https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by sales@ChinaStandards.

net

ICS 35.040
L 80

National Standard of the People’s Republic of China

GB/T 37092-2018

Information security technology -

Security requirements for
cryptographic modules
信息安全技术 密码模块安全要求

(English Translation)

Issue date: 2018-12-28 Implementation date: 2019-07-01

Issued by the State Administration for Market Regulation
the Standardization Administration of the People’s Republic
of China

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Contents

Foreword ............................................................................................................................... i
Introduction .......................................................................................................................... ii
1 Scope .............................................................................................................................1
2 Normative references ..................................................................................................... 1
3 Terms and definitions ..................................................................................................... 1
4 Abbreviations.................................................................................................................. 4
5 Security level of cryptographic module............................................................................. 5
5.1 Overview .............................................................................................................. 5
5.2 Security Level 1 ................................................................................................... 6
5.3 Security Level 2 ................................................................................................... 6
5.4 Security Level 3 ................................................................................................... 7
5.5 Security Level 4 ................................................................................................... 8
6 Functional security targets ............................................................................................. 9
7 Security requirements .................................................................................................... 9
7.1 General requirements .......................................................................................... 9
7.2 Cryptographic module specification .................................................................. 12
7.3 Cryptographic module interfaces ....................................................................... 17
7.4 Roles, services, and authentication ................................................................... 19
7.5 Software/firmware security ................................................................................ 26
7.6 Operational environment ................................................................................... 28
7.7 Physical security ................................................................................................ 34
7.8 Non-invasive security......................................................................................... 44
7.9 Sensitive security parameter management ....................................................... 45
7.10 Self-tests .......................................................................................................... 50
7.11 Life-cycle assurance ........................................................................................ 56
7.12 Mitigation of other attacks ................................................................................ 62
Annex A (Normative) Documentation requirements ....................................................... 64
Annex B (Normative) Cryptographic module security policy .......................................... 72
Annex C (Normative) Approved security functions ......................................................... 79
Annex D (Normative) Approved sensitive security parameter generation and
establishment methods ...................................................................................................... 81
Annex E (Normative) Approved authentication mechanisms ......................................... 82
Annex F (Normative) Non-invasive attacks and mitigation method detection indicators
...........................................................................................................................................83
Bibliography ....................................................................................................................... 85

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Foreword

ChinaStandards.net is in charge of this English translation. In case of any doubt about the
English translation, the Chinese original shall be considered authoritative.

This standard is developed in accordance with the rules given in GB/T 1.1-2009.

This standard was proposed by and is under the jurisdiction of the National Technical
Committee on Information Security of Standardization Administration of China (SAC/TC
260).

Drafting organizations of this standard: Data Assurance and Communication Security

Research Center of Chinese Academy of Sciences, Commercial Cryptography Testing
Center of State Cryptography Administration, Beijing Watchdata Intelligent Technologies
Co., Ltd., Beijing Certificate Authority, Feitian Technologies Co., Ltd., Beijing Haitai
Fangyuan Technologies Co,.Ltd., Beijing Huada Zhibao Electronic System Co., Ltd. and
Beijing Creative Century Information Technology Co., Ltd.

Chief drafters of this standard: Jing Jiwu, Gao Neng, Tu Chenyang, Zheng Fangyu, Jiang
Weiyu, Zhou Guoliang, Liu Zongbin, Liu Zeyi, Wang Jing, Luo Peng, Wang Xuelin, Chen
Guo, Zhan Banghua, Zhu Pengfei, Jiang Hongyu, Chen Yue, Zhang Wantao, Liu Limin
and Xiang Ji.

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Introduction

In Information Technology, there is an increasing need to use cryptographic technique

such as the protection of data against unauthorized disclosure or manipulation, for entity
authentication and for nonrepudiation. The security and reliability of cryptographic
mechanisms are directly dependent on the cryptographic modules in which they are
implemented.

This standard provides four progressive and qualitative security levels for the
cryptographic modules, but doesn't specify the correct application and secure deployment
of a cryptographic module. During the use or deployment of cryptographic module, the
operator of cryptographic module is responsible for ensuring that the security provided by
the module is sufficient and acceptable to the owner of the information, and that any
residual risk is informed to the owner of the information. The operator of cryptographic
module is responsible for selecting a cryptographic module of appropriate security level to
ensure that the cryptographic module adapts to security requirements necessary for
application and the security state of environment where it is used.

ii

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Information security technology - Security

requirements for cryptographic modules

1 Scope

This standard specifies the security requirements for cryptographic modules, and defines
four security levels for cryptographic modules and corresponding requirements.

