TNO Certification is an independent body with access to the
expertise of the entire TNO-organization
TNO Certification is a registered company with the Delft
Chamber of Commerce under number 27241271
TNO CERTIFICATION
Date
December 2, 2008
Reference
NSCIB-PP-08-10381-CR
Subject Project number
10381
NSCIB-PP-08-10381
Certification Report
Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008
Reproduction of this report is authorized provided the report is reproduced in its entirety.
Laan van Westenenk 501
P.O. Box 541
7300 AM Apeldoorn
The Netherlands
Phone +31 55 5493468
Fax +31 55 5493288
E-mail: Certification@certi.tno.nl
BTW/VAT NR NL8003.32.167.B01
Bank ING at Delft
Bank account 66.77.18.141
stating ‘TNO Certification’
BIC of the ING Bank: INGBNL2A
IBAN: NL81INGB0667718141
number page date
NSCIB-PP-08-10381-CR 3 December 2, 2008
Table of contents
Table of contents ...........................................................................................................................................3
Document Information ...................................................................................................................................3
Foreword.........................................................................................................................................................4
1 Executive Summary...............................................................................................................................5
1.1 Introduction .......................................................................................................................................5
1.2 Evaluation and Certification Details ................................................................................................5
1.3 Protection Profile Identification........................................................................................................5
2 Certification Results...............................................................................................................................6
2.1 Protection Profile Overview .............................................................................................................6
2.2 Security Functional Requirements ..................................................................................................6
2.3 Assurance Requirements ................................................................................................................7
2.4 Results of the PP-Evaluation...........................................................................................................7
2.5 Evaluator Comments/Recommendations.......................................................................................7
3 Protection Profile ...................................................................................................................................8
4 Definitions ..............................................................................................................................................8
5 Bibliography ...........................................................................................................................................8
Document Information
Date of issue 2 December 2008
Author R.T.M. Huisman
Version of report 1.0
Certification ID NSCIB-PP-08-10381
Sponsor Inspectie Verkeer en Waterstaat
Evaluation Lab Brightsight BV
TOE name Beveilingsprofiel Boordcomputer Taxi
(PP-BCT) versie 1.0, 13 oktober 2008
TOE reference name PP BCT
Report title Certification Report
Report reference name NSCIB- PP-08-10381-CR
number page date
NSCIB-PP-08-10381-CR 4 December 2, 2008
Foreword
The Netherlands Scheme for Certification in the Area of IT Security (NSCIB) provides a third-party
evaluation and certification service for determining the trustworthiness of Information Technology
(IT) security products. Under this NSCIB, TNO Certification has the task of issuing certificates for IT
security products as well as protection profiles.
A part of the procedure is the technical examination (evaluation) of the product or protection profile
according to the Common Criteria assessment guidelines published by the NSCIB. Evaluations are
performed by an IT Security Evaluation Facility (ITSEF) under the oversight of the NSCIB
Certification Body, which is operated by TNO Certification in cooperation with the Ministry of the
Interior and Kingdom Relations.
An ITSEF is a commercial facility that has been licensed by TNO Certification to perform Common
Criteria evaluations; a significant requirement for such a license is accreditation to the requirements of
ISO Standard 17025, General requirements for the accreditation of calibration and testing laboratories.
By awarding a Common Criteria certificate, TNO Certification asserts that the protection profile
complies with the requirements for protection profile (PP) evaluation specified in the Common
Criteria for Information Security Evaluation. A protection profile is an implementation-independent
set of security requirements for a category of IT that meets specific consumer needs. The objective of
a protection profile evaluation is to ensure that the protection profile is complete, consistent,
technically sound and, therefore, suitable for use as the basis of security requirements for the relevant
category of IT.
Reproduction of this report is authorized provided the report is reproduced in its entirety.
number page date
NSCIB-PP-08-10381-CR 5 December 2, 2008
1 Executive Summary
1.1 Introduction
This certification Report states the outcome of the Common Criteria security evaluation of the
Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008 [PP]. It is intended to
assist prospective consumers when judging the suitability of the Protection Profile for their particular
requirements.
1.2 Evaluation and Certification Details
The Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008 is developed by the
Dutch Transport and Water Management Inspectorate (Inspectie Verkeer en Waterstaat) which is part
of the Dutch Ministry of Transport, Public Works and Water Management (Ministerie van Verkeer en
Waterstaat) and they also act as the sponsor of the evaluation and certification.
The protection profile has been evaluated by Brightsight B.V. located in Delft, The Netherlands and
was completed on 17 October 2008, The certification procedure has been conducted in accordance
with the provisions of the Netherlands Scheme for Certification in the Area of IT Security [NSCIB].
The certification was completed on 2 December 2008 with the preparation of this Certification Report.
The results documented in the evaluation technical report [ETR]1
for this protection profile provide
sufficient evidence that it meets the requirements for protection profile (PP) evaluations specified in
the Common Criteria for Information Security Evaluation. The evaluation was conducted using the
Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 2
[CEM], for conformance to the Common Criteria for Information Technology Security Evaluation,
version 3.1 Revision 2 [CC].
TNO Certification, as the NSCIB Certification Body, declares that the Beveilingsprofiel
Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008 evaluation meets all the conditions of the
Arrangement on the Recognition of Common Criteria Certificates and that the protection profile will
be listed on the NSCIB Certified Products list. It should be noted that the certification results only
apply to the specific version of the protection profile as evaluated.
