1
CC-T6NE1-ST-ENG-001
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
T6NE1 Integrated Circuit
Security Target
24 May 2013
Version 0.38
TOSHIBA CORPORATION
2
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
Change History
No Version Date Chapter Content Name
1
0.1 11/05/2012 New
Toshiba
2
0.2
07/08/2012
Requirements for memory access
control policy has been added
Brightsight
3
0.3
22/Aug/2012
Chap 1.2
Chap 1.3.1
TOE overview security features added.
TOE table version incremented.
Delivery form unsawn wafer is correct.
Toshiba
4
0.31
21/Sep/2012
Chap
3.2,3.4
Typo revised.
HWC version up.
Toshiba
5
0.32
9/Oct/2012
Chap 5.3,
6.1,5.2.1
MSR instruction to jump to user mode
Is recovered in chap 5.3.
Delete reference to firewall.
Delete RF system description in ECC
In chap 6.1.
RNG SFR is added in chap 5.2.1
TOE tabele adjusted to AGD.
Toshiba
6 0.33 21/Dec/2012 Chap 5.2.1 Update the RNG SFR Toshiba
7 0.34 27/Feb/2013 Chap 1.3.1 TOE id revised Toshiba
8
0.35
11/April/2013 Chap 1.3.1
TOE id revised Toshiba
9 0.36 8 /May/2-13 Chap 1.3.1
Sha256 of hwc is added in table 1.1
Plastic package explanation added in
table 1.1.
Toshiba
10 0.37 23/May/2013 Chap 1.3.1 AGD and UGM version is updated. Toshiba
11 0.38 24/May/2013 Chap 1.3.1 Version adjusted. Toshiba
i
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
Table of contents
1. ST Introduction ................................................... 1
1.1. ST identifiers 1
1.2. TOE overview 1
1.3. TOE description 3
1.3.1. Physical scope........................................................... 3
1.3.2. Logical scope............................................................ 7
2. Conformance claim ................................................. 8
2.1. CC Conformance 8
2.2. PP Claim 8
2.3. Package claim 8
2.4. Conformance claim rationale 8
3. Security problem definition ....................................... 9
3.1. Description of Assets 9
3.2. Threats 9
3.3. Organisational security policies 9
3.4. Assumptions 11
4. Security objectives .............................................. 12
4.1. Security objectives for the TOE 12
4.2. Security objectives for the security IC embedded software development
environment 13
4.3. Security objectives for the operational environment 14
2
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
4.4. Security objectives rationale 14
5. Security requirements ............................................ 15
5.1. Definitions 15
5.2. Security Functional Requirements (SFR) 15
5.2.1. SFRs derived from the Security IC Platform Protection Profile ........... 15
5.2.2. SFRs regarding cryptographic functionality .............................. 17
5.3. Security Assurance Requirements (SAR) 22
5.4. Security requirements rationale 23
5.4.1. Security Functional Requirements (SFR) .................................. 23
5.4.2. Dependencies of the SFRs................................................ 24
5.4.3. Security Assurance Requirements (SAR) ................................... 25
6. TOE summary specification ........................................ 27
6.1. Malfunction 27
6.2. Leakage 28
6.3. Physical manipulation and probing 29
6.4. Abuse of functionality and Identification 29
6.5. Random numbers 30
6.6. DES 30
6.7. AES 31
7. Reference ........................................................ 32
1
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
1. ST Introduction
This Security Target (ST) is built upon the Security IC Platform Protection Profile [5], registered
and Certified by Bundesamt für Sicherheit in der Informationstechnik (BSI) under the reference
BSI-PP-0035.
This chapter presents the ST reference and an introductory description for the Target Of
Evaluation (TOE).
1.1. ST identifiers
ST reference: T6NE1 Integrated Circuit Security Target, version 0.38, 24 May 2013
ST Status: final.
TOE reference: T6NE1 Integrated Circuit
1.2. TOE overview
The T6NE1 Integrated Circuit (Target of Evaluation – TOE) is an Integrated Circuit (plastic
package or wafer) with a DES and AES accelerator. The TOE that is described in this ST is a single
chip microcontroller (hardware, security IC dedicated software to initialise a number of settings for
sensor levels and countermeasures at start-up and security IC dedicated test software) that is used
as SAM chip in a cellular phone. The TOE combined with CLF (which is not part of the TOE)
realizes a platform for electronic transactions.
CLF is the abbreviation of Contactless Front End. The TOE can connect to an RF interface and
interface to a Device Host through a CLF chip.
The TOE has the following interfaces:
 a communication interface;
a serial interface that receives data from the CLF chip.
The objective of the TOE is to protect the IT security of the IC and embedded software that is
intended to be used as an electronic purse (people can pay with the TOE embedded in mobile
equipment), ticket or commuter ticket and so on.
The intended usage of the operational TOE is by consumers (end-user), who own/use mobile
2
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
equipment in which the TOE is embedded.
The TOE is delivered to a composite product manufacturer. The security IC embedded software is
developed by the composite product manufacturer. This software is sent to Toshiba. Toshiba
develops the IC dedicated test software. Toshiba merges the security IC embedded software and the
IC dedicated test software and implements these in the T6NE1. After testing in Toshiba, the IC
dedicated test software is made unavailable and becomes inaccessible by the composite product
manufacturer or by the end-user after delivery.
Protected information is in general secret data such as Personal Identification Numbers, Balance
Value (Stored Value Cards), and Personal Data Files. Other protected information is data
representing access rights; these include cryptographic algorithms and keys needed for accessing
and using services provided by the system through use of the TOE and its embedded software in
mobile equipment.
The IC that is used in mobile equipment consists of the central processing unit (CPU), memory
element (ROM, RAM, NV memory), and circuit for serial interface that have been integrated with
consideration given to tamper resistance.
The increase in the number and complexity of applications in the market of these products is
reflected in the increase of the level of data security required. The security needs for this product
can be summarised as being able to counter those who want to defraud, gain unauthorised access to
data or unauthorised control a system using the TOE and its embedded software. Therefore it is
mandatory to:
 maintain the integrity and the confidentiality of the content of the memory as required by the
security IC embedded software the product is built for;
 maintain the correct execution of the security IC embedded software residing on the TOE.
This requires that the TOE’s integrated circuit especially maintains the integrity and the
confidentiality of its security enforcing and security relevant architectural components.
