DAL Security Policy for GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite FIPS 140-2 Level 3 Version 0.11 December 1, 2004 GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. DOC-DAL-C3-00031 DAL CONTENTS 1 INTRODUCTION..................................................................................................... 4 1.1 Scope................................................................................................................... 4 1.2 Dependencies ...................................................................................................... 4 1.3 Terminology........................................................................................................ 4 1.4 Acronyms............................................................................................................ 5 2 MODULE OVERVIEW........................................................................................... 6 3 SECURITY LEVELS ............................................................................................... 6 4 CRYPTOGRAPHIC MODULE SPECIFICATION ............................................. 6 4.1 Operational Environment.................................................................................... 8 4.2 Module Interfaces ............................................................................................... 8 4.2.1 Physical Interface Description ................................................................... 8 4.2.2 Electrical Interface Description ................................................................. 9 4.2.3 Logical Interface Description ................................................................... 10 5 FIPS-APPROVED MODE OF OPERATION ..................................................... 11 6 MODULE CRYPTOGRAPHIC FUNCTIONS ................................................... 11 7 SELF TESTS ........................................................................................................... 12 7.1 Self-Test Execution........................................................................................... 13 8 ROLES & SERVICES............................................................................................ 13 8.1 Roles ................................................................................................................. 13 8.1.1 Crypto Officer/Issuer (CO/Issuer) ............................................................ 14 8.1.2 Crypto Officer/Administrator (CO/Admin)............................................... 14 8.1.3 Card Holder .............................................................................................. 14 8.2 Module Services (per role) ............................................................................... 15 8.2.1 Crypto Officer/Issuer Services.................................................................. 15 8.2.2 Crypto Officer/Administrator Services ..................................................... 17 8.2.3 Card holder Services................................................................................. 18 8.2.4 Unauthenticated Services (NO ROLE) ..................................................... 18 8.2.5 Relationship between Roles and Services per applet................................ 21 9 CRITICAL SECURITY PARAMETERS............................................................ 22 9.1 Crytographic Keys ............................................................................................ 22 9.2 Public Keys ....................................................................................................... 23 9.3 Other CSPS ....................................................................................................... 23 10 SECURITY RULES............................................................................................ 24 GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 2 DAL 10.1 Identification & Authentication Security Rules................................................ 24 10.1.1 Card holder Identification And Authentication ........................................ 24 10.1.2 Crypto Officer/Issuer Identification And Authentication.......................... 24 10.1.3 Crypto Officer/Administrator Identification And Authentication ............. 24 10.2 Physical Security Rules .................................................................................... 24 10.3 Key Management Security Policy .................................................................... 24 10.3.1 Cryptographic Key Generation................................................................. 24 10.3.2 Cryptographic Key Entry.......................................................................... 25 10.3.3 Cryptographic Key Storage ...................................................................... 25 10.3.4 Cryptographic Key Destruction................................................................ 25 10.4 Strength of Authentication................................................................................ 25 10.4.1 Triple DES keys......................................................................................... 25 10.4.2 CO/Admin PIN and User PIN................................................................... 26 11 SECURITY POLICY CHECK LIST TABLES............................................... 26 11.1 Roles & Required Authentication..................................................................... 26 11.2 Strength of authentication Mechanisms............................................................ 26 Access Rights within Services...................................................................................... 27 11.3 Mitigation of Other Attacks...............................Error! Bookmark not defined. