ISO 13491-1:2007

INTERNATIONAL ISO
STANDARD 13491-1
Second edition
2007-06-15

Banking — Secure cryptographic devices
(retail) —
Part 1:
Concepts, requirements and evaluation
methods
Banque — Dispositifs cryptographiques de sécurité (services aux
particuliers) —
Partie 1: Concepts, exigences et méthodes d'évaluation




Reference number
ISO 13491-1:2007(E)
©
ISO 2007

---------------------- Page: 1 ----------------------
ISO 13491-1:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2007 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 13491-1:2007(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Abbreviated terms . 4
5 Secure cryptographic device concepts. 4
5.1 General. 4
5.2 Attack scenarios . 5
5.3 Defence measures . 6
6 Requirements for device security characteristics . 8
6.1 Introduction . 8
6.2 Physical security requirements for SCDs . 8
6.3 Logical security requirements for SCDs .11
7 Requirements for device management. 12
7.1 General. 12
7.2 Life cycle phases . 13
7.3 Life cycle protection requirements . 14
7.4 Life cycle protection methods. 15
7.5 Accountability . 17
7.6 Device management principles of audit and control . 18
8 Evaluation methods. 20
8.1 General. 20
8.2 Risk assessment. 21
8.3 Informal evaluation method. 22
8.4 Semi-formal evaluation method . 24
8.5 Formal evaluation method . 26
Annex A (informative) Concepts of security levels for system security . 27
Bibliography . 30

© ISO 2007 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 13491-1:2007(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 13491-1 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2,
Security management and general banking operations.
This second edition cancels and replaces the first edition (ISO 13491-1:1998), which has been technically
revised.
ISO 13491 consists of the following parts, under the general title Banking — Secure cryptographic devices
(retail):
⎯ Part 1: Concepts, requirements and evaluation methods
⎯ Part 2: Security compliance checklists for devices used in financial transactions
iv © ISO 2007 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 13491-1:2007(E)
Introduction
ISO 13491 describes both the physical and logical characteristics and the management of the secure
cryptographic devices (SCDs) used to protect messages, cryptographic keys and other sensitive information
used in a retail financial services environment.
The security of retail electronic payment systems is largely dependent upon the security of these
cryptographic devices. This security is based upon the premise that computer files can be accessed and
manipulated, communications lines can be “tapped” and authorized data or control inputs into system
equipment can be replaced with unauthorized inputs. When Personal Identification Numbers (PINs), message
authentication codes (MACs), cryptographic keys and other sensitive data are processed, there is a risk of
tampering or other compromise to disclose or modify such data. The risk of financial loss is reduced through
the appropriate use of cryptographic devices that have proper characteristics and are properly managed.

© ISO 2007 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 13491-1:2007(E)