Other security features of the TOE are:
 memory encryption;
 Detection of abnormal power supply voltage, detection of abnormal Temperature, , Power supply
glitch, Metal cover removal, detection of Light;
 Sensor signal monitoring;
 EEPROM error correction;
 Memory protection;
3
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
 Shield cover;
 Random number generator;
 Timing noise generation;
 Dummy calculation;
 Undefined CPU instruction monitoring;
 Undefined address access monitoring;
 Memory address scrambling;
 Bus and memory parity checking;
 DES accelerator;
 AES accelerator;
 Complicated test mode control ;
 Dummy connection;
 Glue logic;
 Internal clock;
The intended environment is very large and generally once issued the IC embedded in the mobile
equipment can be stored and used and no control can be applied to the TOE and the mobile
equipment operational environment. For example, a commuter ticket, electronic money or data
(money information, user information etc) is stored in the TOE EEPROM. The data that the CLF
receives from wired or wireless communication is communicated to the T6NE1. T6NE1 manages
the data securely, and returns the processed result through CLF to the RF interface or Device Host.
The AES is more secure than DES and it will replace the DES in the future. When AES becomes
A must, it will be switched from DES by the System through CLF.
The TOE can be used for OS with applet which is downloaded.
1.3. TOE description
In this chapter, for the sake of providing deeper understanding of the security requirements and
intended use of the TOE, overall information regarding the TOE will be provided.
1.3.1. Physical scope
The Target of Evaluation (TOE) is intended to be used in mobile equipment, independent of the
physical interface and the way it is packaged. Generally, the product may include other optional
elements (such as specific hardware components, batteries, capacitors, antennae.) but these are not
in the scope of this Security Target. In Table 1-1 the physical scope the TOE is presented.
4
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
Table 1-1, Physical scope of the TOE.
DELIVERY
ITEM TYPE
IDENTIFIER VERSION MEDIUM ADDITIONAL INFORMATION
Hardware T6NE1 4.0 Unsawn wafer or
plastic package
The T6NE1 TOE is delivered in in
unsawn wafer form or
Plastic package form.
Plastic package called
T6NE6.
Software Hardware configuration
CODE
0.5 Source code file
(hwcfg.s)
SHA256 value=
869A2D9B7A0BEDE385CCC8A5ABB
5DBA356F7CDF8B8CA25DC6FDABC
83CCF439A1
Hardware configuration DATA 0.5 Data delivered in
T6NE1 EEPROM
hardware
TEST ROM software 0.3 Delivered in ROM
test area
Manuals T6NE1 User guidance
overview
0.38 Electronic document
Kura2 development
specification
0.9.2 Electronic document
T6NE1 User Guidance
manual
0.9.9 Electronic document User Guidance Manual describes
security rules the user has to follow.
T6NE1 chip inside the T6NE6 package is not connected with CLF chip.
The TOE software consists of Hardware configuration software and data and TEST ROM software.
It exists in the IC memory after TOE Delivery to a composite product manufacturer1. The
Hardware configuration CODE is delivered as source code to be included in the software of the IC
embedded software developer. The Hardware configuration CODE uses the Hardware configuration
DATA delivered in EEPROM. The “IC dedicated test software (TEST ROM software)” delivered in
ROM is not accessible after TOE Delivery to a composite product manufacturer and is only used to
support production of the TOE.
The configuration of the T6NE1 is defined by the hardware configuration settings. For secure
operation the security IC embedded software must use the mandated settings. These settings are
defined in the T6NE1 User Specification.
The manuals are delivered to the composite product manufacturer. The end user does not receive
these manuals. The delivery to the end user contains the operational TOE consisting of the IC
Hardware and IC embedded software together with security IC embedded software in the ROM
from the composite product manufacturer.
1 In terms of the protection profile the TOE is delivered at the end of Phase 3 IC Manufacturing.
5
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
The TOE in its environment is depicted in Figure 2-1. The T6NE1 TOE is an LSI which has been
designed to realize SAM chip functionality in combination with CLF chip for e.g. an electronic purse
function (e–payment) in mobile phone. In such a function there can be a user OS in the ROM and
service data in the EEPROM. Other examples can be , a commuter ticket, electronic money or data
(money information, user information etc) all stored in the EEPROM. By wireless or wired
communication, the data that CLF chip receives is communicated to the TOE. The TOE manages
the data securely, and returns the processed result through CLF chip.
SAM: Security Authentication Module
CLF: Contactless Front End
UICC : Universal IC card
SWP: Single wired protocol
HCI: Host Control Interface
Figure 2-1 TOE in its environment
The components of the TOE are depicted in Figure2-2 in a block diagram. The basic configuration
elements of the TOE are the CPU, the CPU peripheral circuits (MEMC, Control Logic), the various
memory elements (EEP, ROM, RAM), security function circuit (CRC, RNG, Triple-DES,AES ), various
types of detection circuits (SECURITY DETECTORS), and others (TEST CIRCUIT, etc.).
CLF chip
(RFchip)
T6NE1
SAM
HOST
controller
R/W
Wireless card R/W
train gate、convenience store
for Pos system, etc
Digitizing the
wireless data
Data or application
is stored
Wireless cards
Wireless
communication
Realize card function with CLF chip+ Reader/Writer function
SPI
RF antenna
UICC
SWP/7816
HCI
6
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
Figure 2-2 Basic Configuration Elements of the T6NE1 Hardware
The following components are used.
- CPU ARM SC100
- MEMC Memory Cipher Circuit
- RAM, ROM,NV mem. 20 KB RAM, 512KB(test rom included) ROM, 64KB EEPROM
- Control Logic
- Triple-DES
AES
- CRC CRC-CCITT (16 bit CRC)
- RNG Random number generator
- VOLTAGE REGULATOR
- SECURITY DETECTOR
- TEST CIRCUIT
- POR Power On Reset
VIC Vector Interrupter Controller
RVD and GND are power supply terminal and ground terminal respectively and can be connected to
RF chip power supply terminal and ground line respectively.