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 3 DAL 1 INTRODUCTION 1.1 Scope This document defines a FIPS level 3 Security Policy for the GemXpresso Pro R3 E64 PK ­ FIPS with DAL C3 Applet Suite Smart Card Chip, hereafter referred to as the GXP3 E64PK - DAL C3 module. A description of the basic security requirements for the Gemplus GemXpresso Pro R3 E64 PK- FIPS Smart Card Chip is included along with the DAL C3 Applet Suite and a description of how each security requirement is achieved. 1.2 Dependencies The GXP3 E64PK - DAL C3 module relies on an independent FIPS evaluation of the underlying cryptographic algorithms and security functions implemented on the Gemplus GemXpresso Pro R3 E64 PK- FIPS Smart Card Chip. This underlying hardware module provides its own Security Policy (and related documents). 1.3 Terminology In this document the GXP3 E64PK - DAL C3 module may sometimes be referred to as the module or cryptographic module. References to the underlying Gemplus GemXpresso Pro R3 E64 PK- FIPS module (or its Security Policy or related documents) appear as base module or base cryptographic module. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 4 DAL 1.4 ACRONYMS Acronym Definition ACR Access Control Rule AP Application Provider APDU Application Protocol Data Unit API Application Programming Interface ASC Applet Security Controller ATR Answer To Reset CAD Card Acceptance Device CBC Cipher Block Chaining CO Cryptographic Officer CSP Critical Security Parameter CSC Card Security Controller DES Data Encryption Standard ECB Electronic Code Book EEPROM Electrically Erasable and Programmable Read Only Memory GC Generic Container GP Global Platform (Open Platform) JCRE Java Card TM Runtime Environment MAC Message Authentication Code OP Open Platform PIN Personal Identification Number RAM Random Access Memory ROM Read only Memory SD Security Domain SC Secure Channel TDES Triple DES (112 -bit length keys) XAUT External Authentication GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 5 DAL 2 MODULE OVERVIEW The GXP3 E64PK - DAL C3 module contains an implementation of the Open Platform (OP) Version 2.0.1' specification, which defines a secure infrastructure for post-issuance programmable smart card chips. OP Compliant modules have a life cycle defined by the OP specification. Transitions between different life cycle states have well defined sequences of operation. PINS and keys that have been securely loaded at card issuance authenticate the roles of the Crypto Officer/Issuer, Crypto Officer/Administrator and Card Holder. 3 SECURITY LEVELS The GXP3 E64PK - DAL C3 module meets the overall requirements applicable to Level 3 security of FIPS 140-2. The individual security requirements specific for FIPS 140-2 meet the level specification indicated in the Table 2. Table 2 - Security Requirements Specific to FIPS 140-2 Security Requirements Section Level Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 3 Roles, Services, and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self Tests 3 Design Assurance 3 Mitigation of other attacks N/A 4 CRYPTOGRAPHIC MODULE SPECIFICATION The Cryptographic Boundary is defined to be the `module edge' of the GXP3 E64PK - DAL C3 module, a set of "embedded" hardware and software that implements cryptographic functions and processes, including cryptographic algorithms and key generation. GXP3 E64PK - DAL C3 module is a single chip implementation of a cryptographic module. The GXP3 E64PK - DAL C3 module is designed to be embedded in a plastic card body to provide an ISO-7816 compliant smart card. The hardware version number for the module is GP92 while the firmware version numbers are GXP3 ­ FIPS EI19 and GXP3 ­ FIPS EI19 with new ATR and fast ATR. During the Gemplus manufacturing process, the side of the chip (ICC) with electrical contacts is wire-bonded on the inner side of a contact plate, then globe-topped with resin. The resulting module meets the physical security requirements of FIPS140-2 Level 3. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 6 DAL All components of the GXP3 E64PK - DAL C3 module are included in the cryptographic module boundary, as shown in the following figure: ROM - OPERATING SYSTEM EEPROM - APPLETS Java API Card Manager OP API JavaCard API Kernel DAL C3 Applet Firewall VM JCRE Suite Native API Memory COM Crypto Manager HARDWARE RNG CRC-16 XRAM RAM Cryptographic Hardware CPU MMU processors Security Figure 1- Cryptographic Module Boundary The GXP3 E64PK - DAL C3 module consists of the following elements: · Infineon SLE66CX640P, 8 bit micro controller. This IC is a standard, production- quality IC. · System firmware is installed in Read Only Memory (ROM) as part of the chip manufacturing process (known as the Hard Mask) and in Electrically Erasable, Programmable Read Only Memory (EEPROM) for system option and additional customized software (known as the Soft Mask). The hardware and firmware are then designated: the hardware version number for the module is GP92 while the firmware version numbers are GXP3 ­ FIPS EI19 and GXP3 ­ FIPS EI19 with new ATR (3B 6B 00 00 80 65 B0 83 01 04 74 83 00 90 00) and fast ATR (3B 7B GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 7 DAL 95 00 00 80 65 B0 83 01 04 74 83 00 90 00). Those ATRs (both new and fast) are dedicated to this combination of hardware and software version. · The DAL C3 Applets are loaded into the EEPROM of the module: The Applet version can be determined by a call to the GSCv2.1 command GET PROPERTIES. The applet version field is 4 bytes in length (Only the first two bytes are used for version information. The last two bytes contain build number information). The field is the second value returned from the call. o Access Control Applet Version 1.0 o GSC Service Applet 1.0 · Critical Security Parameters are stored in the EEPROM as part of the module personalization operation. The chip is encased in hard opaque epoxy-resin such that any attempt to gain physical access to the components would critically damage the module with a high probability of making the module unusable (the module will not function). 