Banking — Secure cryptographic devices (retail) —
Part 1:
Concepts, requirements and evaluation methods
1 Scope
This part of ISO 13491 specifies the requirements for secure cryptographic devices (SCDs) based on the
cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568.
This part of ISO 13491 has two primary purposes:
⎯ to state the requirements concerning both the operational characteristics of SCDs and the management
of such devices throughout all stages of their life cycle, and
⎯ to standardize the methodology for verifying compliance with those requirements.
Appropriate device characteristics are necessary to ensure that the device has the proper operational
capabilities and provides adequate protection for the data it contains. Appropriate device management is
necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g.
by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been
subject to disclosure or change.
Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle
phase of the SCD and the complementary combination of appropriate management procedures and secure
cryptographic characteristics. These management procedures implement preventive measures to reduce the
opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized
access to sensitive or confidential data, should device characteristics fail to prevent or detect the security
compromise.
Annex A provides an informative illustration of the concepts of security levels described in this part of
ISO 13491 as being applicable to SCDs.
This part of ISO 13491 does not address issues arising from the denial of service of an SCD.
Specific requirements for the characteristics and management of specific types of SCD functionality used in
the retail financial services environment are contained in ISO 13491-2.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 11568-1, Banking — Key management (retail) — Part 1: Principles
ISO 11568-2:2005, Banking — Key management (retail) — Part 2: Symmetric ciphers, their key management
and life cycle
© ISO 2007 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 13491-1:2007(E)
ISO 11568-4, Banking — Key management (retail) — Part 4: Key management techniques using public key
cryptosystems
ISO 13491-2, Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for
devices used in financial transactions
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
accreditation authority
authority responsible for the accreditation of evaluation authorities and supervision of their work in order to
guarantee the reproducibility of the evaluation results
3.2
accredited evaluation authority
body accredited in accordance with a set of rules and accepted by the accreditation authority for the purpose
of evaluation
NOTE An example of a set of rules is ISO/IEC 17025.
3.3
assessment checklist
list of claims, organized by device type, and contained in ISO 13491-2
3.4
assessment report
output of the assessment review body, based on the results from an assessor
3.5
assessment review body
group with responsibility for reviewing and making judgements on the results from the assessor
3.6
assessor
person who checks, assesses, reviews and evaluates compliance with an informal evaluation on behalf of the
sponsor or assessment review body
3.7
attack
attempt by an adversary on the device to obtain or modify sensitive information or a service he is not
authorized to obtain or modify
3.8
certification report
output of the evaluation review body, based on the results from an accredited evaluation authority
3.9
controller
entity responsible for the secure management of an SCD
3.10
deliverables
documents, equipment and any other items or information needed by the evaluators to perform an evaluation
of the SCD
2 © ISO 2007 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 13491-1:2007(E)
3.11
device compromise
successful defeat of the physical or logical protections provided by the SCD, resulting in the potential
disclosure of sensitive information or unauthorized use of the SCD
3.12
device security
security of the SCD related to its characteristics only, without reference to a specific operational environment
3.13
environment-dependent security
security of an SCD as part of an operational environment
3.14
evaluation agency
organization trusted by the design, manufacturing and sponsoring authorities, which evaluates the SCD (using
specialist skills and tools) in accordance with this part of ISO 13491
3.15
evaluation report
output of the evaluation review body, based on the results from an evaluation agency or auditor
3.16
evaluation review body
group with responsibility for reviewing, and making judgements on, the results of the evaluation agency
3.17
formal claim
statement about the characteristics and functions of an SCD
3.18
logical security
ability of a device to withstand attacks through its functional interface
3.19
operational environment
environment in which the SCD is operated, i.e. the system of which it is part, the location where it is placed,
the persons operating and using it and the entities communicating with it
3.20
physical security
ability of a device to withstand attacks against its physical construction, including physical characteristics such
as electromagnetic emissions and power fluctuations, the analysis of which can lead to side channel attacks
3.21
secure cryptographic device
SCD
device that provides physically and logically protected cryptographic services and storage (e.g. PIN entry
device or hardware security module), and which may be integrated into a larger system, such as an
automated teller machine (ATM) or point of sale (POS) terminal
3.22
sensitive data
sensitive information
data, status information, cryptographic keys, etc., which need to be protected against unauthorized disclosure,
alteration, or destruction
© ISO 2007 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 13491-1:2007(E)
3.23
sensitive state
device condition that provides access to the secure operator interface, such that it can only be entered when
the device is under dual or multiple control
3.24
sponsoring authority
sponsor
individual, company or organization that requires the SCD to undergo evaluation
3.25
tamper evident characteristic
characteristic that provides evidence that an attack has been attempted
3.26
tamper resistant characteristic
characteristic that provides passive physical protection against an attack
3.27
tamper response characteristic
