A comprehensive assessment framework for MyKad / Nik Azmi Nik Omar

Nik Omar, Nik Azmi (2006) A comprehensive assessment framework for MyKad / Nik Azmi Nik Omar. PhD thesis, Universiti Teknologi MARA (UiTM).

Abstract

We have witnessed a quantum leap in information communication technology (ICT). It is now pervasive with our everyday life and this has resulted in recent development of many new applications using ICT. Governments and Private Sectors have capitalized on this technological advancement in a variety of applications. Essentially technology is applied to increase efficiency and effectiveness. In some business entities, it can be used as a competitive advantage. The Malaysian government too has applied technology to gain the benefit and one of these is using multi-application smartcard which included personal identification. This is followed by other governments from various countries that launched a multipurpose identification smartcard. However, at the same time, being in the forefront has its own shortfall especially in the area of ensuring that smartcard is protected from any security breach. MyKad is a multipurpose smartcard which was introduced by the Malaysian government to identify its citizens. It is of paramount importance that the Malaysian government attain the public confidence to ensure that MyKad is 'tampered proof so as the public can accept in using the applications and services affiliated with it. To achieve this, MyKad must be evaluated and pass through an acceptable level of security certification process and be assessed to the various types of possible security breach such as information tampering and the cloning of MyKad. This thesis therefore proposed a new MyKad Testing Strategy model for logical attacks. Furthermore, a comprehensive security assessment framework was proposed in the implementation of the certification of MyKad aligning with the framework of Common Criteria (CC). In view of this, the proposed framework follows the requirements of Vulnerabilities Assessment test (AVA) of ISO/IEC 15408-3 of CC. The objective of this assessment test is to evaluate the potential factors that potentially threaten the security of MyKad. The security assessment test of MyKad includes the aspects of security of information stored and evaluates the mechanism of handling the open data and providing application access to work with MyKad in the secured manner for enabling multiple applications. The security test assessment deployed on MyKad was using the test strategy from Alain Merle (2005) and adopting the common criteria (CC, 2009). Four vulnerabilities have been disclosed from the security assessment of MyKad done in this study. The vulnerabilities are firstly, Application Protocol Data Unit (APDU) can be collected from MyKad; next, open data can be read using the APDU commands; thirdly, the open data can be written to another sample of smartcard by cloning the data in MyKad; and lastly, the assessment has successfully uncover the communication vulnerability of MyKad with Card Acceptance Devices (CAD) towards being tapped. The significance of this research will benefit the government; public and private sector by proposing testing strategy model and security assessment framework for MyKad. As for the future extension of this study, researcher should emphasize on the development of a new generic Software Development Kit (SDK), standards for Card Acceptance Device (CAD) and identification of certification body for CAD and SDK.

Metadata

Item Type: Thesis (PhD)
Creators:
Creators
Email / ID Num.
Nik Omar, Nik Azmi
2007256274
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Yahya, Saadiah
UNSPECIFIED
Thesis advisor
Abdul Jalil, Kamarul Ariffin
UNSPECIFIED
Subjects: J Political Science > JC Political theory. The state. Theories of the state > Purpose, functions, and relations of the state
T Technology > T Technology (General) > Information technology. Information systems
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Architecture, Planning and Surveying
Programme: Doctor of Philosophy
Keywords: MyKad, designs and specification features, smartcard threats
Date: 2006
URI: https://ir.uitm.edu.my/id/eprint/42510
Edit Item
Edit Item

Download

[thumbnail of 42510.pdf] Text
42510.pdf

Download (163kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
On Shelf

ID Number

42510

Indexing

Statistic

Statistic details