Development of protection profile and security target for Indonesia electronic ID card's (KTP-el) card reader based on common criteria V3.1:2012/SNI ISO/IEC 15408:2014

Abstract

Indonesia electronic identity card (KTP-el) system consisting wireless smartcard, smartcard reader and inhabitants database. Personal data of card holder are stored inside the card. These data can be viewed or taken by unauthorized party. Therefore, in this paper, we discuss about possible threats to the physical of KTP-el reader and the data reading process by KTP-el reader, to consolidate security of data reading process by KTP-el reader. Then, we generate Protection Profile (PP) and Security Target (ST) for KTP-el reader based on the Common Criteria (CC). We have shown how the development process of an IT product with security features that follows the international agreement, by generating the PP and ST document. This paper also conducted a gap analysis between the list of security requirements defined in PP/ST and security features of KTP-el reader prototype owned by Indonesia Agency for the Assessment and Application of Technology (BPPT). Lastly, we propose the list of recommended security requirements that shall be considered by BPPT to consolidate security of KTP-el reader.