Dokumentenkennung: CD.TCOS.ASE Dateiname: ASE TCOS FlexCert Version 2.0 Release 2 (IFX).docm Stand: 25.05.2021 Version: 2.0.2 Hardware Basis: SLC52 Autor: Ernst-G. Giessmann, Markus Blick Geltungsbereich: TeleSec Entwicklungsgruppe Vertraulichkeitsstufe: Firmen-Intern © Deutsche Telekom Security GmbH, 2021 Weitergabe sowie Vervielfältigung dieser Dokumentation, Verwer- tung und Mitteilung ihres Inhalts sind nicht gestattet, soweit nicht ausdrücklich zugestanden. Zuwiderhandlungen verpflichten zum Schadensersatz. Alle Rechte für den Fall der Patenterteilung oder der Gebrauchsmuster-Eintragung vorbehalten. Specification of the Security Target TCOS FlexCert Version 2.0 Release 2/SLC52 Version: 2.0.2/20210525 Security Target TCOS FlexCert/SLC52 2/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 History Version Date Remark 2.0.2 2021-05-25 Final Document Security Target TCOS FlexCert/SLC52 3/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Contents 1 ST Introduction.......................................................................................................5 1.1 ST Reference...........................................................................................................5 1.2 TOE Reference ........................................................................................................5 1.3 TOE Overview..........................................................................................................5 1.4 TOE Description.......................................................................................................6 1.4.1 TOE Definition.....................................................................................................6 1.4.2 TOE security features foroperational use.................................................................7 1.4.3 Non-TOE hardware/software/firmware.....................................................................8 1.4.4 Life Cycle Phases Mapping....................................................................................8 1.4.5 TOE Boundaries................................................................................................. 11 2 Conformance Claim............................................................................................... 12 2.1 CC Conformance Claims.......................................................................................... 12 2.2 PP Claims.............................................................................................................. 12 2.3 Package Claims...................................................................................................... 12 2.4 Conformance Claim Rationale .................................................................................. 12 3 Security Problem Definition................................................................................... 14 3.1 Assets and External Entities..................................................................................... 14 3.2 Threats.................................................................................................................. 15 3.3 Organizational Security Policies................................................................................ 17 3.4 Assumptions.......................................................................................................... 17 4 Security Objectives............................................................................................... 19 4.1 Security Objectives for the TOE ................................................................................ 19 4.2 Security Objectives for the Operational Environment .................................................... 21 4.3 Security Objective Rationale..................................................................................... 23 5 Extended Components Definition........................................................................... 25 5.1 FCS_RNG Generation of random numbers................................................................. 25 5.2 FIA_API Authentication Proof of Identity ..................................................................... 25 5.3 FAU_SAS Audit datastorage.................................................................................... 26 5.4 FMT_LIM Limited capabilities and availability .............................................................. 27 5.5 FPT_EMS TOE Emanation...................................................................................... 28 5.6 FPT_ITE TSF image export..................................................................................... 29 5.7 FDP_SDC Stored data confidentiality......................................................................... 30 6 Security Requirements.......................................................................................... 32 6.1 Security Functional Requirements for the TOE............................................................ 32 6.1.1 Overview........................................................................................................... 32 6.1.2 Users, subjects and objects ................................................................................. 33 6.1.3 Class FAU Security Audit..................................................................................... 44 6.1.4 Class FCS Cryptographic Support......................................................................... 44 6.1.5 Class FIA Identification and Authentication............................................................. 61 6.1.6 Class FDP User Data Protection........................................................................... 73 Security Target TCOS FlexCert/SLC52 4/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 6.1.7 Class FMT Security Management ......................................................................... 90 6.1.8 Class FPT Protection of the Security Functions..................................................... 101 6.1.9 Class FRU Resource Utilisation......................................................................... 107 6.1.10 Class FTP Inter-TSF trusted channel................................................................... 107 6.2 Security Assurance Requirements for the TOE.......................................................... 108 6.3 Security Requirements Rationale ............................................................................ 109 6.3.1 Rationalefor SFR’s Dependencies...................................................................... 109 6.3.2 Security Assurance Requirements Rationale ........................................................ 111 7 TOE Summary Specification ................................................................................ 113 7.1 General Protection of UserData and TSF Data ......................................................... 113 7.2 Identification and Authentication.............................................................................. 113 7.3 Access Control..................................................................................................... 114 7.4 Cryptographic Functions ........................................................................................ 114 7.5 Protection of Communication.................................................................................. 115 7.6 Accuracy of the TOE security functionality /Self-protection.......................................... 115 7.7 TOE SFR Statements............................................................................................ 116 7.8 Statement of Compatibility...................................................................................... 120 7.8.1 Relevance of Hardware TSFs............................................................................. 120 7.8.2 Security Requirements...................................................................................... 120 7.8.3 Security Objectives........................................................................................... 124 7.8.4 Compatibility: TOE Security Environment............................................................. 125 7.8.5 Organizational Security Policies.......................................................................... 127 7.8.6 Conclusion...................................................................................................... 127 7.9 Assurance Measures............................................................................................. 127 Appendix Glossary and Acronyms .................................................................................... 129 References....................................................................................................................... 130 Security Target TCOS FlexCert/SLC52 5/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 1 ST Introduction 1 This section provides documentmanagement and overview information that are required a potential user of the TOE to determine, whether the TOE fulfils her requirements. 1.1 ST Reference 2 Title: Specification of the Security Target TCOS FlexCert Version 2.0 Release 2/SLC52 TOE: TCOS FlexCert Version 2.0 Release 2/SLC52 Sponsor: Deutsche Telekom Security GmbH Editor(s): Ernst-G. Giessmann, Markus Blick, Deutsche Telekom Security GmbH CC Version: 3.1 (Revision 5) Assurance Level: EAL4 augmented. General Status: Final Document Version Number: 2.0.2 Date: 2021-05-25 Certification ID: BSI-DSZ-CC-0904-V2 Keywords: Gesundheitskarte, electronic health card, TCOS 1.2 TOE Reference 3 This Security Target refers to the Product “TCOS FlexCert Version 2.0 Release 2” (TOE) of Deutsche Telekom Security GmbH for CC evaluation. 1.3 TOE Overview 4 The Target of Evaluation (TOE) addressed by this Security Target is a smart card with contact based and contact-less interfaces implementing an Operating System without any object system. The TOE’s type is “Card Operating System Platform”. 5 The Operating System is based on the Specification of the Gesundheitskarte [EGK- COS]. Despite the fact, that the object system is not included in the TOE, it will neverthe- less always be used with a specified object system. Depending on the object system ini- tialization the smart card product will represent a ready for Personalization electronic Healthcare Card, Health Professional Card or a Secure Module Card of a specified type. 6 The TOE provides the following main security functionalities according to [EGK-COS]: • authentication of human user and external devices; • storage of and access control on User Data; Security Target TCOS FlexCert/SLC52 6/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • key management and cryptographic functions; • management of TSF Data including life cycle support; • export of non-confidential TSF Data of the object system if implemented. 7 The TOE is a ready for implementation of the object system consisting of the Master File (MF), the Dedicated Files (DF), Elementary Files (EF) and internal security objects in- cluding TSF data conforming to the ISO7816 standards. 8 The hardware bases on a Infineon chip SLC52 with the TCOS operating system. 9 The cryptographic algorithms used by the TOE are defined outside the TOE. The securi- ty parameters of these algorithms must be selected by card issuer according to Security Policies [TR3116-1]. The TOE supports standardized domain elliptic curve parameters mentioned in [RFC5639] (key lengths 256, 384 and 512 bit) and the NIST P-256 and P- 384 curves (key length 256 and 384 bit) mentioned in [FIPS186] including the corre- sponding hash functions. Integrity and Confidentiality of the communication is protected by symmetric cryptographic algorithms. The TOE provides AES with corresponding key lengths of 128, 192 and 256 bits. 10 Note that the TCOS also supports TDES1 but this cryptographic algorithm was not eval- uated as part of the present certification procedure. 11 The TOE’s chip is integrated into a plastic, optically readable part of the Health Card. This is not part of the TOE. 12 In some context the hardware may be relevant, and if so, the TOE will be identified in more detail as "TCOS FlexCert Version 2.0 Release 2/SLC52", otherwise the notion "TCOS FlexCert Version 2.0 Release 2" will be used, indicating that this context applies to any realization regardless which hardware base is used. 13 The TOE follows the composite evaluation aspects ([AIS36]). The Security Target of the underlying platform ([HWST]) claims conformance to Smartcard IC Platform Protection Profile ([PP0084]). 14 This composite ST is based on the ST of the underlying platform ([HWST]). The life cycle compatibility of the Life Cycle Model of the Protection Profile [PPCOS] and the Life Cycle Model required by [PP0084]will be shown in chapter 1.4.4. 1.4 TOE Description 1.4.1 TOE Definition 15 The TOE comprises of • the circuitry of the chip including all IC Dedicated Software being active in the Operational Phase of the TOE (the integrated circuit, IC), • the IC Embedded Software (Card Operating System, COS) including configura- tion and initialization data related to the security functionality of the chip, • the associated guidance documentation including description of the file system installation procedure, • a wrapper for interpretation of exported TSF data. 1 TDES is the notation for Triple DES according to [SP800-67], the Specification[EGK-COS] uses 3TDES instead. Security Target TCOS FlexCert/SLC52 7/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 16 The components of the TOE are therefore the hardware (IC) and the operating system TCOS (OS) ready for initialization with an object system. A detailed description of the parts of TOE will be given in the TOE Design Specification. The wrapper interface is specified in [EGK-WRP]. 17 The corresponding keys and authentication data used in life cycle phase 6 are delivered securely to the Installation Agent. 18 The TOE does not include the object system, i. e. the application specific structures like the Master File (MF), the Applications, the Application Dedicated Files (ADF), the Dedi- cated Files (DF), Elementary Files (EF) and internal security objects including TSF data. 19 The TOE and the installed application specific object system build a smart card product , like an electronic Health Card (eHC), a Professional Health Card (eHPC) or a Secure Module Card of Type B, K or KT (SMC) according to Specifications referred in [EGK- COS, E.5.1]. This smart card product is delivered to the end-user (Personalization Agent). 20 In this ST the antenna is not considered as part of the TOE (refer to [PPCOS, 1.2.1]. Therefore, the antenna integration may appear during manufacturing as well as after TOE’s delivery. In case the antenna integration is part of TOE manufacturing it will be considered in the ALC documentation. 21 The Guidance documentation provides further requirements for the manufacturer and security measures required for protection of the TOE until reception by the end-user. 22 TOE’s security features including authentication, access control, key management, cryp- tographic support, TSF data management, export of non-confidential TSF data of the ob- ject system will be described in more details in the following section. 1.4.2 TOE security features for operational use 23 The export of non-confidential TSF data of the object systems supports verification of correct implementation of the object system of the smart card during manufacturing and testing. The exported TSF data include all security attributes of the objects system as a whole and of all objects but excludes any confidential authentication data. The wrapper provides communication interfaces between the COS and a verification tool (cf. [EGK- WRP]). The verification tool sends commands for the COS through the wrapper. The wrapper encodes the data in a standardized format for the export to the verification tool. The verification tool compares the response of the smart card with the object system definition. For details refer to the Administrator’s Guidance [TCOSGD]. 24 The security attributes of human users are associated with password objects. The hu- man user selects the password object and therefore the role gained by the subject acting for this human user after successful authentication. The security attributes transport- Status, lifeCycleStatus and flagEnabled stored in the password object define the status of the role associated with the password, e.g. if the transportStatus is equal to Leer-PIN or Transport-PIN the user is enforced to select a new password and to make this pass- word and this role effective (the transportStatus changes to regularPassword). Note that different password objects may be associated with the same role. 25 The PUC defined for the attribute secret is intended for password management and the authorization gained by successful authentication is limited to reset of the retryCounter and setting a new secret. Security Target TCOS FlexCert/SLC52 8/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 26 The physical part of the smartcard containing the IC may be protected by additional physical security measures (e.g. watermark, security printing) which bind the TOE to le- gitimate smartcard holder. This is not an authentication feature provided by the TOE. 27 The security attributes of devices depend on the authentication mechanism and the au- thentication reference data. A device may be associated with a symmetric cryptographic authentication key and therefore the role gained by the subject acting for this device af- ter successful authentication. A device may be also associated with a certificate contain- ing a public key as authentication reference data. The authentication protocol comprises the verification of the certificate by means of a digital signature and the validation by means of a certificate chain. 28 The TOE supports access control lists for lifeCycleStatus values, security environments for contact based communication and for contactless communication. The TOE’s access control rules contain commands defined by their class bytes and parameters. 29 The TOE supports random number generation for use by the TOE and the external world. The authentication protocols and the integrity protection of user data provided by the TOE use the hash algorithms SHA-1, SHA-256, SHA-384 and SHA-512. As mes- sage authentication code the TOE provides the CMAC based on AES. 30 The protection of confidentiality, e.g. for secure messaging is supported by AES (key lengths 128, 192 and 256 bits). Asymmetric cryptographic algorithms implemented by the TOE are RSA (2048 and 3072 bit key lengths) for signature creation and encryption and the Elliptic Curve based algorithms EC-DH and EC-DSA for key agreement and sig- nature creation. 31 All user specific authentication data like PIN, PUC or passwords are under full control of the legitimate card holder. It can be changed, blocked and reset depending on the life cycle phase and its status. The Initialization, Personalization and Life Cycle Manage- ment are restricted to the Administrator role and require a dedicated authentication. 32 The status and the access control rights as well as other non-confidential information on the user and TSF data and the access rules of the installed object system are provided by the TOE to the user. A detailed description of the so called "wrapper function" is given in the Administrator’s Guidance [TCOSGD]. 33 For further details refer to the chapter 6 “Security Requirements”. 1.4.3 Non-TOE hardware/software/firmware 34 In order to be powered up and to communicate with the ‘external world’ the TOE needs a terminal (card reader) with contacts according to [ISO7816] or supporting the contactless communication according to [ISO14443]. 35 There is no explicit non-TOE hardware, software or firmware required by the TOE to perform its claimed security features. 36 The TOE is defined to comprise the chip and the complete operating system and the wrapper tool together with the complete guidance documentation. 1.4.4 Life Cycle Phases Mapping 37 Following the protection profile PP0084 [PP0084, sec. 1.2.3] the life cycle phases of a smartcard can be divided into the following seven phases: Security Target TCOS FlexCert/SLC52 9/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Phase 1: IC Embedded Software Development Phase 2: IC Development Phase 3: IC Manufacturing Phase 4: IC Packaging Phase 5: Composite Product Integration Phase 6: Personalization Phase 7: Operational Use 38 According to the PP [PPCOS] the TOE life cycle is described in terms of the following seven life cycle phases. 39 Note that the names of these life cycle phases do not match exactly the naming of the life cycle phases, which are taken over from the PP [PPCOS]. Additional information is given in the Administrator’s Guidance [TCOSGD] and the ALC and AGD documentation. Life cycle phase 1 “Smartcard embedded software development” 40 The TOE is developed in phase 1. The IC Platform Developer according to [AIS36] de- velops the integrated circuit, the IC Dedicated Software and the guidance documentation associated with these TOE components. 41 The software developer (i.e. the Application Developer according to [AIS36]) uses the guidance documentation for the integrated circuit and the guidance documentation for relevant parts of the IC Dedicated Software and develops the IC Embedded Software (operating system) and the guidance documentation associated with these TOE compo- nents. 42 The manufacturing documentation of the IC including the IC Dedicated Software and the Embedded Software in the non-volatile memories (Flash) and the guidance docu- mentation is securely delivered to the IC manufacturer. 43 This life cycle phase covers Phase 1 of [PP0084]. Life cycle phase 2 “IC development” 44 In a first step the TOE integrated circuit is produced containing the IC’s Dedicated Soft- ware and the parts of the IC’s Embedded Software in the non-volatile memories (Flash). If necessary, the IC manufacturer adds additional parts of the IC Embedded Software in the non-volatile memories. The IC manufacturer writes the IC Identification Data onto the chip to control the IC as smartcard material during the IC manufacturing and the delivery process. 45 This life cycle phase corresponds to Phase 2 of [PP0084]. Life cycle phase 3 “IC manufacturing and testing” 46 The IC manufacturer is responsible for producing the IC through three main steps: the manufacturing, testing and IC initialization. 47 This life cycle phase corresponds to Phase 3 [PP0084]. 48 For the TOE only one pre-configured version of the operating system applies. The COS is completed in Phase 5. A detailed description of the sub-phases can be found in the Administrator’s Guidance [TCOSGD]. 49 This life cycle phase corresponds to Phase 3 of [PP0084]. Security Target TCOS FlexCert/SLC52 10/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Life cycle phase 4 “IC packaging and testing” 50 The IC packaging manufacturer is responsible for the IC packaging and testing. 51 This life cycle phase corresponds to Phase 4 of [PP0084] and is almost linked to the IC manufacturing phase. Life cycle phase 5 “Smartcard product finishing process” 52 The TOE is finished after completion and successful testing the COS by the TOE manufacturer. Note that in this stage the TOE does not contain any object system and is therefore not ready yet for the end-use phase. 53 The TOE is delivered as a chip with a completed COS. 54 The keys and authentication data (the FORMAT APDUs) for opening phase 6 is delivered securely to the Installation Agent. 55 The TOE may be already integrated in a smart card. In this case the Card Manufacturer acts before TOE’s delivery and the phase 5 is closed after completion. The antenna in- tegration is part of the production process and is therefore subject to auditing. 56 The TOE’s chip can also be delivered as a module that will be installed later in a smart card. Note that since the antenna is not considered in this ST as part of the TOE (cf. pa- ra. 20), there is no impact on TOE’s delivery as a module. 57 The completion procedure is made by the Completion Agent, who finishesthe TOE. This phase includes the COS testing. 58 If the TOE is completed as a module, it will be delivered to the Card Manufacturer only. The TOE will be integrated in a smart card and is delivered back to the Completion Agent. This is considered also as part of phase 5. The Card Manufacturer f inishes the card production, including antenna installation, with the ready-made TOE. This second part of this phase is a usage of the TOE in a controlled environment covered by the guidance documentation. 59 After closing this phase the TOE is ready for installing an Object System (Installation) followed by the import User Data (Personalization). 60 This life cycle phase corresponds to Phase 5 of [PP0084]. Life cycle phase 6 “Smartcard personalization” 61 There are two user roles (Installation and Personalization Agent) foreseen in this phase, which are identified by corresponding authentication data (FORMAT APDUs). 62 The keys and authentication data (the FORMAT APDU) for the Personalization procedure is delivered securely from the Installation Agent to the Personalization Agent if these roles are assigned to different subjects. 63 The Personalization with User Data, e.g. card holder identification data, may be separat- ed from the personalization of the TOE as an SSCD, e.g. the generation of a signature key. 64 Application Note 1: Note also that from a hardware point of view this cycle phase is al- ready an operational use of the composite product and no more a personalization of the hardware. The hardware’s “Personalization” (cf. [HWST]) ends with the completion of the TOE and should not be confused with the Personalization described in the Administrator Guidance [TCOSGD]. 65 This life cycle phase corresponds to Phase 6 of [PP0084]. Security Target TCOS FlexCert/SLC52 11/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Life cycle phase 7 “Smartcard end-usage” 66 The TOE is used by the card holder corresponding to the implemented object system. The user data can be read according to the access rules of the object system. 67 This life cycle phase corresponds to the Phase 7 of the [PP0084]. 68 The security environmentfor the TOE and the ST of the underlying platform match, the Phases up to 6 are covered by a controlled environment as required in [HWCR, p. 41]. In Phase 7 (Operational Use) no restrictions apply. 1.4.5 TOE Boundaries 1.4.5.1 TOE Physical Boundaries 69 Smart card as used in this ST means an integrated circuit containing a microprocessor, (CPU), a coprocessor for special (cryptographic) operations, a random number gene- rator, volatile and non-volatile memory, and associated software, packaged and em- bedded in a carrier. The integrated circuit is a single chip incorporating CPU and me- mory which include RAM and FLASH. 70 The chip is embedded in a module which provides the capability for standardized con- nection to systems separate from the chip through TOE’s interfaces in accordance with ISO standards. 71 The physical constituent of the TOE is the initialized chip with an operating system in FLASH only and without any object system. 72 After the Installation of an object system the TOE can be personalized for the end-usage phase as, e.g. an electronic Health Card. 1.4.5.2 TOE Logical Boundaries 73 All card accepting devices (Host Applications) will communicate through the I/O interface of the operating system by sending and receiving octet strings. The logical boundaries of the TOE are given by the complete set of commands of the TCOS operating system for access, reading, writing, updating or erasing data. 74 The input to the TOE is transmitted over the physical interface as an octet string that has the structure of Command Application Protocol Data Unit (CAPDU). The output octet string from the TOE has the structure of a Response Application Protocol Data Unit (RAPDU). 75 The Application Protocol Data Units or TCOS commands that can be used in the opera- ting systems are described in more detail in another document. Security Target TCOS FlexCert/SLC52 12/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 2 Conformance Claim 2.1 CC Conformance Claims 76 This Security Target claims conformance to Common Criteria for Information Technology Security Evaluation [CC], Part 1: Introduction and General Model; CCMB-2017-04-001, Version 3.1, Re- vision 5, April 2017, Part 2: Security Functional Components; CCMB-2017-04-002, Version 3.1, Re- vision 5, April 2017, Part 3: Security Assurance Requirements; CCMB-2017-04-003, Version 3.1, Revision 5, April 2017 77 as follows: Part 2 extended, Part 3 conformant. 78 The Common Methodology for Information Technology Security Evaluation, Evaluation Methodology; CCMB-2017-04-004, Version 3.1, Revision 5, April 2017 ([CC]) has to be taken into account. The evaluation follows the Common Evaluation Methodology(CEM) with current final interpretations. 2.2 PP Claims 79 This ST claims strict conformance to ‘Common Criteria Protection Profile Card Operating System Generation 2 (PP COS G2), BSI-CC-PP-0082-V4-2019, version 2.1’ [PPCOS]. 2.3 Package Claims 80 The optional packages (“Crypto Box”, “Contactless”, “Logical Channel” and “RSA Key Generation”) are selected and implemented by the TOE. 81 The evaluation of the TOE is a composite evaluation and uses the results of the CC evaluation provided by [HWCR]. The IC hardware platform and its primary embedded software are evaluated at level EAL 6. 82 The evaluation assurance level of the TOE is EAL4 augmented with ALC_DVS.2, ATE_ \ DPT.2 and AVA_VAN.5 as defined in [CC]2. 2.4 Conformance Claim Rationale 83 The TOE type is a smartcard which is consistent with the TOE type of the claimed PP. 84 The following Security Problem Definition chapter, the Security Objectives and the Secu- rity Requirements are taken over completely from the claimed PP. 2 In this ST the backslash provides line breaks for CC conformant identifiers. It should not be considered as a part of the identifier. Identifiers containingnatural words are hyphenatedas usual. Security Target TCOS FlexCert/SLC52 13/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 85 All the objectives, security policies (if applicable) and security requirementsfrom the se- lected packages are integrated in the corresponding sections taken over from main part of the PP. 86 The optional package “PACE for Proximity Coupling Device” is not selected because it is not implemented by the TOE. 87 The Conformance Claim rationale for the Security IC Platform PP [PP0084] is given al- ready in the Protection Profile [PPCOS] and will not repeated here. Security Target TCOS FlexCert/SLC52 14/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 3 Security Problem Definition 3.1 Assets and External Entities 88 As defined in section 1.3 the TOE is a smart card platform implementing the Card Oper- ating System (COS) according [EGK-COS] without any object system. In sense of the BSI-CC-PP-0084-2014 [PP0084] the COS is User Data and Security IC Embedded Software. 89 The primary assets are User Data to be protected by the COS as long as they are in scope of the TOE and the security services provided by the TOE (please refer to the COS Specification [EGK-COS] for the term definitions). Asset Definition User data in EF Data for the user stored in elementary files of the file hierarchy. Secret keys Symmetric cryptographic key generatedas result of mutual authentication andused for encryption and decryption of user data. Private keys Confidential asymmetric cryptographic key of the user used for decryption andcomputation of digital signature. Public keys Integrity protected public asymmetric cryptographic key of the user used for encryption and verification of digital signatures and permanently stored onthe TOE or provided to the TOE as parameter of the command. Table 1: Primary assets 90 Elementary files (EF) may be stored in the MF, any DF, or Application and Application Dedicated File. The place of an EF in the file hierarchy defines features of the User Data stored in the EF. User data does not affect the operation of the TSF (cf. CC part 1, para. 100). Cryptographic keys used by the TSF to verify authentication attempts of external entities (i.e. authentication reference data) including the verification of Card Verifiable Certificates (CVC) or authenticate itself to external entities by generation of authentica- tion verification data in a cryptographic protocol are TSF data (cf. Tables 10, 11 and 12). 91 The protection profile for the COS [PPCOS] considers the following external entities: External entity Definition World Any user independenton identification or successful authentication3 Human User The person authenticatedby password or PUC Device An external device authenticatedby cryptographic operation Device with contactless communication An external Device communicating with the TOE through the contactless interface. The subject bind to this device has the security attribute “kontaktlos” (contactless communication) (added by Package contactless). Device authenticated using PACE protocol in PCD role An external Device communicating with the TOE through the contactless interface and successful authenticated by PACE protocol in PCD role (added by Package contactless). Table 2: External Entities4 3 The user World corresponds to the access condition ALWAYS in [EGK-COS]. An authenticated Human User or Device is allowed to use the right assigned for World. 4 This table defines external entities and subjects in the sense of [CC]. Subjects can berecognizedby the TOE independent of their nature (human or technical user). As result of an appropriate identificationand authentication process, the TOE creates Security Target TCOS FlexCert/SLC52 15/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 3.2 Threats 92 This section describes the threats to be averted by the TOE independently or in collabo- ration with its IT environment. These threats result from the assets stored in or protected by the TOE and the method of TOE’s use in the operational environment. 93 The following threats are defined in the Protection Profile [PP0084]: T.Leak-Inherent, T.Phys-Probing, T.Malfunction, T.Phys-Manipulation, T.Leak-Forced, T.Abuse-Func, T.RND. All threats are part of the Protection Profile [PPCOS] and are taken over into this ST. The following table lists all these threats with the corresponding reference. Threat name Short description Reference to para in [PP0084] T.Leak-Inherent Inherent InformationLeakage 82 T.Phys-Probing Physical Probing 83 T.Malfunction Malfunction due to Environmental Stress 84 T.Phys-Manipulation Physical Manipulation 85 T.Leak-Forced Forced Information Leakage 86 T.Abuse-Func Abuse of Functionality 87 T.RND Deficiency of Random Numbers 88 Table 3: Threats defined in BSI-CC-PP-0084-2014 and taken over into this ST 94 Please refer to [PP0084] for further descriptionsand the details. 95 The TOE shall avert the threat “Forge of User or TSF data (T.Forge_Internal_Data)” as specified below. T.Forge_Internal_Data Forge of User or TSF data 96 An attacker with high attack potential tries to forge internal user data or TSF data. This threat comprises several attack scenarios of smart card forgery. The attacker may try to alter the user data, e.g. to add user data in elementary files. The attacker may misuse the TSF management function to change the user authentication data to a known value. 97 The TOE shall avert the threat “Compromise of confidential User or TSF data (T.Compromise_Internal_Data)” as specified below. T.Compromise_Internal_Data Compromise of confidential User or TSF data 98 An attacker with high attack potential tries to compromise confidential user data or TSF data through the communication interface of the TOE. This threat comprises several attack scenarios e.g. guessing of the user authentication data (password) or reconstruction the private decipher key using the response code for chosen cipher texts (like Bleichenbacher attack for the SSL protocol implementation), e.g. to add keys for decipherment. The attacker may misuse the TSF management func- tion to change the user authentication data to a known value. 99 The TOE shall avert the threat “Misuse of TOE functions (T.Misuse)” as specified below. – for each of the respective external entity – an ‘image’ inside and ‘works’ then with this TOE internal image (also called subject in [CC]). From this point of view, the TOE itself perceives only ‘subjects’ and, for them, does not differ between‘subjects’ and ‘external entities’. There is no dedicated subject with the role ‘attacker’ within the current security policy, whereby an attacker might ‘capture’ any subject role recognized by the TOE. Security Target TCOS FlexCert/SLC52 16/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 T.Misuse Misuse of TOE functions 100 An attacker with high attack potential tries to use the TOE functions to gain access to the access control protected assets without knowledge of user authentication data or any implicit authorization. This threat comprises several attack scenarios e.g. the attacker may try circumvent the user authentication to use signing functionality without authorization. The attacker may try to alter the TSF data e.g. to extend the user rights after successful authentication. 