VaultIC405™, VaultIC421™, VaultIC441™ GENERAL BUSINESS USE FIPS 140-2 Non-proprietary Security Policy GENERAL BUSINESS USE TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 2 GENERAL BUSINESS USE 1. Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the INSIDE Secure VaultIC405, VaultIC421 and VaultIC441 security modules (respective ordering part numbers are ATVaultIC405, ATVaultIC421 and ATVaultIC441). This Security Policy describes how the VaultIC security module meets the security requirements of Federal Information Processing Standard (FIPS) Publication 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 level 3 validation of the module. FIPS 140-2 details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Pro- gram (CMVP) website at: http://csrc.nist.gov/groups/STM/index.html. The VaultIC security module is referred to in this document as cryptographic module, security module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Inside Secure website (http://www.insidesecure.com) contains information on the full line of products from Inside Secure. • The CMVP website (http://csrc.nist.gov/groups/STM/index.html) contains contact information for answers to technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addi- tion to this document, the Submission Package contains: • Module Technical Datasheet • Algorithm Test Form • Finite State Machine • Other supporting documentation as additional references TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 3 GENERAL BUSINESS USE 2. VaultIC Module Overview The VaultIC405, VaultIC421 or VaultIC441 is an ASSP designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection. The proven technology used in the security module is already widespread and used in national ID/health cards, e-passports, bank cards (storing user Personal Identification Number, account numbers and authentication keys among others), pay-TV access control and cell phone SIM cards (allowing the storage of subscribers’ uniqu e ID, PIN code, and authentication to the net- work), where cloning must definitely be prevented. Designed to keep contents secure and avoid leaking information during code execution, the security module includes voltage, frequency an d temperature detectors, illegal code execution prevention, tampering monitors and protection against side channel attacks and probing. The chips can detect tampering attempts and destroy sensitive data on such events, thus avoiding data confidentiality being compromised. Strong Authentication capability, secure storage and flexibility thanks to its various interfaces (USB, SPI, I2C, ISO7816), low pin count and low power consumption are main features of the VaultIC. Its embedded firmware provided advanced func- tions such as Identity-based authentication, large Cryptographic command set, various Public domain cryptographic algorithms, Cryptographic protocols, Secure Channel Protocols, Robust communication protocol Security Module block diagram Figure 2-1. Application Interface Security Domain (Security Policies, Access Controls, Role Management) Crypto Module Boundary Application Crypto Management Administration Services & Services (MAC, Signature...) (Key Management) Storage (File System) Memory Crypto Library Communication Stack (RSA, TDES, AES...) (USB, I2C T=0, T=1...) Management VaultIC Hardware Public TDES EEPROM Key AES RISC USB HS HS ISO Crypto RNG RAM CPU 2.0 I2C SPI 7816 Engine Hardware Power Security Management SPI / I2C / ISO7816 / USB TPR0550F – VIC– 06 May 14 Device FIPS 140-2 Security Policy 4 GENERAL BUSINESS USE Below is described an example of VaultIC 4xx product in the typical USB eToken application. USB eToken application Figure 2-2. 405 ATVaultIC420 USB LAN / Internet The module contains a cryptographic toolbox, providing basic FIPS Approved security functions to support SCP protocols and secure key storage. Chip Image Figure 2-3. TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 5 GENERAL BUSINESS USE Table 2-1 describes the configuration of hardware and firmware for the FIPS 140-2 validation. Versioning Information Table 2-1. VaultIC405 VaultIC421 VaultIC441 Commercial Part Number ATVaultIC405 ATVaultIC421 ATVaultIC441 ATVaultIC405 - ATVaultIC421 - ATVaultIC441 - Hardware Platform Silicon Rev C Silicon Rev C Silicon Rev C Firmware Version 1.0.1 1.0.1 1.0.1 VaultIC405, VaultIC421 and VaultIC441 modules are all the same physically and offer the same functionalities. They only differ in the size of the file system. Note 3. Security Level The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-2. Module Security Level Specification Table 3-1. Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 4 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks 3 TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 6 GENERAL BUSINESS USE 4. Modes of Operation VaultIC operates in different modes of operation, given different conditions of use of keys and cryptographic services. The mode of operation is automatically selected according to the device state and the authenticated operator. The selected mode of operation remains activated while the operator is authenticated. The mode of operation is discarded when the authentication is cancelled or the secure channel is terminated. FIPS Approved Mode of Operation and Non-Approved Mode of Operation specify the conditions of use when the product is in the field. In addition, for performance reasons, FIPS Approved Mode of Operation can be disabled at per- sonalization time. FIPS mode capability can be turned off and on by logging in as the Manufacturer role and using the Set Config command. The module is zeroized when switching between FIPS and non-FIPS mode, including the file system and cryptographic keys being wiped. By default, the module is configured in FIPS mode. Note 4.1 FIPS Approved Mode of Operation This mode is automatically selected when the device is in ACTIVATED state and an approved user or an approved administrator is successfully authenticated. While in an approved mode of operation, only Approved and Allowed Algorithms are allowed. Additional security restrictions may apply. The module will indicate that it is running in the FIPS Approved mode of operation by indicating Mode of Operation: Approved in the response of a Get Info command. Note 4.2 Non-Approved Mode of Operation This mode is automatically selected when the device is in ACTIVATED state and a non- approved user, a non-approved administrator or a manufacturer is successfully authenticated. While in a non-approved mode of operation, the VaultIC™ usage is not restricted and both Approved and Allowed Algorithms and Non-Approved, Non-Allowed Algorithms are allowed. The module will indicate that it is running in the non-FIPS Approved mode of oper- ation by indicating Mode of Operation: non-approved mode in the response of a Get Info command. Note CSPs are not shared between the non-Approved and Approved modes of operation. TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 7 GENERAL BUSINESS USE 4.3 Approved and Allowed Algorithms The cryptographic module supports the following FIPS Approved algorithms. FIPS Approved Algorithms used in VaultIC Module Table 4-1. FIPS Approved Algorithm CAVP Validation Number AES as per FIPS 197: ECB, CBC, CFB and OFB modes 2119 128, 192 and 256 bits AES as per NIST SP 800-38A Appendix B: CTR mode 2119 256 bits Triple-DES 3-Key: ECB, CBC, CFB, OFB modes EDE and EEE schemes Triple-DES 2-Key: Decrypt only for legacy use 1348 Per NIST SP 800-131A: Through December 31, 2015, the use of 2-key Triple DES for encryption is restricted: the total number of blocks of data encrypted with the same cryptographic key shall not be greater than 220. After December 31, 2015, 2-key Triple DES shall not be used for encryption. Decryption using 2-key Triple DES is allowed for legacy-use. AES CMAC as per NIST SP 800-38B: 2119 128, 192 and 256 bits SHA-1, -224, -256, -384, -512 as per FIPS 180-3 1843 HMAC as per FIPS 198: 1291 With SHA-1, -224, -256, -384, -512 RSA 1024 bits as per FIPS 186-4: Signature verification only for legacy use RSA 2048 and 3072 bits: 1089 Signature generation (using SHA-224,-256, -384, -512) Signature verification Keypair generation DSA 1024 bits as per FIPS 186-4: Signature verification only for legacy use DSA 2048 bits: 663 Signature generation (using SHA-224,-256, -384, -512) Signature verification Keypair generation ECDSA as per FIPS 186-4: Minimum 224 bits, up to 571 bits Signature generation (using SHA-224,-256, -384, -512) 316 Signature verification Keypair generation DRBG as per NIST SP800-90: 231 Using CTR_DRBG_AES_256 TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 8 GENERAL BUSINESS USE The cryptographic module supports the following non-FIPS Approved algorithms which are allowed for use in FIPS mode. FIPS Allowed Algorithms used in VaultIC Module Table 4-2. FIPS Allowed Algorithm Hardware NDRNG: Used to seed the Approved DRBG AES Key Wrap - Key establishment methodology provides 128, 192 or 256 bits of security strength 4.4 Non-Approved, Non-Allowed Algorithms The cryptographic module supports