LESIKAR, a.s. trusted Applus+ to conduct the Common Criteria EAL 4+ security evaluation of their product TACH3

10/06/2020

    CC of a Motion sensor (MS) developed for a smart tachograph systems.

    Client & Product

    LESIKAR, a.s.: Technology company dedicated to the investigation, development and manufacturing of speed, position, level and pressure sensors. Their mission is to redefine measurement sensibility by using creative and innovative solutions with original approaches.

    TACH3: Motion sensor (MS) developed for tachograph systems. The device (MS) measures the progress of the vehicle it is installed in by means of pulse signals obtained from the gearbox. The measurement is then sent to another component of the tachograph system, the Vehicle Unit (VU), in two different ways (analogically and digitally) with specific protocols.

    Security requirements for tachograph systems with motion sensors have been defined by the European Union through the “Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) 165/2014 (Annex 1C)” and furthermore in a protection profile for Common Criteria: (PP-0093) “Digital Tachograph Motion Sensor (MS PP) v1.0, May 2017”.

    Challenge

    LESIKAR, a.s. wanted to be the second company to market a motion sensor with a Common Criteria security certificate and SOGIS recognition. By doing so, LESIKAR, a.s. would manage to overcome the monopoly of the main MS manufacturer, launching a new concept of high quality, Common Criteria certified, motion sensors.

    To do so, LESIKAR, a.s. required:

    • An accredited laboratory with effective international recognition in Common Criteria evaluations with high assurance levels (EAL).
    • An experienced laboratory with proven technical competencies, allowing them to overcome the technical difficulties derived from evaluating a new, high assurance product.

    Solution

    LESIKAR, a.s. trusted Applus+ to conduct the Common Criteria EAL 4+ security evaluation (augmented by ATE_DPT.2 and AVA_VAN.5) of their product TACH3.

    As a laboratory, Applus+ has the accreditation of the National Cryptologic Center (Spain) to conduct Common Criteria Evaluations (up to level EAL 5+) with SOGIS recognition in the field of “Hardware devices with security boxes” (applicable to MS). Additionally, Applus+ Laboratories is an active member of JEDS, the work group in charge of determining the state-of-the-art attacks to security boxes and similar products.

    Thanks to the experience of Applus+ Laboratories in Common Criteria security evaluations, Applus+ was able to overcome the main technical challenges of the project:

    • Understand the tachograph ecosystem, as well as the ins and outs of the European legislation and its requirements. This expertise allows the laboratory to contextualize and evaluate each security box correctly.
    • Understand the product’s security architecture, analyze its vulnerabilities and develop an attack-testing plan.
    • Develop and adapt the product setup with LESIKAR, a.s. in order to make product testing fast and efficient.
    • Adapt to the protocols and specific attacks for both tachograph systems and LESIKAR sensors.