You say to-mah-to, I say to-mae-to: why isn - PowerPoint PPT Presentation

About This Presentation
Title:

You say to-mah-to, I say to-mae-to: why isn

Description:

Title: PowerPoint Presentation Last modified by: Apostol Vassilev Created Date: 1/1/1601 12:00:00 AM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:161
Avg rating:3.0/5.0
Slides: 26
Provided by: atsecinfo
Category:
Tags: fisma | isn | mae | mah

less

Transcript and Presenter's Notes

Title: You say to-mah-to, I say to-mae-to: why isn


1
You say to-mah-to, I say to-mae-to why isnt
there a single solution to Information Security
Assurance?
  • Apostol Vassilev
  • atsec information security
  • NetIDSys, Inc.

2
The problem of information security assurance
  • There are plethora of secure software and
    hardware products, often designed to meet similar
    customer information security needs
  • How can we say which ones are better/more secure?
  • Can the consumers decide for themselves?
  • Can we leave it up to the market forces to weed
    out the bad products and indentify the best
    solutions?

3
Outline
  • Introduce a couple of major information security
    assurance standards
  • Common Criteria
  • Federal Information Processing Standard (FIPS)
  • Current Trends
  • Conclusions

4
The CC standard for IT security evaluation
5
Formalization of assurance and certification
Certification definition according to the German
Law DIN 45020
  • E.g. by the BSI (Germany) or NIAP (USA) and
    licensed and accredited evaluation labs
  • which shows, that there is reasonable confidence
    in the correct implementation and effectiveness
    of IT security
  • of the specified IT product
  • Measure
  • by impartial third party,
  • that shows there is reasonable confidence,
  • that a correctly identified product, process or
    service
  • is in accordance with a specified standard or
    another normative document.

6
The path to CC
7
Participating Nations and Agencies
  • Germany, Bundesamt für Sicherheit in der
    Informationstechnik BSI.
  • France, Direction Centrale de la Sécurité des
    Systèmes dInformation DCSSI.
  • UK, Communications-Electronics Security Group
    CESG.
  • Netherlands, Netherlands National Communications
    Security Agency NLNCSA.
  • Canada, Communication Security Establishment
    CSE.
  • USA, National Security Agency NSA und National
    Institute of Standards and Technology NIST.
  • Australia and new Zealand, The Defence Signals
    Directorate bzw. the Government Communications
    Security Bureau
  • Japan, Information Technology Promotion Agency
  • Spain, Ministerio de Adminitraciones Publicas und
    Centro Cryptologico Nacional

8
Objectives of the CC standard
  • Common criteria for products and systems
  • based on the existing criteria of the U.S. and
    Europe
  • ISO standardization
  • an international basis for developers
  • Comparability of security evaluation results
  • international mutual recognition of certificates
  • Improved availability of high-quality security
    technology

9
International Recognition of CC
10
CC Evaluation Approach
  • Axiomatic, resembles a math theorem proof
  • Security Problem Definition
  • Target of Evaluation (TOE) the product
  • Threats, assumptions, security policies
  • Security Objectives for the TOE and its
    operational environment
  • Assurance claims
  • Typically stated as Evaluation Assurance Levels
    (EAL)
  • EAL1 to EAL7
  • Proof

11
Certification procedure
12
Evaluation labs
  • atsec information security leader in OS
    evaluation
  • Atos Origin GmbH
  • CSC Deutschland Solutions GmbH
  • Datenschutz nord GmbH
  • Deutsches Forschungszentrum für künstliche
    Intelligenz GmbH
  • Industrieanlagen-Betriebsgesellschaft (IABG) mbH
  • Media transfer AG
  • Secunet SWISSiT AG
  • SRC Security Research Consulting GmbH
  • Tele Consulting GmbH
  • TNO-ITSEF BV
  • T-Systems GEI GmbH
  • TÜV Informationstechnik GmbH
  • WTD 81
  • BSI

13
Responsibility of the Evaluator (DIN 17025)
technically competent
technically independent
impartial
neutral
14
Shortcomings of the CC standard
  • Does not evaluate the cryptography in security
    products
  • no crypt analysis
  • Does not take into account Risk
  • Assumptions are assumed to hold absolutely
  • Tends to be expensive/time consuming

15
FIPS An Overview
  • FIPS are a series of U.S. Federal Information
    Processing Standards.
  • FIPS are mandatory to US Federal agencies, e.g.,
    DoD, NSA, NIST.
  • They are not mandatory to individual states, but
    are often used by them.
  • They are often adopted by non-government agencies
    or large corporations

FIPS 140-2 The Standard
16
FIPS 140-2
  • FIPS 140-2 was published in 2001.
  • Change notes were added in 2002.
  • FIPS 140-2 has recently been reviewed and FIPS
    140-3 is currently under development.
  • Mandatory for federal agencies

FIPS 140-2 The Standard
17
What is a Cryptographic Module?
  • Can be
  • Hardware
  • Software
  • Firmware
  • Hybrid
  • Performing certain security functionality
  • With specific logical/physical boundaries

Cryptographic Module Basics
18
FIPS 140-2 Functional Areas
  • FIPS 140-2 is divided into 11 functional areas.
  • Each area is awarded a Security Level between 1
    and 4 depending on the requirements that it
    meets.
  • The module as a whole is awarded an Overall
    Security Level, which is the lowest level
    awarded in any of the levels.

FIPS 140-2 The Standard
19
FIPS 140-2 Functional Areas
  • Cryptographic Module Specification
  • Roles, Services, and Authentication
  • Finite State Model
  • Operational Environment
  • Cryptographic Key Management
  • Self Tests
  • Design Assurance
  • Mitigation of Other Attacks

FIPS 140-2 The Standard
20
What is the FISP Validation Program?
  • Cryptographic Module Validation Program
  • (CMVP)
  • A joint program between
  • The U.S. NIST (National Institute for Standards
    and Technology)
  • The C.S.E. (Communications Security
    Establishment) of the Government of Canada

Explaining the CMVP
21
The Validation Process
Explaining the CMVP
22
Cryptographic Algorithm Validation(integral part
of module validation)
  • Algorithms used in Approved mode must be
    FIPS-Validated.
  • This means that they are Implemented correctly.
  • 50 of newly-tested algorithm fail!
  • They are published on a list given at
  • http//csrc.nist.gov/cryptval/vallists.htm.

23
Shortcomings of FIPS 140-2
  • Not as tightly specified as CC
  • A lot of room for interpretation
  • hence repeatability of evaluation results is not
    guaranteed.
  • Limited to USA and Canada

24
Current trends
  • Combinations of the two major standards
  • Many federal agencies in the USA require certain
    products to be both CC and FIPS 140-2 certified
  • Ensures all security aspects are thoroughly
    looked at
  • May incur substantial cost

25
Conclusions
  • Information security assurance is needed to
    provide the consumer with guarantees for the
    technology they acquire
  • Two major standards exists (CC and FIPS 140-2)
  • Different strengths and weaknesses
  • Generally complimentary to each other
  • Increasingly used together in situations that
    require high assurance
Write a Comment
User Comments (0)
About PowerShow.com