DIN EN 419251-1-2013 Security requirements for device for authentication - Part 1 Protection profile for core functionality German version EN 419251-1 2013《身份认证设备安全要求 第1部分 核心功能的保护配.pdf

1、May 2013 Translation by DIN-Sprachendienst.English price group 22No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 35

2、.240.15!%$Yu“2015482www.din.deDDIN EN 419251-1Security requirements for device for authentication Part 1: Protection profile for core functionality;English version EN 419251-1:2013,English translation of DIN EN 419251-1:2013-05Sicherheitsanforderungen fr Gerte zur Authentisierung Teil 1: Schutzprofi

3、l fr Kernfunktionalitten;Englische Fassung EN 419251-1:2013,Englische bersetzung von DIN EN 419251-1:2013-05Profils de protection pour dispositif dauthentification Partie 1: Dispositif avec import de cls;Version anglaise EN 419251-1:2013,Traduction anglaise de DIN EN 419251-1:2013-05www.beuth.deDocu

4、ment comprises 52 pagesIn case of doubt, the German-language original shall be considered authoritative.04.13DIN EN 419251-1:2013-05 2 A comma is used as the decimal marker. National foreword This document (EN 419251-1:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identificatio

5、n, electronic signature and cards and their related systems and operations” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the Normenausschuss Informationstechnik und Anwendungen (Information Technology and selected IT Applications Standards Committee), Wor

6、king Committee NA 043-01-17 AA Karten und persnliche Identifikation. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419251-1 March 2013 ICS 35.240.15 English Version Security requirements for device for authentication - Part 1: Protection profile for core functionality Profils de protection po

7、ur dispositif dauthentification - Partie 1: Dispositif avec import de cls Sicherheitsanforderungen fr Gerte zur Authentisierung - Teil 1: Schutzprofil fr Kernfunktionalitten This European Standard was approved by CEN on 7 December 2012. CEN members are bound to comply with the CEN/CENELEC Internal R

8、egulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN m

9、ember. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions

10、. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Pola

11、nd, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form

12、and by any means reserved worldwide for CEN national Members. Ref. No. EN 419251-1:2013: EEN 419251-1:2013 (E) 2 Contents Page Foreword . 5 1 Scope 6 2 Normative references . 6 3 Conformance 6 3.1 CC Conformance Claim . 6 3.2 PP Claim . 6 3.3 Package Claim 6 3.4 Conformance Rationale . 6 3.5 Conform

13、ance Statement 6 4 Terms and definitions 7 5 Symbols and abbreviations . 9 6 Overview of the target of evaluation . 9 6.1 TOE Type 9 6.2 TOE Usage 9 6.3 Security Features of the TOE . 9 6.4 Examples of applications. 10 6.4.1 E-government . 10 6.4.2 Multiple applications 11 6.5 Required non-TOE Hardw

14、are and Software 11 6.6 Protection Profile Usage 11 7 TOE Environment . 12 7.1 Overall view 12 7.2 Personalisation application . 13 7.2.1 General . 13 7.2.2 Functionalities 13 7.2.3 Communication 13 7.3 Authentication application . 14 7.3.1 General . 14 7.3.2 Functionalities 14 7.3.3 Communication 1

15、4 7.4 Verifier 15 7.4.1 Functionalities 15 7.4.2 Communication 15 7.5 Key Generator 15 7.5.1 Functionalities 15 7.5.2 Communication 15 7.6 Certification Authority Functionalities 15 8 Life Cycle 16 8.1 Overview . 16 8.2 Pre-Personalisation phase . 17 8.3 Personalisation phase . 18 8.3.1 General . 18

16、 8.3.2 Personalisation application . 18 8.4 Usage phase Authentication application 18 8.4.1 General . 18 8.4.2 Verifier 19 9 Security problem definition . 19 DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 3 9.1 Assets . 19 9.1.1 General . 19 9.1.2 Assets protected by the TOE . 19 9.1.3 Sensitive asset

