Advertisement

Security Evaluation Schemas for the Public and Private Market with a Focus on Smart Card Systems

  • Eberhard von Faber
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1717)

Abstract

Even users must have some understanding of the different evaluation schemas. They must be able to rate the outcomes they rely on and use the opportunities to steer the processes. Some evaluation schemas are designed for general purposes others for specific application contexts. The elements of evaluation schemas are introduced first. Then observations about smart card evaluations are discussed demonstrating that the evaluation or approval process itself effects the evidence of the assurance and the value of evaluation verdicts. Especially trade-off situations typical of smart card evaluations are discussed.

Keywords

Smart Card Evaluation Schema Security Evaluation Data Encryption Standard Security Objective 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Common Criteria for Information Technology Security Evaluation; Part 1: Introduction and General Model; Version 2.0, May 22nd, 1998Google Scholar
  2. 2.
    Common Criteria for Information Technology Security Evaluation; Part 2: Security Functional Requirements, Part 2: Annexes; Version 2.0, May 22nd, 1998Google Scholar
  3. 3.
    Common Criteria for Information Technology Security Evaluation; Part 3: Security Assurance Requirements; Version 2.0, May 22nd, 1998Google Scholar
  4. 4.
    Information Technology Security Evaluation Criteria (ITSEC); Provisional Harmonised Criteria, Version 1.2, June 1991Google Scholar
  5. 5.
    Information Technology Security Evaluation Manual (ITSEM); Provisional Harmonised Methodology, Version 1.0, September 1993Google Scholar
  6. 6.
    ITSEC Joint Interpretation Library (JIL), Information Technology Security Evaluation criteria; Version 2.0, November 1998Google Scholar
  7. 7.
    Department of Defense Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD, December 1985 (“Orange Book”)Google Scholar
  8. 8.
    German Information Technology Security Criteria (ITSK), “Green Book”Google Scholar
  9. 9.
    Criteria for the Security of electronic cash Systems, Zentraler Kreditausschuβ (ZKA)Google Scholar
  10. 10.
    Criteria for the Security of Smart Card based Payment Systems, Zentraler Kreditausschuβ (ZKA)Google Scholar
  11. 11.
    Paul Kocher, Joshua Jaffe, and Benjamin Jun: Introduction to Differential Power Analysis and Related Attacks, Cryptography Research, July 31st, 1998Google Scholar
  12. 12.
    M. Wiener: Efficient DES Key Search, Manuscript, Bell-Northern Research, Ottawa, 1993 August 20Google Scholar
  13. 13.
    debis IT Security Services: Brute-Force-Attack on the Data Encryption Standard (DES), March 1996Google Scholar
  14. 14.
    Protection Profile Smart Card Integrated Circuit, Version 2.0, Issue September 1998, Registered at the French Certification Body under the number PP/9806Google Scholar
  15. 15.
    Act on Digital Signature (Digital Signature Act-Signaturgesetz-SigG), in: Article 3 Federal Act Establishing the General Conditions for Information and Communication Services-Information and Communication Services Act-(Informations-und Kommunikations-dienste-Gesetz-IuKDG); Federal Ministry of Education, Science, Research and Technology, 22 July 1997Google Scholar
  16. 16.
    Digital Signature Ordinance (Signaturverordnung-SigV), On the basis of § 16 of the Digital Signature Act of 22 July 1997 (Federal Law Gazette I S. 1870, 1872)Google Scholar
  17. 17.
    Guidelines for Implementing and Using the NBS Data Encryption Standard; FIPS PUB 74-1; April 1st, 1981Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Eberhard von Faber
    • 1
  1. 1.debis IT Security ServicesBonnGermany

Personalised recommendations