Expert answer:Success Stories Using Biometrics, computer science

Answer & Explanation:Success Stories Using Biometrics
Each student will select one of the case studies (Success
Stories) from the URL below.  Review the
project summary and provide an independent assessment of the task.  State
any assumptions you make in your case study. Follow the format in the syllabus about
ch 6 and prepare a 3 to 5 page, 1.5 spaced, 12 font paper that describes your
understanding of the technical and social challenges you would encounter, and
include some of the teaching points from the class slides (e.g., CER, FAR, FRR,
characteristics of selecting a Biometric technology).
Use this link to access the case
study information – http://www.nec.com/en/global/solutions/biometrics/case_studies/.I put the slides ppt and pdf AND DOCX FILE HAS MORE INSTRUCTION in the email attachment and the resources only from the documents i provide .
pp_bvm_mr_v1.0iop.pdf

class_6_hwzz.docx

ch_slides_.ppt

Unformatted Attachment Preview

U.S. Government
Biometric Verification Mode
Protection Profile
for
Medium Robustness Environments
Information
Assurance
Directorate
Version 1.0
November 15, 2003
Protection Profile Title:
U.S. Government Biometric Verification Mode Protection Profile for Medium
Robustness Environments.
Criteria Version:
This Protection Profile (PP) was developed using Version 2.1 of the Common Criteria
(CC) [1] and applying the NIAP interpretations that have been approved by
TTAP/CCEVS Management as of July 10, 2002.
Version 1.0
i
Table of Contents
1.0
1.1
1.2
1.3
1.4
1.5
2.0
INTRODUCTION………………………………………………………………………………………………. 1
PROTECTION PROFILE IDENTIFICATION …………………………………………………………………. 1
PROTECTION PROFILE OVERVIEW ………………………………………………………………………… 1
RELATED PROTECTION PROFILES …………………………………………………………………………. 2
CONVENTIONS ………………………………………………………………………………………………….. 3
PROTECTION PROFILE ORGANIZATION ………………………………………………………………….. 4
TOE DESCRIPTION …………………………………………………………………………………………. 6
2.1
BIOMETRIC TOE FUNCTIONALITY ……………………………………………………………………….. 8
2.1.1
The Enrollment Process……………………………………………………………………………. 10
2.1.2
The Verification Process…………………………………………………………………………… 11
3.0
TOE SECURITY ENVIRONMENT………………………………………………………………….. 13
3.1
VALUE OF RESOURCES ……………………………………………………………………………………… 13
3.2
AUTHORIZATION OF ENTITIES ……………………………………………………………………………. 13
3.3
SELECTION OF APPROPRIATE ROBUSTNESS LEVEL ………………………………………………… 14
3.4
BIOMETRIC TOE ENVIRONMENT ……………………………………………………………………….. 17
3.5
ASSUMPTIONS …………………………………………………………………………………………………. 18
3.6
THREATS ………………………………………………………………………………………………………… 18
3.6.1
Threats Addressed by the TOE ………………………………………………………………….. 20
3.7
ORGANIZATIONAL SECURITY POLICIES ……………………………………………………………….. 22
4.0
4.1
4.2
5.0
SECURITY OBJECTIVES ………………………………………………………………………………. 24
TOE SECURITY OBJECTIVES ……………………………………………………………………………… 24
SECURITY OBJECTIVES FOR THE OPERATING ENVIRONMENT ………………………………….. 26
IT SECURITY REQUIREMENTS……………………………………………………………………. 27
5.1
TOE FUNCTIONAL SECURITY REQUIREMENTS……………………………………………………… 27
5.1.1
Security Audit (FAU) ……………………………………………………………………………….. 31
5.1.2
Cryptographic Support Requirements (FCS)……………………………………………….. 43
5.1.3
User Data Protection (FDP) …………………………………………………………………….. 59
5.1.4
Identification and Authentication (FIA)………………………………………………………. 59
5.1.5
Security Management Requirements (FMT)………………………………………………… 68
5.1.6
Protection of TSF (FPT) …………………………………………………………………………… 74
5.1.7
TOE Access (FTA) …………………………………………………………………………………… 78
5.2
TOE SECURITY ASSURANCE REQUIREMENTS ………………………………………………………. 79
6.0
6.1
6.2
6.3
6.4
6.5
RATIONALE …………………………………………………………………………………………………… 99
RATIONALE FOR TOE SECURITY OBJECTIVES ……………………………………………………… 99
RATIONALE FOR THE SECURITY OBJECTIVES FOR THE ENVIRONMENT ……………………. 108
RATIONALE FOR TOE SECURITY REQUIREMENTS……………………………………………….. 108
RATIONALE FOR ASSURANCE REQUIREMENTS ……………………………………………………. 125
RATIONALE FOR NOT SATISFYING ALL DEPENDENCIES ……………………………………….. 126
Version 1.0
i
6.6
6.7
7.0
7.1
7.2
7.3
7.4
7.5
RATIONALE FOR STRENGTH OF FUNCTION CLAIM ………………………………………………. 127
RATIONALE FOR EXPLICIT REQUIREMENTS ………………………………………………………… 127
ADV EXPLICIT ASSURANCE BACKGROUND INFORMATION ………………… 131
ADV_INT_EXP……………………………………………………………………………………………. 131
ADV_FSP_EXP.1…………………………………………………………………………………………. 138
ADV_HLD_EXP.1 ……………………………………………………………………………………….. 144
ADV_LLD_EXP.1………………………………………………………………………………………… 146
ADV_ARC_EXP.1 ……………………………………………………………………………………….. 148
8.0
REFERENCES……………………………………………………………………………………………….. 151
9.0
TERMINOLOGY …………………………………………………………………………………………… 152
9.1
9.2