SYSCTL
RST,CLK
CPU
TIMER
TIMER
MEMC
ROM
(512KB)
RAM
(20KB)
NV memory
(64KB)
CRC
RNG
Triple-DES
RVD
GND
SCLK
NSS
INT
TEST CIRCUIT
SECURITY DETECTORS
VOLTAGE
REGULATOR
ESE-IF
(SPI)
VIC(INT)
TSCK
MOSI
MISO
AES
OSC
POR
TRSTB
7
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
1.3.2. Logical scope
The logical security features offered by the TOE are the following:
1. Triple-DES:
a. ECB mode, Triple DES 2KEY,Encryption/Decryption
b. ECB mode, Triple DES 3KEY,Encryption/Decryption
c. CBC mode, initial value: arbitrary, Triple DES 2KEY,Encryption/Decryption
d. CBC mode, initial value: arbitrary, Triple DES 3KEY,Encryption/Decryption
2. AES:
ECB, CBC and OFB mode Encryption/Decryption are supported by AES coprocessor.
3. Physically seeded random number generator:
A physical noise source provides seeding for a deterministic random number generator built
from recursive calls to AES, conformant to AIS20 Class K3 (AIS20/AIS31 DRG.2) in which the
DRNG postprocessing is regularly reseeded from a 256 bits output from the TRNG physical
random number generator. The quality of the noise source is monitored during this seeding
process for total failure of the noise source. The whole construction (physical noise source, total
failure tests, AES in recursive mode) is completely implemented in hardware.
8
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
2. Conformance claim
This chapter presents conformance claim and the conformance claim rationale.
2.1. CC Conformance
This Security Target claims to be conformant to the Common Criteria “version 3.1 revision 3” d.d.
July 2009.
 The conformance of the ST to CC Part 2 is CC Part 2 extended
 The conformance of the ST to CC Part 3 is CC Part 3 conformant
The extended Security Functional Requirements are defined in chapter 5.
This TOE claims to be conformant to the Common Criteria “version 3.1 revision 3” d.d. July 2009.
The attack potential quotation as part of the vulnerability analysis shall use the Mandatory
Technical Document “Application of Attack Potential to Smartcards”, which current version is [7].
2.2. PP Claim
The ST and the TOE claim conformance to the following Protection Profile (PP):
 Security IC Platform Protection Profile. Registered and Certified by Bundesamt für Sicherheit
in der Informationstechnik (BSI) under the reference BSI-PP-0035. [5]
2.3. Package claim
The assurance level for this Security Target is EAL5 augmented with AVA_VAN.5 and ALC_DVS.2.
This assurance level is in line with the Security IC Platform Protection Profile.
2.4. Conformance claim rationale
This TOE is equivalent to the conformance claim stated in a Security IC Platform Protection
Profile.
9
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
3. Security problem definition
This chapter presents the threats, organisational security policies and assumptions for the TOE.
The Assets, Assumptions, Threats and Organisational Security Policies are completely taken from
the Security IC Platform Protection Profile [5].
3.1. Description of Assets
Since this Security Target claims conformance to the Security IC Platform Protection Profile [5], the
assets defined in section 3.1 of the Protection Profile are applied.
3.2. Threats
Since this Security Target claims conformance to the Security IC Platform Protection Profile [5], the
threats defined in section 3.2 of the Protection Profile are valid for this Security Target. The
following table lists the threats of the Protection Profile.
Table 3-1, Threats defined in the Security IC Platform Protection Profile.
Threats Titles
T.Phys-Manipulation Physical Manipulation
T.Phys-Probing Physical Probing
T.Malfunction Malfunction due to Environmental Stress
T.Leak-Inherent Inherent Information Leakage
T.Leak-Forced Forced Information Leakage
T.Abuse-Func Abuse of Functionality
T.RNG Deficiency of Random Numbers
3.3. Organisational security policies
Since this Security Target claims conformance to the Security IC Platform Protection Profile [5], the
Organisational Security Policies defined in section 3.3 of the Protection Profile are valid for this
Security Target. The following table lists the Organisational Security Policies of the Protection
Profile.
10
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
Table 3-2, Organisational Security Policies defined in the Security IC Platform Protection Profile.
Organisational Security Policies Titles
P.Process-TOE Protection during TOE Development and Production
The following Organisational Security Policy considers the Application Note 6 of the Security IC
Platform Protection Profile [5] related to the specialised functions of the TOE.
The TOE provides specific security functionality, which can be used by the security IC embedded
software. In the following specific security functionality is listed which is not derived from threats
identified for the TOE’s environment because it can only be decided in the context of the security IC
application, against which threats the security IC embedded software will use the specific security
functionality.
The IC Developer / Manufacturer applies the policy “Additional Specific Security Functionality
(P.Add-Functions)” as specified below.
P.Add-Functions Additional Specific Security Functionality
The TOE shall provide the following specific security functionality to the
security IC embedded software:
· Data Encryption Standard (DES),
· Advanced Encryption Standard(AES)
· Area based memory access control
The following Organisational Security Policy considers the Application Note 8 of the Security IC
Platform Protection Profile [5] related to the specialised encryption hardware of the TOE. The
developer of the security IC embedded software must ensure the appropriate “Usage of Key
dependent Functions (P.Key-Function)” while developing this software in Phase 1 “Security IC
embedded software development” (see Security IC Platform Protection Profile [5]) as specified
below.
P.Key-Function Usage of Key-dependent Functions
Key-dependent functions (if any) shall be implemented in the security IC
embedded software in a way that they are not susceptible to leakage
attacks (as described under T.Leak-Inherent and T.Leak-Forced).
Note that here the routines which may compromise keys when being
executed are part of the security IC embedded software. In contrast to
this the threats T.Leak-Inherent and T.Leak-Forced address (i) the
11
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
cryptographic routines which are part of the TOE and (ii) the processing
of User Data including cryptographic keys.
3.4. Assumptions
Since this Security Target claims conformance to the Security IC Platform Protection Profile [5], the
assumptions defined in section 3.4 of the Protection Profile are valid for this Security Target. No
additional assumptions are added. The following table lists the assumptions of the Protection
Profile.
Table 3-3, Assumptions defined in the Security IC Platform Protection Profile.
Assumptions Titles
A.Process-Sec-IC Protection during Packaging, Finishing and Personalisation
A.Plat-Appl Usage of Hardware Platform
A.Resp-Appl Treatment of User Data
12
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
4. Security objectives
This chapter provides the statement of security objectives and the security objective rationale. For
this chapter the Security IC Platform Protection Profile [5] can be applied completely. Only a short
overview is given in the following.