4.1 Operational Environment The GXP3 E64PK - DAL C3 module has a limited operational environment consisting of a Java Virtual Machine operating on a Gemplus GemXpresso Pro R3 E64 PK Module. The module does not support loading or execution of un-validated code. 4.2 Module Interfaces 4.2.1 Physical Interface Description The GXP3 E64PK - DAL C3 module supports six external (contact plates) contacts that lead to pins on the chip. Only five of these contacts are used. The location of the contacts complies with ISO/IEC 7816-2 standard. Minimum contact surface area is 1.7 mm by 2.0 mm. Contact dimensions are standard credit card compliant as per ISO/IEC 7816-1 standard: Table 3 - Smart Card Chip Contact Area Dimensions Value Length 85.5mm Width 54.0mm Thickness 0.80mm GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 8 DAL 4.2.2 Electrical Interface Description 4.2.2.1 Specific Electrical Functions of Chip Contacts Table 4 - Functional Specifications of Chip Contacts Contact Function C1 Vcc supply voltage 2.7 to 5.5V C2 RST (Reset) C3 CLK (Clock) C4 Not Connected to the chip C5 GND (Ground) C6 Not Connected to the chip C7 I/O bi-directional line C8 Not Connected to the chip 4.2.2.2 ICC SUPPLY CURRENT · Maximum Value < 10mA at 5.5 V 4.2.2.3 CHIP STRUCTURE Chip Structure and ICC electrical contacts defined by ISO/IEC 7816-1&2 4.2.2.4 ELECTRICAL SIGNALING Electrical signaling between "card acceptance device" (CAD) and the smart card chip is defined by ISO/IEC 7816-3. 4.2.2.5 MODULE SECURITY AND KEY ACCESS COMMAND SET Module security and key access command set defined by the following specifications: · ISO/IEC 7816-4. · Global Platform ­ Open Platform ­ Card Specification v2.0.1' ­ 7 April 2000. · Government Smart Card Interoperability Specification ­ Version 2.1 ­ 16 July 2003. 4.2.2.6 CAD TO MODULE COMMUNICATIONS PROTOCOLS Card Accepting Device (CAD) to module communication protocols is defined by ISO/IEC 7816-3 & 4. This is based on a standardized, half-duplex character transmission, ISO 7816 protocol. Only T=0 protocol is supported by the GXP3 E64PK - DAL C3 module. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 9 DAL 4.2.2.7 EMI/EMC The base cryptographic module has been tested to meet the EMI/EMC requirements specified by FCC Part 15, Subpart B, Class B. The cryptographic module is not used for radio communications. 4.2.3 Logical Interface Description The I/O port (C7) of the platform (refer to Table 4) provides the following logical interfaces: · Data In (I/O bidirectional line) · Data Out (I/O bidirectional line) · Control In (CLK, RST, and I/O bidirectional line) · Status Out (I/O bidirectional line) Synchronization timing controls provided in part by way of the platform CLK clock input, manages the separation of these logical interfaces that use the same physical port. Electrical (physical) contact and data link layer contact is established between the smart card chip and the CAD by the CAD issuing a RESET signal to the smart card chip which then responds with an "Answer To Reset (ATR)" related to the version numbers of the hard and soft masks contained on the smart card chip. From this point on, the card functions as a "slave" processor to implement and respond to the CAD's "master" commands. The card adheres to a well defined set of state transitions. Within each state, a specific set of commands is accessible. The details of these commands are defined in the DAL C3 Applets Technical Specification, GSC-ISv2.1 Specification and Open Platform 2.0.1 Specification. Additional commands are defined in the vendor documentation. This interface is also known as a Virtual Card Edge Interface (VCEI) defined in the GSC- ISv2.1 Specification. The specification defines a default set of interoperable APDU level commands for both virtual machine and file system smart cards. The DAL C3 Applets reside on a virtual machine card and the VCEI consist of two providers and a shared library: · Access Control Applet o Manages PINs o Provides Symmetric Key services o Manages access rights for all Generic Containers (GC) and PKI objects · GSC Service Applet o Provides Generic Container service o Provides PKI service GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 10 DAL Each of these providers (Applets) offers additional commands that the card will support, in addition to those commands provided by the basic resident (ROM-stored) software on the card. The GSC service provider provides containers for most types of data, services that act upon the containers and PKI services all at the VCEI. The Access control service provider manages PINs, provides symmetric and asymmetric key services and manages access rights for all GC and PKI objects at the VCEI. 5 FIPS-APPROVED MODE OF OPERATION The following specific actions are required on the part of the Crypto Officer/Issuer along with a restriction within the module usage environment to ensure the module operates in FIPS-approved mode. 1. The CO/Issuer must instantiate all card applets to require a PIN for all Sign operations. 2. The CO/Issuer must instantiate all container applets to require External Authenticate or GP secure channel for all write operations. 3. The CO/Issuer must set the PIN Policies for the CO/Admin and Card Holder to have a minimum length of six bytes (characters). 4. The CO/Issuer must set the incorrect PIN counter to three failed attempts before locking the card. 5. End user environments must use the RSA public key KPUBSM to wrap and pass a TDES session key Ksessionwrap used to encrypt PIN material entered into the card. An operator can use the Get PIN Policy and Get ACR command to verify that the access control rules are configured as described in this section For key zeroization purposes, CO/Issuer may use a Put Key command with a key length parameter of zero to overwrite the RSA private keys or symmetric keys with zeros. 