Challenges in Fuzzing RFC 1149

Greg McLearn Common Criteria, Humour

Conan Hoye and Greg McLearn contributed to this article.

At Lightship, we test a lot of NDcPP-compliant products. As part of those evaluations, we are required, as per Appendix A in the Supporting Document, to perform network fuzzing against the in-scope IP networking stacks. Recently we had a rather unique TOE which claimed conformance against RFC 1149 for one of their remote management interfaces.

Read More
ndcpp-v2-1-technical-decisions

NDcPP v2.1 endorsed by NIAP but which TDs apply?

Lachlan Turner Certifications, Common Criteria

[March 14, 2019 update] The NIAP list of TDs is now up to date with NDcPP v2.1 attribution.

NIAP announced their endorsement today of version 2.1 of the Network Device collaborative Protection Profile. We’ve previously described the changes in NDcPP v2.1. In this post, we look at which NIAP Technical Decisions (i.e. interpretations / minor edits) will still apply to this new version.

Read More
ndcpp-are-you-a-good-network-citizen

NDcPP – Are You A Good Network Citizen?

Jason Lawlor Certifications, Common Criteria

Vendors undertaking a Common Criteria project for the first time are often surprised by the scope and focus of the testing for a Network Devices collaborative Protection Profile (NDcPP) CC evaluation. Lightship’s Technical Director, Greg McLearn often refers to the testing involved in the NDcPP as “ensuring that the product is a good network citizen”. This is the NDcPP philosophy.

Read More
what’s-changed-since-ndcpp-v1-0

What’s changed since NDcPP v1.0?

Lachlan Turner Certifications, Common Criteria

[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP.

There are 41 products listed on the NIAP PCL that are compliant with the collaborative Protection Profile for Network Devices (NDcPP) v1.0.  These PCL listings will all expire within the next year or so. What can these vendors expect when updating their certifications from NDcPP v1.0 to NDcPP v2.0e? In this post, we examine the changes that have occurred to the NDcPP to help answer this question.

Read More

Preparing for FIPS Validation – Common Pitfalls

Jason Lawlor FIPS 140-2

In this multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the “origins” of a cryptographic module and the design requirements for FIPS 140-2 compliance. The tutorial also touches on self-tests and the concept of FIPS 140-2 “modes of operation” including Approved, non-Approved, and Mixed Modes. Stay tuned for further installments.

Read More

Welcome to the NIAP TLS 1.1 Functional Package

Greg McLearn Uncategorized

Edit 20-March-2019: NIAP published a v1.1 of the Functional Package which addresses many of the item discussed in this blog. The title of the blog is updated and ambiguities previously found are corrected where they’ve been addressed.

NIAP recently released their first, and widely anticipated, modular protection profile package targeting the TLS communication protocol. This package is not meant to stand on its own and is designed to be included within new versions of NIAP protection profiles. While it is unlikely to be explicitly referenced by collaborative Protection Profiles (cPP), the requirements will almost certainly be highly similar.

Read More
arrows up for Lightship

Execution and Ambition – Year in Review

Jason Lawlor Lightship News

December marks the 3-year anniversary of the founding of Lightship.  As such, we’ve been taking stock to consider our progress, challenges and future plans.

First the good news.  In 2018, Lightship was able to successfully execute on the following: 

  • Became the 5th and only independently owned and accredited Common Criteria lab in Canada 
  • Completed our accreditation to become 1 of 22 FIPS 140-2 labs worldwide 
  • Completed one of the fastest formal NDcPP v2 end to end CC evaluations ever completed in North America 
  • Secured development funding from the Government of Canada for Greenlight test automation innovations 
  • Added more modules and utilities as part of the Greenlight platform to improve reporting, ease of integration and usability for us and our clients 
  • Added critical mass to our development and delivery team to support our growing client base
  • Earned the certification business of several new domestic and international industry leading security vendors through our modernized and automated Functional Gap Analysis offering and end to end expedited CC certification methodology

Read More

mother-of-common-criteria-pps-ndcpp

The Mother of All NIAP Protection Profiles – NDcPP

Lachlan Turner Certifications, Common Criteria

We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this:

  1. It is the most widely used Common Criteria Protection Profile in North America (given its generic applicability)
  2. It is the forerunner for most NIAP Approved Protection Profiles which re-use a large portion of the NDcPP Security Functional Requirements (SFRs)

Now, we have automated the testing not only for NDcPP but also several other Protection Profiles by virtue of this SFR re-use.  Below we present an analysis of the re-use of NDcPP requirements across NIAP Approved Protection Profiles (all but a few).

Read More

irap2018

Government of Canada Funding for Greenlight Conformance Test Automation

Jason Lawlor Common Criteria, Lightship News

As part of our continued commitment to develop innovative certification automation solutions, Lightship Security is pleased to announce that it has received additional development funding from the National Research Council of Canada Industrial Research Assistance Program (NRC IRAP).

The NRC IRAP support will be used by Lightship to provide advanced functionality of our industry first Conformance Automation Platform – Greenlight, specifically to support our growing list of clients with continuous certification readiness through automated functional pre-testing.