PREMIER MINISTRE Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d’information Certification Report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components Paris, 12 july 2016 Courtesy Translation Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 2 out 16 ANSSI-CC-CER-F-07EN.008 Warning This report is designed to provide sponsors with a document enabling them to assess the security level of a product under the conditions of use and operation defined in this report for the evaluated version. It is also designed to provide the potential purchaser of the product with the conditions under which he may operate or use the product so as to meet the conditions of use for which the product has been evaluated and certified; that is why this certification report must be read alongside the evaluated user and administration guidance, as well as with the product security target, which presents threats, environmental assumptions and the supposed conditions of use so that the user can judge for himself whether the product meets his needs in terms of security objectives. Certification does not, however, constitute a recommendation product from ANSSI (French Network and Information Security Agency), and does not guarantee that the certified product is totally free of all exploitable vulnerabilities. Any correspondence about this report has to be addressed to: Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d'information Centre de certification 51, boulevard de la Tour Maubourg 75700 PARIS cedex 07 SP France certification.anssi@ssi.gouv.fr Reproduction of this document without any change or cut is authorised. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 3 out 16 Certification report reference ANSSI-CC-2016/46 Product name ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components Product reference SAAAAR 080031 : ePass V3 Full EACv2 on NXP SAAAAR 082456 : Code r6.0 Generic SAAAAR 082844 : Optional Code r4.0 Digital Blurred Image Protection profile conformity None Evaluation criteria and version Common Criteria version 3.1 revision 4 Evaluation level EAL 5 augmented ALC_DVS.2, AVA_VAN.5 Developers Oberthur Technologies 420 rue d'Estienne d'Orves CS 40008 92705 Colombes, France NXP Semiconductors Box 54 02 40, D-22502 Hamburg, Allemagne Sponsor Oberthur Technologies 420 rue d'Estienne d'Orves CS 40008 92705 Colombes, France Evaluation facility CEA - LETI 17 rue des martyrs, 38054 Grenoble Cedex 9, France Recognition arrangements CCRA The product is recognised at EAL2 level. SOG-IS Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 4 out 16 ANSSI-CC-CER-F-07EN.008 Introduction The Certification Security certification for information technology products and systems is governed by decree number 2002-535 dated April, 18th 2002, modified. This decree stipulates that: • The French Network and Information Security Agency draws up certification reports. These reports indicate the features of the proposed security targets. They may include any warnings that the authors feel the need to mention for security reasons. They may or may not be transmitted to third parties or made public, as the sponsors desire (article 7). • The certificates issued by the Prime Minister certify that the copies of the products or systems submitted for evaluation fulfil the specified security features. They also certify that the evaluations have been carried out in compliance with applicable rules and standards, with the required degrees of skill and impartiality (article 8). The procedures are available on the Internet site www.ssi.gouv.fr. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 5 out 16 Contents 1. THE PRODUCT........................................................................................................................... 6 1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6 1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6 1.2.1. Introduction ....................................................................................................................... 6 1.2.2. Product identification........................................................................................................ 6 1.2.3. Security services ................................................................................................................ 7 1.2.4. Architecture ....................................................................................................................... 7 1.2.5. Life cycle............................................................................................................................ 8 1.2.6. Evaluated configuration .................................................................................................... 8 2. THE EVALUATION.................................................................................................................... 9 2.1. EVALUATION REFERENTIAL ................................................................................................... 9 2.2. EVALUATION WORK ............................................................................................................... 9 2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS ACCORDING TO THE ANSSI’S TECHNICAL STANDARDS...................................................................................................................... 9 2.4. RANDOM NUMBER GENERATOR ANALYSIS ............................................................................ 9 3. CERTIFICATION...................................................................................................................... 11 3.1. CONCLUSION........................................................................................................................ 11 3.2. RESTRICTIONS...................................................................................................................... 