Graduated CC Protection Profiles for Cryptographic Modules Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security)

Slides:

Advertisements

Similar presentations

Security Requirements

Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Manager, Product Evaluation

Public Key Infrastructure (PKI) Hosting Services.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Effective Design of Trusted Information Systems Luděk Novák,

BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.

IT Security Evaluation By Sandeep Joshi

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

Security Controls – What Works

Chapter 1 – Introduction

© 1999 SPYRUS Common Criteria Protection Profiles for PKI Products Eric Rosenfeld SPYRUS 8 November 1999 CACR Information Security Workshop Third-Party.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Stephen S. Yau CSE , Fall Security Strategies.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Complying With The Federal Information Security Act (FISMA)

Internal Auditing and Outsourcing

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

SEC835 Database and Web application security Information Security Architecture.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

1 FIPS 140 Validation for a “System-on-a-Chip” September 27, 2005 NIST Physical Testing Workshop.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Module 5: Assuring the Quality of HIV Rapid Testing

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 Omissions and errors in the CC Who got it right? 8ICCC Denise Cater.

Background. History TCSEC Issues non-standard inflexible not scalable.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

FIPS Status and Schedules Allen Roginsky CMVP NIST September 28, 2005.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

CACR CC Briefing Stephen Booth Computer and System Security Section Communications Security Establishment

Common Criteria V3 Overview Presented to P2600 October Brian Smithson.

CMSC : Common Criteria for Computer/IT Systems

Action SecWG1012:9 “Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.” Where this question comes.

TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.

======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Guideline for Developer Documentation Christian Krause 8th ICCC / September 26th, 2007 Federal Office for Information Security.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Security Functional Requirements Kashif Imran. Overview Common Criteria Protection Profiles Security Objectives Security Requirements Security Functional.

TeleTrusT Initiatives for PKI Solutions

Ch.18 Evaluating Systems - Part 2 -

Final Conference in Paris WP6 – Protection Profiles Specification

Cryptography and Network Security

Presentation transcript:

Graduated CC Protection Profiles for Cryptographic Modules Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) 8. ICCC, Rome, September 2007 Gereon Killian Head of Certification Body

Gereon Killian8. ICCC, Rome, September 2007 Slide 2 Overview of presentation  Why these PPs?  Advantages / Difficulties  The project  The concept  Methodology  Scheme issues  Project results  Project status

Gereon Killian8. ICCC, Rome, September 2007 Slide 3 Why these PPs?  Commercial applications use more and more dedicated cryptographic devices for data security also within classical safety or industrial areas - Evidence on assurance is needed  Non-classified governmental applications need more support in security assessment  CC evaluation could be a basis for further assessment and approval in classified area  Existing standards are either domestic from certain nation (e.g. FIPS 140 / US) or or proprietary or no appropriate scheme is available (e.g. ISO)

Gereon Killian8. ICCC, Rome, September 2007 Slide 4 Advantages / Difficulties  Existing national evaluation and certification scheme can be used  Well defined structure of PPs  Well defined structure of CC assurance requirements  Evaluation methodology needs to be amended (compared to CEM) as assessment of cryptographic algorithms is not deeply implemented within CC  PP concept has low flexibility in using options  Specific evaluation competence of lab required

Gereon Killian8. ICCC, Rome, September 2007 Slide 5 The project  Investigation of marked needs and industrial implementation practise  Assessment of available information on requirements  Identification of high assurance requirements  Mapping and categorisation of requirements into functional and assurance aspects  Downgrading for applications with lower assurance needs  PP development process  Pilot evaluation

Gereon Killian8. ICCC, Rome, September 2007 Slide 6 The concept  Focus on Hardware Security Modules including Single Chip Solutions.  e.g. for a PKI system for generation and certification of keys / for mass signature  high performance encryption  Pure software implementations are not covered  Graduated approach on functional requirements  Graduated approach on assurance requirements  Consideration of national peculiarities by using concept of endorsed national functions or standards

Gereon Killian8. ICCC, Rome, September 2007 Slide 7 The concept  4 PPs under development (currently CC V2.3 is used)  Security levels targeting: Security level low:Basic assurance Security level moderate:commercial standard Security level enhanced:commercial high, gov. standard Security level high:gov. high  CC part 2 extended, CC part 3 conformant  Note on gov usage: for classified applications additional requirements may apply

