Professional Documents
Culture Documents
http://www.security.re.kr
Why we use the e-Document
Issuance Service?
§ Definition
§ Should one go to the school just to get a report card?
§ e-Government services: Government-guaranteed documents issued
via Internet
§ What will change?
AS-
IS
…
Issued by email
2 http://www.security.re.kr
Upsides and Requirements
§ Upsides
Aspects Description
Quick Available 24/7
Economical Low cost compared to issuing off-line
Accessible Everywhere with the Internet services
§ Requirements
Security feature Technical feature
• Cryptography for e-documents issued
Confidentiality of the • Screen control
Issuing System • UI control
• Printer control
• Watermark
Forgery Prevention for
• 2D Barcode
Print-out
• Copy Detector
Reliability of the
• PKI authentication
Issuing Organization
3 http://www.security.re.kr
Terms and Definition
§ Original Document
§ Original Document refers to electronic document and its proper and
secure print-outs that is an object of issue.
§ Electronic Document
§ Electronic Document means an electronic file of a structured
document standardized with a pair of form and data of the
document.
§ Issue System
§ Issue System refers commonly to a system of issuing organizations
that issues electronic documents.
§ Detect Software
§ Detect Software refers to a program that extracts digital information.
Using scanners, it detects 2D high-density barcodes and invisible
watermarks attached to print-outs. It extracts digital information by
analyzing the 2D high-density barcodes and invisible watermarks.
4 http://www.security.re.kr
Terms and Definition
5 http://www.security.re.kr
System Structure
WAS
Document Issuing System
Server
Web Server Module
Data required
2D barcode created for document
Compressed/ Document
Requests Encrypted DB
document Original Certificate of Original
Issues document issuing document
document organization
Printed
User Control Document Verification
document
Module Module
6 http://www.security.re.kr
Threat Factors
7 http://www.security.re.kr
Core Security Functions
8 http://www.security.re.kr
Function 1. Web Protection
9 http://www.security.re.kr
Function 1. Web Protection
§ Web Protection
• Control Web Browser Menus Encrypted Meta File • Blocking image capture
• Limit to produce cache/ • Preventing capture by
temp file keyboard
• Preventing copying by • Encryption
keyboard or mouse • Preventing link by URL • Protect document screen
• Limit the use of pop-up menu • Limit use of Clipboard from remote program
10 http://www.security.re.kr
Function 2. Printer control
11 http://www.security.re.kr
Function 2. Printer control
Print
control
12 http://www.security.re.kr
Function 3. Prevention & Verification
13 http://www.security.re.kr
Function 3. Prevention & Verification
§ 2D Barcode
§ Comparison between original document with the
document brought from the 2D barcode, enables
a verification of document forgery.
§ Embedding the entire original document data and
digital signed data (hash code) into high-density
2D barcode for the legal proof of originality and
to prevent any forgery.
§ Digital Watermark
§ Embedding important hidden information into
organization’s logo / official seals / images
invisibly by using watermarks for its genuineness
of a document.
§ This reinforces 2D barcode in terms of forgery.
§ Dopy Detector
§ Scanning for any change to the code inserted in the original document
14 http://www.security.re.kr
TOE(Target of Evaluation)
Security Audit
Audit Record
Security
Management User Module
User
User Data Protection
TSF Data User Data Protection
Cryptographic
Support
Network
15 http://www.security.re.kr
The Contents of Protection Profile
Protection Profile
PP Reference
PP Introduction TOE Overview
CC conformance Claim
Conformance Claims PP Claim, Package Claim
Conformance Rationale
Conformance Statement
16 http://www.security.re.kr
Threats(1/2)
17 http://www.security.re.kr
Threats(2/2)
§ Asset : TOE
Threats Description
A threat agent may exhaust the storage to make the TOE fail to record
T.Recording failure
security-relevant events and document issuance log.
T.Consecutive Authentication A threat agent may have access to the TOE with the authority of an
Attempt authorized user by consecutively attempting authentication.
