• No results found

Applying Common Criteria to a cloud type payment service

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Applying Common Criteria to a cloud type payment service"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

Applying Common Criteria to a

cloud type payment service

Kenji Yamaya

ECSEC Laboratory Inc.

(2)

Evaluation of a cloud system

A cloud system we evaluated varies dynamically by terminals

connected with.

The configurable TOE is one reason to the difficulty in evaluating the

cloud system.

Copyright ECSEC Laboratory Inc. 2013

internet cloud TOE server Mobile POS POS Smart Phone Tablet

TOE configuration defined in Security Target Newly developed

(3)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Idea for whole cloud evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

(4)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Idea of whole cloud evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

(5)

What is Thincacloud

Thincacloud

is a

cloud

system based on

NFC solution.

It is currently available

and providing

e-commerce

payment

service

in Japan.

No evaluation

regarding whole cloud

system evaluation

including many kinds

of terminals, so far.

(6)

What is Thincacloud

Real payment

Copyright ECSEC Laboratory Inc. 2013

Virtual payment By TV By Smart Phones In offices By Tablets

(7)

Thincacloud architecture

Terminals POS Smart Phone Tablet Thincacloud server Certified Built-in IC chip Certified Contactless Smart Card Secure

Channel Secure transaction: Confidentiality and Integrity Authentication: card - terminal - server program and HSM

Copyright ECSEC Laboratory Inc. 2013

Server IC Cards

(8)

Merit of Thincacloud architecture

Main security functionality is the

secure session

.

The developer forces the secure session on the just

High-EAL IC

and

the server

.

Terminals only support the secure session.

The developer decides that TOE in terminals is a

program,

and configurable parts (OS and hardware)

are IT environments

.

Therefore,

assurance

will be continued

regardless of

terminals

until the program is updated.

(9)

Evaluated Thincacloud

This TOE we have already evaluated is a small program in terminals

and a program, and a HSM in a server.

Merit :

Assurance

will be continued

regardless of terminals

until the program is updated.

Copyright ECSEC Laboratory Inc. 2013

internet cloud

TOE and HSM

(10)

How about a whole system ?

“Is my tablet secure to use Thincacloud payment?”

some users may

think.

Is my POS terminal secure?”

some shop owners may think.

Is Thincacloud server secure?”

e-commerce site owners may think.

Copyright ECSEC Laboratory Inc. 2013

internet cloud TOE server Mobile POS POS Smart Phone Tablet

Security of Whole system?

E-commerce sites SSL

(11)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

Evaluation of a whole system

Idea for whole cloud evaluation

(12)

Evaluation of terminals

How does the stakeholders obtain

security

assurance

of the entire terminal, instead of a

program?

Is the

Point of interaction protection profile

(POI-PP)

available for evaluation of the entire

terminal?

(13)

What is POI-PP

POI-PP

is a protection profile for the payment

terminals, Version 2.0 certified by ANSSI on 2011.

The target products are

payment terminals with

the smart card based transaction

capability.

POI-OPTION

configuration: TOE provides

protection for smart card based transaction,

payment transaction data management and

external communication facilities.

(14)

POI-OPTION configuration

Copyright ECSEC Laboratory Inc. 2013

Application Application Application

POI Application Logic (PAL) Communication

Services Security Services Application Separation Management Terminal

Mag-Stripe R/W CHV Device IC Card R/W VPN Network Application Application Acquirer System TOE of POI-OPTION PIN

(15)

NFC configuration

Copyright ECSEC Laboratory Inc. 2013

Application Application Application

POI Application Logic (PAL) Communication

Services Security Services Application Separation Management Terminal

Mag-Stripe R/W CHV Device IC Card R/W VPN Network Application Application Acquirer System

TOE on NFC system TOE of POI-OPTION

TOE on NFC system is similar to one of POI-OPTION, which indicates that POI-PP could be applied to cloud system based on NFC.

(16)

TSF structures

POI-OPTION NFC terminal

Copyright ECSEC Laboratory Inc. 2013

PED Middle TSF PIN Entry PIN Encrypted Key Middle TSF PED control POI Management Payment transaction Middle TSF Terminal Management and Payment transaction Middle TSF PIN Entry Function

(17)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

Evaluation of a whole system

Idea for whole cloud evaluation

(18)

Evaluation of a server

How the stakeholders obtain security assurance

of

total server

instead of component only.

