Security evaluation on chip applied advanced attack methods to comply with EAL5+ Common Criteria requirements
Applus+ Laboratories has evaluated the security of an innovative IC solution created by Winbond under both Common Criteria EAL5+ and EMVCo requirements.
Winbond’s new TrustME™ IC, intended for use in secure mobile applications in the payments, telecommunications, identity (e-Government) and automotive sectors, among others, successfully achieved both benchmark certifications.
TrustME™: an IC with an independent memory module to store multiple applications
The chip, the first of its kind, features a large, independent memory module which opens the way to more complex, multi-application chips. TrustME™ is designed to work in highly critical hardware devices, such as smart cards, secure elements, USB tokens and secure micro SD cards, offering tamper resistance capabilities, memory protection and secure cryptographic services (RNG, AES, TDES, RSA and ECC).
CC evaluation with SOGIS attack methods
Both the Winbond Secure Serial Flash Memory module and the combined chip solution were evaluated and certified under CC. To evaluate the new solution, Applus+ had to develop a new test setup that combined side-channel and perturbation attacks, following the demanding SOGIS attack method to meet the
EAL5+ Common Criteria requirements.
EMVCo evaluation
This was the first time that a chip of this type had been evaluated for
EMVCo certification. Applus+ Laboratories was able to undertake this project thanks to its years of experience undertaking EMVCo certifications for payment-related products. Its expert team was perfectly positioned to take on the challenge of an all-new chip design such as TrustME™.
Thanks to the fact that Applus+ is accredited by both schemes, and that some of the tests involved were equivalent, the EMVCo and CC evaluations were carried out in parallel. This combined approach makes for faster, more efficient evaluations, reducing costs and time to market for new products.
Talking about the successful evaluation, Rachel Menda-Shabat – Director of Security Certification at Winbond – said “We’re delighted with the results. Having this product certified for both EMVCo and Common Criteria is a significant milestone for us and introduces us to the payment market”.