ДСТУ CWA 14355:2009
ДСТУ CWA 14355:2009 — це національний стандарт, що надає технічну настанову щодо впровадження безпечних пристроїв для створення електронних підписів. Він визначає вимоги до криптографічних модулів та смарт-карт для забезпечення цілісності та автентичності цифрових даних.
При виборі засобів ЕЦП для підписання електронних журналів та актів з ОП слід перевіряти їх відповідність вимогам до SSCD. Забезпечити фізичний захист токенів та смарт-карт згідно з криптографічними протоколами стандарту.
Download document
.docx format · available to registered users
1 2 4 —? —? —? —? —? —? CWA 14169 GUIDELINES FOR THE IMPLEMENTATION OF SECURESIGNATURE-CREATIONDEVICES
1 2 2.1 [ALGO] ETSI SR 002 176 Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures V1.1.1 (2003-03)
[CWA 14170] CWA 14170: Security Requirements for Signature Creation Applications
[CWA 14167-3] CWA 14167-3: Cryptographic Module for CSP Key Generation Services — Protection Profile (CMCKG-PP)
[Dir.1999/93/EC] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures
[ISO 15408] ISO/IEC 15408-1 to 15408-3, 1999: Information technology — Security techniques — Evaluation criteria for IT security— Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements
[SSCD PP] CWA 14169: Security Requirements of Secure Signature Creation Devices (SSCD).
[ALGO] ETSI SR 002 176 [CWA 14170] CWA 14170 [CWA 14167-3] CWA 14167-3: [Dir. 1999/93/ [ISO 15408] ISO/IEC 15408-1 [PP SSCD] CWA 14169: 2.2 [CMCSO PP] CWA 14167-2: Cryptographic Module for CSP Signing Operations — Protection Profile, CMCSO-PP
[DFA] E. Biham, A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, Advances in Cryptology Proceedings of CRYPTO’97
[DPA] P. Kocher, J. Jae and B. Jun, Differential Power Analysis, Advances in Cryptology, Proceedings of CRYPTO’99, 1999, pp. 388-397
[FA] D. Boneh, R.A. Demillo, R.J. Lipton, On the importance of Checking Cryptographic Protocols for Faults, Advances in Cryptology, Proceedings of EUROCRYPT’97
[ISO 7816] ISO/IEC 7816: Identification cards — Integrated circuit cards with contacts
[PP 9806] French Certification Body PP/9806: Protection Profile Smart Card Integrated Circuit, Version 2.0, Eurosmart, September 1998
[PP 9911] French Certification Body PP/9911: Protection Profile Smart Card Integrated Circuit with Embedded Software, Version 2.0, Eurosmart, June 1999
[PP 0002] Bundesamt fur Sicherheit in der Informationstechnik BSI-PP-0002: Smartcard IC Platform Protection Profile, Version 1.0, Eurosmart, July 2001
[PP 0010] French Certification Body PP/0010: Protection Profile Smart Card IC with MultiApplication Secure Platform, Version 2.0, Eurosmart, November 2000
[SCSUG] Smart Card Security User Group: Smart Card Protection Profile, version 3.0, September 2001
[TA] P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology, Proceedings of CRYPTO’96, pp. 104-113
[TAMPER] R.J. Anderson, M.G. Kuhn: Tamper Resistance — a Cautionary Note, Proceedings of Second USENIX Workshop on Electronic Commerce pp. 1-11, 1996
[TCPA] Trusted Computing Platform Alliance, Main Specification, version 1.1a, November 2001
[TPMPP] Trusted Platform Module Protection Profile (TCPA-TPMPP), version 1.0, December 2001
[TS 101456] ETSI SEC, Policy requirement for certification authorities issuing qualified certificates, Technical Specification ETSI TS 101456
[WAPWIM] WAP Identity Module, WAP-260-WIM, WAP Forum, Ltd.
[CMCSO [DFA] [DPA] [FA] D. Boneh, R.A. Demillo, R.J. Lipton. [ISO 7816] ISO/IEC 7816 [ [ [ [ [SCSUG] [ [TAMPER] R.J. [ [ [TS 101456] ETSI SEC [WAPWIM] WAP 3.1 SSCD 3.2 APDU Application Protocol Data Unit (European Committee for Standardization) ( Standardization Initiative Standards Institute SCD Signature-Creation Data 3.3 4 4.1 1. ' 2. ' (а?) (Ь?) (с?) (d) (а?) (Ь?) 3. ' 4. ' 5. ' 4.2 4.3 1. ( —? SCD —? —? •? •? 1. ( — •? •? •? •? — 1. ( —? —? —? 2. 4.4 ( J ( (j) 5 5.1 У? —? —?
