At present, smart card applications have penetrated into all aspects of social life, and while bringing people an efficient and convenient life, safety has also attracted people's attention. Therefore, some smart card manufacturers in China have improved the security reputation of smart cards by evaluating smart cards. When conducting a smart card product security assessment, the relevant guidance documents are first required, and the guidance document at the high level abstraction level is the security assessment protection profile PP. It is based on GB/T 18336-2001 "Information Technology Security Assessment Guidelines" [1]. The predecessor of this code is the internationally accepted state-of-the-art information security assessment standard CC[2] (Common Crietira), ISO/IEC 15408. In view of the critical position of PP evaluation in CC certification, in order for smart card products to pass the EAL assessment smoothly, it is necessary to carry out in-depth and meticulous research on the security protection profile PP of the smart card. 1.2 PP classification Silver Mirror,Round Silver Mirror,Silver Standing Mirror,Mini Transparent Silver Mirror Dongguan Huahui Glass Manufacturing Co.,Ltd , https://www.antiquemirrorsupplier.com
1 PP Overview
1.1 Concept Introduction
To understand PP, first introduce several important terms in CC.
(1) Target of Evaluation (TOE): Evaluate the evaluated object provided by the applicant.
(2) Security component package: Multiple security requirements components form a security component package. The security component package is used to construct PP or ST.
(3) Protect Profile: A high-level abstract security specification for a certain type of TOE, regardless of the implementation of the TOE.
(4) Security Target (Security Target): Similar to PP, it is a security requirement and brief design specification related to the TOE security environment for a specific security product, and may refer to one (some) PP.
(5) Evaluation Assurance Level (EAL): represents the degree of security assurance of the TOE. The CC standard divides the EAL into seven levels.
The CC standard consists of a three-part document on the introduction and general model, safety function requirements and safety assurance requirements. Among them, the introduction and the general model are equivalent to the PP of a certain type of TOE; the security function requires the safety function standard to be proposed according to the TOE use security environment. Correspondingly, the CC assessment is also divided into three parts: PP assessment, ST assessment and TOE assessment. If a certain type of information security technology or product passes the CC assessment, it means that the three parts of the assessment are also passed. The evaluation sequence between the three is shown in Figure 1. .jpg)
As a high-level guidance document, PP mainly introduces the security environment, security objectives, security requirements and basic principles of the TOE. Security requirements include Security Functional Requirements (SFR) and Security Assurance Requirements (SAR). The security principle points out the relationship between the security environment, security objectives, and security functions, as shown in Figure 2. .jpg)
From different perspectives, the classification of PP is different:
(1) The evaluation level is divided into 7 levels in the CC standard. Therefore, the PP can be divided into 7 categories according to the evaluation level, that is, EAL1 level PP, EAL2 level PP, and the like.
(2) Since PP is specific to a certain type of TOE, PP can be classified according to TOE, such as DBMS PP, firewall PP, smart card PP, and so on.
(3) From the perspective of TOE security environment, PP can be divided into high risk environment (HRE) PP, medium risk environment (MRE) PP and low risk environment (LRE) PP.
2 Introduction to smart card evaluation
2.1 Smart Card Overview
A smart card is also called an integrated circuit card, that is, an IC card. There are many types of smart cards. According to different integrated circuits on the card, they can be divided into three types: memory card, logical encryption card and CPU card. Since the integrated circuit on the CPU card includes the on-chip operating system COS (Card Operating System), The data can be stored and processed, so the CPU card is the real smart card (if there is no special description, the smart card discussed in this article belongs to the CPU card).
2.2 The significance of smart card security assessment
The security of smart cards is very important. The smart card security assessment is to assess the security functions and security assurances of the smart card life cycle in accordance with relevant industry-related security technology standards to confirm whether the smart card product meets the corresponding security requirements. Through this process, producers or developers can be guided to standardize the production process, save human and material resources, and at the same time provide users and the society with an objective standard for measuring the safety of smart card products.
2.3 Smart Card Security Requirements
Since the function and environment of the smart card are different, the evaluation of the smart card needs to be graded. For example, the evaluation of medical cards, social security cards, and transportation cards is low-level, and for telecom cards, credit cards, cash cards, etc., it is a high-level evaluation activity. At present, the domestic evaluation agency, China Information Security Product Evaluation and Certification Center, conducts a hierarchical evaluation of the SIM card, UIM card, PIM card and smart card chip of the telecom industry as EAL4+.
The EAL4+ level, also known as the EAL4 enhancement level, enhances the depth, breadth and rigor of the TOE security assurance requirements based on the EAL4 level. At present, most of the assurance levels of smart card evaluation activities carried out internationally are EAL4+, and smart cards have passed the EAL5+ certification of the corresponding national certification bodies.
3 EAL4+ smart card PP
The CC specifies the SFRs that each level should have, but does not specify which SFRs should be included in each level of the EAL, so the main task of the smart card PP is to specify the security requirements in the intended use environment. The smart card PP should be designed according to the security card security use environment to determine the security purpose and security requirements that the smart card PP should include.
3.1 Smart Card Security Environment
The sensitive assets that exist in the entire life cycle of a smart card include various data of users, system application data, keys, software development tools and technologies. Smart card protection must protect the privacy of these data, and all actions or situations that may jeopardize such data are taken into account in the protection profile. There are three types of security environments to be considered for smart card PP.
3.1.1 Assumption
The ability of the attacker (A.Attack): Assume that the attacker has sufficient time and has the technical knowledge required for the smart card. He has the computer and related equipment, and the motive may have economic benefits, political interests or the like.
User Permission (A.User): Assume that the user has access to certain information on the smart card.
Managerial Capabilities (A.Admin): Assume that the person managing or using the smart card is qualified for the job.
Role Management (A.Role_Man): Assume that the developer, publisher, administrator, and user of the smart card can be managed securely.
External data storage (A.Data_Store): Assume that relevant external data can be managed in a secure manner.
Lifecycle Management (A.Life_Man): Assume that each phase of the smart card's lifecycle is uniquely identified, which ensures that the identification information can be traced back to the various stages of the lifecycle.
Key generation (A.Key_Gen): Assume that the keys generated in the smart card application system are all secure.
3.1.2 Threats
The threats to smart cards are mainly threats against application software and threats to the use environment. During the use of the application software, if the user may operate or introduce incorrect data to make the information in the card confusing, or the attacker repeatedly uses certain data or operations, and obtain the threat information such as the confidential information of the card by observing the output result of the card; During the application development process, there are threats such as confidential data leakage, software modifications, and theft of development tools.
The key leakage caused by imperfect control or theft in the use environment allows the attacker to operate the information and functions of the card after illegally obtaining the key. Managers may perform smart card security functions or data manipulation to put smart cards at risk.
3.1.3 Organizational Security Policy
(1) Data access: Different data in the smart card has different visitors, and different visitors of the same data have different permissions. The data in the smart card should be based on different users to establish different access rules.
(2) File access: The files in the smart card may involve different users, such as system integrators, smart card issuers, users, etc. Different access rights and rules are required for the specific operation of the file.
(3) Identification: Each document in the smart card should be uniquely identified.
(4) Information technology standards in the professional field: The design of smart cards and their COS and application software should conform to the standards, specifications and specifications of national standards, industries and organizations.
(5) Password standard: The password or data identification used in the smart card must conform to the national standard or industry standard.
(6) Configuration Management: For security and ease of management, the smart card should use the configuration management tool to manage all the code.
Research on smart card security assessment protection profile PP
Page 1 of 2