Protection Profiles for TSP cryptographic modules - Part 4: Cryptographic module for CSP signing operations without backup

This Technical Specification specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93) for signing operations, without key backup. Target applications include root certification authorities (certification authorities which issue certificates to other CAs and is at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.

Schutzprofile für kryptographische Module von vertrauenswürdigen Dienstanbietern - Teil 4: Schutzprofil für CSP Signieroperationen ohne Sicherung

Profils de protection pour modules cryptographiques utilisés par les prestataires de services de confiance - Partie 4: Module cryptographique utilisé par le prestataire de services de certification pour les opérations de signature sans sauvegarde

Zaščitni profili za TSP kriptografske module - 4. del: Kriptografski modul za postopke podpisovanja CSP brez varnostne kopije

Ta tehnična specifikacija določa zaščitni profil za kriptografske module, ki jih uporabljajo overitelji (kot je določeno v Direktivi 1999/93) za postopke podpisovanja brez varnostne kopije. Ciljne vrste uporabe vključujejo korenske overitelje potrdil (overitelji potrdil, ki izdajajo potrdila drugim overiteljem potrdil in so na vrhu hierarhije overiteljev potrdil) in druge overitelje, kjer obstaja visoko tveganje neposrednih fizičnih napadov na modul.

General Information

Status
Published
Publication Date
19-Jul-2016
Current Stage
9093 - Decision to confirm - Review Enquiry
Completion Date
28-Nov-2023

Buy Standard

Technical specification
TS CEN/TS 419221-4:2017 - BARVE
English language
47 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-januar-2017
=DãþLWQLSURILOL]D763NULSWRJUDIVNHPRGXOHGHO.ULSWRJUDIVNLPRGXO]D
SRVWRSNHSRGSLVRYDQMD&63EUH]YDUQRVWQHNRSLMH
Protection Profiles for TSP cryptographic modules - Part 4: Cryptographic module for
CSP signing operations without backup
Sicherheitsanforderungen für vertrauenswürdige Systeme zur Verwaltung von
Zertifikaten für elektronische Signaturen - Teil 4: Kryptographisches Modul für CSP
Signieroperationen - Schutzprofil (CMCSO-PP)
Exigences de sécurité concernant les systèmes fiables gérant des certificats de
signatures électroniques - Partie 4 : Module cryptographique pour les opérations de
signature électronique des fournisseurs de services de certification - Profil de protection -
CMCSO PP
Ta slovenski standard je istoveten z: CEN/TS 419221-4:2016
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
35.100.05 9HþVORMQHXSRUDEQLãNH Multilayer applications
UHãLWYH
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 419221-4
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
July 2016
TECHNISCHE SPEZIFIKATION
ICS 35.240.30; 35.040 Supersedes CWA 14167-4:2004
English Version
Protection Profiles for TSP cryptographic modules - Part 4:
Cryptographic module for CSP signing operations without
backup
Exigences de sécurité concernant les systèmes fiables Schutzprofile für kryptographische Module von
gérant des certificats de signatures électroniques - vertrauenswürdigen Dienstanbietern - Teil 4:
Partie 4 : Module cryptographique pour les opérations Schutzprofil für CSP Signieroperationen ohne
de signature électronique des fournisseurs de services Sicherung
de certification - Profil de protection - CMCSO PP
This Technical Specification (CEN/TS) was approved by CEN on 8 May 2016 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2016 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419221-4:2016 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 PP Introduction . 6
4.1 General . 6
4.2 PP Reference . 6
4.3 Protection Profile Overview . 7
4.4 TOE Overview . 8
4.4.1 TOE type . 8
4.4.2 TOE Roles . 9
4.4.3 Usage and major security features of the TOE . 9
4.4.4 Available non-TOE hardware/software/firmware . 11
5 Conformance Claim . 11
5.1 CC Conformance Claim . 11
5.2 PP Claim . 11
5.3 Conformance Rationale . 11
5.4 Conformance Statement . 11
6 Security Problem Definition . 12
6.1 Assets . 12
6.1.1 General . 12
6.1.2 TOE services . 12
6.1.3 TOE Data . 12
6.2 Threats . 13
6.2.1 General . 13
6.2.2 Threat agents . 13
6.2.3 Threats description . 14
6.3 Organizational Security Policies . 17
6.4 Assumptions . 17
7 Security Objectives . 18
7.1 General . 18
7.2 Security Objectives for the TOE . 18
7.3 Security Objectives for the Operational Environment . 20
8 Extended Components Definitions . 21
8.1 Extended Component Definitions — Family FCS_RND . 21
9 Security Requirements . 22
9.1 General . 22
9.2 Subjects, objects, security attributes and operations . 22
9.2.1 General . 22
9.2.2 Subjects . 22
9.2.3 TOE Objects and security attributes . 23
9.2.4 TOE Operations . 23
9.3 Security Functional Requirements . 24
9.3.1 General . 24
9.3.2 Security audit (FAU) . 24
9.3.3 Cryptographic support (FCS) . 25
9.3.4 User data protection (FDP) . 27
9.3.5 Identification and authentication (FIA) . 29
9.3.6 Security management (FMT) . 30
9.3.7 Privacy (FPR) — Unobservability (FPR_UNO.1) . 32
9.3.8 Protection of the TOE Security Functions (FPT) . 32
9.3.9 Trusted path (FTP) — Trusted path (FTP_TRP.1) . 35
9.4 Security Assurance Requirements . 35
9.5 Security Requirements Rationale . 36
9.5.1 Security Problem Definition coverage by Security Objectives . 36
9.5.2 Security Objectives coverage by SFRs . 41
9.5.3 SFR Dependencies . 45
9.5.4 Rationale for SARs . 46
9.5.5 AVA_VAN.5 Advanced methodical vulnerability analysis . 46
Bibliography . 47

European foreword
This document (CEN/TS 419221-4:2016) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
This document supersedes CWA 14167-4:2004.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
CEN/TS 419221, Protection Profiles for TSP cryptographic modules, is currently composed with the
following parts:
— Part 1: Overview;
— Part 2: Cryptographic module for CSP signing operations with backup;
— Part 3: Cryptographic module for CSP key generation services;
— Part 4: Cryptographic module for CSP signing operations without backup.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.