Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Certain contents of this document may involve patents. The organization issuing this document shall not undertake the responsibility of identifying these patents.
This standard was proposed and is under jurisdiction of the State Encryption Management Bureau.
Introduction
Security chip is an important basic security function unit, and is widely used in computer, information and communication system. Especially, many security chips have one or more cipher functions. The security chip in this standard refers to the integrated circuit chip which has realized one or more cryptographic algorithms, and protects the key and sensitive information by directly or indirectly using cryptographic technology.
On the basis of cryptographic algorithm, the security chip must have one or more security capabilities according to the difference of design and application. This standard classifies security capability into 9 parts, i.e., cryptographic algorithm, security chip interface, key management, sensitive information protection, security chip firmware security, self-inspection, audit, weakening and protection against attack and life cycle assurance, and classifies the security capability of each part into three security grades (with security successively increased), and specifies security requirements for each security grade. The security grade of security chip is set as the lowest security grade of the security capability possessed by the security chip.
In case of using the cipher function of security chip, the security capability of security chip is very important for assuring the security of entire system. In order to provide expected security service and meet the security requirements of application and environment, security chip with appropriate security grade shall be selected so as to ensure that computer, information and communication system using security chip can provide a kind of acceptable security grade for special application.
This standard may provide criteria for security chip which has applicable security grade and meets application and environmental safety requirements, and also may provide guidance for development of security chip.
Cryptography Test Criteria for Security IC
1 Scope
This standard specifies three security grades with security capability successively increased, and cryptography test requirements for security chip of each security grade.
This standard is applicable to cryptography test of security chip and may also guide the development of security chip.
2 Normative References
The following referenced document is indispensable for the application of this document. For dated reference, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0005 Randomness Test Specification
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1
key
critical information or parameter controlling the operation of cryptographic transformation
3.1.2
sensitive information
data needing protection in addition to key in the security chip
3.1.3
security chip
integrated circuit chip, containing cryptographic algorithm and security function, capable of realizing key management mechanism
3.1.4
security capability
direct or indirect assurance and protective measures provided by security chip for key and sensitive information
3.1.5
block cipher operation mode
block cipher operation mode mainly includes the modes of electronic code book (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB) and counter (CTR)
3.1.6
public key cipher application mode
public key cipher application mode mainly includes encryption/decryption, signature/confirmation and key agreement
3.1.7
operation speed of cryptographic algorithm
maximum data quantity processable in unit time of cryptographic algorithm achieved by security chip
3.1.8
physical random source
source block in random sequence generated on the basis of uncertainty of physical noise
3.1.9
firmware
program code solidified in the security chip, responsible for controlling and coordinating the password and security function of security chip
3.1.10
hardware
physical entity in security chip
3.1.11
life cycle
whole process from development of security chip to delivery to user for use
3.1.12
identification
a group of data solidified inside the security chip for identification of different security chips
3.1.13
permission
a group of rules specifying the operating range permitted by the user
3.1.14
key management
a group of definite rules established and implemented in allusion to the generation, registration, certification, deregistration, distribution, installation, storage, filing, revocation, derivation and destruction of key according to security policy
3.1.15
covert channel
transmission channel for transmitting key and sensitive information in violation of security requirements
3.1.16
zeroization
a kind of method to erase electronic data and avoid data recovery
3.1.17
interface
input or output point of security chip, which provides the entrance or exit of inputting or outputting chip for the information flow, including physical interface and logical interface
3.1.18
physical interface
interface of various transmission media or transmission equipment
3.1.19
logical interface
interface which is capable of realizing data exchange function for physical interface, but inexistent physically and needs to be established through configuration
3.1.20
timing attack
a kind of attack pattern to obtain the key and sensitive information in the chip by analyzing according to operation timing difference of cryptographic algorithm in security chip
3.1.21
power analysis attack
a kind of attack pattern to obtain the key and sensitive information in the chip by acquiring the power consumption information of security chip generated during crypto-operation with such principles as cryptography, statistics and information theory
3.1.22
EM analysis attack
a kind of attack pattern to obtain the key and sensitive information in the chip by acquiring the electromagnetic radiation information of security chip generated during crypto-operation with such principles as cryptography, statistics and information theory
3.1.23
fault attack
a kind of attack pattern to obtain the key and sensitive information in the chip by analyzing such fault behavior or error message of hardware fault or arithmetical error which may appear in the operation process of security chip
3.1.24
light attack
attack by using the energy of illumination (conducted for package-removed security chip) to change the operation state of security chip
3.1.25
source file
file such as software source code, layout and HDL source code involved in the process of security chip development
3.2 Abbreviations
For the purpose of this document, the following abbreviation applies.