11 3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 11 3.3.1. European recognition (SOG-IS)...................................................................................... 11 3.3.2. International common criteria recognition (CCRA) ....................................................... 11 ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.......................................................... 13 ANNEX 2. EVALUATED PRODUCT REFERENCES .............................................................. 14 ANNEX 3. CERTIFICATION REFERENCES ........................................................................... 15 Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 6 out 16 ANSSI-CC-CER-F-07EN.008 1. The product 1.1. Presentation of the product The evaluated product is the smart card « ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components », which can be in contact or contactless mode. This product is developed by OBERTHUR TECHNOLOGIES on a component manufactured by NXP SEMICONDUCTORS. This product implements electronic driving license functionalities. This product is used to verify a driving license’s authenticity through an inspection system. The evaluation target is composed of the ID-One eIDL v1.0 application, in EAC (Extended Access Control) configuration on PACE (Password Authenticated Connection Establishment) with AA (Active Authentication) and PACE CAM (Password Authenticated Connection Establishment with Authentication Mapping), which carries out the electronic driving license functions. This micro-controller and its embedded software can be integrated into modules or inlays. The final product can be a driving license, plastic card, etc. 1.2. Evaluated product description 1.2.1. Introduction The security target [ST] defines the evaluated product, its evaluated security functionalities and its operational environment. 1.2.2. Product identification The configuration list [CONF] identifies the product’s constituent elements. The certified version of the product can be identified by the following elements: − Commercial name: ID-One eIDL v1.0; − SAAAAR1 code of ROM code : 080031; − Mandatory patch code : 412E4D1EC087005B56A9A2CAC0B6558F4CAA E041D8B5A69345559B562A6F4C8E; − Optional patch code : E339C30BC6A81162413612FE2698284FA6CD28AA5 CF5257A20B83611E58E9BEE; − Component code (on 42 bytes): XXXXvvvvXX..XX where vvvv can take the following values: ‘6C14’ for P60D080PVC component; ‘6014’ for P60D080PVG component; ‘6019’ for P60C080PVG component. 1 S: site code (0 for France), AAAA: article based on 4 numbers, R: software release or version. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 7 out 16 It can be decided whether or not to load the optional patch and, therefore, whether or not to the Digital Blurred Image function. The "SAAAAR and patch" codes can be verified using a GetData command with the DF66 tag. The component code can be verified using a GetData command with the 9F7F tag described in the [GUIDES]. 1.2.3. Security services The main security services provided by the product are: - Integrity Protection of the cardholder's data stored in the card; - Access control to the cardholder's data stored in the card; - Integrity and confidentiality protection, through the Secure Messaging mechanism, of the data read on the card; - Verification of the certificates’ validation chain; - Authentication of the micro-controller using the optional « Active Authentication » and « Chip Authentication » mechanisms; - Strong mutual authentication between the micro-controller and the inspection system by the EAC (« Extended Access Control » in « EAC on PACE » configuration) mechanism prior to any access to biometric data; - Authentication of the card by the inspection system via PACE in CAM mode. There is an optional non evaluated function of Digital Blurred Image which makes the photo illegible in case of a fraudulent use. 1.2.4. Architecture The product is a closed smart card which contained the following components: - a micro-controller P60x080PVC/PVG manufactured by NXP Semiconductors, in P60D080PVC, P60D080PVG or P60C080PVG configuration; - the "BIOS" software giving access to micro-controller functionalities; - a dedicated cryptographic library; - the Perso personalization application; - a LDS1 application supporting EAC, PACE, PACE CAM, CA, AA and BAP mechanisms; - The eID application; - The eSign application outside of the evaluation scope; - The Dauth application outside of the evaluation scope. 1 Logical Data Structure. Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 8 out 16 ANSSI-CC-CER-F-07EN.008 1.2.5. Life cycle The product’s life cycle is organised as follow: Phase Actor Covered by Step 1 Development OBERTHUR TECHNOLOGIES ALC Step 2 Development NXP SEMICONDUCTORS Component Certification Step 3 Manufacturing NXP SEMICONDUCTORS Component Certification TOE delivery point Step 4 IDL manufacturer (Pre-perso) IDL manufacturer AGD_PRE Step 5 IDL manufacturer (Pre-perso) IDL manufacturer AGD_PRE Step 6 Personalization Personalization agent AGD_PRE Step 7 Operational use End user AGD_OPE The product has been developed on the following site: OBERTHUR TECHNOLOGIES – Colombes site 420 rue d’Estienne d’Orves 92700 Colombes France OBERTHUR TECHNOLOGIES – Pessac site Parc Scientifique UNITEC 1 4 allée du Doyen Georges Brus – Porte 2 33600 Pessac France The micro-controller is developed and manufactured by NXP SEMICONDUCTORS. The development and manufacturing sites for the micro-controller are detailed in the certification report under the reference [BSI-DSZ-CC-0837-V2-2014]. The "product administrators" are the nations or authorities issuing the driving license. The "product users" are both the holders of driving license and the inspection systems during the use phase. 