Banner Avatar
Solution

Security evaluation and testing

Verified security helps to defend against cyber attacks

Contact
Robert Hammelrath
Robert Hammelrath

Expert for Security analysis and testing

In a time of increasing cyber threats, evaluations and certification show customers that a company takes the risks involved in data privacy seriously and works to minimize them – in other words, verified security.
Evaluations in lab tests determine whether an IT product or system provides suitable security measures and accurately and effectively complies with the user’s individual security requirements. If so, the product or system can be certified based on test results. For many applications, their release or design approval depends on a successful security evaluation. Verification of the reliability of security aspects is generally outsourced to an independent, qualified service provider like T-Systems’ licensed test facility.

Verified security for any situation

T-Systems conducts its evaluations based on internationally recognized standards like ITSEC or Common Criteria for Information Technology Security Evaluation – abbreviated as Common Criteria (CC).  This common, globally recognized standard for verified security defines the criteria that make up the security of computer systems. These were included in the ISO/IEC 15408 international standards. The German Federal Office for Information Security (BSI) has recognized T-Systems for CC evaluations up to EAL7 with no technological limitations.
Industry-specific verification by T-Systems is also accepted worldwide by different standards and organizations. In the financial sector, for example, verified security is one of the criteria for payment components and networks
  • of the Deutsche Kreditwirtschaft German banking association, EMVCo, MasterCard, Visa and PCI (Payment Card Industry),
  • the Irdeto’s Secure Chip Security Robustness Evaluation Specification and Viaccess-Orca standards as well as Nagra’s NOCS3.0 program in the pay-TV sector and
  • EuroPrise in the data privacy sector (recognized in the EU).
Verified security by T-Systems
  • Common schema and critiera (common criteria, ITSEC)
  • Standards for the financial sector (including Deutsche Kreditwirtschaft German banking association, EMVCo, CAST, Visa smart card program, PCI)
  • Standards in the pay-TV sector (Irdeto, Viaccess-Orca and Nagra)
  • Data privacy evaluations (EuroPrise)
  • Security integrated circuits including crypto libraries, firmware and operating systems (e.g., smart cards, system-on-chip (SoC), embedded controllers)
  • Hardware security modules (HSM; e.g., for PKI or banking, random number generators)
  • Embedded systems and terminals (e.g., smart phones/tablets, M2M (machine-to-machine) devices, payment terminals, digital tachographs, automotive, avionic and satellite embedded security hardware und software, set top boxes, eHealth connectors)
  • Applications (e.g., obfuscated software, hard disk encryption software, digital signature, middleware for eGovernment electronic transactions)
  • More than 20 years of expertise with globally recognized evaluations of security-critical products
  • Skilled in different testing methods
  • Reverse engineering, physical manipulations and probing
  • Malfunctions and forced leakage attacks
  • Inherent leakage attacks (side channel analysis)
  • Use of properties to cause damage
  • Cryptographic attacks (protocols, algorithms)
  • Software attacks and analysis
  • Creating security policies (protection profiles) in full compliance with the customer’s security requirements.
  • Highly qualified staff: mathematicians/cryptologists, physicists, engineers, computer scientists
  • Lab with the latest advanced equipment for evaluating hardware and software
  • Official common criteria training in the German BSI schema
  • Common criteria development and management workshops, assistance with creating security specifications and preparing documentation, pre-evaluation
  • CCDB/JIL Composite Evaluation for Smart Cards and Similar Devices (mandatory CC document, major contribution, editor)
  • JHAS (JIL Hardware Attacks Subgroup)
  • AIS36 Composite evaluation methodology (co-author)
  • AIS20 and AIS31 random number generator evaluation methodology (co-author)
  • AIS34 evaluation methodology for CC Assurance Classes for EAL5+ und EAL6 (major contribution, editor)
  • AIS14 Guidelines for Evaluation Reports (co-author)
  • Elliptic Curve Cryptography security evaluation guide (part of BSI scheme)

Independent and objective evaluations = verified security

T-Systems has been active as a licensed testing site since 1991. What counts here is being independent and objective. Combined with technical and methodological expertise, these form the basis for becoming a recognized testing site. T-Systems has its own lab with the latest advanced equipment for evaluating hardware and software.
The list of customers includes international manufacturers of security products. Our T-Systems consultants help plan and conduct the verified security evaluation process. They point out weak areas to the customer and bring them up-to-date on the latest attack methods and scenarios. This lays down the foundation for creating sustainable security measures and building a reputation as a leading supplier of security technology.
Top Downloads