SPECIFIC BIOMETRICS TERMINOLOGY ………………………………………………………………. 152
COMMON PROTECTION PROFILE TERMINOLOGY …………………………………………………. 155
10.0
ACRONYMS ………………………………………………………………………………………………….. 161
11.0
REFINEMENTS …………………………………………………………………………………………….. 162
Version 1.0
ii
1.0 INTRODUCTION
This Biometric Verification Mode Protection Profile (PP) for Medium Robustness Environments
was sponsored by the Biometrics Management Office (BMO) and the National Security Agency
(NSA). A verification mode biometrics device is one that authenticates a user for a claimed
identity. This is distinctly different from an identification mode biometrics device, which
attempts to identify an individual by their biometric characteristic. This Protection Profile is
intended to be used as follows:
!” For product vendors and security product evaluators, this PP defines the requirements
that must be addressed by specific products as documented in vendor Security Targets
(STs).
!” For system integrators, this PP is useful in identifying areas that need to be addressed to
provide secure system solutions. By matching the PP with available STs, security gaps
may be identified and products or procedures may be configured to bridge these gaps.
1.1
Protection Profile Identification
Title: U.S. Government Biometric Verification Mode Protection Profile (PP) for Medium
Robustness Environments
Sponsor: The Biometrics Management Office and the National Security Agency (NSA)
CC Version: Common Criteria (CC) Version 2.1, and applicable interpretations.
Registration:
Protection Profile Version: Version 1.0, dated November 15, 2003
Keywords: Protection Profile, Medium Robustness Environments, verification mode, liveness,
biometrics
1.2
Protection Profile Overview
This Protection Profile (PP) specifies the minimum functional and assurance security
requirements for biometric products operating in verification mode to provide authentication
allowing physical and logical access control to facilities as well as to information systems in
medium robustness environments (see Section 3.0 for a characterization of medium robustness
environments). Biometric systems are enabling technologies designed to augment existing
security measures by positively authenticating individuals based on measurable physical features
or behaviors. Due to the unique nature of a biometrics TOE and the desire of the PP authors to
attempt to accommodate the wide range of biometric technologies, explicit requirements were
necessary, as was a great deal of refinement of the CC requirements.
Version 1.0
1
The requirements section of this PP specifies a need to protect biometric templates, to provide
confidentially, and integrity. Since the biometric package (which includes the user identifier and
their associated reference template(s)) may be stored in a device outside the control of the TOE,
the biometrics TOE encrypts biometric packages for confidentiality reasons, and an enrolling
TOE cryptographically signs a biometrics package so that modification of the package can be
detected.
A TOE conformant to this PP satisfies the specified functional requirements, as well as the
Medium Robustness assurance requirements that are expressed in Section 5.2 TOE Security
Assurance Requirements. The assurance requirements were originally based upon Evaluated
Assurance Level (EAL) 4. In order to gain the necessary level of assurance for medium
robustness environments explicit requirements have been created for some families in the ADV
class both to remove ambiguity in the existing ADV requirements as well as to provide greater
assurance than that associated with EAL4.
This PP defines:
!” assumptions about the security aspects of the environment in which the TOE will be
used;
!” threats that are to be addressed by the TOE;
!” security objectives of the TOE and its environment;
!” functional and assurance requirements to meet those security objectives; and
!” rationale demonstrating how the requirements meet the security objectives, and how the
security objectives address the threats.
1.3
Related Protection Profiles
A basic robustness PP for a biometric TOE operating in verification mode has many of the same
functional requirements, but does not require the use of cryptography to protect the biometric
packages. Contrary to a medium robustness TOE, the basic robustness TOE has a reliance on the
IT environment in order to address some of the threats and to enforce its security policies. The
basic robustness PP has less stringent assurance requirements as well.
Rather than write a PP that specifies requirements for both verification mode and identification
