Wednesday, November 23, 2022

The International Common Criteria Conference (ICCC) 2022

After two years of virtualized conferences, the ICCC was back in person once again. The ICCC 2022 was held from November 15-17 in Toledo, Spain. It was a welcoming feeling to meet face-to-face with our customers, certification bodies, and peers alike. We reconnected with familiar faces and made new friends.

The biggest highlights of the ICCC 2022 included the publication of the new Common Criteria version (CC:2022 Release 1) and its companion CEM:2022 along with their transition policy on the Common Criteria Portal. There were also many presentations with focus on the European Common Criteria (EUCC) scheme. Another highlight was NIAP’s statement on the NSA’s Commercial National Security Algorithm (CNSA) Suite 2.0.

In addition to hosting a booth, we had representatives from many of our branch offices including Germany, Italy, Sweden, and United States in attendance. A handful of our colleagues participated in the Common Criteria Users Forum (CCUF) Workshop held a week prior to ICCC and gave well-received presentations on various interesting topics at the conference.

  • When the CCMB is Knocking on your Door – Michael Vogel
  • Confidential Security Evaluation Environment – Cheng Jiang & Luis Barringa (Erricson)
  • Mobile Device Evaluation? Which PP? – Rasma Mozuraite Araby
Our colleague Yi Mao moderated an expert panel discussion Evaluation of the Cryptographic Standards Ecosystem, which addresses the demands and challenges of the current cryptographic standards and their connections to Common Criteria Evaluations. Yi Mao was also a panelist in the Labs AMA (Ask Me Anything) session.

Moreover, our atsec colleagues moderated several presentation sessions:
  • Updates from Schemes and ITCs – Yi Mao
  • Cybersecurity Certification Schemes Landscape – Michael Vogel
  • CC in New Domains – Michael Vogel


The ICCC 2022 started and ended with great synergy. We very much look forward to the next ICCC on October 31 – November 2 in Washington D.C., USA.

Thursday, October 27, 2022

BSI approves core security functions of iPhone and iPad

We want to draw your attention to the following publication issued by the German Federal Office for Information Security (BSI):

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221005_Apple_Sicherheitsfunktionen.html 

In a nutshell for the non-German readers, the article states that Apple has agreed to an independent evaluation of the core security functions of iOS and iPadOS by BSI. This evaluation has been conducted according to the national requirements on equipment to be used for handling classified information. These requirements are comparable to the standards and the methodology of Common Criteria. The evaluation results confirm the effectiveness of the core security functions integrated in iOS and iPadOS. This includes also Apple's first party apps for email, calendar and contacts. As a result, off-the-shelf iPhones and iPads are cleared for governmental use of German authorities including handling of classified information up to the level "Nur fuer den Dienstgebrauch" (VS-NfD) as long as the requirements specified for the operational environment are fulfilled. BSI and Apple have agreed to continue their collaboration and that future versions of iOS and iPadOS will regularly undergo follow-up evaluations. 

atsec participated in this project on the one hand by performing evaluation activities by a team of approved evaluators and on the other hand by providing consultancy through an independent team of consultants to achieve this milestone.

Monday, October 17, 2022

atsec at the International Common Criteria Conference 2022 in Toledo, Spain

 

The 21st International Common Criteria Conference (ICCC 2022) will be held from November 15 to 17, 2022, in Toledo, Spain.

As always, atsec information security looks forward to opportunities for networking and exchanging ideas with our peers in Common Criteria and in the IT security community alike. After two years of virtual conferences, we are excited for the chance to do so again in person.

Our colleagues will be presenting on various interesting topics:

  • When the CCMB is Knocking at Your Door (A20a)
    Michael Vogel, Managing Director, atsec information security, Germany
  • Mobile Device Evaluation? Which PP? (A31b)
    Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden
  • Confidential Security Evaluation Environment (A13a)
    Cheng Jiang, Principal Consultant, CC evaluator, atsec information security, Sweden

In addition, we will also be moderating the following panel discussion:

  • Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b)
    Moderator: Yi Mao, Managing Director, atsec information security corporation, United States

We invite you to visit our booth at the conference to learn more about us as well as our role and contribution to the international IT security standard community.

Monday, October 10, 2022

atsec is recognized as a SCAS Testing laboratory in the German NESAS certification scheme



As one of the first companies in Germany, atsec has become a certified evaluation laboratory in the German Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme - German Implementation (NESAS CCS-GI) scheme maintained by BSI (Bundesamt für Sicherheit in der Informationstechnik). This certification scheme is based on the Groupe Speciale Mobile Association (GSMA) NESAS, in which atsec can perform security testing (i.e., SCAS testing) for security-critical 4G/5G telecommunication equipment.

