PROTECTION PROFILE DEVELOPMENT



Similar documents
EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Common Criteria for Information Technology Security Evaluation. Part 2: Security functional components. September Version 3.

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

Common Criteria for Information Technology Security Evaluation. Part 2: Security functional requirements. August Version 2.

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP Version 1.0

Mobile Billing System Security Target

COMMON CRITERIA PROTECTION PROFILE. for NEW GENERATION CASH REGISTER FISCAL APPLICATON SOFTWARE (NGCRFAS PP) TSE-CCCS/PP-002

CardOS V4.4 CNS. Edition 04/2010. Security Target CardOS V4.4 CNS with Application for QES

Protection Profile Secure Signature-Creation Device Type 3

Certification Report

LINQUS USIM 128K Smartcard

Protection Profile for UK Dual-Interface Authentication Card

Samsung SCX-5637FR/SCX-5639FR Control Software V

Firewall Protection Profile

LEGIC advant Series. LEGIC card-in-card AFS4096-JP12 V1.2. Security Target Lite. Common Critera ISO EAL4+

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

LUNA PCI CONFIGURED FOR USE IN LUNA SA 4.1 WITH BACKUP SECURITY TARGET

EMC Corporation Data Domain Operating System Version Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

JMCS Northern Light Video Conferencing System Security Target

MIFARE DESFire EV1 MF3ICD81

Common Criteria for Information Technology Security Evaluation

EXTOL epassport Suite v2.5 Security Target v2.0. ECSB/MyCC/JL/002 Common Criteria EAL1 Certification

Criteria Requirements of Mobile Payment Application

Extended Package for Mobile Device Management Agents

ΙΒΜ SECURITY TARGET LITE. NXP P521G072V0P (JCOP 21 v2.3.1) Secure Smart Card Controller. Version 1.0

Security Target. NetIQ Access Manager 4.0. Document Version August 7, Security Target: NetIQ Access Manager 4.0

CERTIFICATION REPORT

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

Red Hat Enterprise Linux Version 5.6 Security Target for CAPP Compliance on DELL 11 th Generation PowerEdge Servers

How To Manage Security In A Network Security System (Tsi)

Voice-over-IP Risk Analysis.

collaborative Protection Profile for Network Devices

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP Version 1.01 (15 th April 2010)

LogLogic v4.6.1 Open Log Management Platform Security Target. Release Date: 30 June 2009 Version: 2.0

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Protection Profile for Server Virtualization

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Dell Networking Switches Security Target. Version 1.0 January 22, 2015

BSI-PP for. Protection Profile Secure Signature-Creation Device Type 1, Version developed by

Security Target. ST Version 1.1. August 26, 2014

CERTIFICATION REPORT

BSI-PP for. Smart Card Security User Group Smart Card Protection Profile (SCSUG-SCPP) Version 3.0. developed by

Protection Profile for Mobile Device Management

HP StoreOnce Backup System Generation 3 Version Security Target

CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target

utimaco SafeGuard Enterprise - Device Encryption

Low Assurance Protection Profile for a VPN gateway

Common Criteria Security Target For 1E Power and Patch Management Pack

Trademarks. Legal Notice. Revision History

C038 Certification Report

How To Protect Your Computer From Being Hacked

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

McAfee Web Gateway Version EAL 2 + ALC_FLR.2 Security Target

GuardianEdge Data Protection Framework with GuardianEdge Hard Disk Encryption and GuardianEdge Removable Storage Encryption 3.0.

Trademarks. Legal Notice. Revision History

Cisco Security Appliance. Security Target. Version 1.0. October 2014

Security Requirements for Mobile Operating Systems

Standard Protection Profile for Enterprise Security Management Access Control

Protection Profile for Network Devices

U.S. Government Protection Profile for Database Management Systems

Protection Profile for Full Disk Encryption

Security Target for Cisco Remote Access VPN

McAfee Web Gateway Version EAL 2 + ALC_FLR.2 Security Target

Windows Mobile 6.5 Security Target

Joint Interpretation Library. Security Evaluation and Certification of Digital Tachographs

3e Technologies International 3e-636 Series Network Security Device. Security Target

Common Criteria Evaluation for a Trusted Entrust/PKI

Firewall Protection Profile V

Security Requirements for Network Devices

Trust Technology Assessment Program. Validation Report

Cisco Catalyst Switches (3560-X and 3750-X) Security Target

How To Test A Toe For Security

Huawei BSC6900 Multimode Base Station Controller Software Security Target

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)

Xceedium GateKeeper Version Security Target

Security Target. Astaro Security Gateway V8 Packet Filter Version Assurance Level EAL4+ Common Criteria v3.1

