Marc Laroche Manager, Product Evaluation marc.laroche@entrust (613) 247-3446

The Trusted PKI Marc Laroche Manager, Product Evaluation marc.laroche@entrust.com (613) 247-3446

Agenda • The Entrust PKI, an overview • Evaluation approach • Common Criteria Certification: Functionality and assurance covered • What is next? Entrust/PKI v5.0 evaluation • Summary

CRL Entrust/PKI The main components OS Entrust/Authority Database CM LDAP OS X.500 Directory

CRL Entrust/PKI The main components OS Entrust/Authority Entrust/RA Admin API Database CM CM PKIX-CMP OS LDAP OS X.500 Directory

CRL Entrust/PKI The main components OS Entrust/Authority Entrust/RA Admin API Database CM CM PKIX-CMP OS LDAP OS Entrust-Ready Applications Other CAs OS CM OS X.500 Directory Other Applications

CM CM CRL Evaluation Scope Database Entrust/Authority Entrust/RA ADM API PKIX-CMP Other Applications CM X.500 Directory Entrust-Ready Applications

CM CM CRL Evaluation Scope Database Entrust/Authority Entrust/RA ADM API PKIX-CMP Non Entrust-Ready Applications CM X.500 Directory Entrust-Ready Applications

CM CM Entrust/PKI 4.0a Certification:Evaluated Functionality • User identification and authentication Entrust/Authority Entrust/RA ADM API PKIX-CMP Other CAs End-Entities

User identification and authentication • User I&A before any action (FIA_UID.2 and FIA_UIA.2) • Password rules (FIA_SOS.1) • Single use authentication for user initialization, key recovery and enabling of CA cross-certification (FIA_UAU.4) • Enforced re-authentication to complete sensitive operations and after session time-out has occurred (FIA_UAU.6) • Protected authentication feedback (FIA_UAU.7) • Authentication failure handling (FIA_AFL.1)

CM CM Functions • User Id • Role • Privileges • Access Control Entrust/Authority Entrust/RA ADM API Data PKIX-CMP Access Control Mediation Other CAs End-Entities

Access Control • Complete access control on CA data objects (e.g. CA signing key, user privilege vector, policy, etc) and functions (FDP_ACC.2) • Security attribute based access control (i.e. user id, role and permissions) (FDP_ACF.1) • Secure management of security attributes, including access control and enforcement of secure values (FMT_MSA.1, FMT_MSA.2, FMT_MSA.3, FIA_ATD.1) • Secure management of security enforcing data objects (e.g. integrity check rate, database encryption algorithm, CA signing algorithm, etc.), including access control and enforcement of secure values (FMT_MTD.1 and FMT_MTD.3)

CM CM • Separation of duties Security Officer Entrust/Authority Entrust/RA Administrator ADM API Master User PKIX-CMP Auditor Directory Administrator End User Others (Custom-defined)

Separation of duties • Maintenance of roles and associations between users and roles (FMT_SMR.2) • Management of security functions behavior restricted to distinct roles (FMT_MOF.1 and FMT_SAE.1)

CM CM CRL • Key Management Database Entrust/Authority Entrust/RA X.509v3 PKCS#1,3 FIPS 140-1 FIPS 186-1 PKIX-CMP ADM API CM X.500 Directory End User

Key Management • Certificate-based key management that meets the following standards: X.509v3, PKCS#1 and 3, FIPS 140-1 and 186-1, LDAP, PKIX-CMP (FCS_CKM.2) • User initialization, key update, key recovery and encryption key back-up IAW PKIX-CMP and FIPS 140-1 (FCS_CKM.3) • Use of secrets generated by a FIPS 140-1 cryptographic module is enforced (FIA_SOS.2)

CM CM CRL • Audit • Audit records are generated for a defined list of events; each record includes: log number, event description, severity level, user id, user type and state (FAU_GEN.1 and FAU_GEN.2) • Any modification to audit records is detected (FAU_STG.2) • Privileged users are provided with the capability to read audit records and look for specific information based on user-defined search criteria (FAU_SAR.1 and FAU_SAR.3) Database Entrust/Authority Entrust/RA ADM API X.500 Directory PKIX-CMP End Users Other CAs

CM CM CRL • Trusted Path and Data Protection Database Entrust/Authority Entrust/RA ADM API PKIX-CMP CM End Users X.500 Directory Other CAs

Trusted Path and Data Protection • Communications with remote administrative users, end users and external CAs are authenticated and protected from modification and disclosure (FTP_TRP.1) • Communications involved with automatic key management operations (e.g. key update) are protected from modification and disclosure (FTP_ITC.1) • The access control policy is enforced when data is transmitted and received, and modification, deletion, insertion or replay is detected (FPT_ITI.1) • Exchanged data is consistently interpreted (FPT_TDC.1) • Generation of evidence of origin for CA certificates, user certificates, CRLs and ARLs is enforced, and the capability to verify the evidence of origin is provided (FCO_NRO.2)