NESAS is an effort to provide an industry-wide security assurance framework to facilitate improvements in security levels across the whole industry. It defines security requirements and an assessment framework for secure product Development and Product Lifecycle Processes as well as security test cases for the security evaluation of network equipment. The security requirements have been defined and are being actively maintained by 3rd Generation Partnership Project (3GPP), a global consortium of standardization organizations as well as industry partners around the world.

A successful certification under NESAS CCS-GI will provide the product vendor with a certificate from BSI to assure customers that the requirements mandated by the standard are fulfilled. The equipment types/functionality eligible for certification are:

-    access and mobility management functions (MME/AMF)
-    base station software (eNB, gNB)
-    IP Multimedia Subsystems (IMS)
-    Packet Data Network Gateways (PGW)
-    Network Slice-Specific Authentication and Authorization Function (NSSAAF)
-    User Plane Functions (UPF)
-    Unified Data Management functions (UDM)
-    Session Management Functions (SMF)
-    Authentication Server Functions (AUSF)
-    Security Edge Protection Proxies (SEPP)
-    Network Repository Functions (NRF)
-    Network Exposure Functions (NEF)
-    Non-3GPP InterWorking Functions (N3IWF)
-    Network Data Analytics Functions (NWDAF)
-    Service Communication Proxies (SCP)

The SCAS testing not only covers security functions that are specific to a certain network product but also focuses on a broad set of security aspects like authentication and authorization between components within the 5G core network, robustness in overload or malicious input scenarios, as well as general hardening configurations of the involved computing platforms.

atsec is now in a unique position to be able to provide Network Product evaluations under the NESAS CCS-GI and GSMA NESAS schemes. The requirements for both schemes are very similar, and it will enable atsec to provide more efficient and cost-effective services for vendors that select atsec as a single lab provider for both schemes.

The achievement of becoming an approved IT security provider in the NESAS CCS-GI scheme extends the scope of our general Common Criteria laboratory competence, and it is a logical next step in atsec's continuous activity in the telecommunication area.

atsec is one of two German NESAS CCS-GI laboratories:
https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Zertifizierung-und-Anerkennung/Listen/Liste-NESAS-Pruefstellen/liste-nesas-pruefstellen_dvl.html

GSMA NESAS test laboratories:
https://www.gsma.com/security/nesas-authorised-test-laboratories

atsec is one of two GSMA NESAS-appointed auditors:
https://www.gsma.com/security/nesas-appointed-auditors

There is talk on making network equipment more resilient:
https://www.gsma.com/services/resources/building-resilience-into-network-equipment-securityshowcase-live-5

Monday, September 26, 2022

New Cyber Resilience Act in EU


On September 15, 2022, the EU Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. This EU legislation introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.

The EU legislation will impose:

  • (a) rules for the placing on the market of products with digital elements to ensure their cybersecurity;
  • (b) essential requirements for the design, development and production of products with digital elements, and obligations for economic operators in relation to these products;
  • (c) essential requirements for the vulnerability handling processes put in place by manufacturers to ensure the cybersecurity of products with digital elements during the whole life cycle, and obligations for economic operators in relation to these processes. Manufacturers will also have to report actively exploited vulnerabilities and incidents;
  • (d) rules on market surveillance and enforcement.

The proposed regulation will apply to all products that are connected either directly or indirectly to another device or network.

The European Parliament and the Council will examine the draft Cyber Resilience Act. Once adopted, the economic operators and Member States will have two years to adapt to the new requirements. However, the reporting obligation on manufacturers regarding actively exploited vulnerabilities and incidents will apply one year from the date of entry into force. Essential Cybersecurity Requirement and Vulnerability handling requirements are provided in Annex of the proposed new Cyber Resilience Act (provided as a separate document in the link below).

Please see Factsheet on the EU Cyber Resilience Act and Proposal for a Cyber Resilience Act for more information.

Monday, September 19, 2022

The Tenth International Cryptographic Module Conference

The 10th International Cryptographic Module Conference (ICMC) was held from September 14th to 16th 2022, at the Westin Arlington Gateway in the Washington, D.C. area. Yi Mao, Managing Director for atsec information security, wrote the welcome letter in this year's program:

Dear ICMC 2022 Participants,

A very warm welcome to the tentth annual ICMC! In September 2013, atsec initiated the first ICMC in a frugal Holiday Inn in Gaithersburg, Maryland, only 1.4 miles away from the NIST campus, to maximize their attendance. We had a total of 163 participants at the first ICMC. This tenth conference is recovering to the pre-COVID level, with close to 400 participants.

