Kai Rannenberg
Microsoft Research
UK

Giovanni Iachello
Freiburg University
Germany

Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of cover-age of privacy-related requirements. Recent evaluation criteria, like the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and the criteria as a whole by specifying a number of Protection Profiles (PPs) for remailer mix networks, as mix networks aim at user anonymity and unobservable message transfer. This contribution reports on the PPs and the experiences gained. It also introduces proposals for improving the criteria that were derived from this work.

Read Paper (in PDF)