1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0008-2012 English PDF (GMT0008-2012)
GM/T 0008-2012 English PDF (GMT0008-2012)
Regular price
$145.00 USD
Regular price
Sale price
$145.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0008-2012
Historical versions: GM/T 0008-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0008-2012: Cryptography test criteria for security IC
GM/T 0008-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38306-2013
Cryptography test criteria for security IC
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction .. 5
1 Scope .. 6
2 Normative references ... 6
3 Terms, definitions and abbreviations ... 6
3.1 Terms and definitions ... 6
3.2 Abbreviations ... 10
4 Classification of security levels .. 10
4.1 Security level 1 .. 10
4.2 Security level 2 .. 10
4.3 Security level 3 ... 11
5 Cryptographic algorithm ... 11
5.1 Random number generator ... 11
5.2 Block cipher algorithm ... 12
5.3 Public key cipher algorithm ... 13
5.4 Hash cipher algorithm ... 14
5.5 Stream cipher algorithm ... 14
6 Security chip interface ... 15
6.1 Physical interface ... 15
6.2 Logical interface ... 15
7 Key management .. 16
7.1 Generation ... 16
7.2 Storage .. 17
7.3 Usage .. 17
7.4 Update ... 17
7.5 Import .. 18
7.6 Export .. 18
7.7 Clearing .. 19
8 Sensitive information protection ... 19
8.1 Storage .. 19
8.2 Clearing .. 20
8.3 Operation .. 20
8.4 Transmission .. 21
9 Firmware security .. 21
9.1 Storage .. 21
9.2 Implementation.. 22
9.3 Import .. 22
10 Self-test ... 23
10.1 Security level 1 ... 23
10.2 Security level 2 ... 23
10.3 Security level 3 ... 23
11 Audit ... 23
11.1 Security chip identifier ... 23
11.2 Life cycle identifier ... 24
12 Attack mitigation and protection ... 24
12.1 Layout protection .. 24
12.2 Self-destruction of keys and sensitive information ... 25
12.3 Timing attack protection ... 25
12.4 Protection against power analysis attack ... 26
12.5 Protection to EM analysis attack .. 26
12.6 Protection to fault attack... 27
13 Life cycle assurance ... 27
13.1 Organization qualifications .. 27
13.2 Documentation ... 28
13.3 Development environment security ... 28
13.4 Personnel ... 29
13.5 Development process ... 29
13.6 Source file ... 30
Bibliography ... 31
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuer of this document shall not be
held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State
Cryptography Administration.
The drafting organizations of this Standard. Commercial Cryptography Testing
Centre of State Cryptography Administration, State Key Laboratory of
Information Security, Tsinghua University, Beijing Hongsi Electronic
Technologies Co., Ltd., Nationz Technologies Co., Ltd., Beijing CEC Huada
Electronic Design Co., Ltd., Zhejiang University, Shenzhen Institutes of
Advanced Technology of Chinese Academy of Sciences, Datang
Microelectronics Co., Ltd., Beijing Xinguang-Tiandi IC Design Co., Ltd.,
Chengdu University of Information Technology.
The main drafters of this Standard. Li Dawei, Zhou Yongbin, Luo Peng, Liu Jiye,
Zhang Jianren, Zhang Wenjing, Zhang Yiwei, Chen Lizhi, Ye Yin, Shen Haibin,
Li Huiyun, Sun Dongyu, Xiong Yanping, Liu Hongwei, Chen Yun, Wu Zhen, Mao
Yingying.
Cryptography test criteria for security IC
1 Scope
This Standard specifies three security levels of security capabilities which
increase in sequence and the cryptographic test requirements which are
applicable to the security chips of all security levels.
This Standard applies to both the cryptographic test of security chips and the
development of security chips.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition dated applies to this
document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GM/T 0005, Randomness test specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1
key
Key information or parameters which control cryptographic transformation
operation.
3.1.2
sensitive information
Data in security chips which requires protection, except keys.
3.1.3
security chip
Integrated circuit chips which contain cryptographic algorithms and security
functions and can implement key management mechanisms.