4.1. Security objectives for the TOE
The TOE shall provide the following security objectives, taken from the Security IC Platform
Protection Profile [5]. The following table lists the security objectives for the TOE of the Protection
Profile.
Table 4-1, Security objectives for the TOE defined in the Security IC Platform Protection Profile.
Security objectives for the TOE Titles
O.Leak-Inherent Protection against Inherent Information Leakage
O.Phys-Probing Protection against Physical Probing
O.Malfunction Protection against Malfunctions
O.Phys-Manipulation Protection against Physical Manipulation
O.Leak-Forced Protection against Forced Information Leakage
O.Abuse-Func Protection against Abuse of Functionality
O.Identification TOE Identification
O.RNG Random Numbers
Regarding Application Note 6 of the Security IC Platform Protection Profile [5] the following
additional security objectives are defined based on additional functionality provided by the TOE as
specified below.
O.HW_DES DES Functionality
The TOE shall provide the cryptographic functionality to calculate a DES
encryption and decryption to the security IC embedded software. The
TOE supports directly the calculation of Triple-DES.
O.HW_AES AES functionality
The TOE provides AES cryptographic operational functions in order that
The security IC Embedded Software can invoke them as libraries, TOE
Supports directly the calculation of AES.
O.MEM_ACCESS Area based Memory Access Control
13
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
The TOE controls access to memory areas from processor instructions. The TOE
decides based on the CPU mode (Privileged or User Mode) and the configuration of
the Memory Protection Unit if the requested type of access to the memory area
addressed by the operands in the instruction is allowed.
4.2. Security objectives for the security IC embedded software
development environment
According to the Security IC Platform Protection Profile [5], the following security objectives for the
environment are specified:
Table 4-2, Security objectives for the security IC embedded software development environment defined
in the Security IC Platform Protection Profile.
Security objectives for the Environment Titles
OE.Plat-Appl Usage of Hardware Platform
OE.Resp-Appl Treatment of User Data
Clarification of “Usage of Hardware Platform (OE.Plat-Appl)”
The TOE supports cipher schemes as additional specific security functionality. If required the
security IC embedded software shall use these cryptographic services of the TOE and their interface
as specified. When key-dependent functions implemented in the security IC embedded software are
just being executed, the security IC embedded software must provide protection against disclosure
of confidential data (User Data) stored and/or processed in the TOE by using the methods described
under “Inherent Information Leakage (T.Leak-Inherent)” and “Forced Information Leakage
(T.Leak-Forced)“.
Clarification of “Treatment of User Data (OE.Resp-Appl)”
By definition cipher or plain text data and cryptographic keys are User Data. The security IC
embedded software shall treat these data appropriately, use only proper secret keys (chosen from a
large key space) as input for the cryptographic function of the TOE and use keys and functions
appropriately in order to ensure the strength of cryptographic operation.
This means that keys are treated as confidential as soon as they are generated. The keys must be
unique with a very high probability, as well as cryptographically strong.
For example, If keys are imported into the TOE and/or derived from other keys, quality and
confidentiality must be maintained.
This implies that appropriate key management has to be realised in the environment.
14
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
4.3. Security objectives for the operational environment
According to the Security IC Platform Protection Profile [5], the following security objectives for the
environment are specified.
Table 4-3, Security objectives for the Environment defined in the Security IC Platform Protection Profile.
Security objectives for the Environment Titles
OE.Process-Sec-IC Protection during composite product manufacturing
4.4. Security objectives rationale
In Table 4-4 each security objective for the TOE is traced back to threats countered by that security
objective and OSPs enforced by that security objective.
Table 4-4, Tracing between objectives and Threat, Organisational Security Policy or Assumption.
Threat, Organisational Security Policy or
Assumption
Security Objective Sufficiency of countering
T.Phys-Manipulation O.Phys-Manipulation See PP
T.Phys-Probing O.Phys-Probing See PP
T.Malfunction O.Malfunction See PP
T.Leak-Inherent O.Leak-Inherent See PP
T.Leak-Forced O.Leak-Forced See PP
T.Abuse-Func O.Abuse-Func See PP
T.RNG O.RNG See PP
P.Process-TOE O.Identification See PP
P.Add-Functions O.HW_DES See below
P.Add-Functions O.HW_AES See below
P.Add-Functions O.MEM_ACCESS See below
P.Key-Functions OE.Plat-Appl See PP
A.Process-Sec-IC OE.Process-Sec-IC See PP
A.Plat-Appl OE.Plat-Appl See PP
A.Resp-Appl OE.Resp-Appl See PP
15
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
The justification related to the organisational security policy “Protection during TOE
Development and Production (P.Add-Functions) is as follows:
Since the objectives O.HW_DES, O.HW_AES and O.MEM_ACCESS require the TOE to implement
exactly the same specific security functionality as required by P.Add-Functions, the organisational
security policy is covered by the objectives
5. Security requirements
This chapter presents the statement of security requirements for the TOE and the security
requirements rationale. This chapter applies the Security IC Platform Protection Profile [5].
5.1. Definitions
In the next sections the following the notation used
· Whenever iteration is denoted, the component has an additional identification [XXX].
· When the refinement, selection or assignment operation is used these cases are indicated by
italic text and explained in footnotes.
5.2. Security Functional Requirements (SFR)
To support a better understanding of the combination Security IC Platform Protection Profile vs.
Security Target, the TOE Security Functional Requirements are presented in the following several
different sections.
5.2.1. SFRs derived from the Security IC Platform Protection Profile
Table 5-1, Security Functional Requirements taken from the Security IC Platform Protection Profile.
Security functional requirements Titles
FRU_FLT.2 “Limited fault tolerance“
FPT_FLS.1 “Failure with preservation of secure state”
FMT_LIM.1 “Limited capabilities”
FMT_LIM.2 “Limited availability”
FAU_SAS.1 “Audit storage”
FPT_PHP.3 “Resistance to physical attack”
FDP_ITT.1 “Basic internal transfer protection”
FDP_IFC.1 “Subset information flow control”
16
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
FPT_ITT.1 “Basic internal TSF data transfer protection”
FCS_RNG.1 “Quality metric for random numbers”
Table 5-1 lists the Security Functional Requirements that are directly taken from the Security IC
Platform Protection Profile. With three exceptions, all assignment and selection operations are
performed on these SFRs. The fist exception is the left open assignment of type of persistent
memory by FAU_SAS.1. The second exception is the left open definition of a quality metric for the
random numbers required by FCS_RNG.1. The following statements define these SFRs. The third
exception is the additional SFRs that provide security services to the Security Embedded Software
without countering a specific threat. These are SFRs covering cryptographic services and SFRs
regarding access control policy. The next subparagraphs describe these SFRs
FAU_SAS.1 Audit storage
Hierarchical to: No other components.
