ImageVerifierCode 换一换
格式:PDF , 页数:22 ,大小:2MB ,
资源ID:396753      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396753.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 29192-1-2012 Information technology Security techniques Lightweight cryptography General《信息技术 保密技术 轻量级密码 总则》.pdf)为本站会员(registerpick115)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 29192-1-2012 Information technology Security techniques Lightweight cryptography General《信息技术 保密技术 轻量级密码 总则》.pdf

1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication Information technology Security techniques Lightweight cryptography Part 1: General BS ISO/IEC 29192-1:2012National foreword This British Standard is the UK implementation of

2、ISO/IEC 29192-1:2012. The UK participation in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provi

3、sions of a contract. Users are responsible for its correct application. The British Standards Institution 2012 Published by BSI Standards Limited 2012 ISBN 978 0 580 68097 7 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was publish

4、ed under the authority of the Standards Policy and Strategy Committee on 31 July 2012. Amendments issued since publication Amd. No. Date Text affected BRITISH STANDARD BS ISO/IEC 29192-1:2012 Reference number ISO/IEC 29192-1:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 29192-1 First edition 20

5、12-06-01 Information technology Security techniques Lightweight cryptography Part 1: General Technologies de linformation Techniques de scurit Cryptographie pour environnements contraints Partie 1: Gnralits BS ISO/IEC 29192-1:2012ISO/IEC 29192-1:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All

6、rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of

7、 the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2012 All rights reservedBS ISO/IEC 29192-1:2012ISO/IEC 29192-1:2012(E) ISO/IEC 2012 All rights reserved iiiC

8、ontents Page Foreword iv Introduction . v 1 Scope 1 2 Terms and definitions . 1 3 Categories of constraints for lightweight cryptography . 2 3.1 Chip area 2 3.2 Energy consumption . 2 3.3 Program code size and RAM size 2 3.4 Communication bandwidth 2 3.5 Execution time . 3 4 Requirements . 3 4.1 Sec

9、urity requirements . 3 4.2 Classification requirements . 3 4.3 Implementation requirements 4 5 Lightweight cryptographic mechanisms 5 5.1 Block ciphers . 5 5.2 Stream ciphers . 6 5.3 Mechanisms using asymmetric techniques . 6 Annex A (informative) Selection criteria for inclusion of mechanisms in IS

10、O/IEC 29192 . 7 Annex B (informative) Obtaining metrics for hardware implementation comparison . 8 Annex C (normative) Metrics for hardware targeted block and stream ciphers 11 Annex D (informative) Gate equivalents . 12 Bibliography 13 BS ISO/IEC 29192-1:2012ISO/IEC 29192-1:2012(E) iv ISO/IEC 2012

11、All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Stand

12、ards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and

13、IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee i

14、s to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the poss

15、ibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29192-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Sec

16、urity techniques. ISO/IEC 29192 consists of the following parts, under the general title Information technology Security techniques Lightweight cryptography: Part 1: General Part 2: Block ciphers Part 3: Stream ciphers Part 4: Mechanisms using asymmetric techniques Further parts may follow. BS ISO/I

17、EC 29192-1:2012ISO/IEC 29192-1:2012(E) ISO/IEC 2012 All rights reserved vIntroduction ISO/IEC 29192 is a multi-part International Standard that specifies lightweight cryptography for the purposes of data confidentiality, authentication, identification, non-repudiation, and key exchange. Lightweight

18、cryptography is suitable in particular for constrained environments. The constraints normally encountered can be any of the following: chip area; energy consumption; program code size and RAM size; communication bandwidth; execution time. The purpose of ISO/IEC 29192 is to specify standardized mecha

19、nisms which are suitable for lightweight cryptographic applications, including radiofrequency identification (RFID) tags, smart cards (e.g. contactless applications), secure batteries, health-care systems (e.g. Body Area Networks), sensor networks, etc. This part of ISO/IEC 29192 sets the security r

20、equirements, classification requirements and implementation requirements of mechanisms that are proposed for inclusion in subsequent parts of ISO/IEC 29192. Lightweight cryptography delivers adequate security in the context for which it is intended. The cryptographic mechanisms standardized in ISO/I

21、EC 29192 provide their full security strength if they are used within the limitations of the mechanisms as specified. EXAMPLE For a block cipher with a block size of n bits and a key size of k bits, when limiting the use of the block cipher to encrypting no more than 2n/2 blocks of plaintext under a

22、 single key in say counter mode, it will provide k-bit security. The security degrades with more than 2n/2 blocks. There are overlaps in some security techniques between ISO/IEC 29192 and existing standards such as ISO/IEC 18033, ISO/IEC 9798, and ISO/IEC 11770. The exclusion of particular mechanism

23、s does not imply that these mechanisms are not suitable for lightweight cryptography. The criteria used to select the cryptographic mechanisms specified in subsequent parts of ISO/IEC 29192 are described in Annex A. BS ISO/IEC 29192-1:2012INTERNATIONAL STANDARD ISO/IEC 29192-1:2012(E) ISO/IEC 2012 A

24、ll rights reserved 1Information technology Security techniques Lightweight cryptography Part 1: General 1 Scope This part of ISO/IEC 29192 provides terms and definitions that apply in subsequent parts of ISO/IEC 29192. This part of ISO/IEC 29192 sets the security requirements, classification require

25、ments and implementation requirements for mechanisms that are proposed for inclusion in subsequent parts of ISO/IEC 29192. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 chip area area occupied by a semiconductor circuit 2.2 communication ba

26、ndwidth number of bits per second that can be transmitted over a specified communication channel 2.3 energy consumption power consumption over a certain time period NOTE In ISO/IEC 29192, energy consumption during the cryptographic process is evaluated. In some constrained devices the total energy r