1.2.6. Evaluated configuration The product is a closed card that can be personalized into different configurations. This certification report applies to the configuration including the following mechanisms: - Extended Access Control; - Password Authenticated Connection Establishment; - Active Authentication. PACE mutual authentication mechanism between the card and the terminal was evaluated in order to be usable by any other application on the platform. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 9 out 16 2. The evaluation 2.1. Evaluation referential The evaluation has been performed in compliance with the Common Criteria version 3.1 revision 4 [CC], in accordance with the Common Evaluation Methodology defined in [CEM]. For assurance components which are not covered by the [CEM] manual, methods specific to the evaluation facility were used. In order to meet specific features of smart cards, the [JIWG IC] and [JIWG AP] guides were applied. Thus, the AVA_VAN level was determined using the rating scale of the [JIWG AP] guide. For the record, this rating scale is more demanding than the one defined by default in the standard method [CC], used for other categories of products (software products for example). 2.2. Evaluation work The evaluation has been performed according to the composition scheme defined in the guide [COMP], in order to assess that no weakness arises from the integration of the software in the certified microcontroller. Therefore, the results of the evaluation of the microcontroller « P60x080PVC/PVG » at the EAL6 level augmented with ALC_FLR.1 and ASE_TSS.2 components, compliant with the [BSI-PP-0035-2007] protection profile, have been used. This microcontroller has been certified the 24th October 2014 under the reference [BSI-DSZ-CC-0837-V2-2014]. The evaluation technical report [ETR], delivered to ANSSI the 6th July 2016, provides details on the work performed by the evaluation facility and assesses that all evaluation tasks are “pass”. 2.3. Cryptographic mechanisms robustness analysis according to the ANSSI’s technical standards The rating of the cryptographic mechanisms robustness, according to the ANSSI [REF] technical standards, was not carried out. However, the evaluation has not allowed to highlight design and construction vulnerability for the intended target namely AVA_VAN.5 level. 2.4. Random number generator analysis The physical random number generator used by the final product was evaluated within the scope of the micro-controller evaluation (Refer to [BSI-DSZ-CC-0837-V2-2014]). In addition, as required in the ANSSI cryptographic standard ([REF]), the output of the physical random number generator is reprocessed using a cryptographic function. Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 10 out 16 ANSSI-CC-CER-F-07EN.008 The results were taken into account in the independent vulnerability analysis carried out by the evaluator and found no evidence of exploitable vulnerability for the AVA_VAN.5 level targeted. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 11 out 16 3. Certification 3.1. Conclusion The evaluation was carried out according to the current rules and standards, with the required competency and impartiality of a licensed evaluation facility. All the work performed permits the release of a certificate in conformance with the decree 2002-535. This certificate testifies that the product « ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components » submitted for evaluation fulfils the security features specified in its security target [ST] for the evaluation level EAL5 augmented by ALC_DVS.2 and AVA_VAN.5 components. 3.2. Restrictions This certificate only applies on the product specified in chapter 1 of this certification report. The user of the certified product shall respect the security objectives for the operational environment, as specified in the security target [ST], and shall respect the recommendations in the guidance [GUIDES]. 3.3. Recognition of the certificate 3.3.1. European recognition (SOG-IS) This certificate is released in accordance with the provisions of the SOG-IS agreement [SOG- IS]. The European Recognition Agreement made by SOG-IS in 2010 allows recognition from Signatory States of the agreement1 , of ITSEC and Common Criteria certificates. The European recognition is applicable, for smart cards and similar devices, up to ITSEC E6 High and CC EAL7 levels. The certificates that are recognized in the agreement scope are released with the following marking: 3.3.2. International common criteria recognition (CCRA) This certificate is released in accordance with the provisions of the CCRA [CC RA]. 1 The signatory countries of the SOG-IS agreements are: Austria, Finland, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden and United Kingdom. Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 12 out 16 ANSSI-CC-CER-F-07EN.008 The Common Criteria Recognition Arrangement allows the recognition, by signatory countries1 , of the Common Criteria certificates. The recognition is applicable up to the assurance components of CC EAL2 level and also to ALC_FLR family. The certificates that are recognized in the agreement scope are released with the following marking: 1 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia, Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United States of America. