ISO/IEC TR 24485:2022 信息安全、网络安全和隐私保护 安全技术 白盒密码测试和评估的安全财产和最佳实践<br /><br />
标准编号:ISO/IEC TR 24485:2022
中文名称:信息安全、网络安全和隐私保护 安全技术 白盒密码测试和评估的安全财产和最佳实践
英文名称:Information security, cybersecurity and privacy protection — Security techniques — Security properties and best practices for test and evaluation of white box cryptography
发布日期:2022-10
标准范围
ISO/IEC TR 24485:2022本文档介绍了安全属性,并提供了白盒加密(WBC)测试和评估的最佳实践。WBC是一种专门用于密钥或秘密的加密算法,但其中所述密钥不能被提取。WBC实现可以由密码算法的普通源代码和/或实现算法的设备组成。在这两种情况下,实现安全功能以阻止攻击者暴露密钥或秘密。安全属性在于隐藏在白盒密码实现中的安全参数的保密性。测试和评估的最佳实践包括数学和实践分析、静态和动态分析、非侵入性和侵入性分析。本文件与ISO/IEC 19790相关,ISO/IEC 19790规定了加密模块的安全要求。在这些模块中,关键安全参数(CSP)和公共安全参数(PSP)是需要保护的资产。WBC是在实现中隐藏CSP的一种解决方案。
ISO/IEC TR 24485:2022 This document introduces security properties and provides best practices on the test and evaluation of white box cryptography (WBC). WBC is a cryptographic algorithm specialized for a key or secret, but where the said key cannot be extracted.
The WBC implementation can consist of plain source code for the cryptographic algorithm and/or of a device implementing the algorithm. In both cases, security functions are implemented to deter an attacker from uncovering the key or secret.
Security properties consist in the secrecy of security parameters concealed within the implementation of the white box cryptography. Best practices for the test and evaluation includes mathematical and practical analyses, static and dynamic analyses, non-invasive and invasive analyses.
This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic modules. In those modules, critical security parameters (CSPs) and public security parameters (PSPs) are the assets to protect. WBC is one solution to conceal CSPs inside of the implementation.
标准预览图