The ICMC has been growing healthier and stronger every year with more sponsors, users, labs, and vendors from all market segments worldwide. The spirit of the conference hasn’t changed since its inauguration: it is a platform where we improve the communication among all parties involved in designing, implementing, using, testing, and validating crypto modules, and where issues are discussed, and proposals are heard. The ideas sparked at the ICMC foster fruitful results from the various Cryptographic Module User Forum (CMUF) working groups. As we celebrate this historic tenth year of our endeavor, we acknowledge the NIST CMVP/CAVP and the CCCS CMVP as well as many individuals whose significant contributions built the cryptographic module validation community in the past decade. Whether a veteran or a newcomer in this field, everybody is a winner at the ICMC through collaboration!

Nowadays, many of our daily activities have been moved from the physical, tangible world to its digital counterpart in cyberspace. The COVID pandemic pushes us to be even more dependent on the internet. The demand for information security has reached the highest level ever. Modern cryptography, a fascinating interdisciplinary field of mathematics, computer science, and electrical engineering, offers an answer to information security and underpins our online commerce, privacy, and national security.

We witness rapid developments as new algorithms and protocols emerge, replacing their predecessors. The Entropy Source Validation (ESV) program has been set up for full service, replacing ENT labels on the CMVP certificates. The transition to the FIPS 140-3 standard is complete, and FIPS 140-2 reports are no longer accepted. Embracing change seems to be the only unchanging principle to stay relevant into the future.

It’s exciting to see the industry embracing cryptography and our society demanding validated crypto modules. Still, we face the challenge of having a long review pending queue in the validation process. To avoid becoming a victim of our success, we need to find a collaborative solution with a spirit of innovation to automate the CMVP. The ICMC brings together inspired people in this vibrant field to ensure we navigate the cutting edge successfully.

We also commemorated our dear friend and colleague, Dr. Bertrand du Castel with a blog post containing heartfelt memories of his life and genius. Please read the blog article here.

The conference itself started off with the opening ceremony by Sal la Pietra, President and Co-Founder of atsec information security.

Sal gave out commemorative golden coins in recognition of the distinguished contributors to the success of the ICMC and the growth of CMUF. 

The ICMC was three information packed days where we saw familiar faces and made new friends. As a platinum sponsor of the ICMC, atsec had a strong presence with a booth and six well-received talks:

  • The Rust Cryptographic Library Ecosystem - Joachim Vandersmissen
  • Fitting Token-Based Authentication to FIPS 140-3 - Yi Mao & Volker Urban (IBM)
  • Out of Bounds - A Look into FIPS 140-3 Boundary Definitions and Requirements - Renaudt Nunez
  • 360° View of FIPS 140-3 Certification - Swapneela Unkule
  • Protocol-Related Rules Enforcement in FIPS Validations - Stephan Mueller
  • Experiences with the Entropy Source Validation - Marcos Portnoi

Our atsec colleagues also moderated several presentation tracks:

  • Crypto Technology - Yi Mao
  • Random Bit Generators (RBG) - Marcos Portnoi
  • Certification Programs - Yi Mao
  • Post-Quantum Crypto - Dave Cornwell

At the closing ceremony, atsec also presented two dozen silver coins and Bertrand’s book to those who scored high in our "Your contribution is key to winning" game. Winners demonstrated their significant contributions to the ICMC and CMUF through their answers to the game questions and their presence at the ICMC22 closing meeting. We thank you for your participation in the game.


Overall, the tenth annual ICMC was a great success and we are looking forward to the ICMC23 on September 20 through 22 in Ottawa, Canada.

Thursday, September 15, 2022

Protocol Rule Enforcement & Module Scope

 Stephan Müller's presentation at the 2022 ICMC.

Wednesday, September 14, 2022

ICMC and Dr. Bertrand du Castel

by Dr. Yi Mao
 

Sal La Pietra, the President and co-founder of atsec information security (atsec), opened the tenth annual International Cryptographic Module Conference this morning at Westin Arlington Gateway in the Washington D.C. area. The theme of his opening speech was that everyone is a winner through collaborative work. All ICMC participants received a bronze medal. Ten trophies, each of which has an embedded gold medal, were awarded to the NIST CMVP/CAVP and CCCS CMVP and eight individuals for their significant contributions to the cryptographic module validation community in the past ten years. Twenty-five silver medalists will be announced at the ICMC closing meeting on September 16.

