PREMIER MINISTRE Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d’information Certification Report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components Paris, 3 june 2016 Courtesy Translation Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 2 out 17 ANSSI-CC-CER-F-07EN.008 Warning This report is designed to provide sponsors with a document enabling them to assess the security level of a product under the conditions of use and operation defined in this report for the evaluated version. It is also designed to provide the potential purchaser of the product with the conditions under which he may operate or use the product so as to meet the conditions of use for which the product has been evaluated and certified; that is why this certification report must be read alongside the evaluated user and administration guidance, as well as with the product security target, which presents threats, environmental assumptions and the supposed conditions of use so that the user can judge for himself whether the product meets his needs in terms of security objectives. Certification does not, however, constitute a recommendation product from ANSSI (French Network and Information Security Agency), and does not guarantee that the certified product is totally free of all exploitable vulnerabilities. Any correspondence about this report has to be addressed to: Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d'information Centre de certification 51, boulevard de la Tour Maubourg 75700 PARIS cedex 07 SP France certification.anssi@ssi.gouv.fr Reproduction of this document without any change or cut is authorised. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 3 out 17 Certification report reference ANSSI-CC-2016/30 Product name ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components Product reference SAAAAR 080031 : ID-One ePass V3 Full EACv2 on NXP SAAAAR 082456 : Code r6.0 Generic SAAAAR 082844 : Optional Code r4.0 Digitaly Blurred Image Protection profile conformity Protection profiles for secure signature creation device – Part 6 : Extension for device with key import and trusted communication with signature creation application, version 1.0.4, certifié sous la référence [PP-SSCD-Part6]. Evaluation criteria and version Common Criteria version 3.1 revision 4 Evaluation level EAL 5 augmented ALC_DVS.2, AVA_VAN.5 Developer(s) Oberthur Technologies 420 rue d'Estienne d'Orves CS 40008 92705 Colombes, France NXP Semiconductors Box 54 02 40, D-22502 Hamburg, Allemagne Sponsor Oberthur Technologies 420 rue d'Estienne d'Orves CS 40008 92705 Colombes, France Evaluation facility CEA - LETI 17 rue des martyrs, 38054 Grenoble Cedex 9, France Recognition arrangements CCRA The product is recognised at EAL2 level. SOG-IS Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 4 out 17 ANSSI-CC-CER-F-07EN.008 Introduction The Certification Security certification for information technology products and systems is governed by decree number 2002-535 dated April, 18th 2002, modified. This decree stipulates that: • The French Network and Information Security Agency draws up certification reports. These reports indicate the features of the proposed security targets. They may include any warnings that the authors feel the need to mention for security reasons. They may or may not be transmitted to third parties or made public, as the sponsors desire (article 7). • The certificates issued by the Prime Minister certify that the copies of the products or systems submitted for evaluation fulfil the specified security features. They also certify that the evaluations have been carried out in compliance with applicable rules and standards, with the required degrees of skill and impartiality (article 8). The procedures are available on the Internet site www.ssi.gouv.fr. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 5 out 17 Contents 1. THE PRODUCT........................................................................................................................... 6 1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6 1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6 1.2.1. Introduction ....................................................................................................................... 6 1.2.2. Product identification........................................................................................................ 6 1.2.3. Security services ................................................................................................................ 7 1.2.4. Architecture ....................................................................................................................... 