This standard is applicable to cryptographic modules used in security systems protecting

the sensitive information in computer and telecommunications system. This standard also
provides guidance for the design and development of cryptographic modules, and
provides a reference for the detection of security requirements for cryptographic modules.

2 Normative references

The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.

GB/T 15843 (All parts) Information technology - Security techniques - Entity

authentication
GB/T 15852 (All parts) Information technology - Security techniques - Message
authentication codes (MACs)
GB/T 17964 Information technology - Security techniques - Modes of
operation for a block cipher
GB/T 25069 Information security technology - Glossary
GB/T 32905 Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32918 (All parts) Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 33133.1 Information security technology - ZUC stream cipher
algorithm - Part 1: Algorithm description
GM/T 0001.2 ZUC Stream cipher algorithm - Part 2: The ZUC-based
confidentiality algorithm
GM/T 0001.3 ZUC Stream Cipher Algorithm - Part 3: The ZUC-based
integrity algorithm
GM/T 0044 (All parts) SM9 identification cryptographic algorithm

3 Terms and definitions

For the purposes of this document, the terms and definitions given in GB/T 25069 and the

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

following apply.

3.1
certificate
data of an entity, which is issued by the certification authority's private key or secret key
and cannot be forged

3.2
conditional self-test
test performed by a cryptographic module when specified test conditions occur

3.3
critical security parameter
security relevant secret information which may endanger the security of cryptographic
module once disclosed or modified

Note: critical security parameter may be in plaintext or encrypted.

3.4
cryptographic boundary
clearly defined perimeter that establishes physical and/or logical boundaries and includes
all hardware, software and/or firmware components of the cryptographic module

3.5
cryptographic module
set of hardware, software and/or firmware implementing security function, which is
included within the cryptographic boundary

Note: cryptographic modules may be classified into hardware cryptographic module, firmware
cryptographic module, software cryptographic module and hybrid cryptographic module according to
composition.

3.6
cryptographic module interface
logical entry or exit of a cryptographic module, providing access for logical information
flow

3.7
cryptographic module security policy
clear description of security rules which shall be complied with by cryptographic module,
including the rules derived from the requirements of this standard and those required by
the vendor

3.8

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

differential power analysis

analysis on power consumption change of cryptographic module, which is used to obtain
information related to cryptographic operation

3.9
fault induction
technology causing change of operational behavior in hardware by applying transient
voltage, radiation, laser or clock offset technology

3.10
multi-word authentication
authentication containing at least two independent authentication factors

Note: categories of independent authentication factors include: something known, something possessed
mater and property possessed.

3.11
non-invasive attack
attack on cryptographic module, which is not in direct physical contact with the
components within the cryptographic boundary, and does not change the state of the
cryptographic module

3.12
operational environment
set of all software, firmware and hardware required for secure operation of cryptographic
module, including operating system and hardware platform

Note: the operational environment is classified into modifiable operational environment, limited
operational environment and unmodifiable operational environment.

3.13
pre-operational self-test
test performed by a cryptographic module between the time a cryptographic module is
powered on or instantiated (after being powered off, reset, rebooted, cold-start, power
interruption, etc.) and before the module transition to the operational state

3.14
public security parameter
security relevant public information which may endanger the security of cryptographic
module once modified

Note: for example, public key, public key certificate, self-signed certificate, trust anchor, one-time
password associated with the counter and the date and time kept internally. If the public security
parameter cannot be modified or can be discovered by the cryptographic module after being modified,

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

the public security parameter may be considered as protected.

3.15
runtime environment
virtual machine state that provides software service for processes and programs while the
computer is running

Note: the runtime environment may be related to the operating system or the software running under it.
Its main purpose is to achieve a "platform-independent" programming target.

3.16
security function
cryptographic algorithm and its working mode, including: block cipher, stream cipher,
asymmetric cipher, message authentication code, hash function, random number
generation, entity authentication, generation and establishment of sensitive security
parameters, etc.

3.17
sensitive security parameters
including critical security parameter (3.3) and public security parameter (3.14)

3.18
simple power analysis
direct (mainly visual) analysis on (single) command execution mode, which is related to
the power consumption of cryptographic module and used to obtain information related to
cryptographic operation

3.19
split knowledge
process in which a key is split into multiple key components and output from cryptographic
module to multiple entities. Single component cannot provide knowledge of the original
key. The key component entered into cryptographic module by each entity can be
synthesized into the original key, which may require all components or a part of them

3.20
sensitive security parameter establishment
process of providing shared sensitive security parameters to one entity or more entities

Note: sensitive security parameter establishment includes negotiation, transfer and entry/output of
sensitive security parameter.