At this joyful moment, I deeply miss one person:  Dr. Bertrand du Castel. I wish we could invite him back as our distinguished guest, to witness this conference's growth and celebrate its success, but sadly he is no longer with us. I know that he would be proud to see the profound impact of his keynote speech at the conference's inauguration in 2013 (https://www.youtube.com/watch?v=Of6yHI8sygI) on the development of this community. The address carried his hallmark breadth of knowledge, connecting technology to fine art and humanity, sprinkles of metaphors, and a pinch of dry humor. It feels just like yesterday we were listening to him talk about two "elephants" and a bunch of "flamingos," where only one flamingo calls out "Key Distribution," and the rest of the group repeatedly calls for "Trust." Where do we place the trust in the cryptographic module: on embedded devices, in the cloud, or both? Seeking answers to the question he raised and the endeavor of driving "elephants" out of the room has become the force pushing cryptography to be part of the solution.  

Bertrand was a Schlumberger Fellow and widely recognized as a "keeper of the scientific soul" of that organization. In 2005, he won the Visionary Award from Card Technology Magazine for pioneering the Java Card (https://www.slideshare.net/BertrandduCastel/2005-visionary-of-the-year-award-49010879). He accomplished his mission to break smart cards away from the limitations of proprietary platforms through embracing open standards. It was a pivotal step that caused the smart card industry to flourish, ensuring that these cards were used in every corner of the internet. Bertrand headed the team that created Java Card, helped build the Java Card Forum to manage the software platform, led work on one of the industry's first internet smart cards, and co-founded the WLAN Smart Card Consortium to promote the use of smart cards on Wi-Fi networks.

Java Card is a software technology that allows Java-based applications (applets) to be run securely on smart cards and, more generally, on "secure elements" (SE) with small memory footprint cryptographic tokens. Java Card addresses hardware fragmentation while retaining code portability brought forward by Java.


As an open standard backed by leading smart card manufacturers, including Thales, Java Card offers the best security of its kind via data encapsulation, Applet firewall, and Cryptography. A brief review of the history highlights the connection between today's Java Cards manufactured by Thales and the first Java Card invented in 1996 by Bertrand's team in the Schlumberger Smart Card division, which was carried through Axalto and Gemalto eras into Thales. According to Oracle, nearly six billion Java Card-enabled devices are rolled out each year.

In 2013, when atsec had the initiative to launch an International Cryptographic Module Conference, Bertrand was at the top of our list for a keynote speech. As a highly respected leading figure in the smart card industry who had accrued significant recognition and honors for his work, we wanted him to share his vision of cryptographic module validation and shed some light on the path forward. He agreed to help us with the first ICMC with a blunt and honest statement, "I can only give an outsider's view because I do not know cryptographic module validation." Adding to it, he said, "I'll say what I want to say, say it, and say what I said. My presentation will be confusing. Do you still want me to do it?" "Yes, Bertrand!"

Having worked with Bertrand for almost six years at the Schlumberger/Axalto/Gemalto time, I benefited tremendously under the tutelage of a master. He had a great zest for a broad spectrum of knowledge ranging from neural science, computer science, logic, artificial intelligence, software engineering, linguistics, fine art, and history of humanity and civilization (see Bertrand's publications here: https://www.researchgate.net/profile/Bertrand-Du-Castel). He is well known for throwing out unconventional questions, sparking heated discussions, and building consensus toward a promising solution. After decades of pioneering research in various topics, with ups and downs in the industrial job position (nowadays, some companies may prefer today's profit to a scientific soul keeper advocating tomorrow's view from the top), his curiosity and passion still burned bright.

Good questions often lead to great discovery. Sorting out the "confusion" Bertrand left us in his speech could be a scenic path to fruitful results. To set off the ICMC with an open and inclusive start, we welcomed an "outsider's" view, which could be insightful. A Chinese quatrain by the famous poet Su Shi in the Song dynasty fittingly and metaphorically captures the situation where the insiders may get lost in sight. Its English translation (based on the translations provided by Burton Watson (link) and Hongfa Huang (link)) is roughly the following:

From the side, a whole range; from the end, a single peak:
Far, near, high, low, no two parts alike.
It's so hard to tell the true face of Mount Lushan,
Because this very mountain has had me right inside.