7 1.2.5. Life cycle............................................................................................................................ 7 1.2.6. Evaluated configuration .................................................................................................... 8 2. THE EVALUATION.................................................................................................................... 9 2.1. EVALUATION REFERENTIAL ................................................................................................... 9 2.2. EVALUATION WORK ............................................................................................................... 9 2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS ACCORDING TO THE ANSSI’S TECHNICAL STANDARDS...................................................................................................................... 9 2.4. RANDOM NUMBER GENERATOR ANALYSIS .......................................................................... 10 3. CERTIFICATION...................................................................................................................... 11 3.1. CONCLUSION........................................................................................................................ 11 3.2. RESTRICTIONS...................................................................................................................... 11 3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 11 3.3.1. European recognition (SOG-IS)...................................................................................... 11 3.3.2. International common criteria recognition (CCRA) ....................................................... 11 ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.......................................................... 13 ANNEX 2. REFERENCES............................................................................................................. 14 ANNEX 3. CERTIFICATION REFERENCES ........................................................................... 16 Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 6 out 17 ANSSI-CC-CER-F-07EN.008 1. The product 1.1. Presentation of the product The evaluated product is the smart card « ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components », which can be in contact or contactless mode. This product is developed by OBERTHUR TECHNOLOGIES on a component manufactured by NXP SEMICONDUCTORS. This product is used to create digital signature. 1.2. Evaluated product description 1.2.1. Introduction The security target [ST] defines the evaluated product, its evaluated security functionalities and its operational environment. This security target is fully compliant with the protection profile [PP-SSCD-Part6]. 1.2.2. Product identification The configuration list [CONF] identifies the product’s constituent elements. The certified version of this product is identified by the elements present in the answer following a GET DATA command (refer to [GUIDES]). The certified version of the product can be identified by the following elements: − Commercial name: ID-One ePass Full EAC V2; − SAAAAR1 code of ROM code : 080031; − Mandatory patch code : 412E4D1EC087005B56A9A2CAC0B6558F4CAA E041D8B5A69345559B562A6F4C8E; − Optional patch code : E339C30BC6A81162413612FE2698284FA6CD28AA5 CF5257A20B83611E58E9BEE; − Component code (on 42 bytes): XXXXvvvvXX..XX where vvvv can take the following values : ‘6A15’ for P60D144PVA component; ‘6E15’ for P60D144PVE component; ‘6A20’ for P60C144PVA component; ‘6E20’ for P60C144PVE component. It can be decided whether or not to load the optional patch and whether or not to the Digital Blurred Image function. 1 S: code site (0 for France), AAAA: article based on 4 numbers, R: software release or version. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 7 out 17 The "SAAAAR and patch" codes can be verified using a GetData command with the DF66 tag. The component code can be verified using a GetData command with the 9F7F tag described in the [GUIDES]. 1.2.3. Security services The main security services provided by the product are: - Import of the signature creation data (Signature Creation Data or SCD) and of the corresponding signature verification data (Signature-Verification Data or SVD); - The reception and storage of the digital certificate information (only if created by the personalization agent); - The transition from non operational to operational state; - The creation of the digital signature; - Administrator authentication; - Signatory authentication through a PIN code or biometric data. There is an optional non evaluated function of Digital Blurred Image which makes the photo illegible in case of a fraudulent use. 1.2.4. Architecture The product is a closed smart card which contained the following components: - a micro-controller P60x144PVA/PVE manufactured by NXP Semiconductors, in P60D144PVA, P60D144PVE, P60C144PVA or P60C144PVE configuration; - The "BIOS" software giving access to micro-controller functionalities; - a dedicated cryptographic library; - the Perso personalization application; - The eSign application; - The MRTD - IDL application outside of the evaluation scope; - The eSign application outside of the evaluation scope; - The Dauth application outside of the evaluation scope. 