Tuesday 3 June 2025
Eurosmart PP0117 protection profile: Response to the integrated security functions in SoC & MCU
IntroductionWith the increasing use of mobile devices, malware targeting smartphones and tablets has become more prevalent. Banking Trojans, in particular, are designed to steal banking credentials and financial information from mobile users.The modern trend in the Integrated Circuits industry is System on a Chip (SoC) and Microcontrollers (MCU), which integrate different discrete solutions, including security functions in a single IC. In particular, the Secure Element / Hardware Security Module (HSM)/UICC can be integrated into the SoC. The main motivations for this integration are reduced system cost, enhanced performance, and added-value functionality.The integrated security function in the SoC needs to meet the same security level as the discreet part. To address the security of integrated solutions and provide the industry with a unified set of security requirements to be fulfilled and clear to evaluate and asses, PP-0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile was developed.BackgroundCybersecurity statistics indicate that there are 2,200 cyber-attacks per day, with a cyber-attack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44M, and cybercrime is predicted to cost $8 trillion by 2023.ENISA[1], in its "ENISA Threats Landscape 2022 Report", presented in several aspects that the segments which were affected the most were the Public Administration and the Finance sectors:Figure 1 ENISA: Reputational impact by sector[1] ENISA - European Union Agency for Cybersecurity, https://www.enisa.europa.eu/This figure points regarding the potential for negative publicity or an adverse public perception of the affected sector.At the following diagram, it can clearly be seen that the Public Administration and the Finance sectors suffered more seriously from damaged or unavailable systems, corrupted data files or exfiltration of data compared to the other sectors:Figure 2 ENISA: Digital Impact by SectorSecure Element is the technical solution for digital payment via credit cards and mobile and for identification/biometric purposes such as passports and personal IDs.Since this device secures critical data, governmental bodies and private bodies as the credit cards organization, EMVCo[2], mandate it to be certified for Common Criteria EAL 5+ while using PP0084 – Security IC Platform Protection Profile with Augmentation Packages (Eurosmart, 2014)[3]. Till today more than 250 product certifications were done claiming for this PP.With the integration of the Secure Element in SoC, new challenges/threats were raised on top of the existing challenges/threats of the secure device with high resistance to physical and logical attacks:• Preventing the insecure state of the product by disturbing the boot process and enabling manipulation of the product by hostile software or malicious code.• Preventing content abuse of the data and code stored at the external non-volatile\volatile memory which is part of the SoC architecture by the attacker which accesses the external memory for disclosing or modifying the content of the external memory used by the secure component and by compromising confidentiality and/or integrity of secure content to be protected by the secure component.• Preventing Cloning of the content stored in the external memory or physical replacement of the external memory of the data and code stored at the external non-volatile\volatile memory.[2] EMVCo - https://www.emvco.com/about-us/overview-of-emvco/[3] Security IC Platform Protection Profile with Augmentation Packages : https://www.commoncriteriaportal.org/files/ppfiles/pp0084b_pdf.pdf• Preventing the ability of replay commands, the write, erase or responses to the read commands between the security component and the external memory, to affect the freshness of the content read from or written to the external memory. Preventing Unauthorized rollback of content.• Preventing the attempting to read the content of the external memory, record it, and later write it back to the external memory after the original content was updated by the Security component.• For SoC architecture that uses Secure Memory, the interface between the secure memory and the secure component should be protected from being blocked or intercepted by an attacker eavesdropping on the interconnection bus (e.g., by a man-in-the-middle attack), to disclose the user data and/or code data being written to or read from the secure external memory before security services are executed or finalized by the secure external memory.SoCs with integrated security functions appeared in the market and the security evaluation was done in a way of a mixture of PP0084 or part of it with extended requirements which might reflect the newly innovated device. No unified requirement. The challenge was to define all aspects of using and protecting the security functions when it is being integrated into the SoCThe methodEurosmart took the challenge and established a technical working group under its domain, ITSC. The subgroup