FAU_SAS.1.1 The TSF shall provide the test process before TOE Delivery 2 with the capability
to store the Initialisation Data and/or Pre-personalisation Data in the EEPROM and/or
supplements of the security IC embedded software 3.
Dependencies: No dependencies.
FCS_RNG.1 Random number generation (Class DRG.2)
FCS_RNG.1.1 The TSF shall provide a deterministic random number generator that implements:
(DRG.2.1) If initialized with a random seed using the PTRNG of the TOE as a random source4, the
internal state of the RNG shall have at least 200 bits of Shannon-entropy5.
(DRG.2.2) The RNG provides forward secrecy.
(DRG.2.3) The RNG provides backward secrecy.
FCS_RNG.1.2 The TSF shall provide random numbers that meet:
(DRG.2.4) The RNG initialized with a random seed that passes the total failure test and online test
of the PTRNG as a random source6 generates output for which 248 7 strings of bit length 128 are
2 [assignment: list of subjects]
3 [assignment: type of persistent memory]
4 [selection: using PTRNG of class PTG.2 as random source, using PTRNG of class PTG.3 as random
source, using NPTRNG of class NTG.1 as random source, [assignment: other requirements for seeding]]
5 [selection: have [assignment: amount of entropy], have [assignment: work factor], require [assignment:
guess work]]
6 [assignment: requirements for seeding]
7 [assignment: number of strings]
17
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
mutually different with probability 1 – 2-24 8.
5.2.2. SFRs regarding cryptographic functionality
For the security IC embedded software the following cryptographic functionality is defined related
to DES operation.
5.2.2.1. DES Operation
The DES Operation of the TOE shall meet the requirement “Cryptographic operation
(FCS_COP.1)”.
FCS_COP.1 [DES] Cryptographic operation
Hierarchical to: No other components.
FCS_COP.1.1 [DES]
The TSF shall perform encryption and decryption9 in accordance with a specified
cryptographic algorithm Triple Data Encryption Standard (3DES – supporting
both ECB and CBC mode)10 and cryptographic key sizes of 112 bit and 168 bit
keys11 that meet the following standards12:
U.S. Department of Commerce / National Bureau of Standards,
Data Encryption Standard (DES), FIPS PUB 46-3, 1999, October
25, keying option 1 and 2.
Dependencies: [FDP_ITC.1 Import of user data without security attributes,
or FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
5.2.2.2. AES Operation
The AES Operation of the TOE shall meet the requirement “Cryptographic operation
(FCS_COP.1)”.
8 [assignment: probability]
9 [assignment: list of crypto-graphic operations]
10 [assignment: cryptographic algorithm], change due to different standard
11 [assignment: cryptographic key sizes], change due to different part of standard
12 [assignment: list of standards], change of referred standard
18
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
FCS_COP.1[AES] Cryptographic operation
Hierarchical to: No other components.
Dependencies: [FDP_ITC.1 Import of user data without security attributes, or
FDP_ITC.2 Import of user data with security attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
FCS_COP.1.1[AES]
The TSF shall perform Data encryption and decryption in accordance with a
specified cryptographic algorithm AES that meet the following :
FIPS PUB-197.US Department of Commerce /National Bureau of
Standards,Advanced Encryption Standard(AES), FIPS PUB 197,2001,
November 26.
ECB/CBC/OFB mode and cryptographic key sizes 128 that meet the following :
NIST SP800-38A,38B.US Department of Commerce /National Institute
standards and technology.
SP800-38A, December 2001.
SP800-38B, May 2005
Note: T6NE1 hardware provides AES processor to the Software. The above definition of AES is the
target achieved by the software running on this T6NE1 hardware. T6NE1 claims only AES
hardware part.
5.2.3. SFRs regarding access control policy
The hardware of the T6NE1 shall provide different CPU modes to the Security IC Embedded
Software to enable the management of access to code and data. The Security Function Policy (SFP)
Access Control Policy uses the following definitions.
The Subjects are:
 The Security IC Embedded Software in the memories of the TOE accessing memory as part of
their software execution
 Boot code is a portion of the IC Embedded Software running in low memory executed during
startup
The Objects are
 Memory Regions; these are portions of the ROM, EEPROM or RAM specified by a “Region base
address” and a “Region Limit address”. The TSF has 8 Memory Regions numbered 0 to 7.
19
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
The memory Operations are:
 Read/write data to and from memory,
The Security Attributes are:
 CPU mode; these can be “Privileged” mode and “User” mode.
 Access permission attributes; these can be “No access”, “Read/Write” or “Read Only”
The TOE shall meet the requirements “Subset access control (FDP_ACC.1)” as specified below.
FDP_ACC.1 Subset access control
Hierarchical to: No other components.
FDP_ACC.1.1 The TSF shall enforce the Access Control Policy 13 on all Security IC Embedded
Software, all Memory Regions and all memory operations 14.
Dependencies: FDP_ACF.1 Security attribute based access control
Application Note: The Access Control Policy shall be enforced by implementing a Memory
Protection Unit. Before a respective memory address is accessed, the Memory Management Unit
checks if the memory operation is allowed.
The TOE shall meet the requirement “Security attribute based access control (FDP_ACF.1)” as
specified below.
FDP_ACF.1 Security attribute based access control
Hierarchical to: No other components.
FDP_ACF.1.1 The TSF shall enforce the Access Control Policy 15 to objects based on the
following: all subjects and objects and the attributes CPU mode and Access
Permission Attributes16.
