DEALING WITH SMART CARDS AS EVALUATED SYSTEMS
Gamma Secure Systems Limited
Diamond House, 149 Frimley Rd
Camberley, Surrey GU15 2PS, UK
Global Platform Inc
900 Metro Center Boulevard
Foster City, CA 94404, USA
|* PUBLISHED AT THE
4rd INTERNATIONAL COMMON CRITERIA CONFERENCE, 8-9 SEPTEMBER 2003,
SWEDEN © 2003 GAMMA & GLOBALPLATFORM. Personal use of this material is permitted.
However, permission to reprint/republish this material for advertising
or promotional purposes or for creating new collective works for resale
or redistribution to servers or lists, or to reuse any copyrighted
component of this work in other works must be obtained from both Gamma
||Following a brief introduction, I will explain what the CSRS is
and consider its relationship to the CC through SFRs and STs. I will
then address the main topic of this presentation - “dealing with the
environment” and “system certification”. I then then summarise our
contribution to this track.
|Note that the CSRS and other GlobalPlatform specifications are
available free-of-charge from this website.
The purpose of the GP is to provide a secure
environment for loading, executing and deleting applications.
Because the applications may belong to different
organisations, each has a secure representative onboard, referred to
as the Issuer Security Domain (for the Card Administrator, who for the
operational life of the card will be the Card Issuer) or as a Security
Domain (shown here as an Application Provider Security Domain).
There are GP functions in support of these
Security Domains, called the OPEN, and a means for the applications to
invoke them, the OP API.
Also in support of the applications, and the
OPEN, is the RTE (e.g. JavaCard <<point to RTE>>) which is accessible
through the RTE API.
In support of the RTE is the Card OS and the IC.
I have mentioned that there may be many
organisations involved, for example a bank (as Card Issuer and the
Application Provider for various payment applications) and various
retailers, each with their own loyalty application. Indeed, as shown
in this diagram, there are many roles. Sometimes, many of these roles
will be played by the same actor. In other cases, many different
actors will play the same role.
The principal user of GP is the Card
Administrator, who owns the Issuer Security Domain and has ultimate
control of the card.
Other off-card entities that are recognised by
the card are referred to as Security Domain Users. Each has its own
Security Domain. What they can do, in terms of card content
management, however, depends on the privileges granted to their
Security Domain by the Card Administrator.
Applications may also invoke GP. Again, what
they can do is governed by Application privilege.
The cardholder is also a user of the card. They
may be authenticated by GP, although, strictly speaking it is the
application that invokes GP’s cardholder verification methods that is
the user, rather than the cardholder per se.
There are also some commands, which do not
require authentication. e.g. the GETDATA command. For these commands,
the card does not necessarily know who issued them, and there we need
to contend also with the “unknown user”
Please appreciate that the Card Specification is
full of optional functionality, shown here grouped into 37 different
packages. Choosing one package, however, may require the presence of
others. It may look rather complicated, but its purpose is to allow
the card configuration to be tailored to suit the business
requirements, and, as we shall see later, also the risk environment.
As the CC does not seem readily to cope with optional functionality,
this real-life requirement, has always presented problems to GP.
Finally, it is useful to reflect on the history
of the CSRS.
At the turn of the century, the smart card world
become extremely enthusiastic about the CC as it promised, through the
CCRA, “evaluated once – approve everywhere”. Sadly this promise
remains illusory, but over the next two years a variety of smart card
protection profiles emerged. We, at Visa, produced one for the
precursor to GP – “Open Platform”. It was innovative, and provided
solutions to the problems of card configurations and evaluation by
In 2002 Visa assigned the IPR in OP to GP. It
seemed natural to assign the IPR in OP3 as well, but the GP Board
questioned the wisdom of producing yet another PP.
In May 2002, at ICCC3 in Ottawa,
David Brewer, one of the authors of OP3 published the innovations
behind the work he had been doing in Taiwan to produce a Security
Target compliant with OP3 and all these other smart card PPs. GP
embraced those innovations as the way ahead and accordingly produced
the CSRS, which we published in May.
|So what is it?
||Well simply it is a comprehensive semi-formal specification for
GP, the RTE, OS and the IC. Naturally , the CSRS complies with
the Card Specification, but it also addresses every requirement
specified in the SCSUG, SSVG and JCS PPs. It is not a PP, but it
closely follows the structure of one. The assets are enumerated in
considerable detail. The threats are borrowed from the SCSUG and
augmented to cover specific GP requirements and the other PPs. There
are no objectives or assumptions, just policies – more about this
later. The CSRS covers all possible card configurations, and is
considerably more comprehensive than OP3And finally, I should remark
that the semiformal specification of the required security
functionality allows not only the detail to to captured but also the
|So lets look at it.
The functions are represented by tables. There
are three types, blue, green and yellow. Blue tables are access
control tables. They are expressed in terms of the usual parameters –
users, subjects, objects, security attributes and operations – and
have a yes/no outcome. Formality is introduced by rigorously adhering
to this format and using a standard way of referring to the various
In addition, each table identifies the security
preconditions and post conditions. This is how we express the
Here is the corresponding CC SFR taken from the
SCSUG PP. Note the differences in the generic and specific forms.
The relationship between all CSRS security
features and the PP SFRs is given in a table in Appendix A to the
CSRS. The table also shows the threats and policies that those
features counter. Note that each CSRS security feature may address
The next type of security feature table addresses
functions, such as APDU commands and API invocations. Unlike access
control tables, there are no users or subjects, as the access control
decisions have already been made.
