安全协议与标准安全标准来源

单击此处编辑母版标题样式,单击此处编辑母版文本样式,第二级,第三级,第四级,第五级,*,安全协议与标准,2009,12,安全标准与规范,RFC,ISO,FIPS,X9,PKCS,P1363,NESSIE,安全标准,in,RFC,安全相关的协议与标准文件，当属,RFC,中的最全面。,RFC,中关于安全的文档涉及多个方面：,By IETF,IETF Security Area Working Groups,btns Better-Than-Nothing Security,dkim Domain Keys Identified Mail,emu EAP Method Update,hokey Handover Keying,ipsecme IP Security Maintenance and Extensions,isms Integrated Security Model for SNMP,keyprov Provisioning of Symmetric Keys,kitten Kitten(GSS-API Next Generation),krb-wg Kerberos,ltans Long-Term Archive and Notary Services,msec Multicast Security,nea Network Endpoint Assessment,pkix Public-Key Infrastructure(X.509),sasl Simple Authentication and Security Layer,smime S/MIME Mail Security,syslog Security Issues in Network Event Logging,tls Transport Layer Security,（0）安全综述，阐述了安全的概念、术语、需求，给出了一般化的考虑、建议和机制，如1675、2196、2323、2504、3631、4949等。,（,1,）密码算法和协议,/,接口规范，比如,RC2(2268),、,MD5(1321),、,PKCS/RSA(3447),、,TLS(4346),、,IKE(4306),、,GSS-API,、,SASL,等。,（,2,）认证授权和访问控制规范，如,RADIUS(2865),、,Diameter(3588),、,Kerberos,、等。,（,3,）应用规范，,PGP(4880),、,S/MIME,、,HTTP over TLS(2818),、,IPSec,、,VPN,、等。,（,4,）其他规范。,ISO,FIPS,FIPS,，包括,DES(46),、,AES(197),、,DSS(186),、,HMAC(198),等；,http:/csrc.nist.gov/publications/PubsFIPS.html,FIPS-140,FIPS140,标准历史,和,和发展情,况,况,CMVP,TheCryptographic ModuleValidationProgram(CMVP)is ajoint American and Canadiansecurityaccreditation program for cryptographicmodules.The program isavailable to any vendors who seek to have theirproducts certifiedforuseby the U.S.Government and regulatedindustries(such asfinancial and health-care institutions)that collect,store,transfer,share and disseminate sensitive,but not classfiedinformation.All ofthetests undertheCMVP are handled bythird-partylaboratories that are accredited asCryptographic Module Testing Laboratories by the National VoluntaryLaboratoryAccreditation Program(NVLAP).Product certifications undertheCMVPareperformed in accordancewith the requirements of FIPS 140-2.,TheCMVPwasestablishedbytheU.S.National Instituteof StandardsandTechnology(NIST)and the Communications Security Establishment(CSE)of the GovernmentofCanada in July 1995.,Validated modules list,Validated FIPS 140-1andFIPS 140-2Cryptographic Modules,http:/csrc.nist.gov/groups/STM/cmvp/validation.html,http:/csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm,与通用,评,评估准,则,则（CC）的,关,关系,CommonCriteria,（,CC,）是业,界,界安全,功,功能和,安,安全保,障,障评估,的,的通用,准,准则，,并,并实现,了,了国际,互,互认。,而,而在美,国,国,NIAP,体系下,的,的,CC,产品评,估,估，如,果,果产品,包,包括密,码,码模块,或,或者密,码,码算法,，,，该产,品,品的,CC,认证证,书,书上将,标,标明该,产,产品是,否,否通过,FIPS 140,认证。