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 13 out 16 Annex 1. Evaluation level of the product Class Family Component by assurance level Assurance level assigned to the product EAL 1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 EAL 5+ Name of the component ADV Development ADV_ARC 1 1 1 1 1 1 1 Security architecture description ADV_FSP 1 2 3 4 5 5 6 5 Complete semi-formal functional specification with additional error information ADV_IMP 1 1 2 2 1 Implementation representation of the TSF ADV_INT 2 3 3 2 Well-structured internals ADV_SPM 1 1 ADV_TDS 1 2 3 4 5 6 4 Semiformal modular design AGD User guides AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedures ALC Life cycle support ALC_CMC 1 2 3 4 4 5 5 4 Production support, acceptance procedures and automation ALC_CMS 1 2 3 4 5 5 5 5 Development tools CM coverage ALC_DEL 1 1 1 1 1 1 1 Delivery procedures ALC_DVS 1 1 1 2 2 2 Sufficiency of security measures ALC_FLR ALC_LCD 1 1 1 1 2 1 Developer defined life-cycle model ALC_TAT 1 2 3 3 2 Compliance with implementation standards ASE Evaluation of the security target ASE_CCL 1 1 1 1 1 1 1 1 Conformance claims ASE_ECD 1 1 1 1 1 1 1 1 Extended components definition ASE_INT 1 1 1 1 1 1 1 1 ST introduction ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives ASE_REQ 1 2 2 2 2 2 2 2 Derived security requirements ASE_SPD 1 1 1 1 1 1 1 Security problem definition ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specification ATE Tests ATE_COV 1 2 2 2 3 3 2 Analysis of coverage ATE_DPT 1 1 3 3 4 3 Testing: modular design ATE_FUN 1 1 1 1 2 2 1 Functional testing ATE_IND 1 2 2 2 2 2 3 2 Independent testing: sample AVA Vulnerability assessment AVA_VAN 1 2 2 3 4 5 5 5 Advanced methodical vulnerability analysis Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 14 out 16 ANSSI-CC-CER-F-07EN.008 Annex 2. Evaluated product references [ST] Reference Security target for the evaluation: - MINOS – ID-One eIDL in EAC with PACE configuration with AA on P60x080 PVC/PVG Security Target, version 2, reference: 110 7891, 2nd March 2016, Oberthur Technologies. For publication needs, the following security target has been provided and validated for the present evaluation : - ID-One eIDL v1.0 in EAC with PACE configuration with AA on NXP P60x080 PVC/PVG – Public Security Target, version 2, reference: 110 7972, Oberthur Technologies. [ETR] Evaluation Technical Report : - Evaluation Technical Report – MINOS MRTD, version 2.1, reference: LETI.CESTI.MIN.RTE.001, 6th July 2016, LETI. [CONF] Product configuration list: - MINOS ID-One ePass Full EACv2 MRTD and ID-One eIDL Configuration List, version 3, 4th July 2016, reference 110 7903, Oberthur Technologies. [GUIDES] Product installation guide : - MINOS – MRTD FULL EAC V2 – Guidance Document – PREparative procedures, version 11, 2nd March 2016, reference : 110 7111, Oberthur Technologies ; - MINOS – ID-One eIDL v1.0 in EAC with PACE configuration with AA – Guidance Document – PREparative procedures, version 2, reference : 110 7932, on the 16th March 2016, Oberthur Technologies. Product user Guide : - MINOS – MRTD full EAC v2 – Guidance Document – OPErational user guidance, version 3, on the 24th June 2015, reference 110 7565, Oberthur Technologies. [BSI-PP- 0035-2007] Security IC Platform Protection Profile, version 1.0, august 2007. Certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) under the reference BSI-PP-0035-2007. [BSI-DSZ- CC-0837- V2-2014] NXP Secure Smart Card Controller P60x080/052/040PVC(Y/Z/A)PVG with IC Dedicated Software. Certified by BSI on the 24th October 2014 under the reference BSI- DSZ-CC-0837-V2-2014. ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Certification report ANSSI-CC-2016/46 ANSSI-CC-CER-F-07EN.008 Page 15 out 16 Annex 3. Certification references Decree number 2002-535, 18th April 2002, modified related to the security evaluations and certifications for information technology products and systems. [CER/P/01] Procedure CER/P/01 - Certification of the security provided by Information Technology products and systems, ANSSI. [CC] Common Criteria for Information Technology Security Evaluation : Part 1: Introduction and general model, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-001; Part 2: Security functional components, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-002; Part 3: Security assurance components, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-003. [CEM] Common Methodology for Information Technology Security Evaluation : Evaluation Methodology, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-004. [JIWG IC] * Mandatory Technical Document - The Application of CC to Integrated Circuits, version 3.0, February 2009. [JIWG AP] * Mandatory Technical Document - Application of attack potential to smartcards, version 2.9, January 2013. [COMP] * Mandatory Technical Document – Composite product evaluation for Smart Cards and similar devices, version 1.2, January 2012. [CC RA] Arrangement on the Recognition of Common Criteria Certificates in the field of Information Technology Security, 2nd July 2014. [SOG-IS] « Mutual Recognition Agreement of Information Technology Security Evaluation Certificates », version 3.0, 8th January 2010, Management Committee. [REF] Cryptographic mechanisms – Rules and recommendations regarding the choice and sizing of cryptographic mechanisms, version 2.03 dated 21st February 2014 appended to the General Security Standard (RGS_B1), refer to: www.ssi.gouv.fr. Certification report ANSSI-CC-2016/46 ID-One eIDL v1.0 in EAC and PACE configuration with AA on P60x080PVC/PVG components. Page 16 out 16 ANSSI-CC-CER-F-07EN.008 Cryptographic keys management – Rules and recommendations concerning the management of keys used in cryptographic mechanisms, version 2.00 dated 8th June 2012, appended to the General Security Standard (RGS_B2), refer to www.ssi.gouv.fr. Authentication – Rules and recommendations concerning the standard robustness level authentication mechanisms, version 1.0 dated 13th January 2010, appended to the General Security Standard (RGS_B3), refer to www.ssi.gouv.fr. *SOG-IS document; in the scope of the CCRA recognition agreement, the equivalent CCRA supporting document applies.