BS ISO/IEC 11770-4-2006 信息技术.安全技术.密钥管理.基于弱机密的管理机制
作者:标准资料网
时间:2024-05-17 11:12:08
浏览:8295
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Informationtechnology-Securitytechniques-Keymanagement-Mechanismsbasedonweaksecrets
【原文标准名称】:信息技术.安全技术.密钥管理.基于弱机密的管理机制
【标准号】:BSISO/IEC11770-4-2006
【标准状态】:现行
【国别】:英国
【发布日期】:2006-08-31
【实施或试行日期】:2006-08-31
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:通路;算法;校验;代号系统;编码;用密码写的;数据处理;数据保护;数据安全;数据传输;定义;信息交换;信息技术;密码;资料保护;安全工程
【英文主题词】:Access;Algorithms;Authentication;Codesystems;Coding;Cryptographic;Dataprocessing;Dataprotection;Datasecurity;Datatransmission;Definitions;Informationinterchange;Informationtechnology;Passwords;Protectionofinformation;Safetyengineering
【摘要】:ThispartofISO/IEC11770defineskeyestablishmentmechanismsbasedonweaksecrets,i.e.,secretsthatcanbereadilymemorizedbyahuman,andhencesecretsthatwillbechosenfromarelativelysmallsetofpossibilities.Itspecifiescryptographictechniquesspecificallydesignedtoestablishoneormoresecretkeysbasedonaweaksecretderivedfromamemorizedpassword,whilepreventingoff-linebrute-forceattacksassociatedwiththeweaksecret.Morespecifically,thesemechanismsaredesignedtoachieveoneofthefollowingthreegoals.1)Balancedpassword-authenticatedkeyagreement:Establishoneormoresharedsecretkeysbetweentwoentitiesthatshareacommonweaksecret.Inabalancedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedthesameweaksecret,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.2)Augmentedpassword-authenticatedkeyagreement:EstablishoneormoresharedsecretkeysbetweentwoentitiesAandB,whereAhasaweaksecretand6hasverificationdataderivedfromaone-wayfunctionofA'sweaksecret.Inanaugmentedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandthecorrespondingverificationdata,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.NOTE-ThistypeofkeyagreementmechanismisunabletoprotectA'sweaksecretbeingdiscoveredby6,butonlyincreasesthecostforanadversarytogetA'sweaksecretfrom6.Thereforeitisnormallyusedbetweenaclient(A)andaserver(6).3)Password-authenticatedkeyretrieval:Establishoneormoresecretkeysforanentity,A,associatedwithanotherentity,6,whereAhasaweaksecretandBhasastrongsecretassociatedwithA'sweaksecret.Inanauthenticatedkeyretrievalmechanism,thesecretkeys,retrievablebyA(notnecessarilyderivableby6),aretheresultofadataexchangebetweenthetwoentities,andthesecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandtheassociatedstrongsecret.However,althoughB'sstrongsecretisassociatedwithA'sweaksecret,thestrongsecretdoesnot(initself)containsufficientinformationtopermiteithertheweaksecretorthesecretkeysestablishedinthemechanismtobedetermined.NOTE-ThistypeofkeyretrievalmechanismisusedinthoseapplicationswhereAdoesnothavesecurestorageforastrongsecret,andrequiresB'sassistancetoretrievethestrongsecretforher.Itisnormallyusedbetweenaclient(A)andaserver(6).ThispartofISO/IEC11770doesnotcoveraspectsofkeymanagementsuchas—lifecyclemanagementofweaksecrets,strongsecretsandestablishedsecretkeys;—mechanismstostore,archive,delete,destroy,etc.weaksecrets,strongsecrets,andestablishedsecretkeys.NOTE-Thekeysgeneratedorretrievedthroughtheuseofweaksecretscannotbemoresecureagainstexhaustionthanthesumoftheweaksecretsthemselves.Withthisproviso,themechanismsspecifiedinthispartofISO/IEC11770arerecommendedforpracticaluseinlow-securityenvironments.