101 The TOE shall avert the threat “Malicious Application (T.Malicious_Application)” as spec- ified below. T.Malicious_Application Malicious Application 102 An attacker with high attack potential tries to use the TOE functions to install an addi- tional malicious application in order to compromise or alter User Data or TSF data. 103 The TOE shall avert the threat “Cryptographic attack against the implementation (T.Crypto)” as specified below. T.Crypto Cryptographic attack against the implementation 104 An attacker with high attack potential tries to launch a cryptographic attack against the implementation of the cryptographic algorithms or tries to guess keys using a brute-force attack on the function inputs. This threat comprises several attack scenarios e.g. an attacker may try to foresee the output of a random number generator in order to get a session key. An attacker may try to use leakage during cryptographic operation in order to use SPA, DPA, DFA or EMA techniques in order to compromise the keys or to get knowledge of other sensitive TSF or User data. Furthermore an attacker could try guessing the key by using a brute -force attack. 105 The TOE shall avert the threat “Interception of Communication (T.Intercept)” as specified below. T.Intercept Interception of Communication 106 An attacker with high attack potential tries to intercept the communication between the TOE and an external entity, to forge, to delete or to add other data to the transmitted sensitive data. This threat comprises several attack scenarios. An attacker may try to read or forge data during transmission in order to add data to a record or to gain access to authentication data. 107 The TOE shall avert the threat “Wrong Access Rights for User Data or TSF Data (T.WrongRights)” as specified below. T.WrongRights Wrong Access Rights for User Data or TSF Data 108 An attacker with high attack potential executes undocumented or inappropriate access rights defined in object system and compromises or manipulate sensitive User data or TSF data. Security Target TCOS FlexCert/SLC52 17/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 3.3 Organizational SecurityPolicies 109 The TOE and/or its environment shall comply with the following Organizational Security Policies (OSP) as security rules, procedures, practices, or guidelines imposed by an or- ganization upon its operations. 110 The following OSPs are originally defined in the Protection Profile [PP0084]. The OSPs are part of the aforementioned Protection Profile and are taken over into this ST. Please refer to [PP0084] for further descriptions and the details. OSP name Short description Reference to para in [PP0084] P.Process-TOE Identification during TOE Development andProduction 90 P.Crypto-Service Cryptographic services of the TOE 374 Table 4: Overview of OSPs in BSI-CC-PP-0084-2014 and taken over into this ST 111 The following OSP is defined in the Logical channel Package: OSP.Logicalchannel Logical channel 112 The TOE supports and the operational environment uses logical channels bound to in- dependent subjects. 113 Application Note 2: The COS specification [EGK-COS] describes the concept of logical channels in chapter 12. 3.4 Assumptions 114 The assumptions describe the security aspects of the environment in which the TOE will be used or is intended to be used. 115 The assumptions A.Process-Sec-IC, A.Plat-Appl and A.Resp-Appl defined in the Protec- tion Profile [PP0084] address the operational environment of the Security IC, i.e. the COS part of the current TOE and the operational environment of the current TOE. The aspects of these assumptions relevant for the COS part of the current TOE address the development process of the COS and evaluated according to composite evaluation ap- proach. Therefore these assumptions are refined in the PP [PPCOS] in order to address the assumptions about the operational environment of the current TOE. The following table lists and maps these security assumptions for the operational environment with the corresponding reference. Assumptions de- fined in [PP0084] Reference to para in [PP0084] Refined assumptions for the operational environ- ment of the current TOE Rationale for the changes A.Process-Sec-IC 95 A.Process-Sec-SC While the TOE of BSI-CC-PP-0084-2014 is delivered after Phase 3 “IC Manufacturing andTesting” or Phase 4 “IC Packaging” the present TOE is delivered after Phase5 “Composite Product Integration” and before Phase6 “Per- sonalization”. The protection during Phase4 may and during Phase 5 shall be addressed by security of the de- velopment environment of the present TOE. Only pro- tection during Personalizationis in responsibility of the operational environment. A.Resp-Appl 99 A.Resp-ObjS The User Data of the TOE of BSI-CC-PP-0084-2014 are the Security IC Embedded Software, i.e. the COS part of the TOE, the TSF Data of the present TOE and the User Data of the COS. The object system contains the TSF Data and defines the security attributes of theUser Data of the Security Target TCOS FlexCert/SLC52 18/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Assumptions de- fined in [PP0084] Reference to para in [PP0084] Refined assumptions for the operational environ- ment of the current TOE Rationale for the changes present TOE. Table 5: Overview of assumptions defined in BSI-CC-PP-0084-2014 and implemented by the TOE 116 The developer of applications for COS must ensure the appropriate “Protection during Packaging, Finishing and Personalization (A.Process-Sec-SC)” while developing the ap- plication. A.Process-Sec-SC Protection during Personalisation 117 It is assumed that security procedures are used after delivery of the TOE by the TOE Manufacturer up to delivery to the end-consumer to maintain confidentiality and integrity of the TOE and of its manufacturing and test data (to prevent any possible copy, modifi- cation, retention, theft or unauthorized use). 118 The developer of applications for COS must ensure the appropriate “Usage of COS (A.Plat-COS)” while developing the application. A.Plat-COS Usage of COS 119 An object system designed for the TOE meets the following documents: (i) TOE guid- ance documents (refer to the Common Criteria assurance class AGD) such as the user guidance, including TOE related and the application notes, usage requirements, recom- mendations and restrictions, and (ii) findings of the TOE evaluation reportsrelevant for the COS as documented in the certification report including TOE related usage require- ments, recommendations, restrictionsand findingsresulting from the TOE’s evaluation and certification. 120 The developer of applications that are intended to run on the COS must ensure the ap- propriate “Treatment of User Data and TSF Data by the Object System (A.Resp -ObjS)” while developing the application. A.Resp-ObjS Treatment of User Data and TSF Data by the Object System 121 All User Data and TSF Data of the TOE are treated in the object system as defined for its specific intended application context. A.Process-Sec-SC Protection during Personalisation 122 It is assumed that security procedures are used after delivery of the TOE by the TOE Manufacturer up to the delivery to the end-consumer to maintain confidentiality and in- tegrity of the TOE and of its manufacturing and test data with the goal to prevent any possible copy, modification, retention, theft or unauthorised use. Security Target TCOS FlexCert/SLC52 19/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 4 Security Objectives 123 This section describes the security objectives for the TOE and the security objectives for the operational environment of the TOE. 4.1 Security Objectives for the TOE 124 The following TOE security objectives address the protection provided by the TOE inde- pendent of the TOE environment. 125 The following Security Objectives for the TOE are defined in the Protection Profile [PP0084]. The Security Objectivesfor the TOE are part of this Protection Profile and are taken over into this PP. Please refer to BSI-CC-PP-0084-2014 for further descriptions and the details. The following table lists all Security Objectives taken over with the corre- sponding reference. Also relevant for this TOE are the objectives of the package AES of BSI-CC-PP-0084-2014 which is implemented in the used hardware. Security Objective’s name Short description Reference to para in [PP0084] O.Leak-Inherent Protection against Inherent InformationLeakage 105 O.Phys-Probing Protection against Physical Probing 107 O.Malfunction Protection against Malfunctions 108 O.Phys-Manipulation Protection against Physical Manipulation 109 O.Leak-Forced Protection against Forced Information Leakage 111 O.Abuse-Func Protection against Abuseof Functionality 112 O.Identification TOE Identification 113 O.RND Random Numbers 114 O.AES Cryptographic service AES 385 Table 6: Overview of Security Objectives for the TOE defined in BSI-CC-PP-0084-2014 and taken over into this ST 126 Please refer to [PP0084] for further descriptionsand the details. 127 Additionally, the following Security Objectives for the TOE are defined: 128 The TOE shall provide “Integrity of internal data (O.Integrity)” as specified below. O.Integrity Integrity of internal data 129 The TOE must ensure the integrity of the User Data, the security services and the TSF data under the TSF scope of control. 130 The TOE shall provide “Confidentiality of internal data (O.Confidentiality)” as specified below. O.Confidentiality Confidentiality of internal data 131 The TOE must ensure the confidentiality of private keys and other confidential User Data and confidential TSF data especially the authentication data, under the TSF scope of control against attacks with high attack potential. Security Target TCOS FlexCert/SLC52 20/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 132 The TOE shall fulfil the Security Objective “Treatment of User and TSF Data (O.Resp- COS)” as specified below. O.Resp-COS Treatment of User and TSF Data 133 The User Data and TSF data (especially cryptographic keys) are treated by the COS as defined by the TSF data of the object system. 134 The TOE shall fulfil the Security Objective “Support of TSF data export (O.TSFDataExport)” as specified below. O.TSFDataExport Support of TSF data export 135 The TOE must fulfil the Security Objective correct export of TSF data of the object sys- tem excluding confidential TSF data for external review. 136 The TOE shall provide “Authentication of external entities (O.Authentication)” as speci- fied below. O.Authentication Authentication of external entities 137 The TOE supports the authentication of human users and external devices. The TOE is able to authenticate itself to external entities. 138 The TOE shall fulfil the Security Objective “Access Control for Objects (O.AccessControl)” as specified below. O.AccessControl Access control for objects 139 The TOE must enforce that only authenticated entities with sufficient access control rights can access restricted objects and services. The access control policy of the TOE must bind the access control right of an object to authenticated entities. The TOE must provide management functionality for access control rights of objects. 140 The TOE shall fulfil the Security Objective “Generation and import of keys (O.KeyManagement)” as specified below. O.KeyManagement Generation and import of keys 141 The TOE must enforce the secure generation, import, distribution, access control and destruction of cryptographic keys. The TOE must support the public key import from and export to a public key infrastructure. 142 The TOE shall fulfil the Security Objective “Cryptographic functions (O.Crypto)” as speci- fied below. O.Crypto Cryptographic functions 143 The TOE must provide cryptographic services by implementation of secure cryptograph- ic algorithms for hashing, key generation, data confidentiality by symmetric and asym- metric encryption and decryption, data integrity protection by symmetric MAC and asymmetric signature algorithms, and cryptographic protocols for symmetric and asym- metric entity authentication. 144 The TOE shall fulfil the Security Objective a “Secure messaging (O.SecureMessaging)” as specified below. Security Target TCOS FlexCert/SLC52 21/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 O.SecureMessaging Secure messaging 145 The TOE supports secure messaging for protection of the confidentiality and the integrity of the commands received from successfully authenticated device and sending respons- es to this device on demand of the external application. The TOE enforces the use of secure messaging for receiving commands if defined by access condition of an object. 146 The TOE shall provide a “Trusted channel (O.Trustedchannel)” as specified below (this is an objective from the Crypto Box package). O.Trustedchannel Trusted channel 147 The TOE supports trusted channel for protection of the confidentiality and the integrity for commands to be sent to successful authenticated device and receiving responses from this device on demand of the external application. 148 The TOE shall provide a “Protection of contactless communication with PACE (O.PACE_CHIP)” as specified below (this is an objective from the Package Contactless). O.PACE_CHIP Protection of contactless communication with PACE/PICC 149 The TOE supports the chip part of the PACE protocol in order to protect the confidentiali- ty and the integrity of data communicated through the contactless interface of the TOE. 150 The TOE shall provide a “Support of more than one logical channel (O.Logicalchannel)” as specified below (this is an objective from the Logical channel Package). O.Logicalchannel Support of more than one logical channel 151 The TOE supports more than one logical channel each bound to an independent sub- ject. 4.2 Security Objectives for the Operational Environment 152 This section describes the security objectives for the operational environment enforced by the Security IC Embedded Software. 153 The following security objectives for the operational environment of the security IC are defined in the Protection Profile [PP0084]. The operational environment of the Security IC as TOE in BSI-CC-PP-0084-2014 comprises the COS part of the present TOE and the operational environment of the present TOE. Therefore, these security objectives of the operational environment are appropriately split and re-defined. The aspects relevant for the COS part of the current TOE shall be fulfilled in the development process of the COS and evaluated according to composite evaluation approach. The remaining aspects of the security objectives for the operational environment defined in BSI-CC-PP-0084- 2014 are addressed in new security objectives for the operational environment of the present PP. The following table lists and maps these security objectives for the opera- tional environment with the corresponding reference. 154 In particular, the Security Objective for the Operational Environment OE.Resp-Appl de- fined in BSI-CC-PP-0084-2014 is split into the Security Objective O.Resp-COS (see def- inition in section 4.1) for the COS part of the TOE and the Security Objectives OE.Plat - Security Target TCOS FlexCert/SLC52 22/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 COS and OE.Resp-ObjS for the object system in the operational environment of the TOE. Table 7 lists and maps these Security Objectives for the Operational Environment with the corresponding reference to [PP0084]. Security Objectives for the operational environ- ment defined in [PP0084 Reference to para in [PP0084] Refined security objectives for the operational environ- ment of the current TOE Rationale of the changes OE.Resp-Appl 117 OE.Resp-ObjS OE.Plat-COS OE.Resp-Appl requires the Security IC Embedded Software Rationale of the changes to treat the User Data as required by the security needs of the specific application context. This Security Objec- tive shall be ensured by the TOE and the object system. OE.Process-Sec-IC 118 OE.Process-Card The Security Objective defined for the environment of the Security IC Platform is appropriately re- defined for the present TOE. Table 7: Overview of Security Objectives for the Operational Environment defined in BSI-CC-PP-0084-2014 and taken over into this ST 155 Please refer to [PP0084] for further descriptionsand the details. 156 Additionally, the following Security Objectives for the Operational Environment of the TOE are defined: 157 The operational environment of the TOE shall fulfil the Security Objective "Usage of COS (OE.Plat-COS)" as specified below. OE.Plat-COS Usage of COS 158 To ensure that the TOE is used in a secure manner the object system shall be designed such that the requirements from the following documents are met: (i) TOE guidance documents (refer to the Common Criteria assurance class AGD) such as the user guid- ance, including TOE related application notes, usage requirements, recommendations and restrictions, and (ii) certification report including TOE related usage requirements, recommendations, restrictionsand findingsresulting from the TOE’s evaluation and cer- tification. 159 The Security IC Embedded Software shall provide “Treatment of User Data (OE.Resp - ObjS)” as specified below. OE.Resp-ObjS Treatment of User Data and TSF Data by the Object System 160 All User Data and TSF Data of the object system are defined as required by the security needs of the specific application context. 161 The operational environment of the TOE shall fulfil the Security Objective “Protection during Personalisation (OE.Process-Card)” as specified below. OE.Process-Card Protection during Personalization 162 Security procedures shall be used after delivery of the TOE during Phase 6 Smartcard personalization up to the delivery of the smartcard to the end-user in order to maintain confidentiality and integrity of the TOE and to prevent any theft, unauthorized personali- zation or unauthorized use. Security Target TCOS FlexCert/SLC52 23/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 163 The operational environment of the TOE shall provide “Secure messaging support of external devices (OE.SecureMessaging)” as specified below (this is an objective from the Crypto Box package). OE.SecureMessaging Secure messaging support of external devices 164 The external device communicating with the TOE through a trusted channel supports device authentication with key derivation, secure messaging for received commands and sending responses. 165 The operational environment shall provide a “PACE support by terminals (OE.PACE_Terminal)” as specified below (this is an objective from the Package Contact- less). OE.PACE_Terminal PACE support by contactless terminal 166 The external device communicating trough a contactless interface with the TOE using PACE shall support the terminal part of the PACE protocol. 167 The security objectives O.PACE_CHIP and OE.PACE_Terminal mitigate the threat T.Intercept if contactless communication between the TOE and the terminal is used and the operational environment is not able to protect the communication by other means. 168 The operational environment shall provide a “Use of logical channels (OE.Logical- channel)” as specified below (this is an objective from the Logical channel Package). OE.Logicalchannel Use of logical channels 169 The operational environment manages logical channels bound to independent subjects for running independent processes at the same time. 170 The security objectives O.Logicalchannel and OE.Logicalchannel implement the OSP.Logicalchannel. 4.3 Security Objective Rationale 171 The following table providesan overview for security objectives coverage (TOE and its environment). It shows that all threats and OSPs are addressed by the security objec- tives. It also shows that all assumptions are addressed by the security objectives for the TOE environment. O.Identification O.Leak-Inherent O.Phys-Probing O.Malfunction O.Phys-Manipulation O.Leak-Forced O.Abuse-Func O.RND O.AES O.Integrity O.Confidentiality O.Resp-COS O.TSFDataExport O.Authentication O.AccessControl O.KeyManagement O.Crypto O.SecureMessaging O.Trustedchannel O.PACE_CHIP O.Logicalchannel SAR ALC (IC part) OE.Process-Sec-Card SAR ADV (COS part) SAR for COS part OE.Plat-COS OE.Resp-ObjS OE.Process-Card OE.SecureMessaging OE.PACE_Terminal OE.Logicalchannel T.Leak-Inherent x T.Phys-Probing x T.Malfunction x T.Phys-Manipulation x T.Leak-Forced x Security Target TCOS FlexCert/SLC52 24/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 O.Identification O.Leak-Inherent O.Phys-Probing O.Malfunction O.Phys-Manipulation O.Leak-Forced O.Abuse-Func O.RND O.AES O.Integrity O.Confidentiality O.Resp-COS O.TSFDataExport O.Authentication O.AccessControl O.KeyManagement O.Crypto O.SecureMessaging O.Trustedchannel O.PACE_CHIP O.Logicalchannel SAR ALC (IC part) OE.Process-Sec-Card SAR ADV (COS part) SAR for COS part OE.Plat-COS OE.Resp-ObjS OE.Process-Card OE.SecureMessaging OE.PACE_Terminal OE.Logicalchannel T.Abuse-Func x T.RND x T.Forge_Internal_Data x x T.Compromise_Internal_Data x x x T.Malicious_Application x x x T.Misuse x x T.Crypto x x T.Intercept x x x x x T.WrongRights x OSP.Logicalchannel x x P.Process-TOE x x P.Crypto-Service x x A.Process-Sec-IC x x A.Process-Sec-SC x A.Plat-Appl x A.Resp-Appl x A.Plat-COS n.a. n.a. x A.Resp-ObjS x A.Process-TOE x Table 8:Security Objective Rationale 172 A detailed justification required for suitability of the security objectives to coup with the security problem definition for the IC platform is given in the Protection Profile BSI -CC- PP0084 [PP0084]. For the additional threats the corresponding rationale is given in the claimed by this ST Protection Profile BSI-CC-PP0082 [PPCOS]. Hence it will not be re- peated here. 173 The security objectives from the Crypto Box package O.Trustedchannel and OE.Secu- reMessaging mitigate the threat T.Intercept if the operational environment is not able to protect the communication by other means. 174 The security objectives O.PACE_CHIP and OE.PACE_Terminal from the package Con- tactless mitigate the threat T.Intercept if contactless communication is used and the op- erational environment is not able to protect the communication by other means. 175 The two security objectives O.Logicalchannel and OE.Logicalchannel implement the OSP.Logicalchannel. Security Target TCOS FlexCert/SLC52 25/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 5 Extended Components Definition 176 This Security Target uses components defined in the Protection Profile [PPCOS] as ex- tensions to CC part 2. All these extended components are drawn from Definitions of chapter 5 of [PPCOS]. The families FAU_SAS, FCS_RNG and FMT_LIM are already de- fined in BSI-CC-PP0084 [PP0084]. 5.1 FCS_RNG Generation of random numbers 177 The family “Generation of random numbers (FCS_RNG)” is specified as follows. Family behavior This family defines quality requirementsfor the generation of random numbers which are intended to be used for cryptographic purposes. Component leveling: FCS_RNG.1 Generation of random numbers requires that random numbers meet a defined quality metric. Management: FCS_RNG.1 There are no management activities foreseen. Audit: FCS_RNG.1 There are no actions defined to be auditable. FCS_RNG.1 Random number generation Hierarchical to: No other components. Dependencies: No dependencies. FCS_RNG.1.1 The TSF shall provide a [selection: physical, non-physical true, deter- ministic, hybrid physical, hybrid deterministic] random number genera- tor that implements [assignment: list of security capabilities]. FCS_RNG.1.2 The TSF shall provide [selection: bits, octets of bits, numbers [assign- ment: format of the numbers]] that meet [assignment: a defined quality metric]. 5.2 FIA_API AuthenticationProof of Identity 178 The family “Authentication Proof of Identity (FIA_API)” is specified as follows. Family behavior This family defines functions provided by the TOE to prove its identity and to be verified by an external entity in the TOE IT environment. FCS_RNG Generation of random numbers 1 Security Target TCOS FlexCert/SLC52 26/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Component leveling: FIA_API.1 Authentication Proof of Identity, provides proof of the identity of the TOE to an external entity. Management: FIA_API.1 The following actions could be considered for the management func- tions in FMT: Management of authentication information used to prove the claimed identity. Audit: FIA_API.1 There are no actions defined to be auditable. FIA_API.1 Authentication Proof of Identity Hierarchical to: No other components. Dependencies: No dependencies. FIA_API.1.1 The TSF shall provide a [assignment: authentication mechanism] to prove the identity of the [assignment: object, authorized user or role] to an external entity. 5.3 FAU_SAS Audit data storage 179 The family “Audit data storage (FAU_SAS)” is specified as follows. Family behavior This family defines functional requirements for the storage of audit data. Component leveling FAU_SAS.1 Requires the TOE to provide the possibility to store audit data. Management: FAU_SAS.1 There are no management activities foreseen. Audit: FAU_SAS.1 There are no actions defined to be auditable. FAU_SAS.1 Audit storage Hierarchical to: No other components. Dependencies: No dependencies. FIA_API Authentication Proof of Identity 1 FAU_SAS Audit data storage 1 Security Target TCOS FlexCert/SLC52 27/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FAU_SAS.1.1 The TSF shall provide [assignment: list of subjects] with the capability to store [assignment: list of audit information] in the [assignment: type of persistent memory]. 5.4 FMT_LIM Limited capabilities and availability 180 The family “Limited capabilities and availability (FMT_LIM)” is specified as follows. Family behavior This family defines requirements that limit the capabilities and availability of functions in a combined manner. Note that FDP_ACF restricts the access to functions whereas the component Limited Capability of this family requires the functions themselves to be de- signed in a specific manner. Component leveling: FMT_LIM.1 Limited capabilities requires that the TSF is built to provide only the capabilities (perform action, gather information) necessary for its genu- ine purpose. FMT_LIM.2 Limited availability requires that the TSF restrict the use of functions (refer to Limited capabilities (FMT_LIM.1)). This can be achieved, for instance, by removing or by disabling functions in a specific phase of the TOE’s life-cycle. Management: FMT_LIM.1, FMT_LIM.2 There are no management activities foreseen. Audit: FMT_LIM.1, FMT_LIM.2 There are no actions defined to be auditable. The TOE Functional Requirement “Limited capabilities (FMT_LIM.1)” is specified as fol- lows. FMT_LIM.1 Limited capabilities Hierarchical to: No other components. Dependencies: FMT_LIM.2 Limited availability. FMT_LIM.1.1 The TSF shall be designed and implemented in a manner that limits its capabilities so that in conjunction with “Limited availability (FMT_LIM.2)” the following policy is enforced [assignment: Limited ca- pability policy]. The TOE Functional Requirement “Limited availability (FMT_LIM.2)” is specified as fol- lows. FMT_LIM Limited capabilities and availability 1 2 Security Target TCOS FlexCert/SLC52 28/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FMT_LIM.2 Limited availability Hierarchical to: No other components. Dependencies: FMT_LIM.1 Limited capabilities. FMT_LIM.2.1 The TSF shall be designed in a manner that limits their availability so that in conjunction with “Limited capabilities (FMT_LIM.1)” the following policy is enforced [assignment: Limited availabilitypolicy]. 181 Application Note 3: The functional requirements FMT_LIM.1 and FMT_LIM.2 assume that there are two types of mechanisms (limitation of capabilities and limitation of availa- bility) which together shall provide protection in order to enforce the same policy or two mutual supportive policies related to the same functionality. This allows e.g. that (i) the TSF is provided without restrictions in the product in its user environment but its capabilities are so limited that the policy is enforced or conversely (ii) the TSF is designed with high functionality but is removed or disabled in the product in its user environment. 5.5 FPT_EMS TOE Emanation 182 The family “TOE Emanation (FPT_EMS)” is specified as follows. Family behavior This family defines requirements to mitigate intelligible emanations. Component leveling: FPT_EMS.1 Emanation of TSF and User data, defines limits of TOE emanation related to TSF and User data. FPT_EMS.1.1 Limit of Emissions requires to not emit intelligible emissions enabling access to TSF data or user data. FPT_EMS.1.2 Interface Emanation requires not emit interface emanation enabling access to TSF data or user data. Management: FPT_EMS.1 There are no management activities foreseen. Audit: FPT_EMS.1 There are no actions defined to be auditable. FPT_EMS.1 TOE Emanation Hierarchical to: No other components. FPT_EMS TOE emanation 1 Security Target TCOS FlexCert/SLC52 29/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Dependencies: No other components. FPT_EMS.1.1 The TOE shall not emit [assignment: types of emissions] in excess of [assignment: specified limits] enabling access to [assignment: list of types of TSF data] and [assignment: list of types of user data]. FPT_EMS.1.2 The TSF shall ensure [assignment: type of users] are unable to use the following interface [assignment: type of connection] to gain access to [assignment: list of types of TSF data] and [assignment: list of types of user data]. 5.6 FPT_ITE TSF image export 183 The family “TSF image export (FPT_ITE)” is specified as follows. Family behavior The family FPT_ITE (TSF image export) of the class FPT (Protection of the TSF) is de- fined here to describe the IT Security Functional Requirements of the TOE. This family defines rules for the export of TOE implementation fingerprints and of TSF Data in or- der to allow the verification of the correct implementation of the IC Dedicated Software and the COS of the TOE and the TSF Data of the smart card. A fingerprint of the TOE implementation covers (beside a value randomly chosen by the external world) all implemented executable code including related configuration da- ta and may e.g. be realised as a keyed hash value over all these implementation items. Refer to the COS specification for technical details concerning the command FINGER- PRINT. Such TOE implementation fingerprint serves for the identification as well as for the verification of the integrity and authenticity of the TOE and its implementation. The export of a fingerprint of the TOE implementation provides the ability to compare the provided TOE implementation with the known intended TOE implementation that is subject of the TOE's evaluation and certification on base of the PP on hand. The export of all non-confidential TSF Data, e.g. data security attributes of subjectsand objects and public authentication verification data like public keys, provides the ability to verify their correctness e.g.against an object system specification. The exported da- ta must be correct, but do not need protection of confidentiality or integrity if the export is performed in a protected environment. This family describes the functional requirements for the export of TOE implementation fingerprints and for the unprotected export of TSF Data not being addressed by any other component of CC Part 2[CC]. FPT_ITE TSF image export Family Behaviour This family defines requirements for the export of the TOE implementation fingerprint and of TSF data. Component leveling: FPT_ITE TSF image export 1 2 Security Target TCOS FlexCert/SLC52 30/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FPT_ITE.1 Export of TOE implementation fingerprint, provides the ability to export the TOE implementation fingerprint without protection of confidentiality or integrity. FPT_ITE.2 Export of TSF data, provides the ability to export the TSF data without protection of confidentiality or integrity. Management FPT_ITE.1, FPT_ITE.2: There are no management activities foreseen. Audit FPT_ITE.1, FPT_ITE.2: There are no actions defined to be auditable. FPT_ITE.1 Export of TOE implementation fingerprint Hierarchical to: No other components. Dependencies: No dependencies. FPT_ITE.1.1 The TOE shall export fingerprint of TOE implementation given the fol- lowing conditions [assignment: conditions for export]. FPT_ITE.1.2 The TSF shall use [assignment: list of generation rules to be applied by TSF] for the exported data. FPT_ITE.2 Export of TSF data Hierarchical to: No other components. Dependencies: No dependencies. FPT_ITE.2.1 The TOE shall export [assignment: list of types of TSF data] given the following conditions [assignment: conditions for export]. FPT_ITE.2.2 The TSF shall use [assignment: list of encoding rules to be applied by TSF] for the exported data. 5.7 FDP_SDC Stored data confidentiality 184 The family “Stored data confidentiality (FDP_SDC)” is specified as follows. Family behaviour This family provides requirements that address protection of user data confidentiality while these data are stored within memory areas protected by the TSF. The TSF pro- vides access to the data in the memory through the specified interfaces only and pre- vents compromise of their information bypassing these interfaces. It complements the family Stored data integrity (FDP_SDI) which protects the user data from integrity er- rors while being stored in the memory. Component levelling FDP_SDC Stored data confidentiality 1 Security Target TCOS FlexCert/SLC52 31/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FDP_SDC.1 Requires the TOE to protect the confidentiality of information of the user data in specified memory areas. Management: FDP_SDC.1 There are no management activities foreseen. Audit: FDP_SDC.1 There are no actions defined to be auditable. FDP_SDC.1 Stored data confidentiality Hierarchical to: No other components. Dependencies: No dependencies. FDP_SDC.1.1 The TSF shall ensure the confidentiality of the information of the user data while it is stored in the [assignment: memory area] Security Target TCOS FlexCert/SLC52 32/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 6 Security Requirements 185 This part of the ST defines the detailed security requirementsthat shall be satisfied by the TOE. The statement of TOE security requirements shall define the functional and assurance security requirements that the TOE needs to satisfy in order to meet the se- curity objectives for the TOE. 186 The CC allows several operations to be performed on functional requirements; refine- ment, selection, assignment, and iteration are defined in section 8.1 of Part 1 of the Common Criteria [CC]. Each of these operations is used in this ST. 187 The refinement operation is used to add detail to a requirement, and thus further re- stricts a requirement. Refinementsof security requirements are denoted in such a way that added words are in bold text and removed are crossed out. Refinements made by the ST author appear slanted, bold and underlined. 188 The selection operation is used to select one or more options provided by the CC in stating a requirement. Selections having been made by the PP author are denoted as underlined text. Selections made by the ST author appear slanted and underlined. 189 The assignment operation is used to assign a specific value to an unspecified parame- ter, such as the length of a password. Assignments having been made by the PP author are denoted by showing as underlined text. Assignments made by the ST author appear slanted and underlined. 190 The iteration operation is used when a component is repeated with varying operations. Iteration is denoted by showing a slash “/”, and the iteration indicator after the compo- nent identifier. 191 For the sake of a better readability, the iteration operation may also be applied to some single components (being not repeated) in order to indicate belonging of such SFRs to same functional cluster. In such a case, the iteration operation is applied to only one sin- gle component. 6.1 Security Functional Requirements for the TOE 6.1.1 Overview 192 The following table providesan overview of security functional requirements in the con- text of the main security functionalities offered by the TOE: Security Functional Group SFR concerned Protection against Malfunctions FRU_FLT.2/SICP, FPT_FLS.1/SICP Protection against Abuseof Functionality FMT_LIM.1/SICP, FMT_LIM.2/SICP, FAU_SAS.1/SICP Protection against Physical Manipulation and Probing FDP_SDC.1/SICP, FDP_SDI.2/SICP, FPT_PHP.3/SICP Protection against Leakage FDP_ITT.1/SICP, FPT_ITT.1/SICP, FDP_IFC.1/SICP Generation of Random Numbers FCS_RNG.1/SICP General Protection of User data and TSF data (section 291 and 6.1.8) FDP_RIP.1, FDP_RIP.1/PACE.PICC, FDP_SDI.2,FPT_FLS.1, FPT_EMS.1, FPT_EMS.1/PACE.PICC, FPT_TDC.1, FPT_ITE.1, FPT_ITE.2, FPT_ITE.2/PACE, FPT_TST.1 Security Target TCOS FlexCert/SLC52 33/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Security Functional Group SFR concerned Authentication(section 6.1.5) FIA_AFL.1/PIN, FIA_AFL.1/PUC, FIA_ATD.1,FIA_ATD.1/PACE, FIA_SOS.1, FIA_UAU.1,FIA_UAU.1/PACE, FIA_UAU.4, FIA_UAU.4/PACE.PICC, FIA_UAU.5, FIA_UAU.5/PACE.PICC, FIA_\ UAU.6, FIA_UAU.6/CB, FIA_UAU.6/PACE.PICC, FIA_API.1, FIA_API.1/CB, FMT_SMR.1, FIA_USB.1, FIA_USB.1/CB, FIA_USB.1/PACE.PICC, FIA_USB.1/LC Access Control (section 291 and 6.1.7) FDP_ACC.1/EF, FDP_ACF.1/EF, FDP_ACC.1/SEF, FDP_ACF.1/SEF, FDP_ACC.1/TEF, FDP_ACF.1/TEF, FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF, FDP_ACC.1/KEY, FDP_ACF.1/KEY, FDP_ACC.1/LC, FDP_ACF.1/LC, FDP_UCT.1/PACE,FDP_UIT.1/PACE, FMT_MSA.3, FIA_UID.1, FIA_UID.1/PACE, FMT_MSA.3/LC, FMT_SMF.1, FMT_SMR.1/PACE.PICC, FMT_MSA.1/Life, FMT_MSA.1/SEF, FMT_MTD.1/PIN, FMT_MSA.1/PIN, FMT_MTD.1/Auth, FMT_MSA.1/Auth, FMT_MTD.1/NE, FMT_MTD.1/PACE.PICC Cryptographic Functions (section 6.1.4) FCS_RNG.1, FCS_RNG.1/GR, FCS_RNG.1/PACE, FCS_COP.1/SHA, FCS_COP.1/AES/SICP, FCS_COP.1/COS.AES, FCS_COP.1/CB.AES, FCS_COP.1/PACE.PICC.ENC, FCS_COP.1/PACE.PICC.MAC, FCS_CKM.1/AES.SM, FCS_CKM.1/RSA,FCS_CKM.1/ELC, FCS_CKM.1/DH.PACE.PICC, FCS_CKM.4/PACE.PICC, FCS_COP.1/COS.CMAC, FCS_COP.1/CB.CMAC, FCS_COP.1/COS.RSA.S, FCS_COP.1/COS.ECDSA.S, FCS_COP.1/COS. ECDSA.V, FCS_COP.1/COS.RSA, FCS_COP.1/CB.RSA, FCS_COP.1/COS.ELC, FCS_COP.1/CB.ELC, FCS_CKM.4, FCS_CKM.4/AES/SICP Protection of communication (section 6.1.4 and 6.1.10) FTP_ITC.1/TC, FTP_ITC.1/PACE.PICC Table 9: Security Functional Groups vs. SFRs 193 The SFRs related to the IC Platform are marked with the iteration /SICP as defined in the PP [PPCOS]. 