What EAL5+ is, and why receiving it is such a significant achievement
Recently, Trustonic was granted Common Criteria Evaluation Assurance Level [EAL] 5+ for our Kinibi secure operating system [OS].
While it is incredibly rare for a complete OS like Kinibi to be certified with EAL5+, we recognise that many people will be unfamiliar with the certification, how this significant achievement sets us apart from industry competitors and what it means for our customers.
What is an Evaluation Assurance Level [EAL]?
To explain what EAL5+ is and why being awarded it is so prestigious, it is first necessary to establish what Evaluation Assurance Levels actually are.
A security certification has two key parts:
- The ‘exam’, which the product attempts to pass. Formally, this is called a “Security Target” or a “Protection Profile”. Obviously, if you can set your own exam, then passing is easy, hence the idea of common criteria. These are exactly as they sound – common, internationally agreed tests for different types of products.
- The second part is the level of difficulty – or level of rigour of the test. Unlike an example in which you can get different grades, for Common Criteria exams, the grade is set in advance and you either pass or fail. This is the ‘Evaluation Assurance Level’ – or EAL. The highest grade is EAL7, which is reserved for “Formally verified design and tested” products, and lowest is EAL1, which denotes products that have been “Functionally Tested”
In determining a product’s EAL level, the third-party assessor measures it against an agreed protection profile. For Trustonic’s EAL 5+ certification the GlobalPlatform TEE Protection Profile was used. GlobalPlatform – of which Trustonic is a member – is the industry body responsible for Trusted TEEs.
The numerical level assigned to a product or system indicates the extent it has been tested, as well as what assurance requirements it has met. These requirements involve an assessment of a product or system’s design documentation, as well as functional or penetration testing.
Functional testing refers to an examination of whether the features or functions of a product that enable users to accomplish tasks have been correctly implemented by developers. Penetration testing, meanwhile, is a method for gaining assurance in a system’s level of security, which involves attempting to breach it using the same tools and techniques as a cybercriminal might.
While the top EAL – EAL 7 – provides the greatest level of assurance that a product or system’s principal security features have been reliably applied, a higher EAL is not automatically indicative of a stronger level of security than a lower EAL. This is because EALs are only comparable across products that have the same Security Target.
Why is being independently certified important?
Theoretically anyone can claim that the device they are selling is secure, but it is difficult and unwise to trust this assertion on face value alone. There are two levels of independence we believe are important. The first is to use a publicly recognised protection profile so that customers know specifically what has been tested against. The second is to use an independent third-party test house to conduct the testing and to manage the process with the certification authority. For our EAL 5+ certification, Trustonic worked with Riscure to agree the Protection Profile, Security Target and testing process.
Simply put, being certified helps to build trust in products and systems that have undergone third-party scrutiny and is a hugely beneficial selling point for vendors. We would strongly encourage any device vendor to take the time to investigate the publicly available documentation supporting an EAL certification to help them ensure that they are receiving the level of protection expected. Details are freely available from the Common Criteria website (https://www.commoncriteriaportal.org/products/)
What is EAL5+?
Products and systems are awarded EAL5 on the grounds that they have been ‘semi-formally designed and tested’. This means that developers or users require high, independently assured security in a planned development, and require a rigorous development approach that does not lead to unreasonable costs from specialist security engineering techniques.
As it implies, the ‘+’ suffix in EAL5+ means that one or more additions to the base EAL rating have been made. To reach EAL5+, products and systems must be shown to have the highest possible level of security against penetration testing. Because this ranking is the ‘gold standard’ for cybersecurity products of Kinibi’s kind, going beyond EAL5+ does not provide a higher assurance of protection against attacks.
Why we’re proud to receive EAL5+
As EAL5+ delivers external, third-party confirmation that our Kinibi OS is one of the most mature and secure OSs on the market, the certification helps to further validate our commitment to providing industry-leading security solutions.
The fact that it is incredibly rare for a complete OS like Kinibi to be certified with EAL5+ makes this achievement especially significant and sets us distinctly apart from our industry competitors.
Kinibi is one of the best in breed for mobile and IoT applications. It acts as a trusted OS running alongside the ‘main’ OS on mobile phones and smartwatches, and its EAL5+ certification specifically supports its use in the automotive sector. This is especially valuable considering the strong increase in demand for security solutions that meet the latest industry regulations and requirements.
Because Kinibi is integral to the cybersecurity architecture of many organisations, its EAL5+ status provides proof that it can deliver the state-of-the-art protection demanded by device vendors, thereby enhancing customer confidence in the product.
Kinibi’s certification follows Trustonic’s success in becoming the first vendor to achieve Common Criteria security certification for a TEE security product in 2017. This paved the way for mass market delivery of trusted services on connected devices.
Further to this, attaining EAL5+ for Kinibi is indicative of our commitment to certify our complete Secure OS solution on a regular basis, so that those who use and rely upon our products can be assured of their ability to deliver the highest level of security available on the market today.