Presentation is loading. Please wait.

Presentation is loading. Please wait.

======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH.

Published byOswald Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH."— Presentation transcript:

1 ======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH

2 ======!"§==Systems= Goal of the Talk The CC community anticipates publishing technical rationale material and guidance documents to support the application of CC and CEM. This talk concerns the need, types and examples of technical guidance for evaluation. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 2

3 ======!"§==Systems= Technical Guidance for Evaluation Goal of TGE Technical guidance for evaluation (TGE)  are developed for products, which use specific technology and security techniques,  supports the application of CC to specific security techniques  aims at high quality and comparability of evaluation results 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 3

4 ======!"§==Systems= Technical Guidance for Evaluation Intended audience Evaluators  use it as guidance to perform “state of the art” evaluation  no substitute but “stadia rod” for expertise Overseer  ensures comparability of evaluation results between products, labs, schemes Developers  are interested in understanding how their products will be evaluated 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 4

5 ======!"§==Systems= Technical Guidance for Evaluation Relation to other Documents TGE does not extend, replace or modify any requirements of CC part 3 or CEM. It advices technically how to perform work units. TGE may be accepted as Scheme document or CC supporting document. TGE supplements other scheme documents e.g. for the form of evaluation evidence in ETR. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 5

6 ======!"§==Systems= Technical Guidance for Evaluation Types of Technical Guidance for Evaluation TGE for specific security mechanisms e.g.  Random number generators TGE for types of security techniques e.g.  Cryptographic modules  Smart cards and similar devices TGE for assurance requirements e.g.  Software development tools and techniques 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 6

7 ======!"§==Systems= Example TGE Random Number Generation Content TGE of random number generators  explains the mathematical background  defines an extended security functional component FCS_RNG.1  describes pre-defined RNG classes based on security capabilities and quality metrics  states the expected developer evidence  guides the evaluator to perform specific RNG aspects of selected CEM work units. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 7

8 ======!"§==Systems= Example TGE Random Number Generation Security Capabilities and Analysis How to evaluate  power-up online test of the digitized noise signal  estimation of entropy provided for seeding  DRG.3 as cryptographic post-processing 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 8

9 ======!"§==Systems= Example TGE Random Number Generation Testing Noise source Digiti- sation Post- processing Output Noise signal Digitised noise signal Internal random sequence General Design of physical RNG Entropy of the generated random numbers used e.g for keys Only digital sequences can be analysed by statistical tests for entropy Dependencies in the internal sequence  standard tests are not applicable Entropy source 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 9

10 ======!"§==Systems= Example ETG Random Number Generation Testing: Method A Noise source Digiti- sation Post- processing Output Noise signal Digitised noise signal Internal random sequence General Design of physical RNG Statistical estimation of the entropy in the generated random numbers Statistical test suite B for independence and Shannon entropy Entropy source: memoryless Post-processing must not reduce the entropy in the average of time Method A (digital noise signal is testable) 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 10

11 ======!"§==Systems= Example TGE Random Number Generation Testing: Method C Method C (digitized noise signals is not testable) C.1 The developer shall provide a comprehensible and plausible description of a mathematical model of the physical noise source and the statistical properties of the digitised noise signal sequence derived from it. C.2 The developer shall perform specific statistical tests and document the results to estimate the entropy of the digitized noise signal sequences. C.3 The test results shall show that the internal number sequences pass the statistical test suite B under the environmental conditions insofar as these can influence the function of the noise source and may be affected by an attacker with the attack potential identified in the security target. C.4 The developer shall provide a rationale that the tests in C.3 are suitable taking into account the mathematical post-processing and the statistical properties of the noise signal sequence derived from the mathematical model of the noise source Noise source Digiti- sation Post- processing Output Noise signal Digitised noise signal Internal random sequence General Design of physical RNG 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 11

12 ======!"§==Systems= Example TGE Cryptographic Modules Overview PPs for cryptographic modules of different security levels are developed TGE for Cryptographic modules (CM)  explains cryptographic techniques addressed in the PPs  describes the application of CC evaluation methodology to cryptographic modules  gives support to the evaluators  aims at comparability of evaluation results 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 12

