ISO/IEC 17825:2024 信息技术 安全技术 缓解非侵入性攻击类对加密模块的测试方法

标准编号：ISO/IEC 17825:2024

中文名称：信息技术 安全技术 缓解非侵入性攻击类对加密模块的测试方法

英文名称：Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules

发布日期：2024-01

标准范围

ISO/IEC 17825:2024本文件规定了非侵入性攻击缓解测试指标，用于确定是否符合ISO/IEC 19790:2012中针对安全级别3和4规定的要求。测试指标与ISO/IEC 19790:2012中规定的安全功能相关联。在密码模块的定义边界和在其定义边界处可用的输入/输出处进行测试。本文件旨在与ISO/IEC 24759:2017结合使用，以证明符合ISO/IEC 19790:2012。注ISO/IEC 24759:2017规定了测试实验室用于评估加密模块是否符合ISO/IEC 19790:2012中规定的要求的测试方法，以及本文件中针对ISO/IEC 19790中涉及的每个相关安全功能规定的测试指标:2012.本文档中采用的测试方法是一种有效的“按钮”方法，即测试在技术上是合理的、可重复的并且具有适中的成本。

ISO/IEC 17825:2024 This document specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790:2012 for security levels 3 and 4. The test metrics are associated with the security functions addressed in ISO/IEC 19790:2012. Testing is conducted at the defined boundary of the cryptographic module and the inputs/outputs available at its defined boundary.
This document is intended to be used in conjunction with ISO/IEC 24759:2017 to demonstrate conformance to ISO/IEC 19790:2012.
NOTE ISO/IEC 24759:2017 specifies the test methods used by testing laboratories to assess whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012 and the test metrics specified in this document for each of the associated security functions addressed in ISO/IEC 19790:2012.
The test approach employed in this document is an efficient “push-button” approach, i.e. the tests are technically sound, repeatable and have moderate costs.

标准预览图