Writing and Updating of Protection Profiles conform to CC Version 3.0 Draft


The Common Criteria version 3.0 draft affect all aspects of the protection profiles. The paper reports about practical experience in writing a new protection profiles conform to CC 3.0 draft and discuss the future use and the need for updates of protection profiles written according to CC version 2.2.

The Trusted Computing Group (TCG) is developing a Trusted Platform Module (TPM) protection profile for personal computer clients conform to the CC 3.0 draft. The protection profile will reuse parts of the TPM protection profile certified in 2002, include new security functions of the TPM specification version 1.2 and define packages for the optional security features. This allows to compare the different approaches of the CC versions to describe security requirements for very similar targets of evaluation.

The changes of CC part 2 and 3 give rise to some issues using existing protection profiles for future evaluations. E. g. the Smartcard IC Platform protection profile (BSI PP 0002) is used by Eurosmart members for large number of certificates. It describes the required protection against information leakage by means of the security functional requirements like FDP_IFC.1, FDP_ITT.1 and FPT_ITT.1 which are removed in CC part2 version 3.0 draft. The protection against information leakage is assigned to the vulnerability analysis. The protection profiles for secure signature-creation devices (BSI-PP-0004, BSI-PP-0005, BSI-PP-0006) and for cryptographic module for CSP signing operations (DCSSI PP/0308 and PP/0309) are generally recognised standards referenced by the European Commission for electronic signature. They shall be updated due to the new approach of CC version 3.0 draft to deal with the cryptographic security functional requirements and the changes of the security assurance requirements.

The paper analyses these issues and suggests possible solutions for rework and reuse of current protection profiles to meet the CC version 3.0.