the following non-Approved algorithms to be used only in a non-Approved mode of operation. No security claim is made in the current module for any of the following non-Approved algorithms. Non-Approved, Non-Allowed Algorithms used in VaultIC Module Table 4-3. Non-FIPS Allowed Algorithm HOTP as per RFC 4226 DES as per FIPS 46-3 2-Key Triple-DES Encrypt of bulk data RSA Encrypt/Decrypt of bulk data as per PKCS#1 v2.1 ISO 9797 security functions: DES, DES MAC, 2-Key Triple-DES, Triple-DES MAC (non-compliant) The following algorithms are disallowed as of January 1, 2014 per the NIST SP 800-131A algorithm transitions: FIPS 186-4 RSA (Cert. 1089) RSASSA-PKCS1_V1_5 signature generation 2048 and 3072 bit with SHA-1 5. Ports and Interfaces The module is a single-chip module with ports and interfaces as shown below. VaultIC Pins and FIPS 140-2 Ports and Interfaces Table 5-1. Pin FIPS 140-2 Designation Name and Description SPI_SCK Control Input SPI Clock ISO_CLK Control Input ISO7816 Clock USB_XIN Control Input USB 2.0 Resonator Input USB_XOUT Status Output USB 2.0 Resonator Output TPR0550F – VIC– 06 May 14 RST Control Input CPU Reset VCC Power Power Supply FIPS 140-2 Security Policy 9 GENERAL BUSINESS USE VaultIC Pins and FIPS 140-2 Ports and Interfaces Table 5-1. Pin FIPS 140-2 Designation Name and Description GND N/A Ground SPI_MISO Status Output, Data Output SPI Master In Slave Out SPI_MOSI Control Input, Data Input SPI Master Out Slave In RTC_XIN Control Input RTC Quartz signal Input RTC_XOUT Status Output RTC Quartz signal Output VBAT Power RTC Power Supply SPI_SS Control Input SPI Slave Select I2C_SCL Control Input I2C Clock SPI_SEL Control Input SPI or I2C selection I2C_SDA Control Input, Data Input, Data Output, Status Output I2C Data line ISO_IO0 Control Input, Data Input, Data Output, Status Output ISO7816 Data line USB_DM Control Input, Data Input, Data Output, Status Output USB D- Differential Data USB_DP Control Input, Data Input, Data Output, Status Output USB D+ Differential Data GPIO#0,2,3,5,6 Control Input, Data Input, Data Output 2C Address GPIO#0 to #6 Data Input, Data Output GPIO *GPIO Pins are multiplexed. See reference [36] on page 21 6. Identification and Authentication Policy 6.1 Assumption of Roles The module supports three distinct operator roles, the User, the Administrator (Cryptographic Officer) and the Manufacturer. The cryptographic module enforces the separation of roles using identity based authentication mechanisms. It is identity based because the keys and passwords used for authentication are unique to each other. Authentication is based on the following: TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 10 GENERAL BUSINESS USE Roles and Required Identification and Authentication Table 6-1. Authentication Role Description Authentication Type Data The administrator can usually Secure Channel Protocol 03 AES S-MAC Key manage the approved roles Approved- authentication data and perform OR OR Administrator approved-only cryptographic Microsoft Card Minidriver Triple-DES 3K Key operations and key sizes 4 - 32 byte string Password A user is assumed to perform OR OR Approved- general security services and AES S-MAC Key Secure Channel Protocol 03 User approved-only cryptographic OR OR operations and key sizes Triple-DES 3K Key Microsoft Card Minidriver 4 - 32 byte string Password OR OR Triple-DES S-MAC Secure Channel Protocol 02 Key Manufacturer Manages other Users. OR OR Secure Channel Protocol 03 AES S-MAC Key OR OR Microsoft Card Minidriver Triple-DES 3K Key Strengths of Authentication Mechanisms Table 6-2. Authentication Mechanism Strength of Mechanism Based on knowledge of a 128, 192 or 256 bit AES Key (S-MAC) AES CMAC provides 128 bits of security The probability of a random attempt or . a false acceptance occurring is then 1 in 2128 which is less than 1 in 1,000,000. Secure Channel For multiple attempts in a one minute period, the device will lock out after a Protocol 03 maximum of 127 failed authentication attempts. Therefore, the probability of a random attempt succeeding within a one minute period is 127 in 2128 which is less than 1 in 100,000. Based on knowledge of a 168 bit Triple-DES Key. Triple-DES 3Keys encryption provides 112 bits of security. The probability of a random attempt or a false acceptance occurring is then 1 in 2112 which is less Microsoft Card than 1 in 1,000,000. Minidriver For multiple attempts in a one minute period, the device will lock out after a maximum of 127 failed authentication attempts. Therefore, the probability of a