CCRC-EAL-TR-031-2020 Security technical requirements for Microcontroller Unit in IoT (EAL3+, EAL4+)
1 Scope
This document specifies the security technical requirements for Microcontroller Unit (MCU) in IoT to reach EAL3+, EAL4+. This document is applicable to the design, development, production, evaluation and certification of MCU in IoT.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security technology - Glossary
GB/T 18336-2015 Information technology - Security techniques - Evaluation criteria for IT security
GB/T 22186-2016 Information security techniques - Security technical requirements for IC card chip with CPU
3 Terms, definitions and abbreviations
For the purposes of this document, the terms and definitions given in GB/T 18336-2015, GB/T 25069-2010, GB/T 22186-2016 and the following apply.
3.1 Terms and definitions
3.1.1
internet of things
intelligent service system that processes and responds to information in the physical and virtual world is realized by sensing devices and connecting objects, people, systems and information resources in accordance with agreed protocols
3.1.2
IC dedicated software
dedicated software developed by MCU chip designer and existing in integrated circuit, also known as IC firmware. These dedicated softwares are usually used for testing purposes during production, and can also be used to provide additional services to facilitate usage of the hardware. Some functions of the dedicated testing software are limited to specific stages
3.1.3
initialization data
manufacturing-related data, such as unique identification number, written into on-chip nonvolatile memory during the manufacturing stage of MCU in IoT
3.1.4
pre-personalization data
data written into on-chip nonvolatile memory by the manufacturer during the manufacturing stage of MCU in IoT, so as to trace its manufacturing process in the subsequent life cycle stage
3.1.5
IoT MCU embedded software
software stored in the on-chip nonvolatile memory with IoT MCU (such as ROM, EEPROM or Flash) and running on the chip. The software is used to manage the hardware resources and data of the chip, and exchange information with terminal device through the communication interface of the chip, so as to respond to application requests such as data encryption, data signature and authentication initiated by users, and realize the support of application functions
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
MCU Microcontroller Unit
CPU Central Processing Unit
CM Configuration Management
EAL Evaluation Assurance Level
EEPROM Electrically-Erasable Programmable Read-only Memory
FLASH Flash EEPROM Memory
IC Integrated Circuit
I/O Input/Output
RAM Random-Access Memory
ROM Read-Only Memory
SPI Serial Peripheral Interface
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functionality
UART Universal Asynchronous Receiver/Transmitter
USB Universal Serial Bus
4 General
4.1 Types of TOE
IoT MCU is a type of microcontroller unit product applied in IoT fields such as smart home, smart wearable, smart mobility, intelligent security and intelligent transport, which is characterized by high integration, low power consumption, and diversified interfaces.
The Target of Evaluation (TOE) hereof is a special type of IoT MCU with certain security functions, which generally consists of processing unit, volatile memory RAM and nonvolatile memory ROM/EEPROM/Flash, I/O interfaces (such as contact interface, UART, USB and SPI), reset circuit, clock circuit, random number generator, cryptographic coprocessor, and security measure circuit. The TOE may also include IC dedicated software delivered by the IC designer/manufacturer. Such software (also known as IC firmware) is often used for testing purposes during production but may also provide additional services to facilitate usage of the hardware (for instance in the form of a library). Embedded software is the user of the TOE, running on the IoT MCU, which is not part of the TOE. The general structure and operational environment of the IoT MCU are shown in Figure 1 (attention is drawn to that depending on the actual use of TOE, the IoT MCU may not contain certain circuit modules or peripheral interfaces, such as ROM, EEPROM, Flash and USB).
In this operational environment, the administrator can basically configure the IoT MCU through the IC dedicated software (or directly through the MCU interface or circuit); on the other hand, attackers can attack through embedded software interface to destroy the sensitive data information of IoT MCU or abuse its security function. Therefore, protective measures shall be taken for the IoT MCU to ensure the data and functional security.
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 General
4.1 Types of TOE
4.2 Security features of TOE
5 Security issue definition
5.1 Assets
5.2 Security threat
5.3 Organizational security policies
5.4 Assumptions
6 Security objectives
6.1 Security objectives for TOE
6.2 Security objectives for environment
7 Extended component definition
7.1 Definition of the Family FMT_LIM
7.2 Definition of the Family FPT_TST
8 Security requirements
8.1 Security function requirements
8.2 Security assurance requirements
9 Rationale
9.1 Rationale for security objectives
9.2 Rationale for security requirements
9.3 Rationale for satisfying dependencies