Gereon Killian8. ICCC, Rome, September 2007 Slide 8 The concept - Relation to FIPS 140 or ISO/IEC  Focus on specific type of products  Test requirements covered  Functional requirements amended  Functional graduation similar as within FIPS but not exactly same  PP Assurance graduation based on CC concept with strong requirements on AVA according to the state of the art methods  Focus of PPs and its graduation in defining sensible set of requirements for up to high assurance level

Gereon Killian8. ICCC, Rome, September 2007 Slide 9 Methodology  Application of cryptography requires specific functional details to be defined  Adequate evaluation process must be ensured  Flexibility of CC in terms of operations on functional components and on assurance components is being used  Refinement of functional as well as of assurance requirements is being used  Testing methodology / test suite for national endorsed functions

Gereon Killian8. ICCC, Rome, September 2007 Slide 10 Scheme issues  Established certification schemes  Sufficient oversight by CB needed  Monitoring of specific lab competence by scheme / national authority  Rating of Strength of Function / Vulnerability Assessment is scheme responsibility  CC-RA does not cover recognition in this area - products for commercial usage might not need this aspect under governmental recognition but require well defined approach under oversight of national authority

Gereon Killian8. ICCC, Rome, September 2007 Slide 11 Project results - Assurance Packages  PP Assurance packages:  low: EAL3 + or plane EAL4 planned; details not yet defined  moderate:EAL4 + IMP.2, SPM.2, DVS.2, VLA.3  enhanced:EAL4 + IMP.2, SPM.2, DVS.2, VLA.4  high:EAL4 + IMP.2, INT.1, SPM.3, DVS.2, CCA.1, MSU.3, VLA.4  Refinements on: ADV_FSP, _HLD, _LLD, _IMP, _SPM.3 / _SPM.2 ATE_FUN (differently) AGD_ADM, _USR (differently) ACM_SCP AVA_MSU.3, _VLA.3 / VLA.4

Gereon Killian8. ICCC, Rome, September 2007 Slide 12 Project results - TOE Definition  Cryptographic module that implements Endorsed cryptographic functions (ECF) ( and no non-ECF)  Protection of confidentiality, integrity or both of user data according to a security policy of an IT system.  Management and protection of cryptographic keys for ECF.  TOE is physically: a set of hardware and software and/or firmware within the cryptographic boundary.  TOE logically: defined by the provided security functions depending on the implemented cryptographic algorithms and protocols.

Gereon Killian8. ICCC, Rome, September 2007 Slide 13 Project results - Roles  Roles as defined:  Administrator for Management of TOE  Crypto officer to perform cryptographic initialization and management functions  End User assumed to perform general security services, including cryptographic operations and other Endorsed security functions.  Maintenance Personal (if applicable) for physical maintenance and/or logical maintenance services (e.g., hardware/software diagnostics)  Unidentified User  Unauthenticated User: identified but not being authenticated.

Gereon Killian8. ICCC, Rome, September 2007 Slide 14 Project results - Objectives  Addressed topics for the TOE - Red-black separation of the TOE - Implementation of Endorsed cryptographic functions - Need for Identification and authentication of users - Roles known to TOE - Access control for services - Access control for cryptographic keys - Audit of the TOE - Export of cryptographic keys - Generation of cryptographic keys by the TOE - Import of cryptographic keys - Management of cryptographic keys - Destruction of cryptographic keys - Check for correct operation - Physical protection - Prevent leakage of confidential information

Gereon Killian8. ICCC, Rome, September 2007 Slide 15 Project results - Objectives  Addressed topics for the TOE-Environment - Assurance Security Measures in Development and Manufacturing Environment - Key generation by IT environment - Separation of red and black area of the IT system - Analysis of TOE audit data - Personnel security - Availability of cryptographic key and key material

