PREMIER MINISTRE General Secretariat for Defence and National Security French Network and Information Security Agency Certification Report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Paris, May 11th 2010 Courtesy Translation Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 2 out 16 CER/F/07.5 Warning This report is designed to provide sponsors with a document enabling them to assess the security level of a product under the conditions of use and operation defined in this report for the evaluated version. It is also designed to provide the potential purchaser of the product with the conditions under which he may operate or use the product so as to meet the conditions of use for which the product has been evaluated and certified; that is why this certification report must be read alongside the evaluated user and administration guidance, as well as with the product security target, which presents threats, environmental assumptions and the supposed conditions of use so that the user can judge for himself whether the product meets his needs in terms of security objectives. Certification does not, however, constitute a recommendation product from ANSSI (French Network and Information Security Agency), and does not guarantee that the certified product is totally free of all exploitable vulnerabilities. Any correspondence about this report has to be addressed to: Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d'information 51, boulevard de la Tour Maubourg 75700 PARIS cedex 07 SP France certification.anssi@ssi.gouv.fr Reproduction of this document without any change or cut is authorised. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 3 out 17 Certification report reference ANSSI-CC-2010/23 Product name ST23YT66/34A Secure Microcontrollers Product reference ST23YT66/34 revision A (dedicated software APC, K2R0ACB mask set) Protection profile conformity BSI-PP-0035-2007 version 1.0 Security IC Platform Protection Profile v1.0, 15 June 2007 Evaluation criteria and version Common Criteria version 3.1 Evaluation level EAL 5 augmented AVA DVS.2, AVA VAN.5 Developer STMicroelectronics Smartcard IC division, 190 Avenue Célestin Coq, 13106 Rousset Cedex, France Sponsor STMicroelectronics Smartcard IC division, 190 Avenue Célestin Coq, 13106 Rousset Cedex, France Evaluation facility Serma Technologies 30 avenue Gustave Eiffel, 33608 Pessac, France Phone: +33 (0)5 57 26 08 75, email : e.francois@serma.com Recognition arrangements CCRA The product is recognised at EAL4 level. SOG-IS Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 4 out 16 CER/F/07.5 Introduction The Certification Security certification for information technology products and systems is governed by decree number 2002-535 dated 18 April 2002 and published in the "Journal Officiel de la République Française". This decree stipulates that: • The French Network and Information Security Agency draws up certification reports. These reports indicate the features of the proposed security targets. They may include any warnings that the authors feel the need to mention for security reasons. They may or may not be transmitted to third parties or made public, as the sponsors desire (article 7). • The certificates issued by the Prime Minister certify that the copies of the products or systems submitted for evaluation fulfil the specified security features. They also certify that the evaluations have been carried out in compliance with applicable rules and standards, with the required degrees of skill and impartiality (article 8). The procedures are available on the Internet site www.ssi.gouv.fr. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 5 out 17 Content 1. PRODUCT .................................................................................................................................... 6 1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6 1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6 1.2.1. Product identification........................................................................................................ 6 1.2.2. Security services ................................................................................................................ 7 1.2.3. Architecture ....................................................................................................................... 7 1.2.4. Life cycle............................................................................................................................ 8 1.2.5. Evaluated configuration .................................................................................................. 10 2. EVALUATION........................................................................................................................... 11 2.1. EVALUATION REFERENTIAL ................................................................................................. 11 2.2. EVALUATION WORK ............................................................................................................. 