IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
Page i
i
National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
IBM CORPORATION
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Report Number: CCEVS-VR-01-0005
Dated: October 10, 2001
Version: 1.0
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6740
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740
®
TM
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
Page ii
ii
ACKNOWLEDGEMENTS
Validation Team
Jerome Myers
Stuart Schaeffer
Aerospace Corporation
Columbia, Maryland/El Segundo, California
Common Criteria Testing Laboratory
Cygnacom Solutions, an Entrust Company
McLean, Virginia
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
Page iii
iii
Table of Contents
1
1 EXECUTIVE SUMMARY
EXECUTIVE SUMMARY ................................
................................................................
................................................................
................................ 4
4
2
2 IDENTIFICATION
IDENTIFICATION ................................
................................................................
................................................................
...........................................
........... 5
5
3
3 SECURITY POLICY
SECURITY POLICY ................................
................................................................
................................................................
........................................
........ 7
7
3.1 PASSWORD POLICY....................................................................................................... 7
3.2 ROLE DIFFERENTIATION POLICY................................................................................... 7
3.3 IDENTIFICATION AND AUTHENTICATION POLICY........................................................... 7
3.4 ACCESS CONTROL POLICY ............................................................................................ 8
3.4.1 Access to hardware key. ............................................................................................ 8
3.4.2 Access to user buffers................................................................................................ 8
3.5 SECURITY MANAGEMENT POLICY................................................................................. 8
4
4 ASSUMPTIONS AND CL
ASSUMPTIONS AND CLARIFICATION OF SCOPE
ARIFICATION OF SCOPE ................................
..................................................
.................. 9
9
4.1 USAGE ASSUMPTIONS................................................................................................... 9
4.2 ENVIRONMENTAL ASSUMPTIONS .................................................................................. 9
4.3 CLARIFICATION OF SCOPE............................................................................................. 9
5
5 ARCHITECTURAL INFO
ARCHITECTURAL INFO RMATION
RMATION ................................
................................................................
............................................
............ 9
9
6
6 DOCUMENTATION
DOCUMENTATION ................................
................................................................
................................................................
.......................................
.......10
10
7
7 IT PRODUCT TESTING
IT PRODUCT TESTING ................................
................................................................
................................................................
.................................
.11
11
7.1 DEVELOPER TESTING.................................................................................................. 11
7.2 EVALUATOR TESTING ................................................................................................. 11
8
8 EVALUATED CONFIGUR
EVALUATED CONFIGUR ATION
ATION ................................
................................................................
................................................
................12
12
9
9 RESULTS OF THE EVA
RESULTS OF THE EVAL U
L U ATION
ATION ................................
................................................................
...............................................
...............12
12
10
10 EVALUATOR COMMENT
EVALUATOR COMMENT S
S ................................
................................................................
.......................................................
.......................12
12
11
11 ANNEXES
ANNEXES ................................
................................................................
................................................................
.....................................................
.....................12
12
12
12 SECURITY TARGET
SECURITY TARGET ................................
................................................................
................................................................
..................................
..12
12
13
13 GLOSSARY
GLOSSARY ................................
................................................................
................................................................
..................................................
..................13
13
14
14 BIBLIOGRAPHY
BIBLIOGRAPHY ................................
................................................................
................................................................
.........................................
.........14
14
LIST OF TABLES
Table 1: Evaluation Identifiers.................................................................................................... 6
Table 2: Lockout Time vs. Cumulative Password Failure Count.................................................. 7
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
4
1
1 EXECUTIVE SUMMARY
EXECUTIVE SUMMARY
This report documents the NIAP validators’ assessment of the CCEVS evaluation of the IBM Cryptographic Security
Chip for PC Clients manufactured by Atmel Corporation (AT90SP0801). It presents the evaluation results, their
justifications, and the conformance result.
The evaluation was performed by Cygnacom Solutions and was completed on September 9, 2001. The information in
this report is largely derived from the Evaluation Technical Report (ETR) written by Cygnacom and submitted to the
validators. The evaluation determined the product to be Part 2 conformant, Part 3 conformant, and to meet the
requirements of EAL 3 augmented with CC component ADV_SPM.11
(informal security policy model), resulting in a
“pass” in accordance with CC Part 1 paragraph 175.
