1 / 19

Technical Guidance for CC Evaluation

Technical Guidance for CC Evaluation. Wolfgang Killmann T-Systems GEI GmbH. Goal of the Talk. The CC community anticipates publishing technical rationale material and guidance documents to support the application of CC and CEM.

june
Download Presentation

Technical Guidance for CC Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH

  2. Goal of the Talk • The CC community anticipates publishing technical rationale material and guidance documents to support the application of CC and CEM. • This talk concerns the need, types and examples of technical guidance for evaluation. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 2

  3. Technical Guidance for EvaluationGoal of TGE • Technical guidance for evaluation (TGE) • are developed for products, which use specific technology and security techniques, • supports the application of CC to specific security techniques • aims at high quality and comparability of evaluation results 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 3

  4. Technical Guidance for EvaluationIntended audience • Evaluators • use it as guidance to perform “state of the art” evaluation • no substitute but “stadia rod” for expertise • Overseer • ensures comparability of evaluation results between products, labs, schemes • Developers • are interested in understanding how their products will be evaluated 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 4

  5. Technical Guidance for Evaluation Relation to other Documents • TGE does not extend, replace or modify any requirements of CC part 3 or CEM.It advices technically how to perform work units. • TGE may be accepted as Scheme document or CC supporting document. • TGE supplements other scheme documents e.g. for the form of evaluation evidence in ETR. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 5

  6. Technical Guidance for Evaluation Types of Technical Guidance for Evaluation • TGE for specific security mechanisms e.g. • Random number generators TGE for types of security techniques e.g. • Cryptographic modules • Smart cards and similar devices TGE for assurance requirements e.g. • Software development tools and techniques 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 6

  7. Example TGE Random Number GenerationContent • TGE of random number generators • explains the mathematical background • defines an extended security functional component FCS_RNG.1 • describes pre-defined RNG classes based on security capabilities and quality metrics • states the expected developer evidence • guides the evaluator to perform specific RNG aspects of selected CEM work units. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 7

  8. Example TGE Random Number GenerationSecurity Capabilities and Analysis • How to evaluate • power-up online test of the digitized noise signal • estimation of entropy provided for seeding • DRG.3 as cryptographic post-processing 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 8

  9. Example TGE Random Number GenerationTesting General Design of physical RNG Entropy source Noise source Noise signal Only digital sequences can be analysed by statistical tests for entropy Digiti- sation Digitised noise signal Dependencies in the internal sequence  standard tests are not applicable Post- processing Internal random sequence Entropy of the generated random numbers used e.g for keys Output 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 9

  10. Example ETG Random Number GenerationTesting: Method A Method A (digital noise signal is testable) General Design of physical RNG Entropy source: memoryless Noise source Noise signal Statistical test suite B for independence and Shannon entropy Digiti- sation Digitised noise signal Post-processing must not reduce the entropy in the average of time Post- processing Internal random sequence Statistical estimation of the entropy in the generated random numbers Output 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 10

  11. Example TGE Random Number GenerationTesting: Method C Method C (digitized noise signals is not testable) C.1 The developer shall provide a comprehensible and plausible description of a mathematical model of the physical noise source and the statistical properties of the digitised noise signal sequence derived from it. C.2 The developer shall perform specific statistical tests and document the results to estimate the entropy of the digitized noise signal sequences. C.3 The test results shall show that the internal number sequences pass the statistical test suite B under the environmental conditions insofar as these can influence the function of the noise source and may be affected by an attacker with the attack potential identified in the security target. C.4 The developer shall provide a rationale that the tests in C.3 are suitable taking into account the mathematical post-processing and the statistical properties of the noise signal sequence derived from the mathematical model of the noise source General Design of physical RNG Noise source Noise signal Digiti- sation Digitised noise signal Post- processing Internal random sequence Output 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 11

  12. Example TGE Cryptographic ModulesOverview • PPs for cryptographic modules of different security levels are developed • TGE for Cryptographic modules (CM) • explains cryptographic techniques addressed in the PPs • describes the application of CC evaluation methodology to cryptographic modules • gives support to the evaluators • aims at comparability of evaluation results 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 12

  13. Example TGE Cryptographic ModulesSurvey of Topics • Some topics explained in the TGE • appropriate usage of Endorsed cryptographic algorithms and protocols • cryptographic key management • physical protection of keys • testing the implementation of cryptographic algorithms and protocols • vulnerability assessment of CM (without cryptanalysis of endorsed cryptographic algorithms and protocols) 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 13

  14. Example TGE Cryptographic ModulesCryptographic Key Management (examples only!) • FPT_PHP.3, FCS_CKM.4 • FCS_CKM.1, FCS_CKM.2,FTP_ITC.1 • FDP_ACC.1, FDP_ACF.1,FMT_MSA.x • … • stored in protected area • internally generated or imported by key components • usage controlled by Crypto officer, security attributes • … Root key • FDP_ACC.1, FDP_ACF.1,FCS_COP.1 • ADV_ARC.1 • FPT_FLS.1 • … • only used for key management operation • separation of key domains • erased in case of error • … Key encr. key • FDP_ACC.1, FDP_ACF.1,FCS_COP.1 • FDP_IFF.2, FDP_IFC.1, FPT_EMSEC.1 • … • protects all data encrypted with this key • side channel attacksagainst keys(timing, power, emanation) • … Data encr. key • side channel attacksagainst confidential data(timing, power, emanation) • … • FDP_IFF.2, FDP_IFC.1, FPT_EMSEC.1 • … Encrypted data 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 14

  15. Example TGE Cryptographic ModulesSide channels • TGE explains specific aspects of the evaluator work units e.g. vulnerability analysis: side channel attacks • ADV_ARC.1-2: domain separation for keys, (red) plaintext and (black) ciphertext • ADV_TDS.3: description of countermeasures • AVA_VAN.4-6: penetration tests for CM • timing analysis (e.g. Bleichenbacher attack on SSL server) • power analysis (e.g. for smart cards and multi-chip devices) • emanation analysis (passive and active) 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 15

  16. Example Smart Card and similar DevicesSupporting Documents • Supporting documents for smart cards and similar devices are currently updated for the application of CC / CEM version 3.1. • The JIL Hardware-related Attacks Subgroup (JHAS) updated the international agreed document for attack potential quotation related to smart cards and similar devices. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 16

  17. Example Smart Card and similar DevicesHow to analyse • These documents should be supplemented by a document on vulnerability assessments methodology • how to find vulnerabilities and to perform penetration test (not only how to assess the results) • requires evaluation labs to use state of the art methods of the analysis • helps to ensure comparability of results based on commonly accepted methods 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 17

  18. Conclusion • Technical guidance for evaluation support evaluation of products using specific security techniques aims at soundness and comparability of evaluation results. • Technical guidance documents were developed and approved by practical experience. • They shall be updated and adapted to progress in security technique and developments of the CC and CEM. 8. ICCC Technical Guidance for Evaluation Wolfgang Killmann, T-Systems GEI GmbH 20.09.2006, page 18

  19. Contact information Wolfgang Killmann T-Systems GEI GmbH Rabinstrasse 8 D-53111 Bonn wolfgang.killmann@t-systems.com

More Related