NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0455:  NIST SP800-133 keygen methods for FAK/FEK Generation

Publication Date
2019.10.18

Protection Profiles
MOD_FE_V1.0

Other References
FDP_AUT_EXT.2.9, FCS_CKM_EXT.2.1

Issue Description

Optional SFR FDP_AUT_EXT.2.9 states that the FAK will be generated using a RBG. The Guidance Assurance Activity states, “It is encouraged for every implementation to use a FAK that is wholly different and independently generated from the FEK”. NIST SP 800-133r1 compliant key generation methods would meet the intent of the SFR.

Similarly, mandatory SFR FCS_CKM_EXT.2.1 has a selection that allows the ST writer to generate FEK cryptographic keys using a RBG or derived from a password. The selection should include NIST SP 800-133r1 compliant key generation methods.

Resolution

MOD_FE_V1.0

FDP_AUT_EXT.2.9 shall be modified as follows, using underlines to mark additions:

FDP_AUT_EXT.2.9 The FAK will be generated using [selection: a RBG that meets FCS_RBG_EXT.1 (from [AppPP]), key generation methods compliant with NIST SP 800-133r1].

 

FCS_CKM_EXT.2.1 shall be modified as follows, using underlines to mark additions:

FCS_CKM_EXT.2.1 The TSF shall [selection:

·        Accept FEK from an enterprise management server,

·        Generate FEK cryptographic keys

 [selection:

  • using a Random Bit Generator as specified in FCS_RBG_EXT.1 (from [AppPP]) and with entropy corresponding to the security strength of AES key sizes of [selection: 128 bit, 256 bit],
  • using key generation methods compliant with NIST SP 800-133r1,
  • derived from a password/passphrase that is conditioned as defined in FCS_CKM_EXT.6

 ]

 ].

Application Note: For keys generated from a password, even if referencing NIST SP 800-133r1 for password-based key genration, "derived from a password/passphrase that is conditioned as defined in FCS_CKM_EXT.6" must be selected so that FCS_CKM_EXT.6 is included.

 

MOD_FE_V1.1-SD

FDP_AUT_EXT.2 shall be modified as follows, using underlines to mark additions:

FDP_AUT_EXT.2

TSS

The evaluator shall check the TSS section to confirm that it describes how a request for each type of supported resource (file
(or set of files)) will result in data authentication using a keyed hash function. The evaluator will confirm that the TOE will
respond appropriately to a failed authentication, to include notifying the user of an invalid authentication and preventing
decryption. The evaluator will confirm that any file encryption utility will be able to identify where the MAC is placed.


The evaluator will confirm that a FAK is used as part of the authentication process and will identify the keyed hash function
utilized.

Conditional:
If 'using a Random Bit Generator' was selected, the evaluator shall verify that the TSS describes how the functionality described by FCS_RBG_EXT.1 (from the [AppPP]) is used to generate the FAK.

Conditional:

If 'key generation methods compliant with NIST SP 800-133r1' was selected, the evaluator shall verify that the TSS describes how the functionality described by NIST SP 800-33r1 is implemented to generate the FAK. The evaluator shall verify that the description of the key generation method matches the methods described in SP 800-133r1 and that the FAK is chained to an approved RBG.

 

FCS_CKM_EXT.2.1 shall be modified as follows, using underlines to mark additions:

FCS_CKM_EXT.2.1

TSS
The evaluator shall review the TSS to determine that a description covering how and when the FEKs are generated exists. The description must cover all environments on which the TOE is claiming conformance, and include any preconditions that must exist in order to successfully generate the FEKs. The evaluator shall verify that the description of how the FEKs are generated is consistent with the instructions in the AGD guidance, and any differences that arise from different platforms are taken into account.

Conditional:
If 'using a Random Bit Generator' was selected, the evaluator shall verify that the TSS describes how the functionality described by FCS_RBG_EXT.1 (from the [AppPP]) is invoked to generate FEK. To the extent possible from the description of the RBG functionality in FCS_RBG_EXT.1 (from [AppPP]), the evaluator shall determine that the key size being requested is identical to the key size and mode to be used for the decryption/encryption of the user data (FCS_COP.1(1)) (from [AppPP]).

Conditional:
If 'using key generation methods compliant with NIST SP 800-133r1' was selected, the evaluator shall verify that the TSS describes how the functionality described by NIST SP 800-133r1 is implemented to generate the FEK. The evaluator shall verify that the description of the key generation method matches the methods described in SP 800-133r1 and that the FEK is chained to an approved RBG. The evaluator shall verify that the key size and mode being requested is identical to the key size and mode to be used for the decryption/encryption of the user data (FCS_COP.1(1)) (from [AppPP]).

Conditional:
If 'derived from a password/passphrase' is selected, the examination of the TSS section is performed as part of FCS_CKM_EXT.6 evaluation activities.

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home