安全生產(chǎn)協(xié)議與標(biāo)準(zhǔn)管理PPT通用課件

1、安全生產(chǎn)協(xié)議與標(biāo)準(zhǔn)管理安全標(biāo)準(zhǔn)與規(guī)范RFCISOFIPSX9PKCSP1363NESSIE安全標(biāo)準(zhǔn) in RFC安全相關(guān)的協(xié)議與標(biāo)準(zhǔn)文件，當(dāng)屬RFC中的最全面。RFC中關(guān)于安全的文檔涉及多個(gè)方面：By IETFIETF Security Area Working Groups btns Better-Than-Nothing Security dkim Domain Keys Identified Mail emu EAP Method Update hokey Handover Keying ipsecme IP Security Maintenance and Extensions ism

2、s Integrated Security Model for SNMP keyprov Provisioning of Symmetric Keys kitten Kitten (GSS-API Next Generation) krb-wg Kerberos ltans Long-Term Archive and Notary Services msec Multicast Security nea Network Endpoint Assessment pkix Public-Key Infrastructure (X.509) sasl Simple Authentication an

3、d Security Layer smime S/MIME Mail Security syslog Security Issues in Network Event Logging tls Transport Layer Security （0）安全綜述，闡述了安全的概念、術(shù)語、需求，給出了一般化的考慮、建議和機(jī)制，如1675、2196、2323、2504、3631、4949等。（1）密碼算法和協(xié)議/接口規(guī)范，比如RC2(2268)、MD5(1321)、PKCS/RSA(3447)、TLS(4346)、IKE(4306)、GSS-API、SASL等。（2）認(rèn)證授權(quán)和訪問控制規(guī)范，如RADIU

4、S(2865)、Diameter(3588)、Kerberos、等。（3）應(yīng)用規(guī)范，PGP(4880)、S/MIME、HTTP over TLS(2818)、IPSec、VPN、等。（4）其他規(guī)范。ISOFIPSFIPS，包括DES(46)、AES(197)、DSS(186)、HMAC(198)等；/publications/PubsFIPS.htmlFIPS-140FIPS 140標(biāo)準(zhǔn)歷史和發(fā)展情況 CMVPThe Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security

5、accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate sensitive,

6、but not classfied information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordanc

7、e with the requirements of FIPS 140-2.The CMVP was established by the U.S. National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada in July 1995.Validated modules listValidated FIPS 140-1 and FIPS 140-2 Cryptographic Module

8、s/groups/STM/cmvp/validation.html/groups/STM/cmvp/documents/140-1/140val-all.htm 與通用評估準(zhǔn)則（CC）的關(guān)系Common Criteria（CC）是業(yè)界安全功能和安全保障評估的通用準(zhǔn)則，并實(shí)現(xiàn)了國際互認(rèn)。而在美國NIAP體系下的CC產(chǎn)品評估，如果產(chǎn)品包括密碼模塊或者密碼算法，該產(chǎn)品的CC認(rèn)證證書上將標(biāo)明該產(chǎn)品是否通過FIPS 140認(rèn)證。事實(shí)上，CC和FIPS 140標(biāo)準(zhǔn)相輔相成，存在強(qiáng)烈的相關(guān)性，但關(guān)注點(diǎn)各有側(cè)重。在FIPS 140驗(yàn)證中，如果操作環(huán)境是可以更改的，那么CC的操作系統(tǒng)需求適用于安全級別2或者更高

9、。CC和FIPS 140-2標(biāo)準(zhǔn)分別關(guān)注產(chǎn)品測評的不同層面。FIPS 140-2測評針對定義的密碼模塊，并提供4個(gè)級別的一系列符合性測評包。FIPS 140-2描述了密碼模塊的需求，包括物理安全、密鑰管理、自評測、角色和服務(wù)等。該標(biāo)準(zhǔn)最初開發(fā)于1994年，早于CC標(biāo)準(zhǔn)。而CC是針對于具體的保護(hù)輪廓（PP）或者安全目標(biāo)（ST）的評估。典型的模式是某個(gè)PP可能涉及廣泛的產(chǎn)品范圍?？傊?，CC評估不能替代FIPS 140的密碼驗(yàn)證。FIPS 140-2中定義的四個(gè)安全級別也不能夠直接與CC預(yù)定義的任何EAL級別或者CC功能需求相對應(yīng)。CC認(rèn)證不能取代FIPS 140的認(rèn)證。X9PKCSP1363IEE

10、E P1363，制定關(guān)于橢圓曲線密碼算法等規(guī)范。/groups/1363/NESSIEBlock ciphers: MISTY1: Mitsubishi Electric Corp., Japan; Camellia: Nippon Telegraph and Telephone Corp., Japan and Mitsubishi Electric Corp., Japan; SHACAL-2: Gemplus, France; AES (Advanced Encryption Standard)* (USA FIPS 197) (Rijndael).Public-key encrypti

11、on: ACE Encrypt: IBM Zurich Research Laboratory, Switzerland; PSEC-KEM: Nippon Telegraph and Telephone Corp., Japan; RSA-KEM* (draft of ISO/IEC 18033-2).MAC algorithms and hash functions: Two-Track-MAC: K.U.Leuven, Belgium and debis AG, Germany; UMAC: Intel Corp., USA, Univ. of Nevada at Reno, USA,

12、IBM Research Laboratory, USA, Technion,Israel and Univ. of California at Davis, USA; CBC-MAC* (ISO/IEC 9797-1); HMAC* (ISO/IEC 9797-1); Whirlpool: Scopus Tecnologia S.A., Brazil and K.U.Leuven, Belgium; SHA-256*, SHA-384* and SHA-512* (USA FIPS 180-2).Digital signature algorithms: ECDSA: Certicom Corp., USA