Gereon Killian8. ICCC, Rome, September 2007 Slide 16 Project results - SFRs  Cryptographic operation and key management - FCS_CKM.1 Cryptographic key generation (endorsed) - FCS_CKM.2/Import Cryptographic key distribution (endorsed) - FCS_CKM.2/Export Cryptographic key distribution (endorsed) - FTP_ITC.1 Inter-TSF trusted channel - FCS_CKM.4 Cryptographic key destruction - FCS_COP.1 Cryptographic operation (endorsed) - FCS_RNG.1 (ext)Random number generation (endorsed)  User I&A - FIA_ATD.1 User attribute definition - FIA_UID.1 Timing of identification - FIA_UAU.1 Timing of authentication - FIA_UAU.6 Re-authenticating - FIA_UAU.7 Protected authentication feedback - FIA_USB.1 User-subject binding - FIA_AFL.1 Authentication failure handling

Gereon Killian8. ICCC, Rome, September 2007 Slide 17 Project results - SFRs  Protection of user data - FDP_ACC.2/Key_Man Complete access control - FDP_ACF.1/Key_Man Security attribute based access control - FDP_ACC.2/Oper Complete access control - FDP_ACF.1/Oper Security attribute based access control - FDP_ACC.2/Mode_TransComplete access control - FDP_ACF.1/Mode_Trans Security attribute based access control - FDP_IFC.2 Complete information flow control (high only) - FDP_IFF.1 Simple security attributes (high only) - FDP_ITC.2Import of user data with security attributes (endorsed) - FDP_ETC.2 Export of user data with security attributes (endorsed) - FDP_UCT.1Basic data exchange confidentiality (diff) - FDP_UIT.1Data exchange integrity - FDP_RIP.2 Full residual information protection

Gereon Killian8. ICCC, Rome, September 2007 Slide 18 Project results - SFRs  Audit - FAU_GEN.1 Audit data generation (diff) - FAU_GEN.2 User identity association - FAU_SAR.1 Audit Review - FAU_SAR.2 Protected audit trail storage - FAU_STG.1 Protected audit trail storage - FAU_STG.3 Action in Case of Possible Audit Data Loss (diff) - FAU_STG.4 Prevention of Audit Data Loss - FPT_STM.1 Reliable time stamps

Gereon Killian8. ICCC, Rome, September 2007 Slide 19 Project results - SFRs  Management of TSF and protection of TSF data - FMT_SMF.1 Specification of Management Functions - FMT_SMR.2 Restrictions on security roles (diff) - FMT_MTD.1/Admin Management of TSF data - FMT_MTD.1/User Management of TSF data - FMT_MTD.1/Audit Management of TSF data - FMT_MOF.1/CO Management of security functions behaviour - FMT_MOF.1/Adm Management of security functions behaviour - FMT_MSA.1/Key_Man_1Management of security attributes - FMT_MSA.1/Key_Man_2Management of security attributes - FMT_MSA.1/Key_Man_3Management of security attributes (diff) - FMT_MSA.2 Secure security attributes - FMT_MSA.3 Static attribute initialisation

Gereon Killian8. ICCC, Rome, September 2007 Slide 20 Project results - SFRs  TSF protection - FPT_TDC.1 Inter-TSF basic TSF data consistency - FRU_FLT.2 Limited fault tolerance (high only) - FPT_FLS.1 Failure with preservation of secure state (diff) - FPT_EMSEC.1 (ext)TOE Emanation - FPT_RVM.1 Non-bypassability of the TSP - FPT_SEP.1 TSF domain separation - FPT_TST.1 TSF testing - FPT_TST.2 (ext)TSF self-testing (endorsed) - FPT_PHP.3 Resistance to physical attack (diff)

Gereon Killian8. ICCC, Rome, September 2007 Slide 21 PP graduation summary  4 PPs: 4 requirements level  Graduation within SFRs or its operations  Graduation of assurance packages  Graduation within assurance refinements

Gereon Killian8. ICCC, Rome, September 2007 Slide 22 Project status  PP level high, enhanced and moderate in final review and under CC evaluation according to class APE certification planned by end of 2007  PP level low under development  Pilot product evaluation ongoing until Q  Methodology under development, finalisation with results of pilot product evaluation

Gereon Killian8. ICCC, Rome, September 2007 Slide 23 Contact Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) Godesberger Allee Bonn Tel: +49 (0) Fax: +49 (0)