18 http://www.security.re.kr
Assumptions
Assumptions Description
It is assumed that the administrators are non-hostile, well trained and follow
A.Trusted Administrator
all administrator guidance.
It is assumed that the TOE environment provides a secure timestamp that
A.Timestamp
fulfills RFC 1305.
The e-document issuing system is located in a physically secure
A.Physical Security
environment that can only be accessed by an authorized administrator.
A.Secure Installation and
The TOE will be distributed and installed on a user PC in a secure manner.
Operation
A.Network Any traffic flow required by the TOE services will always be allowed.
19 http://www.security.re.kr
Organizational Security Policy
Policies Description
The TOE must audit every auditable event and keep the audit record secure.
P.Audit
This audit record is protected from unauthorized access.
An authorized administrator shall manage the TOE, audit log, and so on in a
P.Secure Management
secure way.
A user shall be identified and authenticated before using e-document issuance
P.Authorized User
services.
A software to help verify the authenticity of an e-document shall be distributed
P.Verifying Module
for anyone to use.
The TOE must be capable of being restored to a secure state without losing
P.Recover
any fatal data.
20 http://www.security.re.kr
Security Objectives for the TOE
Security
Description
Objectives
O.Transferred Data The TOE shall ensure confidentiality and integrity of an e-document transferred
Protection on network.
O.Stored Data The TOE shall protect the TSF data stored in it from unauthorized disclosure,
Protection modification, or deletion.
The TOE shall provide a secure print function to prevent data leakage by
O.Secure Print
temporary files or a virtual printer while an e-document is being printed.
The TOE shall provide a function to display digital data such as e-document on
O.Data Authentication a secured print-out and a function to analyze 2D barcode, which verifies the
authenticity of the print-out.
The TOE shall provide a screen protection function to prevent data leakage by
O.Screen Protection using a screen capturing key that the OS provides(e.g. PrintScreen), capture
program, and remote program while an e-document is being viewed.
O.Web Browser The TOE shall provide a security function to prevent data leakage by controlling
Control use of applications for viewing an e-document, e.g. Web browser, Report tool.
21 http://www.security.re.kr
Security Objectives for the TOE
Security
Description
Objectives
The TOE shall provide a function to display digital data such as e-document on
O.Verification a secured print-out and a function to analyze 2D barcode, which verifies the
authenticity of the print-out.
O.Identification and The TOE shall uniquely identify its administrator and authenticate a user prior to
Authentication allowing access.
The TOE shall generate and maintain the record of all security-relevant events
O.Audit
to ensure they can be traced and shall provide a means to review the records.
The TOE shall provide a means for the authorized administrator of the TOE to
O.Management
efficiently manage the TOE in a secure manner.
22 http://www.security.re.kr
Security Objectives for the
Operational Environment
OE.Timestamp The TOE environment shall provide a secure timestamp that fulfills RFC 1305.
OE.Secure Installation
The TOE shall be distributed and installed on a user PC in a secure manner.
and Operation
OE.Network Any traffic flow required by the TOE services shall always be allowed.
23 http://www.security.re.kr
Security Functional Requirements
Class Components
FAU_ARP.1(Security alarms)
FAU_GEN.1(Audit data generation), GEN.2(User identity association)
Security Audit FAU_SAA.1(Potential violation analysis)
FAU_SAR.1(Audit review), SAR.2(Restricted audit review)
FAU_STG.2(Guarantees of audit data availability)
FCS_CKM.1(Cryptographic key management), CKM.2(Cryptographic key
Cryptographic
distribution), CKM.4(Cryptographic key destruction)
support
FCS_COP.1(Cryptographic operation)
24 http://www.security.re.kr
Security Functional Requirements
Class Components
25 http://www.security.re.kr
Security Assurance Requirements
26 http://www.security.re.kr
Thank You!
E-mail : chelee3@gmail.com
http://www.security.re.kr