3.1.4
security capability
Direct or indirect assurance and protective measures which are provided by
security chips for keys and sensitive information.
3.1.5
block cipher operation mode
The operation mode of block cipher algorithm, mainly including electronic code
book mode (ECB), cipher block chaining mode (CBC), cipher feedback mode
(CFB), output feedback mode (OFB), counter mode (CTR), etc.
3.1.6 public key cipher application mode
The application mode of public key cipher algorithm, mainly including
encryption/decryption, signature/verification, key agreement, etc.
3.1.7
operation speed of cryptographic algorithm
Maximum data size that security chips can process within the unit time of
cryptographic algorithm implementation.
3.1.8
physical random source
Source blocks of random sequences which is generated by the uncertainty of
physical noise.
3.1.9
firmware
Procedure codes which is solidified in security chips, controlling and
coordinating the cryptography and security functions of security chips.
3.1.10
hardware
such scenarios, security chips shall have basic protective capabilities for all
kinds of security risks.
4.3 Security level 3
Security level 3 specifies the high security level requirements that the security
capabilities of security chips can meet. Based on security level 2, security level
3 specifies the logical and/or physical protective measures that security chips
shall have. Security level 3 requires security chips to provide high protection for
keys and sensitive information; requires them to have the logical and/or
physical security mechanism which is capable of providing complete protection
for keys and sensitive information; requires them to be capable of defending all
attacks specified in this Standard; requires test applicants to be capable of
proving the effectiveness of relevant protective measures; and requires them to
have complete life cycle assurances.
Security chips of security level 3 can be applied in the application scenarios in
which the external operating environment for their deployment is incapable of
ensuring their physical safety and the safety of input and output information. In
such scenarios, security chips shall have comprehensive protective capabilities
for all kinds of security risks.
5 Cryptographic algorithm
5.1 Random number generator
5.1.1 Security level 1
a) Security chips shall have at least 2 physical random sources independent
to each other, which directly generate random numbers or the initial input
of random number extension algorithm. The random numbers directly
generated by or the initial input of random number extension algorithm
generated by physical random sources shall be generated through
exclusive-OR ...
Get QUOTATION in 1-minute: Click GM/T 0008-2012
Historical versions: GM/T 0008-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0008-2012: Cryptography test criteria for security IC
GM/T 0008-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38306-2013
Cryptography test criteria for security IC
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction .. 5
1 Scope .. 6
2 Normative references ... 6
3 Terms, definitions and abbreviations ... 6
3.1 Terms and definitions ... 6
3.2 Abbreviations ... 10
4 Classification of security levels .. 10
4.1 Security level 1 .. 10
4.2 Security level 2 .. 10
4.3 Security level 3 ... 11
5 Cryptographic algorithm ... 11
5.1 Random number generator ... 11
5.2 Block cipher algorithm ... 12
5.3 Public key cipher algorithm ... 13
5.4 Hash cipher algorithm ... 14
5.5 Stream cipher algorithm ... 14
6 Security chip interface ... 15
6.1 Physical interface ... 15
6.2 Logical interface ... 15
7 Key management .. 16
7.1 Generation ... 16
7.2 Storage .. 17
7.3 Usage .. 17
7.4 Update ... 17
7.5 Import .. 18
7.6 Export .. 18
7.7 Clearing .. 19
8 Sensitive information protection ... 19
8.1 Storage .. 19
8.2 Clearing .. 20
8.3 Operation .. 20
8.4 Transmission .. 21
9 Firmware security .. 21
9.1 Storage .. 21
9.2 Implementation.. 22
9.3 Import .. 22
10 Self-test ... 23
10.1 Security level 1 ... 23
10.2 Security level 2 ... 23
10.3 Security level 3 ... 23
11 Audit ... 23
11.1 Security chip identifier ... 23
11.2 Life cycle identifier ... 24
12 Attack mitigation and protection ... 24
12.1 Layout protection .. 24
12.2 Self-destruction of keys and sensitive information ... 25
12.3 Timing attack protection ... 25
12.4 Protection against power analysis attack ... 26
12.5 Protection to EM analysis attack .. 26
12.6 Protection to fault attack... 27
13 Life cycle assurance ... 27
13.1 Organization qualifications .. 27
13.2 Documentation ... 28
13.3 Development environment security ... 28
13.4 Personnel ... 29
13.5 Development process ... 29
13.6 Source file ... 30
Bibliography ... 31
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuer of this document shall not be
held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State
Cryptography Administration.