194 The following table provides the IC related TSF Data implemented by the TOE [PPCOS, Table 13]: TSF Data Definition TOE pre-personalization data Any data supplied by the Card Manufacturer that is injected into the non-volatile memory by the Integrated Circuits manufacturer. TOE initialization data Initialization Data defined by the TOE Manufacturer to identify the TOE and to keep track of the Security IC Platform’s production and further life-cycle phases are con- sidered as belonging to the TSF data. Table 10: IC related TSF Data 6.1.2 Users, subjects and objects 195 The security attributes of human users are stored in password objects (cf. [EGK-COS] for details). The human user selects the password object by pwdIdentifier and therefore the role gained by the subject acting for this human user after successful authentication. The role is a set of access rights defined by the access control rules of the objects con- taining this pwdIdentifier. The secret is used to verify the authentication attempt of the human user providing the authentication verification data. The security attributes trans- portStatus, lifeCycleStatus and flagEnabled stored in the password object define the sta- tus of the role associated with the password. E.g. if the transportStatus is equal to Leer- PIN or Transport-PIN the user is enforced to define his or her own password and making this password and this role effective (by changing the transportStatus to regularPass- word). The multi-reference password shares the secret with the password identified by pwReference. It allows enforcing re-authentication for access and limitation of authenti- Security Target TCOS FlexCert/SLC52 34/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 cation status to specific objects and makes password management easier by using the same secret for different roles. The securityattributes interfaceDependentAccessRules, startRetryCounter, retryCounter, minimumLength and maximumLength are defined for the secret. The PUC defined for the secret is intended for password management and the authorization gained by successful authentication is limited to the command RESET RETRY COUNTER for reset of the retryCounter and setting a new secret. 196 The security attributes of devices depend on the authentication mechanism and the au- thentication reference data. A device may be associated with a symmetric cryptographic authentication key with a specific keyIdentifier and therefore the role gained by the sub- ject acting for this device after successful authentication. The role is by the access con- trol rules of the objects containing this keyIdentifier. A device may be also associated with a certificate containing the public key as authentication reference data and the card holder authorization template (CHAT) in case of ELC based CVC.. The authentication protocol comprise the verification of the certificate by means of the root public key and command PSO VERIFY CERTIFICATE and by means of the public key contained in the successful verified certificate and the command EXTERNAL AUTHENTICATE. The subject acting for this device get the role of the CHA or CHAT which is referenced in the access control rules of the objects. 197 The following table providesan overview of the authentication reference data and securi- ty attributes of human users and devices and the security attributes of the authentication reference data as TSF data [PPCOS, Table 14 and 15]: User type Authenticationreferencedata andsecurity attributes Operations Human user Password Authenticationreferencedata:secret Security attributes of the user role: pwdIdentifier, transportStatus, lifeCycleS- tatus, flagEnabled, startSsecList Security attributes of the secret: inter- faceDependentAccessRules,star- tRetryCounter, retryCounter, mini- mumLength, maximumLength The following command is used by the TOE to authenti- cate the human user and to reset the security attribute retryCounter by PIN: VERIFY. The following command is used by the TOE to manage the authentication reference data secret and thesecurity attribute retryCounter with authenticationof the human user by PIN: CHANGE REFERENCE DATA (P1=00). The following commands are used by the TOE to man- age the authenticationreferencedata secret without authenticationof the humanuser: CHANGE REFERENCE DATA (P1=01) and RESET RETRY COUNTER (P1=02). The following command is used by the TOE to manage the security attribute retryCounter of the authentication reference data PIN without authenticationof the human user: RESET RETRY COUNTER (P1=03). The command GET PIN STATUS is used to query the security attribute retryCounter of the authentication reference data PIN with password object specific access control rules. The following commands are used by the TOE to man- age the security attribute flagEnabled of the authentica- tion reference data with human user authentication by PIN: ENABLE VERIFICATION REQUIREMENT (P1=00), DISA- BLE VERIFICATION REQUIREMENT (P1=00). The following commands are used by the TOE to man- age the security attribute flagEnabled of the authentica- tion reference data without humanuser authentication: ENABLE VERIFICATION REQUIREMENT (P1=01), DISABLE VERIFICATION REQUIREMENT (P1=01). The commands ACTIVATE, DEACTIVATE and TERMINATE are used to manage the security attribute lifeCycleStatus of the authenticationreferencedatapassword with password object specific access control rules. The com- mand DELETE is used to delete the authenticationrefer- ence data password with password object specific ac- cess control rules. Security Target TCOS FlexCert/SLC52 35/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 User type Authenticationreferencedata andsecurity attributes Operations Human user Multi-Reference password Authenticationreferencedata:secret is shared with the password identified by pwReference. Security attributes of the user role: pwdIdentifier, lifeCycleStatus, trans- portStatus, flagEnabled, startSsecList. Security attributes of the secret: The secu- rity attributes interfaceDependentAc- cessRules, minimumLength, maxi- mumLength, startRetryCounter and re- tryCounter are shared with password identified by pwReference. The commands used by the TOE to authenticatethe human user and to manage the authentication reference Multi-Reference password data are the same as for password. Human user Personal unblock code (PUC) Authenticationreferencedata:PUK Security attributes: pwdIdentifier of the password5, pukUsage The following command is used by the TOE to manage the authentication reference data secret and thesecurity attribute retryCounter of the authenticationreference data PIN with authentication of thehuman user by PUC: RESET RETRY COUNTER (P1=00). The following command is used by the TOE to manage the security attribute retryCounter of the authentication reference data PIN with authentication of thehuman user by PUC: RESET RETRY COUNTER (P1=01). Device Symmetric authentication key Authenticationreferencedata:macKey6 Security attributes of the Authentication reference data: keyIdentifier, interfaceDe- pendentAccessRules, lifeCycleStatus, algorithmIdentifier, numberScenario The following commands are used by the TOE to au- thenticate a device EXTERNAL AUTHENTICATE , MUTUAL AUTHENTICATE and GENERAL AUTHENTICATE. The following commands are used by the TOE to man- age the authenticationreferencedata ACTIVATE, DEACTI- VATE, DELETE and TERMINATE. Device Asymmetric authentication key Authenticationreferencedata:Root Public Key Certificate containing the public key of the device7 persistentCache, applicationPublicK- eyList8 Security attributes of the user: Certificate Holder Reference (CHR), lifeCycleStatus, interfaceDependentAccessRules, Certifi- cate Holder Authorization Template (CHAT) for elliptic curve keys Security attributes in the certificate: Certifi- cate Profile Identifier (CPI), Certification Authority Reference (CAR), Object Identi- fier (OID) The following command is used by the TOE to authenti- cate a device EXTERNAL AUTHENTICATE with algID equal to elcRoleCheck The following commands are used by the TOE to man- age the authenticationreferencedata PSO VERIFY CER- TIFICATE, ACTIVATE, DEACTIVATE, DELETE and TERMINATE. Device Secure messaging channel key Authenticationreferencedata:MAC ses- sion key SK4SM Security attributes of SK4SM: flagSes- sionEnabled equal SK4SM, Kmac and The TOE authenticates the sender of a received com- mand using secure messaging. 5 The PUC is part of the password object as authenticationreferencedata for the RESET RETRY COUNTER command for this password. 6 The symmetric authentication object contains encryption key encKey and a message authentication key macKey. 7 The certificate of the device may be only the end of a certificate chain going up to the root public key. 8 The command PSO VERIFY CERTIFICATE may store the successful verified public key temporarily in the volatileCache or persistently in the applicationPublicKeyList or the persistentCache. Public keys in the applicationPublicKeyList may be used like root public keys. The wrapper specification [EGK-WRP] and COS specification [EGK-COS] definethe persistentPublicKeyList as superset of all persistently stored public keys in the applicationPublicKeyList andthe persistentCache. Security Target TCOS FlexCert/SLC52 36/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 User type Authenticationreferencedata andsecurity attributes Operations SSCmac, negotiationKeyInformation. Device Symmetric authentication key MUTUAL AUTHENTICATE, EXTERNAL AUTHENTICATE, PSO DECIPHER and PSO VERIFY CRYPTOGRAPHIC CHECKSUM used for trusted channel (added by the Package Crypto Box) Device Symmetric Card Connection Object (SCCO) Authentication referencedata:SCCO stored in TOE and corresponding to the CAN, MAC session key SK4SM Security attributes: keyIdentifier of the SCCO in the globalSecurityList if SCCO was in MF or in dfSpecificSecurityList if the SCCO was in the respective folder, SK4TC referenced in Kmac and SSCmac GENERAL AUTHENTICATE with (CLA,INS,P1,P2) = (x0,86,00,00) is used by TOE running PACE protocol role as PICC to authenticatethe external device running PACE protocol role as PCD. (added by the Package Contactless) TOE as PICC SK4SM referenced in macKey and SSCmac SK4SM is used to generate MAC for command respons- es. (added by the Package Contactless) Table 11: Authentication reference data and security attributes 198 The following table defines the authentication verification data used by the TSF itself for authentication by external entities (cf. FIA_API.1) [PPCOS, Table 16]: Subject type Authenticationverification dataand securi- ty attributes Operations TSF Private authentication key Authenticationverification data privateKey Security attributes keyIdentifier, setAlgorithmIdentifier with algorithmIdentifier lifeCycleStatus The following commands are used by the TOE to au- thenticate themselves to an external device: INTERNAL AUTHENTICATE, MUTUAL AUTHENTICATE TSF Secure messaging channel key Authenticationverification data MAC session key SK4SM Security attributes flagSessionEnabled, Kmac and SSCmac, Kenc and SSCenc, flagCmdEnc and flagRspEnc Responses using secure messaging The session keys are linked to the folder of the keys used by them. TSF Trusted channel Authentication verification data Session key SK4TC Security attributes SK4TC referenced in keyRefer- enceList.macCalculation and keyRefer- enceList.dataEncipher The commands PSO COMPUTE CRYPTOGRAPHIC CHECK- SUM and PSO ENCIPHER are used to generate com- mands received by the authenticatedPICC with secure messaging. (added by the Package Crypto Box) TSF Session key SK4TC PSO ENCIPHER, PSO DECIPHER, PSO VERIFY CERTIFI- CATE and PSO VERIFY CRYPTOGRAPHIC CHECKSUM used for trusted channel (added by the Package Crypto Box) Table 12: Authentication verification data of the TSF and security attributes 199 The COS specification associates a subject with a logical channel and its channelCon- text (cf. [EGK-COS], chapter 12). The TOE may support one subject respective logical channel or more than one independent subjectsrespective logical channels. The chan- Security Target TCOS FlexCert/SLC52 37/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 nelContext comprises securityattributes of the subject summarized in the following table [PPCOS, Table 17]: Security attribute Elements Comments Interface The TOE detects whether the communication uses contact based interface (value set to kontaktbehaftet), or contactless interface(value set to kontaktlos)9. If the TOE does not support contactless communi- cation the TOE shall behave as interfaceDependentAccessRules is permanently set to kontaktbehaftet. currentFolder Identifier of the (unique) current folder seIdentifier Security environment selected by means of command MANAGE SECU- RITY ENVIRONMENT10. If no security environment is explicitly selected the default security environment #1 is assumed. keyReferenceList The list contains elements which may be empty or may contain one pair (keyReference, algorithmIdentifier). externalAuthenticate keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for device authenticationby means of commands EXTERNAL AUTHENTICATE and MUTUAL AUTHENTICATE internalAuthenticate keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for authen- tication of the TSF itself by means of commands INTERNAL AUTHENTI- CATE verifyCertificate keyReference of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for PSO VERIFY CERTIFICATE signatureCreation keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for PSO COMPUTE DIGITAL SIGNATURE dataDecipher keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for PSO DECIPHER or PSO TRANSCIPHER dataEncipher keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for PSO ENCIPHER. macCalculation keyReference and algorithmIdentifier of the key selected by means of the command MANAGE SECURITY ENVIRONMENT to be used for PSO COMPUTE CRYPTOGRAPHIC CHECKSUM and PSO VERIFY CRYPTOGRA- PHIC CHECKSUM SessionkeyContext This list contains security attributes associated with secure messaging and trusted channels. flagSessionEnabled Value noSK indicates no session key established. Value SK4SM indicates session keys established for receiving com- mands and sending responses. Value SK4TC indicates session keys establishedfor PSO COMPUTE CRYPTOGRAPHIC CHECKSUM, PSO VERIFY CRYPTOGRAPHIC CHECKSUM and PSO ENCIPHER, PSO DECIPHER. Kenc and SSCenc Key for encryption and decryption andits sequencecounter Kmac and SSCmac Key for MAC calculation and verification and its sequencecounter flagCmdEnc and flagRspEnc Flags indicating encryption of data in commands respectiveresponses negotiationKeyInfor- mation keyIdentifier of the key used to generate the sessionkeys and if asymmetric key was used the accessRight associated with this key. The keyIdentifier may reference to the authenticationreferencedata used for PACE. 9 Note the COS specification [EGK-COS] describes this security attribute in the context of access control rules in chapter 8.1.4 only. If the TOE does not support contactless communication thedocument in hand shall be read assuming that this at- tribute is equal to “kontaktbehaftet”. 10 Note the COS specification [EGK-COS] describes this security attribute in the informativechapter 8.8. The object system specification of the eHPC uses this security attribute for access control rules of batch signature creation. Security Target TCOS FlexCert/SLC52 38/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Security attribute Elements Comments accessRulesSes- sionkeys Access control rules associated with trusted channel support. globalPasswordList (pwReference, secu- rityStatusEvaluation- Counter) List of 0, 1, 2, 3 or 4 elements containing results of successful human user authentication with password in MF: pwReference andsecu- rityStatusEvaluationCounter dfSpecificPassword- List (pwReference, secu- rityStatusEvaluation- Counter) List of 0, 1, 2, 3 or 4 elements containing results of successful human user authentication with password for each DF: pwReference and securityStatusEvaluationCounter globalSecurityList CHA or keyIdentifier List of 0, 1, 2 or 3 elements containing results of successful device authenticationwith authentication reference datain MF: CHA as refer- ence to the role gained by authenticationbasedon certificate or key- Identifier as reference to the used symmetric authenticationkey or keyIdentifier generated by successful authentication with PACE proto- col. dfSpecificSecu- rityList CHA or keyIdentifier List of 0, 1, 2 or 3 elements containing results of successful device authenticationwith authentication reference datafor each DF: CHA as reference to the role gained by authentication based on certificateor keyIdentifier as reference to symmetric authentication key or keyIden- tifier generated by successful authentication with PACE protocol11. bitSecurityList List of CHAT gained by successful authenticationwith CVC based on ECC. The effective access rights are the intersection of access rights defined in CVC of the CVC chain up to the root. currentFile Identifier of the (unique) current file from currentFolder.children securityStatusEva- luationCounter startSsec Must contain all values of startSsec and may be empty Table 13: Security attributes of a subject 200 The following tables provide an overview of the objects, operations and security attrib- utes defined in the PP [PPCOS, Table 18]. All references in the table refer to the tech- nical specification of the card operating system [EGK-COS]. Object type Security attributes Operations Object System applicationPublicKeyList, persistentCache, pointInTime PSO VERIFY CERTIFICATE Folder (8.3.1) accessRules: lifeCycleStatus, shareable,interfaceDepen- dentAccessRules, children SELECT, ACTIVATE, DEACTIVATE, DELETE, FINGERPRINT, GET RANDOM, LOAD APPLICA- TION, TERMINATE DF Dedicated File (8.3.1.2) Additionally to Folder: fileIdentifier Identical to Folder Application (8.3.1.1) Additionally to Folder: applicationIdentifier Identical to Folder Application Dedicated File (8.3.1.3) Additionally to Folder: fileIdentifier, applicationIdentifier, children Identical to Folder Elementary File (8.3.2) fileIdentifier, list of shortFileIdentifier, lifeCy- cleStatus, shareable accessRules: interfaceDependentAc- cessRules, flagTransactionMode, flag- Checksum SELECT, ACTIVATE, DEACTIVATE, DELETE, TERMINATE Transparent EF (8.3.2.1) Additionally to Elementary File: number- OfOctet, positionLogicalEndOfFile,body Additionally to Elementary File: ERASE BINARY, READ BINARY, UPDATE BINARY, WRITE BINARY Structured EF (8.3.2.2) Additionally to Elementary File: recordList, maximumNumberOfRecords, maxi- mumRecordLength, flagRecordlifeCycleSta- tus Additionally to Elementary File: ACTIVATE RECORD, APPEND RECORD, DELETE REC- ORD, DEACTIVATE RECORD, ERASE RECORD, READ RECORD, SEARCH RECORD, SET 11 The keyIdentifier generated by successful authentication with PACE protocol is named “Kartenverbindungsobjekt” in the COS specification [EGK-COS]. Security Target TCOS FlexCert/SLC52 39/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Object type Security attributes Operations LOGICAL EOF, UPDATE RECORD Regular Password (8.4) (PIN) lifeCycleStatus, pwdIdentifier, accessRules: interfaceDependentAc- cessRules, secret: PIN, minimumLength, maxi- mumLength, startRetryCounter, re- tryCounter, transportStatus, flagEnabled, startSsecList, PUC, pukUsage, channel specific: securityStatusEvalua- tionCounter ACTIVATE, DEACTIVATE, DELETE, TERMINATE CHANGE REFERENCE DATA, DISABLE VERIFI- CATION REQUIREMENT, ENABLE VERIFICA- TION REQUIREMENT, GET PIN STATUS, RESET RETRY COUNTER, VERIFY Multi-reference Pass- word (8.5) (MR-PIN) lifeCycleStatus, pwdIdentifier, accessRules: interfaceDependentAc- cessRules, startSsecList, flagEnabled, pwReference, Attributes used together with referred pass- word (PIN): secret: PIN, minimumLength, maxi- mumLength, startRetryCounter, re- tryCounter, transportStatus, PUC, pukUsage channel specific: securityStatusEvalua- tionCounter Identical to Regular Password PUC type pin, pukUsage RESET RETRY COUNTER Symmetric Key (8.6.1) lifeCycleStatus, keyIdentifier accessRules: interfaceDependentAc- cessRules, encKey, macKey, numberSce- nario, algorithmIdentifier, accessRulesSessionkeys: interfaceDepen- dentAccessRules ACTIVATE, DEACTIVATE, DELETE, TERMI- NATE, EXTERNAL AUTHENTICATE, GENERAL AUTHENTICATE, INTERNAL AUTHENTICATE, MUTUAL AUTHENTICATE Private Asymmetric Key (8.6.4) lifeCycleStatus, keyIdentifier, accessRules: interfaceDependentAc- cessRules, privateKey, listAlgorithmIdentifi- er, accessRulesSessionkeys: interfaceDepen- dentAccessRules, algorithmIdentifier, keyA- vailable ACTIVATE, DEACTIVATE, DELETE, TERMI- NATE, GENERATE ASYMMETRIC KEY PAIR or key import, EXTERNAL AUTHENTICATE, GENERAL AUTHENTICATE, INTERNAL AU- THENTICATE, PSO COMPUTE DIGITAL SIGNA- TURE, PSO DECIPHER, PSO TRANSCIPHER Public Asymmetric Key (8.6.4) lifeCycleStatus, keyIdentifier, oid accessRules: interfaceDependentAc- cessRules ACTIVATE, DEACTIVATE, DELETE, TERMINATE Public Asymmetric Key for signature verification (8.6.4.2) Additionally to Public Asymmetric Key: publicRsaKey or publicElcKey: oid CHAT, expirationDate: date Additionally to Public Asymmetric Key: PSO VERIFY CERTIFICATE, PSO VERIFY DIGITAL SIGNATURE Public Asymmetric Key for Authentication (8.6.4.3) publicRsaKey or publicElcKey: oid CHA, CHAT, expirationDate: date Additionally to Public Asymmetric Key: EXTERNAL AUTHENTICATE, GENERAL AU- THENTICATE, INTERNAL AUTHENTICATE Public Asymmetric Key for Encryption (8.6.4.4) Additionally to Public Asymmetric Key: publicRsaKey or publicElcKey: oid Additionally to Public Asymmetric Key: PSO ENCIPHER Card verifiable certificate (CVC) (7.1.1) Certificate Profile Identifier (CPI) Certifica- tion Authority Reference (CAR) Certificate Holder Reference (CHR) Certificate Holder Autorization (CHA) Object Identifier (OID) signature Table 14: Subjects, objects, operations and security attributes 201 The TOE supports Access control lists for lifeCycleStatus values “Operation state (acti- vated)”, “Operation state (deactivated)” and “Termination state”, security environments with value seIdentifier selected for the folder interfaceDependentAccessRules for contact Security Target TCOS FlexCert/SLC52 40/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 based communication, and for interfaceDependentAccessRules for contactless commu- nication. 202 If the user communicates with the TOE through the contact based interface the security attribute interface of the subject is set to the value “kontaktbehaftet” and the interface- DependentAccessRules for contact based communication shall apply. If the user com- municates with the TOE through the contactless interface the security attribute interface of the subject is set to the value “kontaktlos” and the interfaceDependentAccessRules for contactless communication shall apply. If the TOE does not support the con tactless communication it behaves in respect to access control like a TOE defining all inter- faceDependentAccessRules “kontaktlos” set to NEVER in the object system. 203 The user may set the seIdentifier value of the security environments for the folder by means of the command MANAGE SECURITY ENVIRONMENT. This may be seen as selec- tion of a specific set of access control rules for the folder and the objects in this folder12 204 The TOE access control rule contains • command defined by CLA, 0 or 1 parameter P1, and 0 or 1 parameter P2, • values of the lifeCycleStatus and interfaceDependentAccessRules indicating the set of access control rules to be applied, • access control condition defined as Boolean expression with Boolean operators AND and OR of Boolean elements of the following types ALWAYS, NEVER, PWD(pwReference), AUT(keyReference), AUT(CHA), AUT(CHAT) and secure messaging conditions (cf. [EGK-COS], chapter 10.2 for details). 205 Application Note 4: AUT(CHAT) is TRUE if the access right bit necessary for the object and the command is 1 in the effective access rights calculated as bitwise-AND of all CHAT in the CVC chain verified successfully by PSO VERIFY DIGITAL SIGNATURE com- mand executions. 206 The Boolean element ALWAYS provides always the Boolean value TRUE. The Boolean element NEVER provides always the Boolean value FALSE. The other Boolean ele- ments provide the Boolean value TRUE if the value in the access control list match its corresponding security attribute of the subject and provides the Boolean value FALSE is they do not match. 207 The following table gives an overview of the commands implemented by the COS. Op- tional commands as defined in [EGK-COS] which are not implemented by the COS are marked crossed out. 12 This approach is used e.g. for signature creation with eHPC: the signatory selects security environment #1 for single signa- ture, and security environment #2 for batch signature creation, which requires additional authentication of the signature creation application. Security Target TCOS FlexCert/SLC52 41/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Operation SFR chapter ACTIVATE FMT_SMF.1, FMT_MSA.1/Life 14.2.1 ACTIVATE RECORD FMT_SMF.1, FMT_MSA.1/SEF 14.4.1 APPEND RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF 14.4.2 CHANGE REFERENCE DATA FIA_UAU.5, FIA_USB.1, FMT_SMF.1, FMT_MTD.1/PIN, FMT_MSA.1/PIN, FIA_AFL.1/PIN 14.6.1 CREATE This command is optional and therefore notaddressed in the SFRs. 14.2.2 DEACTIVATE FMT_SMF.1, FMT_MSA.1/PIN 14.2.3 DEACTIVATE RECORD FMT_SMF.1, FMT_MSA.1/SEF 14.4.3 DELETE FIA_USB.1, FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF, FDP_ACC.1/EF, FDP_ACF.1/EF, FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FMT_SMF.1, FMT_MSA.1/Life, FCS_CKM.4, FIA_USB.1/LC 14.2.4 DELETE RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF, FMT_MSA.1/SEF 14.4.4 DISABLE VERIFICATION RE- QUIREMENT FMT_SMF.1, FMT_MSA.1/PIN, FIA_AFL.1/PIN, FIA_USB.1 14.6.2 ENABLE VERIFICATION RE- QUIREMENT FMT_SMF.1, FMT_MSA.1/PIN, FIA_AFL.1/PIN, FIA_USB.1 14.6.3 ENVELOPE This command is optional and therefore notaddressed in the SFRs. 14.9.1 ERASE BINARY FDP_ACC.1/TEF, FDP_ACF.1/TEF 14.3.1 ERASE RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF, FMT_MSA.1/SEF 14.4.5 EXTERNAL AUTHENTICATE FIA_UAU.4, FIA_UAU.5, FIA_USB.1, FIA_USB.1/CB,FCS_RNG.1, FCS_CKM.1/AES.SM, FCS_COP.1/COS.ECDSA.V, FCS_COP.1/CB.AES, FCS_COP.1/CB.CMAC 14.7.1 FINGERPRINT FPT_ITE.1, FDP_ACF.1/MF_DF 14.9.2 GENERAL AUTHENTICATE FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_UAU.6/CB,FIA_API.1, FIA_API.1/CB, FIA_USB.1, FIA_USB.1/CB, FCS_RNG.1, FCS_COP.1/COS.AES, FCS_CKM.1/AES.SM, FIA_UAU.5/PACE.PICC, FIA_UAU.6/PACE.PICC, FIA_USB.1/PACE.PICC 14.7.2 GENERATE ASYMMETRIC KEY PAIR FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FMT_SMF.1, FCS_CKM.1/RSA, FCS_CKM.1/ELC 14.9.3 GET CHALLENGE FCS_RNG.1 14.9.4 GET DATA This command is optional and therefore notaddressed in the SFRs. 14.5.1. GET PIN STATUS FMT_SMF.1, FMT_MSA.1/PIN 14.6.4 GET RANDOM FCS_RNG.1, FCS_RNG.1/GR 14.9.5 GET RESPONSE This command is optional and therefore notaddressed in the SFRs. 14.9.6 GET SECURITY STATUS KEY FMT_SMF.1, FMT_MSA.1/Auth 14.7.3 INTERNAL AUTHENTICATE FIA_API.1,FIA_API.1/CB,FCS_CKM.1/AES.SM, FCS_COP.1/COS.RSA.S, FCS_COP.1/COS.ECDSA.S,FCS_COP.1/CB.AES, FCS_COP.1/CB.CMAC 14.7.4 LOAD APPLICATION FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF, FMT_SMF.1, FMT_MSA.1/Life 14.2.5 LIST PUBLIC KEY FPT_ITE.2, FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF 14.9.7 MANAGE CHANNEL FIA_UID.1, FIA_UAU.1, FIA_USB.1/LC, FMT_MSA.3 14.9.8 MANAGE SECURITY ENVIRON- MENT FIA_USB.1, FDP_ACC.1/KEY, FDP_ACF.1/KEY,FMT_MSA.3 14.9.9 MUTUAL AUTHENTICATE FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_UAU.6/CB,FIA_API.1, FIA_\ 14.7.1 Security Target TCOS FlexCert/SLC52 42/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Operation SFR chapter API.1/CB, FIA_USB.1,FIA_USB.1/CB, FCS_RNG.1,FCS_CKM.1/AES.SM, FCS_COP.1/CB.AES, FCS_COP.1/CB.CMAC PSO COMPUTE CRYPTOGRAPH- IC CHECKSUM FIA_API.1, FDP_ACC.1/KEY, FDP_ACF.1/KEY, FCS_COP.1/COS.CMAC, FCS_COP.1/CB.CMAC, FIA_UAU.5/PACE,FIA_UAU.6/PACE.PICC, FIA_USB.1/PACE 14.8.1 PSO COMPUTE DIGITAL SIGNA- TURE, without "message recovery" FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.RSA.S, FCS_COP.1/COS.ECDSA.S 14.8.2.1 PSO COMPUTE DIGITAL SIGNA- TURE, with "message reco- very" FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.ECDSA.S 14.8.2.2 PSO DECIPHER FIA_USB.1 ,FIA_USB.1/CB, FDP_ACC.1/KEY,FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.RSA, FCS_COP.1/COS.ELC, FCS_COP.1/CB.AES, FIA_UAU.5/PACE.PICC, FIA_UAU.6/CB, FIA_UAU.6/PACE.PICC, FIA_USB.1/PACE.PICC 14.8.3 PSO ENCIPHER FIA_API.1, FIA_API.1/CB, FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_\ MSA.3, FCS_COP.1/COS.RSA, FCS_COP.1/COS.ELC, FCS_COP.1/CB.AES, FCS_COP.1/CB.RSA, FCS_COP.1/CB.ELC 14.8.4 PSO HASH This command is optional and therefore notaddressed in the SFRs. - PSO TRANSCIPHER using RSA FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.RSA,FCS_COP.1/COS.ELC 14.8.6.1 PSO TRANSCIPHER using ELC FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.RSA, FCS_COP.1/COS.ELC 14.8.6.3 PSO VERIFY CERTIFICATE FMT_SMF.1, FMT_MTD.1/Auth, FCS_COP.1/COS.ECDSA.V, FDP_ACC.1/KEY, FDP_ACF.1/KEY 14.8.7 PSO VERIFY CRYPTOGRAPHIC CHECKSUM FIA_USB.1, FIA_USB.1/CB, FDP_ACC.1/KEY,FDP_ACF.1/KEY, FCS_COP.1/COS.CMAC, FCS_COP.1/CB.CMAC 14.8.8 PSO VERIFY DIGITAL SIGNA- TURE FDP_ACC.1/KEY, FDP_ACF.1/KEY, FMT_MSA.3, FCS_COP.1/COS.ECDSA.V 14.8.9 PUT DATA This command is optional and therefore not addressed in the SFRs. 14.5.2 READ BINARY FDP_ACC.1/TEF, FDP_ACF.1/TEF 14.3.2 READ RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF 14.4.6 RESET RETRY COUNTER FIA_AFL.1/PUC, FIA_UAU.5, FMT_SMF.1, FMT_MTD.1/PIN, FMT_MSA.1/PIN 14.6.5 SEARCH BINARY This command is optional and therefore notaddressed in the SFRs. 14.3.3 SEARCH RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF 14.4.7 SELECT FIA_USB.1, FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF, FDP_ACC.1/EF, FDP_ACF.1/EF 14.2.6 SET LOGICAL EOF FDP_ACC.1/TEF, FDP_ACF.1/TEF 14.3.4 TERMINATE FMT_SMF.1, FMT_MSA.1/Life 14.2.9 TERMINATE CARD USAGE FMT_SMF.1, FMT_MSA.1/Life 14.2.7 TERMINATE DF FMT_SMF.1, FMT_MSA.1/Life 14.2.8 UPDATE BINARY FDP_ACC.1/TEF, FDP_ACF.1/TEF 14.3.5 UPDATE RECORD FDP_ACC.1/SEF, FDP_ACF.1/SEF 14.4.8 VERIFY FIA_AFL.1/PIN, FIA_UAU.5, FIA_USB.1, FMT_SMF.1, FMT_MSA.1/PIN 14.6.6 WRITE BINARY FDP_ACC.1/TEF, FDP_ACF.1/TEF 14.3.6 Security Target TCOS FlexCert/SLC52 43/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Operation SFR chapter WRITE RECORD This command is optional and therefore notaddressed in the SFRs. 14.4.9 Table 15: Mapping between commands described in COS specification [EGK-COS] and the SFR 208 There are only two additional commands provided by the TOE: Operation SFR FORMAT FMT_SMF.1, FMT_SMR.1 GET CARD INFO FPT_ITE.2, FMT_MTD.1/NE Table 16: Mapping between additional commandsprovided by the TOE and the SFR 209 Application Note 5: The command FORMAT is a management command available only in Life Cycle Phases 5 and 6. It is used for installation of the COS already before the TOE is finished, later it is used for transition control in the Life Cycle Phases. After the Phase 6 (Personalization) this command is no more available. Note that the FORMAT command requires strong user authentication for the Initialization and for the Personalization (cf. FMT_SMR.1 on p. 91). It is bound to a restricted usage counter. 210 Application Note 6: The command GET CARD INFO provided by the TOE is used by the wrapper tool. It provides only public information and is available also after Life Cycle Phase 6. 211 All SFRs from section 6.1 ”Security Functional Requirements for the TOE” of the BSI- CC-PP-0084-2014 [PP0084] are part of the BSI-CC-PP0082 [PPCOS]. On all SFR of the BSI-CC-PP-0084-2014 an iteration operation is performed. For the iteration operation the suffix “/SICP” is added to the corresponding SFR name from BSI-CC-PP-0084-2014. For further descriptions, details, and interpretations refer to [PP0084]: • FRU_FLT.2/SICP: Limited fault tolerance. • FPT_FLS.1/SICP: Failure with preservation of secure state. • FMT_LIM.1/SICP: Limited capabilities. • FMT_LIM.2/SICP: Limited capabilities • FAU_SAS.1/SICP: Audit storage • FPT_PHP.3/SICP: Resistance to physical attack. • FDP_ITT.1/SICP: Basic internal transfer protection. • FDP_SDC.1/SICP: Stored data confidentiality • FDP_SDI.2/SICP: Stored data integrity monitoring and action • FPT_ITT.1/SICP: Basic internal TSF data transfer protection. • FDP_IFC.1/SICP: Subset information flow control. • FCS_RNG.1/SICP: Random number generation • FCS_COP.1/AES/SICP: Cryptographic operation – AES • FCS_CKM.4/AES/SICP: Cryptographic key destruction Security Target TCOS FlexCert/SLC52 44/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 6.1.3 Class FAU Security Audit 212 FAU_SAS.1/SICP Audit Storage Hierarchical to: No other components. Dependencies: No dependencies. FAU_SAS.1.1/ SICP The TSF shall provide the test process before TOE Delivery13 with the capability to store the Initialization Data and/or Pre-Personaliza- tion Data and/or supplements of the Security IC Embedded Soft- ware14 in the not changeable configuration page area and non- volatile memory15. 6.1.4 Class FCS Cryptographic Support 213 The TOE provides cryptographic services based on elliptic curve cryptography (ECC) using the following curvesreferred to as COS standard curves in the PP (1) key length 256 bit a. brainpoolP256r1 defined in RFC5639 [RFC5639], b. ansix9p256r1 defined in ANSI X.9.62, identical to P-256 defined in [FIPS186], (2) key length 384 bit a. brainpoolP384r1 defined in RFC5639 [RFC5639], b. ansix9p384r1 defined in ANSI X.9.62, identical to P-384 defined in [FIPS186], (3) key length 512 bit a. brainpoolP512r1] defined in RFC5639 [RFC5639]. 214 The Authentication Protocols produce agreed parameters to generate the message au- thentication key and – if secure messaging with encryption is required – the encryption key for secure messaging. Key agreement for rsaSessionkey4SM uses RSA only with 2048 bit modulus length. 215 The COS specification [21] requires to implement random number generation (RNG) for • the command GET CHALLENGE, • the authentication protocols as required by FIA_UAU.4, • the key agreement for secure messaging, • the key generation (static and ephemeral keys) within the TOE, • the command GET RANDOM according to TR-03116-1 [TR3116-1,] section 3.8 and 3.9. 13 [assignment: list of subjects] 14 [assignment: list of audit information] 15 [assignment: type of persistent memory] Security Target TCOS FlexCert/SLC52 45/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 216 FCS_RNG.1/SICP Random number generation (HW) Hierarchical to: No other components. Dependencies: No dependencies. FCS_RNG.1.1/ SICP The TSF shall provide a physical16 random number generator of class PTG.217 that implements18 (PTG.2.1) A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output. (PTG.2.2) If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the t o- tal failure of the entropy source. (PTG.2.3) The online test shall detect non-tolerable statistical de- fects of the raw random number sequence (i) immediate- ly when the RNG has started, and (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test has finished successfully or when a defect has been detected. (PTG.2.4) The online test procedure shall be effective to detect non-tolerable weaknesses of the random numbers soon. (PTG.2.5) The online test procedure checks the quality of the raw random number sequence. It is triggered continuously. The online test is suitable for detecting non-tolerable sta- tistical defects of the statistical properties of the raw ran- dom numbers within an acceptable period of time. FCS_RNG.1.2/ SICP The TSF shall provide numbers in the format 8- or 16-bit that meet19 (PTG.2.6) Test procedure A, as defined in [6] does not distinguish the internal random numbers from output sequences of an ideal RNG. (PTG.2.7) The average Shannon entropy per internal random bit exceeds 0.997. 217 Application Note 7: This is the functional requirement FCS_RNG.1 fulfilled by the Hard- ware TOE and taken over from the hardware ST [HWST]. 218 FCS_RNG.1 Random number generation Hierarchical to: No other components. Dependencies: No dependencies. FCS_RNG.1.1 The TSF shall provide a hybrid deterministic20 random number ge- 16 [selection: deterministic, hybrid deterministic, physical, hybrid physical] 17 [selection: DRG.3, DRG.4, PTG.2, PTG.3] 18 [assignment: list of security capabilities of the selected RNG class] 19 [assignment: a defined quality metric] Security Target TCOS FlexCert/SLC52 46/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 nerator of RNG class DRG.421 that implements22 (DRG.4.1) The internal state of the RNG shall use PTRNG of class PTG.2 as random source23. (DRG.4.2) The RNG provides forward secrecy. (DRG.4.3) The RNG provides backward secrecy even if the current internal state is known. (DRG.4.4) The RNG provides enhanced forward secrecy on condi- tion “session closed or aborted”24. (DRG.4.5) The internal state of the RNG is seeded by a PTRNG of class PTG.225. FCS_RNG.1.2 The TSF shall provide random numbers that meet26 (DRG.4.6) The RNG generates output for which k > 234 strings27 of bit length 128 are mutually different with probability 1−ε, with ε < 2-16. (DRG.4.7) Statistical test suites cannot practically distinguish the random numbers from output sequences of an ideal RNG. The random numbers must pass test procedure A28, the NIST and the dieharder29 tests30. 