Presentation is loading. Please wait.

Presentation is loading. Please wait.

Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 Webpage:

Published byDouglas Park Modified over 9 years ago

Similar presentations

Presentation on theme: "Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 Webpage:"— Presentation transcript:

1 Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 E-Mail: melanie_volkamer@gmx.de; Webpage: http://www.isl.uni-passau.de Common Criteria Protection Profile for a Basic Set of Security Requirements for Online Voting Products CoE Meeting 16th October 2008, Madrid

2 Project Formation DFKI project funded by the BSI Duration Starting in January 2006 Certification in April 2008 Advisory Board: Researchers: Koblenz, Gießen, Wien, … Users: GI, Ministry of workers & social affairs, … Companies: mainly Micromata and T-Systems Others: CoE, e-Voting.cc, PTB, ASIT, BSI, … Based on existing requirement documents: CoE, PTB and GI catalogue Oct16th 20082CoE Meeting Madrid

3 Motivation Oct16 th 20083CoE Meeting Madrid Council of Europe Recommendations Swiss, Austrian, German Election Regulations Austrian Election Regulations IEEE Voting Equipment Standards Voting System Standards Network Voting System Standards PTB requirement catalogue ….. Good starting point but only lists of requirements  Problems: - Trust model is not defined - Evaluation method and depth is not made explicit  No meaningful evaluation  No comparable evaluation results

4 Solution: Common Criteria International standard (ISO/IEC15408) for Information Technology Security Evaluation (CC) Australia, Canada, France, Germany, Japan, Republic of Korea, The Netherlands, New Zealand, Norway, Spain, United Kingdom, United States of America; Austria, Czech Republic, Denmark, Greece, Hungary, India, Israel, Italy, Republic of Singapore, Sweden, Turkey Protection Profile = An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [TOE = target of evaluation] CoE Recommendations made first steps Oct16th 20084CoE Meeting Madrid

5 Basis Protection Profile Not „one“ general Protection Profile for Online Voting Because of different trust models and evaluation depths Depending on the election in mind (societies vs. parliamentary) Serves as basis which can be extended Takes only the voting phase and the counting phase into account. Oct16th 20085CoE Meeting Madrid

6 Protection Profile – Content Oct16th 20086CoE Meeting Madrid Trust Model Evaluation Depth

7 Content - Threats T.UnauthorisedVoter T.Proof T.IntegrityMessage T.SecretMessage T.AuthenticityServer T.ArchivingIntegrity T.ArchivingSecrecyOfVoting Oct16th 20087CoE Meeting Madrid

8 Content - Assumptions A.ElectionPreparation A.Observation / A.AuthData/A.ElectionOfficers A.VoteCastingDevice /ElectionServer / ServerRoom A.Availability / DataStorage A.AuthenticityServer / ProtectedCommunication A.SystemTime / AuditTrailProtection A.ArchivingSecrecyOfVoting A.BufferBallot Oct16th 20088CoE Meeting Madrid

9 Content - OSPs P.Abort / OverhasteProtection / Correction / ACK P.EndingElection P.EndOfElection / StartTallying P.SecrecyOfVotingElectionOfficer / IntegrityE.O./ IntermediateResult / AuthE.O. P.OneVoterOneVote P.Tallying P.Failure P.Audit Oct16th 20089CoE Meeting Madrid

10 Protection Profile – Content Oct16th 200810CoE Meeting Madrid Trust Model Evaluation Depth

11 Content – Evaluation Depth CC EAL scale from 1 to 7 Evaluation Assurance Level 2+ ALC_CMC.3 (substituting ALC_CMC.2) ALC_CMS.3 (substituting ALC_CMS.2) ALC_DVS.1 ALC_LCD.1  Assumed attacker potential: basic Oct16th 200811CoE Meeting Madrid

12 Election Authorities Does the trust model fits to your environment? Does EAL 2+ provides enough trust in the evaluation If not the PP can be extended by Shifting assumptions to threats Arising the EAL number Demand the systems in use to be certified according to this Protection Profile or an extended version Oct16th 200812CoE Meeting Madrid

13 Thank your for your attention ? Questions ? volkamer@cased.de http://www.bsi.bund.de/zertifiz/zert/reporte/p p0037b_engl.pdf

Download ppt "Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 Webpage:"

Similar presentations

The Public Finance and Empoyment Database of the OECD Dirk Kraan National Accounts Working Party Paris 1 December 2010.

