Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 1 Mxtran Payeeton Solution Security Policy : v1.2 Version : July 11, 2011 Effective Date : Public Classification Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 2 EDITOR Author Title CW Pang Department Manager Revision History Version Description Date By 0.1 Initial Version 2010/09/15 CW Pang 0.2 Response for comments 2010/10/01 CW Pang 0.3 Update 2010/10/22 CW Pang 1.0 Final Version 2010/10/29 CW Pang 1.1 Response for CMVP comments 2011/03/30 CW Pang 1.2 Response for CMVP comments 2011/07/11 CW Pang Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 3 Table of Contents 1 Introduction ..................................................................................................................................5 1.1 Purpose..................................................................................................................................5 1.2 Scope......................................................................................................................................5 1.3 Security Level .......................................................................................................................5 2 Cryptographic Module Specification..........................................................................................6 2.1 Cryptographic Module Boundary ......................................................................................7 2.2 Hardware ..............................................................................................................................8 2.3 Firmware.............................................................................................................................10 2.4 FIPS Approved Mode of Operation..................................................................................11 2.5 FIPS Approved Security Functions ..................................................................................11 3 Cryptographic Module Ports and Interfaces ...........................................................................12 3.1 Physical Ports .....................................................................................................................12 3.2 Logical Interfaces ...............................................................................................................14 4 Roles, Services and Authentication...........................................................................................15 4.1 Roles ....................................................................................................................................15 4.2 Identification and Authentication.....................................................................................16 4.3 Services................................................................................................................................18 5 Physical Security ........................................................................................................................22 5.1 Physical Security mechanisms as required by FIPS 140-2 .............................................22 5.2 Additional Hardware Security Mechanisms....................................................................23 6 Operational Environment..........................................................................................................23 7 Cryptographic Key Management .............................................................................................24 7.1 Critical Security Parameters and Public Keys ................................................................24 7.2 Key Generation...................................................................................................................25 7.3 Key Entry and Output .......................................................................................................25 7.4 Key Storage.........................................................................................................................25 7.5 Key Zeroization ..................................................................................................................26 7.6 RNG Seed Values ...............................................................................................................26 8 Electromagnetic Interference/Compatibility (EMI/EMC) .....................................................26 9 Self-Tests .....................................................................................................................................26 9.1 Power-up Self-Tests ...........................................................................................................27 Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 4 9.2 Conditional Self-Tests ........................................................................................................28 10 Design Assurance........................................................................................................................29 10.1 Configuration Management ..............................................................................................29 10.2 Delivery and Operation .....................................................................................................29 10.3 Guidance Documents .........................................................................................................29 11 Mitigation of Other Attacks ......................................................................................................30 12 Security Rules .............................................................................................................................31 12.1 General Security Rules ......................................................................................................31 12.2 Identification and Authentication Security Rules ...........................................................31 12.3 Access Control Security Rules...........................................................................................32 12.4 Physical Security Rules......................................................................................................34 12.5 Mitigation of Other Attacks Security Rules.....................................................................34 13 Security Policy Check List Tables ............................................................................................34 13.1 Roles and required Identification and Authentication ...................................................34 13.2 Strength of Authentication Mechanisms ..........................................................................35 13.3 Services Authorized for Roles ...........................................................................................35 13.4 Mitigation of Other Attacks ..............................................................................................36 14 References ...................................................................................................................................36 15 Acronyms and Definitions .........................................................................................................37 Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 5 1 Introduction 1.1 Purpose This is a non-proprietary security policy for the Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. This Security Policy describes how the cryptographic module meets the requirements for a FIPS 140-2 level 3 validation as specified in the FIPS 140-2 standard. This Security Policy is part of the evidence documentation package to be submitted to the validation lab. FIPS 140-2 specifies the security requirements for a cryptographic module protecting sensitive information. Based on four security levels for cryptographic modules this standard identifies requirements in eleven sections. For more information about the standard, please visit http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf 1.2 Scope This Security Policy specifies the security rules under which the cryptographic module operates its major properties. It does not describe the requirements for the entire system, which makes use of the cryptographic module. 