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among
controlled subjects and controlled objects is allowed17:
Security IC embedded Software code executed in the Privileged Mode
13 [assignment: access control SFP]
14 [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]
15 [assignment: access control SFP]
16 [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the
SFP-relevant security attributes, or named groups of SFP-relevant security attributes]
17 [assignment: rules goeverning access among controlled subjects and controlled objects using
controlled operations on controlled objects]
20
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
 shall have Read/Write access to all Memory Regions with Access Permission
Attribute bits set to 01, 10, 11
 shall have No Access to all Memory Regions with Access Permission Attribute
bits set to 00
Security IC embedded Software code executed in the User Mode
 shall have Read/Write access to all Memory Regions with Access Permission
Attribute bits set to 11;
 shall have Read Only Access to all Memory Regions with Access Permission
Attribute bits set to 10
 shall have No access to all Memory Regions with Access Permission Attribute
bits set to 00 or 01
When Memory Regions overlap the Access Permission Attributes of the Memory
Region with the highest number takes priority.
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the
following additional rules: Code running in Privileged Mode has read/write access
to the Memory Regions.18
FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the following
additional rules: Code running in User Mode 19.
Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation
The access control policy is dependent on the following requirements.
The TOE shall meet the requirement “Static attribute initialisation (FMT_MSA.3)” as specified
below.
FMT_MSA.3 Static attribute initialisation
Hierarchical to: No other components.
FMT_MSA.3.1 The TSF shall enforce the Access Control Policy 20 to provide Restrictive 21
default values for security attributes that are used to enforce the SFP.
FMT_MSA.3.2 The TSF shall allow Privilege code 22 to specify alternative initial values to
18 [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects]
19 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]
20 [assignment: access control SFP, information flow control SFP]
21 [selection, choose one of: restrictive, permissive, [assignment: other property]]
22 [assignment: the authorised identified roles]
21
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
override the default values when an object or information is created.
Dependencies: FMT_MSA.1 Management of security attributes
FMT_SMR.1 Security roles
Application Note: Restrictive means here that the reset value of the CPU mode is Privilege Mode
and the reset value of the Memory Regions is set to the bottom 4K of the memory with the Access
Permission Attributes bits set to 01 (read/write access to privileged mode software and no access to
user mode software). Effectively this means that only the Boot code that is required to run in the
bottom 4K of the memory can initialize the Memory Regions.
The TOE shall meet the requirement “Management of security attributes (FMT_MSA.1)” as
specified below.
FMT_MSA.1 Management of security attributes
Hierarchical to: No other components.
FMT_MSA.1.1 The TSF shall enforce the Access Control Policy 23 to restrict the ability to
modify 24 the security attributes in Memory Regions 25 to code executed in
Privileged Mode 26.
Dependencies: [FDP_ACC.1 Subset access control or
FDP_IFC.1 Subset information flow control]
FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
The TOE shall meet the requirement “Specification of Management Functions (FMT_SMF.1)” as
specified below.
FMT_SMF.1 Specification of Management Functions
Hierarchical to: No other components.
FMT_SMF.1.1 The TSF shall be capable of performing the following security management
functions 27:
 Change of the CPU mode by calling SWI instruction to jump to Privilege mode
23 [assignment: access control SFP(s), information flow control SFP(s)]
24 [selection: change_default, query, modify, delete, [assignment: other operations]]
25 [assignment: list of security attributes]
26 [assignment: the authorised identified roles]
27 [assignment: list of management functions to be provided by the TSF]
22
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
and by calling MSR instruction to jump to user mode.
 Change the memory region limits and Access permission attributes of a
Memory Region using MCR and MRC instructions .
Dependencies: No dependencies
5.3. Security Assurance Requirements (SAR)
The Security Target will be evaluated according to
Security Target evaluation (Class ASE)
The Security Assurance Requirements for the TOE for the evaluation of the TOE are those taken
from the Evaluation Assurance Level 5 (EAL5) and augmented by taking the following components:
ALC_DVS.2, and AVA_VAN.5.
The assurance requirements are:
· Class ADV: Development
Architectural design (ADV_ARC.1)
Functional specification (ADV_FSP.5)
Implementation representation (ADV_IMP.1)
Well-structured internals (AVD_INT.2)
TOE design (ADV_TDS.4)
· Class AGD: Guidance documents
Operational user guidance (AGD_OPE.1)
Preparative user guidance (AGD_PRE.1)
· Class ALC: Life-cycle support
CM capabilities (ALC_CMC.4)
CM scope (ALC_CMS.5)
Delivery (ALC_DEL.1)
Development security (ALC_DVS.2)
Life-cycle definition (ALC_LCD.1)
Tools and techniques (ALC_TAT.2)
· Class ATE: Tests
Coverage (ATE_COV.2)
Depth (ATE_DPT.3)
Functional tests (ATE_FUN.1)
Independent testing (ATE_IND.2)
23
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
· Class AVA: Vulnerability assessment
Vulnerability analysis (AVA_VAN.5)
5.4. Security requirements rationale
5.4.1. Security Functional Requirements (SFR)
Table 5-2, Tracing between SFRs and objectives for the TOE.
Security Objectives for
the TOE
Dependencies Fulfillment of dependencies
O.Leak-Inherent FDP_ITT.1
FDP_IFC.1
FPT_ITT.1
See PP
O.Phys-Probing FPT_PHP.3 See PP
O.Malfunction FRU_FLT.2
FPT_FLS.1
See PP
O.Phys-Manipulation FPT_PHP.3 See PP
O.Leak-Forced FDP_ITT.1
FDP_IFC.1
FPT_ITT.1
FRU_FLT.2
FPT_FLS.1
FPT_PHP.3
See PP
O.Abuse-Func FMT_LIM.1
FMT_LIM.2
FDP_ITT.1
FDP_IFC.1
FPT_ITT.1
FRU_FLT.2
FPT_FLS.1
FPT_PHP.3
See PP
O.Identification FAU_SAS.1 See PP
O.RNG FCS_RNG.1
FDP_ITT.1,
FPT_ITT.1,
FDP_IFC.1,
FPT_PHP.3,
See PP
24
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
FRU_FLT.2,
FPT_FLS.1
O.HW_DES FCS_COP.1 [DES] See below.
O.HW_AES FCS_COP.1 [AES] See below.
O.MEM_ACCESS FDP_ACC.1
FDP_ACF.1
See below
OE.Process-Sec-IC
OE.Plat-Appl
OE.Resp-Appl
The justification related to the security objective “DES Functionality (O.HW_DES)” and “AES
Functionality (O.HW_AES)” is as follows.
