ETSI GS QKD 016 V1.1.1 (2023-04)

GROUP SPECIFICATION
Quantum Key Distribution (QKD);
Common Criteria Protection Profile - Pair of Prepare and
Measure Quantum Key Distribution Modules
Disclaimer
The present document has been produced and approved by the Quantum Key Distribution (QKD) ETSI Industry Specification
Group (ISG) and represents the views of those members who participated in this ISG.
It does not necessarily represent the views of the entire ETSI membership.

2 ETSI GS QKD 016 V1.1.1 (2023-04)

Reference
DGS/QKD-016-PP
Keywords
quantum cryptography, quantum key distribution

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
and/or governmental
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2023.
All rights reserved.
ETSI
3 ETSI GS QKD 016 V1.1.1 (2023-04)
Contents
Intellectual Property Rights . 9
Foreword . 9
Modal verbs terminology . 9
Introduction . 9
1 Scope . 10
2 References . 10
2.1 Normative references . 10
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 11
3.1 Terms . 11
3.2 Symbols . 13
3.3 Abbreviations . 13
4 Application Notes in the PP . 13
5 PP introduction . 13
5.1 PP reference . 13
5.2 PP Overview . 14
5.3 TOE overview . 14
5.3.1 TOE type . 14
5.3.2 TOE definition . 14
5.3.3 TOE users . 17
5.3.4 Method of use . 17
5.3.5 Life-cycle . 18
5.3.5.1 Overview . 18
5.3.5.2 Calibration state . 19
5.3.5.3 QKD state . 20
5.3.5.4 Failure state . 20
5.3.5.5 End of Life state . 20
5.3.5.6 Non-TOE hardware/software/firmware available to the TOE. 20
6 Conformance claims . 20
6.1 CC conformance claims . 20
6.2 Package claim . 21
6.3 PP claim . 21
6.4 Conformance rationale . 21
6.5 Conformance statement . 21
6.6 PP Application Notes . 21
7 Security problem definition . 21
7.1 Assets, TSF data, users, subjects, objects and security attributes . 21
7.1.1 Assets and TSF data . 21
7.1.2 Users and subjects . 22
7.1.3 Objects . 22
7.1.4 Security attributes . 22
7.2 Threats . 23
7.2.1 T.ServAcc Unauthorized access to data and functions in TOE . 23
7.2.2 T.Session Session hijacking or piggybacking . 23
7.2.3 T.QKDEave Eavesdropping on QKD link data . 23
7.2.4 T.QKDMani Manipulation of QKD link data . 23
7.2.5 T.ExplMal Exploitation of TOE malfunction . 23
7.2.6 T.Observe Observation of TSF characteristics . 23
7.3 Organisational security policies . 24
7.3.1 OSP.QKDService Key distribution services of the TOE . 24
7.3.2 OSP.Audit Audit for security operations . 24
7.3.3 OSP.SecEoL Secure End of Life state . 24
ETSI
4 ETSI GS QKD 016 V1.1.1 (2023-04)
7.4 Assumptions . 24
7.4.1 A.Maint Diligent maintenance . 24
7.4.2 A.SecureOp Operation in a secure area . 24
8 Security objectives . 24
8.1 Security objectives for the TOE . 24
8.1.1 Interpretation of security objectives . 24
8.1.2 O.Identify Identification of users . 24
8.1.3 O.AccCtrl Access control . 25
8.1.4 O.QKD Quantum Key Distribution . 25
8.1.5 O.QKDAuth Authenticated classical channel . 25
8.1.6 O.Audit Audit for cryptographic TSF . 25
8.1.7 O.TST Self-test . 26
8.1.8 O.EMSec Emanation Security . 26
8.1.9 O.Sanitize Secure End of Life state . 26
8.1.10 O.SessionLimit Limitation of user sessions . 26
8.2 Security objectives for the operational environment . 26
8.2.1 OE.Trust Trustworthy users . 26
8.2.2 OE.Audit Review and availability of audit records . 26
8.2.3 OE.SecureOp Secure Operational environment . 27
8.2.4 OE.Personnel Trustworthy personnel . 27
8.3 Security objective rationale . 27
8.3.1 Table of rationale . 27
8.3.2 T.ServAcc . 28
8.3.3 T.Session . 28
8.3.4 T.QKDEave . 28