219 Application Note 8: This SFR requires the TOE to generate random numbers used for key generation (static and ephemeral keys) within the TOE according to TR-03116-1 [TR3116-1, section 3.9], requiring RNG classes identified in the selection in element FCS_RNG.1.1 and recommending RNG of class PTG.3. Furthermore, this SFR ad- dresses the random number generation for the command GET CHALLENGE and for use within the framework of authentication protocols and key agreement for secure messag- ing. For the command GET RANDOM a separate specific SFR is set up, please refer to the following SFR FCS_RNG.1/GR. 220 The selection in the element FCS_RNG.1.1 includes RNG of classes DRG.3 and DRG.4. Note that the RNG of class DRG.4 are hybrid deterministic and of class PTG.3 are hy- brid physical (which are addressed in BSI-CC-PP-0084-2014, but not in BSI-CC-PP- 0035-2007). 221 The implementation of a physical RNG used for PACE requires the class PTG.3 (cf. [TR3116-1, sec. 3.4]), which does not exclude the selection DRG.4 made in this ST. 222 The COS specification [EGK-COS] requires to implement RNG for 20 [selection: deterministic, hybrid deterministic, physical, hybrid physical] 21 [selection: DRG.3, DRG.4, PTG.2, PTG.3] 22 [assignment: list of security capabilities of the selected RNG class] 23 [selection: use PTRNG of class PTG.2 as random source, have [assignment: work factor], require [assignment: guess work]] 24 [selection: on demand, on condition [assignment: condition], after [assignment:time]] 25 [selection: internal entropy source,PTRNG of class PTG.2, PTRNG of class PTG.3, [other selection]] 26 [assignment: a defined quality metric] 27 [assignment: number of strings] 28 [assignment: additional test suites] 29 The selected here test suites http://csrc.nist.gov/groups/ST/toolkit/rng/documents/sts-2.1.1.zip and http://www.phy.duke.edu/~rgb/General/dieharder/dieharder-3.31.0.tgz are available at NIST and Dieharder web sites. Note that the dieharder tests include Marsaglia’s “Diehard battery of tests” and NIST tests. 30 [assignment: additional test suites] Security Target TCOS FlexCert/SLC52 47/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • the command GET CHALLENGE, • the command GET RANDOM, • the authentication protocols as required by FIA_UAU.4, • the key agreement for secure messaging • according to TR-03116 [TR3116-1, section 3.4]. 223 FCS_RNG.1/GR Random number generation – GET RANDOM command Hierarchical to: No other components. Dependencies: No dependencies. FCS_RNG.1.1/GRThe TSF shall provide a physical31 random number generator of RNG class PTG.332 for GET RANDOM that implements33 (PTG.3.1) A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output. (PTG.3.2) If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the to- tal failure of the entropy source34. (PTG.3.3) The online test shall detect non-tolerable statistical de- fects of the raw random number sequence (i) immediate- ly when the RNG has started, and (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test and the seed- ing of the DRG.3 post-processing algorithm have been finished successfully or when a defect has been detect- ed. (PTG.3.4) The online test procedure shall be effective to detect non-tolerable weaknesses of the random numbers soon. (PTG.3.5) The online test procedure checks the quality of the raw random number sequence. It is triggered continuously35. The online test is suitable for detecting non-tolerable sta- tistical defects of the statistical properties of the raw ran- dom numbers within an acceptable period of time. (PTG.3.6) The algorithmic post-processing algorithm belongs to Class DRG.3 with cryptographic state transition function and cryptographic output function, and the output data rate of the post-processing algorithm shall not exceed its 31 [selection: physical, non-physical true, deterministic, hybrid physical, hybrid deterministic] 32 [selection: PTG.2, PTG.3] 33 [assignment: list of security capabilities of the selected RNG class] 34 [selection: prevents the outputof any internal random number that depends on some raw random numbers that havebeen generated after the total failure of the entropy source, generates the internal random numbers with a post-processing algorithm of class DRG.2 as long as its internal state entropy guarantees the claimed output entropy] 35 [selection: externally, at regular intervals, continuously, applieduponspecified internal events] Security Target TCOS FlexCert/SLC52 48/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 input data rate. FCS_RNG.1.2/GRThe TSF shall provide random numbers numbers in the format 8 bit 36 that meet37 (PTG.3.7) Statistical test suites cannot practically distinguish the internal random numbers form output sequences of an ideal RNG. The internal random numbers must pass test procedure A38. (PTG.3.8) The internal random numbers shall use the PTRNG of class PTG.2 as random source for the post processing. 224 Application Note 9: This is a requirement from the Logical Channel package. 225 Application Note 10: The TOE provides random numbers by means of command GET RANDOM for key generation of external devices like the connector (i.e. usage as gSMC - K) or the eHealth card terminals (i.e. usage as SMC-KT). The provided random numbers meet the requirements of TR-03116 [TR3116-1, section 3.5]. Since the command GET RANDOM may be used by the external device to seed another deterministic RNG, the TOE provides this RNG as of class PTG.3 (cf. [AIS31]). 226 Application Note 11: This requirement is identically to FCS_RNG.1/HPRG of [HWST] except from some notes and editorial changes. 227 FCS_RNG.1/PACE Random number generation – RNG for PACE Hierarchical to: No other components. Dependencies: No dependencies. FCS_RNG.1.1/ PACE The TSF shall provide a hybrid deterministic39 random number ge- nerator of RNG class DRG.440 for PACE protocol that implements41 (DRG.4.1) The internal state of the RNG shall use PTRNG of class PTG.2 as random source42. (DRG.4.2) The RNG provides forward secrecy. (DRG.4.3) The RNG provides backward secrecy even if the current internal state is known. (DRG.4.4) The RNG provides enhanced forward secrecy on condi- tion “session closed or aborted”43. (DRG.4.5) The internal state of the RNG is seeded by a PTRNG of class PTG.2 44. 36 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] 37 [assignment: a defined quality metric of the selected RNG class] 38 [assignment: additional test suites] 39 [selection: physical, non-physical true, deterministic, hybrid physical, hybrid deterministic] 40 [selection: DRG.4, PTG.3] 41 [assignment: list of security capabilities of the selected RNG] 42 [selection: use PTRNG of class PTG.2 as random source, have [assignment: work factor], require [assignment: guess work]] 43 [selection: on demand, on condition [assignment: condition], after [assignment:time]] 44 [selection: internal entropy source,PTRNG of class PTG.2, PTRNG of class PTG.3, [other selection]] Security Target TCOS FlexCert/SLC52 49/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FCS_RNG.1.2/ PACE The TSF shall provide random numbers octets of bits45 that meet46 (DRG.4.6) The RNG generates output for which k > 234 strings47 of bit length 128 are mutually different with probability 1−ε, with ε < 2-16. (DRG.4.7) Statistical test suites cannot practically distinguish the random numbers from output sequences of an ideal RNG. The random numbers must pass test procedure A48, the NIST and the dieharder49 tests50. 228 Application Note 12: The random nonces for PACE are generated by the DRG.4 genera- tor according to FCS_RNG.1 (see p. 45). 229 FCS_COP.1/SHA Cryptographic operation – SHA Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] justified in [PPCOS]: the dependant SFRs are not applicable because this SFR does not use any keys. FCS_CKM.4 Cryptographic key destruction justified in [PPCOS]: the dependant SFRs are not applicable because this SFR does not use any keys. FCS_COP.1.1/ SHA The TSF shall perform hashing51 in accordance with a specified cryp- tographic algorithm (1) SHA-1, (2) SHA-256, (3) SHA-384, (4) SHA-512 52 and cryptographic key sizes none53 that meet the following: TR- 03116 [TR3116-1, section 3.2.1], FIPS 180-4 [FIPS180]54. 45 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] 46 [assignment: a defined quality metric of the selected RNG class] 47 [assignment: number of strings] 48 [assignment: additional test suites] 49 The selected here test suites http://csrc.nist.gov/groups/ST/toolkit/rng/documents/sts-2.1.1.zip and http://www.phy.duke.edu/~rgb/General/dieharder/dieharder-3.31.0.tgz are available at NIST and Dieharder web sites. Note that the dieharder tests include Marsaglia’s “Diehard battery of tests” and NIST tests. 50 [assignment: additional test suites] 51 [assignment: list of cryptographic operations] 52 [assignment: cryptographic algorithm] 53 [assignment: cryptographic key sizes] 54 [assignment: list of standards] Security Target TCOS FlexCert/SLC52 50/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 230 FCS_CKM.1/DH.PACE.PICC Cryptographic key generation – DH by PACE Hierarchical to: No other components. Dependencies: [FCS_CKM.2 Cryptographic key distribution or FCS_COP.1 Crypto- graphic operation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_CKM.1.1/ DH.PACE.PICC The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm ECDH compliantto [ECCTR]55 using the protocol id-PACE-ECDH-GM-AES-CBC-CMAC- 128 with brainpoolP256r1, id-PACE-ECDH-GM-AES-CBC-CMAC-192 with brainpoolP384r1, id-PACE-ECDH-GM-AES-CBC-CMAC-256 with brainpoolP512r156 and specified cryptographic key sizes 256 bit, 384 bit, 512 bit57 that meet the following: TR-3110 [EACTR], TR-03111 [ECCTR, section 4.3.1]58. 231 Application Note 13: The TOE exchanges a shared secret with the external entity during the PACE protocol, see [EACTR]. This protocol is based on the ECDH protocol compli- ant to TR-03111 [ECCTR] (i.e. the elliptic curve cryptographic algorithm ECKA). The shared secret is used for deriving the AES session keys for message encryption and message authentication according to [EACTR] for the TSF as required by FCS_COP.1/ PACE.PICC.ENC, and FCS_COP.1/PACE.PICC.MAC. FCS_CKM.1/DH.PACE.PICC im- plicitly contains the requirements for the hashing functions used for key derivation by demanding compliance to TR-03110 [EACTR]. 232 FCS_COP.1/COS.AES Cryptographic operation – COS for AES Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.AES The TSF shall perform (1) encryption and decryption with card internal key for command MUTUAL AUTHENTICATE (2) decryption with card internal key for command GENERAL AU- THENTICATE, (3) encryption and decryption for secure messaging 59 in accordance with a specified cryptographic algorithm AES in CBC mode60 and cryptographic key sizes 128 bit, 192 bit, 256 bit61 that 55 [assignment: cryptographic key generation algorithm]/[selection:Diffie-Hellman-Protocol compliant to [PKCS#3], ECDH compliant to [ECCTR]] 56 [selection: id-PACE-ECDH-GM-AES-CBC-CMAC-128 with brainpoolP256r1,id-PACE-ECDH-GM-AES-CBC-CMAC-192 with brainpoolP384r1, id-PACE-ECDH-GM-AES-CBC-CMAC-256 with brainpoolP512r1] 57 [assignment: cryptographic key sizes] 58 [assignment: list of standards] 59 [assignment: list of cryptographic operations] 60 [assignment: cryptographic algorithm] Security Target TCOS FlexCert/SLC52 51/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 meet the following: TR-03116 [TR3116-1], COS Specification [EGK- COS],FIPS 197 [FIPS197]62. 233 FCS_CKM.1/AES.SM Cryptographic key generation – COS for SM keys Hierarchical to: No other components. Dependencies: [FCS_CKM.2 Cryptographic key distribution or FCS_COP.1 Crypto- graphic operation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_CKM.1.1/ AES.SM The TSF shall generate session cryptographic keys in accordance with a specified cryptographic key generation algorithm Key Deriva- tion Function for AES as specified in [ECCTR, sec. 4.3.3.2]63 and specified cryptographic key sizes 128 bit, 192 bit, 256 bit64 that meet the following: TR-03111 [ECCTR], COS Specification [EGK-COS], FIPS 197 [FIPS197]65. 234 Application Note 14: The Key Generation FCS_CKM.1/AES.SM is used during MUTUAL AUTHENTICATE and GENERAL AUTHENTICATE with establishment of secure messaging (with Package Crypto Box also for trusted channel during commands EXTERNAL AU- THENTICATE and INTERNAL AUTHENTICATE). The algorithm uses the random numbers generated by the TSF as required by FCS_RNG.1 (class DRG.4). 235 FCS_COP.1/CB.AES Cryptographic operation – CB AES Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ CB.AES The TSF shall perform66 (1) encryption with negotiated key for command PSO ENCIPHER (2) decryption with negotiated key for command PSO DECIPHER (3) encryption and decryption for trusted channel a. PSO ENCIPHER, b. PSO DECIPHER (4) decryption with card internal key for command EXTERNAL AU- THENTICATE, (5) encryption with card internal key for command INTERNAL AU- 61 [assignment: cryptographic key sizes] 62 [assignment: list of standards] 63 [assignment: cryptographic key generation algorithm]/[selection:Diffie-Hellman-Protocol compliant to [PKCS#3], ECDH compliant to [ECCTR]] 64 [assignment: cryptographic key sizes] 65 [assignment: list of standards] 66 [assignment: list of cryptographic operations] Security Target TCOS FlexCert/SLC52 52/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 THENTICATE67 in accordance with a specified cryptographic algorithm AES in CBC mode68 and cryptographic key sizes 128 bit, 192 bit, 256 bit69 that meet the following: TR-03116 [TR3116-1], COS Specification [EGK- COS], FIPS 197 [FIPS197]70. 236 FCS_COP.1/COS.CMAC Cryptographic operation – COS for CMAC Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.CMAC The TSF shall perform (1) computation and verification of cryptographic checksum for com- mand MUTUAL AUTHENTICATE, (2) VERIFICATION OF CRYPTOGRAPHIC CHECKSUM FOR COMMAND GEN- ERAL AUTHENTICATE, (3) computation and verification of cryptographic checksum for se- cure messaging 71 in accordance with a specified cryptographic algorithm AES CMAC72 and cryptographic key sizes 128 bit, 192 bit, 256 bit73 that meet the following: TR-03116 [TR3116-1], COS Specification [EGK-COS], FIPS 197 [FIPS197], NIST SP 800-38B [SP800-38B]74. 237 FCS_COP.1/CB.CMAC Cryptographic operation – CB CMAC Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ CB.CMAC The TSF shall perform75 (1) computation of cryptographic checksum for command INTERNAL 67 [assignment: list of cryptographic operations] 68 [assignment: cryptographic algorithm] 69 [assignment: cryptographic key sizes] 70 [assignment: list of standards] 71 [assignment: list of cryptographic operations] 72 [assignment: cryptographic algorithm] 73 [assignment: cryptographic key sizes] 74 [assignment: list of standards] 75 [assignment: list of cryptographic operations] Security Target TCOS FlexCert/SLC52 53/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 AUTHENTICATE, (2) computation and verification of cryptographic checksum for trust- ed channel a. PSO COMPUTE CRYPTOGRAPHIC CHECKSUM b. PSO VERIFY CRYPTOGRAPHIC CHECKSUM (3) verification of cryptographic checksum for command EXTERNAL AUTHENTICATE in accordance with a specified cryptographic algorithm CMAC76 and cryptographic key sizes 128 bit, 192 bit, 256 bit77 that meet the follow- ing: TR-03116 [TR3116-1, section 3.2.2], COS Specification [EGK- COS]78. 238 FCS_COP.1/PACE.PICC.ENC Cryptographic operation – PACE secure messag- ing encryption Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ PACE.PICC.ENC The TSF shall perform decryption and encryption for secure messag- ing79in accordance with a specified cryptographic algorithm AES in CBC mode80 and cryptographic key sizes 128 bit, 192 bit, 256 bit81 that meet the following: TR-03110 [EACTR, part 2], COS Spe- cification [EGK-COS]82. 239 Application Note 15: This SFR requires the TOE to implement the cryptographic primitive for secure messaging with encryption of transmitted data and encrypting the nonce in the first step of PACE. The related session keys are agreed between the TOE and the terminal as part of the PACE protocol according to the FCS_CKM.1/DH.PACE.PICC. 240 FCS_COP.1/PACE.PICC.MAC Cryptographic operation – PACE secure mes- saging MAC Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled 76 [assignment: cryptographic algorithm] 77 [assignment: cryptographic key sizes] 78 [assignment: list of standards] 79 [assignment: list of cryptographic operations] 80 [assignment: cryptographic algorithm] 81 [assignment: cryptographic key sizes] 82 [assignment: list of standards] Security Target TCOS FlexCert/SLC52 54/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ PACE.PICC.MAC The TSF shall perform MAC calculation for secure messaging83 in accordance with a specified cryptographic algorithm CMAC84 and cryptographic key sizes 128 bit, 192 bit, 256 bit85 that meet the follow- ing: TR-03110 [EACTR, part 2], COS Specification [EGK-COS]86. 241 Application Note 16: This SFR requires the TOE to implement the cryptographic primitive for secure messaging with message authentication code over transmitted data. The re- lated session keys are agreed between the TOE and the terminal as part of the PACE protocol according to the FCS_CKM.1/DH.PACE.PICC. 242 FCS_CKM.1/RSA Cryptographic key generation – COS for RSA Hierarchical to: No other components. Dependencies: [FCS_CKM.2 Cryptographic key distribution or FCS_COP.1 Crypto- graphic operation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_CKM.1.1/ RSA The TSF shall generate cryptographic RSA keys in accordance with a specified cryptographic key generation algorithm conforming to TR- 02102 [TR2102]87 and specified cryptographic key sizes 2048 and 3072 bit modulo length88 that meet the following: TR-03116 [TR3116- 1]89. 243 FCS_CKM.1/ELC Cryptographic key generation – ECC key generation Hierarchical to: No other components. Dependencies: [FCS_CKM.2 Cryptographic key distribution or FCS_COP.1 Crypto- graphic operation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_CKM.1.1/ ELC The TSF shall generate cryptographic ELC keys in accordance with a specified cryptographic key generation algorithm conforming to TR- 02102 [TR2102]90 with COS standard curves and specified crypto- graphic key sizes 256 bit, 384 bit and 512 bit91 that meet the follow- ing: TR-03111 [ECCTR], COS Specification [EGK-COS]92. 83 [assignment: list of cryptographic operations] 84 [assignment: cryptographic algorithm] 85 [assignment: cryptographic key sizes] 86 [assignment: list of standards] 87 [assignment: cryptographic key generation algorithm]/[selection:Diffie-Hellman-Protocol compliant to [PKCS#3], ECDH compliant to [ECCTR]] 88 [assignment: cryptographic key sizes] 89 [assignment: list of standards] 90 [assignment: cryptographic key generation algorithm] 91 [assignment: cryptographic key sizes] Security Target TCOS FlexCert/SLC52 55/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 244 Application Note 17: The TOE supports only standard elliptic curve parameters listed in the COS Specification [EGK-COS, chap. 6.5]. The parameters implemented in the TCOS are valid for any object file system. 245 Application Note 18: The TOE supports the generation of asymmetric key pairs for the following operations: • qualified electronic signatures, • authentication of external entities, • document cipher key decipherment. 246 FCS_COP.1/AES/SICP Cryptographic operation – AES Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ AES/SICP The TSF shall perform decryption and encryption in accordance with a specified cryptographic algorithm AES in • the Electronic Codebook Mode (ECB) • the Cipher Block Chaining Mode (CBC) • the Cipher Block Chaining Message Authentication Code (CBC-MAC) • the Cipher Block Chaining Message Authentication Code Encrypt Last Block (CBC-MAC-ELB) • the Blinding Mode (BLD) • the Recrypt Mode 93 and cryptographic key sizes of 128 bit or 192 bit or 256 bit that meet the following standards: • ECB, CBC: o Federal Information Processing Standards Publica- tion 197 [FIPS197] o National Institute of Standards and Technology (NIST) SP 800-38A o ISO/IEC 18033-3 • CBC_MAC o Federal Information Processing Standards Publica- tion 197 [FIPS197] o National Institute of Standards and Technology (NIST) SP 800-38A o ISO/IEC 18033-3 o ISO/IEC 9797-1 Mac Algorithm 1 and 2 respectively [ISO9797] • CBC-MAC-ELB: o Federal Information Processing Standards Publica- 92 [assignment: list of standards] 93 [assignment: list of cryptographic operations] Security Target TCOS FlexCert/SLC52 56/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 tion 197 [FIPS197] o National Institute of Standards and Technology (NIST) SP 800-38A o ISO/IEC 18033-3 o ISO/IEC 9797-1 Mac Algorithm 1 and 2 respectively [ISO9797] • BLD, Recrypt Mode Proprietary, description given in the hardware reference manual HRM94. 247 FCS_COP.1/COS.RSA.S Cryptographic operation – RSA signature creation Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.RSA.S The TSF shall perform digital signature generation for commands (1) PSO COMPUTE DIGITAL SIGNATURE (2) INTERNAL AUTHENTICATE95 in accordance with a specified cryptographic algorithm (1) RSASSA-PSS-SIGN with SHA-256, (2) RSASSA-PKCS1-v1_5, (3) RSA ISO9796-2 DS2 with SHA-256 (for PSO COMPUTE DIGITAL SIGNATURE only)96 and cryptographic key sizes 2048 bit and 3072 bit modulus length97 that meet the following: [TR3116-1], COS Specification [EGK-COS], [PKCS1], [ISO9796-2]98. 248 Application Note 19: The TOE supports two variants of the PSO COMPUTE DIGITAL SIG- NATURE. • PSO COMPUTE DIGITAL SIGNATURE without Message Recovery will be used for the signing RSA algorithms RSASSA-PSS-SIGN with SHA-256 (see FCS_COP.1/ COS.RSA.S), RSASSA-PKCS1-v1_5 (see FCS_COP.1/COS.RSA.S) and ECDSA with SHA-256, SHA-384 and SHA-512 (see FCS_COP.1/COS.ECDSA.S). • PSO COMPUTE DIGITAL SIGNATURE with Message Recovery will be used for the for the signing algorithm RSA ISO9796-2 DS2 with SHA-256 (see FCS_COP.1/ COS.RSA.S) 94 [assignment: list of standards] 95 [assignment: list of cryptographic operations] 96 [assignment: cryptographic algorithm] 97 [assignment: cryptographic key sizes] 98 [assignment: list of standards] Security Target TCOS FlexCert/SLC52 57/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 249 FCS_COP.1/COS.ECDSA.S Cryptographic operation – ECDSA signature crea- tion Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.ECDSA.S The TSF shall perform digital signature generation for the commands (1) PSO COMPUTE DIGITAL SIGNATURE (2) INTERNAL AUTHENTICATE99 in accordance with a specified cryptographic algorithm ECDSA with COS standard curves using (1) SHA-256, (2) SHA-384, (3) SHA-512100 and cryptographic key sizes 256 bits, 384 bits and 512 bits101 that meet the following: [TR3116-1], [ECCTR, sec. 4.2.1], COS Specifica- tion [EGK-COS], [ANSX9.63]102. 250 FCS_COP.1/COS.ECDSA.V Cryptographic operation – ECDSA signature veri- fication Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.ECDSA.V The TSF shall perform digital signature verification for commands (1) PSO VERIFY CERTIFICATE (2) PSO VERIFY DIGITAL SIGNATURE (3) EXTERNAL AUTHENTICATE103 in accordance with a specified cryptographic algorithm ECDSA with COS standard curves using (1) SHA-256, (2) SHA-384, (3) SHA-512104 and cryptographic key sizes 256 bits, 384 bits and 512 bits105 that 99 [assignment: list of cryptographic operations] 100 [assignment: cryptographic algorithm] 101 [assignment: cryptographic key sizes] 102 [assignment: list of standards] 103 [assignment: list of cryptographic operations] 104 [assignment: cryptographic algorithm] Security Target TCOS FlexCert/SLC52 58/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 meet the following: [TR3116-1], [ECCTR], COS Specification [EGK- COS], [ANSX9.63]106. 251 Application Note 20: The command PSO VERIFY CERTIFICATE may store the imported public keys for ELC temporarily in the volatileCache or permanently in the persis- tentCache or applicationPublicKeyList. These keys may be used as authentication refer- ence data for asymmetric key based device authentication (cf. FIA_UAU.5) or User Data. 252 FCS_COP.1/COS.RSA Cryptographic operation – RSA encryption and de- cryption Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.RSA The TSF shall perform (1) encryption with passed key for command PSO ENCIPHER, (2) decryption with stored key for command PSO DECIPHER, (3) decryption and encryption for command PSO TRANSCIPHER us- ing RSA (transcipher of data using RSA keys), (4) decryption for command PSO TRANSCIPHER using RSA (trans- cipher of data from RSA to ELC) (5) encryption for command PSO TRANSCIPHER using ELC (trans- cipher of data from ELC to RSA)107 in accordance with a specified cryptographic algorithm (1) for encryption: RSA-OAEP-Encrypt ([RFC3447, 7.1.1]), (2) for decryption: RSA-OAEP-Decrypt ([RFC3447, 7.1.2])108 and cryptographic key sizes 2048 bit and 3072 bit modulus length for RSA private key operation, 2048 bit modulus length for RSA public key operation, and 256 bit, 384 bit and 512 bit for the COS standard curves109 that meet the following: [TR3116-1], COS Specification [EGK-COS], [RFC3447]110. 253 FCS_COP.1/CB.RSA Cryptographic operation – CB RSA Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or 105 [assignment: cryptographic key sizes] 106 [assignment: list of standards] 107 [assignment: list of cryptographic operations] 108 [assignment: cryptographic algorithm] 109 [assignment: cryptographic key sizes] 110 [assignment: list of standards] Security Target TCOS FlexCert/SLC52 59/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ CB.RSA The TSF shall perform encryption with stored key for command PSO ENCIPHER111 in accordance with a specified cryptographic algorithm (1) for encryption: RSAES-OAEP-ENCRYPT ([RFC3447, 7.1.1])112 and cryptographic key sizes 2048 bit and 3072 bit modulus length for RSA private key operation, 2048 bit length for RSA public key opera- tion113 that meet the following:[PKCS1]114. 254 Application Note 21: The requirement in FCS_COP.1.1/CB.RSA “(2) for decryption: RSAES-OAEP-DECRYPT ([RFC3447, 7.1.2])” was removed because this requirement is an editorial error in the protection profile BSI-CC-PP0082 [PPCOS] (in package Crypto Box) as there is no corresponding requirement or specification for PSO DECIPHER in the option Crypto Box in the G2 COS [EGK-COS] specification. 255 FCS_COP.1/COS.ELC Cryptographic operation – ECC encryption and de- cryption Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ COS.ELC The TSF shall perform (1) encryption with passed key for command PSO ENCIPHER, (2) decryption with stored key for command PSO DECIPHER, (3) decryption and encryption for command PSO TRANSCIPHER us- ing ELC (transcipher of data using ELC keys) (4) decryption for command PSO TRANSCIPHER using ELC (trans- cipher of data from ELC to RSA) (5) encryption for command PSO TRANSCIPHER using ELC (trans- cipher of data from RSA to ELC)115 in accordance with a specified cryptographic algorithm (1) for encryption: ELC encryption, (2) for decryption: ELC decryption116 and cryptographic key sizes 2048 bit and 3072 bit modulus length for RSA private key operation, 2048 bit modulus length for RSA public key operation, and 256 bits, 384 bits, 512 bits for ELC keys with COS 111 [assignment: list of cryptographic operations] 112 [assignment: cryptographic algorithm] 113 [assignment: cryptographic key sizes] 114 [assignment: list of standards] 115 [assignment: list of cryptographic operations] 116 [assignment: cryptographic algorithm] Security Target TCOS FlexCert/SLC52 60/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 standard curves117 that meet the following: [ECCTR], [TR3116-1], [EGK-COS]118. 256 Application Note 22: The TOE does not support PSO HASH and ENVELOPE. 257 FCS_COP.1/CB.ELC Cryptographic operation – CB ECC Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4 Cryptographic key destruction fulfilled FCS_COP.1.1/ CB.ELC The TSF shall perform encryption with stored key for command PSO ENCIPHER119 in accordance with a specified cryptographic algorithm ELC encryption with COS standard curves and cryptographic key sizes 256 bits, 384 bits, 512 bits120 that meet the following: [ECCTR, chap. 4.3.1, 4.3.3 and 5.3.1.2]121. 258 Application Note 23: The TOE does not support commands PSO HASH and ENVELOPE (cf. [ISO7816]). 259 FCS_CKM.4 Cryptographic key destruction Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a spe- cified cryptographickey destruction method physical deletion by overwriting the memory data with zeros, random numbers or the new key122 that meets the following: none123. 260 Application Note 24: The TOE destroys encryption session keys and the message au- thentication keys for secure messaging and the PACE protocol after reset or termination of secure messaging session (trusted channel) or reaching fail secure state according to FPT_FLS.1. The TOE clears the memory area of any session keys before starting a new communication with an external entity in a new after-reset-session as required by FDP_RIP.1. A secret key will be deleted explicitly after execution of the DELETE com- mand. 117 [assignment: cryptographic key sizes] 118 [assignment: list of standards] 119 [assignment: list of cryptographic operations] 120 [assignment: cryptographic key sizes] 121 [assignment: list of standards] 122 [assignment: cryptographic key destruction method] 123 [assignment: list of standards] Security Target TCOS FlexCert/SLC52 61/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 261 Application Note 25: This SFR covers also the iterated FCS_CKM.4/PACE.PICC from the Contactless Package using the same selections. 262 FCS_CKM.4/AES/SICP Cryptographic key destruction Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] fulfilled FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a spe- cified cryptographickey destruction method overwriting or zeroing 124 that meets the following: none125. 6.1.5 Class FIA Identification and Authentication 263 FIA_AFL.1/PIN Authentication failure handling Hierarchical to: No other components. Dependencies: FIA_UAU.1 Timing of authentication: fulfilled FIA_AFL.1.1/PIN The TSF shall detect when an administrator configurable positive inte- ger within 1 to 15126 unsuccessful authentication attempts occurs re- lated to consecutive failed human user authentication for the PIN via VERIFY, ENABLE VERIFICATION REQUIREMENT, DISABLE VERIFICATION REQUIREMENT or CHANGE REFERENCE DATA commands127. FIA_AFL.1.2/PIN When the defined number of unsuccessful authentication attempts has been met128, the TSF shall block the password for authentication until successful unblock using command RESET RETRY COUNTER (1) P1=00 or P1=01 with presenting unblocking code PUC of this password object, (2) P1=02 or P1=03 without presenting unblocking code PUC of this password object129. 264 Application Note 26: The component FIA_AFL.1/PIN addresses the human user authen- tication by means of a password. The configurable positive integer of unsuccessful au- thentication attempts is defined in the password objects of the object system. authentica- tion attempts is defined in the password objects of the object system. “Consecutive failed authentication attempts” are counted separately for each PIN and interrupted by suc- 124 [assignment: cryptographic key destruction method] 125 [assignment: list of standards] 126 [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] 127 [assignment: list of authentication events] 128 [selection: met, surpassed] 129 [assignment: list of actions] Security Target TCOS FlexCert/SLC52 62/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 cessful authentication attempt for this PIN, i.e. the PIN object has a retryCounter which is initially set to startRetryCounter, decremented by each failed authentication attempt and reset to startRetryCounter by any successful authentication with the PIN or by suc- cessful execution of the command RESET RETRY COUNTER. The command RESET RETRY COUNTER (CLA,INS,P1)=(00,2C,02) and (CLA,INS,P1)=(00,2C,03) unblock the PIN without presenting unblocking code PUC of this password object. In order to prevent by- pass of the human user authentication defined by the PIN or PUC the object system shall define access control to this command as required by the security needs of the specific application context, cf. OE.Resp-ObjS. 265 FIA_AFL.1/PUC Authentication usage counter Hierarchical to: No other components. Dependencies: FIA_UAU.1 Timing of authentication: fulfilled FIA_AFL.1.1/PUCThe TSF shall detect when an administrator configurable positive inte- ger within 1 to 15130 unsuccessful131 authentication attempts occurs related to usage of a password unblocking code using the RESET RE- TRY COUNTER command132. FIA_AFL.1.2/PUCWhen the defined number of unsuccessful authentication attempts has been met133, the TSF shall block the password unblocking code134. 266 Application Note 27: The component FIA_AFL.1/PUC addresses the human user au- thentication by means of a PUC. The configurable positive integer of usage of password unblocking code is defined in the password objects of the object system. 267 Application Note 28: The command RESET RETRY COUNTER can be used to change a password or reset a retry counter. Depending on the object system the usage of the command RESET RETRY COUNTER may be restricted to the ability to reset a retry counter only. 268 FIA_ATD.1 User attribute definition Hierarchical to: No other components. Dependencies: No dependencies. FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belong- ing to individual users: (1) for Human User: authentication state gained a. with password: pwdIdentifier in globalPasswordList and pwdIdentifier in dfSpecificPasswordList, b. with Multi-Reference password: pwdIdentifier in globalPass- 130 [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] 131 Refinement: not only unsuccessful but all attempts are countedhere. 132 [assignment: list of authentication events] 133 [selection: met, surpassed] 134 [assignment: list of actions] Security Target TCOS FlexCert/SLC52 63/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 wordList and pwdIdentifier in dfSpecificPasswordList, (2) for Device: authentication state gained a. if the RSA-based CVC functionality according to Op- tion_RSA_CVC135in [EGK-COS] is supported by the TOE: by CVC with CHA in globalSecurityList if CVC is stored in MF and dfSpecificSecurityList if CVC is stored in a DF, b. by CVC with CHAT in bitSecurityList, c. with symmetric authentication key: keyIdentity of the key, d. with secure messaging keys: keyIdentity of the key used for establishing the session key136 269 FIA_ATD.1/PACE User attribute definition – PACE protocol Hierarchical to: No other components. Dependencies: No dependencies. FIA_ATD.1.1/ PACE The TSF shall maintain the following list of security attributes belong- ing to individual users: (1) for users defined in FIA_ATD.1 (2) additionally for device: authentication state gained with SCCO137. 270 FIA_UAU.1 Timing of authentication Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification: fulfilled FIA_UAU.1.1 The TSF shall allow (1) reading the ATR, (2) GET CHALLENGE, MANAGE CHANNEL, MANAGE SECURITY ENVI- RONMENT, SELECT138, (3) commands with access control rule ALWAYS for the current life cycle status and depending on the interface, (4) none139 on behalf of the user to be performed before the user is authentica- ted. FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. 135 Note that the option Option_RSA_CVC was removed in the current version of [EGK-COS]. The present TOE does not support this option neither 136 [assignment: list of security attributes] 137 [assignment: list of security attributes] 138 [selection: GET CHALLENGE, MANAGE CHANNEL, MANAGE SECURITY ENVIRONMENT, SELECT] 139 [assignment: list of TSF-mediated actions] Security Target TCOS FlexCert/SLC52 64/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 271 Application Note 29: ATR means Cold ATR and Warm ATR (cf. COS specification [EGK- COS], (N019.900)b). 272 FIA_UAU.4 Single-use authentication mechanisms Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.4.1 The TSF shall prevent reuse of authentication data related to (1) external device authentication by means of executing the com- mand EXTERNAL AUTHENTICATE with symmetric or asymmetric key, (2) external device authentication by means of executing the com- mand MUTUAL AUTHENTICATE with symmetric or asymmetric key, (3) external device authentication by means of executing the com- mand GENERAL AUTHENTICATE with symmetric or asymmetric key. (4) none140. 273 FIA_UAU.5 Multiple authentication mechanisms Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.5.1 The TSF shall provide (1) the execution of the VERIFY command, (2) the execution of the CHANGE REFERENCE DATA command, (3) the execution of the RESET RETRY COUNTER command, (4) the execution of the EXTERNAL AUTHENTICATE command, (5) the execution of the MUTUAL AUTHENTICATE command, (6) the execution of the GENERAL AUTHENTICATE command, (7) a secure messaging channel, (8) a trusted channel141, to support user authentication. FIA_UAU.5.2 The TSF shall authenticate any user’s claimed identity according to the following rules142: (1) password based authentication shall be used for authenticating a human user by means of the commands VERIFY, CHANGE REFERENCE DATA and RESET RETRY COUNTER, (2) key based authentication mechanisms shall be used for authen- ticating of devices by means of the commands EXTERNAL AU- THENTICATE, MUTUAL AUTHENTICATE and GENERAL AUTHENTI- 140 [assignment: identified authentication mechanism(s)] 141 [assignment: list of multiple authenticationmechanisms] 142 [assignment: rules describing how the multiple authentication mechanisms provide authentication] Security Target TCOS FlexCert/SLC52 65/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 CATE, (3) none143. 