FPT_ITI.2 Inter-TSF detection and correction of modification
User application notes
This component should be used in situations where it is necessary to detect or correct modifications of TSF critical data.
The desired strength of modification detection is based upon a specified modification metric that is a function of the algorithm used, which may range from a checksum and parity mechanisms that may fail to detect multiple bit changes, to more complicated cryptographic checksum approaches. The metric that needs to be defined can either refer to the attacks it will resist (e.g. only 1 in a 1000 random messages will be accepted), or to mechanisms that are well known in the public literature (e.g. the strength must be conformant to the strength offered by Secure Hash Algorithm).
The approach taken to correct modification might be done through some form of error correcting checksum.
Evaluator Notes
Some possible means of satisfying this requirement involves the use of cryptographic functions or some form of checksum.
Operations
Assignment:
For FPT_ITI.2.1, the PP/ST should specify the modification metric that the detection mechanism must satisfy. This modification metric shall specify the desired strength of the modification detection.
For FPT_ITT.2.2, the PP/ST should specify the actions to be taken if a modification of TSF data has been detected. An example of an action is: "ignore the TSF data, and request the originating trusted product to send the TSF data again".
For FPT_ITI.2.3, the PP/ST author should define the types of modification from which the TSF should be capable of recovering.