Cryptomathic Signer SAM v. 5.1 Security Target for Utimaco Cryptoserver CP5 Document Version: 5.5 Document ID: ASE_ST_UTIMACO Date: March 12, 2020 Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 ASE_ST_UTIMACO 5.5 March 12, 2020 Document Identification Document Title: Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 Document ID: ASE_ST_UTIMACO Document Version: 5.5 Date of version: March 12, 2020 Origin: Cryptomathic Author: Lone Asferg Laursen, Thomas Brochmann Pedersen TOE Reference: Cryptomathic Signer SAM v 5.1 for Utimaco Cryptoserver CP5 Product Type: QSCD 2 Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 ASE_ST_UTIMACO 5.5 March 12, 2020 Terms Term Meaning CA Certification Authority. CM Cryptographic Module. Recides within the HSM. Cryptographic Module Cryptographic Module certified according to [EN 419 221-5]. Utimaco CryptoServer Se-Series Gen2 CP5, version 5.1.0.0. DTBS/R Data To Be Signed Representation. A hash value of the document to be signed. HSM Hardware Security Module. IdP Identity Provider. Privileged User The users who administrate the TOE and the signer users. This is the Common Criteria term for administrator users. Administrator The Signer SAM term for a privileged user. QSCD Qualified Electronic Signature (or Electronic Seal) Creation Device as defined in [eIDAS]. RA Registration Authority. SAD Signature Activation Data SAM Signature Activation Module SAP Signature Activation Protocol. Protocol use to perform the signature operation. SCA Signature Creation Application. Application responsible for creating the document to be signed. SIC Signer Interaction Component. Signer User End user who can sign documents. Signing key A cryptographic key used for signing under the sole control of a signer. Signing key identifier Unique identifier of a signing key. SSA Server Signing Application [EN 419 241-1]. SVD Signature Validation Data. A certificate that can be used to validate a signature. TSP Trusted Service Provider. TW4S Trustworthy system supporting server signing [EN 419 241-1]. 3 Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 ASE_ST_UTIMACO 5.5 March 12, 2020 Table of Contents Document Identification .......................................................................................................... 2 Terms ........................................................................................................................................ 3 Table of Contents ..................................................................................................................... 4 1 Introduction ....................................................................................................................... 6 1.1 Security Target Reference ................................................................................................................... 6 1.2 TOE Reference ..................................................................................................................................... 6 1.3 TOE Overview ...................................................................................................................................... 6 1.4 TOE Description ................................................................................................................................. 11 2 Conformance Claims ........................................................................................................15 2.1 CC Conformance Claim...................................................................................................................... 15 2.2 PP Conformance Claim ...................................................................................................................... 15 3 Security Problem Definition ............................................................................................16 3.1 Assets ................................................................................................................................................ 16 3.2 Subjects ............................................................................................................................................. 18 3.3 Threats .............................................................................................................................................. 18 3.4 Relation between Threads and Assets .............................................................................................. 22 3.5 Organizational Security Policies ........................................................................................................ 23 3.6 Assumptions ...................................................................................................................................... 23 4 Security Objectives ..........................................................................................................25 4.1 Security Objectives for the TOE ........................................................................................................ 25 4.2 Security Objectives for the Operational Environment ...................................................................... 27 5 Extended Components Definition ...................................................................................38 5.1 Class FCS: Cryptographic Support ..................................................................................................... 38 6 Security Requirements ....................................................................................................40 6.1 Typographical Conventions ............................................................................................................... 40 6.2 Subjects, Objects and Operations ..................................................................................................... 40 6.3 SFRs Overview ................................................................................................................................... 41 6.4 Security Functional Requirements .................................................................................................... 43 6.5 Security Assurance Requirements .................................................................................................... 68 7 TOE Summary Specification .............................................................................................70 7.1 Security Audit (FAU) .......................................................................................................................... 70 4 Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 ASE_ST_UTIMACO 5.5 March 12, 2020 7.2 Cryptographic Support (FCS) ............................................................................................................. 70 7.3 User Data Protection (FDP) ............................................................................................................... 71 7.4 Identification and Authentication (FIA) ............................................................................................ 74 7.5 Security Management (FMT) ............................................................................................................ 75 7.6 Protection of the TSF (FPT) ............................................................................................................... 76 7.7 Trusted Paths/Channels (FTP) ........................................................................................................... 76 8 Rationale ..........................................................................................................................78 8.1 Security Requirements Rationale ...................................................................................................... 78 8.2 SFR Dependencies ............................................................................................................................. 83 Bibliography ............................................................................................................................86 5 Cryptomathic Signer Security Target for Utimaco Cryptoserver CP5 ASE_ST_UTIMACO 5.5 March 12, 2020 1 Introduction This Security Target describes the security of a software component being part of the Cryptomathic Signer product. The TOE of this ST is the SAM which is loaded as a local application onto an HSM of type Utimaco CryptoServer Se-Series Gen2 CP5, version 5.1.0.0, see [UT_ST]. The document covers a specification of the security objectives and a description of the security functional requirements of the SAM. The specifications are consistent with the Common Criteria for Information Technology Security Evaluation, Version 3.1 release 5, parts 1, 2, and 3. This section provides document management and overview information required for a security target. Section 1.1 "Security Target Reference" gives labelling and descriptive information necessary for registering the security target. Section 1.2 "TOE Reference" gives labelling and descriptive information for the TOE. Section 1.3 "TOE Overview" summarizes the TOE in a narrative form. Section 1.4 "TOE Description" contains a description of the TOE including the major security features and operating environment. 1.1 Security Target Reference Cryptomathic Signer SAM v. 5.1 Security Target for Utimaco Cryptoserver CP5, version 5.3, by Cryptomathic Certification Team, 29 january 2020. CC version 3.1 release 5, see [CC1], [CC2], and [CC3]. 1.2 TOE Reference Cryptomathic Signer SAM
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages87 Page
-
File Size-