The SFRs define the DES and AES standards, implemented with their specific characteristics
regarding bit size.
The security functional requirement “Security attribute based access control (FDP_ACF.1 with the related Security
Function Policy (SFP) “Access Control Policy” FDP_ACC.1) defines the rules to implement a memory region
based access control service to the Security IC Embedded Software. Therefore, FDP_ACF.1 with its SFP is suitable
to meet the security objective.
5.4.2. Dependencies of the SFRs
In the following table the satisfaction of the dependencies is indicated.
Table 5-3, Dependencies of SFRs.
SFR Dependencies Fulfillment of dependencies
FRU_FLT.2 FPT_FLS.1 Covered by PP
FPT_FLS.1 None -
FMT_LIM.1 FMT_LIM.2 Covered by PP
FMT_LIM.2 FMT_LIM.1 Covered by PP
FAU_SAS.1 None -
FPT_PHP.3 None -
FDP_ITT.1 FDP_ACC.1 or
FDP_IFC.1
FDP_IFC.1 covered by PP
FDP_IFC.1 FDP_IFF.1 The PP states in the Data Processing Policy (referred to in
25
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
FDP_IFC.1) that there are no attributes necessary and therefore
this dependency is met.
FPT_ITT.1 None -
FCS_RNG.1 None -
FCS_COP.1
[DES], [AES]
FDP_ITC.1 or
FCS_CKM.1
The security IC embedded software using this TOE is
responsible to cover this. This is arranged by OE.Plat-Appl and
OE.Resp-Appl.
Instructions of T6NE1 User Guidance manual, User guidance
overview have to be followed by the security IC embedded
software developer to realise this SFR.
FCS_CKM.4 The security IC embedded software using this TOE is
responsible to cover this. This is arranged by OE.Plat-Appl and
OE.Resp-Appl.
Instructions of T6NE1 User Guidance manual , User guidance
overview have to be followed by the security IC embedded
software developer to realise this SFR.
FMT_MSA.2 The PP states in the Data Processing Policy (referred to in
FDP_IFC.1) that there are no attributes necessary and therefore
this dependency is met.
T6NE1 User Guidance manual describes not weak key coming
from DES/AES and User guidance overview describes about the
treatment of user data.
FDP_ACC.1 FDP_ACF.1 Fullfilled by FDP_ACF.1 in this ST
FDP_ACF.1 FDP_ACC.1 Fullfilled by FDP_ACC.1 in this ST
FMT_MSA.3 Fullfilled by FMT_MSA.3 in this ST
FMT_MSA.3 FMT_MSA.1 Fullfilled by FMT_MSA.1 in this ST
FMT_SMR.1 See discussion below
FMT_MSA.1 FDP_ACF.1 Fullfilled by FDP_ACF.1 in this ST
FMT_SMR.1 See discussion below
FMT_SMF.1 Full filled by FMT_SMF.1 in this ST
FMT_SMF.1 None
The dependency FMT_SMR.1 introduced by FMT_MSA.1 must be fulfilled by the Security IC
Embedded Software. The definition of the roles that act on the memory access control functions
provided by the hardware must be subject of the Security IC Embedded Software.
5.4.3. Security Assurance Requirements (SAR)
26
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
The SARs as defined in section 5.3 are in line with the SARs in the Security IC Platform Protection
Profile. The context of this ST is equivalent to the context described in the Protection Profile and
therefore these SARs are also applicable for this ST.
27
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
6. TOE summary specification
This chapter presents the TOE summary specification to gain a general understanding of how the
TOE is implemented. The TOE summary specification describes how the TOE meets each SFR.
The TOE implements security functionality, which is also active just before the Phase 3 to Phase 4
and remains active thereafter as defined in Security IC Platform Protection Profile [5].
In the next paragraphs the grouping of the security requirements of the Security IC Platform
Protection Profile is used.
6.1. Malfunction
Malfunctioning relates to the security requirements FRU_FLT.2 and FPT_FLS.1. The TOE meets
these SFRs by a group of security measures that guarantee correct operation of the TOE.
The TOE ensures its correct operation and prevents any malfunction while the security IC
embedded software is executed and utilises standard functions offered by the micro-controller
(standard CPU instruction set including usage of standard peripherals such as memories, registers,
I/O interfaces, timers etc.) and of all other Specific Security Functionality.
This is achieved through an appropriate design of the TOE , sensors/detectors and integrity
monitoring components. The sensors/detectors measure the supplied voltage,temperature,
exposure to light, and glitch signals in supplied voltage. In addition, the target address range, the
accessible segments of each memory and the operation of CPU are monitored. Furthermore, is a
mechanism implemented that detects the removing the shield cover. In case that any malfunction
occurred or may likely occur, operation is stopped. The integrity monitoring components involves
Error Correct Circuit (ECC) for ensuring EEPROM data integrity, parity check for data transfer
and parity checks for the different memories.
“stopped”
If one of the monitored parameters is out of the specified range, operation is stopped. ”stopped”
means that reset signal is impressed to CPU, nop instruction is executed and I/O disabled. If
Operation is “stopped”, all components of the TOE are initialised with their reset values.
28
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
“ECC”
If 2 bit or more bit errors of ECC for EEPROM are occurred, an exception is raised which interrupts
the program flow and allows a reaction of the security IC embedded software. In the case of an
exception raised, the security IC embedded software can select one of several operations. In case of
1 bit errors the memory content is automatically corrected by the ECC. The program in EEPROM
has interrupt mechanism as there is a runaway and can not read ECC abnormal flag. For the data
reading, software checking is more convenient than interupt processing so flag is prepared. The flag
is checked by the embedded IC software.
6.2. Leakage
Leakages relates to the security requirements FDP_ITT.1, FDP_IFC.1 and FPT_ITT.1. The TOE
meets these SFRs by implementing several measures that provides logical protection against
leakage.
The TOE implements measures to limit or eliminate the information that might be contained in the
shape and amplitude of signals or in the time between events found by measuring such signals.
This comprises the power consumption, electric magnetic emanation(=EMA) and signals on the
other pads that are not intended by the terminal or the security IC embedded software. The TOE is
implemented in small space by advanced CMOS process to protect as EMA measure.
Thereby this security function prevents the disclosure of User Data or TSF data stored and/or
processed in the IC through the measurement of the power consumption and subsequent complex
signal processing. The protection of the TOE comprises different features within the design that
support the other security functions.
