agreement. X Message X Demonstrate Triple-DES Mac and AES CMAC. Authentication Symmetric Cipher Demonstrate use of Triple-DES and AES for encryption and decryption. X Table 14 – Authenticated Services Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 19/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy It is the responsibility of the applet to ensure that algorithms, modes, and key sizes Disallowed per NIST SP 800-131A are not used. The provided demonstration applet does enforce these restrictions. CSPs OS-RNG-SEED-KEY OS-RNG-STATE OS-GLOBALPIN DEM-KAP-PRI DEM-SGV-PRI DEM-KGS-PRI DEM-MAC DEM-EDK SD-KMAC DAP-SYM SD-SMAC SD-KENC SD-KDEK SD-SENC SD-SDEK DEM-MK Service E ZEG Module Reset -- -- -- -- Z Z Z -- -- -- -- -- -- -- W W Module Info E1 E1 E1 -- -- -- -- -- -- -- -- -- -- -- -- (Unauth) Context -- -- -- -- -- Z Z Z -- -- -- -- -- -- -- GE GE GE Secure Channel -- EW E E E -- -- -- -- -- -- -- 1 1 1 E1 E1 E1 Manage Content -- -- W W W W EW -- -- -- -- -- -- Lifecycle Z Z Z Z Z -Z- -- -- -- Z Z -- Z Z Z Z Module Info E1 E1 E1 -- -- -- -- -- -- (Auth) ER Symmetric Cipher -- -- E -- -- -- -- -- -- -- -- -- -- -- E WZ Message EW -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Authentication Z ER Digital Signature -- EW E -- -- -- -- -- -- -- -- -- -- -- E WZ GE Generate Key Pair -- EW E -- -- -- -- -- -- -- -- -- -- R -- E WZ Key Agreement ER -- -- E -- -- -- -- -- -- -- -- -- -- -- E Primitives WZ Table 15 – CSP Access by Service  G = Generate: The Module generates the CSP.  R = Read: The Module reads the CSP (read access to the CSP by an outside entity).  E = Execute: The Module executes using the CSP.  W = Write: The Module writes the CSP. The write access is typically performed after a CSP is imported into the Module or when the module overwrites an existing CSP. 1 “E” for Secure Channel keys is included for situations where a Secure Channel has been established and all traffic is received encrypted. The Secure Channel establishment includes authentication to the module. Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 20/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy  Z = Zeroize: The Module zeroizes the CSP. For the Context service, SD session keys are destroyed on applet deselect (channel closure)  -- = Not accessed by the service. 3. Self-test 3.1 Power-on Self-test On power on or reset, the Module performs self-tests described in Table 16. All KATs must be completed successfully prior to any other use of cryptography by the Module. If one of the KATs fails, the Module enters the Card Is Mute error state. Test Target Description 16 bit CRC performed over all code located in EEPROM. This integrity test is not required or FW Integrity performed for code stored in masked ROM code memory. DRBG Performs SP800-90A Health tests with fixed inputs, inclusive of KAT Triple-DES Performs separate encrypt and decrypt KATs using 3-Key TDEA in ECB mode. Performs decrypt KAT using an AES 128 key in ECB mode. AES encrypt is self-tested as an AES embedded algorithm of AES-CMAC. Performs an AES-CMAC Generate KAT using an AES 128 key. Note that AES-CMAC Verify AES-CMAC is identical to a Generate KAT (perform Generate then compare to the input) hence a single KAT verifies both functions. RSA Performs separate RSA PKCS#1 signature and verification KATs using an RSA 2048 bit key. RSA CRT Performs RSA PKCS#1 signature KAT using an RSA 2048 bit key. ECDSA Performs separate ECDSA signature and verification KATs using p-224. ECC CDH Performs a KAT for ECC CDH using p-224 keys constituents. SHA-1, SHA-2 Performs separate KATs for SHA-1, SHA-256 and SHA-512. Table 16 – Power-On Self-Test 3.2 Conditional Self-tests On every call to the [SP800-90A] CTR DBRG , the Module performs a stuck fault test to assure that the output is different than the previous value. When RSA or ECDSA key pair is generated the Module performs a pairwise consistency test. When new firmware is loaded into the Module using the Manage Content service, the Module verifies the integrity of the new firmware (applet) using MAC verification with the SD-MAC key. Optionally, the Module may also verify a signature of the new firmware (applet) using the DAP-SYM key; the signature block in this scenario is generated by an external entity using the private key corresponding to the symmetric key DAP-SYM. Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 21/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision]. MultiApp V31 Platform FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy 4. Physical Security Policy The Module is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The Module uses standard passivation techniques. The Module is designed to be mounted in a plastic smartcard or similar package; physical inspection of the epoxy side of the Module is not practical after mounting. The Module also provides a key to protect the Module from tamper during transport, and the additional physical protections listed in Section 7 below. 5. Operational Environment The Module is designated as a limited operational environment under the FIPS 140-2 definitions. The Module includes a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this validation and require a separate FIPS 140-2 validation. 6. Electromagnetic Interference and Compatibility (EMI/EMC) The Module conforms to the EMI/EMC requirements specified by part 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B. 7. Mitigation of Other Attacks Policy The Module implements defenses against:  Fault attacks  Side channel analysis (Timing Analysis, SPA/DPA, Simple/Differential Electromagnetic Analysis)  Probing attacks  Card tearing 8. Security Rules and Guidance The Module implementation also enforces the following security rules:  No additional interface or service is implemented by the Module which would provide access to CSPs.  Data output is inhibited during key generation, self-tests, zeroization, and error states.  There are no restrictions on which keys or CSPs are zeroized by the zeroization service.  The Module does not support manual key entry, output plaintext CSPs or output intermediate key values.  Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module. END OF DOCUMENT Ref: D1314918_MultiApp_V31_FIPS_SP Rev: 1.12 July 2016 Page 22/22 © Copyright Gemalto 2016. May be reproduced only in its entirety [without revision].