I was a complete outsider to the smart card industry, and information security in general, when I first met Bertrand in the Fall of 2000. I was a Ph.D. candidate in the Department of Philosophy studying at UT-Austin with an expected Master of Science degree in Computer Science by the end of the year. A friend of mine, who was helping Bertrand interview job candidates, thought a candidate would be extremely lucky if s/he would work for such a brilliant boss who encouraged creativity, innovation and risk-taking, and actively applying Darwin's evolutionary theory to computing history in a collegial, academic environment. I begged her to introduce me to Bertrand. My wish was soon granted.

On a sunny autumn afternoon, I visited the award-winning Schlumberger Austin campus (https://jacksonmcelhaney.com/projects/schlumberger-asc) on 620 Ranch Road (the current site of the Concordia University campus). The campus had six buildings, named with the letters A–F, connected by covered walkways and encircled by a trail winding through a massive nature preserve encompassing natural springs, wetlands, caves, dense trees, and lots of wildlife. The ivy leaves and wildflowers were like curtains and carpets decorating walkways. Bamboo and other indoor plants grew inside buildings awash in natural light from large windows and copious skylights, threaded with staircases. A wooden bridge swung above a rushing stream, where you could hear birds chirping or watch passing satellites at night. Hiding in the middle of a forest, who would have guessed cutting-edge smart card technology led by an innovative mind would emerge from such a place? I met Bertrand in his office in Building F. His office had two sides of huge, ceiling-to-floor glass windows. He said deer would come to his windows. Perhaps that was why he always had Darwin's evolutionary theory in his mind, as nature was fully displayed to him.

I was somewhat nervous when I first talked to Bertrand, partly because I couldn't decipher his jokes and partly because I was not used to his French accent (in fact, any French accent). He quickly scanned through my résumé and focused on one of my published papers about Saussure's semiology and his interpretation of the meaning of words. I explained that in Saussure's notion, the word 'tree' does not refer to a tree as a physical object but to the psychological concept of a tree. The linguistic sign thus arises from the psychological association between the signifier (a 'sound-image') and the signified (a 'concept'). There can, therefore, be no linguistic expression without meaning but also no meaning without linguistic expression. I continued by claiming that Saussure's concept of structural linguistics shed light on how language shapes our concepts of the world and that it influenced but was later replaced by Chomsky's Universal Grammar. Bertrand disagreed. He argued that he was in one of Chomsky's seminars when Chomsky toured Europe in the 70s. Chomsky criticized structuralism and made it clear that his modern approach to linguistics was not rooted in it. I replied that Chomsky's criticism of structuralism was directed at the Bloomfieldian school, known as "American structuralism," which should not be confused with Saussure's structuralism. Bertrand opened up the internet, and after a few clicks, the references we read together supported my argument.

Our meeting ended with Bertrand asking me, "Do you want to work here with me?” I replied, “Of course, but you haven't asked me questions about programming and computer science." My voice was filled with surprise and excitement. Bertrand looked at me and said, "You have convinced me, but you need to convince people here that you know what you know and you can make others know what you know but they previously did not know."

A couple of weeks later, I gave a presentation to people from the smart card group and the oilfield services group. My topic was non-monotonic reasoning in our daily argument using natural language instead of monotonic reasoning in mathematical proofs. Bertrand was very selective in hiring, and such a presentation was a must. I learned later that he was a graduate of Ecole Polytechnique with a Ph.D. from the University of Paris. These are the most prestigious universities in France, and people who graduate from those institutes are considered the "crème de la crème." Through his unique hiring process, he gathered a team of intellectuals with diversified backgrounds and knowledge who shared the passion for achieving the best.

Years later, I am on the other side of the interview table. Learning from Bertrand, it also became atsec's hiring requirement for a job presentation. The focus is not on the presentation content per se but the presentation style. It serves as a vehicle to measure the candidate's ability to think independently, articulate the problem, communicate the solution, and respond to questions, comments, or even criticisms from the audience.

Working under Bertrand's leadership was a dream job. I was fortunate to start my professional career with such a fantastic mentor. He was best at protecting the engineers from upper management, helping them do their job, giving them room to innovate, and providing them funds for expensive books and trips to conferences. His management style was leading by doing. It would be one's lucky day if he popped into your office and started a mind-blowing conversation with you. On one of my lucky days, he wrote the following group of sentences on my blackboard intermingled with my seven-layer Open Systems Interconnection (OSI) model and cryptography used in TLS/SSL layer already on the board:

•    The rocket reached the top of its trajectory.
•    The trajectory of the rocket reached its top.

•    The sun is bright.
•    Mary is bright.

•    Arrows fly.
•    Birds fly.