6 MODULE CRYPTOGRAPHIC FUNCTIONS The purpose of the GXP3 E64PK - DAL C3 module is to provide FIPS approved cryptographic services to end-user applications. Cryptographic keys and CSPs (PINs) represent the roles involved in controlling the card. A variety of FIPS 140-2 validated algorithms are used in the GXP3 E64PK - DAL C3 module to provide cryptographic services; these include: · TDES (double-length TDES keys, KENC & KMAC): This algorithm uses the CO\Issuers KENC key to provide a secure channel and the CO\Issuer KMAC key to MAC (integrity-protect) data sent within the secure channel. (OPv2.0.1 section 11.1) GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 11 DAL · TDES: (double-length TDES key, KKEK) This algorithm uses the CO\Issuer KKEK key to encrypt TDES keys that will use the PUT KEY command to place the key(s) into the module. (OPv2.0.1 section 11.1) · TDES: (double-length TDES keys, GSC Kxauth, GSC Kiauth) This algorithm uses the GSC Kxauth key to authenticate a client application to the module and uses the GSC Kiauth key to authenticate the module to the application. (GSCv2.1, sections 5.3.5.2 and 5.3.5.3) · RSA PKCS1 (1024bit GSC KSIGN): Used to sign data. (GSCv2.1 section 5.3.6.1) · RSA PKCS1 (1024bit DAL KSM): Used to unwrap symmetric (TDES) session keys Ksessionwrap used to pass encrypted PIN material into the module. · SHA-1 Hashing. · DES (transitional phase only ­ valid until May 19, 2007): DES is provided by the Gemplus smart card but not used by the applets. Details of cryptographic functions are shown in this table: Type Algorithm FIPS-Approved Certificate Public Key RSA (key size: 1024) Yes (FIPS 186-2) 33 Symmetric Key TDES (CBC), 2 keys TDES, Yes (FIPS 46-3) 95 TDES MAC Vendor affirmed DES Yes 155 (transitional phase only ­ valid until May 19, 2007) Digest SHA-1 Yes (FIPS 180-1) 82 RNG DRNG (ANSI X9.31) Yes (FIPS 186-2) 44 Table 5. Module Cryptographic Functions 7 SELF TESTS The GemXpresso Pro R3 E64 PK ­ FIPS performs the following self-tests to ensure that the module works properly. SELF-TESTS EXECUTION Software/firmware integrity test. At Power-Up Cryptographic algorithm test At Power-Up (Known-answer tests for DES, 3DES, SHA-1, RSA) Pseudo Random Number Generator test. At Power-Up (Known-Answer Test for P-RNG output) Pair-wise consistency test. Conditional Software load test. Conditional GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 12 DAL Continuous random number generator test. Conditional Table 6 - Self-tests list 7.1 SELF-TEST EXECUTION After GXP3 E64PK - DAL C3 is powered up and before executing any APDU commands, the module enters the self-test state and performs all of the cryptographic algorithm and software integrity self-tests as specified in FIPS 140-2 standard. These tests are conducted automatically as part of the normal functions of the cryptographic module. They do not require any additional operator intervention, nor applet specific functions. Power-up self-tests are executed on reception of the first APDU command, after the module reset. The cryptographic module start-up process has been designed in such a way that it cannot be bypassed. This enforces the execution of the self-tests before allowing any use and administration of the module, thus guaranteeing a secure execution of the module cryptographic services. If these self-tests are passed successfully, the cryptographic module returns the status words relating to the requested APDU command via the status interface and incoming APDUs are processed. All data output via the output interface are inhibited while any power-up and conditional self-test is running. Resetting the cryptographic module, then sending any APDU command via its input data interface, provides a means by which the operator can repeat the full sequence of power- up self-tests. 8 ROLES & SERVICES 8.1 ROLES The GXP3 E64PK - DAL C3 module uses identity-based access control in that individual operators have access to the module services. Access control rules provide services to operators who identify themselves by demonstrating knowledge of their cryptographic keys, or PINs, and presenting an operator ID. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 13 DAL The module defines three distinct roles that are supported by the on-card cryptographic system: the Crypto Officer/Issuer (CO/Issuer), Crypto Officer/Administrator (CO/Admin), and Card Holder. · Crypto Officer/Issuer is a role authenticated by demonstrating knowledge of a key set and key ID. · Crypto Officer/Administrator is a role authenticated by knowledge of the Crypto Officer/Administrator PIN and Operator ID. · Card Holder is a User role authenticated by knowledge of the Card Holder PIN and Operator ID. The module ensures the authentication of off-card entities (the CO/Issuer, CO/Admin, and Card Holder) and provides them with cryptographic services according to their role. 8.1.1 CRYPTO OFFICER/ISSUER (CO/ISSUER) The Cryptographic Officer/Issuer authenticates his role on the card by demonstrating to the Card Manager application that he possesses the knowledge of the KENC & KMAC TDES key set and ID stored within the Card Manager. The authentication process follows the OP2.0.1 specification. By successfully executing a series of commands, the Cryptographic Officer/Issuer establishes a secure channel to the Card Manager; establishment of this channel includes mutual authentication of roles between the Cryptographic Officer and the Card Manager. Once established, authorization (on the card) to access information and services is granted by the Card Manager. The Card Manager Security Domain corresponds to the Card Issuer Security Domain. The GXP3 E64PK - DAL C3 module has a try counter of 10 for each key set contained on the module. The 10th consecutive failed attempt blocks the key set. The retry counts are per-key set. If the Card Manager has just one key set, blocking of the key set will block the module permanently. 