Protection Profile for Voice Over IP (VoIP) Applications

Microsoft Windows Common Criteria Evaluation

Cisco Unified Communications Manager

3eTI Technologies International 3e-525/523 Series Wireless Network Access Points. Security Target

Marimba Client and Server Management from BMC Software Release 6.0.3

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

Network Intrusion Prevention System Protection Profile V1.1

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

FOR EAL2 AUGMENTED WITH ALC_FLR.1. Version: 1.2 November 20, 2013

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Protection Profile for the Gateway of a Smart Metering System (Smart Meter Gateway PP)

Transcription:

PROTECTION PROFILE DEVELOPMENT FOR CARD ACCEPTANCE DEVICE (CAD) WITH BIOMETRIC Norahana Salimin norahana@cybersecurity.my ICCC 2013 Sept 10-12 Orlando

Content PPWG Background Challenge Lesson Learn Sneak Peak on the Tech Part.. Current Progress & Way Forward Q&A 2

PPWG4 Background Definition: Protection Profile Working Group Four (4) PPWGs established: 1. Data Protection 2. Network Devices 3. Application 4. Smart Card and its related device Initiative under Thrust 3: Cyber Security Technology Framework of the National Cyber Security Policy (NCSP) 3

PPWG Governance Structure 4

PPWG Governance Structure PPWG members should have the knowledge and experience in ICT technologies, policy or decision making. MySEF: CSM MySEF & BAE Daetica Academician: Multimedia University, University Putra Malaysia Gov. Agencies: National Registration Department of Malaysia (JPN) 5

PPWG4 Objectives Procurement guideline on minimum requirement Product development reference Security enhancement on of Malaysian information infrastructure Increased assurance in the ICT product implemented security features 6

Challenge Lacking of Common Criteria knowledge to user & vendor. Transforming requirements into PP language and content Keep up with latest technology, but not forgetting the practicality Harmonizing the security function to meet capability of vendor and user requirement 7

Lesson Learn Combine Functional and Security Requirements in PP. Functional requirements to be put in OSP/Security Objective for Operational environment. Essential Security Requirements (ESR) need to be mapped to PP content. Inexperience member could not get the bigger picture. Timeline must be clear. 8

Lesson Learn Way forward of PP implementation must be clear to avoid unused PP Chairperson must be clear of the objective The potential organization must be clear that they will be the potential user of the PP (at least) 9

Sneak Peak on the Tech Part PP security features will compliment: Malaysian Standard (MS) 2287: Interface Device for Malaysia Multipurpose Smart Card that defines the functionality of CAD Electrical, Mechanical/Physical, Communication Protocol Malaysian Standard (MS) 1960: Multipurpose Smart Card 10

TOE Smart card reader with Biometric function Most of the counter in JPN/banking sector using CAD with Biometric function for user verification with their fingerprint JPN s procurement requirement for CAD inclusive of Biometric function Make sense to integrate Card Reader and Biometric in a PP 11

PP Scope Smart card reader or card acceptance device (CAD) Contact or Contactless chip Able to read smart card issued by JPN, such as MyKad, MyPR and MyKAS. Whether to generalize the smart card inclusive of bank card is still in discussion. Smart card can run multi applications such as national ID and health application. 12

PP Scope Smart card reader or card acceptance device (CAD) Standalone (with network interface) or nonstand alone (without network interface) (Still in debate whether to choose stand alone or non-stand alone) 13

PP Scope Biometric Verification process only Gets the biometric reference associated with this identity from the smart card and captures the biometric characteristic of the user Compare Biometric Live Record (BLR) and extracted characteristic of user from smart card If within the threshold, successful verification 14

CAD Major Security Functions User identification, authentication, and authorization Enforcement of the encryption of communication Firmware update Access to one or more slots for smart cards 15

Biometric Major Security Functions Spoofing detection Residual Information Protection (Biometric miniature, data) 16

SFRs Class FCS :Cryptographic Support FCS_CKM.1 FCS_CKM.4 FCS_COP.1 Class FDP : User data protection FDP_ACC.1 FDP_ACF.1 FDP_IFC.1 (not confirm) FDP_IFF.1 (not confirm) FDP_RIP.1 17

SFRs Class FMT :Security Management FMT_SMF.1 FMT_SMR.1 Class FPT :Protection of the TSF (not confirmed) FPT_FLS FPT_PHP FPT_TST 18

SFRs Class FTP :Trusted path/channels (FTP) FTP_ITC.1 For Biometric, no SFRs have been discussed yet 19

Current Progress & Way Forward. Drafting PP Sorting SFRs (lots of good argument) Finalizing SFRs (more good argument) Expected to finalizing PP on December 2013 20

Q & A 21

22