Introduction

This is an example of FIA_MBE_EXT taken from the collaborative PP-Module for Mobile biometric enrolment and verification - for unlocking the device - created by the Biometrics Security iTC.

It is important to note that this is for an entire family of requirements. A set of requirements like this can be split between mandatory and selection-based or optional requirements, and so may not be in a single block in the cPP (by convention).

Extended Component Definitions

This section is what would be placed in the Extended Component Definitions of the cPP (or PP-Module).

Identification and Authentication (FIA)

Mobile biometric enrolment (FIA_MBE_EXT)

Family Behaviour

This component defines the requirements for the TSF to be able to enrol a user, create templates of sufficient quality and prevent presentation attacks.

These examples are taken from different cPPs, and specifically avoid cryptographic requirements (due to the complexity in their definition).

Component levelling
FIA MBE EXT.png
Figure 1. Component levelling

FIA_MBE_EXT.1 Mobile biometric enrolment requires the TSF to enrol a user.

FIA_MBE_EXT.2 Quality of biometric templates for mobile biometric enrolment requires the TSF to create templates of sufficient quality.

FIA_MBE_EXT.3 Presentation attack detection for mobile biometric enrolment requires the TSF to prevent presentation attacks during the mobile biometric enrolment.

Management: FIA_MBE_EXT.1

There are no management activities foreseen.

Management: FIA_MBE_EXT.2

The following actions could be considered for the management functions in FMT:

  1. the management of the TSF data (setting threshold values for quality scores to generate templates) by an administrator.

Management: FIA_MBE_EXT.3

The following actions could be considered for the management functions in FMT:

  1. the management of the TSF data (setting values for detecting artificial presentation attack instruments) by an administrator.

Audit: FIA_MBE_EXT.1, FIA_MBE_EXT.2

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

  1. Basic: Success or failure of the mobile biometric enrollment

Audit: FIA_MBE_EXT.3

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

  1. Basic: Detection of presentation attacks

FIA_MBE_EXT.1 Mobile biometric enrolment

Hierarchical to: No other components

Dependencies: No dependencies

FIA_MBE_EXT.1.1 The TSF shall provide a mechanism to enrol an authenticated user.

Application Note 1

User shall be authenticated by the mobile device using the Password Authentication Factor before beginning biometric enrolment.

FIA_MBE_EXT.2 Quality of biometric templates for mobile biometric enrolment

Hierarchical to: No other components Dependencies: FIA_MBE_EXT.1 Mobile biometric enrolment

FIA_MBE_EXT.2.1 The TSF shall create templates of sufficient quality.

Application Note 2

ST author may refine “sufficient quality” to specify quality standards if the TOE follows such standard.

FIA_MBE_EXT.3 Presentation attack detection for mobile biometric enrolment

Hierarchical to: No other components Dependencies: FIA_MBE_EXT.1 Mobile biometric enrolment

FIA_MBE_EXT.3.1 The TSF shall prevent use of artificial presentation attack instruments from being successfully enrolled.

Evaluation Activities

This section is what would be placed in the Evaluation Activities of the Supporting Document.

EA for FIA_MBE_EXT.1

Objective of the EA

The evaluator shall verify that the TOE enrols a user only after successful authentication of the user by his/her password. Security requirements for the password authentication are defined in [MDFPP] and out of scope of this EA.

Dependency

There is no dependency to other EAs defined in this SD.

Tool types required to perform the EA

No tool is required for this EA.

Required input from the developer or other entities

Following input is required from the developer.

  1. TSS shall explain how the TOE meets FIA_MBE_EXT.1 at high level description

  2. AGD guidance shall provide clear instructions for a user to enrol him/herself

AGD guidance may include online assistance, prompts or warning provided by the TOE during the enrolment attempt.

Assessment Strategy

Strategy for ASE_TSS and AGD_OPE/ADV_FSP

The evaluator shall examine the TSS to understand how the TOE enrols a user and examine the AGD guidance to confirm that a user is required to enter his/her valid password before the mobile biometric enrolment.

Strategy for ATE_IND

The evaluator shall perform the following steps to verify that the TOE performs the mobile biometric enrolment correctly.

  1. The evaluator shall try to enrol him/herself without setting a password and confirm that he/she can’t enrol him/herself.

  2. The evaluator shall set a password and confirm that he/she can’t enrol him/herself without entering the password correctly beforehand.

