Protection Profiles for TSP cryptographic modules - Part 2: Cryptographic module for CSP signing operations with backup

This Technical Specification specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93) for signing operations, with key backup. Target applications include root certification authorities (certification authorities who issue certificates to other CAs and who are at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.

Schutzprofile für kryptographische Module von vertrauenswürdigen Dienstanbietern - Teil 2: Schutzprofil für CSP Signieroperationen mit Sicherung

Profils de protection pour modules cryptographiques utilisés par les prestataires de services de confiance - Partie 2: Module cryptographique utilisé par le prestataire de services de certification pour les opérations de signature avec sauvegarde

Zaščitni profili za kriptografske module TSP - 2. del: Kriptografski modul za CSP postopke podpisovanja z varnostno kopijo

Ta tehnična specifikacija določa zaščitni profil za kriptografske module, ki jih uporabljajo overitelji (kot je določeno v Direktivi 1999/93) za postopke podpisovanja z varnostno kopijo. Ciljne vrste uporabe vključujejo korenske overitelje potrdil (overitelji potrdil, ki izdajajo potrdila drugim overiteljem potrdil in so na vrhu hierarhije overiteljev potrdil) in druge overitelje, kjer obstaja visoko tveganje neposrednih fizičnih napadov na modul.

General Information

Status
Published
Publication Date
19-Jul-2016
Current Stage
9093 - Decision to confirm - Review Enquiry
Completion Date
28-Nov-2023

Buy Standard

Technical specification
TS CEN/TS 419221-2:2017
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-januar-2017
=DãþLWQLSURILOL]DNULSWRJUDIVNHPRGXOH763GHO.ULSWRJUDIVNLPRGXO]D&63
SRVWRSNHSRGSLVRYDQMD]YDUQRVWQRNRSLMR
Protection Profiles for TSP cryptographic modules - Part 2: Cryptographic module for
CSP signing operations with backup
Sicherheitsanforderungen für vertrauenswürdige Systeme zur Verwaltung von
Zertifikaten für elektronische Signaturen - Teil 2: Kryptographisches Modul für CSP
Signieroperationen mit Backup - Schutzprofil (CMCSOB-PP)
Exigences de sécurité concernant les systèmes fiables gérant des certificats de
signatures électroniques . Partie 2 : Module cryptographique pour les opérations de
signature électronique avec sauvegarde des fournisseurs de services de certification -
Profil de protection (CMCSOB-PP)
Ta slovenski standard je istoveten z: CEN/TS 419221-2:2016
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
35.100.05 9HþVORMQHXSRUDEQLãNH Multilayer applications
UHãLWYH
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 419221-2
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
July 2016
TECHNISCHE SPEZIFIKATION
ICS 35.240.30; 35.040 Supersedes CWA 14167-2:2004
English Version
Protection Profiles for TSP cryptographic modules - Part 2:
Cryptographic module for CSP signing operations with
backup
Profils de protection pour modules cryptographiques Schutzprofile für kryptographische Module von
utilisés par les prestataires de services de confiance - vertrauenswürdigen Dienstanbietern - Teil 2:
Partie 2 : Module cryptographique utilisé par le Schutzprofil für CSP Signieroperationen mit Sicherung
prestataire de services de certification pour les
opérations de signature avec sauvegarde
This Technical Specification (CEN/TS) was approved by CEN on 8 May 2016 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2016 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419221-2:2016 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 PP Introduction . 6
4.1 General . 6
4.2 PP Reference . 6
4.3 Protection Profile Overview . 7
4.4 TOE Overview . 8
4.4.1 TOE type . 8
4.4.2 TOE Roles . 9
4.4.3 Usage and major security features of the TOE . 9
4.4.4 Available non-TOE hardware/software/firmware . 11
5 Conformance Claim . 11
5.1 CC Conformance Claim . 11
5.2 PP Claim . 11
5.3 Conformance Rationale . 11
5.4 Conformance Statement . 12
6 Security Problem Definition . 12
6.1 Assets . 12
6.1.1 General . 12
6.1.2 TOE services . 12
6.1.3 TOE Data . 12
6.2 Threats . 14
6.2.1 General . 14
6.2.2 Threat agents . 14
6.2.3 Threats description . 15
6.2.4 Threats vs Threat agents . 17
6.3 Organizational Security Policies . 18
6.4 Assumptions . 18
7 Security Objectives . 19
7.1 General . 19
7.2 Security Objectives for the TOE . 19
7.3 Security Objectives for the Operational Environment . 21
8 Extended Components Definitions . 22
8.1 Extended Component Definitions . 22
8.1.1 Family FCS_RND . 22
8.1.2 Family FDP_BKP . 23
9 Security Requirements . 25
9.1 General . 25
9.2 Subjects, objects, security attributes and operations . 25
9.2.1 General . 25
9.2.2 Subjects . 25
9.2.3 TOE Objects and security attributes . 25
9.2.4 TOE Operations . 26
9.3 Security Functional Requirements . 27
9.3.1 General . 27
9.3.2 Security audit (FAU) . 27
9.3.3 Cryptographic support (FCS) . 29
9.3.4 User data protection (FDP) . 31
9.3.5 Identification and authentication (FIA) . 35
9.3.6 Security management (FMT) . 36
9.3.7 Privacy (FPR) . 37
9.3.8 Protection of the TOE Security Functions (FPT) . 39
9.3.9 Trusted path (FTP) — Trusted path (FTP_TRP.1) . 42
9.4 Security Assurance Requirements . 42
9.5 Security Requirements Rationale . 43
9.5.1 Security Problem Definition coverage by Security Objectives . 43
9.5.2 Security Objectives coverage by SFRs . 49
9.5.3 SFR Dependencies . 54
9.5.4 Rationale for SARs . 54
9.5.5 AVA_VAN.5 Advanced methodical vulnerability analysis . 54
Bibliography . 55

European foreword
This document (CEN/TS 419221-2:2016) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
This document supersedes CWA 14167-2:2004.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
CEN/TS 419221, Protection Profiles for TSP cryptographic modules, is currently composed with the
following parts:
— Part 1: Overview;
— Part 2: Cryptographic module for CSP signing operations with backup;
— Part 3: Cryptographic module for CSP key generation services;
— Part 4: Cryptographic module for CSP signing operations without backup.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.