The product is an integrated circuit chip interfacing with the Intel System Management Bus (SMBus) and mounted on a
daughter card on the motherboard of an IBM desktop computer or surface-mounted on the motherboard of an IBM
notebook computer. The product provides (1) RSA digital signature computation using internally stored 512-bit or 1024-
bit keys, and (2) decryption of relatively small encrypted blocks of data bits (e.g., symmetric encryption keys that must
be protected against disclosure) stored in a disk or memory component of the environment. For signature generation, an
arbitrary number of user public key pairs, encrypted with a hardware (product-specific) public key, can be stored in the
system in which the product is embedded. When a user requires a signature, the user’s private key is decrypted by the
product and stored in a register internal to the product. Access to product functions may optionally be controlled by
password. Data within the product (decrypted keys) is not accessible by the surrounding system. The hardware private
key may be changed by the possessor of a hardware password or locked to prevent its being changed.
The product is intended to protect the confidentiality and integrity of secret keys and to prevent unauthorized use of a
key. It does not support any particular Organizational Security Policies (OSPs) but provides the general protections noted
here.
All product related support functions must be provided as components of the environment. These functions include key
pair generation, encryption of keys and data, hashing for signature generation, and movement of commands and data into
and out of the chip via the SMBus. Environmental software provided by IBM for the product was available to facilitate
some of the product analysis and testing. However, this environmental software, provided by IBM in the Secure PC
client computing platforms, has not been subjected to a NIAP evaluation. In the configuration in which the chip is
mounted on a daughter card, the card is also a component of the environment and was not an element of this evaluation.
It is assumed that the operating system is configured to meet installation security requirements, that administration of the
computational environment is performed correctly and in a secure manner, and that adequate physical protection (power
management, protection against physical tampering, etc) is provided.
The validation team monitored the activities of the evaluation team, participated in team meetings, provided guidance on
technical issues and evaluation processes, reviewed selected evaluation evidence, and reviewed the individual work units
and successive versions of the ETR. The validation team found that the evaluation showed that the product satisfies all of
the functional requirements and assurance requirements stated in the Security Target (ST). Therefore the validation team
concludes that Cygnacom Solution’s findings are accurate, the conclusions justified, and the conformance results correct.
The Validation Report is not an endorsement of the IT product by any agency of the U.S. Government and no warranty
of the IT product is either expressed or implied.
1
The terminology in this sentence is defined in CC Interpretation 008, specifying new language for CC Part 1,
section/Clause 5.4.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
5
2
2 IDENTIFICATION
IDENTIFICATION
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and Technology (NIST)
effort to establish commercial facilities to perform trusted product evaluations. Under this program, security evaluations
are conducted by commercial testing laboratories called Common Criteria Testing Laboratories (CCTL)s using the
Common Evaluation Methodology (CEM) for Evaluation Assurance Level (EAL) 1 through EAL 4 in accordance with
National Voluntary Laboratory Assessment Program (NVLAP) accreditation.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency across
evaluations. Developers of information technology products desiring a security evaluation contract with a CCTL and
pay a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s
Validated Products List.
Table 1 provides information needed to completely identify the product, including
• the Target of Evaluation (TOE): the fully qualified identifier of the product as evaluated,
• the Security Target (ST), describing the security features, claims, and assurances of the product,
• the conformance result of the evaluation,
• the organizations and individuals participating in the evaluation
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
6
Table 1: Evaluation Identifiers
Item Identifier
Evaluation Scheme
United States NIAP Common Criteria Evaluation and Validation
Scheme
Target of Evaluation
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Protection Profile Not Applicable
Security Target
IBM Cryptographic Security Chip for PC Clients Manufactured by
ATMEL (AT90SP0801), Common Criteria Security Target Version
4.3, by Cygnacom Solutions.
Evaluation Technical Report
IBM Cryptographic Security Chip for PC Clients Manufactured by
ATMEL (AT90SP0801), Common Criteria Evaluation Technical
Report, by Cygnacom Solutions
Conformance Result
Part 2 conformant, Part 3 conformant, and EAL 3 augmented with CC
component ADV_SPM.1.
Sponsor
IBM Personal Systems, 3039 Cornwallis Rd, Research Triangle Park,
NC 27709
Developer
IBM Personal Systems, 3039 Cornwallis Rd, Research Triangle Park,
NC 27709
Atmel Corporation, 1150 E. Cheyenne Mtn. Blvd., Colorado Springs
CO 80906
Evaluators
Cygnacom Solutions
Ms. Kristina Rogers
Ms. Shari Galitzer
Government Participants
None
Validators
Mr. Jerome Myers (Aerospace Corporation)
Mr. Stuart Schaeffer (Aerospace Corporation)
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
7
3
3 SECURITY POLICY
SECURITY POLICY
The following security policies are enforced by the product.