1.2.5. Life cycle The product’s life cycle is organised as follow: Phase Actor Covered by Step 1 Development OBERTHUR TECHNOLOGIES ALC Step 2 Development NXP SEMICONDUCTORS Component Certification Step 3 Manufacturing NXP SEMICONDUCTORS Component Certification TOE delivery point Step 4 SSCD manufacturer (Pre-perso) SSCD manufacturer AGD_PRE Step 5 SSCD manufacturer (Pre-perso) SSCD manufacturer AGD_PRE Step 6 Personalization Personalization agent AGD_PRE Step 7 Operational use End user AGD_OPE Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 8 out 17 ANSSI-CC-CER-F-07EN.008 The product has been developed on the following site: OBERTHUR TECHNOLOGIES –Colombes site 420 rue d’Estienne d’Orves 92700 Colombes France OBERTHUR TECHNOLOGIES –Pessac site Parc Scientifique UNITEC 1 4 allée du Doyen Georges Brus – Porte 2 33600 Pessac France The micro-controller is developed and manufactured by NXP SEMICONDUCTORS. The development and manufacturing sites for the micro-controller are detailed in the certification report with the reference [BSI-DSZ-CC-0978-2016]. The "product administrators" are the nations or authorities issuing the ID-One eIDAS v1.0 card. The "product users" are the users who use eSign’s applications to realize a signature operation. 1.2.6. Evaluated configuration The product is a closed card that can be personalized into different configurations. This certification report applies to the configuration including the Secure Signature Creation Device mechanism according to the protection profile [PP-SSCD-Part6]. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 9 out 17 2. The evaluation 2.1. Evaluation referential The evaluation has been performed in compliance with the Common Criteria version 3.1 revision 4 [CC], in accordance with the Common Evaluation Methodology defined in [CEM]. For assurance components which are not covered by the [CEM] manual, methods specific to the evaluation facility were used. In order to meet specific features of smart cards, the [JIWG IC] and [JIWG AP] guides were applied. Thus, the AVA_VAN level was determined using the rating scale of the [JIWG AP] guide. For the record, this rating scale is more demanding than that defined by default in the standard method [CC], used for other categories of products (software products for example). 2.2. Evaluation work The evaluation has been performed according to the composition scheme defined in the guide [COMP], in order to assess that no weakness arises from the integration of the software in the certified microcontroller. Therefore, the results of the evaluation of the microcontroller « P60x144PVA/PVE » at EAL6 level augmented with ALC_FLR.1 and ASE_TSS.2 components, compliant with the [BSI-PP- 0035-2007] protection profile, have been used. This microcontroller has been certified the 5th February 2016 under the reference [BSI-DSZ-CC-0978-2016]. The evaluation technical report [ETR], delivered to ANSSI on the 14th April 2016, provides details on the work performed by the evaluation facility and assesses that all evaluation tasks are “pass”. 2.3. Cryptographic mechanisms robustness analysis according to the ANSSI’s technical standards The rating of the cryptographic mechanisms robustness has been carried out according to the ANSSI [REF] technical standards. The results obtained have been the subject of an analysis report [ANA-CRY] which leads to the following conclusions: - The analyzed mechanisms are compliant to the ANSSI ([REF]) technical standard requirements, provided the recommendations mentioned in the guides (refer to [GUIDES]) are followed; - The Hash function SHA-1 must not be used for signature applications. As part of the reinforced qualification process, an expertise of cryptography’s implementation was realized by the ITSEF. These results were taken into account in the independent vulnerability analysis realized by the evaluator and have not allowed to highlight exploitable vulnerabilities for the intended target namely AVA_VAN.5 level. Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 10 out 17 ANSSI-CC-CER-F-07EN.008 2.4. Random number generator analysis The physical random number generator used by the final product was evaluated within the scope of the micro-controller evaluation (Refer to [BSI-DSZ-CC-0837-V2-2014]). In addition, as required in the ANSSI cryptographic standard ([REF]), the output of the physical random number generator is reprocessed using a cryptographic function. The results were taken into account in the independent vulnerability analysis carried out by the evaluator and found no evidence of exploitable vulnerability for the AVA_VAN.5 level targeted. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 11 out 17 3. Certification 3.1. Conclusion The evaluation was carried out according to the current rules and standards, with the required competency and impartiality of a licensed evaluation facility. All the work performed permits the release of a certificate in conformance with the decree 2002-535. This certificate testifies that the product « ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components » submitted for evaluation fulfils the security features specified in its security target [ST] for the evaluation level EAL5 augmented by ALC_DVS.2 and AVA_VAN.5 components. 3.2. Restrictions This certificate only applies on the product specified in chapter 1 of this certification report. The user of the certified product shall respect the security objectives for the operational environment, as specified in the security target [ST], and shall respect the recommendations in the guidance [GUIDES]. 3.3. Recognition of the certificate 3.3.1. European recognition (SOG-IS) This certificate is released in accordance with the provisions of the SOG-IS agreement [SOG- IS]. The European Recognition Agreement made by SOG-IS in 2010 allows recognition from Signatory States of the agreement1 , of ITSEC and Common Criteria certificates. The European recognition is applicable, for smart cards and similar devices, up to ITSEC E6 High and CC EAL7 levels. The certificates that are recognized in the agreement scope are released with the following marking: 3.3.2. International common criteria recognition (CCRA) This certificate is released in accordance with the provisions of the CCRA [CC RA]. 1 The signatory countries of the SOG-IS agreements are: Austria, Finland, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden and United Kingdom. Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 12 out 17 ANSSI-CC-CER-F-07EN.008 The Common Criteria Recognition Arrangement allows the recognition, by signatory countries1 , of the Common Criteria certificates. The recognition is applicable up to the assurance components of CC EAL2 level and also to ALC_FLR family. The certificates that are recognized in the agreement scope are released with the following marking: 1 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia, Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United States of America. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 13 out 17 Annex 1. Evaluation level of the product Class Family Component by assurance level Assurance level assigned to the product EAL 1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 EAL 5+ Name of the component ADV Development ADV_ARC 1 1 1 1 1 1 1 Security architecture description ADV_FSP 1 2 3 4 5 5 6 5 Complete semi-formal functional specification with additional error information ADV_IMP 1 1 2 2 1 Implementation representation of the TSF ADV_INT 2 3 3 2 Well-structured internals ADV_SPM 1 1 ADV_TDS 1 2 3 4 5 6 4 Semiformal modular design AGD User guides AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedures ALC Life cycle support ALC_CMC 1 2 3 4 4 5 5 4 Production support, acceptance procedures and automation ALC_CMS 1 2 3 4 5 5 5 5 Development tools CM coverage ALC_DEL 1 1 1 1 1 1 1 Delivery procedures ALC_DVS 1 1 1 2 2 2 Sufficiency of security measures ALC_FLR ALC_LCD 1 1 1 1 2 1 Developer defined life-cycle model ALC_TAT 1 2 3 3 2 Compliance with implementation standards ASE Evaluation of the security target ASE_CCL 1 1 1 1 1 1 1 1 Conformance claims ASE_ECD 1 1 1 1 1 1 1 1 Extended components definition ASE_INT 1 1 1 1 1 1 1 1 ST introduction ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives ASE_REQ 1 2 2 2 2 2 2 2 Derived security requirements ASE_SPD 1 1 1 1 1 1 1 Security problem definition ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specification ATE Tests ATE_COV 1 2 2 2 3 3 2 Analysis of coverage ATE_DPT 1 1 3 3 4 3 Testing: modular design ATE_FUN 1 1 1 1 2 2 1 Functional testing ATE_IND 1 2 2 2 2 2 3 2 Independent testing: sample AVA Vulnerability assessment AVA_VAN 1 2 2 3 4 5 5 5 Advanced methodical vulnerability analysis Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 14 out 17 ANSSI-CC-CER-F-07EN.008 Annex 2. References [ST] Reference Security target