11 2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS ACCORDING TO ANSSI TECHNICAL REFERENCE FRAME............................................................................................................................ 11 2.4. RANDOM NUMBER GENERATOR ANALYSIS .......................................................................... 11 3. CERTIFICATION...................................................................................................................... 12 3.1. CONCLUSION........................................................................................................................ 12 3.2. RESTRICTIONS OF USE.......................................................................................................... 12 3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 12 3.3.1. European recognition (SOG-IS)...................................................................................... 12 3.3.2. International common criteria recognition (CCRA) ....................................................... 13 ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.............................................................. 13 ANNEX 2. EVALUATED PRODUCT REFERENCES.................................................................. 14 ANNEX 3. CERTIFICATION REFERENCES................................................................................ 16 Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 6 out 16 CER/F/07.5 1. Product 1.1. Presentation of the product The evaluated products are the ST23YT66 and ST23YT34 secure microcontrollers revision A (dedicated software APC, K2R0ACB mask set) developed by STMicroelectronics. The ST23YT66A and ST23YT34A only differ by the logical size of the non volatile EEPROM and ROM memories. The ST23YT66A (ST23YT34A, respectively) includes a 66Kb EEPROM (34Kb, respectively) and a 210Kb ROM (110Kb, respectively). The physical size of the EEPROM memory (ROM, respectively) being 66Kb (210Kb, respectively) in both products. In addition, only the USB interface of the ST23YT66A uses the 1.2 Kb dedicated RAM in order allow fast data transfers with 512Kb bloc size instead of only 64Kb for ST23YT34A for which this dedicated RAM is not active even if present on the product. The microcontrollers aim to host one or several software applications and can be embedded in a plastic support to create a Smartcard with multiple possible usages (secure identity documents, banking, health card, pay-TV or transport applications…) depending on the Embedded Software applications. However, only the microcontroller is evaluated. The software applications are not in the scope of this evaluation. 1.2. Evaluated product description The security target [ST] defines the evaluated product, its evaluated security functionalities and its operational environment. This security target is compliant with [PP035] protection profile (strict compliance). 1.2.1. Product identification The configuration list [CONF] identifies the product’s constituent elements. The certified version of the product can be identified by the following elements: o Die identification: K2R0A (Die name with HW major cut reference) o Die mask set identification: all masks revision letters corresponding to K2R0ACB mask set; o Dedicated software identification: APC (Boot sequence, embedded test software); o Embedded software identification: UBM this is the Card Manager, a reference Operating System, embedded in the User ROM of the samples which have been tested, for the evaluation needs only. The Card Manager is not part of the evaluation perimeter, cf §1.2.5; o Manufacturing site identification: ST 4 (Rousset). Identification elements (2008, K2R0A, masks revision letters, APC, UBM, ST4), in line with the product configuration list, are marked on the die and visible with a microscope. In addition, two bytes in OTP allow identifying the product from a logical point of view, as described in the “Datasheet” (cf. [GUIDES]. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 7 out 17 1.2.2. Security services The product provides mainly the following security services: - Initialisation of the hardware platform and its attributes; - Secure handling of the life cycle; - Logical integrity of the product; - Test of the product; - Memory management (firewall); - Physical tampering protection; - Security violation administrator; - Unobservability; - Symmetric Key Cryptography Support; - Asymmetric Key Cryptography Support; - Unpredictable number generation support. 