3.1
3.1 Password Policy
Password Policy
Access to product functions and internally stored data requires a password. There are three classes of password:
• Hardware password, stored in a register in the chip. The hardware password is required for all administration and
configuration actions. It is required to be set at system (i.e., chip) initialization.
• Failure Counter Reset password, stored in a register in the chip. The Failure Counter Reset password can be used to
reset the Password Failure Counter. It must be set at system initialization.
• User password. A user may optionally specify a password to control access to his/her key when the key is stored in a
buffer within the chip. If no user password is associated with a buffered user key, anyone may access the key buffer.
The product maintains a count of all password check failures (for all three types of password) in an internal register, the
Failure Counter. When the failure count reaches a multiple of 32, the chip is locked for a period of time corresponding to
the count as shown in Table 2.
Table 2: Lockout Time vs. Cumulative Password Failure Count
Cumulative Failure
Count
Lockout Period
32 1.2 Minutes
64 2.4 Minutes
96 4.8 Minutes
… …
224 1 Hour, 17 Minutes
256 2 Hours, 34 Minutes
… …
384 1.7 Days
… …
512+ 27.2 Days
When ten unsuccessful authentication attempts occur related to the hardware password and the Failure Counter Reset
password, the Failure Count is modified If it is less than 224, it is incremented to 224. If greater than 224, it is
incremented to the next multiple of 32. The lockout period then begins.
3.2
3.2 Role Differentiation Policy.
Role Differentiation Policy.
The product supports exactly two roles:
• Administrator
• User (sometimes also referred to as Operator)
An Administrator is defined as any person who can provide the hardware password.
All other persons are users.
3.3
3.3 Ident
Identification and Authentication Policy.
ification and Authentication Policy.
In this product, user (or administrator) identity is not expressed as a character string associated with an individual. A
claim of identity is implicit in a command sent to the chip for execution.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
8
For an administrator, issuing the Hardware Key Password Check command asserts the claim of administrator identity.
The claim is authenticated if the hardware password is provided as command input. Password authentication is
mandatory for an administrator.
For a user, issuing the User Key Password Check command asserts that the issuer claims the identify of “owner” of the
encryption key in one of two internal chip buffers, specified in the command; the identity claim is “the current owner of
nticated if the user password, provided as command input, matches the user password
(if any) associated with the chip buffer.
A user buffer may be flagged as requiring no password, in which case any user can access the buffer (and use the key).
User identities are not maintained across power cycles.
3.4
3.4 Access Control Policy
Access Control Policy
3.4.1
3.4.1 Access to hardware key.
Access to hardware key.
Only an administrator may generate a signature using the hardware key. Any user may use the hardware key to decrypt
an externally stored key pair.
3.4.2
3.4.2 Access to user
Access to user buffers.
buffers.
User buffer access control is discretionary: a user specifies whether the buffer is password protected when loading key
data into one of the buffers.
If a user buffer is password protected, only the owner (a user providing the password) can
(1) decode2
the user’s externally stored encrypted private key data and store it in a user buffer, and
(2) use the key in the buffer for signature generation or decryption.
If a user buffer is not password protected, any user can perform these operations.
3.5
3.5 Sec
Security Management Policy
urity Management Policy
Only an administrator may issue the following commands:
• Lock the hardware key (i.e., make the current hardware key permanently unchangeable).
• Change the hardware password.
• Change the Failure Counter Reset password.
• The maximum size of a data block that can be read from the chip (i.e., returned by a read command).
• Enable clearing of chip data.
• Hardware Key Password Check command.
• The command to reset the Password Failure Counter.
2
“Decode” is the term used by the product manufacturer for this decryption operation.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
9
4
4 ASSUMPTIONS AND CLAR
ASSUMPTIONS AND CLARIFICATION OF SCOPE
IFICATION OF SCOPE
4.1
4.1 Usage Assum
Usage Assumptions
ptions
The evaluation made the following assumptions concerning product usage:
• The product is properly installed in a desktop or laptop personal computer.
• The product is configured according to the System Administrator’s Guide.
• The hardware password is changed from its default (factory-set) value when the chip is initialized.
• Users do not disclose their passwords to unauthorized users.
• Passwords are cleared from the chip after use to avoid unauthorized reuse.
• Administrators and users follow the guidance documents.
• The chip clear function is disabled during initialization to avoid a denial of service attack
4.2
4.2 Environmental Assumptions
Environmental Assumptions
The evaluation made the following assumptions concerning the environment:
• The product is physically protected, since it cannot protect itself against physical tampering.
