Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effective banking products CC evaluations. 8 th I.C.C.C. Rome, September 26th, 2007. CHIOCCA Martine Banking products Security Risk Manager.

Published byCharla Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "Effective banking products CC evaluations. 8 th I.C.C.C. Rome, September 26th, 2007. CHIOCCA Martine Banking products Security Risk Manager."— Presentation transcript:

1 Effective banking products CC evaluations. 8 th I.C.C.C. Rome, September 26th, 2007. CHIOCCA Martine Banking products Security Risk Manager

2 Gemalto Public Context of efficient CC evaluations  French Banking products required security evaluation since 1995 and annual certificate survey:  1995-2000: ITSEC xxxxx,  2000-now : CC EAL 4 + (VLA.4,..)  Scope of the evaluation : all payment applications on the card:  National & International EMV Payment  Legacy Payment  National purse Monéo  Protection profiles :  PP/9911 (payment) & PP/0101(purse)  New European CAS Security Target

3 Gemalto Public Security Target Certificate Survey FOURNITURES Certificat EAL4+ Smart Card S/W developer IC manufacturer Sponsor or Observer Preparation DCSSI CESTI Evaluation & Certification processes Evaluation Technical Report (ETR)

4 Gemalto Public Gemalto evaluation strategy  Capitalize working with the same evaluation laboratory for each banking products’ type : native, java, contactless,…  Advantages:  Parallelize as much as possible product design & evaluation  Capitalize on laboratory’s knowledge of the product  Better chance to get productive lab’s feedback  Reusability of assurance deliverables  Quicker and less expensive security evaluation

5 11 End Eval.. Development and Evaluation processes Development Process Emulator Testing. DevelopmentSpecification Card Testing Analysis Imp., Code. Devpt.Method. & Environment Target & Devpt. specifications Card Testing & VLA Evaluation Process 2 to 3 months Generic process Card roming

6 Gemalto Public Synchronizes design and evaluation  First step of evaluation : ASE, ADV deliveries,to reach the source code review  An card emulator and associated tools are given to the laboratory  Goal => get as much comments before Roming  Second step : others deliveries ACM, ADO, ATE,  During roming most deliveries are updated  Last step: AVA deliveries and penetration testing  Duration : 2-3 months after the deliveries of the first cards  Cards characteritics : –With & without “coating” to gain time in preparation –With known & unknown data

7 Gemalto Public Security : Ever moving target  What do we learn from the evaluations:  All code review gave feedback taken into account before roming.  Most penetration tests reveals us investigation tracks that could be enhanced in future products to make those tracks even less accessible  Certification is a GOOD…. starting point……  Annual survey : required by French baking organizations  Each year the same laboratory re-assesses the product resistance  Second evaluation derivates from exiting certified product => 50% less on Cost and Duration.

8 Gemalto Public SmartCard Security : Still keep ahead  ONLY WAY TO IMPLEMENT EFFICIENT SECURITY MECHANISMS => Internal Gemalto laboratory:  Equivalent technical level as external ITSEF  State of the Art at attacks techniques  More 10 experts investigating in S/W and H/W attacks  New security mechanisms efficiency.  Privately evaluated to assess robustness  Internally and externally evaluated

9 Gemalto Public Conclusion of our CC evaluation experiences  Effective CC evaluations  Operational way of practicing CC evaluation  Efficient CC evaluations  All CC evaluated products gets certified at once.  All our banking customers are confident in the security level of the products.  Our experience in security proved our products do resist over time.

10 The end… Questions ? Contact : martine.chiocca@gemalto.commartine.chiocca@gemalto.com Tel : 33(1) 01 55 01 59 25

11 11 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 2007 Effective smartcard evaluations process - Jean- Pierre KRIMM Effective Smartcard Evaluations Process Jean-Pierre KRIMM Technical Manager of CESTI-LETI jean-pierre.krimm@cea.fr 2007 8 th ICCC, Rome, September 26 th, 2007.

12 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 12 Effective smartcard evaluations process - Jean-Pierre KRIMM Context Smartcard evaluations In the French Scheme of Certification Using a composition scheme with CC v2 Based on the experience of a developer (Gemalto) and an evaluator (CESTI-LETI) The goal wishes is To reduce time and cost of an evaluation Keeping the same efficiency as usually This part presents the evaluator point of view

13 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 13 Effective smartcard evaluations process - Jean-Pierre KRIMM Presentation Outline Smartcard evaluations General presentation of the composition scheme Description of the standard evaluation tasks sequencing How to save time: 4 recipes Adaptation of the standard tasks sequencing The entire source code is provided An IC emulator is kept available The scheme is deeply involved in the evaluation Conclusion

14 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 14 Effective smartcard evaluations process - Jean-Pierre KRIMM Smartcard Evaluation Process A typical smartcard architecture (closed) The composition scheme First, the IC is evaluated and certified Then, the whole product is evaluated, using the results of the IC evaluation These steps are not necessary performed by the same lab. Integrated Circuit (IC) Applications OS

