New trends in IT&C security evaluation

• Author: Cristian Teodor Paun - Emil Simion
• Pages: 281-287

Teodor Stefanescu

281

LESIJ NO. XVII, VOL. 2/2010

NEW TRENDS IN IT&C SECURITY EVALUATION

Cristian Teodor P;UN*

Emil SIMION**

Abstract

This paper focuses on the link between information security and cryptography

represented by National Institute of Standards and Technology (NIST) cryptographic standards,

Federal Information Processing Standard FIPS 140-2 (Security requirements for cryptographic

modules) standard and Common Criteria for Information Technologies Security Evaluation (ISO

15408) standard. Information security is the science of protecting information and information

systems from unauthorized access, use, disclosure, disruption, modification or destruction.

Cryptography deals with design, implementation and evaluating cryptographic algorithms (e.g.

NIST AES selection process, SHA-3 completion etc.) in order to be used by products (software

and/or hardware) which are intended to protect information or information systems. Before using

in information systems those cryptographic products need to be tested and evaluated also. One

evaluation standard is FIPS 140-2. After this evaluation is obtained, from an accredited

Laboratory, the system itself needs to be evaluated in order to have a image of the assurance level

obtained. Usually these evaluation is made using ISO 15408 (Common Criteria for Information

Technology Systems) standard.

Keywords: cryptographic algorithms, FIPS 140-2, ISO 15408, crypto modules, security

evaluation.

1. INFOSEC

INFOSEC domain covers the following areas:

Figure 1: INFOSEC standards stratification

Physical security describes both measures that prevent or deter attackers from accessing a

facility, resource, or information stored on a physical media and guidance on how to design

structures to resist various hostile acts.