mode, a decision was made to write a PP for each mode of operation. This affords product
developers the opportunity to evaluate their product and claim conformance to a PP if their
product operates in only one of the modes of operation. This approach allows a product that
Version 1.0
2
operates in both modes the opportunity to claim conformance to each of the PPs. The following
PPs make up the family of PPs sponsored by the BMO and NSA:1
!” U.S. Government Biometric Verification Mode Protection Profile For Basic Robustness
Environments, dated (TBD)
!” U.S. Government Biometric Identification Mode Protection Profile For Medium
Robustness Environments, dated (TBD)
!” U.S. Government Biometric Identification Mode Protection Profile For Basic Robustness
Environments, dated (TBD)
1.4
Conventions
The notation, formatting, and conventions used in this PP are largely consistent with those used
in version 2.1 of the Common Criteria (CC). Selected presentation choices are discussed here to
aid the PP user.
The CC allows several operations to be performed on functional requirements; refinement,
selection, assignment, and iteration are defined in paragraph 2.1.4 of Part 2 of the CC. Each of
these operations is used in this PP.
The refinement operation is used to add detail to a requirement, and thus further restricts a
requirement. Refinement of security requirements is denoted by the word refinement in bold
text and the added/changed words are in bold text. In cases where words from a CC requirement
were deleted, a separate attachment indicates the words that were removed.
The selection operation is used to select one or more options provided by the CC in stating a
requirement. Selections that have been made by the PP authors are denoted by italicized text,
selections to be filled in by the ST author appear in square brackets with an indication that a
selection is to be made, [selection:], and are not italicized.
The assignment operation is used to assign a specific value to an unspecified parameter, such as
the length of a password. Assignments that have been made by the PP authors are denoted by
showing the value in square brackets, [Assignment_value], assignments to be filled in by the ST
author appear in square brackets with an indication that an assignment is to be made
[assignment:].
The iteration operation is used when a component is repeated with varying operations. Iteration
is denoted by showing the iteration number in parenthesis following the component identifier,
(iteration_number).
1
This is the first Protection Profile to be released in the family of Biometrics PPs and the remaining PPs are
currently in draft form and not yet available for public release.
Version 1.0
3
As this PP was sponsored, in part by NSA, National Information Assurance Partnership (NIAP)
interpretations are used and are presented with the NIAP interpretation number as part of the
requirement identifier (e.g., FAU_GEN.1-NIAP-0410 for Audit data generation).
The CC paradigm also allows protection profile and security target authors to create their own
requirements. Such requirements are termed ‘explicit requirements’ and are permitted if the CC
does not offer suitable requirements to meet the authors’ needs. Explicit requirements must be
identified and are required to use the CC class/family/component model in articulating the
requirements. In this PP, explicit requirements will be indicated with the “EXP” following the
component name.
Application Notes are provided to help the developer, either to clarify the intent of a
requirement, identify implementation choices, or to define “pass-fail” criteria for a requirement.
For those components where Application Notes are appropriate, the Application Notes will
follow the requirement component.
1.5
Protection Profile Organization
Section 1, Protection Profile Introduction, provides document management and overview
information necessary to identify the PP along with references to other related PP’s.
Section 2, Target of Evaluation (TOE) Description, defines the TOE and establishes the context
of the TOE by referencing generalized security requirements.
Section 3, TOE Security Environment (TSE), describes the expected environment in which the
TOE is to be used. This section defines the set of threats that are relevant to the secure operation
of the TOE, organizational security policies with which the TOE must comply, and secure usage
assumptions applicable to this analysis.
Section 4, Security Objectives, defines the set of security objectives to be satisfied by the TOE
and by the TOE operating environment.