1.3 Security Level The module meets the overall requirements applicable to FIPS140-2 Security Level 3. In the individual requirement sections of FIPS 140-2 the following Security Level ratings are achieved: Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 3 3 Roles, Services, and Authentication 3 Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 6 Section Section Title Level 4 Finite State Model 3 5 Physical Security 3 6 Operational Environment N/A 7 Cryptographic Key Management 3 8 EMI/EMC 3 9 Self-tests 3 10 Design Assurance 3 11 Mitigation of Other Attacks 3 Table 1 – Security Level per FIPS 140-2 Section 2 Cryptographic Module Specification The cryptographic module acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset. The module is a single-chip module that contains a CPU, ROM, EEPROM, and RAM based on MX11E25664E controller by Mxtran. The MX11E25664E is a dual interface smart card controller that being designed for multiple applications. This device is a microcontroller combining contactless smart card technology based on the [14443] standard and contact smart card technology on a single chip. It is organized with OTPROM and EEPROM. The CPU accesses OTPROM and EEPROM via the MPU to implement data encryption. Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 7 2.1 Cryptographic Module Boundary The cryptographic module boundary is the edge of the controller globe-topped with opaque epoxy resin. The module will be embedded into a plastic film body and connected to two [7816] compliant contact plates and/or to an [14443] compliant external antenna loop. The boundary separates the module from the plastic film body, contact plates, and external antenna loop. The module is a single-chip implementation of a cryptographic module. During the manufacturing process, the epoxy-covered controller is wire-bonded into plastic film body with contact plates on both sides and/or an external antenna loop. The perimeter of the module forms the cryptographic boundary of this FIPS140-2 Security Level 3 compliant single-chip cryptographic module. The module block diagram and logical boundary are shown as following. Figure 1 – Cryptographic Module Block Diagram Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 8 Figure 2 – Cryptographic Module Logical Boundary 2.2 Hardware The module is a single-chip module that contains a CPU, ROM, EEPROM, and RAM. The boundary of the single-chip module is the edges and surfaces of the integrated circuit die. No components are excluded from the cryptographic boundary. The module is designed to be encased into different form factors such as a plastic SIM card, a SIM card with antenna, or any other support to produce the MX11E25664E controller, on which FIPS Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 9 140-2 Level 3 validated applications may be loaded and instantiated at post issuance. The following figures show two various form factors available from the module. Red perimeter indicates the cryptographic module boundary. Figure 3 – Contact Mode Figure 4 – Contactless Mode (Top view and bottom view) (Top view and bottom view) The cryptographic module is based on the MX11E25664E controller. This module comprises the following components: CPU core OTPROM as program memory Flash ROM as data/program memory EEPROM as data/program memory EEPROM as secure data memory Internal SRAM Auxiliary SRAM (including RSA dedicated SRAM) Dual data pointer Interrupt controller Four 16-bit Timers with ETU clock sources Watch Dog Timer with two clock sources (CLK and internal clock/16) Random number generator (DRNG) Triple-DES accelerator RSA coprocessors with DMA function Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 10 Two [7816] compliant electrical interfaces and response T=0 and T=1 protocol Contactless RF interface according to [14443] 13.56 MHz operating frequency 847 kHz subcarrier for load modulation CRC engine compliant to ISO/IEC 13239 2.3 Firmware The module contains platform firmware that resides in ROM of MX11E22664E controller, with key storage and future application storage functionality in the EEPROM. This firmware is implemented using high level language (C Language). It is loaded onto the module during manufacturing and does not allow for modification. An Error Detection Code (EDC) is calculated over the firmware during this installation and is checked at each power up. After completion of the manufacturing process (including pre-personalization), only trusted FIPS 140-2 validated applications shall be loaded or installed onto the module. Furthermore, at the time of loading, these applications must be identified as part of the cryptographic module. The module uses HMAC to authenticate prior validated applications and avoid the loading of any unauthorized applications. Applications are isolated from each other due to the fact that the platform firmware does not contain any constructs that allow cross-application communication directly; any such communication must go by way of systems software mechanisms, which allow for implementation of strict security measures. Applications can only perform callable Approved security functions. The platform firmware restricts direct access to CSP through APDU ([7816] communication interface) and other hardware resources for a single user application. The FIPS 140-2 validation testing targeted this specific configuration. Changes to that configuration (for example, loading another application), would constitute a new module, and the new configuration would need to undergo 140-2 testing for FIPS 140-2 compliance. There is no assurance of operation unless the modified module has been validated to FIPS 140-2, per CMVP requirements. Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 11 The firmware version supported by the module described in this security policy is: Simker 2.30. The firmware comprises the following components: Authentication (AuthtnServ): FileSystem, Atomic Crypto (CodeServ): AES, RSA, SHA, TDES, HMAC, DRNG Multiple IO (Multi_IO): ISO7816, ISO14443 APDU (Dispatcher): APDU bypass, Logical channel, multi-selectable applet management Interpreter(Interpreter): CAT applet interpreter 2.4 FIPS Approved Mode of Operation The module shall not contain a non-FIPS Approved mode of operation. Hence, as configured during production process, the module only operates in a FIPS Approved mode of operation, comprising all services described in section below. The module does not implement bypass or maintenance modes. The module will enter FIPS Approved mode following on a successful response to the initial authentication sequence handshake command. Successful transition to the FIPS Approved mode is indicated by an ATR and a Success response to the initial authentication sequence handshake command. The ATR value returned by the module during power-up serves as an Approved mode indicator. The ATR returned by the module is: ATR: 3B 97 94 80 1F C3 80 31 A0 73 BE 21 13 B1 2.5 FIPS Approved Security Functions The following table gives the list of FIPS Approved security functions that are provided by the module. Security CAVP Details Function Cert. # TDES TECB(e/d; KO 1,2); TCBC(e/d; KO 1,2) #1007 Th is d o cument may b e freely rep ro d uced an d d ist rib u ted in i ts o rigin al ent irety with o u t revisi o n. Doc. Grade: Public Mxtran Payeeton Solution Security Policy Version: 1.2 Page: 12 Security CAVP Details Function Cert. # AES ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); #1511 SHA-1 (BYTE-only) SHS #1354 SHA-256 (BYTE-only) ANSI X9.31 RNG [ TDES-2Key TDES-3Key AES-128Key AES-192Key #820 AES-256Key ] ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); 1024 , 1536 , RSA #739 2048 , SHS: SHA-1(Cert. #1354) , SHA-256(Cert. #1354) HMAC-SHA1 (Key Sizes Ranges Tested: KS