Domain: cesg.gov.uk
Stories and comments across the archive that link to cesg.gov.uk.
Comments · 22
-
Companies, tooThe same agency will certify companies[1]. For a fee[2]. And an agreement that you forward all vuln reports to their spooks[3].
-
Companies, tooThe same agency will certify companies[1]. For a fee[2]. And an agreement that you forward all vuln reports to their spooks[3].
-
Companies, tooThe same agency will certify companies[1]. For a fee[2]. And an agreement that you forward all vuln reports to their spooks[3].
-
MI5 is not MI6
This, if I am correct is domestic UK job spec as befits MI5, overseas work done by MI6. This may well be in conjunction with the likes of http://www.cesg.gov.uk/Pages/homepage.aspx with the aim of keeping UK business and IP safe from prying eyes.
-
Re:This is getting out of hand
Here is the list of CESG approved products which meet the various requirements for data protection. Let me know what you find.
-
Re:TrueCrpt
If someone is willing to pony up the accreditation fees
....twenty thousand quid. Not surprisingly, the list of CAPS-approved products is quite short and the suppliers that *are* accredited are a) making a mint and b) not inclined to improve their clunky, difficult-to-administer products in any way since all UK Govt clients are locked in to using them anyway. -
Re:TrueCrpt
They have - by mandating that appropriate controls are implemented, including full disk encryption. See http://www.cabinetoffice.gov.uk/spf/sp4_isa.aspx - specifically requirement #40.
Truecrypt is not a product tested and approved by http://www.cesg.gov.uk/ so it can't be used for UK government business. If someone is willing to pony up the accreditation fees, and it passes, then it can be used.
These new UK gov regulations are interesting - they make specific nominated individuals in every government organisation personally responsible for data security - with penalties including fines and prison. Unsurprisingly, data security is now very heavily implemented and monitored.
-
RIPA, DV and Protectively Marked assets
This has nothing to do with the Regulation of Investigatory Powers Act. If some ne'er-do-well has stolen the hard drive, RIPA is not going to entitle them to the key to decrypt it, nor does it make encrypting it in the first place illegal! CESG ( http://www.cesg.gov.uk/ ) assesses a wide variety of cryptographic products as to their suitability for handling protectiveloy marked information, and some of these are restricted to HMG use only!
The paper forms for Developed Vetting themselves are marked "RESTRICTED STAFF (when completed)". See http://www.cabinetoffice.gov.uk/spf/faqs.aspx for information about protectively marked assets, and the DV forms themselves at http://www.hmgcc.gov.uk/clearance.aspx.
-
Re:Switching to Windows
I beg to disagree. A search of publicly available documents shows that NavyStar has Windows and DOS components. Fujitsu's ITSEC certification report (No. P230), in particular, shows Windows XP, Windows XPe, and DOS clients. See diagram on page 10.
Also, the article doesn't say that the servers were hit. Only that the system was based on a server cabinet and cable-networked PCs. As I understand it, NavyStar is a hardware platform of ruggedized PC components.
-
Re:Problems
In this case, there is no need to transfer keying material. The receiver injects the random noise himself, so it's not really related to the one time pad, it's more like the idea of public key cryptography (in a very indirect way, before criticizing please read Ellis' paper).
But you're right. Man in the middle would work like a charm, and that propagation method might work too (not my area of expertise). -
It's already been invented
Peeking at the paper, it seems that the receiver somehow introduces noise to the channel, garbling the sender's signal. He then recovers the message by deducing what the sender chose because he knows what his noise is.
A similar principle was used about 50 years ago, although maybe using a different method. I've not seen the paper about this device (Bell project C43), but the Ellis Paper on non-secret encryption (PDF, sorry) makes a brief description of the device in item 6.
Oh, if I were attacking that device (or Kish's one), I'd do a man in the middle attack without thinking twice (his assumptions about being perfectly secure are apparently wrong). -
Re:No
Actually, in the UK the government push a formalised framework for this kind of testing. To actually lead a job you need to have passed the CHECK assault course.
-
Re:No
Actually, in the UK the government push a formalised framework for this kind of testing. To actually lead a job you need to have passed the CHECK assault course.
-
Re:Certs/Viewing the Novell press release, it would appear that the cert has actually not been issued, and that Novell has only "successfully completed" the evaluation, which doesn't officially mean anything.
Having said that, I will note that this evaluation was to an actual protection profile (the CAPP), so the evaluation means something, unlike some other evaluations that I could mention.
-
Re:NSA == Spy && !SecurityInforcer
I'd say that making sure the government communications are secure is part of the NSA's job.
They usually screen the ciphers to be used so they are secure enough (like DES and AES).
Also SELinux (although it started as a semi-independent project) seems to show that security is indeed part of its task. They made SELinux to make a point about the need for mandatory controls, and to make others adopt MAC, enhancing security in the process.
They probably develop ciphers and hardware for government use, too. Although I have no data on that, it is known that GCHQ (the british counterpart of the NSA) worked on public key encryption taking a security point of view (instead of an attacker's POV), that can be seen on J. H. Ellis' paper (PDF link). Nice reading material BTW. Very easy to understand even for nontechnical people and IMHO very insightful. -
Re:Insecure LinuxI know you were just rethorical about it, but RTFA and at least you might be able to sound interesting.
Here's a bunch of clues, anyway:
- No sane Dept. of Defense would rely on foreign software - so the contractors are French.
- Mandrake is not the sole contractor.
- The contract is for 3 years and aims at a CC-EAL5 certification; not exactly a typical Mandrake setup.
- Linux and Security can mix - although not everyone uses that mix. Witness SELinux and it's offsprings.