17、s of the TOE . 19 9.2 Users . 20 9.3 Threats 21 9.4 Organisational security policies 22 9.4.1 Provided services . 22 9.4.2 Other services 22 9.5 Assumptions 23 10 Security objectives . 24 10.1 General . 24 10.2 Security objectives for the TOE . 24 10.2.1 Provided service . 24 10.2.2 Authentication t

18、o the TOE 24 10.2.3 TOE management . 24 10.3 Security objectives for the operational environment 25 10.4 Rationale for Security objectives . 26 11 Extended component definition. 30 12 Security requirements 30 12.1 General . 30 12.2 Introduction 31 12.2.1 Subjects Objects and security attributes 31 1

19、2.2.2 Operations 31 12.3 Security functional requirements 32 12.3.1 General . 32 12.3.2 Core 32 12.3.3 KeyImp 40 12.4 Security assurance requirements 43 12.5 SFR / Security objectives . 43 12.6 SFR Dependencies . 46 12.7 Rationale for the Assurance Requirements 48 12.7.1 EAL.4 methodically designed,

20、 tested, and reviewed 48 12.7.2 AVA_VAN.5 Advanced methodical vulnerability analysis 48 12.7.3 ALC_DVS.2 Sufficiency of security measures 48 Bibliography 49 Index 50 Figures Figure 1 TOE Security Features 12 Figure 2 Personalisation application environment 13 Figure 3 Authentication application envi

21、ronment 14 Figure 4 TOE Life Cycle 16 Tables Table 1 Protection of sensitive data . 24 Table 2 Security objectives vs problem definition rationale . 27 Table 3 Security attributes . 31 Table 4 Core security attributes . 35 Table 5 Core operations 35 Table 6 Core security attributes - Operation . 36

22、DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 4 Table 7 Core security attributes - Initial value 37 Table 8 Core security attributes updates 38 Table 9 TSF data Updates . 38 Table 10 KeyImp security attributes 40 Table 11 KeyImp security attributes - operations . 41 Table 12 KeyImp security attribute

23、s update authorised roles 42 Table 13 KeyImp security attributes Update values 43 Table 14 SFR vs Security objectives retionale 44 Table 15 SFR dependencies 46 DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 5 Foreword This document (EN 419251-1:2013) has been prepared by Technical Committee CEN/TC 224

24、 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by Sept

25、ember 2013, and conflicting national standards shall be withdrawn at the latest by September 2013. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such pa

26、tent rights. EN 419251 contains the following parts: EN 419251-1, Security requirements for device for authentication Part 1: Protection profile for core functionality (the present document); EN 419251-2, Security requirements for device for authentication Part 2: Protection profile for extension fo

27、r trusted channel to certificate generation application; EN 419251-3, Security requirements for device for authentication Part 3: Additional functionality for security targets. The present document was submitted to the Enquiry under the reference prEN 16248-1. According to the CEN/CENELEC Internal R

28、egulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland

29、, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 6 1 Scope This European Standard is a Protection Profile that defines the securit

30、y requirements for an authentication device. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of

31、 the referenced document (including any amendments) applies. ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework ISO/IEC 15408-1:20091), Information technology Security techniques Evaluation criteria for IT security

32、 Part 1: Introduction and general model ISO/IEC 15408-21), Information technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-31), Information technology Security techniques Evaluation criteria for IT security Part 3: Security assuranc

33、e components ISO/IEC 18045, Information technology Security techniques Methodology for IT security evaluation 3 Conformance 3.1 CC Conformance Claim This Protection Profile (PP) is CC Part 2 extended and CC Part 3 conformant and written according to ISO/IEC 15408-1, -2, -3 and ISO/IEC 18045. 3.2 PP

34、Claim This PP does not claim conformance to any other Protection Profile. 3.3 Package Claim The evaluation assurance level for this PP is EAL4-augmented with the assurance components AVA_VAN.5 and ALC_DVS.2. 3.4 Conformance Rationale Since this PP is not claiming conformance to any other protection