Functions, such as these, can, however, fail.
For example, having decided that role X may load an application, there
might not be enough memory to complete the operation.
Here are the SFRs that correspond
to this table. In OP3 the rules for function failure and success were
closely coupled with those that directly concerned access control.
There aren’t really any CC SFRs that tease out this sort of function
failure requirement, which have much to do with integrity and
availability and little to do with authorization.
|The third type are also functions, which ought to work (unless
there is a programming exception or power failure – which are dealt
with by other tables). These have only one outcome. Note the
|The security features are grouped in accordance with this diagram,
which is closely related to the architecture proposed by Brewer et al
at ICCC3. We started with that model and changed it quite dramatically
at times, but eventually finished with really just a few minor
amendments. The real value of our work lies in the detail.
|Here’s some of it.
And here is the rest
We could spend a lot of time navigating this
diagram, and in doing so you will really start to understand how the
smart card works, and in particular the interactions between the
various security features.
However, let me give just one example…
Let us imagine the the card is in a reader, is
powered up, the Issuer Security Domain is the SELETED application but
a Secure Channel Protocol session is not in progress. Here are the
parts of the architecture that we need to look at
An APDU command (INSTALL [for INSTALL]) arrives
at the card. It is validated and dispatched.
As there is no SCP session, the command is dealt
with by table A (unknown user) and is rejected.
So start again, this time sending the commands
necessary to initiate a Secure Channel Protocol session.
Asserting that the initiation completes
successfully, the post condition becomes known_user = CA (since the
ISD is the SELECTED application)
Now we can issue the INSTALL [for INSTALL]
This time it is processed by Table B and results
in a request accepted post condition which initiates the installation
Thus we see that the pre and post conditions
capture the dynamics.
Just as a reminder then, there are three types of
table, each instance of which is mapped to the corresponding SFRs,
threats and policies in the smart card PPs
But in passing we noted that some
functions, such as the actual load command that completed the
operation I have just illustrated are not well handled by the CC.
||Let me know say something briefly about STs
There is quite a lot of interest in producing STs
from the CSRS.
This ought to be straightforward as the CSRS
architecture was itself derived from a ST, however here are some of
the questions that need to be addressed.
The first is essential.
The next three address the possible objections
that an evaluator might have in proving compliance of the ST with the
various PPs. It would not be useful to go through this every time a
ST was evaluated so should the rules for generating STs from the CSRS
be established and themselves evaluated, or otherwise agreed by the
Lastly perhaps the efficiency of evaluations
could be enhanced still further by devising a set of security tests
that demonstrate compliance with the CSRS – food for thought eh!
|Let’s move on now to dealing with the environment.
I have mentioned that the CSRS uses policies
instead of assumptions.
From the perspective of the CC it is appropriate
for the PP/ST to make assumptions, or more correctly speaking
assertions, about the environment of the TOE. From a system
perspective, all such environmental assertions are in-scope, they are
not assumptions, an organisation cannot assume that, in our case,
these off-card requirements are met. It must do something about them
as a matter of policy.
So from a system perspective we have policies and
Here is an example – it reflects the type of “non
deterministic” requirement that Dr. Nash spoke about.
Here is another.
This one, however, comprises a number of
alternative policy statements. You chose just one of these.
The choice determines what functionality packages
are required. The CSRS spells all of this out.
Knowing what packages are required determines the
security requirements as each function table explains its package
So key to determining the card
configuration is the choice of alternative policy statements. How do
we do this? By …
There is a core package. This defines the
minimum security requirements for a GP card, implying that GP itself
considers that some risks are unacceptable under any circumstances.
The acceptability of other risks may be determined by the actors
Here is a list of the questions raised in the
CSRS that those actors should ask.
As an example, suppose actor X detects some event
which has to be fixed by actor Y. Consider the acceptability of risk
if actor Y is exposed but X is not. X could be the cardholder who
loses his card. Y is the Card Issuer, who assumes liability for
fraudulent activity once the loss of the card has been reported. The
onus is therefore on X to report the loss.
But suppose it is the other way round, i.e. Y
could be the Application Provider and X is the Application Loader, who
some how loads a virus infected application.
Ha ha you say let’s place some contractual
penalty on X. Now both actors are exposed, but it the time delay in
taking the legal recourse acceptable or should there be on-card
measures to allow Y to detect as well as X.
The CSRS explains this philosophy in some detail
and reminds the reader to “bottom out the risk”, i.e. consider the
acceptability of the risk when the event happens, and not the
likelihood of it happening. (Remember how you felt on 9/11).
Of course, if neither actor is involved, no
special action is required.
The CSRS also considers more complex cases.
Please download and read. This analysis of risk is applicable to
probably all business situations and not just those to do with smart
The remarks that I have just made ought to
suggest to you that the CSRS is about the security of a smart card
system and not just the smart card itself. And here we are talking
about a business system, not just the technology, and therefore before
we ever get started these are the sort of questions that we ought to
Once answered, the CSRS tells us what we need in
place for operational risk management and indeed for banking
applications, what we need to satisfy the requirements for Basle II
This is operational risk management
From a standards perspective, this implies that
we need a combination of the Common Criteria and 7799
The CC to give assurance in the card technology.
7799 to give assurance in operational risk
The CSRS …. (read slide)
But perhaps the greatest contributing factor to
this Track is …