The drafting organizations of this Standard. Commercial Cryptography Testing
Centre of State Cryptography Administration, State Key Laboratory of
Information Security, Tsinghua University, Beijing Hongsi Electronic
Technologies Co., Ltd., Nationz Technologies Co., Ltd., Beijing CEC Huada
Electronic Design Co., Ltd., Zhejiang University, Shenzhen Institutes of
Advanced Technology of Chinese Academy of Sciences, Datang
Microelectronics Co., Ltd., Beijing Xinguang-Tiandi IC Design Co., Ltd.,
Chengdu University of Information Technology.
The main drafters of this Standard. Li Dawei, Zhou Yongbin, Luo Peng, Liu Jiye,
Zhang Jianren, Zhang Wenjing, Zhang Yiwei, Chen Lizhi, Ye Yin, Shen Haibin,
Li Huiyun, Sun Dongyu, Xiong Yanping, Liu Hongwei, Chen Yun, Wu Zhen, Mao
Yingying.
Cryptography test criteria for security IC
1 Scope
This Standard specifies three security levels of security capabilities which
increase in sequence and the cryptographic test requirements which are
applicable to the security chips of all security levels.
This Standard applies to both the cryptographic test of security chips and the
development of security chips.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition dated applies to this
document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GM/T 0005, Randomness test specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1
key
Key information or parameters which control cryptographic transformation
operation.
3.1.2
sensitive information
Data in security chips which requires protection, except keys.
3.1.3
security chip
Integrated circuit chips which contain cryptographic algorithms and security
functions and can implement key management mechanisms.
3.1.4
security capability
Direct or indirect assurance and protective measures which are provided by
security chips for keys and sensitive information.
3.1.5
block cipher operation mode
The operation mode of block cipher algorithm, mainly including electronic code
book mode (ECB), cipher block chaining mode (CBC), cipher feedback mode
(CFB), output feedback mode (OFB), counter mode (CTR), etc.
3.1.6 public key cipher application mode
The application mode of public key cipher algorithm, mainly including
encryption/decryption, signature/verification, key agreement, etc.
3.1.7
operation speed of cryptographic algorithm
Maximum data size that security chips can process within the unit time of
cryptographic algorithm implementation.
3.1.8
physical random source
Source blocks of random sequences which is generated by the uncertainty of
physical noise.
3.1.9
firmware
Procedure codes which is solidified in security chips, controlling and
coordinating the cryptography and security functions of security chips.
3.1.10
hardware
such scenarios, security chips shall have basic protective capabilities for all
kinds of security risks.
4.3 Security level 3
Security level 3 specifies the high security level requirements that the security
capabilities of security chips can meet. Based on security level 2, security level
3 specifies the logical and/or physical protective measures that security chips
shall have. Security level 3 requires security chips to provide high protection for
keys and sensitive information; requires them to have the logical and/or
physical security mechanism which is capable of providing complete protection
for keys and sensitive information; requires them to be capable of defending all
attacks specified in this Standard; requires test applicants to be capable of
proving the effectiveness of relevant protective measures; and requires them to
have complete life cycle assurances.
Security chips of security level 3 can be applied in the application scenarios in
which the external operating environment for their deployment is incapable of
ensuring their physical safety and the safety of input and output information. In
such scenarios, security chips shall have comprehensive protective capabilities
for all kinds of security risks.
5 Cryptographic algorithm
5.1 Random number generator
5.1.1 Security level 1
a) Security chips shall have at least 2 physical random sources independent
to each other, which directly generate random numbers or the initial input
of random number extension algorithm. The random numbers directly
generated by or the initial input of random number extension algorithm
generated by physical random sources shall be generated through
exclusive-OR ...
Share
