Protection Profile List

Secure IC chip for embedded devices
Protection Profile

Electronic Commerce Security Technology Research Association
Last Updated 2015-10-22
Protection Profile Name :
Secure IC chip for embedded devices
Protection Profile
Version of PP :
Technology Type :
IC chip used for embedded device controller
Certification No. :
Date :
Version of Common Criteria:
3.1 release4
Conformance Claim :
PP Identifier :
Procurement Entity :


Description of PP

The PP provides security requirements for an IC chip used for embedded device controller.
The TOE includes the cryptographic function within it. The cryptographic function is invoked from software of the embedded device. Above function is used for data protection of the device or for other cryptographic services.
For the access control against unintentional external entity, TOE provides the cryptographic function to the embedded device software and also the functionality to restrict use of the cryptographic function only to the authorized embedded device software.


PP security functionality

In the PP, security functions are required to maintain (1) confidentiality of the user data inside embedded device controller, and (2) integrity of embedded device services depending on cryptography.
The main security features of the TOE are as follows:

- Cryptographic functionality
  Cryptographic functions can be used (1) for embedded device software to protect its assets from being disclosed and/or tampered, or (2) to be used in mutual authentication between the embedded device and other IT devices.
- Access control for cryptographic functionality
  Enforces that external entities’ requests to use cryptographic functions are processed only when the requests are verified by using TOE internal data for verification.
- Random number Generation
  Generates random numbers with the properties required for mechanisms of security functions, while resisting against the ability to predict the random numbers.
- Protection against physical attacks
  Protects TSF from the following physical attacks:
  --Leak of the information processed inside the TOE, through the power consumption
    and/or electromagnetic emanation
  --Physical tampering and/or probing
  --Malfunction due to environmental stress or fault injection attacks using e.g. LASER.


Security functional requirements

PP requires the following security functional requirements:

Security audit Non-repudiation of origin/receipt Cryptographic functionality Access control
Data authentication Export data protection Information flow control Import data protection
Internal transfer data protection Residual information protection Rollback Stored data integrity
Transfer data confidentiality Transfer data integrity Identification and authentication Security management
Privacy Control Security functionality protection Resource utilisation management TOE access control
Trusted path/channels Random number generation