Malaysian Validation Programs Overview
Hazlin Abdul Rani
CyberSecurity Malaysia Malaysia
Copyright © 20162017 CyberSecurity Malaysia Copyright © 2016 CyberSecurity Malaysia 2 INTRODUCTION
Copyright © 2016 CyberSecurity Malaysia 3 CyberSecurity Malaysia q Company Limited-by-Guarantee under the supervision of Ministry of Science Technology and Innova�on (MOSTI) q Est. 1997 q A Na�onal Body to monitor the Na�onal e-Security aspect q Provides specialised cybersecurity services and con�nuously iden�fies possible areas that may be detrimental to na�onal security and public safety
Copyright © 2016 CyberSecurity Malaysia 4 OUR SERVICES
Cyber999 Security Info Security Strategic & Management Professional Engagement Help Centre Best Prac�ces Development
Security Digital Assurance Research Forensics Outreach Cyber Security 5 Certification
Copyright © 2016 CyberSecurity Malaysia SECURITY ASSURANCE� - ICT PRODUCT EVALUATION
Copyright © 2016 CyberSecurity Malaysia 6 ICT Product Evaluation / Assessment
Informa�on ISCB Security Cer�fica�on Body
Malaysian Security MySEF Evalua�on Facility
Cryptography MyCEL Evalua�on Lab
Copyright © 2016 CyberSecurity Malaysia 7 MALAYSIA CRYPTOGRAPHY MODULE VALIDATION SCHEME
Copyright © 2016 CyberSecurity Malaysia 8 Cryptography Module Validation Scheme (MyCMV)
Ø Currently being developed by ISCB, CyberSecurity Malaysia Ø Complement two other existing schemes q Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme q ICT Product Security Assessment (IPSA) Certification Scheme Ø Validate cryptographic module – cryptography algorithm conformance test
Copyright © 2016 CyberSecurity Malaysia 9 MyCMV Timeline
11th Malaysian Development Plan (RMK11), 2016 - 2020
Before RMK11 2016 2017 2018 2019 • Research – • Apply for • Lab • Pilot test • Finalised FIPS140, lab accredita� MyCMV MyCMV Cryptrec, accredita� on • 2nd phase Scheme NESSIE etc on • Con�nue MySEAL • Launch • Consultant • Developing developing MyCMV • Training MyCMV MyCMV Scheme Scheme Scheme • MySEAL • 1st phase ini�a�ves MySEAL
Copyright © 2016 CyberSecurity Malaysia 10 Propose Structure
Copyright © 2016 CyberSecurity Malaysia 11 Lab: Crypto Valida�on Facility (CVF) Document: Crypto Algo: ISO19790 MySEAL ISO24759 Project
MyCMV
Copyright © 2016 CyberSecurity Malaysia 12 MySEAL Project
SENARAI ALGORITMA KRIPTOGRAFI TERPERCAYA NEGARA / National Trusted Cryptography Algorithm List
Ø The MySEAL project is a multi-year effort, running from 2016-2020, which will be used as a requirement and guideline on the usage of cryptographic algorithms in all trusted cryptography products in Malaysia Ø specifically designed to provide a list of cryptographic algorithms suitable for implementation within Malaysian context that supports Dasar Kriptografi Negara (DKN) Ø MySEAL Focus Group & MySEAL Evaluation Committee
https://myseal.cybersecurity.my Copyright © 2016 CyberSecurity Malaysia 13 MySEAL Project
Existing algorithm New algorithm
Published as a standard or in other na�onal cryptography algorithm Has not been published as a standard project
ISO/IEC, NIST, CRYPTREC, NESSIE Local & Interna�onal par�cipants
Symmetric, Asymmetric, Hash Symmetric, Asymmetric, Hash func�on, Key Genera�on func�on, Key Genera�on
Open for submission. Due 17th Nov 2017
https://myseal.cybersecurity.my Copyright © 2016 CyberSecurity Malaysia 14 Crypto Validation Facility
q Cryptography Evaluation Lab (MyCEL) q In the process of CST lab accreditation by NVLAP
CVP Certification Exam
Copyright © 2016 CyberSecurity Malaysia 15 Challenges q No local expertise in FIPS140 & ISO19790 q Accredited crypto evaluation facility q Evaluator / validator for cryptography module
Copyright © 2016 CyberSecurity Malaysia 16 Copyright © 20162017 CyberSecurity Malaysia