35、profile, no rationale is necessary here. 3.5 Conformance Statement The conformance required by this PP is the demonstrable-PP conformance. This would facilitate conformance claim to both the PP “Authentication device” and other PPs for Security Target (ST) authors. 1) ISO/IEC 15408-1, -2 and -3 resp

36、ectively correspond to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3. DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 7 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 Authentication Protocol sensitive data dat

37、a used in the process of authentication of the TOE by the external entity Note 1 to entry: These data are linked to the Authentication private key, e.g. Authentication Certificate or APuK. Note 2 to entry: Authentication Protocol sensitive data may be empty if the environment is trusted, and the hol

38、der public key known to the system. 4.2 Certificate electronic attestation, which links the APuK to a person and confirms the identity of that person (as defined in the Directive 8, Article 2, Clause 9) 4.3 Certificate Info information associated with an Authentication key pair that consists of eith

39、er: a signers public key certificate; or one or more hash values of a signers public key certificate together the identifier of the hash function used to compute these hash values, and some information which allows the signer to disambiguate between several signers certificates 4.4 Configuration set

40、 of groups Note 1 to entry: Each configuration corresponds to one PP. It has its own rationale. See 2. 4.5 Group set Assets, threats, objectives, and Requirements, addressing a specific function Note 1 to entry: See 2. 4.6 Holder legitimate holder of the authentication device Note 1 to entry: See 9.

41、2 for more details. 4.7 Issuer user of the authentication device during personalisation Note 1 to entry: See 9.2 for more details. 4.8 Protection Profile PP implementation-independent statement of security needs for a TOE SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“, modified in IS

42、O/IEC 15408-1, the protection profile refers to a TOE type instead of a TOE in this document DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 8 4.9 PP collection document defining groups and configurations 4.10 Reference Authentication Data usually called RAD, data stored inside the TOE and used as a re

43、ference to which the VAD will be compared Note 1 to entry: This RAD can be biometrics data, a PIN, or a symmetric key. It can also be a combination of these factors. The RAD is not an Asset, it is TSF data. 4.11 Trusted channel means by which a TSF and a remote trusted IT product can communicate wit

44、h necessary confidence SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“ 4.12 Trusted Environment environment that ensures the protection of sensitive data transfers between the TOE and a remote trusted IT product (resp. a user) Note 1 to entry: A trusted (or untrusted) environment rela

45、tes to the whole communication channel between the TOE and the remote trusted IT product (resp. the user). 4.13 Untrusted Environment environment that does not ensure the protection of sensitive data transfers between the TOE and a remote trusted IT product (resp. a user) Note 1 to entry: An untrust

46、ed (or trusted) environment relates to the whole communication channel between the TOE and the remote trusted IT product (resp. the user). 4.14 User current User of the TOE Note 1 to entry: The User can be the Issuer or the Holder. 4.15 Verifier entity which is or represents the entity requiring an

47、authenticated identity Note 1 to entry: A verifier includes the functions necessary for engaging in authentication exchanges. SOURCE: ISO/IEC 10181-2:1996, modified the full sentence at the end of the definition in the ISO/IEC has been turned into the present Note 1 to entry 4.16 Verification Authen

48、tication Data usually called VAD, data entered into the TOE and checked against the RAD as a means of authentication Note 1 to entry: As the RAD, the VAD is not an Asset, it is TSF data. DIN EN 419251-1:2013-05 EN 419251-1:2013 (E) 9 5 Symbols and abbreviations APSD Authentication Protocol Sensitive

49、 Data APrK Authentication Private Key APuK Authentication Public Key CA Certificate Authority CC Common Criteria OBKG On-Board Key Generation PIN Personal Identification Number PC Personal Computer PP Protection Profile RAD Reference Authentication Data SSCD Secure Signature Creation Device ST Security Target TOE Target of Evaluation VAD Verification Authentication Data 6 Overview of the target of evaluation 6.1 TOE Type The aimed objective is to define s