4 Abbreviations

For the purposes of this document, the following abbreviations apply.

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

API: Application Program Interface

CBC: Cipher Block Chaining

ECB: Electronic Codebook

EDC: Error Detection Code

EFP: Environmental Failure Protection

EFT: Environmental Failure Testing

FSM: Finite State Model

HDL: Hardware Description Language

HMAC: Hash-Based Message Authentication Code

IC: Integrated Circuit

PIN: Personal Identification Number

5 Security level of cryptographic module

5.1 Overview

A cryptographic module refers to the hardware, software, firmware or the set of them,
implementing functions such as cryptographic operation and key management. This
standard is applicable to cryptographic modules used in security systems protecting the
sensitive information in computer and telecommunications system. In order to protect the
cryptographic modules and the sensitive security parameters contained in and controlled
by the cryptographic modules as well as to meet the security requirements in many
application fields and of different levels, this standard specifies four progressing security
levels, among which, the high-level ones are improved based on low-level ones. Common
examples given in this standard are used to illustrate how to meet the security
requirements hereof other than for restriction or enumeration. Four security levels are
outlined below. The cryptographic techniques are identical over the four security levels.

In this standard, each security requirement is identified and numbered by a "shall [xx.yy]"
where xx indicates the clause and yy is a numeric index of the clause. If "shall [xx.yy]"
occurs in certain sentence in this standard, it means that this sentence is a security
requirement of this standard with serial number of [xx.yy]. There are 12 clauses in total in
this standard, corresponding to the common security requirements and 11 security

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

domains of cryptographic modules; wherein, 1~12 represent respectively: general

requirements; cryptographic module specification; cryptographic module interface; roles,
services and authentication; software/firmware security; operational environment; physical
security; non-invasive security; management of sensitive security parameters; self-test;
life-cycle assurance; mitigation of other attacks. Specific security requirements are
contained in each clause, which are numbered in sequence from [xx..01].

Each sentence in this standard thereinafter containing "shall [xx.yy]" shall be considered a
security requirement of the cryptographic module; such identification may be directly cited
by the corresponding subsequent detection standard of this standard and cited by
documentation submitted by the cryptographic module vendor.

5.2 Security Level 1

Security Level 1 provides a baseline level of security. Security Level 1 clarifies the basic
security requirements for cryptographic modules. For example, a cryptographic module
shall use at least one approved security function or sensitive security parameter
establishment method. A software or firmware cryptographic module may run in an
unmodifiable, limited or modifiable operational environment. A hardware cryptographic
module is unnecessary to reach other special physical security mechanism requirements
except for the basic requirements for production-grade components. Mitigation methods
implemented by the cryptographic module against non-invasive attack or other attacks
shall be documented. Examples of cryptographic modules of Security Level 1 are:
hardware encryption card in personal computer, cryptographic toolkit running on handheld
device or general-purpose computer.

Cryptographic module of Security Level 1 is well suitable when the application system
outside the cryptographic module has been configured with measures such as physical
security, network security and management process, thus allowing the user of
cryptographic module to choose from various cryptographic solutions to meet security
needs.

5.3 Security Level 2

For Security Level 2, requirements for tamper evidence are added based on Security
Level 1, such as using tamper-evident coatings or seals or pick-resistant locks on
removable covers or doors.

Tamper-evident seals or pick-resistant locks shall be installed on removable covers or

doors to protect against unauthorized physical access. The tamper-evident coating or seal
shall be broken when obtaining physical access to security parameters within the
cryptographic module.

Security Level 2 requires role-based authentication, in which a cryptographic module

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

authenticates the role of an operator to determine if the operator has the right to perform
corresponding services.

The software cryptographic module of Security Level 2 may run in a modifiable

environment that shall implement role-based access controls or discretionary access
control which is able to define new groups, assign permissions through access control
lists (ACL) and assign each user to more than one group, and that protects against
unauthorized execution, modification, and reading of software implementing cryptographic
function.

5.4 Security Level 3

In addition to the tamper-evident physical security mechanisms required at Security Level

2, Security Level 3 provides additional requirements to mitigate the unauthorized access
to sensitive security parameters within the cryptographic module. These physical security
mechanisms required at Security Level 3 shall be able to have a high probability of
detecting and responding to attempts at direct physical access, use or modification of the
cryptographic module and probing through ventilation holes or slits. The physical security
mechanisms may include the use of strong enclosures, and tamper of detection device
and response circuit that shall zeroize all critical security parameters when the removable
covers/doors of the cryptographic module are opened.