1.2.3. Architecture The ST23YT66A (ST23YT34A, respectively) microcontrollers are made up of: A Hardware part: - An 8/16-bit central processing unit; - Memories: ƒ 66 Kbytes (34Kb, respectively) of EEPROM (including 128 bytes of OTP) with integrity control, for program and data storage, ƒ 210 Kbytes (110 Kb, respectively) of ROM for user software, ƒ 5 Kbytes of RAM, ƒ 30 Kbytes of ROM for dedicated software; - Security Modules: Memory protection unit (MPU), clock generator, security monitoring and control, power management, memory integrity control and fault detection; - Functional Modules: 3 8-bit timers, I/O management in contact mode (IART ISO 7816-3), USB 2.0 (this interface includes a dedicated 1.2Kbyte RAM on ST23YT66A product only), True Random Number Generator, EDES co-processor supporting DES algorithms and the NESCRYPT co-processor with a dedicated 2- Kbyte RAM supporting public key cryptographic algorithms. A dedicated software is embedded in ROM which comprises: - Microcontroller test software (“Auto test”); - System and Hardware/Software interface management capabilities. Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 8 out 16 CER/F/07.5 1.2.4. Life cycle The product’s life cycle is organised as follow: Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7 Smartcard embedded software development Product constructio n IC design with its dedicated software Smartcard IC database construction IC photomask fabrication IC testing and prepersonalisation IC manufacturing Testing IC packaging Testing Smartcard product finishing process Testing Personalisation Smartcard product end- usage Product usage End of life process Legend Trusted delivery and verification procedures Delivery done within secure environment Phases supposed to be secured STM Rousset STM Singapore STM Rousset DNP Tokyo DNP Agrate STM Rousset STM Rousset STM, Zaventem Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7 Smartcard embedded software development Product constructio n IC design with its dedicated software Smartcard IC database construction IC photomask fabrication IC testing and prepersonalisation IC manufacturing Testing IC packaging Testing Smartcard product finishing process Testing Personalisation Smartcard product end- usage Product usage End of life process Legend Trusted delivery and verification procedures Delivery done within secure environment Legend Trusted delivery and verification procedures Delivery done within secure environment Phases supposed to be secured STM Rousset STM Singapore STM Rousset DNP Tokyo DNP Agrate STM Rousset STM Rousset STM, Zaventem Figure 1 – Life cycle of a smart card ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 9 out 17 The product is designed, prepared, manufactured and tested by: STMicroelectronics SAS Smartcard IC division ZI de Rousset, BP2 13106 Rousset Cedex France A part of the design is realised by: STMicroelectronics Pte Ltd 5A Serangoon North Avenue 5 554574 Singapore Singapore and by: STMicroelectronics Excelsiorlaan 44-46, B-1930 Zaventem, Belgium. The photo masks of the product are manufactured by: DAI NIPPON PRINTING CO., LTD 2-2-1, Fukuoka, kamifukuoka-shi, Saitama-Ken, 356-8507 Japan and by: DAI NIPPON PRINTING EUROPE Via C. Olivetti, 2/A, I-20041 Agrate Brianza, Italy The product manages itself the logical phases of its life cycle and can be in one of its two following configurations: • “Test” configuration: at the end of IC manufacturing, the microcontroller is tested using the test software stored in ROM (called “Autotest”) within the secure developer premises. Pre-personalization data can be loaded in the EEPROM. The product configuration is changed to “User” before delivery to the next user, and the device cannot be reversed to the “test” configuration. • “User” configuration: final configuration of the product, including 3 modes: ƒ “reduced test”, allowing STMicroelectronics to perform some reduced sets of test; ƒ “diagnosis”, allowing even more limited operations, restricted to STMicroelectronics; ƒ “end user”, final usage mode of the product, whose functionalities are driven exclusively by the Embedded Software. The developer test functionalities are unavailable. The end-users of the product can use it only under this mode. Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 10 out 16 CER/F/07.5 1.2.5. Evaluated configuration This certification report presents the evaluation work related to the product and the dedicated software identified in §1.2.1. Any other embedded application, such as the Card Manager embedded for evaluation purpose only, is not part of the evaluation perimeter. Referring to the life-cycle, the evaluated product is the product that comes out the manufacturing, test and pre-personalization phase (phase 3). For the evaluation needs, the products SB23YT66A and SB23YT34A (with internal revision C), including the cryptographic library Neslib v2.0 which were certified with the reference ANSSI-CC-2010/24, were provided to the ITSEF with a dedicated evaluation software in a mode known as “open1 ”. 1 mode that enables to load and execute a native code in EEPROM and also to disable the configurable security mechanisms. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 11 out 17 2. Evaluation 2.1. Evaluation referential The evaluation has been performed in compliance with Common Criteria version 3.1 [CC] and the Common Evaluation Methodology [CEM]. For assurance components above EAL4 level, the evaluation facility own evaluation methods, validated by ANSSI, have been used. In order to meet the specificities of smart cards, the [CC IC] and [CC AP] guides have been applied. 2.2. Evaluation work This evaluation is partially based on previous evaluation results of certified products from the ST23Y family. The evaluation technical report [ETR], delivered to ANSSI on the 2th of March 2010, describes the work performed by the evaluation facility and assesses that all evaluation tasks are “pass”. 2.3. Cryptographic mechanisms robustness analysis according to ANSSI technical reference frame The evaluated product provides the following cryptographic support services: - support for symmetric key cryptography (EDES) ; - support for asymmetric key cryptography (NESCRYPT) ; - support for random numbers generation (TRNG). These services, however, cannot be analyzed in relation to the ANSSI technical reference frame [REF-CRY], [REF-CLE] and [REF-AUT] as they do not contribute to the inherent security of the product; their strength will depend on their use by the application embedded in the microcircuit. 2.4. Random number generator analysis The evaluated product provides a hardware random number generator that has been evaluated according to the [AIS31] methodology by the evaluation facility: the generator reaches the class “P2 – SOF-high” according to [AIS31]. Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 12 out 16 CER/F/07.5 3. Certification 3.1. Conclusion The evaluation was carried out according to the current rules and standards, with the required competency and impartiality as required for an accredited evaluation facility. All the work performed allows the release of a certificate in conformance with the decree 2002-535. This certificate testifies that the secure microcontrollers ST23YT66/34A submitted for evaluation fulfil the security features specified in its security target [ST] for the evaluation level EAL5 augmented. 3.2. Restrictions of use This certificate only applies on the products specified in chapter 1.2 of this certification report. This certificate provides a resistance assessment of the ST23YT66/34A products to a set of attacks which remains generic due to the missing of any specific embedded application. Therefore, the security of a final product based on the evaluated microcontrollers would only be assessed through the final product evaluation, which could be performed using the results of current evaluation listed in Chapter 2. The user of the certified product shall respect the operational environmental security objectives specified in the security target [ST] chapter 5.2 and shall respect the recommendations in the guidance [GUIDES]. 3.3. Recognition of the certificate 3.3.1. European recognition (SOG-IS) This certificate is issued in accordance with the provisions of the SOG-IS agreement [SOG- IS]. The European recognition agreement made by SOG-IS in 1999 allows recognition from signatory states of the agreement1 , of ITSEC and Common Criteria certificates. The European recognition is applicable up to ITSEC E6 and CC EAL7 levels. The certificates that are recognized in such scope are released with the following marking: 1 The signatory countries of the SOG-IS agreement are: Finland, France, Germany, The Netherlands, Norway, Spain, Sweden and United Kingdom. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 13 out 17 3.3.2. International common criteria recognition (CCRA) This certificate is released in accordance with the provisions of the CCRA [CC RA]. The Common Criteria Recognition Arrangement allows the recognition, by signatory countries1 , of the Common Criteria certificates. The mutual recognition is applicable up to the assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that are recognized in the agreement scope are released with the following marking: 1 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia, Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United States of America. Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 14 out 16 CER/F/07.5 Annex 1. Evaluation level of the product Classe Famille Composants par niveau d’assurance Niveau d’assurance retenu pour le produit EAL 1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 EAL 5+ Intitulé du composant ADV Développement ADV_ARC 1 1 1 1 1 1 1 Security architecture description ADV_FSP 1 2 3 4 5 5 6 5 Complete semiformal functional specification with additional error information ADV_IMP 1 1 2 2 1 Implementation representation of the TSF ADV_INT 2 3 3 2 Well-structured internals ADV_SPM 1 1 ADV_TDS 1 2 3 4 5 6 4 Semiformal modular design AGD Guides d’utilisation AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedure ALC Support au cycle de vie ALC_CMC 1 2 3 4 4 5 5 4 Production support, acceptance procedures and automation ALC_CMS 1 2 3 4 5 5 5 5 Development tools CM