He asked why both sentences in each pair were correct but their meanings differed, and that was the beginning of our joint paper on Generics and Metaphors Unified under a Four-Layer Semantic Theory of Concepts (https://www.researchgate.net/publication/234076899_Generics_and_Metaphors_Unified_under_a_Four-Layer_Semantic_Theory_of_Concepts).

Unlike the tension commonly seen between employees and their managers, talking to Bertrand and sharing our thoughts with him were the highlights of a working day. How he motivated the team seemed like magic but also came so naturally from him. Without being asked, we all voluntarily wanted to show him our ideas, draft papers, demos, and prototypes. More often than not, he disagreed with our initial proposals with laser-sharp comments, but eventually a solution would emerge. In summer months when he went to Europe, we felt the office became too quiet and we missed the thought-provoking discussions with him. He was an enabler of innovators through working with and nurturing us. He was always thinking, and thinking made him happy. This happy thinking habit proved to be contagious, and I’m indebted to him for inheriting it.

In the first three years working in Bertrand’s department, my team lead and I, just two of us, covered the entire North American market for smart card personalization needs including a variety of industry sectors: SIM cards for telecommunications, banking cards for electronic payment, transportation cards, identity cards, healthcare cards, passports, and driver’s licenses. In the meantime, I completed my Ph.D. by working late evenings, weekends, and holidays. What I learned from Bertrand was to love what you do.

Loving what we do is the most powerful motivation shared among atsec colleagues. I manage the technical and company cultural training program for our newcomers, through which a clear message is delivered to every new addition to our team: it is not just an eight-hour job but a professional career to be built with passion and love. atsec values Bertrand’s “leading by doing and sharing” management style and follows its spirit. One indicator for loving what we do is our annual ICMC clips (https://www.atsec.com/media/index.html). Every year I had Bertrand preview our clip for his feedback until I no longer could. In one of his email replies, he commented, “The video is great…a superb way to communicate to the core.”  

The best ideas are the well communicated and received ones. The ICMC clips use a joyful tone presenting challenges faced by the cryptographic module validation community coupled with feasible solutions. Clips demonstrate atsec’s expertise in FIPS and show our passion and love using our talents in art, music, and humorous and metaphorical language. We at atsec work hard and laugh loud, which often reminds me of the days working with Bertrand. The difference is that Bertrand had to protect his engineers from upper management; at atsec, the upper management protects our colleagues.

The picture below illustrates the roll-up panels that we are displaying at our ICMC booth this year: 



Competence, Experience, Contributions, Founding, Leading, and Bridging are the common words applicable to both Bertrand’s team who made a breakthrough in card technology and atsec’s team who build up the module validation community. It’s apparent that Bertrand’s spirit lives through us, who have learned a great deal from him and are teaching our fellow colleagues just the same.

For those who didn’t get a chance to know Bertrand, atsec will provide Bertrand’s book “Computer Theology: Intelligent Design of the World Wide Web,” co-authored with Tim Jurgensen. Published in 2008, the book describes a theology of the World Wide Web based on a comparative study of human societies and computer networks. His ideas are worth studying and spreading. We will provide a paper copy to Gold and Silver medalists at the ICMC. If you would like to receive a paper copy, please contact us at cst-info@atsec.com.




We took this opportunity collect some deeply touching stories and insightful quotes from a few of Bertrand’s former colleagues and friends.

For Maria Nekam, Bertrand’s long-time assistant, his passing seemed and still seems impossible. Her most memorable interactions with Bertrand were those joyful moments when they talked of butterflies, Klimt, and Johnny Hallyday. For many, including Maria, Bertrand was the lodestar - a man for whom the motto "Live Curiously" was written.

Tim Jurgensen, Bertrand’s book co-author and long-time collaborator, wrote:

“I first met Bertrand in 1978, shortly after he joined Schlumberger. I had been working there for a few years at that time. Over the course of my career, I worked with Bertrand and for him. During that career I once surmised that I had "lived" in Paris, Bertrand's "home town," for over two years, one week at a time. My trips to Paris were almost always at least one week in duration, and I made over 100 trips.

I loved to walk in Paris and I spent many days roaming the neighborhood where Bertrand lived his early years. Now, I grew up in a small town in western Oklahoma. I used to joke with Bertrand that between the two of us, we spanned a significant part of "world culture," from the simple to the sublime.  He took this to heart to the extent that a few years before he died, in the course of a driving vacation one summer, he spent a day visiting my home town in western Oklahoma. I think he was searching for an understanding of my "grounding".

