Applied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.

Transcription

1 Applied IT Security Device Security Dr. Stephan Spitz

2 Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security Security Threats on Networks Firewalls and Intrusion Detection Systems Applied Cryptography Device Security Public Key Infrastructures Authentication Protocols Encryption and digital Signatures in topical Applications Smart Cards, Secure µprocessors and Crypto Libraries Security Certification The Future of IT Security

3 Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security Security Threats on Networks Firewalls and Intrusion Detection Systems Applied Cryptography Device Security Public Key Infrastructures Authentication Protocols Encryption and digital Signatures in topical Applications Smart Cards, Secure µprocessors and Crypto Libraries Today Security Certification The Future of IT Security

4 Backdoors are sometimes unpredictable

5 History of Security Evaluation Criteria Problem: Solution: It is not clear whether you can trust the security of a system, network, etc. Security evaluation criteria as objective yardstick for security The US Department of Defense first defined a set of Trusted Computer Evaluation Criteria (TCSEC) in a so called Orange Book in 1983 Several national criteria formed the Information Technology Security Evaluation Criteria (ITSEC) in Europe Currently, the world-wide Common Criteria for IT Security worked out by the ISO define the topical security evaluation standard

6 Security Evaluation Process Evaluation Instance TOE: Target of Evaluation Certification Instance The security is analysed by: independent, certified evaluators according certain criteria: CC ITSEC

7 ITSEC Aim of the Information Technology Security Evaluation Criteria : Compatible basis for certification by national certification bodies Mutual recognition of evaluation results ITSEC defines security as confidentiality, integrity and availability Correctness is measured in 7 hierarchically ordered evaluation levels (E0 E7) with an additional security mechanism strength (low, middle, high) e.g. E4 high Security functionality can be specified by predefined classes (F-XX like F-IN:Integrity of Data/Programs) or individual functionality claims e.g. AAA, object reuse, data exchange

8 Common Criteria The Common Criteria Structure consists of three parts : Introduction and General Model Security Functional Requirements Security Assurance Requirements Protection Profiles (PPs) define an implementation-independent, reusable set of security requirements for a category of TOEs (Target of Evaluation) e.g. smart cards, firewalls, access control Packages (Class-Family-Components) define reusable functional or assurance components e.g. FIA_AFL.1 (identi/auth_authfailures.failurehandling) Security Targets (STs) define a basic set of security requirements used as a basis for evaluation of an identified TOE

9 CC Evaluation Assurance Levels (EALs) Common Criteria defines the following EALs:

10 CC EAL Example EAL 4 + high Evaluation Assurance Level 4 i.e. here we have a methodically designed, tested and reviewed TOE + with additional components and security mechanisms on a high level, e.g. the used key length for cryptographic algorithms is not less than a certain amount of bytes

11 Check of Security Mechanisms with CC 1. Security mechanisms can be attacked, e.g. a PIN is guessed or brute force on a cryptographic algorithm. Counter measurement: Strength Of Function (SOF) analysis based on a potential attack quotation in CC 2. Security mechanisms can be circumvented, e.g. side channel attacks to find out a key (see previous newspaper report). Counter measurement: AVA analysis of weak points based on a potential attack quotation in CC

12 CC EAL4 CC EAL4 Evaluation Assurance Levels (EALs) can not be compared! Example: A G&D SECCOS Product with CC EAL5+ and Smart Card PP has a much higher level than a Green Hill OS/µKernel evaluated CC EAL6+ with Separation Kernel PP Banks/Credit schemes now this and have installed their own proprietary certfication process, which sometimes uses CC PPs as one element