Professional Documents
Culture Documents
Nobuhiro TAGASHIRA
Canon Inc.
P. 0
Contents
1. Background 2. The Common Criteria Evaluation vs The Cryptographic Module Validation 1. Proposal 1 (Developers Explanation) 2. Proposal 2 (new framework) 3. Conclusion
P. 1
Background in Japan
* JISEC : Japan Information Technology Security Evaluation and Certification Scheme * JCMVP : Japan Cryptographic Module Validation Program
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 2
Activities in Canon
Common Criteria (CC) Evaluation :
CCEVS-VR-04-0063 from CCEVS (US Scheme) C0010/C0012/C0020/C0027/C0032/C0036/ C0050 from JISEC
P. 3
P. 4
P. 5
CC Evaluation vs CM Validation
The CC Evaluation and CM Validation are different in
Abstractness Focus of tests
[B2-04][B2-05]
But these are the same in the point of the view of Third Party Validation Scheme in the IT security world. In some cases, the CM validation is very effective in the cryptographic functionality of the CC Evaluation.
[B2-04] Nithya Rachamadugu, FIPS-US Cryptographic Testing Standard, ICCC 2005 [B2-05] Axel Boness, A FIPS 140-2 evaluation could authorize CC-like tests, ICCC 2005
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 6
Question!
Have the CC Evaluation and CM validation produced a synergistic effect?
Answer
NO
P. 7
Countermeasures
CNTM1. A developer has to explain the validity of the CC Evaluation and CM Validation to an end user in the ST. CNTM2. The CC Specifications has to define the new framework for using the CM Validation.
P. 8
P. 9
ST introduction Conformance claims Security problem definition Security objectives Extended components definition Security requirements TOE summary specification
In the description of the physical scope of the TOE, describe the physical scope of the CM, and a relationship between the TOE and the CM. In the description of the logical scope of the TOE, describe the logical scope of the CM, and a relationship between the TOE and the CM. If the CM has some modes of the operation (e.g. CMVP mode), describe the usages of the modes of the operation of the CM in the logical description.
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 10
Conformance claims Security problem definition Security objectives Extended components definition
ST introduction Conformance claims Security problem definition Security objectives Extended components definition Security requirements TOE summary specification
P. 11
Refinement operations are required. Security objectives e.g. From The TSF shall Extended components definition to The TSF (CM) shall . Security requirements TOE summary specification If the ST selects some components from FCS/FPT classes, the developer has to do Refinement operations of the requirement that the CM enforces. FCS_COP : Cryptographic services FCS_CKM : Cryptographic key management FPT_TST : Self-tests FPT_PHP : Physical security (if the CM is validated at the level 3 or 4)
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 12
If the CSPs in CM are user data of the TOE, Security objectives the developer may have to do Extended components definition Refinement operations of Security requirements TOE summary specification some components in FDP classes. If the CSPs in CM are TSF data, the developer may have to do Refinement operations of some components in FMT classes. If the CM is validated at the level 1 or higher, especially level 3 or 4, the developer may have to do Refinement operations of some components in FIA classes.
P. 13
ST introduction Conformance claims Security problem definition Security objectives Extended components definition Security requirements TOE summary specification
P. 14
ST introduction Conformance claims Security problem definition Security objectives Extended components definition Security requirements TOE summary specification
P. 15
P. 16
There are NO big impact on Composition rationale (ACO_COR), Development evidence (ACO_DEV), Reliance of dependent component (ACO_REL), And Composed TOE testing (ACO_CTT).
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 17
P. 18
P. 19
Conclusion
This paper shows
the problem between the CC Evaluation and the CM Validation. the proposal for the developer, and CC schemes.
This paper is also useful, during the acquisition of the some CC/CM validated products.
Future work
We have to examine a proposal 2 in detail in the viewpoint of feasibility. FIPS 140-3 is planned. We have to examine between the CC Evaluation and the new CM Validation.
Copyright (C) 2007, Canon Inc. All rights reserved.
P. 20
Thank you
Nobuhiro TAGASHIRA tagashira.nobuhiro@canon.co.jp Canon Inc.
P. 21