1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)

Slides:

Advertisements

Similar presentations

Computer Security Computer Security is defined as:

Advertisements

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

International Business and Technology Consultants AMS confidential & proprietary Identification Security Meeting The New Challenge Barry Goleman American.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

The Common Criteria for Information Technology Security Evaluation

JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.

Title Electronic Reading Systems Ltd. Tel CAMBRIDGESHIRE DIRECT SMART CARD PROJECT TRANSACTION PROCESSING SYSTEM Mike Villers.

CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.

FIT3105 Smart card based authentication and identity management Lecture 4.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Part 2: Computers used in Banking

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

12 th XBRL International Conference National Tax Agency JAPAN.

By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.

1 Security Policy Framework & CCSDS Common Criteria Use CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA

IT Terminology Quiz VSB 1002: Business Dynamics II Spring 2009.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 Common Criteria Discussions CCSDS Security Working Group Spring 2008 Meeting March 2008 Washington DC (Marriott Courtyard Crystal City, Virginia)

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Supplementary to Presentation on Kiosk Services ATM System Overview TrigMax Enterprise Solutions Mason Liu, Ph.D.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Background. History TCSEC Issues non-standard inflexible not scalable.

ECE Lecture 1 Security Services.

Faculty of Computer & Information Software Engineering Third year

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Lecture 7: Requirements Engineering

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Working with HIT Systems

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

The German eID and eIDAS

1 Information Security Planning Guide CCSDS Security WG Spring 2005 Athens, GR Howard Weiss NASA/JPL/SPARTA April 2005.

Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.

1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.

1 UNIT 19 Data Security 2 Lecturer: Ghadah Aldehim.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 - Essentials of Design an the Design Activities.

ATM monitoring Main advantages of ATM monitoring system Independence from the hardware platform System is currently functioning on: NCR Wincor-Nixdorf.

CONTACTLESS SMART CARD Betty Yu. What is contactless smart card? A contactless smart card is a contactless MHz credential whose dimensions are credit-card.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

ORNL is managed by UT-Battelle for the US Department of Energy Cyber Security Assessment of the SNS ICS Karen S. White 10/18/15.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Information Systems Design and Development Security Precautions Computing Science.

Introduction What would our society be like now if we did not have ATm’s? Not able to access money when we urgently want it. You will have to go to the.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

TECHNOLOGY FOR FINANCIAL INCLUSION

Common Criteria Discussions CCSDS Security Working Group Spring 2008 Meeting March 2008 Washington DC (Marriott Courtyard Crystal City, Virginia)

SECURITY FEATURES OF ATM

UNIT 19 Data Security 2.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Final Conference in Paris WP6 – Protection Profiles Specification

RFID Security System Problem Impact Approach Diagram

Data and Applications Security Developments and Directions

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

Presentation transcript:

1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)

2 Background ISO – Common Criteria for Information Technology Security Evaluation – International standard – Security requirements – Common evaluation methodology – Mutual evaluation recognition (25 countries) Protection Profiles – Designed as an “acquisition” document » Desired security services Security Targets – Designed as a vendor “technical delivery” specification » Documents the security services provided in a product with respect to a Protection Profile

3 Type of PPs Already Written Access control devices Boundary protection devices/systems (aka firewalls) Databases Detection devices/systems (IDS) ICs, Smart Cards, devices and systems Key Management systems Network and Network-related devices/systems Operating systems Other devices/systems (e.g., ATM, biometric, certificate issuing) Digital Signature products

4 Space PPs What would a space PP consist of? – Profiles of mission security requirements? » Formalization, in CC terms, of security requirements, by mission type, a la security architecture? – PPs for space ‘unique’ systems, e.g., » C&DH/command & control » Solid state recorders » Shared bus » Others?

5 Example – Cash Machine 1 This Protection Profile has been developed to specify the requirements in terms of functionalities and levels of assurance applicable to ACDs/ATMs. Many transactions can be carried out via an ACD/ATM. The target has therefore been deliberately restricted to matters connected with the use of a card, the identification of the cardholder (the confidentiality of the PIN, etc) and the dispensing of cash (the integrity of the interfaces with the server, etc). The target of evaluation comprises: a central processing unit (the “brain” which conditions or coordinates its overall operation), a cash dispenser (a hardware device for taking banknotes from cash cassettes and delivering them to the cardholder), a card reader (for smart cards and possibly stripe cards), an input device for the cardholder to use (subsequently termed the “keypad”). The Protection Profile relates mainly to interchanges between these various components, which are normally grouped together within a single hardware enclosure (see the diagram above), but any other architecture may be considered. 1 Bull, Dassault, Diebold, NCR, Siemens Nixdorf, Wang Global

6 Discussion Does this make sense? Should we attempt to do this? Will anyone use it – or even care about it? Do the National Space Agencies use the Common Criteria – or should they? – US requires FISMA (Federal Information Security Management Act) » NIST Federal Information Processing standards » No mention of CC evaluated products – What about everyone else?