coverage ADO_DEL 1 1 1 1 1 1 1 Delivery procedures ALC_DVS 1 1 1 2 2 2 Sufficiency of security measures ALC_FLR ALC_LCD 1 1 1 1 2 1 Developer defined life-cycle model ALC_TAT 1 2 3 3 2 Compliance with implementation standards ASE Evaluation de la cible de sécurité ASE_CCL 1 1 1 1 1 1 1 1 Conformance claim ASE_ECD 1 1 1 1 1 1 1 1 Extended component definition ASE_INT 1 1 1 1 1 1 1 1 ST introduction ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives ASE_REQ 1 2 2 2 2 2 2 2 Derived security requirements ASE_SPD 1 1 1 1 1 1 1 Security problem definition ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specifications ATE Tests ATE_COV 1 2 2 2 3 3 2 Analysis of coverage ATE_DPT 1 2 3 3 4 3 Testing: modular design ATE_FUN 1 1 1 1 2 2 1 Functional testing ATE_IND 1 2 2 2 2 2 3 2 Independant testing, sample AVA Estimation des vulnérabilités AVA_VAN 1 2 2 3 4 5 5 5 Advanced methodical vulnerability analysis ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 15 out 17 Annex 2. Evaluated product references [ST] Reference security target for the evaluation: - SB/SA/ST23YT66/34 Security Target, Reference : SMD_Sx23YTxx_ST_09_001, v01.00, STMicroelectronics For the needs of publication, the following security target has been provided and validated in the evaluation: - SB/SA/ST23YT66/34 Security Target - Public Version, Reference : SMD_Sx23YTxx_ST_09_002, v01.00, STMicroelectronics [ETR] Evaluation technical report : - Evaluation Technical Report - LAFITE Project, Reference : LAFITE-SB23YT66A_ETR_v1.0 / 1.0, 2 March 2010, Serma Technologies For the needs of composite evaluation with this microcontroller a technical report for composition has been validated: - ETR Lite for Composition – LAFITE project, Reference: LAFITE_SB23YT66A_ETRLiteComp_v1.0 / 1.0, Serma Technologies [CONF] Products configuration list: - Configuration list, Reference : SMD_SB23YT66_CFGL_09_001 rev 1.0, STMicroelectronics List of the delivered materials: - documentation report, Reference : SMD_SB23YT66_34DR_09_001 v1.0, STMicroelectronics [GUIDES] The product user guidance documentation is the following: - ST23YT66 Datasheet, Reference : DS_23YT66 Rev 7, STMicroelectronics - ST23YT34 Datasheet, Reference : DS_23YT34 Rev 1, STMicroelectronics - ST23 Platform - Security Guidance, Reference : AN_SECU_23 Rev 7, STMicroelectronics - ST23 USB LIB user manual, Reference : UM_23_USBLIB, Rev 2, STMicroelectronics Certification report ANSSI-CC-2010/23 ST23YT66/34A Secure Microcontrollers Page 16 out 16 CER/F/07.5 - ST21/23 programming manual, Reference : PM_21_23/0709 Rev 1, STMicroelectronics - ST23 AIS31 Compliant Random Number User Manual, Référence : UM_23_AIS31 Rev 1, STMicroelectronics - ST23 AIS31 Tests reference implementation user manual, Référence : AN_23_AIS31 Rev1, STMicroelectronics [PP0035] Security IC Platform Protection Profile Version 1.0 June 2007. Certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) under the reference BSI-PP-0035-2007. ST23YT66/34A Secure Microcontrollers Certification report ANSSI-CC-2010/23 Page 17 out 17 Annex 3. Certification references Decree number 2002-535 dated 18th April 2002 related to the security evaluations and certifications for information technology products and systems. [CER/P/01] Procedure CER/P/01 - Certification of the security provided by IT products and systems, DCSSI. [CC] Common Criteria for Information Technology Security Evaluation : Part 1: Introduction and general model, September 2006, version 3.1, revision 1, ref CCMB-2006-09-001, Part 2: Security functional components, September 2007, version 3.1, revision 2, ref CCMB-2007-09-002, Part 3: Security assurance components, September 2007, version 3.1, revision 2, ref CCMB-2007-09-003. [CEM] Common Methodology for Information Technology Security Evaluation : Evaluation Methodology, September 2007, version 3.1, ref CCMB-2007- 09-004, revision 2. [CC IC] Common Criteria Supporting Document - Mandatory Technical Document - The Application of CC to Integrated Circuits, reference CCDB-2006-04-003 version 2.0, revision 1, April 2006. [CC AP] Common Criteria Supporting Document - Mandatory Technical Document - Application of attack potential to smart-cards, reference CCDB-2009-03-001 version 2.7 revision 1, March 2009. [REF-CRY] Cryptographic mechanisms - Rules and recommendations about the choice and parameters sizes of cryptographic mechanisms, version 1.11, 24th of October 2008, see www.ssi.gouv.fr [REF-CLE] Cryptographic keys management - Rules and recommendations about management of keys used in cryptographic mechanisms, version 1.10, 24th of October 2008, see www.ssi.gouv.fr [REF-AUT] Authentication - Rules and recommendations about authentication mechanisms with standard level robustness, v0.13 12th of April 2007, No. 729/SGDN/DCSSI/SDS [AIS31] Functionality classes and evaluation methodology for physical random number generator, AIS31 version 1, 25/09/2001, Bundesamt für Sicherheit in der Informationstechnik (BSI)