HDL Hardware Description Language
4 Classification of Security Grade
4.1 Security Grade 1
Security Grade 1 specifies the lowest required security grade requirements for security capability of security chip, and requires security chip to provide basic protective measures for key and sensitive information.
The security chip reaching Security Grade 1 may be applied to the external operating environment deployed by security chip which is capable of ensuring physical security and input/output information security of security chip.
4.2 Security Grade 2
Security Grade 2 specifies the medium security grade requirements for security capability of security chip. On the basis of Security Grade 1, Security Grade 2 specifies the logical and/or physical protective measures which must be equipped for security chip. Security Grade 2 requires that security chip is capable of protecting key and sensitive information, and has logical and/or physical preventive measures against attack, and that testing unit can describe the validity of corresponding preventive measures; security chip shall have relatively comprehensive assurance of life cycle.
The security chip reaching Security Grade 2 may be applied to the external operating environment deployed by security chip which is not capable of ensuring physical security and input/output information security of security chip, in such environment, security chip has basic protection capability for various security risks.
4.3 Security Grade 3
Security Grade 3 specifies the high security grade requirements for security capability of security chip. On the basis of Security Grade 2, Security Grade 3 specifies the logical and/or physical protective measures which must be equipped for security chip. Security Grade 3 requires that security chip is capable of providing high-grade protection for key and sensitive information, and has logical and/or physical security mechanism which can provide overall protection for key and sensitive information, and that security chip is capable of defensing various attacks specified in this standard; it also requires that testing unit can certify the validity of corresponding preventive measures, and security chip shall have relatively integral assurance of life cycle.
The security chip reaching Security Grade 3 may be applied to the external operating environment deployed by security chip which is not capable of ensuring physical security and input/output information security of security chip, in such environment, security chip has basic protection capability for various security risks.
5 Cryptographic Algorithm
5.1 Random Number Generation
5.1.1 Security Grade 1
a) Security chip must be provided with at least 2 mutually independent physical random sources to directly generate random number or generate initial input of random number extended algorithm. The random number directly generated by physical random source or the initial input of extended algorithm of such random number must be generated through exclusive-or operation of all output of physical random source.
b) Within the range of temperature working condition supported by security chip, three working conditions are set, i.e., upper and lower temperature limits and room temperature, and the random number generated by security chip shall be capable of meeting the requirements of randomness test specified in GM/T 0005.
5.1.2 Security Grade 2
a) Security chip must be provided with at least 4 mutually independent physical random sources to directly generate random number or generate initial input of random number extended algorithm. The random number directly generated by physical random source or the initial input of extended algorithm of such random number must be generated through exclusive-or operation of all output of physical random source.
b) Within the range of frequency and temperature working condition supported by security chip, frequency and temperature (9 kinds in total) are set, i.e., upper and lower temperature limits, room temperature, upper and lower frequency limits and normal frequency, and the random number generated by security chip shall be capable of meeting the requirements of randomness test specified in GM/T 0005.
5.1.3 Security Grade 3
a) Security chip must be provided with at least 8 mutually independent and dispersedly distributed physical random sources to directly generate random number or generate initial input of random number extended algorithm. The physical random source shall be realized by adopting at least two kinds of design principles. The random number directly generated by physical random source or the initial input of extended algorithm of such random number must be generated through exclusive-or operation of all output of physical random source.
b) Within the range of frequency and temperature working condition supported by security chip, frequency and temperature (9 kinds in total) are set, i.e., upper and lower temperature limits, room temperature, upper and lower frequency limits and normal frequency, and the random number generated by security chip shall be capable of meeting the requirements of randomness test specified in GM/T 0005.
