certification and iot
play

Certification and IoT Guillaume Boufgard ( - PowerPoint PPT Presentation

Dec 20, 2023 •292 likes •560 views

Certification and IoT Guillaume Boufgard ( guillaume.boufgard@ssi.gouv.fr ) Agence nationale de la scurit des systmes dinformation 23 Mai 2019 Until now Security features are made on specific devices Payment Identity Travel

  1. Certification and IoT Guillaume Boufgard ( guillaume.boufgard@ssi.gouv.fr ) Agence nationale de la sécurité des systèmes d’information 23 Mai 2019

  2. Until now … Security features are made on specific devices Payment Identity Travel … Devices Smartcard Embedded secure element (SE) Certification and IoT Guillaume Boufgard 23 Mai 2019 1 / 20

  3. Until now … Security features are made on specific devices Payment Identity Travel … Devices Smartcard Embedded secure element (SE) Certification and IoT Guillaume Boufgard 23 Mai 2019 1 / 20

  4. How to ensure security level of SE? Customers specify the security requirements. Developers implement security requirements in the product. ITSEFs evaluate the product security level. Certification Body certify products and checks each step of the evaluation process. Certification and IoT Guillaume Boufgard 23 Mai 2019 2 / 20

  5. The Common Criteria Common Criteria is an international standard (ISO/IEC 15408) for certification of secure products. International recognition Certification and IoT Guillaume Boufgard 23 Mai 2019 3 / 20

  6. The Common Criteria Scheme in France Certification and IoT Guillaume Boufgard 23 Mai 2019 4 / 20

  7. The Common Criteria Scheme in France Certification and IoT Guillaume Boufgard 23 Mai 2019 5 / 20

  8. The Common Criteria Scheme in France Certification and IoT Guillaume Boufgard 23 Mai 2019 6 / 20

  9. The Common Criteria Scheme in France Certification and IoT Guillaume Boufgard 23 Mai 2019 7 / 20

  10. Evaluation level Several certification classes exist: 23 Mai 2019 Guillaume Boufgard Certification and IoT Each evaluation is not time constraint. EAL4 + ALC_DVS.2 + AVA_VAN.5 For each class may be augmented : Formally Verified Design and Tested EAL7 Semiformally Verified Design and Tested EAL6 Semiformally Designed and Tested EAL5 Methodically Designed, Tested and Reviewed EAL4 Methodically Tested and Checked EAL3 Structurally Tested EAL2 Functionally Tested EAL1 Description Level 8 / 20 ◮ For instance: a smartcard can be evaluated as:

  11. A new world comes with new usages Secure features moves to unsecured component: Each 6-month/year: a new version of a component is released. But, are we able to evaluate that? Certification and IoT Guillaume Boufgard 23 Mai 2019 9 / 20 ◮ SoC/TEE ◮ Whitebox crypto

  12. A new world comes with new usages Secure features moves to unsecured component: Each 6-month/year: a new version of a component is released. But, are we able to evaluate that? Certification and IoT Guillaume Boufgard 23 Mai 2019 9 / 20 ◮ SoC/TEE ◮ Whitebox crypto

  13. A new world comes with new usages Secure features moves to unsecured component: Each 6-month/year: a new version of a component is released. But, are we able to evaluate that? Certification and IoT Guillaume Boufgard 23 Mai 2019 9 / 20 ◮ SoC/TEE ◮ Whitebox crypto

  14. CC Developer must provide compliant docs 23 Mai 2019 Guillaume Boufgard Certification and IoT Certification) and Spain (LINCE). CPSN-like scheme available in Germany (BSZ — Accelerated Security Relatively low cost (25 to 35k€) Very expensive (60 to 200k€) No specific knowledge Fixed product version CSPN Product update during the evaluation 25md (+10 for crypto) No time constraint No recognition International certification recognition Black box Grey/white box Only one level EAL 1 to 7 10 / 20

  15. CC Developer must provide compliant docs 23 Mai 2019 Guillaume Boufgard Certification and IoT Certification) and Spain (LINCE). CPSN-like scheme available in Germany (BSZ — Accelerated Security Relatively low cost (25 to 35k€) Very expensive (60 to 200k€) No specific knowledge Fixed product version CSPN Product update during the evaluation 25md (+10 for crypto) No time constraint No recognition International certification recognition Black box Grey/white box Only one level EAL 1 to 7 10 / 20

