On the Use of Fuzzy-WLC modeling technique for Evaluating Security of Cryptographic Module

Development of information and communication technology has led to the increasing production of new products. One of the critical products that protect informational assets at various levels of security is the cryptographic module. Evaluating the security of cryptographic modules is critical for providing a reasonable degree of protection against attacks. Therefore, the security evaluation of a cryptographic module requires a strong awareness of the potential weaknesses that would become security flaws and careful consideration of security during all aspects of the evaluation process. In this paper, we present a comprehensive picture of the security evaluation criteria of the cryptographic module under existing international standards (e.g., FIPS 140-2 ,3 and ISO 15408, PKCS#11). In order to measure the compliance of these criteria correctly, we propose the model based on fuzzy-weighted linear combination. Also, the structure of any kind of evaluation requires considerable cost and time, which on the one hand, depends on the policies and requirements of the country, on the other hand depends on the facilities and experts. Finally, introducing and providing solutions that help solve the challenges, so we present some challenges about security evaluation in our country confirms the importance of study and research in this area.