,事,事实上,，,，,CC,和,FIPS 140,标准相,辅,辅相成,，,，存在,强,强烈的,相,相关性,，,，但关,注,注点各,有,有侧重,。,。,在,FIPS 140,验证中,，,，如果,操,操作环,境,境是可,以,以更改,的,的，那,么,么,CC,的操作,系,系统需,求,求适用,于,于安全,级,级别,2,或者更,高,高。,CC,和,FIPS 140-2,标准分,别,别关注,产,产品测,评,评的不,同,同层面,。,。,FIPS 140-2,测评针,对,对定义,的,的密码,模,模块，,并,并提供,4,个级别,的,的一系,列,列符合,性,性测评,包,包。,FIPS 140-2,描述了,密,密码模,块,块的需,求,求，包,括,括物理,安,安全、,密,密钥管,理,理、自,评,评测、,角,角色和,服,服务等,。,。该标,准,准最初,开,开发于,1994,年，早,于,于,CC,标准。,而,而,CC,是针对,于,于具体,的,的保护,轮,轮廓（,PP,）或者,安,安全目,标,标（,ST,）的评,估,估。典,型,型的模,式,式是某,个,个,PP,可能涉,及,及广泛,的,的产品,范,范围。,总之，,CC,评估不,能,能替代,FIPS 140,的密码,验,验证。,FIPS 140-2,中定义,的,的四个,安,安全级,别,别也不,能,能够直,接,接与,CC,预定义,的,的任何,EAL,级别或,者,者,CC,功能需,求,求相对,应,应。,CC,认证不,能,能取代,FIPS 140,的认证,。,。,X9,PKCS,P1363,IEEE P1363,，制定,关,关于椭,圆,圆曲线,密,密码算,法,法等规,范,范。,http:/grouper.ieee.org/groups/1363/,NESSIE,Blockciphers:,MISTY1:MitsubishiElectricCorp.,Japan;,Camellia:Nippon TelegraphandTelephone Corp.,JapanandMitsubishiElectricCorp.,Japan;,SHACAL-2:Gemplus,France;,AES(Advanced EncryptionStandard)*(USA FIPS197)(Rijndael).,Public-key encryption:,ACEEncrypt:IBM ZurichResearchLaboratory,Switzerland;,PSEC-KEM:Nippon TelegraphandTelephone Corp.,Japan;,RSA-KEM*(draftofISO/IEC18033-2).,MACalgorithmsandhashfunctions:,Two-Track-MAC:K.U.Leuven,Belgium anddebisAG,Germany;,UMAC:IntelCorp.,USA,Univ.ofNevadaatReno,USA,IBMResearchLaboratory,USA,Technion,Israeland Univ.of CaliforniaatDavis,USA;,CBC-MAC*(ISO/IEC9797-1);,HMAC*(ISO/IEC9797-1);,Whirlpool:ScopusTecnologia S.A.,BrazilandK.U.Leuven,Belgium;,SHA-256*,SHA-384*and SHA-512*(USAFIPS180-2).,Digital signaturealgorithms:,ECDSA:CerticomCorp.,USAandCerticomCorp.,Canada;,RSA-PSS:RSALaboratories,USA;,SFLASH:Schlumberger,France.,Identificationschemes:,GPS:Ecole NormaleSuprieure,Paris,FranceTl,com andLaPoste,France.,SECG,Q&A,9,、静夜,四,四无邻,，,，荒居,旧,旧业贫,。,。12月-2212月-22,Thursday,December29,2022,10,、雨,中,中黄,叶,叶树,，,，灯,下,下白,头,头人,。,。12:31:3112:31:3112:31,12/29/202212:31:31PM,11,、以我独沈,久,久，愧君相,见,见频。12月-2212:31:3112:31,Dec-2229-Dec-22,12,、故人江,海,海别，几,度,度隔山川,。,。12:31:3112:31:3112:31,Thursday,December 29,2022,13,、乍见翻,疑,疑梦，相,悲,悲各问年,。,。12月-2212月-2212:31:3112:31:31,December29,2022,14,、他,乡,乡生,白,白发,，,，旧,国,国见,青,青山,。,。29,十,十,二,二月202212:31:31,下,下,午,午12:31:3112,月,月-22,15,、比不了得,就,就不比，得,不,不到的就不,要,要。十二月 2212:31,下,下午12月-2212:31,December 29,2022,16,、行动出,成,成果，工,作,作出财富,。,。2022/12/29 12:31:3212:31:32,29 December2022,17,、,做,做,前,前,，,，,能,能,够,够,环,环,视,视,四,四,周,周,；,；,做,做,时,时,，,，,你,你,只,只,能,能,或,或,者,者,最,最,好,好,沿,沿,着,着,以,以,脚,脚,为,为,起,起,点,点,的,的,射,射,线,线,向,向,前,前,。,。,。,。12:31:32 下,午,午12:31,下,下午12:31:3212月-22,9,、没