8.3.5 T.QKDMani . 28
8.3.6 T.ExplMal . 29
8.3.7 T.Observe. 29
8.3.8 OSP.QKDService . 29
8.3.9 OSP.Audit . 29
8.3.10 OSP.SecEoL . 29
8.3.11 A.SecureOp . 29
8.3.12 A.Maint . 29
9 Extended component definition . 30
9.1 Quantum Key Distribution (FCS_QKD) . 30
9.2 Random number generation (FCS_RNG) . 33
9.3 Sanitizing on State Change (FDP_RIP.4) . 34
9.4 Emanation of TSF and user data (FPT_EMS) . 35
9.5 Inter-TSF trusted channel - authenticated classical channel (FTP_ITC.2) . 36
10 Security requirements . 37
10.1 Operations within this PP . 37
10.2 Security functional requirements . 37
10.2.1 User Identification and Management . 37
10.2.2 Access Control . 39
10.2.3 Audit Data . 42
10.2.4 Reaching and preserving secure states . 44
10.2.5 Authenticated classical channel of QKD link . 46
10.2.6 QKD Key Establishment . 47
10.2.7 Management . 49
10.3 Security assurance requirements . 50
10.3.1 Evaluation Assurance Level . 50
10.3.2 Security assurance requirements rationale . 50
10.4 Security requirements rationale . 50
10.4.1 Dependency rationale . 50
10.4.2 Rationale for security objectives . 52
10.4.2.1 Table of rationale . 52
10.4.2.2 O.Identify . 53
10.4.2.3 O.AccCtrl . 53
10.4.2.4 O.QKD . 53
10.4.2.5 O.QKDAuth . 54
ETSI
5 ETSI GS QKD 016 V1.1.1 (2023-04)
10.4.2.6 O.Audit . 54
10.4.2.7 O.TST . 54
10.4.2.8 O.EMSec . 55
10.4.2.9 O.Sanitize . 55
10.4.2.10 O.SessionLimit . 55
11 Packages . 55
11.1 Trusted User Interfaces with Authentication . 55
11.1.1 Identification . 55
11.1.2 Introduction. 55
11.1.2.1 Overview . 55
11.1.2.2 TOE definition . 55
11.1.2.3 Life-cycle . 56
11.1.2.4 Non-TOE hardware/software/firmware available to the TOE. 56
11.1.3 Security Problem Definition . 56
11.1.3.1 Assets, TSF data, users, subjects, objects and security attributes. 56
11.1.3.1.1 Assets and TSF data . 56
11.1.3.1.2 Users and subjects . 56
11.1.3.1.3 Objects . 57
11.1.3.1.4 Security attributes . 57
11.1.3.2 Threats . 57
11.1.3.2.1 Rationale for defining additional threats . 57
11.1.3.2.2 T.DataCompr Eavesdropping on data on user interfaces . 57
11.1.3.2.3 T.DataMani Generation or manipulation of communication data . 57
11.1.3.2.4 T.Combine Analysing and combining information at different interfaces . 57
11.1.3.2.5 T.Masqu Generation or manipulation of data on user interfaces . 57
11.1.3.2.6 T.Impersonate Impersonation of other users . 57
11.1.3.3 Assumptions . 57
11.1.3.3.1 A.SecComm Secure communication . 57
11.1.4 Security Objectives . 58
11.1.4.1 New objectives for the TOE . 58
11.1.4.1.1 O.TPath Trusted path with user authentication . 58
11.1.4.1.2 O.AuthFail Reaction to failed user authentication . 58
11.1.4.2 Refined objectives for the TOE . 58
11.1.4.2.1 O.EMSec Emanation Security . 58
11.1.4.3 New objectives for the environment . 58
11.1.4.3.1 OE.SecComm Protection of communication channel . 58
11.1.4.3.2 OE.AuthData Secrecy and generation of authentication data . 58
11.1.4.4 Refined objectives for the environment . 59
11.1.4.4.1 Notes . 59
11.1.4.4.2 OE.SecureOp Secure Operational environment . 59
11.1.4.4.3 OE.Personnel Trustworthy personnel . 59
11.1.4.5 Rationale for the refinements . 59
11.1.4.5.1 O.EMSec . 59
11.1.4.5.2 OE.SecureOp . 59
11.1.4.5.3 OE.Personnel . 59
11.1.4.6 Rationale for security objectives . 60
11.1.4.6.1 T.Observe . 60
11.1.4.6.2 T.DataCompr . 60
11.1.4.6.3 T.DataMani . 60
11.1.4.6.4 T.Masqu . 60
11.1.4.6.5 T.Impersonate . 60
11.1.4.6.6 A.SecComm . 60
11.1.5 Security requirements . 61
11.1.5.1 New requirements for the TOE . 61
11.1.5.1.1 Trusted Path to remote users . 61