274 FIA_UAU.6 Re-authenticating Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.6.1 The TSF shall re-authenticate the user sender of a message144 un- der the conditions each command sent to the TOE after establishing the secure mes- saging by successful authentication after execution of the INTERNAL AUTHENTICATE and EXTERNAL AUTHENTICATE, or MUTUAL AUTHENTI- CATE or GENERAL AUTHENTICATE commands shall be verified as be- ing sent by the authenticated device145. 275 Application Note 30: The entities establishing a secure messaging channel respective a trusted channel authenticate each other and agree on symmetric session keys. The sender of a command authenticates its message by MAC calculation for the command (cf. PSO COMPUTE CRYPTOGRAPHIC CHECKSUM using SK4TC, cf. Package Crypto Box) and the receiver of the commands verifies the authentication by MAC verification of commands (using SK4SM). The receiver of the commands authenticates its message by MAC calculation (using SK4SM) and the sender of a command verifies the authentica- tion by MAC verification of responses (cf. PSO COMPUTE CRYPTOGRAPHIC CHECKSUM us- ing SK4TC). If secure messaging is used with encryption then the re-authentication in- cludes the encrypted padding in the plaintext as authentication attempt of the message sender (cf. PSO ENCIPHER for commands) and the receiver (cf. secure messaging for re- sponses) and verification of the correct padding as authentication verification by the message receiver (cf.secure messaging for received commands and PSO DECIPHER for received responses). The specification [EGK-COS] states in section 13.1.2 item (N031.600): “This re-authentication is controlled by the external entity (e.g. the connector in the eHealth environment). If no Secure Messaging is indicated in the class byte CLA (see [ISO7816] Clause 5.3.1) and SessionkeyContext.flagSessionEnabled has the value SK4SM, then the security status of the key that was involved in the negotiation of the session keys MUST be deleted by means of clearSessionKeys(...).” Furthermore item (N031.700) states that the security status of the key that was involved in the negotiation of the session keys MUST be deleted by means of clearSessionKeys(...) if the check of the command using CMAC (cf. FCS_COP.1/COS.CMAC) fails. The TOE does not exe- cute any command with incorrect message authentication code. The TOE checks each command by secure messaging in encrypt-then-authenticate mode based on a MAC, whether it was sent by the successfully authenticated communication partner. The TOE does not execute any command with incorrect MAC. Therefore, the TOE re- authenticates the communication partner connected, if a secure messaging error oc- curred, and accepts only those commands received from the initially communication partner. 143 [assignment: additional rules describing how the multiple authenticationmechanisms provide authentication] 144 Refinement: Identification of the concrete user. 145 [assignment: list of conditions under which re-authentication is required] Security Target TCOS FlexCert/SLC52 66/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 276 FIA_UAU.6/CB Re-authenticating – Trusted channel Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.6.1/CB The TSF shall re-authenticate the user sender of a message146 un- der the conditions each message received after establishing the trusted channel by successful authentication by execution of a combination of INTERNAL AUTHENTICATE and EXTERNAL AUTHENTICATE, or MUTUAL AUTHENTI- CATE or GENERAL AUTHENTICATE commands shall be verified as be- ing sent by the authenticated device using the commands PSO VER- IFY CRYPTOGRAPHIC CHECKSUM and PSO DECIPHER147. 277 FIA_UAU.1/PACE Timing of authentication – PACE Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification: fulfilled FIA_UAU.1.1/ PACE The TSF shall allow (1) reading the ATS, (2) to establish a communication channel, (3) actions allowed according to FIA_UID.1/PACE and FIA_UAU.1, (4) none148 on behalf of the user to be performed before the user is authentica- ted. FIA_UAU.1.2/ PACE The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. 278 FIA_UAU.4/PACE.PICC Single-use authentication mechanisms Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.4.1/ PACE.PICC The TSF shall prevent reuse of verification authentication data re- lated to PACE Protocol in PCD role according to TR-03116 [TR3116-1], COS Specification [EGK-COS]149. 146 Refinement: Identification of the concrete user. 147 [assignment: list of conditions under which re-authentication is required] 148 [assignment: list of TSF-mediated actions] 149 [assignment: identified authentication mechanism(s)] Security Target TCOS FlexCert/SLC52 67/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 279 FIA_UAU.5/PACE.PICC Multiple authentication mechanisms – PACE/PICC protocol Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.5.1/ PACE.PICC The TSF shall provide (1) PACE protocol in PICC role according to [EACTR] and [EGK- COS] using command GENERAL AUTHENTICATE, (2) secure messaging in MAC-ENC mode using PACE session keys according to [EGK-COS], section 13, and [EACTR], part 3 in PICC role150 to support user authentication. FIA_UAU.5.2/ PACE.PICC The TSF shall authenticate any user’s claimed identity according to the PACE protocol as PICC is used for authentication of the device using PACE protocol in PCD role and secure messaging in MAC- ENC mode using PACE session keys is used to authenticate its commands151. 280 FIA_UAU.6/PACE.PICC Re-authenticating – PACE/PICC protocol Hierarchical to: No other components. Dependencies: No dependencies. FIA_UAU.6.1/ PACE.PICC The TSF shall re-authenticate the user under the conditions after successful run of the PACE protocol as PICC each command received by the TOE shall be verified as being sent by the authenti- cated PCD152. 281 Application Note 31: The TOE running the PACE protocol as PICC specified in [ICAOSAC] checks each command by secure messaging in encrypt-then-authenticate mode based on CMAC whether it was sent by the successfully authenticated terminal (see FCS_COP.1/PACE.PICC.ENC and FCS_COP.1/PACE.PICC.MAC for further de- tails) and sends all responses using secure messaging after successful PACE authenti- cation. The TOE does not execute any command with incorrect message authenticati on code. Therefore, the TOE re-authenticates the terminal connected, if a secure messag- ing error occurred,and accepts only those commands received from the initially authen- ticated terminal (see FIA_UAU.5/PACE.PICC). 282 FIA_UID.1 Timing of identification Hierarchical to: No other components. Dependencies: No dependencies. FIA_UID.1.1 The TSF shall allow 150 [assignment: list of multiple authenticationmechanisms] 151 [assignment: additional rules describing how the multiple authenticationmechanisms provide authentication] 152 [assignment: list of conditions under which re-authentication is required] Security Target TCOS FlexCert/SLC52 68/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (1) reading the ATR, (2) GET CHALLENGE, MANAGE CHANNEL, MANAGE SECURITY ENVI- RONMENT, SELECT153 (3) commands with access control rule ALWAYS for the current life cycle status and depending on the interface, (4) none154 on behalf of the user to be performed before the user is identified. FIA_UID.1.2 The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. 283 FIA_UID.1/PACE Timing of identification – PACE Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of authentication: fulfilled FIA_UID.1.1/ PACE The TSF shall allow (1) reading the ATS, (2) to establish a communication channel, (3) none155 on behalf of the user to be performed before the user is identified. FIA_UID.1.2/ PACE The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. 284 FIA_API.1 Authentication Proof of Identity Hierarchical to: No other components. Dependencies: No dependencies. FIA_API.1.1 The TSF shall provide (1) INTERNAL AUTHENTICATE, (2) MUTUAL AUTHENTICATE, (3) GENERAL AUTHENTICATE,156 to prove the identity of the TSF itself157 to an external entity. 285 FIA_API.1/CB Authentication Proof of Identity – Trusted channel Hierarchical to: No other components. Dependencies: No dependencies. FIA_API.1.1/CB The TSF shall provide 153 [selection: GET CHALLENGE, MANAGE CHANNEL, MANAGE SECURITY ENVIRONMENT, SELECT] 154 [assignment: list of TSF-mediated actions] 155 [assignment: list of TSF-mediated actions] 156 [assignment: authentication mechanism] 157 [assignment: object, authorizeduser or role] Security Target TCOS FlexCert/SLC52 69/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (1) PSO ENCIPHER and PSO COMPUTE CRYPTOGRAPHIC CHECK- SUM with SK4TC used for trusted channel commands158 to prove the identity of the TSF itself159 to an external entity. 286 FIA_USB.1 User-subject binding Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition: fulfilled FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: (1) for Human User authenticated with password: pwdIdentifier and Authentication Context globalPasswordList and dfSpecificPasswordList. (2) for Human User authenticated with PUC: pwdIdentifier of corre- sponding password, (3) for Device the Role authenticated by RSA based CVC if the RSA-based CVC functionality according to Op- tion_RSA_CVC160 in [EGK-COS] is supported by the TOE: the Certificate Holder Authorization (CHA) in the CVC (4) for Device the Role authenticated by ECC based CVC: the Cer- tificate Holder Authorization Template (CHAT), (5) for Device the Role authenticated by symmetric key: keyIdenti- fier and Authentication Context161. FIA_USB.1.2 The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: (1) If the logical channel is reset by command MANAGE CHANNEL (INS,P1,P2)=(‘70’,’40’,’00’) the initial authentication state is set to “not authenticated” (i.e. globalPasswordList, dfSpecificPass- wordList, globalSecurityList, dfSpecificSecurityList and keyRef- erenceList are empty, SessionkeyContext.flagSessionEnabled = noSK). (2) If the command SELECT is executed and the newFile is a folder the initial authentication state of the selected folder inherits the authentication state of the folder above up the root.162 FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users163: (1) The authentication state is changed to “authenticated Human User” for the specific context when the Human User has suc- 158 [assignment: authentication mechanism] 159 [assignment: object, authorizeduser or role] 160 Note that the option Option_RSA_CVC was removed in the current version of [EGK-COS]. The present TOE does not support this option neither 161 [assignment: list of user security attributes] 162 [assignment: rules for the initial association of attributes] 163 [assignment: rules for the changing of attributes] Security Target TCOS FlexCert/SLC52 70/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 cessfully authenticated via one of the following procedures: a. VERIFY command using the context specific password or the context specific Multi-Reference password, b. If the security attribute flagEnabled of password object is set to FALSE the authentication state for this specific password is changed to “authenticated Human User”. c. If the security attribute flagEnabled of Multi-Reference pass- word object is set to FALSE the authentication state for this specific Multi-Reference password is changed to “authenti- cated Human User”. (2) The authentication state is changed to “authenticated Device” for the specific authentication context when a Device has suc- cessfully authenticated via one of the following procedures: a. EXTERNAL AUTHENTICATE with symmetric or public keys, b. MUTUAL AUTHENTICATE with symmetric or public keys, c. GENERAL AUTHENTICATE with mutual ELC authentication and d. GENERAL AUTHENTICATE for asynchronous secure messaging (3) The effective access rights gained by ECC based CVC: the CHAT are the intersection of the access rights encoded in the CHAT of the CVC chain used as authentication reference data of the Device. (4) All authentication contexts are lost and the authentication state is set to “not authenticated” for all contexts if the TOE is reset. (5) If a DELETE command is executed for a password object or a symmetric authentication key the entity is authenticated for the authentication state has to be set to “not authenticated”. If a DELETE command is executed for a folder (a) authentication states gained by password objects in the deleted folder shall be set to “not authenticated” and (b) all entries in keyReferenceList and allPublicKeyList related to the deleted folder shall be re- moved. (6) If an authentication attempt using one of the following com- mands failed, the authentication state for the specific context has to be set to “not authenticated”: EXTERNAL AUTHENTICATE, MUTUAL AUTHENTICATE, MANAGE SECURITY ENVIRONMENT (vari- ant with restore). (7) If a context change by using the SELECT command is performed the authentication state for all objects of the old authentication context not belonging to the new context of the performed SE- LECT command has to be set to “not authenticated”. (8) If a failure of secure messaging (not indicated in CLA-byte, or erroneous MAC, or erroneous cryptogram) is detected the au- thentication state of the device in the current context has to be set to “not authenticated” (i.e. the element in globalSecurityList respective in dfSpecificSecurityList and the used SK4SM are deleted). (9) none 164. 287 Application Note 32: Note that the security attributes of the user are defined by the au- thentication reference data. The user may choose security attributes of the subjects in- 164 [assignment: further rules for the changingof attributes] Security Target TCOS FlexCert/SLC52 71/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 terface in the power on session and seIdentifier by execution of the command MANAGE SECURITY ENVIRONMENT for the current directory. The initial authentication state is set when the command SELECT is executed and the newFile is a folder (cf. COS Specifica- tion [EGK-COS], clause (N076.100) and (N048.200)). 288 FIA_USB.1/CB User-subject binding – Trusted channel Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition: fulfilled FIA_USB.1.1/CB The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: as defined in FIA_USB.1165. FIA_USB.1.2/CB The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: as defined in FIA_USB.1.166 FIA_USB.1.3/CB The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users167: (1) If the message received in commands PSO VERIFY CRYPTO- GRAPHIC CHECKSUM fails the verification or the message re- ceived in command PSO DECIPHER fail the padding condition the authentication state of the user bound to the SK4TC is changed to “ not authenticated” (i.e. the keyReference- List.macCalculation, keyReferenceList. dataEncipher and the SK4TC are deleted). (2) none 168. 289 FIA_USB.1/PACE.PICC User-subject binding – PACE/PICC protocol Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition: fulfilled FIA_USB.1.1/ PACE.PICC The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: The authentication state for the device using PACE protocol in PCD role with a. keyIdentifier of the used SCCO in the globalSecurityList if SCCO was in MF or in dfSpecificSecurityList if the SCCO was in the respective folder, b. SK4SM referenced in macKey and SSCmac169. 165 [assignment: list of user security attributes] 166 [assignment: rules for the initial association of attributes] 167 [assignment: rules for the changing of attributes] 168 [assignment: further rules for the changingof attributes] 169 [assignment: list of user security attributes] Security Target TCOS FlexCert/SLC52 72/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FIA_USB.1.2/ PACE.PICC The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: see FIA_USB.1170. FIA_USB.1.3/ PACE.PICC The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users171: (1) The authentication state for the device after successful authen- tication using PACE protocol in PCD role is set to “authenticat- ed” and: a. keyIdentifier of the used SCCO in the globalSecurityList if SCCO was in MF or in dfSpecificSecurityList if the SCCO was in the respective DF, b. the authentication reference data SK4SM is stored in macKey and SSCmac. (2) If an authentication attempt using PACE protocol in PCD role failed a. Executing GENERAL AUTHENTICATE for PACE Version 2 [EACTR], b. receiving commands failing the MAC verification or encryp- tion defined for secure messaging, c. receiving messages violation MAC verification or encryption defined for trusted channel established with PACE, the authentication state for the specific context of SCCO has to be set to “not authenticated” (i.e. the element in globalSecurity- List respective in the dfSpecificSecurityList and the SK4SM are deleted). 290 FIA_USB.1/LC User-subject binding – Logical channel Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition: fulfilled FIA_USB.1.1/LC The TSF shall associate the following user security attributes with sub- jects acting on the behalf of that user: (1) The authentication state for the context as specified in FIA_USB.1, (2) The authentication state for a context is bound to the logical channel the authentication took place172. FIA_USB.1.2/LC The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: (1) If a new logical channel is opened the authentication state is “not authenticated” for all contexts within that logical channel173. 170 [assignment: rules for the initial association of attributes] 171 [assignment: rules for the changing of attributes] 172 [assignment: list of user security attributes] 173 [assignment: rules for the initial association of attributes] Security Target TCOS FlexCert/SLC52 73/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FIA_USB.1.3/LC The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users174: (1) Every logical channel has its own context. The rules as specified in FIA_USB.1.3 for the context shall be enforced for each logical channel separately. (2) After a logical channel is closed or reset, e.g. by the use of a MANAGE CHANNEL command, the authentication state for all con- texts within the closed logical channel must be “not authenticat- ed” (3) The execution of a DELETE command has to be rejected if more than one channel is open. (4) none 175. 291 FIA_SOS.1 Specification – Verification Hierarchical to: No other components. Dependencies: No dependencies. FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets provided by the user for password objects meet the quality metric: length not lower than minimumLength and not greater than maximum- Length176. 6.1.6 Class FDP User Data Protection 292 Application Note 33: This section defines SFR for access control on User data in the object system. The SFR FDP_ACF.1/MF_DF, FDP_ACF.1/EF, FDP_ACF.1/TEF, FDP_\ ACF.1/SEF and FDP_ACF.1/KEY describe the securityattributes of the subject gaining access to these objects. The COS specification [EGK-COS] describes the attributes of logical channels (i.e. subjects in CC terminology) which is valid for the core of COS in- cluding all packages. The globalSecurityList and dfSpecificSecurityList contain all key- Identifier used for successful device authentications, i.e. the list may be empty, may con- tain a CHA, a key identifier of a symmetric authentication key or CAN (in form of the key- Identifier of the derived key) used with PACE. 293 FDP_ACC.1/MF_DF Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/ The TSF shall enforce the access control MF_DF_SFP177 on178 174 [assignment: rules for the changing of attributes] 175 [assignment: further rules for the changingof attributes] 176 [assignment: a defined quality metric] 177 [assignment: access control SFP] Security Target TCOS FlexCert/SLC52 74/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 MF_DF (1) the subject logical channel bind to users a. World, b. Human User, c. Device, d. Human User and Device, e. none179, (2) the objects a. all executable code implemented by the TOE, b. MF, c. Application, d. Dedicated File, e. Application Dedicated file, f. persistent stored public keys, g. none180, (3) the operation by the following commands a. command SELECT, b. create objects with command LOAD APPLICATION with and without command chaining, c. delete objects with command DELETE, d. read fingerprint with command FINGERPRINT, e. command LIST PUBLIC KEY, h. none181. 294 Application Note 34: Note the commands ACTIVATE, DEACTIVATE and TERMINATE DF for current file applicable to MF, DF, Application and Application dedicated file manage the security life cycle attributes. Therefore access control rules of thesescommands are de- scribed by FMT_MSA.1/Life. The object “all executable code implemented by the TOE” includes IC Dedicated Support Software, the Card Operating System and application specific code loaded on the smartcard by command LOAD CODE or any other means (in- cluding related configuration data). 295 FDP_ACF.1/MF_DF Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/ MF_DF The TSF shall enforce the access control MF_DF_SFP182 to objects based on the following183: (1) the subjects logical channel with security attributes a. interface, 178 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] 179 [assignment: list of further subjects] 180 [assignment: list of further objects] 181 [assignment: all other operations applicableto MF and DF] 182 [assignment: access control SFP] 183 [assignment: list of subjects and objects controlledunder the indicatedSFP, and.for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] Security Target TCOS FlexCert/SLC52 75/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 b. globalPasswordList, c. globalSecurityList, d. dfSpecificPasswordList, e. dfSpecificSecurityList, f. bitSecurityList, g. SessionkeyContext, h. none184 (2) the objects a. all executable code implemented by the TOE, b. MF with security attributes lifeCycleStatus, seIdentifier and interfaceDependentAccessRules, c. DF with security attributes lifeCycleStatus, seIdentifier and interfaceDependentAccessRules, d. Application with security attributes lifeCycleStatus, seIden- tifier and interfaceDependentAccessRules, e. Application Dedicated File with security attributes lifecycle- Status, seIdentifier and interfaceDependentAccessRules, f. persistent stored public keys, g. none185 FDP_ACF.1.2/ MF_DF The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed186: (1) SELECT is ALWAYS allowed,187 (2) GET CHALLENGE is ALWAYS allowed,188 (3) A subject is allowed to create new objects (user data or TSF data) in the current folder MF if the security attributes interface, globalPasswordList, globalSecurityList and SessionkeyContext of the subject meet the access rules for the command LOAD AP- PLICATION of the MF dependent on lifeCycleStatus, seIdentifier and interfaceDependentAccessRules. (4) A subject is allowed to create new objects (user data or TSF data) in the current folder DF, Application or Application DF if the security attributes interface, globalPasswordList, global- SecurityList, dfSpecificPasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command LOAD APPLICATION of this object dependent on life- CycleStatus, seIdentifier and interfaceDependentAccessRules. (5) A subject is allowed to delete objects in the current folder MF if the security attributes interface, globalPasswordList, global- SecurityList and SessionkeyContext of the subject meet the ac- cess rules for the command DELETE of the MF dependent on lifeCycleStatus, seIdentifier and interfaceDependentAccess- Rules. (6) A subject is allowed to delete objects in the current DF, Applica- 184 [assignment: further subjects listed in FDP_ACC.1.1/MF_DF with their security attributes] 185 [assignment: further subjects listed in FDP_ACC.1.1/MF_DF with their security attributes] 186 [assignment: rules governing access amongcontrolledsubjects andcontrolledobjects usingcontrolled operations on controlled objects] 187 [selection: ALWAYSallowed, [assignment:supported access control rules]] 188 [selection: ALWAYSallowed, [assignment:supported access control rules]] Security Target TCOS FlexCert/SLC52 76/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 tion or Application DF if the security attributes interface, glob- alPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command DELETE of this object dependent on lifeCycleStatus, seIdentifier and interfaceDepen- dentAccessRules. (7) A subject is allowed to read fingerprint according to FPT_ITE.1 if it is allowed to execute the command FINGERPRINT in the cur- rent folder, (8) All subjects are allowed to execute command LIST PUBLIC KEY to export all persistent stored public keys189, (9) none190. FDP_ACF.1.3/ MF_DF The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none191. FDP_ACF.1.4/ MF_DF The TSF shall explicitly deny access of subjects to objects based on the following additional rules: none192. 296 Application Note 35: The object system defines sets of access control rules depending on the life cycle status, security environment and the interface used (i.e. contact based or contactless interface). The securityenvironment may be chosen for the current folder by means of command MANAGE SECURITY ENVIRONMENT. The command SELECT is therefore pre-requisite for many other commands. The access control rule defines for each command, which is defined by CLA, INS, P1 and P2 and acceptable for the type of the object, the necessary security state, which is reached by successful authentication of human user and devices, to allow the access to the selected object. Note that the com- mand FINGERPRINT process the data representing the TOE implementation like user data (i.e. hash value calculation, no execution or interpretation as code) and is developer specific. 297 Application Note 36: The access rules for the execution of the FINGERPRINT command are defined in the object system. 298 FDP_ACC.1/EF Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/EF The TSF shall enforce the access control EF SFP193 on194 (1) the subject logical channel bind to users a. World, b. Human User, c. Device, d. Human User and Device, 189 [assignment: list of security attributes of subjects] 190 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 191 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] 192 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 193 [assignment: access control SFP] 194 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] Security Target TCOS FlexCert/SLC52 77/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 e. none195, (2) the objects a. EF, b. Transparent EF, c. Structured EF, d. none196, (3) the operation by the following commands a. SELECT, b. DELETE of the current file, c. none197. 299 Application Note 37: Note that the commands ACTIVATE, DEACTIVATE and, TERMINATE DF for current file applicable to EF, Transparent EF and Structured EF manage the security life cycle attributes. Therefore access control rules of these commands are described by FMT_MSA.1/Life. The commands CREATE, GET DATA, GET RESPONSE and PUT DATA are optional and not implemented by the TOE. The commands specific for transparent files are described in FDP_ACC.1/TEF and FDP_ACF.1/TEF SFR. The commands specific for structured files are described in FDP_ACC.1/SEF and FDP_ACF.1/SEF SFR. 300 FDP_ACF.1/EF Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/EF The TSF shall enforce the access control EF SFP198 to objects based on the following199: (1) the subject logical channel with security attributes a. interface, b. globalPasswordList, c. globalSecurityList, d. dfSpecificPasswordList, e. dfSpecificSecurityList, f. bitSecurityList, g. SessionkeyContext, h. none 200 (2) the objects a. EF with security attributes seIdentifier of the current folder, lifeCycleStatus and interfaceDependentAccessRules of the EF and no transaction protection201, 195 [assignment: list of further subjects] 196 [assignment: list of further objects] 197 [assignment: all other operations applicableto MF and DF] 198 [assignment: access control SFP] 199 [assignment: list of subjects and objects controlledunder the indicatedSFP, and,for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 200 [assignment: further subjects listed in FDP_ACC.1.1/EF with their security attributes] 201 [selection: transaction protectionMode, checksum] Security Target TCOS FlexCert/SLC52 78/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 b. none202. FDP_ACF.1.2/EF The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed203: (1) SELECT is ALWAYS allowed204, (2) A subject is allowed to delete the current EF if the security at- tributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList and Sessionkey- Context of the subject meet the access rules for the command DELETE of this object dependent on lifeCycleStatus, interface- DependentAccessRules and seIdentifier of the current folder. (3) none205. FDP_ACF.1.3/EF The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none206. FDP_ACF.1.4/EF The TSF shall explicitly deny access of subjects to objects based on the following additional rules: none207. 301 FDP_ACC.1/TEF Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/ TEF The TSF shall enforce the access rule TEF SFP208 on209 (1) the subject logical channel bind to users a. World, b. Human User, c. Device, d. Human User and Device, e. none210, (2) the objects a. Transparent EF, b. none211, (3) the operation by the following commands a. ERASE BINARY, b. READ BINARY, c. SET LOGICAL EOF 202 [assignment: further subjects listed in FDP_ACC.1.1/EF with their security attributes] 203 [assignment: rules governing access amongcontrolledsubjects and controlledobjects usingcontrolled operations on controlled objects] 204 [selection: ALWAYSallowed, [assignment:supported access control rules]] 205 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 206 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] 207 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 208 [assignment: access control SFP] 209 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] 210 [assignment: list of further subjects] 211 [assignment: list of further objects] Security Target TCOS FlexCert/SLC52 79/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 d. UPDATE BINARY e. WRITE f. none212. 302 Application Note 38: If the checksum of the data to be read by READ BINARY is malicious then the TOE throws a warning on export. 303 FDP_ACF.1/TEF Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/ TEF The TSF shall enforce the access rule TEF SFP213 to objects based on the following214: (1) the subject logical channel with security attributes a. interface, b. globalPasswordList, c. globalSecurityList, d. dfSpecificPasswordList, e. dfSpecificSecurityList, f. bitSecurityList, g. SessionkeyContext, h. none215 (2) the objects a. with security attributes seIdentifier of the current folder, lifeCycleStatus and interfaceDependentAccessRules of the current Transparent EF and no transaction protection216, b. none217. FDP_ACF.1.2/ TEF The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed218: (1) The subject is allowed to execute the command listed in FDP_ACC.1.1/TEF for the current Transparent EF if the securi- ty attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList and Session- keyContext of the subject meet the access rules of this object for this command dependent on seIdentifier of the current fold- er, lifeCycleStatus and interfaceDependentAccessRules of the current Transparent EF. 212 [assignment: all other operations applicableto MF and DF] 213 [assignment: access control SFP] 214 [assignment: list of subjects and objects controlledunder the indicatedSFP, and.for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 215 [assignment: further subjects listed in FDP_ACC.1.1/TEF with their security attributes] 216 [selection: transaction protectionMode, checksum] 217 [assignment: further subjects listed in FDP_ACC.1.1/TEF with their security attributes] 218 [assignment: rules governing access amongcontrolled subjects andcontrolledobjects usingcontrolled operations on controlled objects] Security Target TCOS FlexCert/SLC52 80/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (2) none219. FDP_ACF.1.3/ TEF The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none220. FDP_ACF.1.4/ TEF The TSF shall explicitly deny access of subjects to objects based on the following additional rules: Rules defined in FDP_ACF.1.4/EF ap- ply, and none221. 304 Application Note 39: The selection of “transaction protection Mode” and “checksum” is empty because they are optional in the COS specification [EGK-COS]. If the checksum of the data to be read by READ BINARY is malicious the TOE must append a warning when exporting. Exporting of malicious data should be taken into account by the evalua- tor during evaluation of class AVA: vulnerability assessment. 305 FDP_ACC.1/SEF Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/ SEF The TSF shall enforce the access rule SEF SFP222 on223 (1) the subjects logical channel bind to users a. World, b. Human User, c. Device, d. Human User and Device, e. none224, (2) the objects a. record in Structured EF, b. none225, (3) the operation by the following commands a. APPEND RECORD b. ERASE RECORD c. DELETE RECORD d. READ RECORD e. SEARCH RECORD f. UPDATE RECORD g. none226. 306 Application Note 40: The command WRITE RECORD is optional and not implemented by the TOE. 219 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 220 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] 221 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 222 [assignment: access control SFP] 223 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] 224 [assignment: list of further subjects] 225 [assignment: list of further objects] 226 [assignment: all other operations applicableto MF and DF] Security Target TCOS FlexCert/SLC52 81/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 307 FDP_ACF.1/SEF Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/ SEF The TSF shall enforce the access rule SEF SFP227 to objects based on the following228: (1) the subject logical channel with security attributes a. interface, b. globalPasswordList, c. globalSecurityList, d. dfSpecificPasswordList, e. dfSpecificSecurityList, f. bitSecurityList, g. SessionkeyContext, h. none229 (2) the objects a. with security attributes seIdentifier of the current folder, lifeCycleStatus and interfaceDependentAccessRules of the current Structured EF and lifeCycleStatus of the record b. none230 FDP_ACF.1.2/ SEF The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed231: (1) The subject is allowed to execute the command listed in FDP_ACC.1.1/SEF for the record of the current Structured EF if the security attributes interface, globalPasswordList, global- SecurityList,, dfSpecificPasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules of this object for this command dependent on seIdentifier of the cur- rent folder, lifeCycleStatus and interfaceDependentAc- cessRules of the current Structured EF, and lifeCycleStatus of the record. (2) none232 FDP_ACF.1.3/ SEF The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none233. FDP_ACF.1.4/ SEF The TSF shall explicitly deny access of subjects to objects based on the following additional rules: Rules defined in FDP_ACF.1.4/EF ap- ply, and none234. 227 [assignment: access control SFP] 228 [assignment: list of subjects and objects controlledunder the indicatedSFP, and.for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 229 [assignment: further subjects listed in FDP_ACC.1.1/SEF with their security attributes] 230 [assignment: further subjects listed in FDP_ACC.1.1/SEF with their security attributes] 231 [assignment: rules governing access amongcontrolledsubjects andcontrolledobjects usingcontrolled operations on controlled objects] 232 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 233 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] Security Target TCOS FlexCert/SLC52 82/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 308 Application Note 41: Keys can be TSF data or user data. As SFR FDP_ACC.1/KEY and FDP_ACF.1/KEY address protection of user data the keys defined in these SFR as ob- jects are user keys only. Keys used for authentication are TSF data and are therefore not in the scope of these two SFR. Please note that the PSO ENCIPHER, PSO DECIPHER, PSO COMPUTE CRYPTOGRAPHIC CHECKSUM, and PSO VERIFY CRYPTOGRAPHIC CHECK- SUM are used with the SK4TC for trusted channel. If these commands are used in the context trusted channel the key used is TSF data and not user data. Therefore the SFR FDP_ACC.1/KEY and FDP_ACF.1/KEY are not applicable on the commands used for trusted channel. The commands PSO COMPUTE CRYPTOGRAPHIC CHECKSUM and PSO VERIFY CRYPTOGRAPHIC CHECKSUM are required by the package Crypto Box. 309 Application Note 42: If the checksum of the record to be read does by READ RECORD not match the TOE will block the output. 