For many years, I traveled with Bertrand to Java Card Forum meetings around the world. On most of those trips, on the night before we would return to the United States Bertrand would take me, and sometimes others, out to dinner at a restaurant he thought "interesting."  On one such occasion in Marseille he took me to dinner at a seafood restaurant in the harbor area. When we arrived he announced "Most people come to this restaurant for the bouillabaisse, but you shouldn't have the bouillabaisse here!" So, I didn't.

As we were eating, I asked Bertrand why we weren't having the bouillabaisse? He responded "Bouillabaisse is an historic dish created here in Marseille and it uses only the fish, or parts of fish, that the fishermen could not sell. It is intended to show the creation of an exquisite dish from the most common ingredients. At this restaurant, they make their bouillabaisse from only the best fish.

Bertrand was a thinker of novel thoughts and an accomplished innovator. However, he was firmly grounded in historical perspective and culture."


Bertrand’s talent for unifying seemingly opposite personality traits is echoed in Krishna Ksheerabdhi’s comments:

“Bertrand was one of a kind - in the very true sense of the expression. Intellectual but pragmatic. Creative but structured. Strict but empathic. Mercurial but deeply calm. It was these paradoxical traits that made him unique. It also made him work on challenging problems and often succeed in solving them.”


Karen Lu remembered Bertrand:

“Bertrand was brilliant. He was always thinking but did not limit to his own mind. He liked to ask questions and listen to other people’s thoughts, which might support, be different, or be against his ideas. I used to work in a separate division from Bertrand’s in Schlumberger and a completely different field. Still, he often invited me to interview his candidates or listen to their presentations. He would then ask, what do you think? In January 2002, a new Advanced Smart Card Research group was established under Bertrand’s leadership. My colleagues and I were selected to join. It was not because we were smart card experts but, in Bertrand’s words, “because you know nothing about smart cards!” He wanted fresh thinking and new ideas.”


Amy Price shared her remembrance:

“The time I spent at Schlumberger Austin was a magical time for me, and Bertrand was a big part of that. We all recognize that Bertrand was brilliant, creative and a seeker of knowledge and truth. But for me, he was the first leader I’d ever met who truly embraced diversity. And I don’t just mean intellectual inclusivity – he recognized key traits, skills and capabilities of all kinds in people and intentionally (and thoughtfully) put them to their best and highest use within the collective he built. It was true diversity before anyone thought to call it that – and it brought out the very best in all that knew and worked with him. I believe that breakthrough thinking and innovation are best rooted in a diverse organization – and Bertrand made sure that he constructed just that. It not only contributed to the incredible work – having a great and incredibly loyal team let him soar to new creative and intellectual heights.

On a personal level, Bertrand made it easy for me to be my ‘whole self’ – from technologist to communicator to artist – and to bring all my intellectual muscles to our discussions, which were especially fruitful during lunches on the back deck. I will never forget the discussion we had about figures – dancers – painted on ancient pottery that he asserted were the earliest form of graphic communication. That is, until I mentioned cave paintings. Next time we talked, we had a great conversation about cave paintings. But again, that was Bertrand simply being open to embracing learning and new data. Underneath that occasionally argumentative exterior, Bertrand was one of the kindest people I’ve ever known. And I was struck when I realized for the first time how clear and brilliant blue his eyes were under those tinted lenses he favored. Thank you, Bertrand, for being both an advocate and a friend.”


Fiona Stewart remembered Bertrand:

“When I first met Bertrand, I was working for Schlumberger. In those days, ‘Management by Objectives’ was a much-loved philosophy.
I recall my objective set by Bertrand was simple: “ISO 9001. You do the BS!”  Bertrand, thank you! I am still doing ISO 9001, ISO 27001, as well as Common Criteria and FIPS 140-3, and yes, I am still doing the BS ;) This was the best objective of my life."


Elizabeth Dahan showed how much she loved Bertrand and enjoyed working with him during her days at Schlumberger. She wrote:
 

“I worked directly under Bertrand for 6+ years with many roles: webmaster of Cyberflex.com and Reflexreaders.com, ‘owner’ and customer support of the Smartcards webstore, graphics designer, and the maintainer of the Cyberflex discussion forum. Bertrand called me ‘the Marketing arm for the whole team."

Working with Bertrand was working with a winner! One of the favorite parts of my job was collaborating with him on all of his wonderful presentations, which had quirky titles such as “Smart Cards are Pots” or the infamous “Death of the Washing Machine.” I was one of the first people to see his presentations, because I would critique his delivery and his slides.