includes Eurosmart members from the industry: semiconductor companies, software companies, ITSEF involved in evaluating security devices, Certification bodies, and consultants in this field.The national certification bodies were invited to the working group even though they are not Eurosmart members.On top of it, a liaisons\sharing was established with stakeholders who are referring \ interested \using this Protection Profile:A. Peers working groups: JHAS and ISCI-WG1.B. Organizations that reference the PP: FIDO, GlobalPlatform, GSMA.C. ENISA – for the alignment with CSA-EUCC which will be the scheme for this PP once the act will be implemented.The resultPP0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile includes the following:The TOE (Target of Evaluation) is "a Secure Sub-System (3S) implemented as a functional block of a System on Chip (SoC). The TOE implements a processing unit, security components, I/O ports and memories to provide a range of security functionalities covering a defined set of security objectives. The TOE provides its security features and security services isolated from the remaining SoC components, based on physical and/or logical isolation mechanisms. The TOE may rely on external memories to store content (data, code or both)."Figure 3: The Target of Evaluation (TOE)The TOE can be delivered as hard macro and/or programable macro, PL macro, as was defined in the team objectives.On top of it, the usage of external memory in different stages of the life cycle should be considered as well.The team strives to develop as generic as possible life cycle and highlight the new aspects of this architecture. It was clear that the new life cycle requires elaboration. With the cooperation with ISCI-WG1 a supplement guidance document, "Life-Cycle Model (LCM) Related Evaluation Aspects" was developed with more explanations related to the aspects that need to be fulfilled and assessed in the different phases of the life cycle.Figure 4: TOE Life CycleThe Protection Profile was structured with a base package of minimum requirements for any Secure Sub-System in a SoC, plus optional packages to address additional industry-specific needs arising from the architecture:• External Memory packages (Passive and Secure, volatile and non-volatile memory) – The restrictions related to the security of the data and code that are stored in the external memory.• Loader Package – The restrictions in loading functionality of the TOE Software or Composite Software from external memory.• Crypto Package - Framework for the integration of various cryptographic algorithms supported by the TOE. For addressing the need to be a generalized PP, this package, contrary to PP0084, doesn't define specific algorithms to implement but general instructions regarding the usage of recognized cryptographic algorithms.• Composite Software Isolation Package - The isolation features enable the separation between different software packages which may be delivered by different developers.Figure 5 PP Packages structureThe Security Problem Definition (SPD) which includes the assets to be protected, the threats, policies and assumptions were developed in light of the collaboration with JHAS group.At the Security Objectives section, dedicated objectives were defined related to the new approach of the TOE form (hardmacro\ PL macro).The base package of the Security Functional Requirements (SFRs) includes the PP0084 SFRs but for fulfilling the TOE need to be a Root of Trust, additional requirements for unique identification were included.The integration of the security sub-system in a non-secure SoC leads to the need to define the TOE as a way it provides its services isolated from the other SoC components based on physical and/or logical isolation mechanisms.The challenge in enabling integration of certified sub-system in non-secure system required new practice to be done by the developer and to be assessed by the ITSEF – the developer should instruct in which conditions the integration should be done and the ITSEF should verify that the integration was followed and no compromising of security was inspected during this process.Dedicated refinements related to the integration were added to the Security Assurance Requirements (SARs) for the ITSEF to verify the process was defined and done with no compromises.The evaluation was done by SGS with the supervision of BSI.SummaryPP0117 represents a significant advancement in cybersecurity certification for integrated systems. By providing a unified, flexible framework, it bridges the gap between traditional discrete certifications and modern integrated solutions, ensuring robust protection for sensitive data in an increasingly interconnected world.Winbond supports PP0117 by offering the W75F Secure Memory, which fulfilled the Secure External memory package. With Winbond EAL 5+ certified secure Flash, PP0117 can be claim in a composition with Winbond device and offer trusted external memory solution within SoC architectures. For more information, please visit Winbond website or download the latest Hardware Security White Paper.