Pass/Fail criteria

The evaluator can pass this EA only if the evaluator confirms that:

  1. Information necessary to perform this EA is described in the TSS and AGD guidance

  2. Only authenticated users by password can enrol him/herself and any attempts to enrol without the authentication are rejected through the independent testing

Requirements for reporting

The evaluator shall report the summary of result of EA defined above, especially how the evaluator reaches the Pass/Fail judgement based on the Pass/Fail criteria.

EA for FIA_MBE_EXT.2

Objective of the EA

Mobile biometric verification performance depends on quality of the template that is compared to the samples presented to the TOE. The evaluator shall examine that the TOE checks the quality of enrolment and authentication templates based on the assessment criteria to verify a user with an adequate reliability.

If the TOE doesn’t create authentication templates, this EA is only applicable to enrolment templates.

The evaluator shall keep in mind that the assessment criteria for different biometric modalities may not be the same. The evaluator shall evaluate each biometric modality separately if the ST author selects multiple biometric modalities in FIA_MBV_EXT.1.1.

Dependency

The evaluator shall perform the EA for FIA_MBE_EXT.1 first to confirm the mobile biometric enrolment can be done correctly.

Tool types required to perform the EA

Developer shall provide a test platform for the evaluator to conduct the test described in the Assessment Strategy.

Required input from the developer or other entities

Following input is required from the developer.

  1. TSS shall explain how the TOE meets FIA_MBE_EXT.2 at high level description

  2. AGD guidance shall provide clear instructions for a user to enrol him/herself

  3. Supplementary information (Assessment criteria for templates) shall describe assessment criteria for creating templates

AGD guidance may include online assistance, prompts or warning provided by the TOE during the enrolment attempt.

Assessment Strategy

Strategy for ASE_TSS and AGD_OPE/ADV_FSP

Enrolment templates

The evaluator shall examine the TSS to understand how the TOE generate templates of sufficient quality at enrolment. The evaluator shall also examine the AGD guidance about how the TOE supports a user to enrol him/herself correctly and how the TOE behaves when low quality samples are presented to the TOE.

The evaluator shall examine that “assessment criteria for templates” to check that how the TOE creates the templates based on this assessment criteria. The “assessment criteria for templates” may include;

  1. Quality requirements for the biometric sample to ensure that a sufficient amount of distinctive features is available

  2. Method to quantify the quality of samples (e.g. method to generate quality score)

  3. Assessment criteria to accept the sample of sufficient utility (e.g. compare quality score to quality threshold)

  4. Quality standard that the TOE uses to perform the assessment if the TOE follows such standard (e.g. NFIQ for fingerprint)

  5. Additional assessment criteria applied to creation of enrolment templates

Authentication templates

If the TOE creates authentication templates, the evaluator shall examine the TSS to understand how the TOE generate sufficient quality of authentication templates.

The evaluator shall examine that the “assessment criteria for templates” to check that how the TOE creates the authenticate templates based on its assessment criteria. The “assessment criteria for templates” may include a) – d) in Strategy for ASE_TSS and AGD_OPE/ADV_FSP and;

  1. Additional assessment criteria to applied to creation of authentication templates

Strategy for ATE_IND

Enrolment templates

The evaluator shall perform the following test to verify that the TOE generates templates of sufficient quality.

The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products.

  1. The evaluator shall perform mobile biometric enrolment that results in creation of templates that don’t satisfy the assessment criteria described in “assessment criteria for templates” (e.g. presenting biometric samples of low quality)

  2. The evaluator shall check the TOE internal data (e.g. quality scores and quality threshold) to confirm that the TOE doesn’t create enrolment templates that don’t meet the assessment criteria specified in the “assessment criteria for templates”

Authentication templates

The evaluator shall perform the following test to verify that the TOE generates authentication templates of sufficient quality only if the evaluator judges that creating authentication templates is feasible.

The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products.

  1. The evaluator shall enrol him/herself

  2. The evaluator shall present biometric samples repeatedly to trigger the TOE to create authentication templates

  3. The evaluator shall check the TOE internal data (e.g. quality scores and quality threshold) to confirm that the TOE doesn’t create authentication templates that don’t meet the assessment criteria specified in the “assessment criteria for templates”

Pass/Fail criteria

The evaluator can pass this EA only if the evaluator confirms that:

  1. Information necessary to perform this EA is described in the TSS, AGD guidance and “assessment criteria for templates”

  2. The TOE creates only templates that pass the assessment criteria through the independent testing

Requirements for reporting

The evaluator shall report the summary of result of EA defined above, especially how the evaluator reaches the Pass/Fail judgement based on the Pass/Fail criteria.

EA for FIA_MBE_EXT.3

The evaluator shall refer the EA for FIA_MBV_EXT.3 to perform evaluation of this SFR.