Download presentation
Presentation is loading. Please wait.
Published byDouglas Park Modified over 9 years ago
1
Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 E-Mail: melanie_volkamer@gmx.de; Webpage: http://www.isl.uni-passau.de Common Criteria Protection Profile for a Basic Set of Security Requirements for Online Voting Products CoE Meeting 16th October 2008, Madrid
2
Project Formation DFKI project funded by the BSI Duration Starting in January 2006 Certification in April 2008 Advisory Board: Researchers: Koblenz, Gießen, Wien, … Users: GI, Ministry of workers & social affairs, … Companies: mainly Micromata and T-Systems Others: CoE, e-Voting.cc, PTB, ASIT, BSI, … Based on existing requirement documents: CoE, PTB and GI catalogue Oct16th 20082CoE Meeting Madrid
3
Motivation Oct16 th 20083CoE Meeting Madrid Council of Europe Recommendations Swiss, Austrian, German Election Regulations Austrian Election Regulations IEEE Voting Equipment Standards Voting System Standards Network Voting System Standards PTB requirement catalogue ….. Good starting point but only lists of requirements Problems: - Trust model is not defined - Evaluation method and depth is not made explicit No meaningful evaluation No comparable evaluation results
4
Solution: Common Criteria International standard (ISO/IEC15408) for Information Technology Security Evaluation (CC) Australia, Canada, France, Germany, Japan, Republic of Korea, The Netherlands, New Zealand, Norway, Spain, United Kingdom, United States of America; Austria, Czech Republic, Denmark, Greece, Hungary, India, Israel, Italy, Republic of Singapore, Sweden, Turkey Protection Profile = An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [TOE = target of evaluation] CoE Recommendations made first steps Oct16th 20084CoE Meeting Madrid
5
Basis Protection Profile Not „one“ general Protection Profile for Online Voting Because of different trust models and evaluation depths Depending on the election in mind (societies vs. parliamentary) Serves as basis which can be extended Takes only the voting phase and the counting phase into account. Oct16th 20085CoE Meeting Madrid
6
Protection Profile – Content Oct16th 20086CoE Meeting Madrid Trust Model Evaluation Depth
7
Content - Threats T.UnauthorisedVoter T.Proof T.IntegrityMessage T.SecretMessage T.AuthenticityServer T.ArchivingIntegrity T.ArchivingSecrecyOfVoting Oct16th 20087CoE Meeting Madrid
8
Content - Assumptions A.ElectionPreparation A.Observation / A.AuthData/A.ElectionOfficers A.VoteCastingDevice /ElectionServer / ServerRoom A.Availability / DataStorage A.AuthenticityServer / ProtectedCommunication A.SystemTime / AuditTrailProtection A.ArchivingSecrecyOfVoting A.BufferBallot Oct16th 20088CoE Meeting Madrid
9
Content - OSPs P.Abort / OverhasteProtection / Correction / ACK P.EndingElection P.EndOfElection / StartTallying P.SecrecyOfVotingElectionOfficer / IntegrityE.O./ IntermediateResult / AuthE.O. P.OneVoterOneVote P.Tallying P.Failure P.Audit Oct16th 20089CoE Meeting Madrid
10
Protection Profile – Content Oct16th 200810CoE Meeting Madrid Trust Model Evaluation Depth
11
Content – Evaluation Depth CC EAL scale from 1 to 7 Evaluation Assurance Level 2+ ALC_CMC.3 (substituting ALC_CMC.2) ALC_CMS.3 (substituting ALC_CMS.2) ALC_DVS.1 ALC_LCD.1 Assumed attacker potential: basic Oct16th 200811CoE Meeting Madrid
12
Election Authorities Does the trust model fits to your environment? Does EAL 2+ provides enough trust in the evaluation If not the PP can be extended by Shifting assumptions to threats Arising the EAL number Demand the systems in use to be certified according to this Protection Profile or an extended version Oct16th 200812CoE Meeting Madrid
13
Thank your for your attention ? Questions ? volkamer@cased.de http://www.bsi.bund.de/zertifiz/zert/reporte/p p0037b_engl.pdf
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.