random attempt succeeding within a one minute period is 127 in 2112 which is less than 1 in 100,000. Based on knowledge of a hexadecimal string, between 4 and 32 bytes. The highest probability of a random attempt or a false acceptance occurring is then 1 in 232 which is less than 1 in 1,000,000. Password For multiple attempts in a one minute period, the device will lock out after a maximum of 127 failed authentication attempts. Therefore, the probability of a random attempt succeeding within a one minute period is 127 in 232 which is TPR0550F – VIC– 06 May 14 less than 1 in 100,000. FIPS 140-2 Security Policy 11 GENERAL BUSINESS USE 6.2 Authenticated Services Administrator, User and Manufacturer Services Table 6-3. Service Description Used for generation of session keys to setup secure channel and Initialize Update authenticate its message contents External Authenticate Allows transmission of authentication data Authenticated administrator can add, delete or modify authentication data Manage Users of any approved operators. Update Authentication Authenticated operator can update its own authentication data (change Data password or static keyset) Returns authentication method, roles access, security level, number of Get Authentication Info authentication attempts remaining, sequence counter Cancel Authentication Returns module to un-authenticated state Put Key Electronically enters keys (keys always encrypted in FIPS mode) Read Key Electronically outputs keys (keys always encrypted in FIPS mode) Delete Key Zeroizes keys Initializes cryptographic algorithm with key and algorithm specific Initialize Algorithm parameters Encrypt/Decrypt Message Performs data encryption/decryption of provided message Generates signature on incoming messages or verifies incoming message Generate/Verify Signature and signature Compute Message Digest Computes a digest of provided message Generate Key Pair Internally generates public/private keypair Generate Random Generates random data utilizing internal DRBG GPIO command set Provides access to General Purpose I/O pin data (no CSP access) Read/ Delete/ Modify files, folder, and access permissions of internal file File System Command set system (no CSP access) Get Info (Get Status) Provides current status of the module, and returns FIPS mode indicator Self-Tests Executes the suite of self-test Set Status Changes the Life cycle state of the module Set Config Changes internal parameters and settings of the module Test Command set Dummy commands for integration testing purposes (no CSP access) 6.3 Unauthenticated Services The cryptographic module supports the following unauthenticated services: TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 12 GENERAL BUSINESS USE Unauthenticated Services Table 6-4. Service Description Used for generation of session keys to setup secure channel and Initialize Update authenticate its message contents External Authenticate Allows transmission of authentication data Returns authentication method, roles access, security level, number of Get Authentication Info authentication attempts remaining, sequence counter Cancel Authentication Returns module to un-authenticated state The random data generated by this service is not used by any other Generate Random internal service. It is considered to be user data. It is not CSP nor is it used in the generation of any CSP or Key General Purpose I/O Provides access to I/O pin data (no CSP access) Get Info (Get Status) Provides current status of the module, and returns FIPS mode indicator Self-Tests Executes the suite of self-test TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 13 GENERAL BUSINESS USE 6.4 Definition of Critical Security Parameters (CSPs) The module contains the following CSPs: Private Keys and CSPs Table 6-5. Key Name Type Description SCP03 S-ENC Static AES (128, 192, or SCP03 static AES encryption key Key 256 bits) SCP03 S-MAC Static AES (128, 192, or SCP03 static AES MAC key Key 256 bits) SCP03 C-MAC AES (128, 192, or SCP03 AES session key for authentication of Session Key 256 bits) incoming data SCP03 R-MAC AES (128, 192, or SCP03 AES session key for authentication of Session Key 256 bits) outgoing data SCP03 C-ENC AES (128, 192, or SCP03 AES session key for data encryption Session Key 256 bits) Microsoft Minidriver 4-32 byte string Password used for operator authentication password Microsoft Minidriver Triple-DES 3K 168 Secret Key used for operator authentication Static Key bits Triple-DES 3K 168 Triple-DES Keys Used to encrypt/decrypt messages bits Triple-DES 