The TOE implements additional features introducing timing noise . These features are partly
configurable by the embedded software developer. Timing noise is effective not only for SPA/DPA
but also EMA analysis.
For more information about the settings preventing SPA/DPA etc is referred to User guidance
manual for software developers.
29
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
6.3. Physical manipulation and probing
Physical manipulation and probing relates to the security requirement FPT_PHP.3. The TOE meets
this SFR by implementing security measures that provides physical protection against physical
probing and manipulation.
The security measures protect the TOE against manipulation of
(i) the hardware,
(ii) the security IC embedded software in the ROM and the EEPROM,
(iii) the application data in the EEPROM and RAM including the configuration data.
It also protects User Data or TSF data against disclosure by physical probing when stored or while
being processed by the TOE.
The protection of the TOE comprises different features within the design and construction, which
make reverse-engineering and tamper attacks more difficult. These features comprise dedicated
shielding techniques for different components, specific encryption features for the memory blocks
and scrambling the transport between the different blocks in the TOE.
6.4. Abuse of functionality and Identification
Abuse of functionality and Identification relates to the security requirements FMT_LIM.1,
FMT_LIM.2 and FAU_SAS.1. The TOE meets these SFRs implementation of a complicated test
mode control mechanism that prevents abuse of test functionality delivered as part of the TOE.
The test functionality is not available to the user after Phase 3 IC Manufacturing as defined in
Security IC Platform Protection Profile [5]. The TOE has complicated access control mechanisms in
place to prevent using this functionality.
30
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
6.5. Random numbers
Random numbers relate to the security requirement FCS_RNG.1 random number generation(Class
DRG.2). The TOE meets this SFR by providing a random number generator.
The random number generator contains a physical noise source, total failure test and online test on
this noise source ,post-processing and self-diagnosis and an AES deterministic random number
generator post-processing construction seeded by the 256 bits shift registers. Thus the random
number generator produces the random number by a noise source based on physical random
processes. Seeding must be performed after each power-on at a minimum. This seed generation is
done once by Hardware Config after power is supplied.The total failure tests are automatically
performed on the seeding data. The whole construction is implemented entirely in the hardware
component and operates within the limits guaranteed by the implementation of measures to meet
the security requirements FRU_FLT.2 and FPT_FLS.1.
The random number generator fulfils the requirements of functionality using PTRNG of class
PTG.2 as random source and class DRG.2 as random number generation.
6.6. DES
The TOE provides the Triple Data Encryption Standard (Triple-DES) algorithm according to the
Data Encryption Standard to meet the security requirement FCS_COP.1[DES]. The TOE
implements a modular basic cryptographic function, which provides the Triple-DES algorithm as
defined by FIPS PUB 46-3 by means of a hardware co-processor. It supports the Triple-DES
algorithm with three 56bit keys (168 bit) for the 3-key or 2-key Triple DES supporting both CBC
and ECB mode.. The keys for the Triple-DES algorithm shall be provided by the security IC
embedded software.
FIPS PUB 46-3
FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION
DATA ENCRYPTION STANDARD (DES)
Reaffirmed 1999 October 25
Furthermore, the DES hardware co-processor implements a number of countermeasures that
prevent side-channel leakage and malfunctioning.
31
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
6.7. AES
The TOE(of product CC evaluation) provides the Advanced Encryption Standard (AES) algorithm
according to the Data Encryption Standard to meet the security requirement FCS_COP.1[AES]. The
TOE implements a modular basic cryptographic function, which provides the AES algorithm as
defined by FIPS PUB 197 by means of a hardware co-processor.
Furthermore, the AES hardware co-processor implements a number of countermeasures that
prevent side-channel leakage and malfunctioning.
Note:T6NE1 hardware provides AES processor to the Software. The above definition of AES is the
target achieved by the software running on this T6NE1 hardware. T6NE1 claims only AES
hardware part.
6.8. Memory Protect Function
The TOE provides a Memory Protect Function to the Security Embedded IC Software through the Memory Protect
Unit (MPU) to meet the Security Functional Requirements FDP_ACC.1, FDP_ACF.1, FMT_MSA.3, FMT_MSA.1
and FMT_SMF.1. The MPU has a table that can store region limit data and region access control bits for 8 defined
regions in memory numbered 0 to 7. These regions can be modified by special “Coprocessor Register Transfer”
(MCR and MRC) instructions of the CPU that can only be executed in the Privileged mode of the CPU (fulfils
FMT_SMF.1 and FMT_MSA.1). Before a software instruction is executed the MPU checks with the help of the data
in the 8 regions if access to the instruction address is allowed and if access to the instruction operand is allowed
(fulfils FDP_ACC.1 and FDP_ACF.1). After reset only the bottom 4K of the memory is accessible for Privileged
code and therefore the bootstrap of the Security Embedded IC Software should be allocated in the bottom 4K of the
memory (fulfils FMT_MSA.3).
32
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
7. Reference
No Title Date Version publisher Document number
[1]
Common Criteria for
Information Technology
Security Evaluation, Part
1: Introduction and
General Model
July 2009
3.1
Revision 3
[2]
Common Criteria for
Information Technology
Security Evaluation, Part
2: Security Functional
Requirements
July 2009
3.1
Revision 3
[3]
Common Criteria for
Information Technology
Security Evaluation, Part
3: Security Assurance
Requirements
July 2009
3.1
Revision 3
[4] Common Methodology
for Information
Technology Security
Evaluation (CEM), Part
2: Evaluation
Methodology
July
2009
3.1
Revision 3
[5] Security IC Platform
Protection Profile
15.06.2007 1.0
Bundesamt für
Sicherheit in der
Informationstechnik
(BSI)
BSI-PP-0035
[6] Application Notes and
Interpretation of the
Scheme (AIS), AIS 20:
Functionality classes
and evaluation
methodology for
deterministic random
number generators
2
December
1999
1
33
©TOSHIBA CORPORATION 2012. ALL RIGHTS RESERVED. CC-T6NE1-ST-ENG-001CONFIDENTIAL
CC-T6NE1-ST-ENG-001
[7] Supporting Document,
Mandatory Technical
Document: Application of
Attack Potential to
Smartcards
March
2009
2.7Revision
1
CCDB-2009-03-001
※ End of Document※※