【中国标准分类号】:L80
【国际标准分类号】:35_040
【页数】:40P.;A4
【正文语种】:英语
【原文标准名称】:信息技术.安全技术.密钥管理.基于弱机密的管理机制
【标准号】:BSISO/IEC11770-4-2006
【标准状态】:现行
【国别】:英国
【发布日期】:2006-08-31
【实施或试行日期】:2006-08-31
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:通路;算法;校验;代号系统;编码;用密码写的;数据处理;数据保护;数据安全;数据传输;定义;信息交换;信息技术;密码;资料保护;安全工程
【英文主题词】:Access;Algorithms;Authentication;Codesystems;Coding;Cryptographic;Dataprocessing;Dataprotection;Datasecurity;Datatransmission;Definitions;Informationinterchange;Informationtechnology;Passwords;Protectionofinformation;Safetyengineering
【摘要】:ThispartofISO/IEC11770defineskeyestablishmentmechanismsbasedonweaksecrets,i.e.,secretsthatcanbereadilymemorizedbyahuman,andhencesecretsthatwillbechosenfromarelativelysmallsetofpossibilities.Itspecifiescryptographictechniquesspecificallydesignedtoestablishoneormoresecretkeysbasedonaweaksecretderivedfromamemorizedpassword,whilepreventingoff-linebrute-forceattacksassociatedwiththeweaksecret.Morespecifically,thesemechanismsaredesignedtoachieveoneofthefollowingthreegoals.1)Balancedpassword-authenticatedkeyagreement:Establishoneormoresharedsecretkeysbetweentwoentitiesthatshareacommonweaksecret.Inabalancedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedthesameweaksecret,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.2)Augmentedpassword-authenticatedkeyagreement:EstablishoneormoresharedsecretkeysbetweentwoentitiesAandB,whereAhasaweaksecretand6hasverificationdataderivedfromaone-wayfunctionofA'sweaksecret.Inanaugmentedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandthecorrespondingverificationdata,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.NOTE-ThistypeofkeyagreementmechanismisunabletoprotectA'sweaksecretbeingdiscoveredby6,butonlyincreasesthecostforanadversarytogetA'sweaksecretfrom6.Thereforeitisnormallyusedbetweenaclient(A)andaserver(6).3)Password-authenticatedkeyretrieval:Establishoneormoresecretkeysforanentity,A,associatedwithanotherentity,6,whereAhasaweaksecretandBhasastrongsecretassociatedwithA'sweaksecret.Inanauthenticatedkeyretrievalmechanism,thesecretkeys,retrievablebyA(notnecessarilyderivableby6),aretheresultofadataexchangebetweenthetwoentities,andthesecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandtheassociatedstrongsecret.However,althoughB'sstrongsecretisassociatedwithA'sweaksecret,thestrongsecretdoesnot(initself)containsufficientinformationtopermiteithertheweaksecretorthesecretkeysestablishedinthemechanismtobedetermined.NOTE-ThistypeofkeyretrievalmechanismisusedinthoseapplicationswhereAdoesnothavesecurestorageforastrongsecret,andrequiresB'sassistancetoretrievethestrongsecretforher.Itisnormallyusedbetweenaclient(A)andaserver(6).ThispartofISO/IEC11770doesnotcoveraspectsofkeymanagementsuchas—lifecyclemanagementofweaksecrets,strongsecretsandestablishedsecretkeys;—mechanismstostore,archive,delete,destroy,etc.weaksecrets,strongsecrets,andestablishedsecretkeys.NOTE-Thekeysgeneratedorretrievedthroughtheuseofweaksecretscannotbemoresecureagainstexhaustionthanthesumoftheweaksecretsthemselves.Withthisproviso,themechanismsspecifiedinthispartofISO/IEC11770arerecommendedforpracticaluseinlow-securityenvironments.
【中国标准分类号】:L80
【国际标准分类号】:35_040
【页数】:40P.;A4
【正文语种】:英语
下载地址:
点击此处下载