  16. Certification de Sécurité de Premier Niveau (CSPN) Certification and IoT Guillaume Boufgard 23 Mai 2019 11 / 20

  17. Certification de Sécurité de Premier Niveau (CSPN) Certification and IoT Guillaume Boufgard 23 Mai 2019 12 / 20

  18. Certification de Sécurité de Premier Niveau (CSPN) Certification and IoT Guillaume Boufgard 23 Mai 2019 13 / 20

  19. Certification de Sécurité de Premier Niveau (CSPN) Certification and IoT Guillaume Boufgard 23 Mai 2019 14 / 20

  20. Licensed ITSEFs Certification and IoT Guillaume Boufgard 23 Mai 2019 15 / 20

  21. Licensed ITSEFs Agreements for Electronic, microelectronic components and embedded sofuware Certification and IoT Guillaume Boufgard 23 Mai 2019 16 / 20

  22. Licensed ITSEFs Agreements for Sofuware and Networks Certification and IoT Guillaume Boufgard 23 Mai 2019 17 / 20

  23. Licensed ITSEFs Agreements for Equipements matériels avec boîtiers sécurisés Certification and IoT Guillaume Boufgard 23 Mai 2019 18 / 20

  24. Short List of CSPN products A full list is available there: https://www.ssi.gouv.fr/administration/produits-certifies/ cspn/produits-certifies-cspn/ Random-chosen CPSN products: (03/12/2015) cryptsetup 1.7.0 (16/06/2016) NPCE586HA0MX (16/03/2017) Certification and IoT Guillaume Boufgard 23 Mai 2019 19 / 20 ◮ Ledger Nano S version 1.5.1 (14/02/2019) ◮ Mécanisme de cloisonnement runtime de KNOX Workspace version 2.3 ◮ Sous-système de chifgrement de disques dm-crypt Noyau Linux 4.4.2 – ◮ HP Sure Start Hardware Root of Trust, en version A0, embarqué sur la puce

  25. Conclusion Currently, there is not scheme to evaluate IoT devices. Several approaches exist (CSPN, or property scheme) without international recognition. Certification and IoT Guillaume Boufgard 23 Mai 2019 20 / 20

  26. Questions? Guillaume Boufgard <guillaume.boufgard@ssi.gouv.fr>

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training Inspection/Audit Establish MoC Status of Operator/ Maintainer Manual, Function Identify CRB Record and Interfaces Result of Form Ground/

618 views • 24 slides
CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO APPLY TO WRITE Once you have logged into the Then under Certification The Certification committee Application Forms may be CAPLA website using

687 views • 37 slides
1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA Certification is based on Dr. As Habits of Health Transformational System and is available to all Coaches who want to apply and reinforce their knowledge of

613 views • 19 slides
Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

ASHA Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the CFCC Presentation Overview What is Certification? CCC-A Certification Standards CCC-A Application Process FAQs Keep your

209 views • 19 slides
Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in all other positions (Descriptions in some of the following slides are as indicated in the rules, although it is not unusual for the referee to

378 views • 10 slides
Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory

Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory

Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory certification is a process that provides formal recognition to the managerial and technical competence of a laboratory performing specific analyses

853 views • 50 slides
AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM

AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM

AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM certification, our consulting team analyses hundreds of site selection criteria with emphasis on the following 10 items Assessment of airport

1.08k views • 75 slides
IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA

IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA

IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA Certification Options C. Applying for Certification D. Exam Activities Register and Prepare E. Benefits of BABOK studying 2/13/2018, p. 1

127 views • 10 slides
SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us

SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us

SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us OUTCOME OF PRESENTATION Understand the importance of educator certification Ability to create a user id and apply for certification

698 views • 53 slides
Voluntary EU certification for Voluntary EU certification for non-residential buildings

Voluntary EU certification for Voluntary EU certification for non-residential buildings

Voluntary EU certification for Voluntary EU certification for non-residential buildings Definition of an Energy Performance Scale Jana Bendalov BUILDING TESTING AND RESEARCH INSTITUTE / Slovakia 09 January 2012 1 Context