310 FDP_ACC.1/KEY Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/ KEY The TSF shall enforce the access control key SFP235 on236 (1) the subject logical channel bind to users a. World, b. Human User, c. Device, d. Human User and Device, e. none237, (2) the objects a. symmetric key used for user data, b. private asymmetric key used for user data, c. public asymmetric key for signature verification used for user data, d. public asymmetric key for encryption used for user data, e. ephemeral keys used during Diffie-Hellman key exchange f. none 238, (3) the operation by the following commands a. DELETE for private, public and symmetric key objects, b. MANAGE SECURITY ENVIRONMENT, c. GENERATE ASYMMETRIC KEY PAIR, d. PSO COMPUTE DIGITAL SIGNATURE, e. PSO VERIFY DIGITAL SIGNATURE, f. PSO VERIFY CERTIFICATE, g. PSO ENCIPHER, h. PSO DECIPHER, i. PSO TRANSCIPHER, 234 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 235 [assignment: access control SFP] 236 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] 237 [assignment: list of further subjects listed in FDP_ACC.1.1/KEY] 238 [assignment: list of further objects listed in FDP_ACC.1.1/KEY] Security Target TCOS FlexCert/SLC52 83/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 j. PSO COMPUTE CRYPTOGRAPHIC CHECKSUM, k. PSO VERIFY CRYPTOGRAPHIC CHECKSUM, l. none239. 311 FDP_ACF.1/KEY Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/KEYThe TSF shall enforce the access control key SFP240 to objects based on the following241: (1) the subject logical channel with security attributes a. interface, b. globalPasswordList, c. globalSecurityList, d. dfSpecificPasswordList, e. dfSpecificSecurityList, f. bitSecurityList, g. SessionkeyContext, h. none242 (2) the objects a. symmetric key used for user data with security attributes seIdentifier of the current folder, lifeCycleStatus and inter- faceDependentAccessRules, the key type (encryption key or mac key), interfaceDependentAccessRules for session keys b. private asymmetric key used for user data with security at- tributes seIdentifier of the current folder, lifeCycleStatus, keyAvailable and interfaceDependentAccessRules, c. public asymmetric key for signature verification used for us- er data with security attributes seIdentifier of the current folder, lifeCycleStatus and interfaceDependentAccessRules, d. public asymmetric key for encryption used for user data with security attributes seIdentifier of the current folder, lifeCy- cleStatus and interfaceDependentAccessRules, e. CVC with security attributes certificate content and signa- ture, f. ephemeral keys used during Diffie-Hellman key exchange g. none243 FDP_ACF.1.2/KEYThe TSF shall enforce the following rules to determine if an operation 239 [assignment: further operation] 240 [assignment: access control SFP] 241 [assignment: list of subjects and objects controlledunder the indicatedSFP, and.for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 242 [assignment: further subjects listed in FDP_ACC.1.1/KEYwith their security attributes] 243 [assignment: further subjects listed in FDP_ACC.1.1/KEYwith their security attributes] Security Target TCOS FlexCert/SLC52 84/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 among controlled subjects and controlled objects is allowed244: (1) MANAGE SECURITY ENVIRONMENT is ALWAYS allowed245, in cases defined in FDP_ACF.1.4/KEY. (2) A subject is allowed to delete an object listed in FDP_\ ACF.1.1/KEY if the security attributes interface, globalPass- wordList, globalSecurityList, dfSpecificPasswordList, dfSpeci- ficSecurityList and SessionkeyContext of the subject meet the access rules for the command DELETE of this object dependent on seIdentifier of the current folder, lifeCycleStatus and inter- faceDependentAccessRules, (3) A subject is allowed to generate a new asymmetric key pair or change the content of existing objects if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecific- PasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command GENERATE ASYMMETRIC KEY PAIR of this object dependent on seIdentifier of the current folder, lifeCycleStatus, key type and interface- DependentAccessRules. In case P1=80 or P1=84 the security attribute keyAvailable must be set to FALSE. (4) A subject is allowed to import a public key as part of a CVC by means of the command PSO VERIFY CERTIFICATE if a. the security attributes interface, globalPasswordList, global- SecurityList, dfSpecificPasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command PSO VERIFY CERTIFICATE of the sig- nature public key to be used for verification of the signature of the CVC dependent on seIdentifier of the current folder, lifeCycleStatus, key type and interfaceDependentAccess- Rules, b. the CVC has valid certificate content and signature, where the expiration date is checked against pointInTime. (5) A subject is allowed to compute digital signatures using the private asymmetric key for user data if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList and Ses- sionkeyContext of the subject meet the access rules for the command PSO COMPUTE DIGITAL SIGNATURE of this ob- ject dependent on seIdentifier of the current folder, lifeCycleS- tatus, the key type and interfaceDependentAccessRules. (6) Any subject is allowed to verify digital signatures using the public asymmetric key for user data using the command PSO VERIFY DIGITAL SIGNATURE (7) A subject is allowed to encrypt user data using the asymmetric key if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurity- 244 [assignment: rules governing access amongcontrolledsubjects andcontrolledobjects usingcontrolled operations on controlled objects] 245 [selection: ALWAYSallowed, [assignment:supported access control rules]] Security Target TCOS FlexCert/SLC52 85/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 List and SessionkeyContext of the subject meet the access rules for the command PSO ENCIPHER of this object dependent on seIdentifier of the current folder, lifeCycleStatus, the key type and interfaceDependentAccessRulest. (8) A subject is allowed to decrypt user data using the asymmetric key if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurity- List and SessionkeyContext of the subject meet the access rules for the command PSO DECIPHER of this object dependent on seIdentifier of the current folder, lifeCycleStatus, the key type and interfaceDependentAccessRules. (9) A subject is allowed to decrypt and to encrypt user data using the asymmetric keys if the security attributes interface, dfSpecificPasswordList, globalPasswordList, globalSecu- rityList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command PSO TRANSCI- PHER of both keys dependent on seIdentifier of the current folder, lifecycleStatus, the key type and interfaceDependen- tAccessRules. (10) If the command PSO COMPUTE CRYPTOGRAPHIC CHECKSUM is supported by the TSF then the following rule applies: a subject is allowed to compute a cryptographic checksum with a sym- metric key used for user data if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPassword- List, dfSpecificSecurityList and SessionkeyContext of the sub- ject meet the access rules for the command PSO COMPUTE CRYPTOGRAPHIC CHECKSUM of this object dependent on seI- dentifier of the current folder, lifeCycleStatus, the key type and interfaceDependentAccessRules. (11) If the command PSO VERIFY CRYPTOGRAPHIC CHECKSUM is supported by the TSF then the following rule applies: a subject is allowed to verify a cryptographic checksum with a symmetric key used for user data if the security attributes interface, glo- balPasswordList, globalSecurityList,dfSpecificPasswordList, dfSpecificSecurityList and SessionkeyContext of the subject meet the access rules for the command PSO VERIFY CRYPTO- GRAPHIC CHECKSUM of this object dependent on seIdentifier of the current folder, lifeCycleStatus, the key type and interface- DependentAccessRules. (12) none246. FDP_ACF.1.3/KEYThe TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none247. FDP_ACF.1.4/KEYThe TSF shall explicitly deny access of subjects to objects based on the following additional rules: (1) If the security attribute keyAvailable=TRUE the TSF shall pre- vent generation of a private key by means of the command GENERATE ASYMMETRIC KEY PAIR with P1=80 or P1=84. 246 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 247 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] Security Target TCOS FlexCert/SLC52 86/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (2) none248. 312 FDP_ACC.1/LC Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control: fulfilled FDP_ACC.1.1/LC The TSF shall enforce the Logical channel SFP249 on250 (1) the subjects FDP_ACF.1/EF and FDP_ACF.1/MF_DF, (2) the objects a. logical channel b. objects as defined in FDP_ACF.1/EF and c. objects as defined in FDP_ACF.1/MF_DF, (3) the operation by command following a. command SELECT b. command MANAGE CHANNEL to open, reset and close a logi- cal channel251. 313 FDP_ACF.1/LC Subset access control – Logical channel Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control: fulfilled FMT_MSA.3 Static attributes initialization: fulfilled FDP_ACF.1.1/LC The TSF shall enforce the Logical channel SFP252 to objects based on the following253: (1) the subjects as defined in FDP_ACF.1/EF and FDP_ACF.1/MF_DF with security attribute “logical channel” (2) the objects a. logical channel with channel number b. as defined in FDP_ACF.1/EF and FDP_ACF.1/MF_DF with security attribute “shareable”254. FDP_ACF.1.2/LC The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed255: (1) The command MANAGE CHANNEL is ALWAYS allowed256. 248 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 249 [assignment: access control SFP] 250 [assignment: list of subjects, objects, and operations among subjects and objects coveredby the SFP] 251 [assignment: all other operations applicableto MF and DF] 252 [assignment: access control SFP] 253 [assignment: list of subjects and objects controlledunder the indicatedSFP, and.for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 254 [assignment: further subjects listed in FDP_ACC.1.1/KEYwith their security attributes] 255 [assignment: rules governing access amongcontrolledsubjects andcontrolledobjects usingcontrolled operations on controlled objects] Security Target TCOS FlexCert/SLC52 87/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (2) A subject is allowed to open, reset or close a logical channel with channel number higher than 1 if a logical channel is avail- able and the subject fulfils the access conditions for command MANAGE CHANNEL with the corresponding parameter P1. (3) A subject is allowed to select an object as current object in more than one logical channel if its security attribute “sharea- ble” is set to TRUE”257. FDP_ACF.1.3/LC The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none258. FDP_ACF.1.4/LC The TSF shall explicitly deny access of subjects to objects based on the following additional rules: (1) if the security attribute of an object is set to “not shareable” this object is not accessible as current object in more than one logical channel259. 314 Application Note 43: The COS specification [EGK-COS] claims that the security attribute “shareable” is always “TRUE”. 315 FDP_IFC.1/SICP Subset information flow control Hierarchical to: No other components. Dependencies: FDP_IFF.1 Simple security attributes: justified by [PP0084, sec. 6.3.2] FDP_IFC.1.1/ SICP The TSF shall enforce the Data Processing Policy260 on all confiden- tial data when they are processed or transferred by the TOE or by the Security IC Embedded Software261. 316 Application Note 44: The Data Processing Policy is defined in [PP0084]: User Data and TSF data shall not be accessible from the TOE except when the Security IC Embedded Software decides to communicate the User Data via an external interface. The protec- tion shall be applied to confidential data only but without the distinction of attributes con- trolled by the Security IC Embedded Software. 317 FDP_ITT.1/SICP Basic internal TSF data transfer protection Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset infor- mation flow control]: fulfilled 256 [selection: ALWAYSallowed, [assignment:supported access control rules]] 257 [assignment: further list of subjects, objects, andoperations amongsubjects andobjects covered by the SFP] 258 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects] 259 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 260 [assignment: information flow control SFP] 261 [assignment: list of subjects, information, and operations thatcause controlled informationto flow to and from controlled subjects covered by the SFP] Security Target TCOS FlexCert/SLC52 88/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FDP_ITT.1.1/SICPThe TSF shall enforce the Data Processing Policy262 to prevent the disclosure263 of user data when it is transmitted between physically-separated parts of the TOE. 318 Application Note 45: The different memories, the CPU and other functional units of the TOE (e.g. a cryptographic co-processor) are seen as physically-separated parts of the TOE. 319 FDP_SDC.1/SICP Stored data confidentiality Hierarchical to: No other components. Dependencies: No dependencies. FDP_SDC.1/SICP .1.1 The TSF shall ensure the confidentiality of the information of the user data of the Composite TOE while it is stored in the RAM, ROM, Cache and SOLID FLASH™ NVM. 320 FDP_SDI.2/SICP Stored data integrity monitoring and action Hierarchical to: FDP_SDI.1 stored data integrity monitoring. Dependencies: No dependencies. FDP_SDI.2/SICP. 2.1 The TSF shall monitor user data of the Composite TOE stored in con- tainers controlled by the TSF for data integrity and one-and/or more- bit-errors on all objects, based on the following attributes: corre- sponding EDC value for RAM, ROM and SOLID FLASH™ NVM and error correction ECC for the SOLID FLASH™ NVM. FDP_SDI.2/SICP. 221 Upon detection of a data integrity error, the TSF shall correct 1 bit errors in the SOLID FLASH™ NVM automatically and inform the user about more bit errors. 321 FDP_RIP.1 Subset residual information protection Hierarchical to: No other components. Dependencies: No dependencies. FDP_RIP.1.1 The TSF shall ensure that any previous information content of a re- source is made unavailable upon de-allocation of the resource from264 the following objects: password objects, secret cryptographic keys, private cryptographic keys, session keys, none265. 262 [assignment: access control SFP(s) and/or information flow control SFP(s)] 263 [selection: disclosure, modification, loss of use] 264 [selection: allocation of the resource to, deallocation of theresource from] 265 [assignment: other data objects] Security Target TCOS FlexCert/SLC52 89/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 322 FDP_RIP.1/PACE.PICC Subset residual information protection – PACE/ PICC Hierarchical to: No other components. Dependencies: No dependencies. FDP_RIP.1.1/ PACE.PICC The TSF shall ensure that any previous information content of a re- source is made unavailable upon de-allocation of the resource from266 the following objects: (1) session keys (immediately after closing related communication session), (2) any ephemeral secret having been generated during DH key exchange (3) none267. 323 FDP_SDI.2 Stored data integrity monitoring and action Hierarchical to: FDP_SDI.1 Stored data monitoring Dependencies: No dependencies FDP_SDI.2.1 The TSF shall monitor user data stored in containers controlled by the TSF for hardware integrity errors268 on all objects, based on the following attributes: (1) key objects, (2) PIN objects, (3) affectedObject.flagTransactionMode=TRUE, (4) none269. FDP_SDI.2.2 Upon detection of a data integrity error, the TSF shall enter the hard- ware security reset state270. 324 FDP_UCT.1/PACE Basic data exchange confidentiality – PACE Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FTP_TRP.1 Trusted path] [FDP_ACC.1 Subset access control or FDP_IFC.1 Subset infor- mation flow] 266 [selection: allocation of the resource to, deallocation of theresource from] 267 [assignment: list of additional objects] 268 [assignment: integrity errors] 269 [assignment: user data attributes] 270 [assignment: action to be taken] Security Target TCOS FlexCert/SLC52 90/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FDP_UCT.1.1/PA CE The TSF shall enforce the access control MF_DF SFP, access con- trol EF SFP, access rule TEF SFP, access rule SEF SFP and access control key SFP271 to transmit and receive272 user data in a manner protected from unauthorized disclosure. 325 FDP_UIT.1/PACE Data exchange integrity – PACE protocol Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control or FDP_IFC.1 Subset infor- mation flow] [FDP_ITC.1 Import of user data without security attributes, or FTP_TRP.1 Trusted path] FDP_UIT.1.1/PAC E The TSF shall enforce the access control MF_DF SFP, access con- trol EF SFP, access rule TEF SFP, access rule SEF SFP and access control key SFP273 to transmit and receive274 user data in a manner protected from modification, deletion, insertion, and replay275 errors. FDP_UIT.1.2/PAC E The TSF shall be able to determine on receipt of user data, whether modification, deletion, insertion, and replay276 has occurred. 6.1.7 Class FMT Security Management 326 Application Note 46: The SFR FMT_SMF.1 and FMT_SMR.1 provide basic requirements to the management of the TSF data. 327 FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components. Dependencies: No dependencies FMT_SMF.1.1 The TSF shall be capable of performing the following management functions277: (1) Initialisation, (2) Personalisation, (3) Life Cycle Management by means of commands GENERATE ASYMMETRIC KEY PAIR, DELETE, LOAD APPLICATION, TERMINATE, TERMINATE DF, TERMINATE CARD USAGE, none278, 271 [assignment: access control SFP(s) and/or information flow control SFP(s)] 272 [selection: transmit, receive] 273 [assignment: access control SFP(s) and/or information flow control SFP(s)] 274 [selection: transmit, receive] 275 [selection: modification, deletion, insertion, replay] 276 [selection: modification, deletion, insertion, replay] 277 [assignment: list of management functions to be provided by the TSF] 278 [assignment: list of further management functions to be provided by the TSF] Security Target TCOS FlexCert/SLC52 91/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (4) Management of access control security attributes by means of the commands ACTIVATE, DEACTIVATE, ACTIVATE RECORD, DE- ACTIVATE RECORD, ENABLE VERIFICATION REQUIREMENT, DISA- BLE VERIFICATION REQUIREMENT, LOAD APPLICATION, (5) Management of password objects attributes by means of the commands CHANGE REFERENCE DATA, RESET RETRY COUNTER, GET PIN STATUS, VERIFY, LOAD APPLICATION (6) Management of device authentication reference data by means of the commands PSO VERIFY CERTIFICATE, GET SECURITY STATUS KEY, LOAD APPLICATION, (7) none279. 328 Application Note 47: The Protection Profile BSI-CC-PP-0084-2014 [PP0084] describes initialization and personalization as management functions. The corresponding COS command used is FORMAT. More details on this command are provided in the Adminis- trator’s Guidance [TCOSGD] (cf. also FMT_SMR.1, para. 330 on p. 91). The initialization as a management function corresponds to the Object System Installation of the first part of the Life Cycle Phase 6 (cf. Life cycle phase 6 “Smartcard personalization” on p. 10). 329 Application Note 48: LOAD APPLICATION creates new objects together with their TSF data (cf. FMT_MSA.1/Life).In case of folders this includesauthentication reference data as passwords and public keys. CREATE is an optional command. It is not supported by the TOE. 330 FMT_SMR.1 Security roles Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification: fulfilled FMT_SMR.1.1 The TSF shall maintain the roles280 (1) World as unauthenticated user without authentication reference data, (2) Human User authenticated by password in the role defined for this password, (3) Human User authenticated by PUC as holder of the corre- sponding password, (4) Device authenticated by means of symmetric key in the role de- fined for this key, (5) Device authenticated by means of asymmetric key in the role defined by the Certificate Holder Authorization in the CVC, (6) Administrator authenticated for Installation or Personalization. FMT_SMR.1.2 The TSF shall be able to associate users with roles. 331 Application Note 49: The Administrator authenticates herself by secret data with at least 128 bits of entropy. This data is used in the FORMAT command available only in Life Cy- cle Phases 5 and 6. The authentication data for the Installation and the Personalization Agent can be selected different. Note that this command is additionally bound to fixed usage counter of 32 which cannot be changed. 279 [assignment: list of further management functions to be provided by the TSF] 280 [assignment: the authorized identified roles] Security Target TCOS FlexCert/SLC52 92/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 332 Application Note 50: The Protection Profile BSI-CC-PP-0084-2014 does not explicitly define role because roles are linked to life cycle of the chip not addressed by SFR. Therefore the present PP defines the role “World” relevant for all parts of the TOE (e.g. physical protection) and roles for COS related SFR. 333 Application Note 51: Human users authenticate themselves by identifying the password or Multi-reference password and providing authentication verification data to be matched to the secret of the password object or PUC depending on the command used. The role gained by authorization with a password is defined in the security attributes of the ob- jects and related to the identified commands. The authorization status is valid for the same level and in the level below in the file hierarchy as the password object is stored. The role gained by authentication with a symmetric key is defined in the security attrib- utes of the objects and related to the identified commands. The assignment may assign additional role like the role defined for authentication by means of PACE or “none”. 334 FMT_SMR.1/PACE.PICC Security roles – PACE/PICC protocol Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification: fulfilled FMT_SMR.1.1/ PACE.PICC The TSF shall maintain the roles281 (1) the roles defined in FMT_SMR.1, (2) PACE authenticated terminal, (3) none282. FMT_SMR.1.2/ PACE.PICC The TSF shall be able to associate users with roles. 335 FMT_MSA.1/Life Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset infor- mation flow control]: fulfilled FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MSA.1.1/ Life The TSF shall enforce the access control_MF_DF SFP, access control EF SFP, access rule TEF SFP, access rule SEF SFP and access con- trol key SFP283 to restrict the ability to (1) create284 all security attributes of the new object DF, Application, Application Dedicated File, EF, TEF and SEF285 to subjects al- lowed to execute the command LOAD APPLICATION for the MF, DF, Application or Application Dedicated File where the new ob- 281 [assignment: the authorized identified roles] 282 [assignment: additional authorized identified roles] 283 [assignment: access control SFP(s), information flow control SFP(s)] 284 [selection: change_default, query, modify, delete, [assignment: other operations]] 285 [assignment: list of security attributes] Security Target TCOS FlexCert/SLC52 93/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 ject is created286, (2) change284 the security attributes of the object MF, DF, Applica- tion, Application Dedicated File, EF, TEF and SEF287 by means of command LOAD APPLICATION to none288, (3) change284 the security attributes lifeCycleStatus to „Operational state (active)“285 to subjects allowed to execute the command ACTIVATE for the selected object286, (4) change284 the security attributes lifeCycleStatus to „Operational state (Deactivated)“285 to subjects allowed to execute the com- mand DEACTIVATE for the selected object286, (5) change284 the security attributes lifeCycleStatus to „Termination state”285 to subjects allowed to execute the command TERMINATE for the selected EF, the key object or the password object286, (6) change284 the security attributes lifeCycleStatus to „Termination state”285 to subjects allowed to execute the command TERMINATE DF for the selected DF, Application or Application Dedicated File286, (7) change284 the security attributes lifeCycleStatus to „Termination state”285 to subjects allowed to execute the command TERMINATE CARD USAGE286, (8) query284 the security attributes lifeCycleStatus by means of com- mand SELECT285 to ALWAYS allowed289 (9) delete284 all securityattributes of the selected object285 to sub- jects allowed to execute the command Delete for the selected ob- ject286 to none290. The subject logical channel is allowed to execute a command if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList, bitSecurityList, Session- keyContext of the subject meet the security attributes lifeCycleStatus, seIdentifier and interfaceDependentAccessRules of the affected object. 336 Application Note 52: The elements of the SFR are repeated as refinements to avoid iter- ations of the same SFR. The command LOAD APPLICATION allows to create new objects and does not allow an update of existing objects and their security attributes (cf. [EGK- COS, (N039.300)]). 337 FMT_MSA.1/SEF Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset infor- mation flow control]: fulfilled FMT_SMR.1 Securityroles: fulfilled 286 [assignment: the authorized identified roles] 287 [assignment: list of security attributes] 288 [assignment: the authorized identified roles]/[selection: none,subjects allowed executionof command LOAD APPLICATION for the MF, DF, Application, Applicationdedicated file where the object is updated] 289 [selection: ALWAYSallowed, [assignment:supported access control rules]] 290 [assignment: list of further security attributes with the authorizedidentifiedroles] Security Target TCOS FlexCert/SLC52 94/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MSA.1.1/ SEF The TSF shall enforce the access rule SEF SFP291 to restrict the abil- ity to (1) change292 the security attributes lifeCycleStatus of the selected record to “Operational state (active)” 293 to subjects allowed to execute the command ACTIVATE RECORD294, (2) change292 the security attributes lifeCycleStatus of the selected record to “Operational state (Deactivated)”293 to subjects al- lowed to execute the command DEACTIVATE RECORD294, (3) delete292 all securityattributes of the selected record293 to sub- jects allowed to execute the command DELETE RECORD294, (4) none295. The subject logical channel is allowed to execute a command if the security attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList, bitSecurityList, Ses- sionkeyContext of the subject meet the security attributes lifeCycleS- tatus, seIdentifier and interfaceDependentAccessRules of the affected object. 338 Application Note 53: The elements of the SFR are repeated to avoid iterations of the same SFR. 339 Application Note 54: The access rights can be described in FMT_MSA.1/SEF in more detail. The “authorized identified roles” could therefore be interpreted in a wide r scope including the context where the command is allowed to be executed. 340 FMT_MSA.3 Static attribute initialization Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes: fulfilled FMT_SMR.1 Securityroles: fulfilled FMT_MSA.3.1 The TSF shall enforce the access control MF_DF SFP, access con- trol EF SFP, access rule TEF SFP, access rule SEF SFP and ac- cess control key SFP296 to provide restrictive297 default values for security attributes that are used to enforce the SFP. After reset the security attributes of the subject are set as fol- lows (1) currentFolder is root, (2) keyReferenceList, globalSecurityList, globalPasswordList, dfSpecificSecurityList, dfSpecificPasswordList and bitSecurity- 291 [assignment: access control SFP(s), information flow control SFP(s)] 292 [selection: change_default, query, modify, delete, [assignment: other operations]] 293 [assignment: list of security attributes] 294 [assignment: the authorized identified roles] 295 [assignment: list of further security attributes with the authorizedidentifiedroles] 296 [assignment: access control SFP, information flow control SFP] 297 [selection choose one of: restrictive, permissive, [assignment: other property]] Security Target TCOS FlexCert/SLC52 95/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 List are empty, (3) SessionkeyContext.flagSessionEnabled is set to noSK, (4) seIdentifier is #1, (5) currentFile is undefined. FMT_MSA.3.2 The TSF shall allow the subjects allowed to execute the command LOAD APPLICATION298 to specify alternative initial values to override the default values when an object or information is created. 341 Application Note 55: The refinements provide rules for setting restrictive security attrib- utes after reset. 342 FMT_MSA.3/LC Static attribute initialization – Logical channel Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes: fulfilled FMT_ SMR.1 Security roles: fulfilled FMT_MSA.3.1/LCThe TSF shall enforce the Logical channel SFP299 to provide restric- tive300 default values for security attributes that are used to enforce the SFP. After a logical channel is opened the security attributes of the subject associated with this logical channel are set as fol- lows (1) currentFolder is root, (2) keyReferenceList, globalSecurityList, globalPasswordList, dfSpecificSecurityList, dfSpecificPasswordList, bitSecurityList are empty. (3) SessionkeyContext.flagSessionEnabled is set to noSK, (4) seIdentifier is #1, (5) currentFile is undefined. FMT_MSA.3.2/LCThe TSF shall allow the subjects allowed to execute the command LOAD APPLICATION301 to specify alternative initial values to override the default values when an object or information is created. 343 FMT_MTD.1/PIN Management of TSF data – PIN Hierarchical to: No other components. Dependencies: FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MTD.1.1/ PIN The TSF shall restrict the ability to (1) set new secret of the password objects by means of command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,00)302 to 298 [assignment: the authorized identified roles] 299 [assignment: access control SFP(s), information flow control SFP(s)] 300 [selection, choose one of: restrictive, permissive, [assignment: other property]] 301 [assignment: the authorized identified roles] Security Target TCOS FlexCert/SLC52 96/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 subjects successful authenticated with the old secret of this pass- word object303, (2) set new secret and change transportStatus to regularPassword of the password objects with transportStatus equal to Leer-PIN302 to subjects allowed to execute the command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,01)303, (3) set new secret of the password objects by means of the command RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,00)302 to sub- jects successfully authenticated with the PUC of this password object 303, (4) set new secret of the password objects by means of the command RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,02)302 to sub- jects allowed to execute the command RESET RETRY COUNTER with (CLA,INS,P1)= (00,2C,02)303. 344 Application Note 56: The elements of this SFR are repeated to avoid the iterations of the same SFR. 345 Application Note 57: The TOE providesaccess control to the commands depending on the object system. The refinements repeat the structure of the element in order to avoid iteration of the same SFR. The commands CHANGE REFERENCE DATA with (CLA,INS,P1) =(00,24,01) and RESET RETRY COUNTER (CLA,INS,P1)=(00,2C,02) set a new password without need of authentication by PIN or PUC. In order to prevent bypass of the human user authentication defined by the PIN or PUC the object system shall define access control to this command as required by the security needs of the specific application context, cf. OE.Resp-ObjS. 346 FMT_MSA.1/PIN Management of security attributes – PIN Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset infor- mation flow control]: fulfilled FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MSA.1.1/ PIN The TSF shall enforce the access control MF_DF SFP, access control EF SFP, access rule TEF SFP, access rule SEF SFP and access control key SFP304 to restrict the ability to (1) reset by means of the command VERIFY the security attributes retry counter of password objects305 to subjects successfully au- thenticated with the secret of this password object306, (2) reset by means of command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,00) the security attributes retry counter of password objects305 to subjectssuccessfully authenticated with 302 [assignment: other operations] 303 [assignment: the authorized identified roles] 304 [assignment: access control SFP(s), information flow control SFP(s)] 305 [assignment: other operations] 306 [assignment: the authorized identified roles] Security Target TCOS FlexCert/SLC52 97/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 the old secret of this password object306, (3) change by means of the command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,00) the securityattributes trans- portStatus from Transport-PIN to regularPassword305 to sub- jects allowed to execute the command CHANGE REFERENCE DA- TA with (CLA,INS,P1)=(00,24,00)306, (4) change by means of command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,01) the security attributes transportStatus from Leer-PIN to regularPassword305 to subjects allowed to ex- ecute the command CHANGE REFERENCE DATA with (CLA,INS,P1)=(00,24,01)306, (5) reset by means of command DISABLE VERIFICATION REQUIRE- MENT with (CLA,INS,P1)=(00,26,00) the security attributesretry counter of password objects305 to subjectssuccessfully authen- ticated with the old secret of this password object306, (6) reset by means of command ENABLE VERIFICATION REQUIREMENT with (CLA,INS,P1)=(00,28,00) the securityattributes retry coun- ter of password objects305 to subjects successful authenticated with the old secret of this password object306, (7) reset by means of command RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,00) or (CLA,INS,P1)=(00,2C,01) the se- curity attributes retry counter of password objects305 to subjects successful authenticated with the PUC of this password ob- ject306, (8) reset by means of command RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,02) or (CLA,INS,P1)=(00,2C,03) the se- curity attributes retry counter of password objects305 to subjects allowed to execute the command RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,02) or (CLA,INS,P1)=(00,2C,03)306, (9) query by means of command GET PIN STATUS the security attri- butes flagEnabled, retry counter, transportStatus305 to World306, (10)enable307 the security attributes flagEnabled requiring authenti- cation with the selected password308 to subjects authenticated with password and allowed to execute the command ENABLE VERIFICATION REQUIREMENT (CLA,INS,P1)=(00,28,00)306, (11)enable309 the security attributes flagEnabled requiring authenti- cation with the selected password310 to subjects allowed to exe- cute the command ENABLE VERIFICATION REQUIREMENT (CLA,INS,P1)=(00,28,01)306, (12) disable309 the security attributes flagEnabled requiring authenti- cation with the selected password310 to subjects authenticated with password and allowed to execute the command DISABLE VERIFICATION REQUIREMENT (CLA,INS,P1)=(00,26,00)306, (13) disable309 the security attributes flagEnabled requiring authenti- cation with the selected password310 to subjects allowed to exe- cute the command DISABLE VERIFICATION REQUIREMENT 307 [selection: change_default, query, modify, delete, [assignment: other operations]] 308 [assignment: list of security attributes] 309 [selection: change_default, query, modify, delete, [assignment: other operations]] 310 [assignment: list of security attributes] Security Target TCOS FlexCert/SLC52 98/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (CLA,INS,P1)=(00,26,01)306. 347 Application Note 58: The elements of the SFR are repeated to avoid iterations of the same SFR. 348 Application Note 59: The command DISABLE VERIFICATION REQUIREMENT can be used to disable the need to perform an authentication via password or Multi-Reference password in a specific context. The command ENABLE VERIFICATION REQUIREMENT can be used to enable the need to perform an authentication. The access rights to execute these com- mands can be limited to specific contexts. For example: The execution of DISABLE VERI- FICATION REQUIREMENT should not be allowed for signing applications. The command DISABLE VERIFICATION REQUIREMENT (CLA,INS,P1)=(00,26,01) allows to disable the veri- fication requirement with the PIN. The command ENABLE VERIFICATION REQUIREMENT (CLA,INS,P1)=(00,28,01) allows anybody to enable the verification requirement with the PIN. The commands RESET RETRY COUNTER with (CLA,INS,P1)=(00,2C,02) or (CLA,INS,P1)=(00,2C,03) allows to reset the RESET RETRY COUNTER without authentica- tion with PUC. In order to prevent bypass of the human user authentication defined by the PIN the object system shall define access control to these commands as required by the security needs of the specificapplication context, cf. OE.Resp-ObjS. 349 Application Note 60: The TOE providesaccess control to the commands depending on the object system. 