2K 112 Triple-DES Keys Used to decrypt messages bits AES (128, 192, or Used to encrypt/decrypt messages or generate C- AES Keys 256 bits) MACs Used to seed the FIPS Approved DRBG Seed and Seed Key Seed and Seed Key (CTR_DRBG_AES256) RSA Private Key RSA 2048 & 3072 bits Used for RSA signature generation DSA Private Key DSA 2048 bits Used for DSA signature generation ECDSA Private Key ECDSA 224+ curves Used for ECDSA signature generation 6.5 Definition of Public Keys The module contains the following public keys: Public Keys Table 6-6. Key Name Type Description RSA Public Key RSA 1024 bits Used to verify RSA signatures (legacy use) RSA Public Key RSA 2048 & 3072 bits Used to verify RSA signatures DSA Public Key DSA 1024 bits Used to verify DSA signatures (legacy use) TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 14 GENERAL BUSINESS USE Public Keys Table 6-6. Key Name Type Description DSA Public Key DSA 2048 bits Used to verify DSA signatures ECDSA Public Key ECDSA 224+ curves Used to verify ECDSA signatures ECDSA Public Key ECDSA 163+ curves Used to verify ECDSA signatures (legacy use) TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 15 GENERAL BUSINESS USE 6.6 Definition of CSPs Modes of Access Table 6-7 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: • G = Generate: the module generates the CSP. • R = Read: the module reads the CSP. The read access is typically performed before the module uses the CSP. • W = Write: the module writes the CSP. The write access is typically performed after a CSP is imported into the module, or the module generates a CSP, or the module overwrites an existing CSP. • Z = Zeroize: the module zeroizes the CSP. CSP Access Rights within Roles & Services Table 6-7. Role Authorized Service Mode Cryptographic Key or CSP User, CO, SCP03 S-ENC Static Key Initialize Update R Manuf SCP03 S-MAC Static Key SCP03 C-MAC Session Key User, CO, Initialize Update SCP03 R-MAC Session Key G Manuf SCP03 C-ENC Session Key SCP03 C-MAC Session Key SCP03 R-MAC Session Key User, CO, SCP03 C-ENC Session Key External Authenticate R Manuf Microsoft Minidriver Static Key Microsoft Minidriver Password SCP03 S-ENC Static Key CO Manage Users SCP03 S-MAC Static Key W, Z Microsoft Minidriver Static Key SCP03 S-ENC Static Key SCP03 S-MAC Static Key User, CO Update Authentication Data W Microsoft Minidriver Static Key Microsoft Minidriver Password RSA private keys DSA private keys ECDSA private keys User, CO Put Key W AES keys Triple-DES keys HMAC Keys RSA private keys DSA private keys ECDSA private keys User, CO Read Key R AES keys Triple-DES keys HMAC Keys RSA private keys DSA private keys ECDSA private keys User, CO Delete Key Z AES keys Triple-DES keys HMAC Keys TPR0550F – VIC– 06 May 14 AES keys User, CO Encrypt / Decrypt R Triple-DES keys FIPS 140-2 Security Policy 16 GENERAL BUSINESS USE CSP Access Rights within Roles & Services Table 6-7. Role Authorized Service Mode Cryptographic Key or CSP RSA private keys DSA private keys User, CO Generate / Verify Signature ECDSA private keys R AES keys HMAC Keys User, CO Compute Message Digest N/A N/A RSA private keys User, CO Generate Key Pair DSA private keys G, W ECDSA private keys User, CO, Get Info N/A N/A Manuf RSA private keys DSA private keys User, CO, ECDSA private keys Self-Tests R Manuf AES keys Triple-DES keys HMAC Keys RSA private keys DSA private keys ECDSA private keys Manuf Set Status Z AES keys Triple-DES keys HMAC Keys User, CO, Get Authentication Info N/A N/A Manuf SCP03 C-MAC Session Key User, CO, Cancel Authentication SCP03 R-MAC Session Key Z Manuf SCP03 C-ENC Session Key RSA private keys DSA private keys ECDSA private keys User, CO Initialize Algorithm R AES keys Triple-DES keys HMAC Keys User, CO, Generate Random N/A N/A Manuf User, CO, GPIO Command Set N/A N/A Manuf User, CO, File System Command Set N/A N/A Manuf CO Set Config N/A N/A User, CO, Test Command Set N/A N/A Manuf TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 17 GENERAL BUSINESS USE 7. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the Module does not contain a modifiable operational environment. 8. Security Rules The module design corresponds to the module's security rules. This section documents the security rules enforced by the cryptographic mod ule to implement the security requirements of this FIPS 140-2 Level 3 module. 1. The cryptographic module shall provide three distinct operator roles. These are the Approved User role, the Cryptographic Officer role and the Manufacturer role. 2. The cryptographic module shall provide identity-based authentication. 