Section 5, IT Security Requirements, defines the security functional and assurance requirements
derived from the Common Criteria, Part 2 and Part 3, respectively, that must be satisfied by the
TOE and the Non-IT environment.
Section 6, Rationale, provides rationale to demonstrate that the security objectives satisfy the
threats and policies. This section also explains how the set of requirements are complete relative
to the security objectives and presents a set of arguments that address dependency analysis and
Strength of Function (SOF) and use of the explicit requirement.
Section 7, ADV Explicit Assurance Requirement Background Information, provides objectives
and application notes for the explicit ADV requirements contained in this PP.
Section 8, References, provides background material for further investigation by users of the PP.
Section 9, Terminology, provides a listing of definitions of terms.
Version 1.0
4
Section 10, Acronyms, provides a listing of acronyms used throughout the document.
Section 11, Refinements, identifies the refinements that were made to CC requirements where
text is deleted from a requirement.
Version 1.0
5
2.0 TOE DESCRIPTION
This section describes biometric authentication devices as the Target of Evaluation (TOE) for
this protection profile.
Biometric TOEs are unlike other information-technology-related TOEs. Untrusted users who
interact with the TOE (known as “subjects” in the biometrics community, but not in the Common
Criteria community) are not really users of the TOE. Their only role is to present a claimed
identity and a fresh biometric sample, and the biometric TOE decides whether the biometric
sample comes from a live individual and whether the biometric sample matches the biometric
previously enrolled by the user with the claimed identity. The TOE does not contain any user
data and does not provide a logical interface to untrusted users. The TOE only contains TSF data
and the logical interface presented is only for administrative functions.
The physical and logical boundaries of the TOE will differ depending upon a vendor’s
implementation and the intended use of the product. There are many permutations of where these
components can be hosted.
For controlling physical access (e.g., a building or room), a TOE could be comprised of
components that are physically and logically housed in a single unit. An example is a device
whose ultimate purpose is to control access to a door, which performs the capture and
comparison functions within a single unit and is stand alone. A TOE could also have multiple
capture devices that transmit the live template to a server that then performs the comparison
function, which then generates the match/no match decision.
For controlling local logical access to an IT product (e.g., a workstation) the TOE’s physical
boundary could take different forms as well. As with the example above, the TOE could be
contained in a single unit and provide a match/no match decision to the IT product, or the TOE
could be physically separated. If the TOE is physically separated it could use the IT product to
transmit data (e.g., the live template, capture device’s identity) through the IT product to another
component of the TOE that performs the comparison function, which then in turn provides the
match/no match decision to the IT product. It is important to note that the TOE includes all the
hardware and software that play a role in the TOE being able to satisfy the security requirements
specified in this PP. When the TOE is physically separated, cryptography is used to maintain
confidentiality and to detect modification of the transmitted data. It is also important to note that
none of the TOE’s software is executing on a platform other than the trusted platform provided
by the TOE. This means that the comparison software or any capture controller function is not
running on an IT product other than the TOE. Figure 1 illustrates an example of a distributed
TOE. In this example, the capture device is connected to an IT product (e.g., workstation) via a
direct connection (e.g., USB connection) and the IT product is connected to a network. The
capture device transmits the live template, and possibly other data (e.g., unique device id …
Purchase answer to see full
attachment

Order a plagiarism free paper now. We do not use AI. Use the code SAVE15 to get a 15% Discount

Looking for help with your ASSIGNMENT? Our paper writing service can help you achieve higher grades and meet your deadlines.

Why order from us

We offer plagiarism-free content

We don’t use AI

Confidentiality is guaranteed

We guarantee A+ quality

We offer unlimited revisions