350 FMT_MTD.1/Auth Management of TSF data – Authentication data Hierarchical to: No other components. Dependencies: FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MTD.1.1/ Auth The TSF shall restrict the ability to (1) import by means of command LOAD APPLICATION311 the root public keys to roles authorised to execute this command312, (2) import by means of command PSO VERIFY CERTIFICATE311 the root public keys to roles authorised to execute this command312, (3) import by means of command PSO VERIFY CERTIFICATE311 the certificates as device authentication reference data to roles au- thorized to execute this command312, (4) select by means of command MANAGE SECURITY ENVIRONMENT311 the device authentication reference data to roles authorized to ex- ecute this command313 314. The subject logical channel is allowed to execute a command if the se- curity attributes interface, globalPasswordList, globalSecurityList, dfSpecificPasswordList, dfSpecificSecurityList, bitSecurityList, Ses- sionkeyContext of the subject meet the security attributes lifeCycleSta- tus, seIdentifier and interfaceDependentAccessRules of the affected 311 [assignment: other operations] 312 [assignment: the authorized identified roles] 313 [selection: World, roles authorized to execute this command] 314 [assignment: the authorized identified roles] Security Target TCOS FlexCert/SLC52 99/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 object. 351 Application Note 61: The elements of the SFR are repeated to avoid iterations of the same SFR. If root public keys are imported according to clause (2) this public key will be stored in the applicationPublicKeyList or the persistentCache of the object system. 352 Application Note 62: The TOE providesaccess control to the commands depending on the object system. 353 FMT_MSA.1/Auth Management of security attributes – Authentication data Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset infor- mation flow control]: fulfilled FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MSA.1.1/ Auth The TSF shall enforce the access control key SFP315 to restrict the ability to query316 the security attributes access control rights set for the key317 to meet the access rules of command GET SECURITY STA- TUS KEY of the object dependent on lifeCycleStatus, seIdentifier and interfaceDependentAccessRules318. 354 FMT_MTD.1/NE Management of TSF data – No export Hierarchical to: No other components. Dependencies: FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MTD.1.1/NEThe TSF shall restrict the ability to (1) export TSF data according to FPT_ITE.2319the a. public authentication reference data, b. security attributes for objects of the object system, c. none320 to successfully authenticated Administrator321 (2) export TSF data according to FPT_ITE.2322 the none 323 to none324 315 [assignment: access control SFP(s), information flow control SFP(s)] 316 [selection: change_default, query, modify, delete, [assignment: other operations]] 317 [assignment: list of security attributes] 318 [assignment: the authorized identified roles] 319 [selection: change_default, query, modify, delete, [assignment: other operations]] 320 [assignment: list of security attributes] 321 [assignment: the authorized identified roles] 322 [selection: change_default, query, modify, delete, [assignment: other operations]] 323 [assignment: list of all TOE specific security attributes not described in COS specification [EGK-COS]] Security Target TCOS FlexCert/SLC52 100/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (3) export325 the following TSF data a. Password, b. Multi-Reference password, c. PUC, d. Private keys, e. Session keys, f. Symmetric authentication keys, g. Private authentication keys, h. none326, and the following user data i. Private keys of the user, j. Symmetric keys of the user, k. none327 to nobody328. 355 FMT_MTD.1/PACE.PICC Management of TSF data – PACE/PICC protocol Hierarchical to: No other components. Dependencies: FMT_SMR.1 Securityroles: fulfilled FMT_SMF.1 Specification of Management Functions: fulfilled FMT_MTD.1.1/ PACE.PICC The TSF shall restrict the ability to read329 the (1) SCCO used for PACE protocol in PICC role, (2) session keys of secure messaging channel established using PACE protocol in PICC role330 to none331. 356 Application Note 63: The derived session keys SM4SM shall be kept secret. 357 FMT_LIM.1/SICP Limited capabilities Hierarchical to: No other components. Dependencies: FMT_LIM.2 Limited availability: fulfilled by FMT_LIM.2. 324 [assignment: list of types of TSF data] 325 [selection: change_default, query, modify, delete, [assignment: other operations]] 326 [assignment: list of types of TSF data] 327 [assignment: list of security attributes] 328 [assignment: the authorized identified roles] 329 [assignment: other operations] 330 [assignment: list of TSF data] 331 [assignment: the authorized identified roles] Security Target TCOS FlexCert/SLC52 101/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FMT_LIM.1.1/ SICP The TSF shall be designed and implemented in a manner that limits their capabilities so that in conjunction with ‘Limited availability (FMT_LIM.2/SICP)’ the following policy is enforced: Deploying Test Features after TOE Delivery does not allow user data of the Compo- site TOE to be disclosed or manipulated, TSF data to be disclosed or manipulated, software to be reconstructed and no substantial infor- mation about construction of TSF to be gathered which may enable other attacks332. 358 FMT_LIM.2/SICP Limited availability Hierarchical to: No other components. Dependencies: FMT_LIM.1 Limited capabilities: fulfilled by FMT_LIM.1. FMT_LIM.2.1/ SICP The TSF shall be designed and implemented in a manner that limits its availability so that in conjunction with ‘Limited capabilities (FMT_LIM.1/SICP)’ the following policy is enforced: Deploying Test Features after TOE Delivery does not allow user data of the Compo- site TOE to be disclosed or manipulated, TSF data to be disclosed or manipulated, software to be reconstructed and no substantial infor- mation about construction of TSF to be gathered which may enable other attacks333. 6.1.8 Class FPT Protection of the Security Functions 359 The TOE shall prevent inherent and forced illicit information leakage for User Data and TSF-data. The security functional requirement FPT_EMS.1 addresses the inherent leak- age. With respect to the forced leakage they have to be considered in combination with the security functional requirements “Failure with preservation of secure state (FPT_FLS.1)” and “TSF testing (FPT_TST.1)” on the one hand and “Resistance to physi- cal attack (FPT_PHP.3)” on the other. The SFRs “Limited capabilities (FMT_LIM.1)”, “Limited availability (FMT_LIM.2)” and “Resistance to physical attack (FPT_PHP.3)” to- gether with the SAR “Security architecture description” (ADV_ARC.1) prevent bypassing, deactivation and manipulation of the security features or misuse of TOE functions. 360 FPT_EMS.1 TOE Emanation Hierarchical to: No other components. Dependencies: No dependencies. FPT_EMS.1.1 The TOE shall not emit power variations, timing variations during command execution334 in excess of non-useful information335 ena- bling access to following TSF data336 332 [assignment: Limited capability and availability policy] 333 [assignment: Limited capability and availability policy] 334 [assignment: types of emissions] 335 [assignment: specified limits] Security Target TCOS FlexCert/SLC52 102/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (1) Regular password, (2) Multi-Reference password, (3) PUC, (4) Session keys, (5) Symmetric authentication keys, (6) Private authentication keys, (7) none337 and the following user data338 (8) Private asymmetric keys, (9) Symmetric keys, (10) none339. FPT_EMS.1.2 The TSF shall ensure any users340 are unable to use the following interface circuit interfaces341 to gain access to the following TSF da- ta342 (1) Regular password, (2) Multi-Reference password, (3) PUC, (4) Session keys, (5) Symmetric authentication keys, (6) Private authentication keys, (7) none343 and the following user data344 (8) Private asymmetric keys (9) Symmetric keys (10) none345. 361 FPT_EMS.1/PACE.PICC TOE Emanation – PACE/PICC protocol Hierarchical to: No other components. Dependencies: No dependencies. FPT_EMS.1.1/ PACE.PICC The TOE shall not emit power variations, timing variations during command execution346 in excess of non-useful information347 ena- bling access to348 336 [assignment: list of types of TSF data] 337 [assignment: list of additional types of TSF data] 338 [assignment: list of types of user data] 339 [assignment: list of additional types of user data] 340 [assignment: type of users] 341 [assignment: type of connection] 342 [assignment: list of types of (further) TSF data] 343 [assignment: list of additional types of TSF data] 344 [assignment: list of types of user data] 345 [assignment: list of additional types of user data] 346 [assignment: types of emissions] 347 [assignment: specified limits] 348 [assignment: list of types of TSF data] Security Target TCOS FlexCert/SLC52 103/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 (1) Symmetric Card Connection Object (SCCO), (2) PACE session keys, (3) any ephemeral secret having been generated during DH key exchange, (4) any object listed in FPT_EMS.1 (5) none349 and none 350. FPT_EMS.1.2/ PACE.PICC The TSF shall ensure any users351 are unable to use the following interface the contactless interface and circuit contacts352 to gain ac- cess to353 (1) Symmetric Card Connection Object (SCCO), (2) PACE session keys, (3) any ephemeral secret having been generated during DH key exchange, (4) any object listed in FPT_EMS.1 (5) none354 and none355. 362 FPT_TDC.1 Inter-TSF basic TSF data consistency Hierarchical to: No other components. Dependencies: No dependencies. FPT_TDC.1.1 The TSF shall provide the capability to consistently interpret Card Verifiable Certificate (CVC) 356 when shared between the TSF and another trusted IT product.. FPT_TDC.1.2 The TSF shall use [EGK-COS], section 7.1 “CV-Certificates for RSA keys” (if the RSA-based CVC functionality according to Op- tion_RSA_CVC357 in [EGK-COS] is supported by the TOE), [EGK- COS], section 7.2 “CV-Certificates for ELC keys” when interpreting the TSF data from another trusted IT product. 363 FPT_ITE.1 Export of TOE implementation Fingerprint Hierarchical to: No other components. Dependencies: No dependencies. 349 [assignment: list of additional types of TSF data] 350 [assignment: list of types of user data] 351 [assignment: type of users] 352 [assignment: type of connection] 353 [assignment: list of types of (further) TSF data] 354 [assignment: list of additional types of TSF data] 355 [assignment: list of types of user data] 356 [assignment: list of TSF data types] 357 Note that the option Option_RSA_CVC was removed in the current version of [EGK-COS]. The present TOE does not support this option neither Security Target TCOS FlexCert/SLC52 104/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FPT_ITE.1.1 The TOE shall export fingerprint of TOE implementation given the following conditions execution of the command FINGERPRINT [EGK- COS358. FPT_ITE.1.2 The TSF shall use359 CMAC based fingerprint of the TOE implemen- tation using AES128 with cryptographic key size128 bit that meet the following standard NIST [SP800-38B]360 for the exported data. 364 Application Note 64: The command FINGERPRINT calculates CMAC based fingerprint over the complete executable code actually implemented by the TOE. The TOE imple- mentation includes IC Dedicated Support Software, the Card Operating System and ap- plication specific code loaded on the smartcard by command LOAD CODE or similar means. The hash function respective the CMAC based calculation uses the prefix send in the command FINGERPRINT for “fresh” fingerprints over all executable code, i.e. no precomputed values over fixed parts of the code only. 365 FPT_ITE.2 Export of TSF data Hierarchical to: No other components. Dependencies: No dependencies. FPT_ITE.2.1 The TOE shall export361 (1) all public authentication reference data, (2) all security attributes of the object system and of all objects of the object system for all commands, (3) none362 given the following conditions (1) no export of secret data, (2) no export of private keys, (3) no export of secure messaging keys, (4) no export of passwords and PUC363. FPT_ITE.2.2 The TSF shall use binary TLV encoding364 for the exported data. 366 Application Note 65: The public TSF data addressed as TSF data in bullet (1) in the el- ement FPT_ITE.2.1 covers at least all root and other public keys used as authentication reference data persistent stored in the object system (cf. applicationPublicKeyList and PersistentCache) and exported by command LIST PUBLIC KEY (cf. [EGK-COS], persis- tentPublicKeyList in [EGK-COS] and [EGK-WRP], applicationPublicKeyList and Persis- tentCache in [EGK-COS]). The bullet (2) in the element FPT_ITE.2.1 covers all security 358 [assignment: conditions for export] 359 [assignment: list of generation rules to be appliedby TSF] 360 [selection: SHA-256 basedfingerprint of the TOE implementation, SHA-384 based fingerprint of the TOE implementa- tion, SHA-512 based fingerprint of the TOE implementation, CMAC based fingerprint of the TOE implementationusing [selec- tion: AES128, AES-192, AES-256]with cryptographic key size [selection: 128, 192, 256] bit that meet the followingstandard [selection:FIPS180-4, SP800-38B]/[assignment: list of generation rules to be appliedby the TSF] 361 [assignment: list of types of TSF data] 362 [assignment: list of all TOE specific security attributes not described in COS specification [EGK-COS]] 363 [assignment: conditions for export] 364 [assignment: list of encoding rules to be applied by TSF] Security Target TCOS FlexCert/SLC52 105/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 attributes of the object system (cf. [EGK-COS], (N019.900), [EGK-WRP], objectLocator (E0) and of all objects with types listed in Table 14 and all TOE specific security attrib- utes and parameters (except secrets). The COS specification [EGK-COS] identifies op- tional functionality the TOE may support. The TOE (as COS, wrapper and guidance documentation) provides to the user the command GET CARD INFO to find all objects and to export all security attributes of these objects. Note while MF, DF and EF are hierarchi- cally structured the Application and Application Dedicated File are directly referenced in the object system. Note the listOfApplication as security attribute of the object system contains at least one applicationIdentifier of each Application or Application Dedicated File (cf. [EGK-WRP]). The exported data will be encoded by wrapper to allow interpreta- tion of the TSF data. The encoding rules meet the requirements of the Technical Guid- ance describing the verification tool used for examination of the object system against the specification of the objectsystem ([TR3143]). 367 FPT_ITE.2/PACE Export of TSF data PACE – protocol Hierarchical to: No other components. Dependencies: No dependencies. FPT_ITE.2.1/PAC E The TOE shall export365 (1) the public TSF data as defined in FPT_ITE.2.1 given the following conditions (1) conditions as defined in FPT_ITE.2.1, (2) no export of the SCCO366. FPT_ITE.2.2/PAC E The TSF shall use binary TLV encoding367 for the exported data.. 368 FPT_FLS.1 Failure with preservation of secure state Hierarchical to: No other components. Dependencies: No dependencies. FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of failures occur: (1) exposure to operating conditions where therefore a malfunction could occur, (2) failure detected by TSF according to FPT_TST.1368. 369 FPT_FLS.1/SICP Failure with preservation of secure state Hierarchical to: No other components. 365 [assignment: list of types of TSF data] 366 [assignment: conditions for export] 367 [assignment: list of encoding rules to be applied by TSF] 368 [assignment: list of types of failures in the TSF] Security Target TCOS FlexCert/SLC52 106/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Dependencies: No dependencies. FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of failures occur: exposure to operating conditions which may not be tolerated according to the requirement Limited fault tolerance (FRU_FLT.2/SICP) and where therefore a malfunction could occur4. 369. 370 Refinement: The term “failure” above also covers “circumstances”. The TOE prevents failures for the “circumstances” defined above. 371 FPT_ITT.1/SICP Basic internal TSF data transfer protection Hierarchical to: No other components. Dependencies: No dependencies FPT_ITT.1.1/SICPThe TSF shall protect TSF data from disclosure370 when it is trans- mitted between separate parts of the TOE. 372 Application Note 66: The different memories, the CPU and other functional units of the TOE (e.g. a cryptographic co-processor) are seen as separated parts of the TOE. 373 This requirement is equivalent to FDP_ITT.1 above but refers to TSF data instead of User Data. It refers to the same Data Processing Policy defined under FDP_IFC.1 above. 374 FPT_PHP.3/SICP Resistance to physical attack Hierarchical to: No other components. Dependencies: No dependencies FPT_PHP.3.1/ SICP The TSF shall resist physical manipulation and physical probing371 to the TSF372 by responding automatically such that the SFRs are al- ways enforced. 375 Application Note 67: The TOE will implement appropriate measures to continuously counter physical manipulation and physical probing. Due to the nature of these attacks (especially manipulation) the TOE can by no means detect attacks on all of its elements. Therefore,permanent protection against these attacks is required ensuring that the TSP could not be violated at any time. Hence, ‘automatic response’ means here (i) assuming that there might be an attack at any time and (ii) countermeasures are provided at any time. 369 [assignment: list of types of failures in the TSF] 370 [selection: disclosure, modification, loss of use] 371 [assignment: physical tampering scenarios] 372 [assignment: list of TSF devices/elements] Security Target TCOS FlexCert/SLC52 107/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 376 FPT_TST.1 TSF Testing Hierarchical to: No other components. Dependencies: No dependencies FPT_TST.1.1 The TSF shall run a suite of self tests during initial start-up373 to demonstrate the correct operation of the TSF374. FPT_TST.1.2 The TSF shall provide authorized users with the capability to verify the integrity of TSF data375. FPT_TST.1.3 The TSF shall provide authorized users with the capability to verify the integrity of TSF376. 6.1.9 Class FRU Resource Utilisation 377 FRU_FLT.2/SICP Fault tolerance Hierarchical to: FRU_FLT.2 Dependencies: FPT_FLS.1 Failure with preservation of secure state: fulfilled FRU_FLT.2.1/ SICP The TSF shall ensure the operation of all the TOE’s capabilities when the following failures occur: exposure to operating conditionswhich are not detected according to the requirement Failure with preservation of secure state (FPT_FLS.1/SICP)377. 6.1.10 Class FTP Inter-TSF trusted channel 378 FTP_ITC.1/TC Inter-TSF trusted channel Hierarchical to: No other components. Dependencies: No dependencies FTP_ITC.1.1/TC The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communi- cation channels and provides assured identification of its end points and protection of the channel data from modification or disclosure. 373 [selection: during initial start-up, periodically during normal operation, at therequest of theauthorized user, at the condi- tions [assignment: conditions under which self test should occur]] 374 [selection: [assignment: parts of TSF], the TSF] 375 [selection: [assignment: parts of TSF data], TSF data] 376 [selection: [assignment: parts of TSF], TSF] 377 [assignment: list of types of failures] Security Target TCOS FlexCert/SLC52 108/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 FTP_ITC.1.2/TC The TSF shall permit another trusted IT product378 to initiate communi- cation via the trusted channel. FTP_ITC.1.3/TC The TSF shall initiate379 communication via the trusted channel for none380. 379 Application Note 68: The TOE responds only to commands establishing secure messag- ing channels. 380 FTP_ITC.1/PACE.PICC Inter-TSF trusted channel – PACE/PICC Hierarchical to: No other components. Dependencies: No dependencies FTP_ITC.1.1/ PACE.PICC The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communi- cation channels and provides assured identification of its end points and protection of the channel data from modification or disclosure. FTP_ITC.1.2/ PACE.PICC The TSF shall permit another trusted IT product381 to initiate communi- cation via the trusted channel. FTP_ITC.1.3/ PACE.PICC The TSF shall initiate enforce382 communication via the trusted chan- nel for data exchange between the TOE and the external user if re- quired by access control rule of the object in the object system383. 381 Application Note 69: The trusted IT product is the terminal. The TOE enforces the trust- ed channel by means of PACE protocol after establishing a communication channel and reading the ATS. 6.2 Security Assurance Requirements for the TOE 382 The assurance requirements for the evaluation of the TOE, its development and ope- rating environment are to choose as the predefined assurance package EAL4 augmen- ted by the following components: ▪ ALC_DVS.2 (Sufficiency of security measures), ▪ ATE_DPT.2 (Testing: security enforcing modules) and ▪ AVA_VAN.5 (Advanced methodical vulnerability analysis). 378 [selection: the TSF, another trustedIT product] 379 Refinement: The trusted IT product is the terminal. The word “initiate” is changed to “enforce”, because the TOE is a passive device that cannot initiate any communication, but can enforce secured communication if required for an object of the object system and the TOE can close the trusted channel after integrity violation of a received command. 380 [assignment: list of functions for which a trusted channel is required] 381 [selection: the TSF, another trustedIT product] 382 Refinement: The trusted IT product is the terminal. The word “initiate” is changed to “enforce”, as the TOE is a passive device that cannot initiate any communication. All communicationis initiated by the Terminal, and the TOE enforces thetrusted channel. 383 [assignment: list of functions for which a trusted channel is required] Security Target TCOS FlexCert/SLC52 109/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 383 The Protection Profiles BSI-CC-PP0084 [PP0084] and BSI-CC-PP0082 [PPCOS, chap. 6.2.1] define refinements to the TOE Assurance Requirements which are considered by the TOE Developer under the corresponding assurance packages. 6.3 Security Requirements Rationale 384 A detailed justification required for suitability of the security functional requirements to achieve the security objectives is given in the PP ([PPCOS, chap. 6.3.1]) and is there- fore not repeated here. 6.3.1 Rationale for SFR’s Dependencies 385 The following table providesan overview for security functional requirements coverage also giving an evidence for sufficiency and necessity of the SFRs chosen. It uses the Tables 24, 28, 31 and 33 from ([PPCOS, chap. 6.3.1]). Note that the SFRs and objec- tives related to BSI-CC-PP-0084-2014 ([PP0084]) are not duplicated here. O.Integrity O.Confidentiality O.Resp-COS O.TSFDataExport O.Authentication O.AccessControl O.KeyManagement O.Crypto O.SecureMessaging O.Trustedchannel O.PACE_CHIP O.Logicalchannel PP Basic Requirements FDP_RIP.1 x FDP_SDI.2 x FPT_FLS.1 x x FPT_EMS.1 x FPT_TDC.1 x FPT_ITE.1 x FPT_ITE.2 x FPT_TST.1 x x x FIA_SOS.1 x FIA_AFL.1/PIN x FIA_AFL.1/PUC x FIA_ATD.1 x FIA_UAU.1 x FIA_UAU.4 x FIA_UAU.5 x FIA_UAU.6 x FIA_UID.1 x FIA_API.1 x FMT_SMR.1 x x FIA_USB.1 x x FDP_ACC.1/MF_DF x FDP_ACF.1/MF_DF x FDP_ACC.1/EF x FDP_ACF.1/EF x FDP_ACC.1/TEF x FDP_ACF.1/TEF x FDP_ACC.1/SEF x Security Target TCOS FlexCert/SLC52 110/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 O.Integrity O.Confidentiality O.Resp-COS O.TSFDataExport O.Authentication O.AccessControl O.KeyManagement O.Crypto O.SecureMessaging O.Trustedchannel O.PACE_CHIP O.Logicalchannel FDP_ACF.1/SEF x FDP_ACC.1/KEY x x FDP_ACF.1/KEY x x FMT_MSA.3 x FMT_SMF.1 x FMT_MSA.1/Life x x x FMT_MSA.1/SEF x FMT_MTD.1/PIN x x FMT_MSA.1/PIN x x FMT_MTD.1/Auth x x FMT_MSA.1/Auth x x FMT_MTD.1/NE x x FCS_RNG.1 x x FCS_RNG.1/GR x x FCS_COP.1/SHA x FCS_COP.1/COS.AES x x FCS_CKM.1/AES.SM x x x FCS_CKM.1/RSA x x FCS_CKM.1/ELC x x FCS_COP.1/COS.RSA.S x FCS_COP.1/COS.CMAC x x FCS_COP.1/COS.ECDSA.S x FCS_COP.1/COS.ECDSA.V x FCS_COP.1/COS.RSA x FCS_COP.1/COS.ELC x FCS_CKM.4 x FTP_ITC.1/TC x Crypto Box package FIA_API.1/CB x FIA_UAU6/CB x FIA_USB.1/CB x FCS_COP.1/CB.AES x x FCS_COP.1/CB.CMAC x x FCS_COP.1/CB.ELC x FCS_COP.1/CB.RSA x Package Contactless FCS_CKM.1/DH.PACE.PICC x x FCS_CKM.4/PACE.PICC x x FCS_COP.1/PACE.PICC.ENC x x FCS_COP.1/PACE.PICC.MAC x x FCS_RNG.1/PACE x x FDP_RIP.1/PACE.PICC x x FIA_UAU.1/PACE x x x FIA_ATD.1/PACE x x x FIA_USB.1/PACE.PICC x x x FIA_UAU.4/PACE.PICC x x x FIA_UAU.5/PACE.PICC x x FIA_UAU.6/PACE.PICC x x Security Target TCOS FlexCert/SLC52 111/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 O.Integrity O.Confidentiality O.Resp-COS O.TSFDataExport O.Authentication O.AccessControl O.KeyManagement O.Crypto O.SecureMessaging O.Trustedchannel O.PACE_CHIP O.Logicalchannel FIA_UID.1/PACE x x x FPT_EMS.1/PACE.PICC x x x FDP_UCT.1/PACE x FDP_UIT.1/PACE x FMT_SMR.1/PACE.PICC x x x FMT_MTD.1/PACE.PICC x x x FPT_ITE.2/PACE x x FTP_ITC.1/PACE.PICC x x x Package Logical channel FCS_RNG.1/GR x x FIA_USB.1/LC x x FDP_ACC.1/LC x x FDP_ACF.1/LC x x FMT_MSA.3/LC x x Package RSA Key Generation FCS_CKM.1/RSA x x Table 17: SFR coverage 386 The dependencyanalysis for the security functional requirements given in Tables 25, 29, 32 and 34 of the Protection Profile [PPCOS] shows that the mutual support and internal consistency between all defined functional requirements is satisfied or justified. 6.3.2 Security Assurance Requirements Rationale 387 The assurance package of the Protection Profile was chosen based on the pre-defined assurance package EAL4. This package permits to gain maximum assurance from posi- tive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other re- sources. EAL4 is the highest level, at which it is likely to retrofit to an existing product line in an economically feasible way. EAL4 is applicable in those circumstances where users require a moderate to high level of independently assured securityin conventional commodity TOEs and are prepared to incur additional security specific engineering costs. 388 The selection of the component ALC_DVS.2 provides a higher assurance of the security of the travel document’s development and manufacturing especially for the secure han- dling of the travel document’s material. 389 The selection of the component ATE_DPT.2 provides a higher assurance than the pre - defined EAL4 package due to requiring the functional testing of SFR-enforcing modules. It is required in the Protection Profile BSI-CC-PP-0084-2014 [PP0084] and is therefore included in this ST. 390 The selection of the component AVA_VAN.5 provides a higher assurance of the security by vulnerability analysis to assess the resistance to penetration attacks performed by an attacker possessing a high attack potential. Security Target TCOS FlexCert/SLC52 112/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 391 The set of assurance components being part of EAL4 fulfils all dependencies a priori. 392 The component ALC_DVS.2 has no dependencies. 393 The component ATE_DPT.2 has the following dependencies: ADV_ARC.1, ADV_TDS.3 and ADV_FUN.1. All of these are met or exceeded in the EAL4 assurance package. 394 The component AVA_VAN.5 has the following dependencies: ADV_ARC.1, ADV_FSP.4, ADV_TDS.3, ADV_IMP.1, AGD_OPE.1, AGD_PRE.1, and ATE_DPT.1. All of these are met or exceeded in the EAL4 assurance package. 395 Note that the Protection Profiles BSI-CC-PP-0084-2014 [PP0084] and BSI-PP-0082 [PPCOS] refined the Security Assurance Requirements ALC_DEL, ALC_DVS, ALC_CMS, ALC_ CMC, ADV_ARC, ADV_FSP, ATE_COV, AGD_OPE, AVA_VAN, ATE_FUN, and ATE_ IND. They are all considered for the TOE. Security Target TCOS FlexCert/SLC52 113/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 7 TOE Summary Specification 396 This section presents an overview of the security functionalities implemented by the TOE and the assurance measures applied to ensure their correct implementation. 397 According to the SFRs the TOE provides the following functionalities • General protection of User data and TSF data • Identification and authentication • Access control • Cryptographic functions • Protection of communication • Accuracy of the TOE security functionality /Self-protection 7.1 General Protection of User Data and TSF Data 398 According to the SFRs FDP_ACC.1 and FDP_ACF.1 and their iterations the access to User Data is restricted by defined rules laid down in the certified object system. The de- tails can be found in the corresponding SFPs. Note that the TOE enforces these access rules, but there is no a priori protection of a said object. The access rights may be pro- vided by certificates. The TOE is able to interpret these certificates accordingly (FPT_TDC.1). 399 The TOE provides an export functionality for non-sensitive but important User data and TSF data. The FINGERPRINT command allows the check of the TSF implementation, the export using the wrapper tool allows to check the access rules of an implemented object system (FPT_ITE.1, FPT_ITE.2,FPT_ITE.2/PACE). The TOE runsself tests during ini- tial start-up to ensure the correct function of the TSF (FPT_TST.1). 400 Residual information of sensitive data in previously used resources will not be available after its usage (FDP_RIP.1, FDP_RIP.1/PACE.PICC). Session keys and message au- thentication keys will be destroyed after reset or termination of the secure messaging channel (FCS_CKM.4). The TOE hidesthe correlation of power or timing variations and the command execution accessing sensitive user data as different keys and passwords (FPT_EMS.1, FPT_EMS.1/PACE.PICC). In case of a malfunction, operating errors or in- tegrity check failures (FDP_SDI.2) the TOE enters a secure state (FPT_FLS.1, FPT_\ FLS.1/SICP). This is supported by the functional services of the hardware. 401 The TOE executes self tests (FPT_TST.1) to demonstrate the correct operation of the TSF and its confidentiality protection capabilities. In case of failures, FPT_FLS.1 re- quires the preservation of a secure state in order to protect the user data, TSF data and security services. 7.2 Identification and Authentication 402 The protocols for identification and authentication of users and devices is described in the COS Specification [EGK-COS]. The roles assigned after successful authentication are listed in FMT_SMR.1 and FMT_SMR.1/PACE.PICC. Security Target TCOS FlexCert/SLC52 114/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 403 The security and the reliability of the identification and authentication are supported by the correct key agreement (FIA_UAU.1, FIA_UAU.4, FIA_UAU.5 and FIA_UAU.6) and the quality of random numbers (FCS_RNG.1). Thisconcerns also the authentication via the contactless interface (FIA_UAU.1/PACE, FIA_UAU.4/PACE.PICC, FIA_UAU.5/ PACE.PICC and FIA_UAU.6/PACE.PICC). As the authentication state is left, the session keys cannot be used anymore (FCS_CKM.4). 404 User is authenticated with means of PINs and PUCs, which are bounded by correspond- ing failure or usage counters (FIA_AFL.1/PIN, FIA_AFL.1/PUC, FIA_SOS.1). Device is authenticated by using a correct key derived from the provided certificate and the au- thentication context (FIA_USB.1, FIA_USB.1/PACE.PICC and FIA_USB.1/LC). 405 Before a user or device is identified only dedicated commands can be executed. This is supported by FIA_UID.1 and FIA_UID.1/PACE. 406 The TOE maintains security attributes according to FIA_ATD.1 and FIA_ATD.1/PACE beside the identity of user and device. 407 The authentication commands are implemented as required by the COS Specification [EGK-COS](FIA_API.1). 7.3 Access Control 408 The access to User Data is restricted according to the different iterations of the SFRs FDP_ACC.1 and FDP_ACF.1. 409 The access to the TOE security functions and the TSF data is controlled by the function- ality of the class FMT (FMT_SMF.1, FMT_MSA.1/Life, FMT_MSA.1/SEF, FMT_MSA.1/ PIN, FMT_MSA.1/Auth, FMT_MSA.3, FMT_MSA.3/LC). 410 The management of the authentication data and corresponding security attributes is im- plemented according [EGK-COS] (FMT_MTD.1/Auth, FMT_MTD.1/PACE.PICC, FMT_\ MTD.1/PIN, FIA_SOS.1). The TOE disallows the export of session and authentication keys, passwords and other sensitive user and TSF data specified as such in the object system (FMT_MTD.1/NE). Note that the TOE enforces the access rights of elements of the object system, i.e. data specified as unprotected will be exposed by the TOE. For de- tails refer to the Administrator's Guidance [TCOSGD]. 7.4 Cryptographic Functions 411 The TOE provides a hybrid deterministic random number generator of class DRG.4 ac- cording to [AIS31] (FCS_RNG.1, FCS_RNG.1/PACE). It is based on a random number generator of class PTG.2 provided by the hardware (FCS_RNG.1/SICP). Note that a generator of class PTG.2 is unpredictable but may have a small bias. The random num- ber returned in the GET RANDOM command is based on this PTG.2 (FCS_RNG.1/GR), but additionally an extra post-processing algorithm is applied, which does not reduce the entropy of the input but removes any bias. The random numbers used in the PACE pro- tocol (FCS_RNG.1/PACE) and by the GET CHALLENGE command are generated by the implemented random number generator of class DRG.4. 412 The TOE implements cryptographic checksum functions, including hash functions used for signature verification and key derivation (FCS_COP.1/SHA) and message authenti- cation codes (MACs) addressed by (FCS_COP.1/COS.CMAC, FCS_COP.1/CB.CMAC, FCS_COP.1/PACE.PICC.MAC). Security Target TCOS FlexCert/SLC52 115/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 413 The TOE provides the symmetric encryption algorithm AES with standardized key lengths of 128, 192 and 256 bits (FCS_COP.1/COS.AES, FCS_COP.1/CB.AES, FCS_\ COP.1/PACE.PICC.ENC, FCS_CKM.1/AES.SM). 414 The TOE implements asymmetric crypto algorithms used for encryption/decryption, key agreement and digital signatures based on RSA (FCS_CKM.1/RSA, FCS_COP.1/COS. RSA, FCS_COP.1/CB.RSA, FCS_COP.1/COS.RSA.S) and elliptic curves (FCS_CKM.1/ELC, FCS_CKM.1/DH.PACE.PICC, FCS_COP.1/COS.\ ECDSA.S, FCS_COP.1/COS.ECDSA.V, FCS_COP.1/COS.ELC, FCS_COP.1/CB.ELC). The selec- tion of the curve used for ECC based algorithm might be a security issue. The TOE sup- ports only the curves defined in [ECCTR] and [FIPS186], that are required by [EGK- COS]. 415 Cryptographic keys are explicitly deleted by overwriting the memory data with zeros or random numbers, e.g. the new key according to FCS_CKM.4 and FCS_CKM.4/PACE. 7.5 Protection of Communication 416 The secure data exchange in a trusted channel is required by FTP_ITC.1/PACE.PICC and FTP_ITC.1/TC. It is supported by cryptographic operations. The TOE enforces a protected communication over the contactless interface by means of the PACE protocol. It is supported by FDP_UCT.1/PACE and FDP_UIT.1/PACE. 417 The randomness of the parameters of the PACE protocol is guaranteed by the RNG class DRG.4 (FCS_RNG.1/PACE). 418 The strength of algorithms for ensuring confidentiality and integrity is supplied by FCS_COP.1/PACE.PICC.ENC and FCS_COP.1/PACE.PICC.MAC. 7.6 Accuracy of the TOE security functionality /Self-protection 419 The operating system of the TOE protects the securityfunctionality of the TOE as soon as it installed during Installation Phase. The TOE will not emit physical or logical data in- formation on security User Data outside the secure channels controlled by the operating system (FPT_EMS.1). User data (FDP_ITT.1/SICP) and TSF data (FPT_ITT.1/ SICP) are protected by the TOE if processed or transferred within different parts of the TOE according to the TOE Data Processing Policy (FDP_IFC.1/SICP). User data is protected by the Hardware while it is stored in the TOE (FDP_SDC.1/SICP, FDP_SDI.2/SICP). 420 The TOE will resist physical manipulation and probing (FPT_PHP.3/SICP) and enter a secure state in case a failure occurs (FPT_FLS.1, FPT_FLS.1/SICP). This functionality is supported also by the hardware, which was approved in a separate evaluation process. 421 To protect the TOE against malfunction the operating conditions must be in the tolerated ranges which is ensured by FRU_FLT.2/SICP. 422 Dedicated test software is no more available after the TOE is finished (FMT_LIM.1/SICP, FMT_LIM.2/SICP). These functionsare disabled for the TOE. 423 During TOE manufacturing the chip hardware providesmeans to store Initialization Data to identify the hardware. This is supported by FAU_SAS.1/SICP. Security Target TCOS FlexCert/SLC52 116/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 7.7 TOE SFR Statements 424 For the sake of completeness, the TOE Summary Specification of the previous sections is re-ordered once again. All the TOE SFR statements are listed and it is described how they are fulfilled by the TOE. If appropriate, then requirements are handled together to avoid needless text duplication. 425 FDP_RIP.1, FDP_RIP.1/PACE.PICC: Residual information of password objects, crypto- graphic keys static or ephemeral, session keys are deleted explicitly by overwriting with zeros or random numbers, e.g. the new key after de-allocation of the resource. If the se- curity attributes are reset by the TSF, e.g. after a session is closed, the references to the keys become invalid and additionally the memory data is deleted. 426 FDP_SDI.2: The TSF monitor sensitive user data as PIN and key objects for hardware errors by check sums (error detection codes) and hardware functionality. As soon as an error occur the TOE enters a secure state. This requirement is supported by the Memory Access Control Policy of the hardware and the corresponding SFRs of the TOE’s hard- ware (FDP_ACC.1, FDP_ACF.1) [HWST]. 