Security Level 3 requires identity-based authentication mechanisms, enhancing the

security provided by the role-based authentication mechanisms specified for Security
Level 2. A cryptographic module needs to authenticate the identity of an operator and
verifies that the authenticated operator is authorized to assume a specific role and
perform corresponding services.

Security Level 3 requires manually established plaintext critical security parameters to be

encrypted, utilize a trusted channel or use split knowledge for entry or output.

The cryptographic module at Security Level 3 shall protect against a security compromise
due to voltage and temperature outside of the cryptographic module's normal operating
ranges. Intentional excursions beyond the normal operating ranges may be used by an
attacker to bypass a cryptographic module's defense. A cryptographic module shall either
include environmental protection features designed to detect abnormal environment and
zeroize critical security parameters, or to pass environmental failure testing to provide a
reasonable assurance that the cryptographic module security will not be damaged by
abnormal environment.

The cryptographic module of Security Level 3 shall provide evidence and testing methods
for the validity of non-invasive attack mitigation techniques.

Security Level 3 is not offered in all clauses of this standard for software cryptographic

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

modules, therefore, the overall highest security level achievable by software cryptographic
module is limited to Security Level 2.

The cryptographic module at Security Level 3 requires additional life-cycle assurances,

such as automated configuration management, detailed design, low-level testing, and
operator authentication using vendor-provided authentication information.

5.5 Security Level 4

Security Level 4 provides the highest level of security defined in this standard. This level
includes all security features of the lower levels, as well as extended features.

At Security Level 4, the physical security mechanisms shall provide a complete envelope
for protection around the cryptographic module with the intent of detecting and responding
to all unauthorized attempts at physical access when sensitive security parameters are
contained in the cryptographic module whether external power is supplied or not.
Penetration of the cryptographic module enclosure from any direction has a very high
probability of being detected, resulting in the immediate zeroization of all unprotected
sensitive security parameters. By virtue of high security mechanism, Security Level 4
cryptographic modules are useful for operation in physically unprotected environment.

Security Level 4 introduces the multi-factor authentication requirement for operator

authentication. At minimum, this requires two of the following three attributes:

——something known, such as a secret password;

——something possessed, such as a physical key or token;

——property possessed, such as a biometric.

The cryptographic module at Security Level 4 shall protect against a security f due to
voltage and temperature outside of the cryptographic module's normal operating ranges.
A cryptographic module shall include environmental protection features designed to detect
abnormal environment and zeroize critical security parameters, to provide a reasonable
assurance that the cryptographic module security will not be compromised by abnormal
environment.

The mitigation methods for non-invasive attacks specified in 7.8 and implemented in
cryptographic modules are detected according to the non-invasive attack mitigation
detection indicators for Security Level 4 specified by the relevant national departments.

The design of a Security Level 4 module is verified by the correspondence between both
pre- and post-conditions and the functional specification.

https://www.chinastandards.net/standard/GBT37092-2018.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

6 Functional security targets

The security requirements specified in this standard involves the security design and
implementation of cryptographic modules. Security requirements begin at the lowest level
of the security target and increase as the security target level increases. These
requirements are derived from the following functional security targets of cryptographic
modules:

——employ and correctly implement the approved security functions to protect sensitive
information;

——prevent unauthorized operation or use of cryptographic modules;

——prevent unauthorized disclosure of the contents of cryptographic modules, including

critical security parameter;

——prevent unauthorized or undetectable modification of cryptographic modules and

cryptographic algorithms, including unauthorized modification, replacement, insertion and
deletion of sensitive security parameters;

——provide an indication of the operating state of cryptographic modules;

——ensure that the cryptographic module operates correctly in an approved mode of

operation;

——detect errors in the operation of cryptographic modules, prevent these errors from
unauthorized disclosure, modification, replacement or use of critical security parameter, or
unauthorized modification or replacement of public security parameter;

——ensure that the cryptographic module is properly designed, distributed and

implemented.

7 Security requirements

7.1 General requirements

Security requirements which shall [01.01] be met by cryptographic modules specified in

this standard. These security requirements cover the design, implementation and
operation of cryptographic modules and disposition-related domains, specially including:
cryptographic module specification; cryptographic module interface; roles, services and
authentication; software/firmware security; operational environment; physical security;
non-invasive security; management of sensitive security parameters; self-test; life-cycle
assurance; mitigation of other attacks.

https://www.chinastandards.net/standard/GBT37092-2018.html