DOI QR코드

DOI QR Code

A Study on the Policy of Cryptographic Module Verification Program

암호모듈 검증 정책에 관한 연구

  • 최명길 (중앙대학교 사회과학대학 상경학부) ;
  • 정재훈 (중앙대학교 일반대학원 경영학과)
  • Received : 2010.10.28
  • Accepted : 2011.01.13
  • Published : 2011.01.31

Abstract

The advancement of information and communication technology has caused a few dysfunction such as hacking. To keep an organization from a harmful hacking, demands for cryptographic modules have been increased. However, the evaluation criteria of cryptographic modules in Korea have been less firmly established. It is difficult for the consumers of cryptographic module to choose an appropriate cryptographic module, and to establish interoperability between applications and cryptographic modules. This study analyzes evaluation criteria, evaluation processes and evaluation policy of CMVP(Cryptographic Module Verification Program) in the advanced countries. The paper suggests a policy for Korea CMVP, in resulting a provision of foundations for international standard and cooperations for international cryptographic policies and systems.

Acknowledgement

Supported by : 중앙대학교

References

  1. 기술표준원, "암호검증기준", KS X ISO/IEC 19790, December 2006.
  2. 기술표준원, "암호시험기준", KS X ISO/IEC 24759, December 2007.
  3. IT보안인증사무국, "국내외 상용 암호 모듈 검증정책", 정보과학회지 제25권 제5호, May 2007.
  4. 고갑승, 배익환, 최성자, 이강수, "신 암호 모듈 검증 기준 FIPS PUB 140-3의 변경내용 분석", 정보보호학회지 제17권 제6호, December 2007.
  5. CC, "Common Criteria for Information Technology Security Evaluation", Part1-Part3, Version 2. 1, CCIMB-99-031, August 1999.
  6. Christopher King. "Extranet Access Control Issues," in Harold F. Tipton and Micki Krause, ed., Information Security Management Handbook. Vol. 2, New York: Auerbach, 2000
  7. CMVP, http://csrc.nist. gov/groups/STM/cmvp/index.html
  8. CSE, Guide to Certification and Accreditation of Information Technology Systems, Government of Canada, Communications Security Establishment, 1996.
  9. CSE, Guide to Security Risk Management for IT Systems, Government of Canada, Communications Security Establishment, 1996.
  10. ISO/IEC, "Information technology-Security techniques-Security requirements for cryptographic modules", ISO/IEC 19790, March 2006.
  11. JCMVP, http://www.ipa.go.jp/security/english/jcmvp.html
  12. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-1, January 1994.
  13. NIST, "Security Requirements for Cryptographic Modules", NIST Derived Test Requirements for FIPS 140-1, March 1995.
  14. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-2, May 2001.
  15. NIST, "Security Requirements for Cryptographic Modules", NIST Derived Test Requirements for FIPS 140-2, March 2004.
  16. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-3(Draft), July 2007.
  17. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-3(Revised DRAFT), November 2009.