CC 2022 in Action: Securing Cryptographic Protocols and Their Implementations (A13c)
The new Common Criterial brings in several upgrades over its predecessor especially in the evaluation methodology with a new part introduced as ISO/IEC 15408-4 titled “Framework for the specification of evaluation methods and activities”. The standards domain is yet to see an extended implementation of this new CC style evaluation framework except for the ISO/IEC 29128 parts 2 and 3 which from its inception had been extending this framework to the verification of cryptographic protocols and their implementation in hardware in the parts 2 and 3 respectively.
This talk will show how the ISO/IEC 29128 parts 2 and 3 proposes to implement the evaluation methodology by clearly defining the evaluation methods and activities for cryptographic protocols with flexibility in manual or automated intermediate steps depending upon the evaluation criteria. With precise evaluation criteria directly extending from the CC Part 4 such as identifier, entity responsible, dependencies, tool types, evaluator requirements and competences, reporting needs, rationale, etc. the proposal of ISO/IEC 29128 parts 2 and 3 showcases a clear and precise extension of the CC Part 4 framework with direct mapping as well as showing the efficiency of such methodology in the cryptography standardization domain.
The updates on the advancements in the ISO/IEC 29128 parts 2 and 3 shall also be reported in this talk from the last ISO Conference held in Washington State, USA, this year. Both parts have been voted up and moved to the new project stage. In the talk we shall dive deeply into the proposition of these standards that leverage the CC in an efficient manner.