3. The cryptographic module shall clear previous authentications on power cycle. 4. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 5. The cryptographic module shall perform the following tests a. Power up Self-Tests – Cryptographic algorithm tests –Triple-DES Encrypt and Decrypt Known Answer Tests –AES Encrypt and Decrypt Known Answer Tests –AES CMAC Known Answer Test –HMAC-SHA-1, -256 and -512 Known Answer Test –DRBG Known Answer Test –RSA Sign/Verify Known Answer Test –DSA Pairwise Consistency Test –ECDSA Pairwise Consistency Test – Firmware Integrity Test - 16 bit CRC b. Critical Functions Tests: N/A c. Conditional Self-Tests – Continuous Random Number Generator (RNG) test - performed on NDRNG and DRBG, 128 bits – DSA Pairwise Consistency Test – RSA Pairwise Consistency Test – ECDSA Pairwise Consistency Test 6. The operator shall be capable of commanding the module to perform the power-up self- test by cycling power or resetting the module. 7. Power-up self tests do not require any operator action. 8. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 9. Status information does not contain CSPs or sensitive data that if misused could lead to TPR0550F – VIC– 06 May 14 a compromise of the module. FIPS 140-2 Security Policy 18 GENERAL BUSINESS USE 10. There are no restrictions on which keys or CSPs are zeroized by the zeroization method. 11. The module does not support concurrent operators. 12. The module does not support a maintenance interface or role. 13. The module does not support manual key entry. 14. The module does not have any external input/output devices used for entry/output of data. 15. The module does not enter or output plaintext CSPs. 16. The module does not output intermediate key values. 17. During authentication via the External Authenticate service, the operator shall authenticate using a password constructed from hexadecimal symbols. ASCII passwords shall not be used. TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 19 GENERAL BUSINESS USE 9. Physical Security Policy 9.1 Physical Security Mechanisms The VaultIC single-chip module has the following physical security mechanisms • Environmental failure protection (EFP) features for temperature, voltage, internal clock frequency, and duty cycle are provided by immediate reset circuitry. • The removal-resistant coating with hardness and adhesion characteristics covers the single- chip module, and attempts to peel or pry the coating from the module results in irreparable damage to the module • The shield removal detection circuitry results in reset upon an attempt to remove the metal coating from the unit • The removal-resistant coating has solvency characteristics such that dissolving the coating has a high probability of seriously damaging the module 10. Mitigation of Other Attacks Policy The module has been designed to mitigate against UV light attacks and DPA attacks, which are outside of the scope of FIPS 140-2. Mitigation of Other Attacks Table 10-1. Other Attacks Mitigation Mechanism Specific Limitations The module contains a UV light detector that will trigger when the surface of the chip is submitted to a UV Light Attacks certain cumulative UV light. Once this kind of attack is N/A detected, the device stays under infinite reset even when the light source is removed. It is not feasible to monitor current consumption to determine the value of an algorithm's keys. Current DPA N/A consumption has been designed and tested to be equivalent for both a logic "0" or logic "1". TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 20 GENERAL BUSINESS USE Referenced Documents RSA Laboratories. PKCS#1 v1.5: RSA Cryptography Standard. March 1998. [1] RSA Laboratories. PKCS#1 v2.1: RSA Cryptography Standard. June 2004. [2] RSA Laboratories. PKCS#5 v2.0: Password-based Cryptography Standard. Mar 1999 [3] RSA Laboratories. PKCS#7 v1.5: Cryptographic Message Syntax Standard. Nov 1993 [4] RSA Laboratories. PKCS#11 v2.20: Cryptographic Token Interface Standard. Jun 2004 [5] FIPS PUB 46-3. Data Encryption Standard (DES). October 1999. [6] FIPS PUB 186-3. Digital Signature Standard. June 2009. [7] FIPS PUB 180-3. Secure Hash Standard. October 2008. [8] FIPS PUB 140-2. Security requirements for Cryptographic Modules. May 2001. [9] FIPS PUB 196. Entity authentication using public key cryptography. Feb 1997. [10] FIPS PUB 197. Advanced Encryption Standard. Nov 2001 [11] FIPS PUB 198. The Keyed-Hash Message Authentication Code (HMAC). March 2002. [12] ISO9798-2 Entity authentication - Part 2: Mechanisms using symmetric encipherment [13] algorithms. July 1999. ISO9797-1. Information technology -- Security techniques -- Message Authentication [14] Codes (MACs) -- Part 1: Mechanisms using a block cipher, 1999 ISO7816-3. Integrated Circuit Cards - Part 3: Cards with contacts: Electrical interface [15] and transmission protocols. Dec 2004. ISO7816-4. Integrated Circuit Cards - Part 4: Organization, security and commands for [16] interchange. Sept 2004. RFC 2459. Internet X509 Public Key Infrastructure Certificate and CRL profile Jan 1999 [17] RFC 4226. HOTP: An HMAC-Based One-Time Password Algorithm. Dec 2005 [18] ANSI X9.19 [19] ANSI X9.31. Digital Signatures Using Reversible Public Key Cryptography for the Finan- [20] cial Services Industry (rDSA). 1998. ANSI X9.62. Public Key Cryptography For The Financial Services Industry: The Elliptic [21] Curve Digital Signature Algorithm (ECDSA)©. 1998. Philips® - THE I2C-BUS SPECIFICATION VERSION 2.1 - January 2000 [22] Universal Serial Bus Specification Revision 2.0. April 2000 [23] DWG - Specification for USB Integrated Circuit(s) Card Devices Revision 1.0. April 2005 [24] DWG - Specification for Integrated Circuit(s) Cards Interface Devices Revision 1.1 April [25] 2005 GlobalPlatform. Card specification v2.2. March 2006. [26] GlobalPlatform. Secure Channel Protocol 03 - Card Specification v2.2 Amendment D - [27] February 2009 Handbook of Applied Cryptography. ISBN: 0-8493-8523-7. Oct. 1996. [28] INSIDE Secure. 6528B Secure your embedded devices - February 2011. [29] Microsoft® - Smart Card Minidriver Specification for Windows® Base Cryptographic Ser- [30] vice Provider (Base CSP) and Smart Card Key Storage Provider (KSP) Version 5.07 - Sept 2007 NIST SP 800-89 - Recommendation for Obtaining Assurances for Digital Signature [31] Applications - November 2006 NIST SP 800-108 - Recommendation for Key Derivation Using Pseudorandom Func- [32] tions, November 2008 NIST SP 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC [33] Mode for Authentication - May 2005 NIST SP 800-63 - Electronic Authentication Guideline - April 2006 [34] NIST SP 800-90 - Recommendation for Random Number Generation Using Determinis- [35] tic Random Bit Generators - March 2007 TPR0550F – VIC– 06 May 14 ValltIC441 Technical Datasheet [36] FIPS 140-2 Security Policy 21 GENERAL BUSINESS USE Definitions and abbreviations AES Advanced Encryption Standard algorithm as defined in FIPS PUB 197 [11] Authentication An identification or entity authentication technique assures one party (the verifier), through acquisition of corroborative evidence, of both the identity of a second party involved, and that the second (the claimant) was active at the time the evidence was created or acquired. (From Hand- book of Applied Cryptography [28]) Authenticity The property that data originated from its purported source. ASSP Application Specific Standard Product Brute force attack Hacking technique that consist in trying every character combination to guess a password. CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining method applied to block ciphers CFB Cipher Feedback Register chaining method applied to block ciphers CMAC Cipher-based Message Authentication Code CPU Central Processing Unit Cryptographic key A bit string used as a secret parameter by a cryptographic algorithm. To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. DES Data Encryption Standard algorithm as defined in FIPS PUB 46-3 [6] Device Any CPU with master or slave capability DRBG Deterministic Random Bit Generator as defined in SP 800-90 [35] Dictionary attack Hacking technique that consist in trying commonly used passwords to guess a password. DSA Digital Signature Algorithm as defined in FIPS PUB 186-3 [7] ECB Electronic Code Book chaining method applied to block ciphers ECDSA Elliptic Curves DSA as defined in FIPS PUB 186-3 [7] FIPS Federal Information Processing Standards FIPS-Approved An algorithm or technique that is specified or adopted in FIPS. HMAC Hash-based Message Authentication Code as defined in FIPS PUB 198 [12] Host Entity that communicates (directly or not) with the device. HOTP HMAC-based One Time Password algorithm as defined in RFC 4226 [18] Integrity The property that received data has not been altered ISO7816 Smart Card interface MAC Message Authentication Code - A bit string of fixed length, computed by a MAC generation algo- rithm, that is used to establish the authenticity and, hence, the integrity of a message. Master The device that initiates and terminates a