Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Policy of Cryptographic Module Verification Program

암호모듈 검증 정책에 관한 연구

  • 최명길 (중앙대학교 사회과학대학 상경학부) ;
  • 정재훈 (중앙대학교 일반대학원 경영학과)
  • Received : 2010.10.28
  • Accepted : 2011.01.13
  • Published : 2011.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

The advancement of information and communication technology has caused a few dysfunction such as hacking. To keep an organization from a harmful hacking, demands for cryptographic modules have been increased. However, the evaluation criteria of cryptographic modules in Korea have been less firmly established. It is difficult for the consumers of cryptographic module to choose an appropriate cryptographic module, and to establish interoperability between applications and cryptographic modules. This study analyzes evaluation criteria, evaluation processes and evaluation policy of CMVP(Cryptographic Module Verification Program) in the advanced countries. The paper suggests a policy for Korea CMVP, in resulting a provision of foundations for international standard and cooperations for international cryptographic policies and systems.

정보통신분야의 발전은 해킹 등의 역기능을 발생에 따라 정보보호를 위한 암호모듈의 한 수요가 급증한다. 국내 암호모듈 평가 기준의 불명확성과 모듈 선정의 어려움은 모듈 및 제품 상호간의 운용 및 호환성 확보를 어렵게 한다. 본 연구는 국외 암호모듈 평가 프로그램인 CMVP(Cryptographic Module Verification Program)를 분석하여 국내 암호모듈 암호 모듈 검증 기준 및 평가 절차, 검증 정책 발전 방향을 제안한다. 본 연구는 국내 암호모듈 발전정책을 제안하여 암호모듈 국제 표준화, 국제 암호모듈 제도에 대한 공조를 기반을 제공한다.

Keywords

References

  1. 기술표준원, "암호검증기준", KS X ISO/IEC 19790, December 2006.
  2. 기술표준원, "암호시험기준", KS X ISO/IEC 24759, December 2007.
  3. IT보안인증사무국, "국내외 상용 암호 모듈 검증정책", 정보과학회지 제25권 제5호, May 2007.
  4. 고갑승, 배익환, 최성자, 이강수, "신 암호 모듈 검증 기준 FIPS PUB 140-3의 변경내용 분석", 정보보호학회지 제17권 제6호, December 2007.
  5. CC, "Common Criteria for Information Technology Security Evaluation", Part1-Part3, Version 2. 1, CCIMB-99-031, August 1999.
  6. Christopher King. "Extranet Access Control Issues," in Harold F. Tipton and Micki Krause, ed., Information Security Management Handbook. Vol. 2, New York: Auerbach, 2000
  7. CMVP, http://csrc.nist. gov/groups/STM/cmvp/index.html
  8. CSE, Guide to Certification and Accreditation of Information Technology Systems, Government of Canada, Communications Security Establishment, 1996.
  9. CSE, Guide to Security Risk Management for IT Systems, Government of Canada, Communications Security Establishment, 1996.
  10. ISO/IEC, "Information technology-Security techniques-Security requirements for cryptographic modules", ISO/IEC 19790, March 2006.
  11. JCMVP, http://www.ipa.go.jp/security/english/jcmvp.html
  12. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-1, January 1994.
  13. NIST, "Security Requirements for Cryptographic Modules", NIST Derived Test Requirements for FIPS 140-1, March 1995.
  14. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-2, May 2001.
  15. NIST, "Security Requirements for Cryptographic Modules", NIST Derived Test Requirements for FIPS 140-2, March 2004.
  16. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-3(Draft), July 2007.
  17. NIST, "Security Requirements for Cryptographic Modules", NIST FIPS 140-3(Revised DRAFT), November 2009.