Overview of Common Criteria Smart Card Evaluation Activities

Abstract:

The talk will present an overview of various aspects of Smart Card evaluations using the CC. Since the main activities are still concentrated in Europe today, we try to give a very general overview for listeners from other counties and give a first impression of some of the technical and procedural specialities of smart card evaluations. Of course each of this issues would need at least one presentation on its own, in order to cover it more deeply. Therefore this talk is a first general introduction to the topic, which may be expanded by talks on specific aspects or on specific evaluation projects.
Some of the topics will be:

 -  Why use Smart cards? The security benefits of pocket-size portable high tech security modules.
 -  Smart Card Hardware and Software Specific Attacks and the Vulnerability Analysis – Some very general Aspects are discussed showing, why specific attacks need to be considered – Touching the ongoing activities like the ISCI working group from Eurosmart in coordination with European evaluation labs and certification bodies.
 -  Efficient combination of Hardware, Operating System and Application evaluation – The composite Approach as documented by JIL and approved as CC Supporting Documents
 -  Some application fields, where evaluated Smart Cards are used, are shortly discussed, like Payment and other Banking Applications, Digital Signature Applications, Digital Tachograph Applications and others. Some numbers will be discussed showing the relevance of Smart Card evaluations in Europe and elsewhere.
 -  Several Smart Card Hardware Vendors, Smart Card Integrators, Evaluation Labs and Certification Authorities are involved in the development of high-quality smart card evaluations. We will try to give some examples of projects and involved parties.

The German CC scheme, which is maintained by the German Federal Office for Information Security (BSI), takes a leading role in many of the activities mentioned in the presentation. Its experience in the area of smart card evaluation provided valuable input for this overview.