transmission. The Master also generates the clock for synchronous interface. TPR0550F – VIC– 06 May 14 NIST National Institute of Standards and Technology FIPS 140-2 Security Policy 22 GENERAL BUSINESS USE OFB Output Feedback Register chaining method applied to block ciphers OS Operating Systems PKI Public Key Infrastructure Receiver The device reading data from the bus RSA Rivest Shamir Adleman algorithm Seed (pseudo-)random number SCP Secure Channel Protocol as defined by GlobalPlatform v2.2 [27] SHA Secure Hash Algorithm as defined in FIPS PUB 180-3 [8] Slave The device addressed by a master SPI Serial Protocol Interface Strong Authentication Exchange of messages during which a claimant proves its identity to a verifier by demonstrating its knowledge of a secret but without revealing it Transmitter The device placing data on the bus TWI / I2C Two Wire Interface and Inter Integrated Circuit Bus respectively USB Universal Serial Bus as defined in USB 2.0 standard [23] TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 23 GENERAL BUSINESS USE Headquarters Product Contact INSIDE Secure Web Site Technical Support Sales Contact Arteparc Bachasson, Bat A www.insidesecure.com e-security@insidefr.com sales_web@insidefr.com Rue de la carriere de Bachasson CS70025 13590 Meyreuil France Tel: +33 (0)4-42-905-905 Fax: +33 (0)4-42-370-198 Disclaimer: All products are sold subject to INSIDE Secure Terms & Conditions of Sale and the provisions of any agreements made between IN SIDE Secure and the Customer. In ordering a product covered by this document the Customer agrees to be bound by those Terms & Conditions and agreements and nothing contained in this document constitutes or forms part of a contract (with the exception of the contents of this Notice). A copy of INSIDE Secure’ Terms & Condi- tions of Sale is available on request. Export of any INSIDE Secure product outside of the EU may require an export Licence. The information in this document is provided in connection with INSIDE Secure products. No license, express or implied, by esto ppel or otherwise, to any intel- lectual property right is granted by this document or in connection with the sale of INSIDE Secure products. EXCEPT AS SET FORTH IN INSIDE SECURE’S TERMS AND CONDITIONS OF SALE, INSIDE SECURE OR ITS SUPPLIERS OR LICENSORS ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL INSIDE SECURE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA) NOTWITHSTANDING THE THEORY OF LIABILITY UNDER WHICH SAID DAMAGES ARE SOUGHT, INCLUDING BUT NOT LIM- ITED TO CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY, STRICT LIABILITY, STATUTORY LIABILITY OR OTHERWISE, EVEN IF INSIDE SECURE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. INSIDE Secure makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. INSIDE Secure does not make any commitment to update the information contained herein. INSIDE Secure advises its customers to obtain the latest version of device data sheets to verify , before placing orders, that the information being relied upon by the customer is current. INSIDE Secure products are not intended, authorized, or warranted for use as crit ical components in life support devices, systems or applications, unless a specific written agreement pertaining to such intended use is executed between the m anufacturer and INSIDE Secure. Life support devices, systems or applications are devices, systems or applications that (a) are intended for surgical mplant to the body or (b) support or i sustain life, and which defect or failure to perform can be reasonably expected to result in an injury to the user. A critical component is any component of a life support device, system or application which failure to perform can be reasonabl expected to cause the failure of y the life support device, system or application, or to affect its safety or effectiveness. The security of any system in which the product is used will depend on the system’ security as a whole. Where security or cryptography features are mentioned s in this document this refers to features which are intended to increase the security of the product under normal use and in normal circumstances. © INSIDE Secure 2013. All Rights Reserved. INSIDE Secure ®, INSIDE Secure logo and combinations thereof, and others are registe red trademarks or trade- names of INSIDE Secure or its subsidiaries. Other terms and product names may be trademarks of others. TPR0550F – VIC – 06 May 14 GENERAL BUSINESS USE TPR0550F – VIC– 06 May 14 FIPS 140-2 Security Policy 25 GENERAL BUSINESS USE