Trusted Path and Data Protection (continued) • Generation of evidence that can be used as a guarantee of the validity of CA certificates, user certificates, CRLs and ARLs is enforced, and the capability to verify evidence of the validity is provided (FDP_DAU.1) • Data stored in the local database is monitored for integrity errors (FDP_SDI.1)

Non-bypassability • Security enforcing functions are invoked and succeed before each function within the CA allowed to proceed (FPT_RVM.1)

CM CM CRL • Cryptographic services (Environmental) Database Entrust/Authority Entrust/RA ADM API PKIX-CMP CM End-Users X.500 Directory

Cryptographic services • Key and secret generation is performed by a FIPS 140-1 validated module (FCS_CKM.1 and FIA_SOS.2.1) • All plaintext keys are zeroized by a FIPS 140-1 validated cryptographic module (FCS_CKM.4) • All cryptographic operations, including pseudo-random number generation, short term key storage, encryption/decryption, signature generation and verification, hashing and MAC generation and verification are performed by a FIPS 140-1 validated cryptographic module (FCS_COP.1)

CM CM • Abstract Machine Services (Environmental) • Reliable time stamps are provided for own use (FPT_STM.1) • Audit records are protected against unauthorized deletion (FAU_STG.2.1) • A security domain for own execution is maintained, which provides protection against interference and tampering by untrusted applications (FPT_SEP.1) OS OS Entrust/Authority Entrust/RA Audit ADM API PKIX-CMP Time Time

And what EAL3+ means … • Internal development processes and systems were documented and reviewed. • Configuration management (source code, documentation, test plans); evidence that CM is actually used; measures that allow only authorized changes to configuration items. • Security measures (physical, procedural, personnel and other used to protect the development environment). • Flaw reporting procedures + • Problem tracking + • Product delivery • Design was documented and reviewed for conformance with claimed functionality. • Informal functional specification • High-level design (description of security functions in terms of subsystems and relates subsystems to the functions that they provide; description of the interfaces between these subsystems).

Continued ... • User documentation was reviewed: • Installation guidance • Administrative guidance • Informal correspondence demonstration was reviewed: • More abstract representation (claimed functionality) is correctly and completely refined in the less abstract representation (FS and HLS). • Test plans, test procedures, expected test results and actual test results were submitted and reviewed: • Demonstrate that each security function was tested against the functional specification in a systematic manner. • Demonstrate that the tests are sufficient to confirm that the security functions operate IAW the High-Level Design; demonstrate that the internal interfaces are exercised. • Vulnerability analysis was submitted and reviewed. • Categorization report was submitted and reviewed.+ • subcomponents are described as security enforcing or not.

Entrust/PKI 5.0 evaluation:Augmented from 4.0a • Functionality • Enforced proof of receipt - keys and certificate (FCO_NRR.2) • Residual information protection (FDP_RIP.1) • Automated recovery of services (FPT_RCV.2) • Replay detection - certificate request (FPT_RPL.1) • Session locking (FTA_SSL.1 and FTA_SSL.2) • Assurance - EAL-CS2 • ADV_SPM.1 Informal TOE security policy model • AVA_MSU.2 Validation of analysis

In summary • The Entrust/PKI evaluations cover: • cryptographic services • essential public key management functionality • supportive security critical functionality • The Common Criteria certification serves as a fundamental extension to the FIPS 140-1 process. • The selected CC assurance components (EAL3+) provide a maximum amount of confidence consistent with existing best practices for COTS development.

Questions? For more information: http://www.entrust.com/entrust/validation.htm E-mail: marc.laroche@entrust.com Tel: (613)247-3446

Marc Laroche Manager, Product Evaluation marc.laroche@entrust (613) 247-3446

Marc Laroche Manager, Product Evaluation marc.laroche@entrust (613) 247-3446

Presentation Transcript

Jierawat Gulsapudom Sawit Soothipunt Product Manager Product Manager

Dimension Product Marketing Manager Product Reviews

Guidelines for the Evaluation of Radio Transmission Technologies (RTTs) for IMT-2000 (Overview of Recommendation ITU-R M

Product manager

Product Manager

Dan Laycock – Senior Product Manager Drew Peterson – Product Manager

Program Manager Product Manager

Product Evaluation

Entrust Administration, Inc.

Media Product Evaluation

FabLab-Leuven Marc Lambaerts, FabLab manager

CED 613

Marc DURANDEAU Digbuild project Manager

Manager Performance Evaluation

Product Evaluation

Product Evaluation

Entrust IdentityGuard

Product Evaluation

Jose Costa Chairman, Canadian Evaluation Group (CEG) Tel.: +1 613 763-7574 FAX: +1 613 765-1225

The Evolution of Evaluation Practices in the Canadian Federal Government 1980 - 2005

Product Manager Recruitment Agency | Assistant Product Manager Hiring

Davenport Laroche Scam