Smart Card Guy

Smart Card, Java Card, PCI DSS, IoT Device Security

NIST - ITL - CSD - SP, FIPSの関係

概要

  • NIST(National Institute of Standards and Technology): 米国国立標準技術研究所。US Department of Commerce(商務省)傘下機関。
  • NISTは下記の6つのLabで構成 Link
    • Communications Technology Laboratory (CTL)
    • Engineering Laboratory (EL)
    • Information Technology Laboratory (ITL) ITL Link
    • Material Measurement Laboratory (MML)
    • NIST Center for Neutron Research (NCNR)
    • Physical Measurement Laboratory (PML)
  • 上記のInformation Technology Laboratory (ITL)は下記の7つのDivisionに分かれる
    • Advanced Network Technologies Division
    • Applied and Computational Mathematics Division
    • Applied Cybersecurity Division
    • Computer Security Division (CSD) ITL - CSD Link
    • Information Access Division
    • Software and Systems Division
    • Statistical Engineering Division
  • 上記のComputer Security Divisionが発行する文書は下記の種類がある Computer Security Resource Center - Publications
    • SP (NIST Special Publications): Guidelines, technical specifications, recommendations and reference materials, comprising multiple sub-series:
      • SP 800: Computer security
      • SP 1800: Cybersecurity practice guides
      • SP 500: Information technology (relevant documents)
    • FIPS (Federal Information Processing Standards): Security standards
  • SPはUS政府機関、民間企業を問わず有益な情報セキュリティ文書
  • FIPSは特にUS政府機関が遵守しないといけないセキュリティ要件
    • SPよりもっと厳しい基準。米国商務長官(Secretary of Commerce)の承認を受けた文書

Link

EU標準化団体 - CEN / CENELEC / ETSI

略語

  • CEN (European Committee for Standardization): 欧州標準化委員会
  • CENELEC (European Committee for Electrotechnical Standardization): 欧州電気標準化委員会
  • ETSI (European Telecommunications Standards Institute): 欧州電気通信標準化機構

関係

  • CENはmechanical及び一般標準化、CENELECは電気・電子関係、ETSIは通信関係
  • 国際標準化機構のISO/IEC/ITUとの関係だと下記の対比
    • ISO (International Organization for Standardization) - CEN
    • IEC (The International Electrotechnical Commission) - CENELEC
    • ITU (International Telecommunication Union) - ETSI

Link

Link - AUTOSAR / A-SPICE関連

概要

  • ざっくりいうとAUTOSARは車載ソフトウェアのアーキテクチャーの標準化、Automotive SPICEは車載ソフトウェアの開発プロセスの標準化
  • AUTOSAR(AUTomotive Open System ARchitecture): 車載ソフトウェアの世界共通標準の規格。最新のAUTOSARは車載セキュリティへの対応までカバーしています。
  • Automotive SPICE(Software Process Improvement and Capability dEtermination): 車載ソフトウェアの開発プロセスモデルのひとつ。
  • AUTOSAR Classic Platform: Application Layer - Runtime Environment - BSW(basic software) - MCUのレイヤーに分けられる。
    • BSWの構成: 1) Services, 2) ECU (Electronic Control Unit) abstraction, 3) microcontroller abstraction

f:id:blog-guy:20200203140824p:plain

概要Link

www.autosar.org

www.automotivespice.com

読み物

learning.oreilly.com

Java Card Protection Profile

f:id:blog-guy:20191023161429p:plain

Java Card Protection Profile

  • 最新のProtection ProfileはJava Card version 3.0.5
  • 2つのProtection Profile: Post-Issuance(出荷後のアップデート)をサポート・考慮するか(Open Configuration)しないか(Closed Configuration)
    • Open Configuration: For the evaluations of Java Card - based smart cards or similar devices that support post-issuance downloading of applications
    • Closed Configuration: without support for post-issuance downloading of applications.
  • Certification Level: CC EAL4+, ALC_DVS.2, AVA_VAN.5
    • これをベースにEAL4+以上のCertification Levelを目指すことが可能

Link

www.oracle.com

Common Criteriaの証明書

参考プロダクト

SLE 78 (SLJ 52GXX)

Infineon OPTIGA 組込みセキュリティソリューション

Infineon OPTIGA 組込みセキュリティソリューション

Portfolio

OPTIGA Trust

  • 組込み向け(フットプリントが小さい)Secure Elementソリューション
OPTIGA TRUST P SLJ 52ACA (Java Cardベース)
  • Link
  • Fully programmable security chip with CC EAL5+ high certification
  • Providing a flexible solution for a wide range of security functions
  • Programmable Java Card operating system with reference applets for a variety of use cases and host-side support
OPTIGA TRUST E SLS 32AIA
  • Link
  • a high-security solution for industrial automation systems, smart homes, consumer or medical devices, providing enhanced protection of services, business models and user experience.
OPTIGA TRUST B SLE 95250
  • Link
  • a robust cryptographic solution for embedded systems requiring easy-to-integrate, reliable authentication features.
  • This security solution is designed to help system and device manufacturers safeguard the authenticity, integrity and safety of their original products.
  • As a turnkey solution, it provides enhanced protection against aftermarket counterfeit replacements, thus helping to maintain OEM authenticity and safeguard the user experience.
OPTIGA TRUST X SLS 32AIA
  • Link
  • Enhanced security for connected / IoT devices
OPTIGA TRUST M SLS 32AIA
  • Link
  • Secured cloud service provisioning – the easy way!
  • a high-end security solution that provides an anchor of trust for connecting IoT devices to the cloud, giving every IoT device its own unique identity.

OPTIGA TPM

  • Link
  • PCレベルのRichデバイス(フットプリントが大きい)向けTPMソリューション