characteristic that provides an active response to the detection of an attack
4 Abbreviated terms
ATM automated teller machine
MAC message authentication code
PIN Personal Identification Number
POS point of sale
SCD secure cryptographic device
5 Secure cryptographic device concepts
5.1 General
Cryptography is used in retail financial services to help ensure the following objectives:
a) the integrity and authenticity of sensitive data, e.g. by MAC-ing transaction details;
b) the confidentiality of secret information, e.g. by encrypting customer PINs;
c) the confidentiality, integrity and authenticity of cryptographic keys;
d) the security of other sensitive operations, e.g. PIN verification.
To ensure that the above objectives are met, the following threats to the security of the cryptographic
processing shall be countered:
⎯ disclosure or modification of cryptographic keys and other sensitive information;
⎯ unauthorized use of cryptographic keys and services.
4 © ISO 2007 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 13491-1:2007(E)
A secure cryptographic device (SCD) is a physically and logically secure hardware device providing a defined
set of cryptographic functions, access controls and secure key storage. SCDs are employed to protect against
these threats. The requirements of this part of ISO 13491 pertain to the SCD and not the system in which the
SCD may be integrated. However, it is important to analyse the interfaces between the SCD and the
remainder of the system to ensure that the SCD may not be compromised.
Since absolute security is not achievable in practical terms, it is not realistic to describe an SCD as being
“tamper proof” or “physically secure”. With enough cost, effort and skill, virtually any security scheme can be
defeated. Furthermore, as technology continues to evolve, new techniques may be developed to attack a
security scheme that was previously believed to be immune to feasible attack. Therefore, it is more realistic to
categorize an SCD as possessing a degree of tamper protection, where an acceptable degree is one that is
deemed adequate to deter any attack envisaged as feasible during the operational life of the device, taking
into account the equipment, skills and other costs to the adversary in mounting a successful attack and the
financial benefits that the adversary could realize from such an attack.
Security of retail payment systems includes the physical and logical aspects of device security, the security of
the operational environment and management of the device. These factors establish jointly the security of the
devices and the applications in which they are used. The security needs are derived from an assessment of
the risks arising from the intended applications.
The required security characteristics will depend on the intended application and operational environment, and
on the attack types that need to be considered. A risk assessment should be made as an aid to selecting the
most appropriate method of evaluating the security of the device. The results are then assessed in order to
accept the devices for a certain application and environment. Evaluation methods are given in Clause 8.
5.2 Attack scenarios
5.2.1 General
SCDs are subject to the following five primary classes of attack, which may be used in combination:
⎯ penetration;
⎯ monitoring;
⎯ manipulation;
⎯ modification;
⎯ substitution.
These attacks are described below.
NOTE These attack scenarios do not form an exhaustive list, but are an indication of the main areas of concern.
5.2.2 Penetration
Penetration is an attack which involves the physical perforation or unauthorized opening of the device to
ascertain sensitive data contained within it, e.g. cryptographic keys.
5.2.3 Monitoring
Monitoring is an attack which may involve the monitoring of electromagnetic radiation, power consumption
differentials, timing differentials, etc. for the purposes of discovering sensitive information contained within the
device. Alternatively, it may involve the visual, aural or electronic monitoring of secret data being entered into
the device.
© ISO 2007 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 13491-1:2007(E)
5.2.4 Manipulation
Manipulation involves the unauthorized sending to the device of a sequence of inputs, varying the external
inputs to the device (such as power or clock signals), or subjecting the device to other environmental stresses
so as to cause the disclosure of sensitive information or to obtain a service in an unauthorized manner. An
example of this would be causing the device to enter its “test mode”, in order that sensitive information could
be disclosed or the device integrity manipulated.
5.2.5 Modification
Modification is the unauthorized alteration of the logical or physical characteristics of the device, e.g. inserting
or overlaying a PIN-disclosing “bug” in, or on, a PIN pad between the point of PIN entry and the point of PIN
encryption. The purpose of modification is to alter the device rather than to immediately disclose information
contained within the device. Following modification, the device shall be made (or shall remain) operational, in
order for the attack to be successful. The unauthorized replacement of a cryptographic key contained within a
device is a form of modification.
5.2.6 Substitution
Substitution is the unauthorized replacement of one device with another. The replacement device might be a
look-alike “counterfeit” or emulating device, having all or some of the correct logical characteristics plus some
unauthorized functions, such as a PIN-disclosing bug. The replacement device might also be a
once-legitimate device that has been subject to unauthorized modifications and then substituted for another
legitimate device.
Substitution may include removal of the device in order to perform a penetration or modification attack in an
environment better suited to such attacks. Substitution can be seen as a special case of modification in which
the adversary does not actually modify the target device, but instead replaces it with a modified substitute.
5.3 Defence measures
5.3.1 General
To defend against the attack scenarios discussed above, three factors work together to provide the security
required:
⎯ device characteristics;
⎯ device management;
⎯ environment.
While in some cases a single factor, e.g. device characteristics, may be dominant, the normal situation is that
all factors are necessary to achieve the desired result.