8.1.2 CRYPTO OFFICER/ADMINISTRATOR (CO/ADMIN) The Crypto Officer/Administrator role is authenticated by verification of the CO/Admin PIN and Operator ID. PIN verification is provided through the Access Control applet. The CO/Admin is responsible for not communicating his PIN. The CO/Admin can change the CO/Admin PIN using the CHANGE REFERENCE DATA command within a secure channel. 8.1.3 CARD HOLDER The Card Holder (User) is responsible for ensuring the ownership of his card and for not communicating his PIN. The User is authenticated by verification of a PIN (Card Holder PIN) that the User has selected at issuance and an Operator ID. PIN verification is provided through the Access Control applet. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 14 DAL 8.2 MODULE SERVICES (PER ROLE) 8.2.1 CRYPTO OFFICER/ISSUER SERVICES A CO/Issuer authenticates his role to issue commands by proving knowledge of a CO/Issuer key set and using the key set to establish a secure channel. These commands include: CHANGE REFERENCE DATA: this command is used to set the Crypto Officer/Administrator PIN (unblock PIN) and Card Holder PIN. The Operator ID parameter selects which PIN to set. The Crypto Officer/Issuer establishes the secure channel for this command, however the Card Holder enters the Card Holder PIN value to ensure its privacy. The Crypto Officer/Administrator sets the Crypto Officer/Administrator PIN similarly. All PIN material must be encrypted using the Ksessionwrap key the details of this are defined in the section 3.2 of the DAL C3 Applet Developers document. Below is an excerpt of the process. The Access Control Applet employs a secure messaging protocol to facilitate secure communication of authentication material sent to the card. Compared to other secure channel mechanisms, this mechanism does not rely on any secret shared between the host and the card, still it provides high degree of privacy and resistance against re-play attacks. Specifically, this mechanism applies to PIN values being transferred to the card by the VERIFY PIN and the CHANGE REFERENCE DATA commands. The essence of the protocol is that the AC applet hosts a RSA key pair. During establishment of a secure messaging session using the MANAGE SESSION command, the host generates a double length 3DES key that it sends to the card, wrapped with the AC applet's public key. The 3DES key associated with the session can then be used to protect subsequent commands. CREATE OBJECT: this GSC Service Applet command is used to create a Generic Container (GC) or a PKI object. The Access Control Rights (ACR's), defined in the GSC-ISv2.1 specification, are chosen for the object at this time. DELETE: this Open Platform command is used to delete a single Load File (package) or an Application (applet instance) in the module. GENERATE RSA KEY: this command is used to generate the defined 1024 bit RSA key pairs: KSIGN and KSM. When generating RSA keys, the desired public GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 15 DAL exponent is passed to the module. On successful key pair generation the public key is stored in the module and returned from the module. The signature verification public key KPUBSIGN may be signed by an external CA and made available in a certificate by using the KPUBSIGN key returned from the module. The KPUBSM public key stored in the module and retrieved by a GET ACR command is used to wrap a TDES session key Ksessionwrap generated by the client, for the purpose of secure messaging, based on ISO7816-4. The Ksessionwrap session key is then used to encrypt PIN material to be sent to the module for PIN verification purposes. This process requires the successful execution of the MANAGE SESSION command. GET CHALLENGE: this GSC-ISv2.1 command causes the module to generate an 8-byte challenge. GET DATA: this Open Platform command is used to retrieve a single, specified data object from the Card Manager. Card Manager data objects are define in the OPv2.0.1' specification. GET STATUS: this Open Platform command is used to retrieve Card Manager, Executable Load File and Application related life cycle status information according to a given search criteria. INSTALL: this Open Platform command is used to install an application or a Security Domain and requires the invocation of several different module functions. The command is used to instruct a Security Domain or the Card Manager as to which installation step it shall perform during an application installation process. LOAD: this Open Platform command is used to load the byte-codes of a Load File (package). PUT KEY: this Open Platform command is used to add or replace Security Domain key sets. DAL PUT KEY ­ this command is used to load the GSC Kxauth, & Kiauth TDES keys and the KSIGN & KSM RSA keys. A PUT KEY command with a key zeroization parameter (key length of zero) will zeroize the keys. The command P1 parameter (the key version number) determines which key is being loaded onto the module. The Kxauth and Kiauth are static TDES keys that are utilized by the defined GSC- ISv2.1 commands EXTERNAL AUTH and INTERNAL AUTH. The keys must be encrypted using the TDES KKEK key prior to using the PUT KEY command. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 16 DAL The KSIGN and KSM are RSA keys that can be put in the module utilizing the PUT KEY command. When the keys are put into the module using the PUT KEY command the CO/Issuer must establish a secure channel first. The format of the keys follows the DAL C3 Applet Developers document, section 3.5.4. The modulus and public exponent of a RSA private key are loaded by 2 repeated PUT KEY commands, once for each of the 2 components. The components are stored in any order, however all components must be stored for the key to be valid. The CRT components of a RSA private key are loaded by 5 repeated PUT KEY commands, once for each of the 5 components. The components are stored in any order, however all components must be stored for the key to be valid. READ BUFFER: this GSC-ISv2.1 command is used to retrieve tagged data objects from a Generic Container (GC). The access rights (ACR's) to the Generic Container are established when the object was created using the CREATE OBJECT command. UPDATE BUFFER: this GSC-ISv2.1command is used to store or replace tagged data objects in a Generic Container. The access rights (ACR's) to the Generic Container are established when the object was created using the CREATE OBJECT command. SET PIN POLICY: this command sets the PIN policy for the Crypto Officer/Administrator PIN or Card Holder PIN based upon the Operator ID specified. The PIN policy sets the minimum and maximum PIN lengths along with other PIN parameters. SET STATUS ­ this Open Platform command modifies the life cycle state of the card or the lifecycle state of an application defined in the OPv2.0.1' specification. 8.2.2 CRYPTO OFFICER/ADMINISTRATOR SERVICES The following commands are available to the Crypto Officer/Administrator: CHANGE REFERENCE DATA: This command is used by the CO/Admin to change the existing Crypto Officer/Administrator PIN to a different value or to unblock a Card Holder PIN that was previously blocked because the Card Holder entered their PIN incorrectly three times. The Card Holder is again able to authenticate using the Card Holder PIN after a successful unblock of the PIN. The Operator ID selects which PIN to modify. This command always requires the Crypto Officer/Administrator to enter the Crypto Officer/Administrator PIN. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 17 DAL GSC EXTERNAL AUTHENTICATE: this GSC-ISv2.1 command is used by the module to authenticate the external client application. The details are defined in section 5.1.2 and 5.3.5.2 of the NIST GSC-ISv2.1 specification. This command is subject to a try counter with a value of 10. The value is set in byte 6 of the Instantiation Parameter for the Access Control applet. After the 10th consecutive failed attempt to use this command, the key is locked but can be re-enabled via the CO/Issuers use of the DAL PUT KEY command. VERIFY PIN: this command via the Access Control Applet is used to verify the Crypto Officer/Administrator PIN. The Crypto Officer/Administrator must enter the Crypto Officer/Administrator PIN and Operator ID for verification. LOGOUT ALL: This command clears all authentication states. 8.2.3 CARD HOLDER SERVICES The following commands are available to the Card Holder: PRIVATE SIGN ­ This command performs an RSA signature generation. Data decryption is not allowed in this module. LOGOUT ALL: This command clears all authentication states. VERIFY PIN: This command is used to verify the Card Holder PIN, or to check whether or not the PIN has been already verified. INTERNAL AUTHENTICATE: this GSC-ISv2.1 command is used to perform a challenge-response authentication used for authenticating the module to the external client application. The details are defined in section 5.1.2 and 5.3.5.3 of the NIST GSC-ISv2.1 specification. 8.2.4 UNAUTHENTICATED SERVICES (NO ROLE) The following commands are available without requiring authentication. SELECT: this command is used for selecting an application (Card Manager, Security Domain or Applet). GET DATA: this Open Platform command is used to retrieve a single, specified data object from the Card Manager. Card Manager data objects are defined in the OPv2.0.1 specification. (see the Note for Table 6.) GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 18 DAL GET PIN POLICY: this command returns the PIN policy for the Crypto Officer/Administrator PIN or Card Holder PIN. The Operator ID parameter determines which PIN policy is returned. GET PIN STATE: this command returns one of four possible states for PINs. The four states are the following: 0 - Undefined. The PIN is effectively invalid. 1- Initial. The PIN must be changed before it can be used to authorize any privileged operations. 2- Normal. 3- Blocked. The PIN is blocked due to too many unsuccessful attempts. The user must enter a proper Operator ID to retrieve the state of the PIN. No relevant security information can be obtained via this command, only the state of the PIN based on the operator. GET PROPERTIES: this GSC-ISv2.1command is used to retrieve applet instance properties of a currently selected applet. All properties are defined in section 5.3.3.4 of the GSC-ISv2.1 specification. GET ACR: this GSC-ISv2.1 command is used to retrieve access control rules. All available ACR information is defined in section 5.3.3.5 of the GSC-ISv2.1 specification. The command has also been extended to retrieve the RSA KPUBSM public key that is used in the MANAGE SESSION command. GET RESPONSE: this command is used to retrieve the response message from the immediately proceeding command. SELECT OBJECT this GSC-ISv2.1command selects a GC or PKI object inside a GSC Service Applet instance. MANAGE SESSION: Opens or closes a secure session for passing TDES encrypted PINs to the module. The module issues a random challenge to preclude replay attacks. The response includes a TDES session key that is wrapped in the RSA public key. INITIALIZE UPDATE: this Open Platform command is used to initiate a Secure Channel with the Card Manager. Card and host session data are exchanged, and session keys (Kenc & Kmac) generated by the card. The Secure Channel is considered open upon completion of a successful EXTERNAL AUTHENTICATE command that must immediately follow the INITIALIZE UPDATE command. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 19 DAL OP EXTERNAL AUTHENTICATE: Open Platform command used by the module to authenticate the CO\Issuer, to establish a Secure Channel. A previous and successful execution of the INITIALIZE UPDATE command is required prior to processing this command. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 20 DAL 8.2.5 RELATIONSHIP BETWEEN ROLES AND SERVICES PER APPLET Table 6 Lists available services for each application on the card and shows which role is required to use each service. X denotes a service is available within the role. Table 7. Roles and Services per Applet. Services / Roles No Role Crypto Crypto Card Officer / Officer / Holder Issuer * Admin CARD MANAGER SERVICES DELETE X EXTERNAL AUTHENTICATE X GET DATA X X GET STATUS X INITIALIZE UPDATE X INSTALL X LOAD X PUT KEY X SELECT X SET STATUS X ACCESS CONTROL APPLET SERVICES CHANGE REFERENCE DATA X X X GET PIN POLICY X GET PIN STATE X DAL PUT KEY X SET PIN POLICY X GSC SERVICE APPLET SERVICES CREATE OBJECT X GET PROPERTIES X GENERATE RSA KEY X PRIVATE SIGN X DAL PUT KEY X READ BUFFER X X1 X1 SELECT OBJECT X UPDATE BUFFER X SERVICES COMMON TO ALL APPLETS GET ACR X GET CHALLENGE X GET RESPONSE X GSC EXTERNAL AUTHENTICATE X X X INTERNAL AUTHENTICATE X LOGOUT ALL X X X MANAGE SESSION X DAL PUT KEY X SELECT X VERIFY PIN X X GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 21 DAL * Crypto Officer/Issuers may use the GET DATA command within a secure channel. See the related Note in Section 6.2.4, Unauthenticated Services for more information. 1. The READ BUFFER command is available outside of a Secure Channel (no security condition). However, if issued within a Secure Channel, it must follow the same security level as defined in EXTERNAL AUTHENTICATE. 9 CRITICAL SECURITY PARAMETERS 9.1 SYMMETRIC CRYPTOGRAPHIC KEYS The GXP3 E64PK - DAL C3 module includes the following keys: · Initialization Key, Kinit used only for the first Card Manager key-set loading, · Crypto Officer/Issuer Security Domain keys (KENC, KMAC, & KKEK), A Security Domain key set is structured to contain three types of TDES keys: KENC, used to generate session keys for the Crypto Officer/Issuer and encrypted mode of the secure channel, KMAC, used to generate session key for MAC mode of the secure channel Authentication, KKEK, used to encrypt keys, to be imported into the module. Security Domains allow a number of distinct identities to be established on the Gemplus GemXpresso Pro R3 E64 PK-FIPS module. These are identities that control access to the various applets stored on the Gemplus GemXpresso Pro R3 E64 PK- FIPS module. A Security Domain represents the identity of the Crypto Officer/Issuer. · TDES Session keys, Kenc & Kmac (keys generated from the Crypto Officer/Issuer keys set(s)) details define in OP2.0.1 section 13.1, · GSC External Authenticate Key, Kxauth used to authenticate a client application to the module details define in GSCv2.1 section 5.3.5.2 & 5.1.2.1. · GSC Internal Authenticate Key, Kiauth used to authenticate the module to the client application details define in GSCv2.1 section 5.3.5.3 & 5.1.2.3. · Manage Session Key, Ksessionwrap TDES client generated session key (passed externally from client) used to decrypt session data (secure passing of PIN material). As mentioned above, the Ksessionwrap TDES key is used as part of the secure messaging protocol to facilitate secure communication of authentication material (Global and Unblock PINs) sent to the module. Compared to other secure channel mechanisms, this mechanism does not rely on any secret shared between the host and the module, still it provides a high degree of privacy and resistance against re-play attacks. Specifically, this mechanism applies to PIN values being transferred to the module by the VERIFY PIN and the CHANGE REFERENCE DATA commands. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 22 DAL The essence of the protocol is that the AC applet hosts a RSA key pair. During establishment of a secure messaging session using the command, the host generates a double length 3DES key (Ksessionwrap) that it sends to the module, wrapped with the AC applet's public key. The Ksessionwrap key associated with the session can then be used to protect subsequent commands. The RSA key pair is either generated by the module using the GENERATE RSA KEY command or loaded to the card during applet pre-personalization by the PUT KEY command. The public key can be retrieved from the card by the GET ACR command. Details can be found in ISO7816-4 (Secure Messaging) and DAL C3 Applets Developers Technical Document starting in section 3.2. 9.2 ASYMMETRIC KEYS Private and public keys can be generated on the card (GENERATE RSA KEY), or loaded onto the card (PUT KEY). KSIGN (Key pair) · RSA Public Sign Key, KPUBSIGN for signature verification operations. · RSA Private Key for Sign operations KPRIVSIGN KSM (Key pair) · RSA Public Key KPUBSM for wrapping the TDES session key (Ksessionwrap). · RSA Private Key KPRIVSM for unwrapping the TDES session key (Ksessionwrap) 9.3 OTHER CSPS The GXP3 E64PK - DAL C3 module includes two CSPs (two Personal Identification Numbers [PINs] managed by the Access Control Applet): · A Card Holder PIN to authenticate the Card Holder · A Crypto Officer/Administrator PIN used by the Crypto Officer/Administrator to unblock a blocked Card Holder PIN. The User PIN is a 6 - 125 character string that may be used to authenticate the Card Holder to the card. That is, by successfully entering a PIN sequence, a Card Holder can prove knowledge of a shared secret (the PIN) and thereby authenticate himself to the card. The CHANGE REF DATA is available to the Crypto Officer/Admin to change or unblock a PIN. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 23 DAL The Crypto Officer/Administrator PIN is a 6 - 125 character string that may be used to authenticate the CHANGE REF DATA command. 10 SECURITY RULES 10.1 IDENTIFICATION & AUTHENTICATION SECURITY RULES The module implements specific methods for authenticating the different roles. The implementation consists of the binding of an Identity-based Access Control Rule to each service that requires a role. 10.1.1 CARD HOLDER IDENTIFICATION AND AUTHENTICATION Proving knowledge of the Card Holder PIN and Operator ID authenticates the Card Holder. 