ImageVerifierCode 换一换
格式:PDF , 页数:34 ,大小:2MB ,
资源ID:396254      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396254.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 11770-6-2016 Information technology Security techniques Key management Key derivation《信息技术 安全技术 密匙管理 密钥导出》.pdf)为本站会员(syndromehi216)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 11770-6-2016 Information technology Security techniques Key management Key derivation《信息技术 安全技术 密匙管理 密钥导出》.pdf

1、BS ISO/IEC 11770-6:2016 Information technology Security techniques Key management Part 6: Key derivation BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO/IEC 11770-6:2016 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/

2、IEC 11770-6:2016. The UK participation in its preparation was entrusted to Technical Committee IST/33/2, Cryptography and Security Mechanisms. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the neces

3、sary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 85013 4 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard

4、was published under the authority of the Standards Policy and Strategy Committee on 31 October 2016. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 11770-6:2016 Information technology Security techniques Key management Part 6: Key derivation Technologies de lin

5、formation Techniques de scurit Gestion de cls Partie 6: Drivation de cls INTERNATIONAL STANDARD ISO/IEC 11770-6 Reference number ISO/IEC 11770-6:2016(E) First edition 2016-10-01 ISO/IEC 2016 BS ISO/IEC 11770-6:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Publish

6、ed in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permissio

7、n can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 11770-6:2016(E)BS ISO/IEC

8、11770-6:2016ISO/IEC 11770-6:2016(E)Foreword v Introduction vi 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Symbols and abbreviations . 3 4.1 Symbols . 3 4.2 Abbreviations . 4 4.3 Notation 4 5 Key derivation techniques 4 5.1 Model . 4 5.2 Types of key derivation function . 5 5.

9、3 Relationship to key management life cycle 6 5.4 Use of a key derivation function . 6 6 One-step key derivation functions . 6 6.1 General . 6 6.2 One-step key derivation function 1 (OKDF1) . 7 6.2.1 General 7 6.2.2 Requirements for use . 7 6.2.3 Operation of function . 7 6.3 One-step key derivation

10、 function 2 (OKDF2) . 8 6.3.1 General 8 6.3.2 Requirements for use . 8 6.3.3 Operation of function . 8 6.4 One-step key derivation function 3 (OKDF3) . 9 6.4.1 General 9 6.4.2 Requirements for use . 9 6.4.3 Operation of function . 9 6.5 One-step key derivation function 4 (OKDF4) . 9 6.5.1 General 9

11、6.5.2 Requirements for use 10 6.5.3 Operation of function 10 6.6 One-step key derivation function 5 (OKDF5) 10 6.6.1 General.10 6.6.2 Requirements for use 11 6.6.3 Operation of function 11 6.7 One-step key derivation function 6 (OKDF6) 11 6.7.1 General.11 6.7.2 Requirements for use 12 6.7.3 Operatio

12、n of function 12 7 Two-step key derivation functions .12 7.1 General 12 7.2 Key extraction function .13 7.2.1 Key extraction function 1 (KTF1) .13 7.3 Key expansion functions 14 7.3.1 Key expansion function 1 (KPF1) .14 7.3.2 Key expansion function 2 (KPF2) .15 7.3.3 Key expansion function 3 (KPF3)

13、.16 7.3.4 Key expansion function 4 (KPF4) .17 7.4 Two-step KDFs .18 7.4.1 Two-step key derivation function 1 (TKDF1) 18 7.4.2 Two-step key derivation function 2 (TKDF2) 18 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 11770-6:2016ISO/IEC 11770-6:2016(E)7.4.3 Two-step key derivation fu

14、nction 3 (TKDF3) 19 7.4.4 Two-step key derivation function 4 (TKDF4) 19 Annex A (normative) Object identifiers .20 Annex B (informative) Guidance on use .21 Bibliography .23 iv ISO/IEC 2016 All rights reservedBS ISO/IEC 11770-6:2016ISO/IEC 11770-6:2016(E) Foreword ISO (the International Organization

15、 for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective

16、 organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information te

17、chnology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types

18、 of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not b

19、e held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is infor

20、mation given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformit y assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical B

21、arriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. A list of all parts in the ISO/IEC 11770 series can be found on the ISO website. ISO/IEC 2016

22、 All rights reserved vBS ISO/IEC 11770-6:2016ISO/IEC 11770-6:2016(E) Introduction The establishment of shared secret cryptographic keys is a fundamental key management service. It is a prerequisite for the use of a range of symmetric cryptographic techniques, including symmetric encryption for confi

23、dentiality protection, and message authentication codes (MACs) for integrity protection and data origin authentication. Key derivation techniques enable such keys to be generated from pre-existing secrets and have a range of possible applications. Two particularly important applications are as follo

24、ws. First, while two (or more) parties might share secret information, this secret information might not be suitable for immediate use as input to an encryption algorithm or a message authentication code scheme. For example, the initial secret information might not be distributed randomly across the

25、 entire space of possible values, or an unauthorized third party might have partial information about it. A key derivation function (or a key extraction function) can be used to resolve this issue by taking the secret information as input, perhaps together with other non-secret material, and giving

26、a suitable secret key as output. Second, a number of secret keys might be required for different purposes, e.g. for different applications or for input to different cryptographic functions. Again, a key derivation function (or a key expansion function) can be used to meet this requirement by taking