• Access to key data stored outside the chip is controlled by functions in the environment (e.g., the operating system).
• Key pairs and passwords are correctly generated by environmental functions.
4.3
4.3 Clarification o
Clarification of Scope
f Scope
Certain threats are outside the scope of the product’s capabilities to counter, and the product makes no claims of
protection against them:
• The chip has an authentication failure handling mechanism to protect against password cracking attacks. After
a specified number of failed password attempts, the chip locks users out for progressively longer periods of
time. If an attacker intentionally sends multiple bad passwords to the chip, this can cause denial of service for
authorized users. The product does not claim that it can protect itself against such attacks.
• The product protects only information under its control, i.e., stored on the chip. Key pairs and passwords are
generated in the environment and must be protected in the environment (i.e., in off-chip storage) by other
means.
• The product does not protect against access to its functions by individuals not authorized to use the system in
which the chip is embedded. In a practical application, the environment (typically, the operating system) is
expected to provide any such protection.
5
5 ARCHITECTURAL INFORM
ARCHITECTURAL INFORMATION
ATION
The product is a single system (a single monolithic integrated circuit chip) with no subsystems.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
10
6
6 DOCUMENTATION
DOCUMENTATION
The following product documentation is provided to consumers:
800-007 IBM Cryptographic Security Chip for PC Clients Manufactured by Atmel (AT90SP0801) Common
Criteria Security Target, Rev B.
800-002 IBM Secure Signature Chip Administrator Guide, Rev B
800-001 IBM Secure Signature Chip User Guide, Rev B
800-004 IBM Secure Signature Chip Secure Installation Generation Start-up Procedures, Rev B
Datasheet AT90SP0801, 1495AX-07/05/01
Additional unevaluated consumer documentation related to the product is available at
http://www.pc.ibm.com/ww/security/securitychip.html
http://www.pc.ibm.com/ww/security/securitychip.html
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
11
IT PRODUCT TESTING
IT PRODUCT TESTING
6.1
6.1 Developer Testing
Developer Testing
The TOE is a mass-replicated integrated circuit chip, and the developer tests manufacturing samples for conformance to
specifications. This testing is performed by placing the test sample into a test platform, an IBM RIO PC, and testing the
chip functions. Most testing is automated using scripts written in the tcl language. The tcl scripts generate commands on
the IBM PC, send commands to the chip, collect results returned from the chip to the PC, and save the commands and
results for analysis. The tests that are not automated are those requiring operator intervention: pushing a button to reset
the chip, cycling power, and monitoring the lockout period with a clock.
As originally presented for evaluation, the developer’s testing was not exhaustive. The evaluator worked with the
developer to create additional tests for all cases not included in the developer’s test suite. The developer has incorporated
these additional tests into their standard test suite, and developer testing is now exhaustive; all TOE Security Functions
in the ST are tested.
The chip is tested as manufactured, with register settings as specified in 800-002 IBM Secure Signature Chip
Administrator Guide, Rev B, Table 3.1 “Required System Configuration” (see Section 8, EVALUATED
CONFIGURATION, below).
6.2
6.2 Evaluator Testing
Evaluator Testing
The evaluator performed approximately 80% of the developer’s test suite of 52 tcl test scripts. The evaluator executed
43 of the scripts on the 20-pin SOIC package and 41 of the scripts on the 28-pin package. The only scripts not executed
were long-running scripts that test lockout due to authentication failure and a script that permanently locks the chip.
The only security function not tested by the evaluator was the function that permanently locks the chip.
The evaluator also devised a test subset that:
• Covered all classes of security functionality claimed by the Security Target (Cryptographic Support, User Data
Protection, Identification and Authentication, Security Management, and Protection of the TSF), and
• Tested the Strength of Function claim.
The following test cases3
were specified as part of independent team testing and scripted in tcl. The test environment and
chip configuration were the same as previously described.
0. Verification of TSF Interface: Check that commands generated by tcl scripts are sent to the chip and that chip
responses displayed by the tcl manager actually came from the chip.
1. Password Length: Check that users cannot use a password of length less than eight characters.
2. Digital Signature with 512 and 1024 bit keys: Verify that cryptographic functionality is working by decoding
a user key and using it to sign a message
3. Password Mode Byte: Check sample of cases of password mode byte
4. Reset Failure Counter with Hardware Password: Check that authentication with the hardware
(administrative) password resets the failed password attempt counter.