10.1.2 CRYPTO OFFICER/ISSUER IDENTIFICATION AND AUTHENTICATION The Crypto Officer/Issuer must prove the possession of the Card Manager Key Set and Key ID to authenticate his role. The KENC & KMAC keys are used to generate the Kenc & Kmac TDES session keys to authenticate the command payload. The KKEK key is used to encrypt keys transported within the command (PUT KEY command). 10.1.3 CRYPTO OFFICER/ADMINISTRATOR IDENTIFICATION AND AUTHENTICATION The Crypto Officer/Administrator must prove knowledge of the Crypto Officer/Administrator PIN and Operator ID to authenticate his role. 10.2 PHYSICAL SECURITY RULES The physical security of the GXP3 E64PK - DAL C3 module is designed to meet FIPS 140-2 level 3 requirements. A hard opaque epoxy is used to encapsulate the module to meet level 3 requirements. From the time of its manufacture, the card is in possession of the Crypto Officer until it is ultimately issued to the end user. 10.3 KEY MANAGEMENT SECURITY POLICY 10.3.1 CRYPTOGRAPHIC KEY GENERATION RSA key pairs may be generated using the GENERATE RSA KEY function along with a key ID. The public key is returned from the function and may be used externally from the module by being included on a digital certificate establishing the relationship between the public-key and the role of the Card Holder. The private-key, which is retained securely within the PKI Container, is used to establish the identity of the Card Holder by verifying a digital signature. The Access Control applet contains the KSM Generated RSA key pair that is used for the sole purpose of securely transporting a TDES session key Ksessionwrap that is used to encrypt PIN material that will be passed to the module. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 24 DAL 10.3.2 CRYPTOGRAPHIC KEY ENTRY Security Domain Keys are input to the Card Manager in encrypted format, using the PUT KEY command within a secure channel. This follows the OP2.0.1 specification by setting the session level to require ENC+MAC. During this process, the keys are double encrypted (using the Session Key Kenc and the KKEK Key). RSA key pair CRT components may be generated off card and imported onto the card (using the PUT KEY command within the secure channel). The public-key is used externally from the module by being included on a digital certificate establishing the relationship between the public-key and the User. The certificate containing the public key may be stored on the card in a GSC container. The private-key, which is retained securely within the PKI Container, is used to establish the identity of the Card Holder by forming a digital signature. 10.3.3 CRYPTOGRAPHIC KEY STORAGE All secret and private keys are structured to contain the following parameters: · Key ID · Algo ID · Integrity Mechanisms (ECC) The symmetric session keys reside in RAM only and become invalid when a secure channel session ends. 10.3.4 CRYPTOGRAPHIC KEY DESTRUCTION The module destroys secret and private cryptographic keys by using a PUT KEY command with a key length value of the key component set to zero. This zeroizes the key selected by the key version (P1) parameter. The PIN can be zeroized by overwriting it using the CHANGE REFERENCE DATA command. All keys and CSPs can also be zeroized by setting the card manager state to OP_Terminated. 10.4 STRENGTH OF AUTHENTICATION 10.4.1 TRIPLE DES KEYS Each of the Triple DES keys used by the CO/Issuer has an effective key length of 112 bits. This results in over 2112 keys for the Triple DES keys in the CO/Issuer 3 key set which far exceeds the 1 in a million test requirement. The module's try counter limits an attacker to 10 failed attempts per key set before locking the key set against further attempts. GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 25 DAL 10.4.2 CO/ADMIN PIN AND USER PIN The length of the CO/Admin PIN and the User PIN is a character string of 6 to 125 characters. PINs may contain any keyboard characters including Shift-number combinations. For example if each byte of a 6 byte PIN is an alphanumeric character (a- z, A-Z, 0-9), it would yield a minimum of 626 possible PINs. This far exceeds the 1 in a million test. An 8-bit counter internal to the Access Control applet limits the number of failed PIN attempts an attacker could perform by blocking the card if the counter limit (3 attempts per PIN set in FIPS approved mode) is exceeded. 11 SECURITY POLICY CHECK LIST TABLES 11.1 ROLES & REQUIRED AUTHENTICATION Table 8. Roles and Required Authentication Role Type of Authentication Authentication Data Crypto Officer/Issuer TDES authentication TDES keys (Crypto Officer Security Domain) KENC , KMAC Crypto Officer/Admin PIN, TDES authentication Crypto Officer/Administrator PIN Kxauth User PIN Card Holder PIN 11.2 STRENGTH OF AUTHENTICATION MECHANISMS Table 9. Strength of Authentication Mechanisms Authentication Mechanism Strength of Mechanism TDES authentication High (Far exceeds the 1 in a million test) PIN-based authentication High (Far exceeds the 1 in a million test) GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 26 DAL ACCESS RIGHTS WITHIN SERVICES Table 10. Access Rights Within Services Service CSP Type of Access (eg. Read, Write, Execute) Crypto Officer/Issuer External Authenticate TDES CO Keys Execute (Secure Channel) PUT KEY TDES CO Keys Write DAL PUT KEY TDES Kxauth & Kiauth Write RSA KPRIVSIGN & KPRIVSM CHANGE REFERENCE Card Holder PIN Write DATA (P2=00H) Crypto Officer/Administrator PIN GENERATE RSA KEY RSA KPRIVSIGN & KPRIVSM Write Crypto Officer/Admin. Verify PIN Crypto Read Officer/Administrator PIN CHANGE REFERENCE Crypto Write DATA (Change Unblock Officer/Administrator PIN PIN) CHANGE REFERENCE Card Holder PIN Write DATA (Unblock PIN) Card Holder Verify PIN Card Holder PIN Read SIGN RSA KPRIVSIGN Execute GemXpresso Pro R3 E64 PK ­ FIPS With DAL C3 Applet Suite Security Policy This document may be reproduced only in its original entirety (without revision). Copyright Gemplus Corp. and Dreifus Associates Limited, Inc.- 2004. 27