Anyway, if they manage a EAL5 certification for this, they'll be able to laugh their asses out at Defense Dept.s that use (or even more, mandate the use) of Windows on their computers. Seeing that w2k only made it (dubiously) to EAL4.
EAL4 Methodically Designed, Tested and Reviewed. Analysis is supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for obvious vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.
EAL5 Semiformally Designed and Tested. Analysis includes all of the implementation. Assurance is supplemented by a formal model and a semiformal presentation of the functional specification and high level design, and a semiformal demonstration of correspondence. The search for vulnerabilities must ensure relative resistance to penetration attack. Covert channel analysis and modular design are also required.
(See here) - No sane Dept. of Defense would rely on foreign software - so the contractors are French.
-
Re:Safety Critical Systems
Is Microsoft Software actually certified for safety critical systems?
Depends on what version of Windows they were running. Windows NT 4 (SP3) is the only version of Windows to have been evaluated against ITSEC criteria. It's unlikely they'd be running a certified product, however, as the second you apply a new Service Pack to the machine, it's no longer certified. Every evaluation I've been part of has been where a vendor has wanted to sell something to the Ministry Of Defence, and have needed to obtain certification under ITSEC or Common Criteria in order to do that. -
A little explanation (No such thing as just EAL4)A nice introduction to the CC
"The CC defines the Protection Profile (PP) construct which allows prospective consumers or developers to create standardised sets of security requirements which will meet their needs."
"The Target of Evalution (TOE) is that part of the product or system which is subject to evalution. The TOE security threats, objectives, requirements and summary specification of security focuntions and assurance measyers together form the primary inputs to the Security Targets (ST), which is used by the evalutators as basis for evaluation"
"Evaluation
The principal inputs to evalutation are the Security Target, the set of evidence about the TOE and the TOE itself. The expected result of the evalution proecess is a conformation that the ST is satisfied for the TOE, with one or more reports documenting the evalution findings"
In short the Protection Profile defines the implementation independent set of security requirements and objectives. I think the PP used for Win2000 is "Controlled Access Protection Profile (Version 1.d)", downloadable here
"The TOE (Target of Evaluation) is the product under evaluation (Win2000+VPN?+?) and the ST (security target) contains the security objectives and requirments of a specific identified TOE and defines the functional and assurance measures offered by that TOE to meet stated requirements. The ST may claim conformance to one or more PPs and forms the basis for an evalution."
The assurance level (EALx) is the measure of "how much" assurance there exists that a TOE meets its security claims. EAL1 ("bad") ... EAL7 ("good"), see above reference.
So the real interesting parts are the Security Target and the Evaluation-report. (Then you know what you're talking about).
(Yes, my native tongue is not English) -
James Ellis and the CESGIt was invented way before either Diffie/Hellman/Merkle, as you said.
Back in the '60s, it had been invented at GCHQ by James Ellis for use by the British Secret Service. Unfortunately, due to the Official Secrets Act, Ellis was forbidden to publish or discuss his discovery.
The organisation that Ellis worked for, CESG, are on-line - you can check out their site here.
Here's a link to a page explaining their input into Public Key Crypto.
In 1973, inspired by the pioneering work of James Ellis a few years earlier, Cliff Cocks of CESG invented the first practical method for what we now call public key cryptography (PKC). The technology was subsequently discovered independently and developed into RSA; it was not until 1997 that it was publicly revealed that CESG had got there first!
I'd first heard about Ellis' work in Simon Singh's book, The Code Book. James Ellis seemed to be a very quiet, modest person. It's a shame that his name isn't to the forefront when we think of Public-Key crypto. Credit where it's due .... -
James Ellis and the CESGIt was invented way before either Diffie/Hellman/Merkle, as you said.
Back in the '60s, it had been invented at GCHQ by James Ellis for use by the British Secret Service. Unfortunately, due to the Official Secrets Act, Ellis was forbidden to publish or discuss his discovery.
The organisation that Ellis worked for, CESG, are on-line - you can check out their site here.
Here's a link to a page explaining their input into Public Key Crypto.
In 1973, inspired by the pioneering work of James Ellis a few years earlier, Cliff Cocks of CESG invented the first practical method for what we now call public key cryptography (PKC). The technology was subsequently discovered independently and developed into RSA; it was not until 1997 that it was publicly revealed that CESG had got there first!
I'd first heard about Ellis' work in Simon Singh's book, The Code Book. James Ellis seemed to be a very quiet, modest person. It's a shame that his name isn't to the forefront when we think of Public-Key crypto. Credit where it's due .... -
Re:Orange Book etc
It's also worth mentioning that the second you attach that NT system to a LAN (or any other network iirc) it is no longer C2 certified.
That is not the case for NT4. The cited report refers to the NT 3.51 evaluation since the NT4 evaluation had not been published when it was written. The summary of the NT4 evaluation says "A networked configuration was evaluated for interconnecting the various hardware with Windows NT workstations and servers.". The full evaluation report is available for those who want to read it.
Windows NT4 (with specified SPs and fixes) also has an ITSEC E3/F-C2 certificate, and networking is mentioned in that one too - search from the CESG certified products page if you want details.
These certificates do not necessarily mean much in practice, but we should refer to up to date ones if we refer to them at all.
-
Where SHOULD the threat come from?
I saw a good talk by Dr. Richard Walton, the director of the Communications Electronics Security Group.
To paraphrase, he said, "Currently we know that about 80% of threats come from inside. But no one ever asks what the desirable value for this number should be. I propose that it should be 100%." He said we should trust insiders rather than outsiders, and trust people rather than machines. Or again paraphrasing, he said that we can trust machines to correctly do whatever they are told, unfortunately machines can't distinguish whether a set of instructions are "good" or "bad", whereas most of the time, most of the people inside your organization will do the right thing.