1.3 Protection Profile Identification
Title: Beveilingsprofiel Boordcomputer Taxi (PP-BCT)
PP Version: 1.0, 13 oktober 2008
CC Version: 3.1 Revision 2 (September 2007)
CC Conformance Claim: Part 2 conformant, Part 3 conformant, EAL 3
Required conformance: Conformance claims to this protection profile
requires strict conformance
1
The Evaluation Technical Report contains information proprietary to the developer and/or the evaluator, and is
not releasable for public review.
number page date
NSCIB-PP-08-10381-CR 6 December 2, 2008
2 Certification Results
2.1 Protection Profile Overview
This Protection Profile “Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober
2008” is developed by the Dutch Transport and Water Management Inspectorate (Inspectie Verkeer en
Waterstaat) as a basis for the development of Security Targets in order to perform a certification of an
IT-product (TOE).
The “Boordcomputer Taxi” (BCT) is a control device intended for installation in cars that are use for
taxi transportation. Its purpose is to aid enforcement processes by electronic registration of the ride
administration and the working, drive and rest times and to make this information available on request
to authorized persons for verification.
The TOE has four modes of operation: operational mode, control mode, activation/inspection mode
and working mode. The operational mode has three operating levels: basic, working time and taxi
transport. When taxi transport is being offered or working time takes place the driver selects the
corresponding operating level. In the operational mode, operating level working time or taxi transport,
data is registered on the performed taxi rides and the working, drive and rest times of the driver. The
start and end of a ride is made known to the TOE by an active operating action by the driver. In
addition the loading condition (loaded/unloaded) shall be indicated.
Furthermore the TOE takes care of providing the basic data time and travelled distance, and the
position of the vehicle in all modes. In the operating level basic the registration of events is also
maintained. The operating level basic is a distinct operating level in the operational mode. In the other
modes the TOE integrates the basic functionality with the other functionality of the concerned mode.
The assets to be protected by a TOE claiming conformance to this PP are defined in the Protection
Profile [PP], article 3.3.3. Based on these assets the security problem is defined in terms of Security
Policies and Assumptions. This is outlined in the Protection Profile [PP], article 4.
These Security Policies and Assumptions are split into Security Objectives to be fulfilled by a TOE
claiming conformance to this PP and Security Objectives to be fulfilled by the Environment of a TOE
claiming conformance to this PP.
2.2 Security Functional Requirements
Based on the Security Objectives to be fulfilled by a TOE claiming conformance to this PP the
security policy is expressed by the set of Security Functional Requirements to be implemented by a
TOE. The security functional requirements are divided in a number of functional groups. Every group
contains one or more mutually coherent requirements. These groups are:
Ø Security roles: These define the different roles and modes of the TOE, and how these roles are
adopted.
Ø Identification an Authentication: These define how BCT-cards and other peripherals are
identified and where necessary authenticated.
Ø BCT-access policy: Here it is defined what needs to be recorded, and who is allowed to do
what with it.
Ø Signatures: Here it is defined how signatures are being requested from the System card and
BCT-card.
Ø Security audit: Here it is defined which system events are recorded and how these are
protected.
number page date
NSCIB-PP-08-10381-CR 7 December 2, 2008
Ø Protection of the BCT: Here it is defined how the physical protection of the BCT functions
and how the integrity is guaranteed.
The TOE Security Functional Requirements (SFR) are outlined in the [PP], article 6. They are all
selected from Common Criteria Part 2. Thus the SFR claim is called: Common Criteria Part 2
conformant.
2.3 Assurance Requirements
The TOE security assurance requirements claimed in the Protection Profile are based entirely on the
assurance components defined in part 3 of the Common Criteria for the Evaluation Assurance Level 3
package. Thus the SAR claim is called: Common Criteria Part 3 conformant, EAL 3 conformant.
(for the definition and scope of assurance packages according to CC see [CC], part 3 for details).
2.4 Results of the PP-Evaluation
The evaluation lab determined that the claims as made in the Protection Profile “Beveilingsprofiel
Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008” are in conformance with the
requirements for Protection Profiles as specified in class APE of the CC.
The evaluation lab has performed all APE work units in accordance with the APE section of the CEM
and recorded its findings in an Evaluation Technical Report [ETR]2
.
2.5 Evaluator Comments/Recommendations
There are no specific Evaluator Comments or Recommendations.
2
The Evaluation Technical Report contains information proprietary to the developer and/or the evaluator, and is
not releasable for public review.
number page date
NSCIB-PP-08-10381-CR 8 December 2, 2008
3 Protection Profile
The Protection Profile “Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13 oktober 2008”
is included here by reference.
4 Definitions
This list of Acronyms and the glossary of terms contains elements that are not already defined by the
CC or CEM:
BCT Boordcomputer Taxi.
CC Common Criteria
ITSEF IT Security Evaluation Facility
NSCIB Nederlands Schema voor Certificatie op het gebied van IT-Beveiliging
PP Protection Profile
TNO Netherlands Organization for Applied Scientific Research
TOE Target of Evaluation
5 Bibliography
This section lists all referenced documentation used as source material in the compilation of this
report:
[CC] Common Criteria for Information Technology Security Evaluation, Parts I, II and III,
version 3.1 Revision 2, September 2007
[CEM] Common Methodology for Information Technology Security Evaluation, version 3.1
Revision 2, September 2007.
[ETR] Evaluation Technical Report, Boordcomputer Taxi Platform Protection Profile version
1.0, 17 October 2008 (08-RPT-270 v1.0 ETR-PP-BCT).
[NSCIB] Netherlands Scheme for Certification in the Area of IT Security / Nederlands schema
voor certificatie op het gebied van IT-beveiliging, Version 1.2, 9 December 2004.
[PP] Protection Profile “Beveilingsprofiel Boordcomputer Taxi (PP-BCT) versie 1.0, 13
oktober 2008”