for the evaluation: - MINOS – ID-One eIDAS v1.0 in SSCD-6 configuration on NXP P60x144 PVA/PVE - Security Target, version 2, reference: 110 7848, 2nd March 2016, Oberthur Technologies. For publication needs, the following security target has been provided and validated for the present evaluation : - ID-One eIDAS v1.0 in SSCD-6 configuration on NXP P60x144PVA/PVE Public Security Target, version 2, reference: 110 7940, Oberthur Technologies. [ETR] Evaluation Technical Report : - Evaluation Technical Report – MINOS-eSign, version: 2.2, reference: LETI.CESTI.MIN.RTE.002 v2.2, on the 14th April 2016, LETI. [ANA-CRY] MINOS – Cryptographic sizing mechanism MRTD, version 2.0, reference: LETI.CESTI.MIN.RT.004, on the 1st April 2016, LETI. [CONF] Product configuration list: - MINOS ID-One eIDAS v1.0 Configuration List, version 6, on the 4th March 2016, reference 110 7817, Oberthur Technologies. [GUIDES] Product installation guide : - MINOS – MRTD FULL EAC V2 – Guidance Document – PREparative procedures, version 11, 2nd March 2016, reference : 110 7111, Oberthur Technologies ; - MINOS – ID-One EIDAS v1.0 in SSCD-6 – Guidance Document – PREparative procedures, version 5, 2nd March 2016, reference : 110 7777, Oberthur Technologies. Product user Guide : - MINOS – ID-One eIDAS v1.0 – Guidance Document – OPErational user guidance, version 1, on the 2nd December 2015, reference 110 7822, Oberthur Technologies. [PP-SSCD- Part6] Protection Profile for secure signature creation device – Part 6: Extension for device with key import and trusted communication with signature creation application, référence : prEN 14169-6:2013, version 1.0.4 dated on the 3rd April 2013. Maintained by BSI (Bundesamt für Sicherheit in der Informationstechnik) on the 16th April 2013 under the reference BSI- CC-PP-0076-2013. [BSI-PP- 0035-2007] Security IC Platform Protection Profile, version 1.0, august 2007. Certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) under the reference BSI-PP-0035-2007. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 15 out 17 [BSI-DSZ- CC-0837- V2-2014] NXP Secure Smart Card Controller P60x144/080yVA/yVA(Y/B/X)/yVE with IC Dedicated Software. Certified by BSI on the 5th February 2016 under the reference BSI- DSZ-CC-0978-2016. Certification report ANSSI-CC-2016/30 ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Page 16 out 17 ANSSI-CC-CER-F-07EN.008 Annex 3. Certification references Decree number 2002-535, 18th April 2002, modified related to the security evaluations and certifications for information technology products and systems. [CER/P/01] Procedure CER/P/01 - Certification of the security provided by Information Technology products and systems, ANSSI. [CC] Common Criteria for Information Technology Security Evaluation : Part 1: Introduction and general model, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-001; Part 2: Security functional components, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-002; Part 3: Security assurance components, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-003. [CEM] Common Methodology for Information Technology Security Evaluation : Evaluation Methodology, September 2012, version 3.1, revision 4, reference CCMB-2012- 09-004. [JIWG AP] * Mandatory Technical Document - Application of attack potential to smartcards, version 2.9, January 2013. [COMP] * Mandatory Technical Document – Composite product evaluation for Smart Cards and similar devices, version 1.2, January 2012. [CC RA] Arrangement on the Recognition of Common Criteria Certificates in the field of Information Technology Security, 2nd July 2014. [SOG-IS] « Mutual Recognition Agreement of Information Technology Security Evaluation Certificates », version 3.0, 8th January 2010, Management Committee. [REF] Cryptographic mechanisms – Rules and recommendations regarding the choice and sizing of cryptographic mechanisms, version 2.03 dated 21st February 2014 appended to the General Security Standard (RGS_B1), refer to: www.ssi.gouv.fr. Cryptographic keys management – Rules and recommendations concerning the management of keys used in cryptographic mechanisms, version 2.00 dated 8th June 2012, appended to the General Security Standard (RGS_B2), refer to www.ssi.gouv.fr. ID-One eIDAS v1.0 in SSCD-6 configuration on P60x144PVA/PVE components. Certification report ANSSI-CC-2016/30 ANSSI-CC-CER-F-07EN.008 Page 17 out 17 Authentication – Rules and recommendations concerning the standard robustness level authentication mechanisms, version 1.0 dated 13th January 2010, appended to the General Security Standard (RGS_B3), refer to www.ssi.gouv.fr. *SOG-IS document; in the scope of the CCRA recognition agreement, the equivalent CCRA supporting document applies.