1 / 13

CoE Meeting 16th October 2008, Madrid

Common Criteria Protection Profile for a Basic Set of Security Requirements for Online Voting Products. CoE Meeting 16th October 2008, Madrid. Project Formation. DFKI project funded by the BSI Duration Starting in January 2006 Certification in April 2008 Advisory Board:

derron
Download Presentation

CoE Meeting 16th October 2008, Madrid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Common Criteria Protection Profile fora Basic Set of Security Requirements for Online Voting Products CoE Meeting 16th October 2008, Madrid

  2. Project Formation • DFKI project funded by the BSI • Duration • Starting in January 2006 • Certification in April 2008 • Advisory Board: • Researchers: Koblenz, Gießen, Wien, … • Users: GI, Ministry of workers & social affairs, … • Companies: mainly Micromata and T-Systems • Others: CoE, e-Voting.cc, PTB, ASIT, BSI, … • Based on existing requirement documents: • CoE, PTB and GI catalogue CoE Meeting Madrid

  3. Motivation • Council of Europe Recommendations • Swiss, Austrian, German Election Regulations • Austrian Election Regulations • IEEE Voting Equipment Standards • Voting System Standards • Network Voting System Standards • PTB requirement catalogue • ….. • Goodstartingpoint but onlylistsofrequirements •  Problems: • Trust model is not defined • Evaluation method and depth is not made explicit •  No meaningful evaluation •  No comparable evaluation results CoE Meeting Madrid

  4. Solution: Common Criteria • International standard (ISO/IEC15408) for Information Technology Security Evaluation (CC) Australia, Canada, France, Germany, Japan, Republic of Korea, The Netherlands, New Zealand, Norway, Spain, United Kingdom, United States of America; Austria, Czech Republic, Denmark, Greece, Hungary, India, Israel, Italy, Republic of Singapore, Sweden, Turkey • Protection Profile = An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [TOE = target of evaluation] • CoE Recommendations made first steps CoE Meeting Madrid

  5. Basis Protection Profile • Not „one“ general Protection Profile for Online Voting • Because of different trust models and evaluation depths • Depending on the election in mind (societies vs. parliamentary) • Serves as basis which can be extended • Takes only the voting phase and the counting phase into account. CoE Meeting Madrid

  6. Protection Profile – Content Trust Model Evaluation Depth CoE Meeting Madrid

  7. Content - Threats • T.UnauthorisedVoter • T.Proof • T.IntegrityMessage • T.SecretMessage • T.AuthenticityServer • T.ArchivingIntegrity • T.ArchivingSecrecyOfVoting CoE Meeting Madrid

  8. Content - Assumptions • A.ElectionPreparation • A.Observation / A.AuthData/A.ElectionOfficers • A.VoteCastingDevice /ElectionServer / ServerRoom • A.Availability / DataStorage • A.AuthenticityServer / ProtectedCommunication • A.SystemTime / AuditTrailProtection • A.ArchivingSecrecyOfVoting • A.BufferBallot CoE Meeting Madrid

  9. Content - OSPs • P.Abort / OverhasteProtection / Correction / ACK • P.EndingElection • P.EndOfElection / StartTallying • P.SecrecyOfVotingElectionOfficer / IntegrityE.O./ IntermediateResult / AuthE.O. • P.OneVoterOneVote • P.Tallying • P.Failure • P.Audit CoE Meeting Madrid

  10. Protection Profile – Content Trust Model Evaluation Depth CoE Meeting Madrid

  11. Content – Evaluation Depth • CC EAL scale from 1 to 7 • Evaluation Assurance Level 2+ • ALC_CMC.3 (substituting ALC_CMC.2) • ALC_CMS.3 (substituting ALC_CMS.2) • ALC_DVS.1 • ALC_LCD.1  Assumed attacker potential: basic CoE Meeting Madrid

  12. Election Authorities • Does the trust model fits to your environment? • Does EAL 2+ provides enough trust in the evaluation • If not the PP can be extended by • Shifting assumptions to threats • Arising the EAL number • Demand the systems in use to be certified according to this Protection Profile or an extended version CoE Meeting Madrid

  13. Thank your for your attention ? Questions ? volkamer@cased.de http://www.bsi.bund.de/zertifiz/zert/reporte/pp0037b_engl.pdf

More Related