Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0008-2012 English PDF (GMT0008-2012)

GM/T 0008-2012 English PDF (GMT0008-2012)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0008-2012 to get it for Purchase Approval, Bank TT...

GM/T 0008-2012: Cryptography test criteria for security IC

This Standard specifies three security levels of security capabilities which increase in sequence and the cryptographic test requirements which are applicable to the security chips of all security levels. This Standard applies to both the cryptographic test of security chips and the development of security chips.
GM/T 0008-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38306-2013
Cryptography test criteria for security IC
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction .. 5
1 Scope .. 6
2 Normative references ... 6
3 Terms, definitions and abbreviations ... 6
3.1 Terms and definitions ... 6
3.2 Abbreviations ... 10
4 Classification of security levels .. 10
4.1 Security level 1 .. 10
4.2 Security level 2 .. 10
4.3 Security level 3 ... 11
5 Cryptographic algorithm ... 11
5.1 Random number generator ... 11
5.2 Block cipher algorithm ... 12
5.3 Public key cipher algorithm ... 13
5.4 Hash cipher algorithm ... 14
5.5 Stream cipher algorithm ... 14
6 Security chip interface ... 15
6.1 Physical interface ... 15
6.2 Logical interface ... 15
7 Key management .. 16
7.1 Generation ... 16
7.2 Storage .. 17
7.3 Usage .. 17
7.4 Update ... 17
7.5 Import .. 18
7.6 Export .. 18
7.7 Clearing .. 19
8 Sensitive information protection ... 19
8.1 Storage .. 19
8.2 Clearing .. 20
8.3 Operation .. 20
8.4 Transmission .. 21
9 Firmware security .. 21
9.1 Storage .. 21
9.2 Implementation.. 22
9.3 Import .. 22
10 Self-test ... 23
10.1 Security level 1 ... 23
10.2 Security level 2 ... 23
10.3 Security level 3 ... 23
11 Audit ... 23
11.1 Security chip identifier ... 23
11.2 Life cycle identifier ... 24
12 Attack mitigation and protection ... 24
12.1 Layout protection .. 24
12.2 Self-destruction of keys and sensitive information ... 25
12.3 Timing attack protection ... 25
12.4 Protection against power analysis attack ... 26
12.5 Protection to EM analysis attack .. 26
12.6 Protection to fault attack... 27
13 Life cycle assurance ... 27
13.1 Organization qualifications .. 27
13.2 Documentation ... 28
13.3 Development environment security ... 28
13.4 Personnel ... 29
13.5 Development process ... 29
13.6 Source file ... 30
Bibliography ... 31
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuer of this document shall not be held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State Cryptography Administration.
The drafting organizations of this Standard. Commercial Cryptography Testing Centre of State Cryptography Administration, State Key Laboratory of
Information Security, Tsinghua University, Beijing Hongsi Electronic
Technologies Co., Ltd., Nationz Technologies Co., Ltd., Beijing CEC Huada Electronic Design Co., Ltd., Zhejiang University, Shenzhen Institutes of Advanced Technology of Chinese Academy of Sciences, Datang
Microelectronics Co., Ltd., Beijing Xinguang-Tiandi IC Design Co., Ltd., Chengdu University of Information Technology.
The main drafters of this Standard. Li Dawei, Zhou Yongbin, Luo Peng, Liu Jiye, Zhang Jianren, Zhang Wenjing, Zhang Yiwei, Chen Lizhi, Ye Yin, Shen Haibin, Li Huiyun, Sun Dongyu, Xiong Yanping, Liu Hongwei, Chen Yun, Wu Zhen, Mao Yingying.
Cryptography test criteria for security IC
1 Scope
This Standard specifies three security levels of security capabilities which increase in sequence and the cryptographic test requirements which are
applicable to the security chips of all security levels.
This Standard applies to both the cryptographic test of security chips and the development of security chips.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition dated applies to this document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GM/T 0005, Randomness test specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 3.1.1
key
Key information or parameters which control cryptographic transformation operation.
3.1.2
sensitive information
Data in security chips which requires protection, except keys.
3.1.3
security chip
Integrated circuit chips which contain cryptographic algorithms and security functions and can implement key management mechanisms.
3.1.4
security capability
Direct or indirect assurance and protective measures which are provided by security chips for keys and sensitive information.
3.1.5
block cipher operation mode
The operation mode of block cipher algorithm, mainly including electronic code book mode (ECB), cipher block chaining mode (CBC), cipher feedback mode (CFB), output feedback mode (OFB), counter mode (CTR), etc.
3.1.6 public key cipher application mode
The application mode of public key cipher algorithm, mainly including
encryption/decryption, signature/verification, key agreement, etc.
3.1.7
operation speed of cryptographic algorithm
Maximum data size that security chips can process within the unit time of cryptographic algorithm implementation.
3.1.8
physical random source
Source blocks of random sequences which is generated by the uncertainty of physical noise.
3.1.9
firmware
Procedure codes which is solidified in security chips, controlling and
coordinating the cryptography and security functions of security chips. 3.1.10
hardware
such scenarios, security chips shall have basic protective capabilities for all kinds of security risks.
4.3 Security level 3
Security level 3 specifies the high security level requirements that the security capabilities of security chips can meet. Based on security level 2, security level 3 specifies the logical and/or physical protective measures that security chips shall have. Security level 3 requires security chips to provide high protection for keys and sensitive information; requires them to have the logical and/or physical security mechanism which is capable of providing complete protection for keys and sensitive information; requires them to be capable of defending all attacks specified in this Standard; requires test applicants to be capable of proving the effectiveness of relevant protective measures; and requires them to have complete life cycle assurances.
Security chips of security level 3 can be applied in the application scenarios in which the external operating environment for their deployment is incapable of ensuring their physical safety and the safety of input and output information. In such scenarios, security chips shall have comprehensive protective capabilities for all kinds of security risks.
5 Cryptographic algorithm
5.1 Random number generator
5.1.1 Security level 1
a) Security chips shall have at least 2 physical random sources independent to each other, which directly generate random numbers or the initial input of random number extension algorithm. The random numbers directly
generated by or the initial input of random number extension algorithm
generated by physical random sources shall be generated through
exclusive-OR operation of all the output of physical random sources.
b) Within the operating conditions of temperature which are supported by security chips, set three operating conditions including temperature upper limit, temperature lower limit and room temperature, and the random
numbers generated by security chips shall meet the randomness test
requirements specified in GM/T 0005.
5.1.2 Security level 2
a) Security chips shall have at least 4 physical random sources independent to each other, which directly generate random numbers or the initial input of random number extension algorithm. The random numbers directly
Based on security level 2.
a) The stream cipher algorithms supported by security chips shall be
implemented using special hardware circuits.
b) Security chips themselves can determine the correctness of the stream cipher algorithms supported by them.
6 Security chip interface
6.1 Physical interface
6.1.1 Security level 1
a) The physical interfaces supported by security chips shall not contain covert channels.
b) The operation data shall be consistent, which is input and output by different physical interfaces supported by security chips.
c) If security chips support the random number generation function, all the random numbers output by the physical interfaces supported by security
chips are capable of passing the randomness test.
6.1.2 Security level 2
Based on security level 1, security chips shall not contain any physical interface exce...

View full details