Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

Published byElwin Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view."— Presentation transcript:

1 Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view Nobuhiro TAGASHIRA Canon Inc.

2 P. 1 Copyright (C) 2007, Canon Inc. All rights reserved. Contents 1.Background 2.The Common Criteria Evaluation vs The Cryptographic Module Validation 1.Proposal 1 (Developer ’ s Explanation) 2.Proposal 2 (new framework) 3.Conclusion

3 P. 2 Copyright (C) 2007, Canon Inc. All rights reserved. Background in Japan Common Criteria (CC) Evaluation :  In 2001, JISEC was established  In 2003, JISEC became a member of CCRA Cryptographic Module (CM) Validation :  In 2006, JCMVP was started a shadow testing  In 2007, JCMVP was established * JISEC : Japan Information Technology Security Evaluation and Certification Scheme * JCMVP : Japan Cryptographic Module Validation Program

4 P. 3 Copyright (C) 2007, Canon Inc. All rights reserved. Activities in Canon Common Criteria (CC) Evaluation :  CCEVS-VR-04-0063 from CCEVS (US Scheme)  C0010/C0012/C0020/C0027/C0032/C0036/ C0050 from JISEC Cryptographic Module (CM) Validation :  F0002 from JCMVP

5 P. 4 Copyright (C) 2007, Canon Inc. All rights reserved. The Common Criteria Evaluation Standard :ISO/IEC 15408 (Common Criteria) Methodology :CEM Target :TOE (a set of S/W, F/W and/or H/W) Top Description :Security Target Flow :ST Evaluation -> TOE Evaluation Levels :EAL1 to EAL7 Action : Evaluation Etc :8 Security Assurance Classes

6 P. 5 Copyright (C) 2007, Canon Inc. All rights reserved. The Cryptographic Module Validation Standard :ISO/IEC 19790 (FIPS 140-2) Methodology :DTR (Derived Test Requirements) Target :Cryptographic Module Top Description :Security Policy Flow :Algorithm Testing -> Module Testing Levels :Security Level 1 to 4 Action : Testing Etc :11 security areas

7 P. 6 Copyright (C) 2007, Canon Inc. All rights reserved. CC Evaluation vs CM Validation The CC Evaluation and CM Validation are different in  Abstractness  Focus of tests [B2-04][B2-05] [B2-04] Nithya Rachamadugu, “ FIPS-US Cryptographic Testing Standard ”, ICCC 2005 [B2-05] Axel Boness, “ A FIPS 140-2 evaluation could authorize CC-like tests ”, ICCC 2005 But these are the same in the point of the view of Third Party Validation Scheme in the IT security world. In some cases, the CM validation is very effective in the cryptographic functionality of the CC Evaluation.

8 P. 7 Copyright (C) 2007, Canon Inc. All rights reserved. Question!  Have the CC Evaluation and CM validation produced a synergistic effect? Answer  NO

9 P. 8 Copyright (C) 2007, Canon Inc. All rights reserved. Problems and Countermeasures under the CC Evaluation and CM Validation Problems 1. It is difficult for an end user to understand the validity of the CC Evaluation and CM Validation. Countermeasures CNTM1. A developer has to explain the validity of the CC Evaluation and CM Validation to an end user in the ST. CNTM2. The CC Specifications has to define the new framework for using the CM Validation.

10 P. 9 Copyright (C) 2007, Canon Inc. All rights reserved. Proposal 1 for CNTM1 (Developer ’ s Explanation) Write a ST, which clearly describes the TOE and the CM, so that an end user can understand. Point :  It is NOT necessary to change a structure of the ST.  There are some sections, which describes the CM.

11 P. 10 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 1) for Proposal 1  ST reference  TOE reference  Identify the Cryptographic Module, which is in the TOE.  TOE overview  TOE description  In the description of the physical scope of the TOE, describe the physical scope of the CM, and a relationship between the TOE and the CM.  In the description of the logical scope of the TOE, describe the logical scope of the CM, and a relationship between the TOE and the CM.  If the CM has some modes of the operation (e.g. CMVP mode), describe the usages of the modes of the operation of the CM in the logical description.

