Requirements:
3.1 Approved Algorithms and Modes of Operation
Only approved cryptographic algorithms and methods are used. Approved cryptographic algorithms and methods are those specified within the EMV® 3-D Secure SDK Specification. Approved cryptographic algorithms and methods are also recognized by industry-accepted standards bodies⎯for example: NIST, ANSI, ISO, EMVCo, etc. Cryptographic algorithms and parameters that are known to be vulnerable are not used.
Assessment Procedures:
T.3.1.1 The tester shall examine vendor materials and other evidence, including source code, to determine what cryptographic algorithms and methods are used and all cryptographic keys used in the system that are relied upon for the security of the 3DS SDK.
T.3.1.2 The tester shall examine vendor materials and other evidence, including source code, to identify modes of operation available for each key, including determining how any additional values (such as initial vectors) may be generated for that mode of operation.
T.3.1.3 Where the mode of operation may be open to exploitation⎯e.g., relocation or data analysis attacks on Electronic Code Book (ECB) mode⎯the tester shall confirm that this sort of attack is not feasible for this implementation. This testing must always be performed for keys that allow for ECB as a mode of operation.
T.3.1.4 Where the mode of operation requires the use of another value, such as an Initialization Vector (IV) or counter, the tester shall confirm that the implementation ensures that this value is correct and secure.
T.3.1.5 The tester shall examine vendor materials and other evidence, including source code, to determine all key generation or key agreement processes that are used by the system, and to confirm that they ensure keys are generated with full entropy (e.g., a 128-bit key is generated with 128 bits of entropy input).
T.3.1.6 The tester shall confirm that no reversible key-calculation modes (such as key variants) are used to directly create new keys from an existing key. All key-generation functions must implement one-way functions or other irreversible key-generation processes.
T.3.1.7 The tester shall confirm that any key signature or fingerprint values returned by the system do not reveal any details about the key itself. Key checksum values (KCVs) must be limited to five bytes or less than half of the algorithm block size, whichever is smaller, and hash algorithms used for key fingerprints (on secret or private keys) must implement SHA256 or above.
T.3.1.8 The tester shall confirm that a cryptoperiod is defined for each key, and that update procedures are also defined to replace each key at the end of this cryptoperiod.
T.3.1.9 The tester shall confirm that security is not provided to any key by a key of lesser strength⎯e.g., by encrypting a 256-bit AES key with a 128-bit AES key.
T.3.1.10 For any public keys used by the system, the tester shall confirm that the authenticity of each public key is maintained. Use of public keys that are not signed or MAC’d or are maintained in self-signed certificates, is prohibited unless the authenticity of the key is ensured through use of a secure cryptographic module. Self-signed certificates that exist as part of the base platform on which the 3DS SDK is executed are excluded from this requirement.
T.3.1.11 The tester shall confirm that key purpose and integrity is ensured for all keys used in the system, preventing a key of one purpose (e.g., key encryption) from being replaced with a key of another purpose (e.g., general data encryption).
T.3.1.12 The tester shall confirm that each key has a single unique purpose, and that no keys are used for multiple purposes (such as both signing and encrypting data), and that keys used to encrypt Cardholder Verification Method (CVM) data are not used for any other operation (such as general-purpose data encryption, monitor message encryption, etc.).
T.3.1.13 The tester shall confirm that keys used to validate the authenticity of a datagram are unique to each endpoint, so that a (H)MAC or signature generated at one end would always be different if generated by the other end point.
Guidance:
To protect sensitive information, the 3DS SDK should utilize only recognized cryptographic implementations based on the EMV® 3-D Secure SDK Specification and industry-accepted standards. For a list of approved cryptographic algorithms and methods, please refer to the EMV® 3-D Secure SDK Specification and the EMV® 3-D Secure Protocol and Core Functions Specification.