The Public Finance and Empoyment Database of the OECD Dirk Kraan National Accounts Working Party Paris 1 December 2010.
Programme: 145 sessions & social events

Programme: 145 sessions & social events
United Kingdom New Zealand United Kingdom New Zealand Iceland.

United Kingdom New Zealand United Kingdom New Zealand Iceland.
“…by 2014, about 34% of all new business software purchases will be consumed via SaaS…” - IDC, June 2010* Used by Over 50% of the Fortune 500 58% CIOs.

“…by 2014, about 34% of all new business software purchases will be consumed via SaaS…” - IDC, June 2010* Used by Over 50% of the Fortune % CIOs.
© The Treasury Setting the Scene: A fiscal and public sector management perspective on the justice sector in New Zealand.

© The Treasury Setting the Scene: A fiscal and public sector management perspective on the justice sector in New Zealand.
Reversing Offshore Economics and Improving Financial Regulation: Curtailing Illicit Financial Flows Petr Janský Economist and Consultant Charles University.

Reversing Offshore Economics and Improving Financial Regulation: Curtailing Illicit Financial Flows Petr Janský Economist and Consultant Charles University.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.

German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.
Chapter 1 The Pay Model.

Chapter 1 The Pay Model.
What is the degree of your global awareness?

What is the degree of your global awareness?
by the way we 1.Introduction: Cultural Norms and Values - Stereotyping American culture Chinese culture.

by the way we 1.Introduction: Cultural Norms and Values - Stereotyping American culture Chinese culture.
Welcome to CERN Research Technology Training Collaborating.

Welcome to CERN Research Technology Training Collaborating.
Hello to UMD from Cirrus. Brief History of Cirrus Cirrus founded in 1984 Began development of the VK-30 in 1988 Began development of ST50 in 1992 1996.

Hello to UMD from Cirrus. Brief History of Cirrus Cirrus founded in 1984 Began development of the VK-30 in 1988 Began development of ST50 in
© Lloyd’s Regional Watch Content Guide CLICK ANY BOX AMERICAS IMEA EUROPE ASIA PACIFIC.

© Lloyd’s Regional Watch Content Guide CLICK ANY BOX AMERICAS IMEA EUROPE ASIA PACIFIC.
Page 1 Recording of this session via any media type is strictly prohibited. ACA Impact on Workers’ Compensation.

Page 1 Recording of this session via any media type is strictly prohibited. ACA Impact on Workers’ Compensation.
COST 356 EST - Towards the definition of a measurable environmentally sustainable transport CONTACTS Dr Robert Joumard, chairman, INRETS, tel +33 472 14.

COST 356 EST - Towards the definition of a measurable environmentally sustainable transport CONTACTS Dr Robert Joumard, chairman, INRETS, tel
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?

1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
Solution Cloud services and Windows 7 * Pricing may vary by region.

Solution Cloud services and Windows 7 * Pricing may vary by region.
A Global Approach for Ex-Products – IECEx UNECE WP.6 Geneva 19.-21. June 2006 Proposal for a new activity: “International legal requirements for explosion.

A Global Approach for Ex-Products – IECEx UNECE WP.6 Geneva June 2006 Proposal for a new activity: “International legal requirements for explosion.
The Human Factors Components of a Safety Management System: The US Perspective Dr. William B. Johnson Chief Scientific & Technical Advisor for Human Factors.

The Human Factors Components of a Safety Management System: The US Perspective Dr. William B. Johnson Chief Scientific & Technical Advisor for Human Factors.

Similar presentations

Ads by Google