By Markus Hoffmeister & Klaus Schmeh, cryptovision GmbH.
The Cryptographic Service Provider (CSP) module, based on an architecture developed by governmental cyber security experts in Germany, is an innovative and effective approach to implementing cryptographic security functions across a diverse array of sensitive applications. It takes security development to a new level, by enabling smooth implementations and evaluation for systems integrators, thus making a complex process more efficient. This new approach is not only used for secure IoT designs, but also for electronic ID applications.
Separating the cryptographic functionality from the application is a mature and proven security concept. The CSP module, a new solution which is based on an architecture developed in Germanyby the Federal Office for Information Security (BSI) and specified by the standards BSI TR-03151 and BSI TR-03153, implementsthis concept in a new fashion.
The CSP module stores the cryptographic keys along with the basic crypto functions in an embedded Secure Element (eSE). Contrary to conventional crypto-module designs, the CSP module adds an additional software layer inside the eSE, that provides functionality on a more application-oriented level. The application has no direct access to the basic crypto functions, but calls the application-oriented routines instead.
With this additional layer, it is especially convenient to deploy the eSE in security applications. Compared to conventional architectures, an integration based on a CSP module is faster and less prone to faults, as it requires less cryptographic expert knowledge. Moreover, the separation provided by this additional layer allows for higher security levels to be reached through software-only implementation. This is because evaluating an application based on a CSP module according to Common Criteria or similar standards is easier than with other designs: the CSPhardware module can be certified up to, for example, CC EAL4+or higher, whereas the application software layer on the eSE normally requires only a lower level. In practice, this means thatthe certification process can be accelerated.
The first implementation “Made inGermany” – cryptovision’s Jacolyn CSP
In the first large-scale German implementation, the CSP module iscurrently required in the Technische Sicherheitseinrichtung (TSE), a new high security solution legally required from January 2020 to prevent tax-fraud at the POS. This application is economically and politically of high strategic relevance, as it will help to prevent tax fraud, which is costing the German state hundreds of millions of Euros per year.
cryptovision’s Jacolyn CSP is used in different offerings byBundesdruckerei GmbH, such as removable hardware tokens and to secure a cloud-based solution developed by Bundesdruckerei and Deutsche Fiskal.
However, the cryptovision CSP module can be implemented in many more security scenarios. For instance, it provides the means to cryptographically protect a wide range of security-critical Internet of Things (IoT) devices. It is especially attractive for IoT components with medium (e.g., wearables, smart homes) to high security (e.g. smart grids, banking) requirements.
Basis for next generation eID documents and applications
The CSP architecture was developed with a new eID document generation in mind. With the possibilities provided by new chip platforms, eID card applications can be developed, certifiedand brought to market in a more efficient manner. Among theapplications that can be implemented in the additional layer are protocol handlers for eID protocols, such as EAC and PACE. The eID solution provider receives a solution that provides all thefunctionality and the security certifications necessary to easilyintegrate it into an eID system.
Looking beyond the card itself, utilizing hardware with a CSP modulearchitecture is an attractive solution when designing eID usageschemes. For example, eVoting machines with CSP modules couldeasily be used to both check the legitimacy of the document holder to vote, as well as securely record the vote in a private fashion.
A similar scheme might be used for electronic passports, where automated kiosks with CSP modules could validate the identity of the passport holder at check in, automated border control gates with CSPs could be used to facilitate customs and immigration checks, and even the final boarding at the gates could be unattended and counted by gates with CSPs
CSP Use Case Example: Fair play at the checkout
Electronic cash register systems usually store all transaction data they process on an integrated hard drive. The operator of such a device – typically a retailer, restaurateur, taxi driver etc. – later forwards these data to the financial authority for tax checks. However, with some IT expertise it is possible to manipulate the data stored in a cashregister. A skilled operator can easily seize this vulnerability to evade taxes and social security contributions.
In order to prevent this kind of tax fraud, some electronic cash registers are protected with physical means and encryption. As the operators of cash registers usually have little interest in implementing such security measures, many states require them to do so by law (this is referred to as “fiscalisation”). In Germany, for instance, the legislator stipulates that electroniccash registers must be equipped with a so-called “Technical Security Device (TSE)” from January 1st, 2020 onwards.
The mandatory use of a TSE in Germany is laid down in a legal directive titled “Kassensicherungsverordnung” (Cash Register Protection Directive), abbreviated asKassenSichV. Fiscalisation according to the KassenSichV affects many industries,including retailers, supermarkets, gastronomy, and POS system operators.
According to the KassenSichV, an electronic cash register must record every businesstransaction that happens on a non-volatile storage medium. Among other things, the time, the nature of the operation, the method of payment, and the serial number of theelectronic recording system need to be electronically signed and written into a record file.Accounting programs and ERP systems are required to log similar data.
With its partner and shareholder Bundesdruckerei GmbH, cryptovision offers an advanced TSE implementation based on its Jacolyn CSP. The CSP will be used in bothsolutions offered by Bundesdruckerei for the fiscaIisation market: A local, token-based offering, as well as a cloud-based solution. It is expected that both of these fiscalisation solutions will find wide-spread use after January 1st, when the KassenSichV enters intoforce.