5.2 Block Cipher
5.2.1 Security Grade 1
a) Block cipher supported by security chip can be correctly realized in various operation modes.
b) Security chip must determine the operation speed of block cipher in various operation modes.
5.2.2 Security Grade 2
On the basis of Security Grade 1:
a) Security chip is capable of giving definite result or making a response for any input data.
b) Special hardware circuit must be adopted to realize the core operation link of block cipher supported by security chip.
5.2.3 Security Grade 3
On the basis of Security Grade 2:
a) Special hardware circuit must be adopted to realize block cipher supported by security chip.
b) Security chip is capable of verifying the accuracy of supported block cipher in various operation modes.
5.3 Public Key Cipher
5.3.1 Security Grade 1
a) Public key cipher supported by security chip can be correctly realized in various operation modes.
b) Security chip must determine the operation speed of public key cipher in various application modes.
c) If the public key cipher supported by security chip needs the security chip to generate prime number, the generated prime number must pass the primality test.
5.3.2 Security Grade 2
On the basis of Security Grade 1:
a) Security chip is capable of giving definite result or making a response for any input data.
b) Special hardware circuit must be adopted to realize the core operation link of public key cipher supported by security chip.
5.3.3 Security Grade 3
On the basis of Security Grade 2:
a) Special hardware circuit must be adopted to realize public key cipher supported by security chip.
b) Security chip is capable of verifying the accuracy of supported public key cipher in various application modes.
5.4 Hash Cipher
5.4.1 Security Grade 1
a) Hash cipher supported by security chip can be correctly realized.
b) Security chip must determine the operation speed of hash cipher.
5.4.2 Security Grade 2
On the basis of Security Grade 1:
a) Security chip is capable of giving definite result or making a response for any input data.
b) Special hardware circuit must be adopted to realize the core operation link of hash cipher supported by security chip.
5.4.3 Security Grade 3
On the basis of Security Grade 2:
a) Special hardware circuit must be adopted to realize hash cipher supported by security chip.
b) Security chip itself is capable of verifying the accuracy of supported hash cipher.
5.5 Stream Cipher
5.5.1 Security Grade 1
a) Stream cipher supported by security chip can be correctly realized.
b) Security chip must determine the operation speed of stream cipher.
5.5.2 Security Grade 2
On the basis of Security Grade 1:
a) Security chip is capable of correctly processing the non-normative seed key of stream cipher.
b) Special hardware circuit must be adopted to realize the core operation link of stream cipher supported by security chip.
5.5.3 Security Grade 3
On the basis of Security Grade 2:
a) Special hardware circuit must be adopted to realize stream cipher supported by security chip.
b) Security chip itself is capable of verifying the accuracy of supported stream cipher.
Foreword III
Introduction IV
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
3.2 Abbreviations
4 Classification of Security Grade
4.1 Security Grade
4.2 Security Grade
4.3 Security Grade
5 Cryptographic Algorithm
5.1 Random Number Generation
5.2 Block Cipher
5.3 Public Key Cipher
5.4 Hash Cipher
5.5 Stream Cipher
6 Security Chip Interface
6.1 Physical Interface
6.2 Logical Interface
7 Key Management
7.1 Generation
7.2 Storage
7.3 Application
7.4 Update
7.5 Import
7.6 Export
7.7 Clearing
8 Sensitive Information Protection
8.1 Storage
8.2 Clearing
8.3 Operation
8.4 Transmission
9 Firmware Security
9.1 Storage
9.2 Execution
9.3 Import
10 Self Inspection
10.1 Security Grade
10.2 Security Grade
10.3 Security Grade
11 Audit
11.1 Security chip identification
11.2 Life cycle identification
12 Attack Weakening and Protection
12.1 Layout Protection
12.2 Self-destruction of Key and Sensitive Information
12.3 Protection against Timing Attack
12.4 Protection against Power Analysis Attack
12.5 Protection against EM Analysis Attack
12.6 Protection against Fault Attack
13 Life Cycle Guarantee
13.1 Unit Qualification
13.2 Document
13.3 Development Environment Safety
13.4 Personnel
13.5 Development Process
13.6 Source Files
References