|
|||||||||
|
| You are here: CESG > Policy and Technologies > BWG > Management Summaries > | ||||||||||||
|
Biometric System Security Evaluation and Certification - MS09
When implementing Information Technology solutions, the question is often raised: 'How secure is this technology?' One answer is to use Evaluated and Certified IT products. This paper will give an overview what is meant be the terms Evaluation, Certification, Scheme, IT-Security, and some of the issues surrounding evaluation and certification of biometric systems. Introduction The aim of this summary is to briefly describe the process and roles, and to explain the benefits of security Evaluation and Certification to the various parties involved in the process. These are: - User - Wants to reduce, contain and manage the risks associated with employing an IT system and to know about any remaining residual risks.Brief History of Security Evaluation and Certification An evaluation is the process that confirms the specified security properties of an IT-System. Security evaluations are usually carried out by commercial evaluation facilities which are known as Clefs in the UK (other terminology is used elsewhere). The specified security properties reflect the possible security risks/attacks that must be countered by the IT-System. To achieve a common specification and understanding of the security properties to be achieved, a common language is needed to define them, based on the so called IT-Security Criteria. These criteria have a long history in regard to IT-Systems. One of the first was known as the ‘Orange Book’ which was developed by the US National Security Agency in 1983. The Orange Book addresses the security requirements of Databases and Multi-User Operating Systems. The Orange Book linked functionality with assurance so that, to achieve higher assurance (confidence) levels, increased demands on both security functionality and assurance were made, In 1991 the European ITSEC criteria were introduced by the UK, France, The Netherlands and Germany. ITSEC used a somewhat different approach to that in the Orange Book that allowed more scope in the security functionality covered, and separated the functionality from the assurance requirements. Thus, under ITSEC, it was possible to have a limited set of security functions evaluated to a high level of assurance. To facilitate the mutual acceptance of ITSEC evaluations performed in the various European countries, a common evaluation methodology was introduced in 1993, called the ITSEM. The Methodology describes how the security features have to be evaluated. Common Criteria Evaluation and Certification In 1998 the US and European Criteria were developed into the Common Criteria (CC) to become the internationally accepted IT security criteria. Participating nations were the UK, the US, Canada, the Netherlands, France and Germany. With the exception of the Netherlands, the founding countries have established National Schemes for Common Criteria Evaluation and Certification. CC evaluation defines 7 Evaluation Assurance Levels (EAL 1-7) in ascending order of rigour. In a similar way to ITSEC, a CC Common Evaluation Methodology (CEM) has been developed that supports consistent evaluation standards among participating evaluations facilities and nations. This has facilitated the achievement an international Mutual Recognition Agreement (MRA) among participating nations, covering EAL 1-4. However those nations have been reluctant to agree to the MRA operating at higher assurance levels though there is currently a working party looking at extending it to EAL 5. The Scheme documentation describes the accreditation process for evaluation facilities to become CC CLEFs and what information has to be provided in an evaluation report. The National Certification Authorities certify that evaluations conducted in their country satisfy the CC quality criteria and methodology. Benefits of CC Certification For government (and other) users, the main benefit and motivation for the CC Certification Scheme is to promote the supply of evaluated products that can be used to protect information and information systems used by government and by critical national infrastructure organisations. Because the information infrastructure is so pervasive across national boundaries, the benefits are increased if internationally agreed evaluation criteria and methodologies are used and mutual recognition of certificates is accepted For the developers and vendors of security products and systems, the main benefit of international evaluation standards and mutually recognised certificates is in the provision of expanded market opportunities for their products. For further information on Common Criteria see www.commoncriteriaportal.org. Biometrics and CC Certification Common Criteria and the CEM are aimed at generic standards for security evaluations, They are thus deemed to be suitable for biometric products and systems as much as other systems, However the historic development path for CC has led to a formulation that is rooted in the world of operating system security and traditional access control mechanisms. The testing and evaluation of Biometric systems embodies some novel concepts and existing CC documentation provided little guidance to developers, evaluators and certifiers on the specification of appropriate security functionality or assurance requirements, and special considerations for evaluation methodology issues. Recognition of these difficulties led to members of the BWG proposing the formation in 2001 of an international group comprising biometric and CC specialists with the aim of providing advice that addressed these special issues. The group was named the Biometric Evaluation Methodology (BEM) Working Group. Many of its members are also BWG members but the BEM WG has a wider and more specialised participation. In August 2002, the first released version of the 'Biometric Evaluation Methodology - BEM' was published and is available on the CESG web-site www.cesg.gov.uk. Under BWG auspices, CESG has written a draft Biometric Device Protection Profile (BDPP) for use with CC evaluations, A Protection Profile is a standard security specification for a class of security products, It contains an inventory of security functions and assurance requirements determined by experts in the field to be a useful standard for a security evaluation. A set of products that have been evaluated and certified against the same Protection Profile can be broadly regarded as having the same security features (to be more strictly correct to conform at least to the set of standards defined in the Protection Profile) The US DoD, through the DoD Biometric Management Office (BMO) is also developing a set of Biometric Protection Profiles to meet DoD security requirements for 3 levels of “robustness” - Basic, Medium and High. Are any biometric products CC Certified already? At the time of writing, 3 biometric products are in or have been through the Common Criteria evaluation process. One has a certificate – A fingerprint device from the Canadian company BioScrypt to EAL 2 assurance level. 2 iris recognition systems are believed to be in process of evaluation, in Australia (EAL 2) and Germany (EAL 3). The BioScyrpt evaluation pioneered the way and did not have the benefit of the BEM or a Protection Profile. In fact the methodology developed by the Canadian evaluators and certifiers specifically for the BioScrypt evaluation provided a valuable starting point for the development of the BEM (see previous section). The German evaluation is using the BEM and the Security Target (specification) for the evaluation is based on the draft UK BWG Protection Profile. Conclusions Using Common Criteria/BEM certified biometric products alongside other certified IT Products offers the prospect of trustworthy biometric products and systems. In the future, users will be able to achieve balanced and consistent security standards for applications that involving both biometric and non-biometric components. For further information see: Common Criteria: www.commoncriteriaportal.org Biometric Evaluation Methodology (BEM) (pdf) and UK draft Biometric Protection Profile (pdf): US DoD draft Biometric Protection Profile: www.defenselink.mil/c3i/biometrics/0_docs/bpp/bpp_medium_dod-federal_02mar02.doc Back to Management Summary Index The UK Biometric Working Group, managed by CESG, supports the UK government and provides advice and information about the implementation and use of biometric authentication systems. For further details telephone +44 (0) 1242 221491 extension 34124 |
|||||||||||
 |
|||
|