TD0328: Split Knowledge Procedures distinction
Publication Date
2018.06.07
Protection Profiles
PP_CA_V2.1
Other References
FPT_SKY_EXT.1
Issue Description
Current SFR does not allow products that provide support for escrow of user private (encryption) keys (but not provide any mechanism for archival of the CA signing keys) to claim this functionality. Resolution
The following changes are made in the CA PP ver 2.1:
FPT_SKY_EXT.1(1).1/CA The TSF shall [selection: support, interface with the operational environment to support] split knowledge procedures to enforce two-party control for the export of CA signing keys and [selection: no other data, [assignment: critical data or keys]] necessary to resume CA functionality after TSF failure using [selection: key sharing mechanisms in accordance with FCS_CKM_EXT.1(3), FCS_CKM_EXT.1(4), FCS_CKM_EXT.6, and FPT_SKY_EXT.2, [assignment: other mechanism]].
Application Note: The intent of this requirement is to limit access to critical keys that are necessary to maintain operations after a failure. Key sharing mechanisms are also referred to as secret sharing mechanisms, or threshold schemes and are commonly used by hardware security modules to clone keys between devices. If enforcement of split knowledge procedures to provide controlled access to critical keys and data required to restore CA functionality is performed entirely by the OE, then this SFR is not included in the ST and OE.KEY_ARCHIVAL is included in the ST.
Assurance Activity
If the TSF implements a key sharing mechanism, this SFR is satisfied through the referenced SFRs in Appendices B.3 and B.8 of the PP. Note: FCS_CKM_EXT.1(3) specifies how the key shares generated in accordance with FCS_CKM_EXT.1(4) are used to produce a KEK to protect the keys listed in this requirement. The protection of those keys with the KEK is done by mechanism required in FCS_CKM_EXT.6. FPT_SKY_EXT.2 specifies access control for the key shares themselves. If the TSF interfaces with a cryptographic module in the Operational Environment to implement a key sharing mechanism, the evaluator shall examine the TSS to ensure that the interface to the OE, and cryptographic provider for the key sharing mechanism is described. If the TSF implements another split knowledge procedure, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the CA signing key and all other selected data and keys. The evaluator shall review the AGD to ensure it contains clear instructions to privileged users on how to conduct the procedures. If the TSF interfaces with the OE to implement other split knowledge procedures, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the CA signing key and all other selected data and keys. The evaluator shall ensure that the TSS describes the dependence on the OE and identifies any cryptographic providers within the OE used to support the procedures. The evaluator shall also examine the AGD guidance to ensure it contains instructions for configuring the OE to restrict access to the CA signing key and all other selected data and keys.
FPT_SKY_EXT.1(2).1/OTH The TSF shall [selection: support, interface with the operational environment to support] split knowledge procedures to enforce two-party control for the export of [selection: no other data, user private keys, [assignment: critical data or keys]] using [selection: key sharing mechanisms in accordance with FCS_CKM_EXT.1(3), FCS_CKM_EXT.1(4), FCS_CKM_EXT.6, and FPT_SKY_EXT.2, [assignment: other mechanism]].
Application Note: The intent of this requirement is to limit access to other critical keys or data that are archived when the TSF provides, or iterfaces with the OE to provide, a split knowledge mechanism different than what is provided to archive and recover the CA signing key and other critical keys and data required to restore CA functionality. This requirement may include protection mechanisms for critical keys and data that are archived to restore optional CA functionality, which are not required to restore basic CA functionality. However, if the TSF provides, or interfaces with the OE to provide, the same mechanism to protect access to all archived keys and data used for both basic and any optional CA functionality, the common mechanism can be described in FPT_SKY_EXT.1/CA and it is not necessary to also include this requirement in the ST.
Assurance Activity
If the TSF implements a key sharing mechanism, this SFR is satisfied through the referenced SFRs in Appendices B.3 and B.8 of the PP. Note: FCS_CKM_EXT.1(3) specifies how the key shares generated in accordance with FCS_CKM_EXT.1(4) are used to produce a KEK to protect the keys listed in this requirement. The protection of those keys with the KEK is done by mechanism required in FCS_CKM_EXT.6. FPT_SKY_EXT.2 specifies access control for the key shares themselves. If the TSF interfaces with a cryptographic module in the Operational Environment to implement a key sharing mechanism, the evaluator shall examine the TSS to ensure that the interface to the OE, and cryptographic provider for the key sharing mechanism is described. If the TSF implements another split knowledge procedure, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the selected data and keys. The evaluator shall review the AGD to ensure it contains clear instructions to privileged users on how to conduct the procedures. If the TSF interfaces with the OE to implement other split knowledge procedures, the evaluator shall examine the TSS to ensure the procedure is adequately described, and assess the procedure to ensure that it is effective in restricting access to the selected data and keys. The evaluator shall ensure that the TSS describes the dependence on the OE and identifies any cryptographic providers within the OE used to support the procedures. The evaluator shall also examine the AGD guidance to ensure it contains instructions for configuring the OE to restrict access to the selected data and keys. Justification
See Issue Description. |