E-money1 … Server

SSL

SSL HSM

APL logic Log

TOE E-commerce sites

SSL

Copyright ECSEC Laboratory Inc. 2013

(19)

Evaluation of a server

How the stakeholders obtain security assurance of

total server scheme

instead of component only.

Physical scope of the server-side TOE is total

server

including databases, HSMs, SSL

accelerators, Web servers and so on.

Copyright ECSEC Laboratory Inc. 2013

Assurance continuity can be applied

to the total server scheme,

(20)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

Evaluation of a whole system

Idea for whole cloud evaluation

(21)

Evaluation of a whole system

The client TOE runs well on the newly-developed terminals.

Rapid assurance continuity

is useful for whole system

evaluation.

Copyright ECSEC Laboratory Inc. 2013

internet TOE server Mobile POS POS Smart Phone Tablet

Fixed configuration defined Security target New terminal

(22)

Evaluation of a whole system

Security target describes the

newly-developed

terminal

as

a part of TOE.

Evaluation of

the newly-developed terminal

is

required.

▫ From whole system point of view, evaluation of

terminal means partial evaluation.

Copyright ECSEC Laboratory Inc. 2013

Then assurance continuity for the TOE is

maintained and available for evaluation.

(23)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Idea for whole cloud evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of server

(24)

Remaining issue

The e-commerce site is out of the scope of TOE.

It is regarded as a user for the TOE.

However, the card holder may require it is

secure.

We need to consider how we assure the

e-commerce site is secure enough.

(25)

Contents

Copyright ECSEC Laboratory Inc. 2013

Thincacloud and its evaluation

Idea for whole cloud evaluation

Remaining issue

Conclusion

Evaluation of terminals

Evaluation of a server

(26)

Conclusion

Idea of

assurance for the whole cloud system

including terminals.

Terminals

: terminals are

evaluated

and applied

for

assurance continuity

.

Developing subset of

POI-PP TOE

might be

applicable.

Server

:

Total server scheme

as TOE is

suitable

for evaluation

, NOT component base.

Whole system

:

Rapid assurance continuity

could be useful depends on component's life cycle.

(27)

Thank you

ECSEC Laboratory Inc.

3-21, Kanda-Nishikicho, Chiyoda-ku Tokyo, Japan 101-0054

TEL: +81-3-5259-8061 FAX: +81-3-5259-8070 E-mail: [email protected]

Evaluation of software / hardware IT Products by ISO/IEC15408 Testing of cryptographic module and algorithm implementation by FIPS 140-2 and JIS X 19790 (ISO/IEC 19790)

References

Download now ( PDF - 27 Page - 849.20 KB )

Related documents

Prophecies of the Messiah

Michael Gleghorn argues that the Bible contains genuine prophecies about a coming Messiah that were accurately fulfilled in the life, ministry, death and resurrection of Jesus..

Morning Notes. Domestic Market View. LKP Advisory. 1-Feb Markets to extend the rally mood with a positive start

Showing some improvement in the government finances, India’s fiscal deficit for the first nine months of the current financial year narrowed compared to the same period a year ago,

Employment. Fellow-In-Residence, Edmond J. Safra Center for Ethics & Department of Psychology, Harvard University. Education

Paper presented at the annual meeting of the Society for Personality and Social Psychology, Long Beach, CA.. A research contest for reducing

A Human Rights and Ethical Lens on Security and Human Dignity: The Case Study of Syrian Asylum Seekers

The term security has turned to be omnipresent in our daily lives, both in the public and in the private sphere. If in its classical sense, security, from the Latin securitas ,

Museum policy in Taiwan and Scotland: a comparative study

While the National Collections institutions are independent bodies directly funded by the Scottish Government with an executive role in the public sector, local authority

Cognitive vulnerabilities for depression and anxiety in childhood:Specificity of anxiety sensitivity and rumination

Methods: Multiple regression analyses explored to what extent specific self-reported anxiety sensitivity subscales (Physical, Social and Mental concerns) and rumination

Evaluation of broadband surface solar irradiance derived from the Ozone Monitoring Instrument

The effective cloud fraction, clear-sky index, climatological data of water vapour, aerosols and broadband surface albedo, clear-sky surface solar irradiance, snow/ice extent and

Examining a Public Montessori School’s Response to the Pressures of High-Stakes Accountability

This case study examined the ways one public Montessori elementary school responded to its high-stakes test scores in the areas of curriculum, instruction,