In 2009, LOGIWAYS SafeAccessTM was the first ever Conditional Access System to receive the rigourous EAL4+/AVA_VAN5 certification, based on Common Criterai (ISO 15408).
In 1996, Europeans, Canadians, and Americans finally agreed on setting up a joint organization to standardize qualification and certification of security in the field of Information technologies: Common Criteria (CC). These common criteria are mainly used for systems directly involved in security such as Firewalls, VPNs, switches, a.s.o. They were built from the merge between NSA’s Orange book and European ITSEC rules. In order to accelerate security standards spreading internationally, CC representatives signed an agreement with OSI who created ISO 15408 standard.
All documents describing Common Criteria can be found on the Common Criteria internet site:http://www.commoncriteriaportal.org/.
Functional and assurance security requirements are the basis for the Common Criteria. There are seven Evaluation Assurance Levels (EALs). The higher the level is, the more confidence you can have that the security functional requirements have been met.
EAL4: Methodically Designed, Tested, and Reviewed.
Applies when developers or users require moderate to high independently assured security in conventional commodity products and are prepared to incur additional security-specific engineering costs.
AVA_VAN5 :Advanced Vulnerability Analysis
The evaluator performs penetration testing based on the identified potential vulnerabilities to determine that the system is resistant to attacks performed by an attacker possessing High attack potential.
According to Common Criteria this level is considered as the highest level of attack. This means that neither weaknesses nor breaches within hardware, software, and algorithms was found . All tests set have been successfully passed:
- Physical attacks,
- Streams attacks,
- Cryptanalysis attacks concerning algorithms and part of embedded software.
SafeAccess™ is EAL4+ because this level guarantees the robustness of the smart card couple Hard / soft. The level EAL4 is augmented with:
- Sufficiency of security measures (ALC_DVS.2),
- Advanced methodical vulnerability analysis (AVA_VAN.5)