—? —? —? SCD — —? —? —? 5.1.2 —? —? •? SSCD •? SSCD •? SSCD 5.1.2.1 SSCD —? —? —? —? SCD — SVD
—? SVD —? DTBSR —? 5.2 5.2.1 5.2.1.1 SSCD —? —? —? —? FTP_TRP/TOE, SCA. 5.2.1.2 —? —? 5.2.2 5.2.2.1 [SSCD FPT_EMSEC.1 .1 FPT_EMSEC.1 .2 TSF 5.2.2.2 FPT_EMSEC.1.2 5.2.2.3 5.2.2.4 5.2.2.5 5.2.3 [SSCD (1) (2) 5.2.3.1 SSCD [SSCD —? —? —? 5.2.3.2 SSCD [SSCD —? —? —? —? 5.2.3.3 SSCD SSCD —? —? —? —? 5.2.4 —? —? 5.2.5 —? —? —? 5.2.6 [SSCD 5.3 5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6 SVD
5.3.7
5.3.8 OT.SCD_Secrecy 5.3.10 5.3.11 FPR_UNO — 6 6.1 SSCD — Eurosmart — — — — 6.1.1 SSCD — AVA_VLA.4,
6.1.2 Eurosmart PP9911 ( — ADVJMP.2,
—? —? —? —? 6.1.3 Eurosmart —? ADVJMP.2 ( —? ALC_DVS.2 ( —? AVA_MSU.3 ( —? AVA_VLA.4 ( [ 6.1.4 Eurosmart —? ADV_IMP.2 ( —? ALC_DVS.2 ( —? AVA_VLA.4 ( 6.1.5 —? AVA_VLA.3 ( —? ADVJNT.1 ( [SCSUG] —? P.Audit;
—? P.Crypt_Std — —? P.Data_Acc — —? P.File_Str — —? Rldent — —? P.Sec_Com — 6.2 6.2.1 SSCD SSCD TSF 6.2.2 6.2.2.1 ( (b)FPT_PHP.1 ( ( 6.2.2.2 (а?) (Ь?) (с?) (d) (е?) (f) ( (h) 6.2.2.3 SSCD (a)FDP_ACC.1 (b)SFP ( (d) 6.2.3
6.2.3.1 6.2.3.2 —? ST —? —? —? —? —? —? 6.2.3.3 (і?) ST (і?і?) (і?і?і?) (iv) —? —? 7
—? —? SCA —? —? SCA —? SSCD —? 7.1 SSCD 7.1.1 SSCD - 7.1.2 —? —? —? 7.1.3 —? —? 7.2 — SCA — SCA 7.2.1 —? —? —? —? 7.2.2 —? —? —? SCA —? SSCD 7.3 7.3.1 7.3.2 7.4 7.4.1 7.4.2 7.4.3 7.4.4 SCA 8 8.1 8.1.1 —? —? 8.1.2 8.1.3 У? —? —? —? —? —? 8.2 9 9.1 —? —? —? 9.1.1 — SCA — SCA 9.1.2 9.2 9.2.1 —? —? 9.2.2 9.2.3 —? —? —? —? 9.3 10 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.3 10.4 10.4.1 —? —? 10.4.2 10.4.3 —? —? —? —? —? —? —? —? —? —? 11 11.1 11.1.1 11.1.2 11.2 11.2.1 11.2.2 11.3 11.4 11.4.1 —? —? 11.4.2 11.4.3 —? —? —? —? —? —? —? —? —? —? —? 12
Eurosmart — — — — •? •? •? •? •? — — SSCD — — — [ [ —? SG1: —? SG2: — SG3: OT.SCD_Secrecy [SSCD OT.TamperJD OT.Init —? —? —? —? —? —? —? —? —? — Al. 2 [SSCD [ [ [SSCD [SSCD [SSCD [SSCD [ 2>
SFR FPT_EMSEC [SSCD [SSCD [ Al. 2.9 FTP -
