30 October-1 November 2018 | Hilton Amsterdam

Presentations by Subject

Track Keynote: Why I Care About the Security of Your Car (A12a)

Traditionally verification in automotive was centered around safety, protection against unintentional problems. Now it is time to look at security, or how do we protect against intentional problems? We show...
Read More
Marc Witteman

Robustness Propagation Through Systems of Heterogeneous CC Components (A12b)

IoT systems become highly dynamic and configurable raising evaluation difficulties. They have multiple components with different robustness levels. Connect the components’ security functions during integration is essential. Our “Lego” methodology...
Read More
Mohamad Hajj

Common Criteria as Backbone of IoT Security Certification (A12c)

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of...
Read More
Georg Stütz

Live Demonstration of IoT Device Hacking + Presentation (P12d)

SPECIAL PRESENTATION A lack of product security requirements leads to easily hack-able products. This presentation will show live demonstrations of hacking of IoT devices, and review some common issues that...
Read More
Ken Munro
John Boggie
Day 2
31 Oct 2018

Scaling Common Criteria to the Next Level (A21a)

The need for independent security evaluation is present everywhere. New markets, like IoT, medical and automotive look to existing standards, but are not easily convinced that CC is the path...
Read More
Dirk-Jan Out

Connected Cars. Security Certification Schemes. (M21a)

Smart Cars can be defined as systems providing connected, added-value features in order to enhance car users’ experience or improve car safety & security. Basically the smart car architecture consists...
Read More
Jose Emilio Rico

Protection Profiles for Smart Home Appliances (M21b)

Two new Common Criteria Protection Profiles to model security functionality of home use IoT devices will be motivated and their contents presented. A modular approach is taken in terms of...
Read More
Arnold Abromeit

Multi Assurance Evaluations for Real Products (A21c)

We see more and more multi-component products and systems protecting different kinds of assets and requiring different levels of assurance (consumer devices, cars, sensor networks, etc.). Stakeholders demand suitable security...
Read More
Carolina Lavatelli
Georg Stütz
Day 3
01 Nov 2018

JEDS—A Community for the Evaluation and Certification of Embedded Devices (U30b)

JEDS, the JIWG Embedded Devices Subgroup, addresses the Common Criteria evaluation and certification of embedded devices. That includes e.g. payment terminals, tachograph vehicle units, smart meters, taxi meters, access control...
Read More
Jürgen Blum

Hardware-Enabled AI for Embedded Security: Towards the Highest CC Evaluation Assurance Levels (S31b)

As chips become more and more connected it is important to ensure sufficient protection levels. Security within chips is therefore a hot topic. Incident detection and reporting is one novel...
Read More
Ismail Guedira

Regulating IT Market with Common Criteria Certifications (M13a)

Even though Common Criteria Standard is the unique formal evaluation methodology for IT Security Evaluations, it’s also a strong tool to regulate the IT market mainly on procurements of governments....
Read More
Mehmet Cakir
Day 2
31 Oct 2018

TEE Certification: Managing Risk for Digital Services (A20c)

GlobalPlatform will present the use of Common Criteria to build a Trusted Execution Environment (TEE) security scheme. The speech will cover; Lessons learnt within the TEE ecosystem, The latest evaluation...
Read More
Gil Bernabeu

Multi Assurance Evaluations for Real Products (A21c)

We see more and more multi-component products and systems protecting different kinds of assets and requiring different levels of assurance (consumer devices, cars, sensor networks, etc.). Stakeholders demand suitable security...
Read More
Carolina Lavatelli
Georg Stütz

An Evaluation Methodology with Assurance Levels for Privacy-by-Design (M22a)

The rapid development of the Internet of Things is putting the quest for privacy on center stage. For example, the Dutch First Chamber blocked smart metering roll-out in 2009 due...
Read More
Quang-Huy Nguyen
Day 3
01 Nov 2018

JEDS—A Community for the Evaluation and Certification of Embedded Devices (U30b)

JEDS, the JIWG Embedded Devices Subgroup, addresses the Common Criteria evaluation and certification of embedded devices. That includes e.g. payment terminals, tachograph vehicle units, smart meters, taxi meters, access control...
Read More
Jürgen Blum

Quantum Key Distribution—A New Target for CC Evaluation (A31a)

Quantum Key Distribution (QKD) provides a solution to expand a short but pre-shared key to establish a sufficiently long key enjoying information theoretic security. The key can then be used...
Read More
Ye Teng
Jiajun Ma
Hongsong Shi
Wei Wei

Track Keynote: How Europe’s Cyber Security Act and CCRA Can Be Best Friends (U12a)

Currently Europe implements a Cyber Security Act (CSA) which amongst others sets up a European IT-Security certification framework. It is more than an educated guess that the first implementation of...
Read More
Matthias Intemann

EU Cybersecurity Act: The Tough Part Is Yet To Come! (M13c)

The regulation on the EU Cybersecurity Act is going to close soon and this is an important starting point to bring structure into markets in terms of security regulations. However,...
Read More
Martin Schaffer
Day 2
01 Nov 2018

Summary Panel Discussion: The EU Cybersecurity Act (P32a)

Synthesizing three days of information presented at this year’s ICCC, panelists from labs, regulators, schemes, and product developers will present a forward-looking discussion on anticipated affects of the EU Cybersecurity...
Read More
Ioannis Askoxylakis
Martin Schaffer
Thomas Ben
Chris Gow
Martin Chapman
Matthias Intemann

Evaluation of Distributed Products in the CC Paradigm (A13c)

Distributed products evaluated under the Common Criteria paradigm have their own set of unique challenges. The Network Device iTC has supported distributed TOEs since the release of Network Device Collaborative...
Read More
Richard West
Day 2
31 Oct 2018

CCDB Crypto Working Group Report (U22a)

The CCDB Crypto WG was installed by the CCDB in 2015 and has the task to harmonize the specification and evaluation of crypto mechanisms within certified products for international  recognition in...
Read More
Frank Grefrath
Mary Baish

SOG-IS Crypto WG: Objectives, Achievements and Perspectives (U22b)

The SOG-IS Cryptographic WG was established in 2014 by SOG-IS MC. The task is to develop a harmonised SOG-IS Crypto Evaluation Scheme (SCES). In the SCES, a cryptographic evaluation of...
Read More
Thomas Hesselmann

Cryptographic Module Users Forum (CMUF) Update (U22c)

The Cryptographic Module Users Forum (CMUF) and specifically CMUF Working Groups are actively involved with the CMVP and focused on improving and evolving the FIPS 140-2 validations to meet industry...
Read More
Matt Keller

Verification of Cryptographic Security Functionality in NIAP CCEVS (M23a)

NIAP-approved Protection Profiles specify assurance activities intended to verify cryptographic security functionality. This presentation will provide details of NIAP’s collaboration with TCs, iTCs, the CCDB Crypto Working Group, and the...
Read More
Dianne Hale

Ensuring Good Entropy Sources is Not a Random Act (M23b)

In the realm of government certification schemes, entropy sources are closely scrutinized via their design documents, quality justifications, and health-checks. Government security validation programs, such as FIPS 140-2 and Common...
Read More
Kelvin Desplanque
Rumman Mahmud
Day 3
01 Nov 2018

Quantum Key Distribution—A New Target for CC Evaluation (A31a)

Quantum Key Distribution (QKD) provides a solution to expand a short but pre-shared key to establish a sufficiently long key enjoying information theoretic security. The key can then be used...
Read More
Ye Teng
Jiajun Ma
Hongsong Shi
Wei Wei