3
The numbering scheme is that used in the Evaluation Technical Report.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
12
5. Attempt to change Bit 2 of the “Configuration Information Register”: Attempt to write “0” to Bit 2 of the
Configuration Information Register CONFIG_R. Bit 2 of this register is supposed to be permanently set to “1”.
6. Comparison of Power Cycle, Reset, and Chip Clear: Compare register settings and password flags before
and after power cycle, chip clear, and reset
7. Undocumented Commands: Attempt to perform an invalid command
8. Undocumented Registers: Attempt to store into and load from undocumented registers.
All tests gave expected (correct) results. The testing found that the product was implemented as described in the
functional specification and did not uncover any undocumented interfaces or other security vulnerabilities.
7
7 EVALUATED CONFIGURAT
EVALUATED CONFIGURATION
ION
The TOE is a monolithic integrated circuit chip and has no subsystems or discrete components that can be added,
removed, or rearranged. It is manufactured in two physical packages, a 20-pin SOIC (Small Outline Integrated Circuit)
package and a 28-pin TSSOP (Thin Shrink Small Outline Package) package. The two physical configurations are
logically and functionally identical. Both were tested for the evaluation.
The evaluated configuration was as delivered from the factory and described in the document 800-007 IBM
Cryptographic Security Chip for PC Clients Manufactured by Atmel (AT90SP0801) Common Criteria Security
Target, Rev B, with register settings for initialization (including enablement) and operation as specified in 800-002 IBM
Secure Signature Chip Administrator Guide, Rev B, Table 3.1 “Required System Configuration”.
8
8 RESULTS OF THE EVALU
RESULTS OF THE EVALUATION
ATION
4
4
The evaluation determined the product to be Part 2 conformant, Part 3 conformant, and to meet the requirements of
EAL 3 augmented with CC component ADV_SPM.1 (informal security policy model).
9
9 EVALUATOR COMMENTS
EVALUATOR COMMENTS
There are no Evaluator Comments.
10
10 ANNEXES
ANNEXES
There are no annexes to this report.
11
11 SECURITY TARGET
SECURITY TARGET
The ST, IBM Cryptographic Security Chip for PC Clients Manufactured by Atmel (AT90SP0801) Common Criteria
Security Target, Rev B, is included here by reference.
4
The terminology in this section is defined in CC Interpretation 008, specifying new language for CC Part 1,
section/Clause 5.4.
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
13
12
12 GLOSSARY
GLOSSARY
CC Common Criteria
CCEL Common Criteria Evaluation Laboratory
CCEVS Common Criteria Evaluation and Validation Scheme
CCTL Common Evaluation Testing Laboratory
CEM Common Evaluation Methodology
CI Configuration Items
EAL Evaluation Assurance Level
EDR Evaluation Discovery Report
ETR Evaluation Technical Report
MRA Mutual Recognition Arrangement
NIAP National Information Assurance Program
NIST National Institute of Science & Technology
NSA National Security Agency
OR Observation Report
PP Protection Profile
ROM Read Only Memory
SAR Security Assurance Requirement
SFR Security Functional Requirements
SOF Strength of Function
SOIC Small Outline Integrated Circuit
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functions
TSFI TSF Interface
TSSOP Thin Shrink Small Outline Package
IBM Cryptographic Security Chip for PC Clients
Manufactured by ATMEL (AT90SP0801)
Validation Report
14
13
13 BIBLIOGRAPHY
BIBLIOGRAPHY
[1] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general
model, dated August 1999, Version 2.1.
[2] Common Criteria for Information Technology Security Evaluation – Part 2: Security functional
requirements, dated August 1999, Version 2.1.
[3] Common Criteria for Information Technology Security Evaluation – Part 2: Annexes, dated August
1999, Version 2.1.
[4] Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance
requirements, dated August 1999, Version 2.1.
[5] Common Evaluation Methodology for Information Technology Security – Part 1: Introduction and
general model, dated 1 November 1998, version 0.6.
[6] Common Evaluation Methodology for Information Technology Security – Part 2: Evaluation
Methodology, dated August 1999, version 1.0
[7] IBM Cryptographic Security Chip for PC Clients Manufactured by Atmel (AT90SP0801) Common
Criteria Security Target, Rev B.
[8] 800-002 IBM Secure Signature Chip Administrator Guide, Rev B
[9] 800-001 IBM Secure Signature Chip User Guide, Rev B
[10] 800-004 IBM Secure Signature Chip Secure Installation Generation Start-up Procedures, Rev B
[11] Datasheet AT90SP0801, 1495AX-07/05/01