11.1.5.1.2 User Authentication . 62
11.1.5.2 Refined requirements for the TOE . 63
11.1.5.3 SFR Dependency rationale . 63
11.1.5.4 Rationale for the security requirements. 64
11.1.5.4.1 Table of rationale . 64
11.1.5.4.2 O.EMSec . 64
ETSI
6 ETSI GS QKD 016 V1.1.1 (2023-04)
11.1.5.4.3 O.TPath. 64
11.1.5.4.4 O.AuthFail . 64
11.2 TOE self-protection . 65
11.2.1 Identification . 65
11.2.2 Introduction. 65
11.2.3 Security Problem Definition . 65
11.2.3.1 Assets, TSF data, users, subjects, objects and security attributes. 65
11.2.3.1.1 Assets and TSF data . 65
11.2.3.1.2 Users and subjects . 65
11.2.3.1.3 Objects . 65
11.2.3.1.4 Security attributes . 65
11.2.3.2 Threats . 66
11.2.3.2.1 T.PhysAttack Physical attacks . 66
11.2.3.3 Assumptions . 66
11.2.3.3.1 A.SecureOp . 66
11.2.4 Security Objectives . 66
11.2.4.1 New objectives for the TOE . 66
11.2.4.1.1 O.PhysProt Physical protection . 66
11.2.4.2 Refined objectives for the TOE . 66
11.2.4.2.1 O.EMSec Emanation Security . 66
11.2.4.3 Refined objectives for the environment . 67
11.2.4.3.1 OE.SecureOp Secure Operational environment . 67
11.2.4.4 Rationale for the refinements . 67
11.2.4.4.1 O.EMSec . 67
11.2.4.4.2 OE.SecureOp . 67
11.2.4.5 Rationale for the security objectives . 67
11.2.4.5.1 T.PhysAttack . 67
11.2.4.5.2 A.SecureOp . 67
11.2.5 Security requirements . 68
11.2.5.1 Introduction . 68
11.2.5.2 New requirements for the TOE . 68
11.2.5.3 Refined requirements for the TOE . 68
11.2.5.4 SFR Dependency Rationale . 69
11.2.5.5 Rationale for the Security Requirements. 69
11.2.5.5.1 Table of rationale . 69
11.2.5.5.2 O.PhysProt . 69
11.2.5.5.3 O.EMSec . 69
11.3 Provisioning and re-personalization after delivery . 69
11.3.1 Identification . 69
11.3.2 Introduction. 69
11.3.2.1 Overview . 69
11.3.2.2 Life-cycle . 70
11.3.3 Security Problem Definition . 70
11.3.3.1 Assets, TSF data, users, subjects, objects and security attributes. 70
11.3.3.1.1 Assets and TSF data . 70
11.3.3.1.2 Users and subjects . 70
11.3.3.1.3 Objects . 71
11.3.3.1.4 Security attributes . 71
11.3.3.2 Threats . 71
11.3.3.2.1 T.Initialize Compromised initialization of TSF data . 71
11.3.3.3 Assumptions . 71
11.3.3.3.1 A.SecureOp . 71
11.3.4 Security Objectives . 72
11.3.4.1 New objectives for the TOE . 72
11.3.4.1.1 O.Personalization Access control to personalization . 72
11.3.4.1.2 O.Pristine Proof of intactness after initial delivery . 72
11.3.4.2 New objectives for the environment . 72
11.3.4.2.1 Note . 72
11.3.4.2.2 OE.Initialize Secure environment for initialization . 72
11.3.4.3 Rationale for the refinements . 72
11.3.4.3.1 A.SecureOp . 72
11.3.4.4 Rationale for security objectives . 73
ETSI
7 ETSI GS QKD 016 V1.1.1 (2023-04)
11.3.4.4.1 T.Initialize . 73
11.3.4.4.2 A.SecureOp . 73
11.3.5 Security requirements . 73
11.3.5.1 New requirements for the TOE . 73
11.3.5.2 Refined requirements for the TOE . 73
11.3.5.3 SFR Dependency Rationale . 77
11.3.5.4 Rationale for the Security Requirements. 77
11.3.5.4.1 Table of rationale . 77
11.3.5.4.2 O.Personalization. 77
11.3.5.4.3 O.Pristine . 78
11.4 Local Authentication of Users . 78
11.4.1 Identification . 78
11.4.2 Introduction. 78
11.4.2.1 Overview . 78
11.4.2.2 TOE definition . 78
11.4.2.3 Life-cycle . 78
11.4.3 Security Problem Definition . 79
11.4.3.1 Assets, TSF data, users, subjects, objects and security attributes. 79
11.4.3.1.1 Assets and TSF data . 79
11.4.3.1.2 Users and subjects . 79
11.4.3.1.3 Objects . 79
11.4.3.1.4 Security attributes . 79
11.4.3.2 Threats .
...