Presentation is loading. Please wait.

Presentation is loading. Please wait.

BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.

Similar presentations


Presentation on theme: "BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security."— Presentation transcript:

1 BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security ICCC September 2007 Frank Grefrath

2 Frank Grefrath September 2007 Slide 2 Agenda  BSI-activities in PP-certification  Introduction of the PP “Digitales Wahlstift-System, V. 1.0.1“  Introduction of the BSI-PP/ST-Guide

3 Frank Grefrath September 2007 Slide 3 Recently certified PPs in BSI-CC-Scheme  BSI-PP-0031-2007: “Protection Profile Digitales Wahlstift- System, V. 1.0.1“  The PP defines the minimum requirements for IT-security of systems for technical assistance in elections on the basis of a digital election pen  BSI-PP-0034-2007: “Mobile Synchronisation Services Protection Profile, V. 1.1”  The purpose of such a system is to provide secure remote access of mobile users (e.g. using a PDA) to e-mail or PIM (personal information management) services located in a company’s intranet

4 Frank Grefrath September 2007 Slide 4 Recently certified PPs in BSI-scheme  BSI-PP-0035-2007: „Security IC Platform Protection Profile” (Update of BSI-PP-0002-2001)  The defined TOE is a smartcard integrated circuit which is composed of a processing unit, security components, I/O ports (contact-based and/or contactless) and volatile and non-volatile memories (hardware)  Different PPs for the German electronic health systems are currently under evaluation

5 Frank Grefrath September 2007 Slide 5 Protection Profile for a digital election system System Overview  A digital election system which is compliant to the PP serves for electronic assistance in complex elections  The voter makes his votes with a digital pen on a special kind of paper  The camera of the pen records his votes and then the data is transferred to a PC  There the data is analysed, the votes are counted automatically and a protection against manipulation of the election result is generated

6 Frank Grefrath September 2007 Slide 6 Protection Profile for a digital election system Motivation / Benefit  Voting takes place in a familiar way for the voter making crosses with a pen on paper  Vote counting can be carried out much faster and easier  Typical failures in manual counting can be avoided  In cases of doubt the electronic election result can be controlled by manually counting the paper ballots  Complex elections can be conducted without great manpower requirements

7 Frank Grefrath September 2007 Slide 7 Protection Profile for a digital election system Main IT-Security Features  Recording the votes on the paper ballots with the pen  Transferring the election data to a PC via USB  Storing the data on the PC without being traceable to the voter  Analysing the votes and dividing them into valid, doubtable and invalid votes  Judging of the doubtable votes by the scrutineers  Automatic calculation of the election result  Generation and display of a proof of origin  Logging of security relevant events

8 Frank Grefrath September 2007 Slide 8 Protection Profile for a digital election system Physical Boundaries of the TOE  Hardware: Digital election pens and docking stations  Firmware: Firmware of the digital election pen  Recording the marks on the paper  Software: TOE application software for  Controlling the pens  Storing of the election data during the election  Judging and counting the votes  Generating a proof of origin  Logging security relevant events

9 Frank Grefrath September 2007 Slide 9 Protection Profile for a digital election system TOE Security Environment  The PP contains assumptions covering the following aspects:  Usage assumptions resulting from the German election law  Trustworthy and carefully working administrators and scrutineers  Correctly and securely configured PC platform  The TOE counters the following threats:  Disclosure of election data and protocol data  Disturbance and manipulation of the technical procedures  Unrealised manipulation of the election pen and the election result  Successful tracing between election data and voter

10 Frank Grefrath September 2007 Slide 10 Protection Profile for a digital election system General Regulations  Validity: Valid until June 30 th, 2008  CC Assurance level: EAL 3  Combined evaluation:  EAL3-CC-certification by the BSI  Approval by the Physikalisch Technische Bundesanstalt according to the German election law with source code analysis and emission measurement

11 Frank Grefrath September 2007 Slide 11 BSI PP/ST-Guide Introduction  CC, Version 3.1  Intended audience for the guide:  PP/ST-readers, with less or without CC-knowledge  PP/ST-writers  Evaluators, certifiers

12 Frank Grefrath September 2007 Slide 12 BSI PP/ST-Guide Structure of the guide  What is the purpose of PPs/STs? Which role does a PP play when purchasing a product?  Reading PPs/STs  Writing of PPs in two different methods  Stove-piping method  Explanation method  Writing of STs

13 Frank Grefrath September 2007 Slide 13 BSI PP/ST-Guide Stove-Piping-Method  Procedure:  Determine which SFRs for the TOE and which security objectives for the operational environment are desired  Create a single security objective for the TOE for each SFR  Create an OSP for each security objective for the TOE  Create an assumption for each security objective for the operational environment  Write the remaining chapters (PP introduction and conformance claims)

14 Frank Grefrath September 2007 Slide 14 BSI PP/ST-Guide Stove-Piping-Method  Advantages:  Simple and fast method to write a PP  The PP almost automatically meets many of the requirements of the APE-class  Disadvantages:  The question why the TOE implements the description of the PP is not answered  The PP merely states on three different levels (TOE security environment, security objectives, SFRs) “This is what the TOE does.”

15 Frank Grefrath September 2007 Slide 15 BSI PP/ST-Guide Explanation Method - Overview  Focus is lying on deriving the various items in a PP, rather than simply stating them.  Procedure (part 1):  Write the conformance claims  Analyse the OSPs  Analyse the threats  Derive the security objectives for the TOE and the operational environment including the security objectives rationale

16 Frank Grefrath September 2007 Slide 16 BSI PP/ST-Guide Explanation Method - Overview  Procedure (part 2):  Derive the SFRs including the Security Requirements Rationale  Define the SARs and explain why you have chosen them  Write the PP introduction

17 Frank Grefrath September 2007 Slide 17 BSI PP/ST-Guide Explanation Method - Analysing the SPD  Analysing the OSPs  Laws, rules, practices or guidelines  Analysing the threats  Question for definition: What happens when I don't have a TOE?  What are the assets to be protected?  What are the adverse actions?  Who are the threat agents?  Assumptions will not be defined

18 Frank Grefrath September 2007 Slide 18 BSI PP/ST-Guide Explanation Method - Deriving the objectives  Deriving the security objectives for the TOE and the operational environment  Purpose:  Providing a high-level, natural language solution of the problem  Building a bridge between the threats and OSPs on one side, and the SFRs on the other side  Three questions:  Where will the TOE be placed and can it be physically attacked there?  What is the purpose of the TOE?  How is the TOE managed?

19 Frank Grefrath September 2007 Slide 19 BSI PP/ST-Guide Explanation Method - Deriving the SFRs  Deriving the SFRs  Not yet worked out, but will be added in the next version  Considered approach:  Short introducing statement to CC Part 2  Different examples for each functional class  Possibly more detailed explanations to certain aspects like the definition of access control policies, information flow policies or an I&A policy

20 Frank Grefrath September 2007 Slide 20 BSI PP/ST-Guide Publication  The Guide is currently developed by the BSI in a project  Upon completion the Guide will be published on the BSI homepage: http://www.bsi.de

21 Frank Grefrath September 2007 Slide 21 Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) / Federal Office for Information Security Godesberger Allee 185-189 53175 Bonn Frank Grefrath Tel: +49 (0)228-9582-5838 Fax: +49 (0)228-9582-5477 Frank.Grefrath@bsi.bund.de


Download ppt "BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security."

Similar presentations


Ads by Google