609 views • 19 slides
ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your

ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your

ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your professional The Certifying Body society (also ABP, AOA) Help you as a Accountable to the member public Outline 1. Background &amp; Environmental

1.38k views • 29 slides
Certification in Humanitarian Logistics Level I HLC 2007 How Certification came about.HLC

Certification in Humanitarian Logistics Level I HLC 2007 How Certification came about.HLC

1 Certification in Humanitarian Logistics Level I HLC 2007 How Certification came about.HLC 2003 HLC participant feedback Needs to be clear career map, not just specific training initiatives around warehousing or other functions

473 views • 19 slides
8/6/2020 Direct Certification SY 2020-2021 Overview Direct Certification (DC) What is

8/6/2020 Direct Certification SY 2020-2021 Overview Direct Certification (DC) What is

8/6/2020 Direct Certification SY 2020-2021 Overview Direct Certification (DC) What is it? How does it work? HCNP Systems Direct Certification Menu What is DC? Allows SFAs to certify children as eligible for FREE meals

471 views • 13 slides
Ed-Fi Certification Indiana Department of Education May 16, 2018 Welcome Ed-Fi Vendor

Ed-Fi Certification Indiana Department of Education May 16, 2018 Welcome Ed-Fi Vendor

Ed-Fi Certification Indiana Department of Education May 16, 2018 Welcome Ed-Fi Vendor Certification Agenda Introduction to Ed-Fi Ed-Fi Certification Resources Ed-Fi Certification Process &amp; Benefits Q &amp; A

402 views • 28 slides
National Board Certification A Distinction That Matters National Board Certification Program

National Board Certification A Distinction That Matters National Board Certification Program

National Board Certification A Distinction That Matters National Board Certification Program District and Regional Support Division North Carolina Department of Public Instruction Board Certification: A Vehicle for Transforming Teaching Ron

534 views • 30 slides
3/9/2020 The Virtual The Virtual The Virtual The Virtual Certification Certification

3/9/2020 The Virtual The Virtual The Virtual The Virtual Certification Certification

3/9/2020 The Virtual The Virtual The Virtual The Virtual Certification Certification Certification Certification Interview Interview Interview Interview NACC Initial Certification Webinar for a Zoom Conference Interview 1

359 views • 7 slides
Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia

Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia

Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia Scalaz-Stream (FS2) F unctional S treams for S cala https://github.com/functional-streams-for-scala/fs2 Disclaimer This library is

1.16k views • 93 slides
Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides

Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides

Tufts COMP 135: Introduction to Machine Learning https://www.cs.tufts.edu/comp/135/2019s/ Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides attributable to: Emily Fox (UW), Erik Sudderth (UCI) 2 What

998 views • 52 slides
How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if

How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if

How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if from a store or factory: How To Get A Shirt Make it yourself: Get if from a store or factory: Have someone give it to you: How To Get A

282 views • 10 slides
Keeping Up With Coach Training Rachel Maruno, Sr. Manager Coach Training Megan Pak, Sr.

Keeping Up With Coach Training Rachel Maruno, Sr. Manager Coach Training Megan Pak, Sr.

Keeping Up With Coach Training Rachel Maruno, Sr. Manager Coach Training Megan Pak, Sr. Coordinator Coach Training (EAST) Emily Mock, Coordinator Coach Training (WEST) Agenda Whats new? Registration Process Preparing for Training

490 views • 11 slides
Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + * Internet Exchange Points Global Transit / Hyper Giants National Large Content, Consumer, Hosting CDN

729 views • 20 slides
Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat?

Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat?

Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat? Iteratees are stream processors. Programming model / API to allow reasoning about I/O Origin: functional programming Challenge: Do it without

374 views • 10 slides
Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and

Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and

Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and Verification Johannes Kepler University Linz, Austria joint work with Marijn Heule and Matti J arvisalo WorKer11 3rd Workshop on Kernelization

1.03k views • 49 slides
UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform

UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform

UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform A global collaboration to harness the power of data for better lives 2 #UNGlobalPlatform Leave no one behind Endeavour to reach the furthest

745 views • 48 slides

More recommend