13 ======!"§==Systems= Example TGE Cryptographic Modules Survey of Topics Some topics explained in the TGE  appropriate usage of Endorsed cryptographic algorithms and protocols  cryptographic key management  physical protection of keys  testing the implementation of cryptographic algorithms and protocols  vulnerability assessment of CM (without cryptanalysis of endorsed cryptographic algorithms and protocols) 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 13

14 ======!"§==Systems= Example TGE Cryptographic Modules Cryptographic Key Management (examples only!) Root key Data encr. key Key encr. key Encrypted data stored in protected area internally generated or imported by key components usage controlled by Crypto officer, security attributes … only used for key management operation separation of key domains erased in case of error … protects all data encrypted with this key side channel attacks against keys (timing, power, emanation) … FPT_PHP.3, FCS_CKM.4 FCS_CKM.1, FCS_CKM.2, FTP_ITC.1 FDP_ACC.1, FDP_ACF.1, FMT_MSA.x … FDP_ACC.1, FDP_ACF.1, FCS_COP.1 ADV_ARC.1 FPT_FLS.1 … FDP_ACC.1, FDP_ACF.1, FCS_COP.1 FDP_IFF.2, FDP_IFC.1, FPT_EMSEC.1 … side channel attacks against confidential data (timing, power, emanation) … FDP_IFF.2, FDP_IFC.1, FPT_EMSEC.1 … 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 14

15 ======!"§==Systems= Example TGE Cryptographic Modules Side channels TGE explains specific aspects of the evaluator work units e.g. vulnerability analysis: side channel attacks  ADV_ARC.1-2: domain separation for keys, (red) plaintext and (black) ciphertext  ADV_TDS.3: description of countermeasures  AVA_VAN.4-6: penetration tests for CM -timing analysis (e.g. Bleichenbacher attack on SSL server) -power analysis (e.g. for smart cards and multi-chip devices) -emanation analysis (passive and active) 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 15

16 ======!"§==Systems= Example Smart Card and similar Devices Supporting Documents Supporting documents for smart cards and similar devices are currently updated for the application of CC / CEM version 3.1. The JIL Hardware-related Attacks Subgroup (JHAS) updated the international agreed document for attack potential quotation related to smart cards and similar devices. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 16

17 ======!"§==Systems= Example Smart Card and similar Devices How to analyse These documents should be supplemented by a document on vulnerability assessments methodology  how to find vulnerabilities and to perform penetration test (not only how to assess the results)  requires evaluation labs to use state of the art methods of the analysis  helps to ensure comparability of results based on commonly accepted methods 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 17

18 ======!"§==Systems= Conclusion Technical guidance for evaluation support evaluation of products using specific security techniques aims at soundness and comparability of evaluation results. Technical guidance documents were developed and approved by practical experience. They shall be updated and adapted to progress in security technique and developments of the CC and CEM. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 18

19 ======!"§==Systems= Contact information Wolfgang Killmann T-Systems GEI GmbH Rabinstrasse 8 D-53111 Bonn wolfgang.killmann@t-systems.com

Download ppt "======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH."

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
© Crown Copyright (2000) Module 3.1 Evaluation Process.

© Crown Copyright (2000) Module 3.1 Evaluation Process.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications Werner Schindler 1, Wolfgang Killmann 2 2 T-Systems.

Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications Werner Schindler 1, Wolfgang Killmann 2 2 T-Systems.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
1 Common Criteria Vulnerability Analysis of Cryptographic Security Mechanisms Quang Trinh/ James Arnold 26 September 2007.

1 Common Criteria Vulnerability Analysis of Cryptographic Security Mechanisms Quang Trinh/ James Arnold 26 September 2007.
Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.

Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
Auditing Computer Systems

Auditing Computer Systems
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Graduated CC Protection Profiles for Cryptographic Modules Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security)

Graduated CC Protection Profiles for Cryptographic Modules Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security)
Chapter 9 Training for Organizations The Training Proposal: Putting Plans Into Writing.

Chapter 9 Training for Organizations The Training Proposal: Putting Plans Into Writing.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.

POS/ATM Protection Profile for a Common European Banking Industry Approval Scheme Common Approval Scheme POI Working Group SRC Security Research & Consulting.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google