12 P. 11 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 2/3/4/5) for Proposal 1  Conformance claims  Security problem definition  Security objectives  Extended components definition Same descriptions as the normal ST

13 P. 12 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 6.1) for Proposal 1  Security functional requirements  “ Refinement operations ” are required. e.g. From “ The TSF shall …” to “ The TSF (CM) shall …”.  If the ST selects some components from FCS/FPT classes, the developer has to do “ Refinement operations ” of the requirement that the CM enforces. – FCS_COP : Cryptographic services – FCS_CKM : Cryptographic key management – FPT_TST : Self-tests – FPT_PHP : Physical security (if the CM is validated at the level 3 or 4)

14 P. 13 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 6.1) (con ’ t)  Security functional requirements  If the CSPs in CM are user data of the TOE, the developer may have to do “ Refinement operations ” of some components in FDP classes.  If the CSPs in CM are TSF data, the developer may have to do “ Refinement operations ” of some components in FMT classes.  If the CM is validated at the level 1 or higher, especially level 3 or 4, the developer may have to do “ Refinement operations ” of some components in FIA classes. CSP : Critical Security Parameter. (e.g. Cryptographic keys, authentication data)

15 P. 14 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 6.2/6.3) for Proposal 1  Security assurance requirements  Security requirements rationale Same descriptions as the normal ST

16 P. 15 Copyright (C) 2007, Canon Inc. All rights reserved. ST Description (Chap. 7) for Proposal 1  TOE summary specification Same descriptions as the normal ST

17 P. 16 Copyright (C) 2007, Canon Inc. All rights reserved. Proposal 2 for CNTM2 (new framework) Define the new CC framework, which effectively reuse the CM Validation. Point :  The Cryptographic Module may be a COTS product, and a developer may be a user of that. In this case, it is difficult for the developer to make design documents for the CC Evaluation.  This situation is a very similar problem to a composed TOE, so we could use the same analogy as ACO class.

18 P. 17 Copyright (C) 2007, Canon Inc. All rights reserved. Study 1 (I/F, functionality) for Proposal 2 Interfaces and functionalities of the CM are tested while testing. There are NO big impact on Composition rationale (ACO_COR), Development evidence (ACO_DEV), Reliance of dependent component (ACO_REL), And Composed TOE testing (ACO_CTT).

19 P. 18 Copyright (C) 2007, Canon Inc. All rights reserved. Study 2 (vulnerability) for Proposal 2 There are no vulnerability analysis of the CM. There are big impact on Composition vulnerability analysis (ACO_VUL).

20 P. 19 Copyright (C) 2007, Canon Inc. All rights reserved. Countermeasures for Proposal 2 1. Propose to ISO/IEC 19790 WG that vulnerability analysis is tested while testing the CM. or 2. Define a new family that supports a new Composition vulnerability analysis (ACO_VUL) for an independent cryptographic module test.

21 P. 20 Copyright (C) 2007, Canon Inc. All rights reserved. Conclusion This paper shows  the problem between the CC Evaluation and the CM Validation.  the proposal for the developer, and CC schemes. This paper is also useful, during the acquisition of the some CC/CM validated products. Future work  We have to examine a proposal 2 in detail in the viewpoint of feasibility.  FIPS 140-3 is planned. We have to examine between the CC Evaluation and the new CM Validation.

22 P. 21 Copyright (C) 2007, Canon Inc. All rights reserved. Thank you Nobuhiro TAGASHIRA tagashira.nobuhiro@canon.co.jp Canon Inc.

Download ppt "Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
© Crown Copyright (2000) Module 2.3 Functional Testing.

© Crown Copyright (2000) Module 2.3 Functional Testing.
Security Requirements

Security Requirements
© Crown Copyright (2000) Module 2.5 Operational Environment.

© Crown Copyright (2000) Module 2.5 Operational Environment.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 3.2 Evaluation Management.

© Crown Copyright (2000) Module 3.2 Evaluation Management.
© Crown Copyright (2000) Module 2.2 Development Representations.

© Crown Copyright (2000) Module 2.2 Development Representations.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Manager, Product Evaluation

Manager, Product Evaluation
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Prepared By: Certified Compliance Solutions, Inc. August 2012

Prepared By: Certified Compliance Solutions, Inc. August 2012

Similar presentations

Ads by Google