ISO/IEC 29128-3: A New Paradigm of Cryptographic Protocol Verification Using CC Methodology (L31a)
Security protocols in emerging technologies, such as in networking area, are getting complex and requires a separate evaluation. For example, in IoT, there are now cryptographic protocols for provisioning, multi-factor authentication, lifecycle management, etc. The ISO/IEC 29128:2011 was published with this view in mind to evaluate the correctness and security level of these protocols through a generic framework.
The Part 3 of the CC efficiently segments the evaluation into several levels that can be extended to the verification of cryptographic protocols as well. In April 2022, it was resolved by the ISO/IEC JTC1 SC27/WG3 to update the existing ISO/IEC 29128 standard in the form of two new parts, the third one being inherited from CC evaluation methodology. The part 3 normatively refers to the ISO/IEC 15408-3 (CC Part 3). The goal of this talk is to introduce this document.
Namely, the ISO/IEC 29128 Part 3 provides a generic framework that can be followed to evaluate any type of cryptographic protocol. The evaluation of a protocol can leverage a preliminary evaluation of the underlying algorithms, as in a composite evaluation. Once the individual algorithms have been validated, there could still remain bugs at a protocol level due to inconsistent combination of algorithms, improper set of parameters (e.g. nonce reuse), vulnerable modes of operation, etc. It provides an explanation on how to conduct an evaluation of cryptography protocols based on the methodology that is provided in part 3 of the CC for developers and CEM for evaluators on the specific methodology concerning cryptographic protocols. It is relevant to both developers and evaluators for the design of secure cryptographic protocols and the evaluation of the security level respectively. It also provides conformance parameters, assurance levels, assurance classes, vulnerability assessment and analysis for cryptographic protocols. In addition, the appendix is supplemented with examples on real-time vulnerabilities and attack cases.