27、secret information, perhaps together with other non-secret material, as input, and giving a secret key, or keys, as output. The secret information might, for example, be shared by two or more parties, and the generated secret keys could then be used to protect data exchanged between these parties vi

28、a untrusted channels; alternatively, the secret information might only be known by a single party, and the generated keys could then be used to protect data stored by that party in untrusted locations. This document is concerned with such key derivation techniques. Two general classes of key derivat

29、ion techniques are specified, namely one-step and two-step functions, both of which can be used to generate either a single key or multiple keys. One-step functions transform the input information into one or more keys in a single operation. Two-step functions first transform the input information i

30、nto a secret MAC key, which is then used in the second step (which can be executed multiple times) to generate one or more secret keys for use in applications. The choice between one-step and two-step functions depends on two main things: the nature of the available secret input to the key derivatio

31、n function, and the way in which the secret input is to be used. For example, if the available secret input is already in the form of a secret key, then a one-step function will normally be appropriate. Also, regardless of the nature of the secret input, if the function is to be used only once with

32、a particular set of secret inputs, then again a one-step function will typically be appropriate. However, if the secret input is not in the form of a secret key, and the same secret input is to be used multiple times to generate one or more keys, then a two-step function is likely to be appropriate,

33、 where the first step is performed once to generate a MAC key and the second step is performed whenever a new key is, or keys are, to be generated from the MAC key. This document defines a range of one-step key derivation functions. It also defines examples of both key extraction functions and key e

34、xpansion functions, where a key extraction function can be combined with a key expansion function to define a two-step key derivation function.vi ISO/IEC 2016 All rights reservedBS ISO/IEC 11770-6:2016Information technology Security techniques Key management Part 6: Key derivation 1 Scope This docum

35、ent specifies key derivation functions, i.e. functions which take secret information and other (public) parameters as input and output one or more “derived” secret keys. Key derivation functions based on MAC algorithms and on hash-functions are specified. 2 Normative references The following documen

36、ts are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 9797 (all

37、parts), Information technology Security techniques Message Authentication Codes (MACs) ISO/IEC 10118 (all parts), Information technology Security techniques Hash-functions 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO/IEC 11770-1 and the followi

38、ng apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at http:/ /www.electropedia.org/ ISO Online browsing platform: available at http:/ /www.iso.org/obp 3.1 entropy measure of the disorder, randomness or variabilit

39、y in a closed system Note 1 to entry: The particular measure of entropy that is used in the document is discussed in 5.1. 3.2 hash-function function which maps strings of bits of variable (but usually upper bounded) length to fixed-length strings of bits Note 1 to entry: Cryptographic requirements o

40、n hash-functions employed for the purposes of this document are considered in 6.1. INTERNATIONAL ST ANDARD ISO/IEC 11770-6:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 11770-6:2016ISO/IEC 11770-6:2016(E) 3.3 key derivation function KDF function which takes as input a number of parameters, at

41、 least one of which shall be secret, and which gives as output keys appropriate for the intended algorithm(s) and applications Note 1 to entry: Cryptographic requirements on key derivation functions are specified in 5.1. Note 2 to entry: Key derivation functions are also sometimes known as “key gene

42、rating functions.” 3.4 key expansion function KPF function which takes as input a number of parameters, at least one of which shall be a secret key, and which gives as output keys appropriate for the intended algorithm(s) and applications Note 1 to entry: Cryptographic requirements on key expansion

43、functions are specified in 7.1. Note 2 to entry: All the KPFs specified in this document are based on a MAC algorithm. 3.5 key extraction function KTF function which takes as input a number of parameters, at least one of which shall be secret, and which gives as output a key suitable for use as inpu

44、t to a key expansion function Note 1 to entry: Cryptographic requirements on key extraction functions are specified in 7.1. 3.6 message authentication code MAC string of bits which is the output of a MAC algorithm SOURCE: ISO/IEC 9797-1:2011, 3.9 modified, Note 1 to entry removed 3.7 message authent

45、ication code algorithm MAC algorithm algorithm for computing a function which maps strings of bits and a secret key to fixed-length strings of bits, satisfying the following two properties: for any key and any input string, the function can be computed efficiently; for any fixed key, and given no pr

46、ior knowledge of the key, it is computationally infeasible to compute the function value on any new input string, even given knowledge of a set of input strings and corresponding function values, where the value of the ith input string might have been chosen after observing the value of the first i

47、1 function values (for integers i 1) Note 1 to entry: A MAC algorithm is sometimes called a “cryptographic check function.” Note 2 to entry: Computational feasibility depends on the users specific security requirements and environment. Note 3 to entry: Additional cryptographic requirements for MAC a

48、lgorithms employed for the purposes of this document are specified in 6.1 and 7.1. 3.8 message authentication code key MAC key bit string suitable for use as a key input to a MAC algorithm2 ISO/IEC 2016 All rights reservedBS ISO/IEC 11770-6:2016ISO/IEC 11770-6:2016(E) 3.9 one-step key derivation fun

49、ction OKDF key derivation function which operates in a single stage, in contrast to key derivation functions involving separate key-extraction and key-expansion stages (cf. 3.12) 3.10 salt value used as input to a key derivation function, a key expansion function or a key extraction function, which might not be a secret 3.11 secret information bit string used as input to a KDF or a KTF, which shall be known only to entities which are authorized to agree upon the key or

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1