5.3.2 Device characteristics
SCDs are designed and implemented with logical and physical security so as to deter attack scenarios such
as those described in 5.2.
Physical security characteristics can be subdivided into three classes:
⎯ tamper evidence characteristics;
⎯ tamper resistance characteristics;
⎯ tamper response characteristics.
6 © ISO 2007 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 13491-1:2007(E)
Physical implementations are usually a combination of these three classes of characteristics. Other physical
security characteristics may be required to defend against other passive attacks, such as monitoring. Physical
security characteristics may also help defend against modification or substitution.
The intent of tamper evidence is to provide evidence that an attack has been attempted and may or may not
have resulted in the unauthorized disclosure, use or modification of the sensitive information. The disclosure
of an attempted attack could be in the form of physical evidence, such as damage to the external casing. The
evidence could also be that the device is no longer in its expected location.
The intent of tamper resistance is to block attacks by employing passive barriers or logical design features.
Barriers are usually single purpose and are designed to block a particular threat, such as a penetration attack.
The logical protection measures are designed typically to prevent the leakage of sensitive information, or to
prevent the illicit modification of system or application software.
The intent of tamper response is to employ active mechanisms against attacks. The active protection
mechanisms are triggered when the device detects abnormal operating conditions and they are intended to
alter protected information into an unusable form.
The implementation of the various protection characteristics is dependent on the designer's knowledge and
experience of known attacks against the particular implementation. For that reason, attacks against tamper
characteristics are usually directed to discovering which, if any, of the known threats the implementer failed to
address. The attacker will also attempt to discover new attacks that are likely to be unknown to the
implementer. Evaluation of the security of an SCD is difficult and not conclusive, in that the evaluation
normally only proves that the design successfully blocks attacks known to the evaluator at the time of the
evaluation, but does not, or cannot, evaluate resistance to unknown attacks.
5.3.3 Device management
Device management refers to the external controls placed on the device during its life cycle and by its
environments (see Clause 7). These controls include:
⎯ external key management methods,
⎯ security practices, and
⎯ operational procedures.
The security level may change during the device life cycle. A primary objective of device management is to
ensure that device characteristics are not subject to unauthorized alteration during the life of the device.
5.3.4 Environment
The objective of environment security is to control access to the SCD and its services, thus preventing, or at
least detecting, attacks on the SCD. Throughout its life cycle, an SCD will reside in a variety of environments
(see Clause 7). These environments may be characterized as ranging from highly controlled to minimally
controlled. A highly controlled environment is one that includes constant surveillance by trusted individuals,
while a minimally controlled environment may not include any special environmental security supplements. If
the security of an SCD is dependent on some function of a controlled environment, it shall be satisfactorily
proven that the controlled environment actually provides this function.
© ISO 2007 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 13491-1:2007(E)
6 Requirements for device security characteristics
6.1 Introduction
Device characteristics of an SCD may be categorized as either physical or logical, as described below.
⎯ Physical characteristics are the physical components that comprise the SCD and the way the device is
constructed using those components.
⎯ Logical characteristics are the way that inputs are processed to produce device outputs or to change
logical state.
The SCD shall have characteristics that ensure the device or its interface does not compromise any sensitive
data which is input to or output from the device, or stored or processed in the device.
Where the SCD is operated in a controlled environment, the requirements for device characteristics may rely
on the protection provided by the controlled environment and the management of the device.
6.2 Physical security requirements for SCDs
6.2.1 General
An SCD shall be so designed that any failure of a component in the device, or use of that component outside
the device specification, does not result in the disclosure or undetected modification of sensitive data.
An SCD shall be so designed and constructed that any unauthorized access to, or modification of, sensitive
data (including device software) that are input, stored or processed in it, necessitates physical penetration of
the device.
NOTE 1 It is advisable that an SCD should be so designed and constructed that any additions of external devices
which intercept or substitute data input to or output from the SCD for the purpose of masquerade have a high probability of
being detected and/or recognized as not being part of a correct device.
When an SCD is designed to permit access to internal areas, e.g. for maintenance, if such access could
compromise security, it shall have a mechanism so that such access causes immediate erasure of all
cryptographic keys and other sensitive data if compromise cannot otherwise be prevented.
NOTE 2 For the purposes of this part of ISO 13491, maintenance covers the following three states of the device:
⎯ service: up-keep of the device to ensure its operational condition;
⎯ inspection: physical inspection of the device and assessment of its actual condition;
⎯ repair: reinstatement of the device to its operational condition.
The SCD and its data entry functions shall be, by design, construction and/or deployment, capable of being
shielded from direct and indirect monitoring such that no feasible attack will result in compromise of any secret
or sensitive data.
The integrity of each tamper protection mechanism shall be ensured. This may be accomplished through the
use of additional tamper prote
...