Implementation of Cryptography Module Security Certification Based on SNI ISO/IEC 19790:2012 - Security Requirements For Cryptography Module

Abstract

Utilization of cryptography in information and communication technology devices in the form of cryptographic modules can guarantee confidentiality, integrity, and anti-denial of the information. In 2015 the National Standardization Agency (BSN) has issued SNI ISO/IEC 19790 : 2015 – Persyaratan Keamanan untuk Modul Kriptografi which is identical adoption of ISO/IEC 19790:2012 - Security Requirements for Cryptographic Module.SNI ISO/IEC 19790:2015 is a national standard that can support national security and digital economic development by providing security guarantees of the cryptographic modules. Unfortunatelly until now there are still no certification schemes, certification bodies, and testing laboratories that built for this standard, so the certification of the cryptographic module security based on SNI ISO/IEC 19790:2015 is cannot be held yet.This paper proposes that the cryptographic module security certification scheme that can be implemented in Indonesia is type 2 scheme with some adjustments, the Certification Body that runs the recommended cryptographic module security certification scheme is BSSN, and the Testing Laboratory that runs the recommended cryptographic module security testing is BSSN internal testing laboratory.