Bertrand would always test out his presentations at our research center. Everyone would attend his presentations. They knew if it was from Bertrand it would be GOOD! Those who have seen these presentations will be smiling and nodding their heads right now!

Bertrand was well known for his extreme French accent. Everyone made jokes about how he was a linguistics expert, but no one could understand anything he said. It took me two years to learn to understand him. He would come to my office and spout a litany of words in super-fast speed. I would say, ‘excuse me?’ And he would repeat it. I would say, ‘Can you say that one more time?’ Three times it would take! So funny. We would just laugh!

He was also very quick tempered. He would come into my office yelling with his arms waving around. ‘The server is down! What are you going to do about it?’ (For example.) I would always just laugh, because I found it so funny when he did this. Me laughing always made him laugh. It always diffused the situation.

One day I was talking to him about an issue I was having, (I can’t remember what.) He said to me, (think about this in the thickest French accent you can,) ‘Elizabeth, when it rains, you know the trees, they get wet.’ And then he walked out. Ha ha! Of course, this didn’t give me any solution. But he knew I would solve my own problem. This is how he was. He hired good people because he knew they could do the job.

I learned a lot from him. I enjoyed his hands off management style and employed it myself when I became a manager. Later after we all left Schlumberger, I would organize reunion lunches. Bertrand was often in attendance. It was always so nice to see him and hear how he was doing as a Schlumberger Fellow. He is sorely missed. He was one of my very favorite people.”


I’ll conclude with the stories told by Sal La Pietra about his interaction with Bertrand:

“I first met Bertrand long ago at a restaurant. Bertrand had an infectious
smile. His eyes and wit were as sharp as those of a Lynx. He was a big fan of Japan, and he once told me that one of his ancestors held the post of French Prime Minister for a short while. I had difficulty in understanding Bertrand’s French accent at the start, but being Italian, I soon figured out how to read the underlying meaning of his conversation.

We mainly met over lunches and a couple of times over dinner. We often started with company strategy, high assurance, and formal methods and ended up talking about food and wine. He told me what he was thinking about some companies and their technologies. Sometimes, he commented on our services and the infosec market in general. I did not always agree with him, but he usually was right.

I tried in so many ways to work closely with Bertrand. Once, atsec decided to become a certification authority (CA) and had him be part of the board of trustees for the new organization, but this project didn’t go far.

After the merger of Gemplus and Axalto to become Gemalto, now Thales, his team went through re-organization and downsizing. He asked me to hire one of his people, and I did it, and it was the best thing he ever suggested to me.

I talked with Bertrand last time at the 2013 ICMC. He was glad atsec founded the conference and predicted a promising future. Once more, you were right! Thank you, Bertrand, for everything you have done!”

Although this is the longest blog on our website, it has come to an end. Nevertheless, our thoughts on Bertrand will never end. His spirit is with us. He is watching us, guiding us, and feeling proud of what we deliver today and what we will develop tomorrow.

Acknowledgment:
Many thanks to Bertrand’s family for their support and for sharing Bertrand professionally with us.

References to Bertrand’s work and memories of Bertrand: 

Monday, September 12, 2022

Securing the Software Supply Chain

by King Ables


All components comprising a software product are ultimately the responsibility of the developer of that product, even if one or more of those components is supplied by a third party. This is especially true when the product is evaluated for Common Criteria (CC) certification.

Recently, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published

Securing The Software Supply Chain Recommended Practices Guide for Developers:
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3146465/nsa-cisa-odni-release-software-supply-chain-guidance-for-developers/

This the first in a planned three-part series of guidance documents. Part one provides a good overview of the issues developers face producing and supporting secure software. It covers topics such as:

  • developing secure code
  • software repository security
  • hardening the build environment
  • verifying third-party components
  • code review and testing
  • threat and vulnerability assessment
  • secure build and distribution

Some things discussed are already required in some CC evaluations, based on requirements in specific protection profiles, like:

  • fuzz testing
  • use of memory-safe programming tools or techniques
  • penetration testing
  • vulnerability response

One topic of note is the Software Bill of Materials (SBOM). While recommended by this new guidance, formal SBOMs are not currently required for CC evaluation or federal procurement. However, that could change soon. HR 7900, the National Defense Authorization Act for FY 2023, has passed the U.S. House of Representatives and is currently in the senate. This bill includes a requirement for SBOMs to be included in all Department of Defense software procurement bids. Presuming this bill is eventually passed and signed into law, SBOMs will be required during procurement and may be added as a requirement to some protection profiles.