427 FPT_FLS.1, FPT_FLS.1/SICP: If the TOE is exposed to external conditions out of de- fined ranges or other malfunction occur the TOE enters a secure state. This is supported by TSFs provided by the hardware (cf. [HWST, FPT_FLS.1, FPT_PHP.3, FPT_TST.2). The TOE supports “roll back” and “roll forward” in case of power-off eventsor data loss in communication. A low system frequency sensor is implemented to prevent the TOE from single stepping. Induced errors will be recognized by the hardware and reset is generated. 428 FPT_EMS.1, FPT_EMS.1/PACE.PICC: Both require that the TOE does not emit any information of sensitive user data and TSF data by emissions and via circuit interfaces. This is supported by the SecurityFeature “Protection against Snooping” of the hardware (cf. [HWST, SF_PS) and the secure access and processing of sensitive User and TSF data. 429 FPT_TDC.1: Card verifiable certificates (CVC) must be interpreted consistently to assign the intended rights to the corresponding card holders. This is supported by the TOE im- plementing the corresponding communication protocols which include signature verifica- tion and padding and format checking (cf. [EGK-COS, chap. 7]). 430 FPT_ITE.1, FPT_ITE.2,FPT_ITE.2/PACE: The export of dedicated TSF data is neces- sary to select a communication protocol with a dedicated algorithm. Confidential data is never exported. This is enforced by the TOE’s access rules. The FINGERPRINT command provides the capability to verify the correctness of the TSF implementation of the TOE. It uses the approved CMAC mechanism as required by [PPCOS]. 431 FPT_TST.1: Self tests during start-up demonstrate the correct operation of the TSF and its protection functions. In addition, the TOE’s hardware provides an automated continu- ous user transparent testing of certain functions. 432 FIA_AFL.1/PIN, FIA_SOS.1:The TOE detects unsuccessful authentication attempts in a row with the PIN and blocks the authentication procedure after a defined number is reached. After a successful authentication the counter is reset to its initial value. The TOE enforces assigned minimal length of the PIN. The maximal length restriction is sup- ported by the TOE. It is not a security but an interoperability requirement. Note that these requirements concern the password objectsonly. The authentication data used for Administrator’s authentication is outside their scope and is therefore not restricted by the Security Target TCOS FlexCert/SLC52 117/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 given value of maximumLength. According to [TCOSGD] the Administrator’s authentica- tion data has an entropy of at least 128 bit. 433 FIA_AFL.1/PUC: The TOE counts authentication attempts with the PUC and blocks the corresponding authentication procedure after a defined number is reached. Note that if the PUC is bound to a usage counter by the object systems the TOE will not reset this counter. 434 FIA_ATD.1, FIA_ATD.1/PACE: The TSF maintain the authentication state gained by dedicated security attributes belonging to individual users and devices. This functionality is supported by the COS and is therefore independent of the installed object system. 435 FIA_UAU.1, FIA_UAU.1/PACE: Dedicated actions are allowed or required before the user is authenticated. Any other action requires authentication. This is laid down in the access rules of object system and will be enforced by the COS. 436 FIA_UAU.4, FIA_UAU.4/PACE.PICC: Authentication data cannot be reused. The TSF require the complete protocol to be executed. Ephemeral keys will be deleted according to FDP_RIP.1. 437 FIA_UAU.5, FIA_UAU.5/PACE.PICC: Dedicated commands as given in these SFRs provide the authentication of users by the TOE. Users are authenticated by password objects (PIN), devices by the different AUTHENTICATION commands. The authentication state is maintained by secure messaging channel. If an authentication error occur the authentication state will be reset. Note that the Administrator’s authentication bases on a secure messaging as well. The first FORMAT command must be sent always in a secured channel that is setup by the Manufacturer. This is supported by the COS and cannot be changed by the object system. 438 FIA_UAU.6, FIA_UAU.6/CB, FIA_UAU.6/PACE.PICC: As long as the secure messaging channel is kept, the TOE re-authenticates the message sender. Any command breaking the secure messaging channel, being either not authentic or wrong formatted after de- cryption will reset the authentication status. The Crypto Box SFR requires that authenti- cation uses the trusted channel. 439 FIA_UID.1, FIA_UID.1/PACE: Dedicated actions are allowed, e.g. reading the ATR, or required before the user is identified. Any other action requires identification. This is laid down in the access rules of object system and is enforced by the COS. Note that the ac- cess rules for terminated objects are fixed in the COS and cannot by changed by any object system. 440 FIA_API.1, FIA_API.1/CB: Dedicated commands as given in these SFRs provide the authentication of the TSF and the TOE itself. The Crypto Box SFR requiresthat authen- tication uses the trusted channel. 441 FMT_SMR.1, FMT_SMR.1/PACE.PICC: These SFRs describe the roles maintained by the TOE: World (the unauthenticated user), Human User authenticated by a password or PIN, Human User authenticated by a PUC, Administrator authenticated as Manufacturer or Personalization Agent, Device authenticated by means of a symmetric or asymmetric key, PACE authenticated terminal. The roles are bound to corresponding authentication data and a fixed set of access rights defined by the access control rules. Administrator’s roles authentication is supported by the COS and cannot be changed by any object sys- tem. 442 FIA_USB.1, FIA_USB.1/CB, FIA_USB.1/LC, FIA_USB.1/PACE.PICC: The TOE associ- ates security attributes to authenticated users or devices and enforce said rules for changing them by dedicated commands, e.g. changing the authentication state after a Security Target TCOS FlexCert/SLC52 118/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 MANAGE CHANNEL command. The Crypto Box SFR requires that authentication is bound to the trusted channel. This is enforced by the TOE’s securityfunctions. 443 FDP_ACC.1/EF, FDP_ACF.1/EF, FDP_ACC.1/SEF, FDP_ACF.1/SEF, FDP_ACC.1/TEF, FDP_ACF.1/TEF, FDP_ACC.1/MF_DF, FDP_ACF.1/MF_DF, FDP_ACC.1/Key, FDP_\ ACF.1/Key: The TOE enforcesthe corresponding access rules SFP for different objects (Elementary File, Structured EF, Transparent EF, MF/DF, key objects). The access rule enforcementis implemented in the COS and cannot be changed by any object system. 444 FDP_ACC.1/LC, FDP_ACF.1/LC: According to the COS-Specification [EGK-COS] the attribute shareable for all objects (if they have any) must always set to "TRUE". There- fore, these SFRs are fulfilled automatically. 445 FMT_SMF.1: The TOE provides global management functions like Initialization (Installa- tion), Personalization and Life Cycle Management, and also the management of security attributes, passwords objects and device authentication data by dedicated commands. 446 FMT_MSA.1/Life, FMT_MSA.1/SEF: The TOE enforcesthe access control policy for the management of life cycle relevant security attributeslike lifeCycleStatus. The dedicated management functions are specified here. Other management functions are not availa- ble. 447 FMT_MSA.3, FMT_MSA.3/LC: Initial default values are set by the COS to restrictive values as listed in these SFRs. This concerns the currentFolder set to MF, currentFile set to non, the security environment set to the default and reset of the session key con- text. 448 FMT_MTD.1/PIN, FMT_MSA.1/PIN: PIN/password objects can only be changed by de - dicated commands VERIFY, CHANGE REFERENCE DATA and RESET RETRY COUNTER. Us- age is restricted to authenticated users only. Note that they can also enable or disable the verification. This is implemented in the COS and cannot be changed. The infor- mation on the PIN status is freely accessible. Note that disabling the verification re- quirement should not be allowed for signature application. But this depends on the ob- ject system and can only be enforced by the COS if such an access rule is specified in the object system. 449 FMT_MTD.1/Auth, FMT_MSA.1/Auth: Authentication reference data can only be chan- ged by dedicated commands and are restricted to authenticated users/devices only. 450 FMT_MTD.1/NE: Access conditions laid down in the object system restrict the ability to export sensitive TSF data to dedicated roles, other sensitive User data like private keys are not allowed to be exported at all. The TOE enforces these access rules. 451 FMT_MTD.1/PACE.PICC: Secret session keys and other sensitive data of the PACE protocol including the SCCO can never be read out. 452 FCS_RNG.1, FCS_RNG.1/PACE, FCS_RNG.1/SICP: The TOE provides a hybrid de- terministic random number generator of class DRG.4, which is based on a random num- ber generator of class PTG.2 provided by the hardware (FCS_RNG.1/SICP). DRG.4 is the highest level of a deterministic random number generator defined in [AIS31]. 453 FCS_RNG.1/GR: The TOE provides a physical random number generator of class PTG.3 with a cryptographic post-processing algorithm of class DRG.3. PTG.3 is the highest level of a physical random number generator defined in [AIS31]. 454 FCS_COP.1/SHA: The TOE provides the dedicated hash functions SHA-1. SHA-256, SHA-384 and SHA-512 used by internal functions of the TOE, e.g. for key derivation. Note that the weakened collision resistance of SHA-1 has no impact on the key deriva- Security Target TCOS FlexCert/SLC52 119/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 tion, for signature creation SHA-1 is not used. The COS ensures the correctness using different checks during the computation. 455 FCS_COP.1/COS.AES, FCS_COP.1/CB.AES, FCS_COP.1/PACE.PICC.ENC, FCS_\ CKM.1/AES.SM: The TOE uses the AES with standard key sizes of 128, 192 or 256 bits for encryption and decryption in CBC mode. This algorithm is used also for secure mes- saging established by the PACE protocol. The COS ensures the correctness using dif- ferent checks during the computation. 456 FCS_COP.1/COS.CMAC, FCS_COP.1/CB.CMAC, FCS_COP.1/PACE.PICC.MAC: The TOE provides the AES-based standard CMAC algorithm used in MAC computation and verification. This algorithm is used also for secure messaging established by the PACE protocol. The COS ensures the correctnessusing different checks during the computa- tion. 457 FCS_CKM.1/RSA, FCS_COP.1/COS.RSA, FCS_COP.1/CB.RSA, FCS_COP.1/COS.\ RSA.S: The TOE implements RSA key generation, decryption and digital signature crea- tion with 2048 and 3072 bit key lengths. Public key operations RSA encryption and digi- tal signature verification are supported with 2048 bit key lengths. The COS ensures the correctness using different checks during the computation, e.g. to prevent different fault attacks the output of secret key operations is blocked if the corresponding public opera- tion fails. 458 FCS_CKM.1/ELC, FCS_CKM.1/DH.PACE.PICC, FCS_COP.1/COS.ELC, FCS_COP.1/ CB.ELC, FCS_COP.1/COS.ECDSA.S, FCS_COP.1/COS.ECDSA.V: The TOE imple- ments different cryptographic algorithms based on elliptic curves. The standardized prime curves of 256, 384 and 512 bit key lengths are supported by the TOE. The COS ensures the correctness using different checks during the computation. 459 FCS_CKM.4, FCS_CKM.4/PACE.PICC: Cryptographic keys will be destroyed after de- allocation by overwriting with zeros or random data, e.g. the new key. 460 FDP_UCT.1/PACE, FDP_UIT.1/PACE: The TOE implements the PACE protocol, which is proven to be secure. The secure channel set up by the protocol prevents the transmit- ted data to be disclosed, modified, deleted, inserted or replayed. 461 FTP_ITC.1/TC, FTP_ITC.1/PACE.PICC: The TOE implements the standardized secure messaging protocol based on cryptographic algorithms. It installs a trusted channel that supports confidentiality and integrity of transmitted data. The TOE enforces the protect- ed communication over the contactless interface by means of the proven as secure PACE protocol. 462 FRU_FLT.2/SICP: A malfunction of the hardware may occur if the external operating conditions are not in the specified ranges. This is provided by the security f eature “Pro- tection Against Modifying Attacks” of the chip’s hardware (cr. [HWST, SF_PMA]). 463 FPT_FLS.1, FPT_FLS.1/SICP: If the TOE is exposed to the external operating condi- tions out of range or if a failure, e.g. entropy loss of the random number generator, the TOE enters and preserves a secure state. This is supported by chip’s hardware too. 464 FMT_LIM.1/SICP, FMT_LIM.2/SICP: Test software available in manufacturing phase must be not available (limited availability) or not relevant (limited capability) for the TOE. 465 FAU_SAS.1/SICP: During TOE manufacturing the chip hardware provides means to store Initialization Data to identify the hardware. 466 FPT_PHP.3/SICP: Physical probing shall avert the disclosure of assets. This function is provided by the security functions of the hardware. Security Target TCOS FlexCert/SLC52 120/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 467 FDP_ITT.1/SICP, FPT_ITT.1/SICP, FDP_IFC.1/SICP: User data are protected by the TOE if processed or transferred within different parts of the TOE according to the TOE Data Processing Policy. This function is provided by the chip hardware. 468 FDP_SDC.1/SICP, FDP_SDI.2/SICP: User and TSF data are monitored for integrity und kept confidential by the TOE. This function is provided by the chip hardware. 7.8 Statement of Compatibility 469 This is the statement of compatibility between this Composite Security Target and the Security Target Chip of the underlying hardware [HWST]. 7.8.1 Relevance of Hardware TSFs 470 The TOE is equipped with following Security Features to meet the security functional requirements: 471 Relevant: • SF_PS Protection against Snooping • SF_PMA Protection against Modification Attacks • SF_PLA Protection against Logical Attacks • SF_CS Cryptographic Support Cryptographic support includes TDES/3DES (not relevant), AES (relevant), RSA (not relevant), EC (not relevant), SHA-2 (SHA-256 and SHA512 – both not relevant), TRNG (relevant). 472 Not relevant: 473 SF_DPM Device Phase Management 7.8.2 Security Requirements 474 Security Functional Requirements 475 The relevant Security Requirements of the TOE and the hardware can be mapped or are not relevant. They show no conflict between each other. 476 Security Requirements of the TOE related to the Composite ST: 477 The following Security Requirements of the TOE are specific for the Operating System and have no conflicts with the underlying hardware. PP Basic Requirements • FDP_RIP.1 no conflict Security Target TCOS FlexCert/SLC52 121/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • FPT_TDC.1 no conflict • FPT_ITE.1 no conflict • FPT_ITE.2 no conflict • FPT_TST.1 no conflict • FIA_AFL.1/PIN no conflict • FIA_AFL.1/PUC no conflict • FIA_ATD.1 no conflict • FIA_UAU.1 no conflict • FIA_UAU.4 no conflict • FIA_UAU.5 no conflict • FIA_UAU.6 no conflict • FIA_UID.1 no conflict • FIA_API.1 no conflict • FIA_SOS.1 no conflict • FMT_SMR.1 no conflict • FIA_USB.1 no conflict • FDP_ACC.1/MF_DF no conflict • FDP_ACF.1/MF_DF no conflict • FDP_ACC.1/EF no conflict • FDP_ACF.1/EF no conflict • FDP_ACC.1/TEF no conflict • FDP_ACF.1/TEF no conflict • FDP_ACC.1/SEF no conflict • FDP_ACF.1/SEF no conflict • FDP_ACC.1/KEY no conflict • FDP_ACF.1/KEY no conflict • FDP_SDI.2 no conflict • FMT_MSA.3 no conflict • FMT_SMF.1 no conflict • FMT_MSA.1/Life no conflict • FMT_MSA.1/SEF no conflict • FMT_MTD.1/PIN no conflict • FMT_MSA.1/PIN no conflict • FMT_MTD.1/Auth no conflict • FMT_MSA.1/Auth no conflict • FMT_MTD.1/NE no conflict • FCS_COP.1/SHA no conflict • FCS_CKM.1/AES.SM no conflict • FCS_CKM.1/RSA no conflict • FCS_CKM.1/ELC no conflict • FCS_COP.1/COS.RSA.S no conflict • FCS_COP.1/COS.ECDSA.S no conflict • FCS_COP.1/COS.ECDSA.V no conflict Security Target TCOS FlexCert/SLC52 122/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • FCS_COP.1/COS.RSA no conflict • FCS_COP.1/COS.ELC no conflict • FCS_CKM.4 no conflict Crypto Box package • FIA_API.1/CB no conflict • FIA_UAU.6/CB no conflict • FIA_USB.1/CB no conflict • FCS_COP.1/CB.ELC no conflict • FCS_COP.1/CB.RSA no conflict Package Contactless • FCS_CKM.1/DH.PACE.PICC no conflict • FCS_CKM.4/PACE.PICC no conflict • FIA_UAU.1/PACE no conflict • FIA_ATD.1/PACE no conflict • FIA_USB.1/PACE.PICC no conflict • FIA_UAU.4/PACE.PICC no conflict • FIA_UAU.5/PACE.PICC no conflict • FIA_UAU.6/PACE.PICC no conflict • FIA_UID.1/PACE no conflict • FDP_RIP.1/PACE.PICC no conflict • FDP_UCT.1/PACE no conflict • FDP_UIT.1/PACE no conflict • FMT_SMR.1/PACE.PICC no conflict • FMT_MTD.1/PACE.PICC no conflict • FPT_ITE.2/PACE no conflict • FTP_ITC.1/PACE.PICC no conflict Package Logical channel • FIA_USB.1/LC no conflict • FDP_ACC.1/LC no conflict • FDP_ACF.1/LC no conflict • FMT_MSA.3/LC no conflict 478 Note that some of these requirements, especially all FCS_CKM.1 key generation re- quirements, requirements FCS_COP.1/RSA, FCS_COP.1/ELC and FCS_COP.1/DH.\ PACE.PICC for cryptographic operations and also the requirements on secure and trusted channel FTP_ ITC.1/TC and FTP_ITC.1/PACE.PICC rely on FCS_RNG.1/SICP requirements of the hardware. This is considered as not conflicting, because the latter is also used by FCS_RNG.1 and FCS_RNG.1/GR of the TOE. 479 The remaining Security Requirements of the TOE can be mapped to Security Require- ments of the hardware. They show no conflict between each other. • FPT_FLS.1 matches FPT_FLS.1 of [HWST] • FPT_EMS.1, FPT_EMS.1/PACE.PICC are supported by the Security Feature SF_PS of the hardware ([HWST]) and the AVA_VAN.5 evalua- tion Security Target TCOS FlexCert/SLC52 123/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • FCS_COP.1/COS.AES, FCS_COP.1/COS.CMAC, FCS_COP.1/CB.AES, FCS_COP.1/CB.CMAC, FCS_COP.1/PACE.PICC.ENC, FCS_COP.1/PACE.PICC.MAC match FCS_COP.1/AES of [HWST] • FCS_RNG.1, FCS_RNG.1/GR, FCS_RNG.1/PACE matches FCS_RNG.1 of [HWST] • FMT_LIM.1 matches FMT_LIM.1 of [HWST] in the pre-usage phase • FMT_LIM.2 matches FMT_LIM.2 of [HWST] in the pre-usage phase • FPT_PHP.3 matches FPT_PHP.3 of [HWST] 480 Security Requirements of the hardware 481 The Security Requirements of the TOE’s hardware based on PP-0084 [PP0084, sec.6.1] can be mapped to Security Requirements of the TOE. They show no conflict between each other and are taken over in the Composite ST as iterated by SICP. • FAU_SAS.1 is covered by FAU_SAS.1 of the Composite ST • FDP_IFC.1 concerns information flow policy between parts of the hardware • FDP_ITT.1 concerns basic internal transfer protection of the hardware • FMT_LIM.1 is covered by FMT_LIM.1 of the Composite ST • FMT_LIM.2 is covered by FMT_LIM.2 of the Composite ST • FPT_FLS.1 covered by FPT_FLS.1 of the Composite ST • FPT_ITT.1 concerns basic hardware internal TSF data transfer protection • FPT_PHP.3 concerns the resistance to physical attacks • FRU_FLT.2 concerns the hardware operation, doesnot conflict with SFRs of the TOE • FDP_SDC.1, FDP_SDI.2 concern the low-level stored data integrity and con- fidentiality of the hardware and does not conflict with the SFRs of the TOE. 482 The additional Security Requirements of the TOE's hardware defined in [HWST] can be mapped to Security Requirements of the TOE, too. They show no conflict between each other. • FCS_CKM.1 not relevant, as the EC key generation of the hardware is not used • FCS_COP.1/AES: covered by FCS_COP.1/COS.AES, FCS_COP.1/CB.AES, FCS_COP.1/COS.CMAC and FCS_COP.1/CB.CMAC of the Composite ST • FCS_COP.1/RSA, FCS_COP.1/ECDSA, FCS_COP.1/ECDH, FCS_COP.1/SHA are not relevant, as these algorithms are not used • FCS_RNG.1: matches FCS_RNG.1 of the Composite ST • FCS_RNG.1/HPRG matches FCS_RNG.1/GR of the Composite ST • FCS_RNG.1/TRNG matches FCS_RNG.1/SICP of the Composite ST • FDP_ACC.1 concerns the Memory Access Control Policy on software tasks accessing assigned data in memories, this is covered by FDP_ACC.1 and its iterations of the Composite TOE • FDP_ACF.1 describes the Memory Access Control policy enforced by the hardware, this is covered by policy enforcing FDP_ACF.1 of the Composite TOE and its iterations Security Target TCOS FlexCert/SLC52 124/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • FMT_MSA.1 concerns the management of security attributes on hardware’s level, does not conflict with the SFRs of the TOE • FMT_MSA.3 concerns the management of security attributes on hardware’s level, does not conflict with the SFRs of the TOE • FMT_SMF.1 concerns the access of the configuration registers of the Memo- ry Management Unit, does not conflict with the SFRs of the TOE • FPT_TST.2: concerns self tests of the hardware TSF, no conflictsto SFRs of the TOE 483 Security Assurance Requirements 484 The level of assurance of the TOE is EAL 4 augmented with ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5. 485 The chosen level of assurance of the hardware is EAL 5 augmented with ALC_DVS.2 and AVA_VAN.5. 486 This shows that the Assurance Requirements of the TOE matches the Assurance Re- quirements of the hardware. 7.8.3 Security Objectives 487 The Security Objectives of the TOE and the hardware can be mapped or are not rele- vant. They show no conflict between each other. 488 Security Objectives of the TOE related to the Composite ST: • O.Integrity: covers O.Add_Functions (AES) of the [HWST] • O.Confidentiality: covers O.Add_Functions (AES) of the [HWST] • O.Resp-COS: no conflict • O.TSFDataExport: no conflict • O.Authentication: no conflict • O.AccessControl: no conflict • O.KeyManagement: no conflict • O.Crypto: no conflict • O.SecureMessaging:no conflict • O.Trustedchannel: no conflict • O.PACE_CHIP: no conflict • O.Logicalchannel: no conflict 489 Security Objectives for the hardware ([PP0084] and [HWST]): • O.Identification: is taken over in this ST • O.Leak-Inherent: is taken over in this ST Security Target TCOS FlexCert/SLC52 125/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 • O.Phys-Probing: is taken over in this ST • O.Malfunction: is taken over in this ST • O.Phys-Manipulation: is taken over in this ST • O.Leak-Forced: is taken over in this ST • O.Abuse-Func:is taken over in this ST • O.RND: is taken over in this ST • O.AES: is taken over in this ST • O.Add-Functions (Additional Specific SecurityFunctionality) The hardware TOE provides the following specific security functionality to the Smartcard Embedded Software: Advanced Encryption Standard (AES)/(DES) which is mapped to O.Integrity and O.Confidentiality. The security functionality of Rivest-Shamir-Adleman algorithm, Elliptic Curve Cryptography and Secure Hash Algorithm is not used and therefore not relevant. • O.Mem_Access The hardware TOE provides the Smartcard Embedded Software with the capa- bility to define restricted access memory areas. The hardware TOE enforces the partitioning of such memory areas so that access of software to memory areas and privilege levels is controlled as required. This objective addresses a low- level access control, which does not contradict the access control rules on OS level. The TOE rely on the low-level protection of memory areas and therefore this objective of the hardware is covered by O.Integrity, O.Confidentiality, O.Resp-COS, O.AccessControl.for example, in a multi-application environment. is mapped to T.Mem_Access 7.8.4 Compatibility: TOE Security Environment 490 Assumptions 491 The following list shows that assumptions neither of the TOE nor of the hardware have any conflicts between each other. Theyare either not relevant for this Security Target or are covered by appropriate Security Objectives. 492 Assumptions for the TOE related to the Composite ST: • A.Process-Sec-SC • A.Plat-COS • A.Resp-ObjS 493 Assumptions of the Hardware PP ([PP0084]): • A.Process-Sec-IC (Protection during Packaging, Finishing and Personalization) is coveres by A.Process-Sec-SC • A.Plat-Appl (Usage of Hardware Platform) not relevant • A.Resp-Appl (Treatment of User Data) relevant Security Target TCOS FlexCert/SLC52 126/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 This assumption is covered by the hardware’s objective for the environment OE.Resp-ObjS 494 Assumptions of the specific hardware platform ([HWST]): • A.Key-Function (Usage of Key-dependent Functions) Key-dependent functions (if any) shall be implemented in the Smartcard Em- bedded Software in a way that they are not susceptible to leakage attacks (as described under T.Leak-Inherent and T.Leak-Forced). This assumption is cov- ered by the Hardware’s objective OE.Resp-Appl for the environment and ap- plies to Life Cycle Phase 1 “Development”. 495 Threats 496 The Threats of the TOE and the hardware can be mapped or are not relevant. They show no conflict between each other. 497 Threats for the TOE related to the Composite ST: • T.Forge_Internal_Data no conflict • T.Compromise_Internal_Data no conflict • T.Misuse no conflict • T.Malicious_Application no conflict • T.Crypto no conflict • T.Intercept no conflict • T.WrongRights: no conflict 498 Threats of the hardware ST related to PP0084: • T.Leak-Inherent is taken over in this ST • T.Phys-Probing is taken over in this ST • T.Malfunction is taken over in this ST • T.Phys-Manipulation is taken over in this ST • T.Leak-Forced is taken over in this ST • T.Abuse-Func is taken over in this ST • T.RND is taken over in this ST 499 Threats of the hardware ST ([HWST]): • T.Mem-Access (Memory Access Violation) 500 Parts of the Smartcard Embedded Software may accidentally or deliberately access re- stricted data (which may include code) or privilege levels. Any restrictions are defined by the security policy of the specific application context and must be implemented by the Smartcard Embedded Software. This threat is mainly related to TOE’s Life Cycle Phase Security Target TCOS FlexCert/SLC52 127/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 1 “Development”. It is not related to later phases because the Smart Card Embedded Software cannot be altered by the object system. 7.8.5 Organizational Security Policies 501 The Organizational Security Policies of the TOE and the hardware have no conflicts bet- ween each other. They are shown in the following list. 502 OrganizationalSecurity Policies of the Composite ST of the TOE: • P.Process-TOE covers P.Process-TOE of the hardware ST ([PP0084]) • P.Crypto-Service covers P.Crypto-Service of the hardware ST ([PP0084]) • OSP.Logicalchannel no conflict 503 OrganizationalSecurity Policies of the Hardware ST: • P.Add-Functions (Additional Specific Security Functionality) no conflict The TOE’s hardware provides the following specific security functionality to the Smartcard Embedded Software: Advanced Encryption Standard, Triple Data Encryption Standard (relevant), Rivest-Shamir-Adleman Cryptography (not rele- vant), Elliptic Curve Cryptography (not relevant), Secure Hash Algorithm SHA-2. • P.Process-TOE ([PP0084]) is taken over in this ST. • P.Crypto-Service ([PP0084]) is taken over in this ST. 7.8.6 Conclusion 504 No contradictions between the SecurityTargets of the TOE and the underlying hardware can be found. 7.9 Assurance Measures 505 The documentation is produced compliant to the Common Criteria Version 3.1. The follo- wing documents provide the necessary information to fulfill the assurance requirements listed in section 6.2 Security Assurance Requirements for the TOE. Development ADV_ARC.1 Security Architecture Description TCOS FlexCert 2.0 Release 1 ADV_FSP.4 Functional Specification TCOS FlexCert 2.0 Release 1 ADV_IMP.1 Implementation of the TSF TCOS FlexCert 2.0 Release 1 ADV_TDS.3 Modular Design of TCOS FlexCert 2.0 Release 1 Guidance documents AGD_OPE.1 User Guidance TCOS FlexCert 2.0 Release 1 AGD_PRE.1 Administrator Guidance TCOS FlexCert 2.0 Release 1 Security Target TCOS FlexCert/SLC52 128/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Life-cycle support ALC_CMC.4, ALC_CMS.4 Documentation for Configuration Management ALC_DEL.1 Documentation for Delivery and Operation ALC_LCD.1 Life Cycle Model Documentation TCOS FlexCert 2.0 Release 1 ALC_TAT.1, ALC_DVS.2 Development Tools and Development Security for TCOS FlexCert 2.0 Release 1 Tests ATE_COV.2, ATE_DPT.2 Test Documentation for TCOS FlexCert 2.0 Release 1 ATE_FUN.1 Test Documentation of the Functional Testing Vulnerability assessment AVA_VAN.5 IndependentVulnerability Analysis TCOS FlexCert 2.0 Release 1 506 The developer team uses a configuration management system that supports the genera- tion of the TOE. The configuration management system is well documented and identi - fies all different configuration items. The configuration management tracks the imple- mentation representation, design documentation, test documentation, user documen- tation, administrator documentation, and security flaws. The security of the configuration management is described in detail in a separate document. 507 The delivery process of the TOE is well defined and follows strict procedures. Several measures prevent the modification of the TOE based on the developer’s master copy and the user’s version. The Administrator and the User are provided with necessary documentation for installation, personalization and start-up of the TOE. 508 The implementation is based on an informal high-level and low-level design of the com- ponents of the TOE. The description is sufficient to generate the TOE without other de- sign requirements. 509 The tools used in the development environment are appropriate to protect the confiden - tiality and integrity of the TOE design and implementation. The development is controlled by a life-cycle model of the TOE. The development tools are well-defined and use semi- formal methods, i.e. a security model. 510 The development department is equipped with organizational and personnel means that are necessary to develop the TOE. The testing and the vulnerability analysis require technical and theoretical know-how available at Deutsche Telekom Security GmbH. 511 As the evaluation is identified as a composite evaluation based on the CC evaluation of the hardware, the assurance measures related to the hardware (IC) will be provided by documents of the IC manufacturer. Security Target TCOS FlexCert/SLC52 129/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 Appendix Glossary and Acronyms 512 The terminology and abbreviations of Common Criteria version 3.1 [CC], Revision 4 and the specification [EGK-COS] apply. The following table is taken over from the PP [PPCOS] Acronyms Acronym Term CAP Composed Assurance Package CC Common Criteria CCRA Arrangement on the Recognition of Common Criteria Certificates in the field of IT Security CM Configuration Management COS Card operating system CVC Card verifiable certificate EAL Evaluation Assurance Level eHC Electronic health care card (elektronische Gesundheitskarte) eHPC Electronic professional card (elektronischer Heilberufsausweis) IC Integrated Circuit OS Operating System OSP Organizational Security Policy PC Personal Computer PCD Proximity Coupling Device (as defined in [EACTR part 2]) PICC Proximity Integrated Circuit Chip (as defined in [EACTR, part 2]) PKI Public Key Infrastructure PP Protection Profile SAR Security Assurance Requirement SCCO Symmetric Card Connection Object SFP Security Function Policy SFR Security Functional Requirement SMC-B Secure module card type B SMC-K Secure module card type K SMC-KT Secure module card type KT SPD Security Problem Definition ST Security Target TOE Target of Evaluation Security Target TCOS FlexCert/SLC52 130/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 References [AIS31] Bundesamt für Sicherheit in der Informationstechnik, Anwendungshinweise und Interpre- tationen zum Schema (AIS), AIS 31, A proposal for Functionality classes for random num- ber generators Version 2.0 vom 18.09.2011, Bundesamt für Sicherheit in der Informati- onstechnik (BSI) [AIS36] Bundesamt für Sicherheit in der Informationstechnik, Anwendungshinweise und Interpre- tationen zum Schema (AIS), AIS 36, Version 5 vom 15.03.2017, Bundesamt für Sicherheit in der Informationstechnik(BSI) [ANSX9.63] American National Standard X9.63-2001, Public Key Cryptography for the Financial Ser- vices Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography, 2005-11 [CC] Common Criteria for Information Technology Security Evaluation, Version 3.1, Part 1: Introduction and General Model; Version 3.1, April 2017, CCMB-2017-04-001, Part 2: Security Functional Requirements; Version 3.1, April 2017, CCMB-2017-04-002, Part 3: Security Assurance Requirements; Version 3.1, April 2017, CCMB-2017-04-003 Common Methodology for Information Technology Security Evaluation, Evaluation Metho- dology, Version 3.1, April 2017, CCMB-2017-04-004 [EACTR] Technical Guideline TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token, Part 1 - eMRTDs with BAC/PACEv2 and EACv1, BSI, Version 2.20, 2015, Part 2 - Protocols for electronic IDentification, Authentication and trust Services (eIDAS), BSI, Version 2.21, 2016-12, Part 3 - Common Specifications, BSI, Version 2.21, 2016-12 [ECCTR] Technical Guideline TR-03111: Elliptic Curve Cryptography, Version 2.10, Bundesamt für Sicherheit in der Informationstechnik (BSI), 2018-06 [EGK-COS] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elek- trische Schnittstelle, Version 3.13.1 vom 01.11.2019, gematik Gesellschaft für Telematik- anwendungen der Gesundheitskarte GmbH [EGK-WRP] Einführung der Gesundheitskarte, Spezifikation Wrapper, Version 1.8.0 vom 24.08.2016, gematik Gesellschaft für Telematikanwendungen der Gesundheitskarte GmbH [FIPS180] Federal Information Processing Standards Publication FIPS PUB 180-4, Secure Hash Standard (SHS), 2012-03 Security Target TCOS FlexCert/SLC52 131/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 [FIPS186] Federal Information Processing Standards Publication FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013 [FIPS197] Federal Information Processing Standards Publication 197, Advanced Encryption Stan- dard (AES), U.S. Department of Commerce/National Institute of Standards and Techno- logy, 2001-11-26 [HWCR] Certification Report of the underlying hardware platform, BSI-DSZ-CC-1079-V2-2020 for IFX_CCI_00000Fh,IFX_CCI_000010h,IFX_CCI_000026h, IFX_CCI_000027h,IFX_CCI_000028h, IFX_CCI_000029h,IFX_CCI_00002Ah, IFX_CCI_00002Bh,IFX_CCI_00002Ch in the design step G12 and including optional software libraries and dedicated firmware from Infineon Technologies AG, Bundesamt für Sicherheit in der Informationstechnik (BSI), 2020-06-16 [HWST] Security Target of the underlying hardware platform, Public Security Target Common Cri- teria v3.1 – EAL6 augmented / EAL6+ IFX_CCI_00000Fh, IFX_CCI_000010h,IFX_CCI_000026h, IFX_CCI_000027h,IFX_CCI_000028h, IFX_CCI_000029h,IFX_CCI_00002Ah, IFX_CCI_00002Bh,IFX_CCI_00002Ch G12, Date 2020-04-03, Version 0.8 [ICAOSAC] ICAO Machine Readable Travel Documents, Technical Report, Supplemental Access Control for Machine Readable Travel Documents, Version 1.01, ICAO, 2010-11 [ISO7816] ISO 7816-4:2013, Identification cards – Integrated circuit cards with contacts, Part 4: Or- ganization, security and commands for interchange, ISO, 2013-04 [ISO9796-2] ISO/IEC 9796-2:2010 Information technology -- Security techniques -- Digital signature schemes giving message recovery – Part 2: Integer factorization based mechanisms, ISO, 2010-12 [ISO9797] ISO 9797-1:1999, Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher, ISO, 2005-01-04 [ISO14443] ISO 14443, Identification cards – Contactless integrated circuit cards – Proximity cards, Parts 1-4 and Amendments, 2008-2014 [PKCS1] PKCS #1: RSA Cryptography Standard, RSA Laboratories, Version 2.1, Revised June 13, 2002 (cf. [RFC3447]) [PP0084] Security IC Platform Protection Profile with Augmentation Packages, Version 1.0, devel- oped by Inside Secure, Infineon Technologies AG, NXP Semiconductors Germany GmbH, STMicroelectronics, registered and certified by Bundesamt für Sicherheit in der Infor- mationstechnik (BSI) under the certification reference BSI-CC-PP-0084-2014 Security Target TCOS FlexCert/SLC52 132/132 Specification of the Security Target TCOS FlexCert Version 2.0 Release 2 Version: 2.0.2 Stand: 2021-05-25 Deutsche Telekom Security GmbH, 2021 [PPCOS] CC Protection Profile: Card Operating System Generation 2 (PP COS G2), BSI-CC-PP- 0082-V4, Version 2.1, Registered and Certified by Bundesamt für Sicherheit in der Infor- mationstechnik under BSI-CC-PP-0082-V4-2019, 2019-07 [RFC3447] J. Jonsson, B. Kaliski; Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, RFC 3447, IETF, 2003-02 [RFC5639] M. Lochter, J. Merkle, Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation, RFC 5639, IETF, 2010-03 [SP800-38B] Recommendation for Block Cipher Modesof Operation: The CMAC Mode for Authentica- tion, NIST Special Publication 800-38B, National Institute of Standards and Technology, May 2005 [SP800-67] Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, NIST Special Publication 800-67, Revised January 2012, National Institute of Standards and Technology, 2012-01 [TCOSGD] Administrator’s Guidance TCOS FlexCert Version 2.0 Release 2, Deutsche Telekom Se- curity GmbH, Version 1.1, 2021-05 Guidance Documentation of the Wrapper to TCOS FlexCert Version 2.0 Release 2, Deutsche Telekom Security GmbH, Version 1.1, 2021-05 [TR2102] Technische Richtlinie TR-02102 Kryptographische Verfahren Empfehlungen und Schlüs- sellängen, Version 2020-01, Bundesamt für Sicherheit in der Informationstechnik (BSI) [TR3116-1] Technische Richtlinie TR-03116 für die eCard-Projekte der Bundesregierung Version 3.20, Bundesamt für Sicherheit in der Informationstechnik (BSI), 2018-09 [TR3143] Technische Richtlinie TR-03143 „eHealth G2-COS Konsistenz-Prüftool“, Bundesamt für Sicherheit in der Informationstechnik (BSI), Version 1.1, 2017-05