How Do Other Schemes Reinforce Common Criteria Certifications? (L30a)
Many electronic chips shall nowadays be amenable to be “multi-certified”.
Let us consider the example of Vehicle-to-Anything (V2X) chips, which manage the secure transaction between a car and its environment (other cars, road infrastructure like traffic lights, etc.).
Such chips organize a smooth information flow aiming at making car navigation as fluent as possible, by allowing the collection of safety information from the surrounding objects.
Obviously, V2X chips shall not fail, otherwise risking to create chaos in the traffic.
For this reason, V2X is considered a security critical asset and consequently a Protection Profile has been drafted:
it is now certified by the BSI and is registered as PP0114.
This PP requires a Common Criteria (CC) evaluation assurance 4+ level (EAL4+).
However, owing to V2X chips handling platform-level and user-level cryptographic keys, they are also considered “Cryptographic Modules”, and therefore they are eligible to a FIPS 140-3 (= ISO/IEC 19790) certification.
Besides, such V2X chips are also likely to be deployed in China mainland, and therefore shall be certifiable according to OSCCA series of normative standards.
Such diversity of certifications (CC, FIPS 140-3 & OSCCA) can be seen as a constraint.
But it can also be viewed as an opportunity to ease a successful CC certification.
Indeed, to state a few examples, FIPS 140-3 mandates self-tests, key pair validity checking, key zeroization, etc., which contribute to raising CC quotation.
Similarly, OSCCA require robust TRNG, memory encryption, etc. which also enhance CC quotation.
In this talk, I’ll therefore illustrate constructive synergies between schemes. In particular, I’ll show that prescriptive security mandated by “schemes competing with CC” are beneficial to increase chip’s evaluation assurance level. I’ll provide quantitative analysis in terms of CC quotation.