15 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 15 Effective smartcard evaluations process - Jean-Pierre KRIMM Standard evaluation tasks sequencing The path in red is the critical one In practice Conformity tasks are performed first for acquiring the knowledge of the TOE, i.e. ADV, ACM, ALC, ADO, AGD Efficiency ones are performed in last, i.e. AVA Some of them shall be performed on the TOE suitable for testing i.e. ATE_IND, AVA_VLA, ADO_IGS, ACM_CAP, AVA_MSU

16 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 16 Effective smartcard evaluations process - Jean-Pierre KRIMM How to save time in the evaluation Identifying vulnerabilities or anomalies earlier to correct them as soon as possible Penetration testing will be divided in two sub-sets A standard made of state of the art’s attacks related to a well known application A specific which refines the standard one, and adds new ones strongly dependent to the implementation and the IC vulnerabilities To achieve this goal, 4 recipes: 1. Adaptation of the standard tasks sequencing: a code review and standard attacks will be performed in advance 2. The entire source code is provided 3. An IC emulator is kept available 4. The scheme is deeply involved in the evaluation

17 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 17 Effective smartcard evaluations process - Jean-Pierre KRIMM 1 - Adaptation of the standard tasks sequencing Context reminded: applications are well known French banking applications: legacy, EMV, e-purse Some evaluation tasks can be performed in advance A partial code review can be performed on its finale version. => a first feedback on the quality of the implementation can be provided to the developer The standard sub-set of attacks can be performed in advance, in each banking application, as soon as samples are available => a first feedback on the resistance of the product can be provided to the developer this leads to identify common vulnerabilities earlier and thus allows corrections earlier The standard evaluation tasks sequencing will be completed, performing the complete code analysis (ADV_IMP) and the specific sub-set of attacks

18 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 18 Effective smartcard evaluations process - Jean-Pierre KRIMM 2- The entire source code is provided The entire application source code is provided To the lab. premises Including cryptographic implementations Including the generated assembler Benefits The evaluator has the source code always available Guarantee the independence of the evaluator Both levels of language are necessary for attacks, i.e. the high level to identify a vulnerability, and the low level for its exploitation

19 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 19 Effective smartcard evaluations process - Jean-Pierre KRIMM 3 - An IC emulator is kept available An IC emulator is kept available In the case the evaluator needs it Helpful to understand both H/W and S/W behaviors, To save time simulating the feasibility of attacks Due to the composition scheme The IC is usually not well known by the lab. Some H/W countermeasures are not fully explained The IC is seen as a “grey box”

20 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 20 Effective smartcard evaluations process - Jean-Pierre KRIMM 4 - The scheme is deeply involved in the evaluation The French Scheme is deeply involved in each evaluation Benefits It allows an earlier detection of evaluation anomalies, which are taken into consideration when they appear It allows to find a solution quickly when a problem occurs It guarantees the level of the evaluation in real time, for a specific way to work

21 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 21 Effective smartcard evaluations process - Jean-Pierre KRIMM Conclusion It is possible to improve an evaluation process in terms of time (and cost) for a well-known specific domain, i.e. smartcard experience driven, for both developer and evaluator through a specific scheme without a specific interpretation of the CEM keeping the same level of evaluation

22 © CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite sans l’autorisation écrite préalable du CEA All rights reserved. Any reproduction in whole or in part on any medium or use of the information contained herein is prohibited without the prior written consent of CEA 22 Effective smartcard evaluations process - Jean-Pierre KRIMM Thank you for your attention Contact : jean-pierre.krimm@cea.frjean-pierre.krimm@cea.fr Tel: +33 (0)4 38 78 49 13

Download ppt "Effective banking products CC evaluations. 8 th I.C.C.C. Rome, September 26th, 2007. CHIOCCA Martine Banking products Security Risk Manager."

Similar presentations

A Systems Approach To Training

A Systems Approach To Training
Quality assurance Kari Kuulasmaa 1 st EHES Training Seminar, 11-12 February 2010, Rome.

Quality assurance Kari Kuulasmaa 1 st EHES Training Seminar, February 2010, Rome.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
© CEA 2006. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite.

© CEA Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite.
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Practical experience of CC3.1 applied on smartcard hardware Wouter Slegers + 31 15 269 2500

Practical experience of CC3.1 applied on smartcard hardware Wouter Slegers
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
The 7 Year Itch - Time To Commit Or Time To Move On? Shaun Lee Security Evaluations Manager, Global Product Security.

The 7 Year Itch - Time To Commit Or Time To Move On? Shaun Lee Security Evaluations Manager, Global Product Security.
Ch 3: Unified Process CSCI 4320: Software Engineering.

Ch 3: Unified Process CSCI 4320: Software Engineering.
Software Process Models

Software Process Models
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
ITIL: Service Transition

ITIL: Service Transition
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.

POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.
© CEA 2007. Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite.

© CEA Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est interdite.
1 CS 501 Spring 2003 CS 501: Software Engineering Lecture 2 Software Processes.

1 CS 501 Spring 2003 CS 501: Software Engineering Lecture 2 Software Processes.
CS 501: Software Engineering

CS 501: Software Engineering

Similar presentations

Ads by Google