27、equired to perform the cryptographic operation is important, for instance, in RFID and sensors. 2.4 gate equivalent unit of measure which allows for the specification of the complexity of digital electronic circuits, commonly the silicon area of a two-input drive-strength-one NAND gate 2.5 latency d

28、elay introduced by the cryptographic mechanism in real-time communication systems 2.6 lightweight cryptography cryptography tailored for implementation in constrained environments NOTE The constraints can be aspects such as chip area, energy consumption, memory size, or communication bandwidth. BS I

29、SO/IEC 29192-1:2012ISO/IEC 29192-1:2012(E) 2 ISO/IEC 2012 All rights reserved2.7 program code size size of a cryptographic mechanism code in bytes 2.8 RAM size size of temporary storage space a cryptographic mechanism requires in random access memory including the registers in the processor 2.9 secu

30、rity strength number associated with the amount of work (i.e. the number of operations) that is required to break a cryptographic algorithm or system NOTE 1 A security strength of n implies that the required workload of breaking the cryptosystem is equivalent to 2n executions of the cryptosystem. NO

31、TE 2 In ISO/IEC 29192, security strength is specified in bits, e.g. 80, 112, 128, 192, and 256. 2.10 short input performance performance of the cryptographic primitive when processing short messages 2.11 side-channel attack attack based on information gained from the physical implementation of a cry

32、ptosystem, rather than on brute force or theoretical weaknesses in the underlying algorithms EXAMPLE Timing information, power consumption, or electromagnetic emissions can provide extra sources of information and can be exploited to attack the system. 3 Categories of constraints for lightweight cry

33、ptography 3.1 Chip area Where cryptographic mechanisms are implemented in hardware, the actual chip area that the cryptographic mechanism requires may be constrained in some applications (e.g. RFID tags). For the purposes of this international standard, the chip area will be measured in gate equival

34、ents. 3.2 Energy consumption Energy consumption can be constrained in lightweight cryptography applications. Energy consumption is related to several factors including the processing time, the chip area (when implemented in hardware), the operating frequency and the number of bits transmitted betwee

35、n entities (in wireless transmissions, in particular). To minimize energy consumption, all of the related factors should be considered. 3.3 Program code size and RAM size Program code size (loosely referred to as ROM) and RAM size can be constrained on what are loosely referred to as low end process

36、ors. These processors have simple instruction sets and limited space available for the program code, as well as limited available space in RAM for computations (e.g. embedded processors) when compared to general purpose computer processors. 3.4 Communication bandwidth Communication bandwidth is limi

37、ted in certain cases with respect to the maximum number of bits that can be transmitted during a session (e.g. RFID tags). Mechanisms that fall into this category are therefore tailored to BS ISO/IEC 29192-1:2012ISO/IEC 29192-1:2012(E) ISO/IEC 2012 All rights reserved 3be more economical with regard

38、 to the number of bits that need to be transmitted over the communications channel when compared to other more generally used cryptographic mechanisms. 3.5 Execution time For some applications such as contactless cards and RFID, for correct operation the execution time is constrained by the implemen

39、tation (e.g. how long the card/token is present in the field). Note that this constraint typically occurs in applications where the constraints treated in previous subsections also apply. 4 Requirements 4.1 Security requirements In ISO/IEC 29192, the security strength of a cryptographic mechanism is

40、 measured as defined in 2.9. This notion can be used for different cryptographic mechanisms. Two mechanisms are considered to be of comparable strength if the amount of work needed to break the mechanisms or determine the keys is approximately the same using a given resource. In ISO/IEC 29192, 80-bi

41、t security is considered to be the minimum security strength for lightweight cryptography. Resistance against side-channel attacks may be important in some applications of lightweight cryptography. Countermeasures against side-channel analysis often require additional chip area (for hardware targete

42、d algorithms) or additional program code (for software targeted algorithms). The countermeasures vary depending on the technology, and the specific side-channel method applicable to a specific implementation. Side-channel resistance is therefore outside the scope of this international standard. NOTE

43、 Many organisations recommend using cryptographic mechanisms with more than 80-bit security after 2010. However, there are some lightweight cryptographic applications that may allow lower security requirements, i.e. do not have to assume all powerful adversaries. In cases where 80-bit keys are used,

44、 this implies that less data can be encrypted safely with a single key before rekeying is required. It is therefore important that designers of cryptographic security systems make sure that the safe operation limitations of lightweight cryptographic mechanisms are not exceeded for a single key. The

45、ECRYPT2 yearly report 2009-2010 6 recommends 80-bit security for very short-term protection against intelligence agencies with a budget of $300M or for long-term protection against small organizations with budget of $10k. For more references and information regarding key length selection, see Standi

46、ng Document 12 of ISO/IEC JTC 1/SC 27 at http:/www.jtc1sc27.din.de/sbe/SD12. 4.2 Classification requirements For a cryptographic mechanism to be classified as lightweight, it shall (by definition of ISO/IEC 29192) be tailored for a combination of the categories defined in Clause 3. For each category

47、 a lightweight cryptographic mechanism is tailored to, indication of the category of tailoring shall be made and evidence shall be provided that the lightweight cryptographic mechanism is suitable for the claimed category (e.g. the chip area, the energy consumption etc.). Note that a cryptographic m

48、echanism tailored only for execution time is not always considered to be lightweight. All evidence of suitability for a particular category shall be based on theoretical evidence, which may be further substantiated by actual implementation evidence. All claims of actual implementation evidence shall

49、 be fully documented so as to be verifiable. EXAMPLE Mechanism A claims to be tailored to be suitable for low energy for communication systems. This claim can be substantiated theoretically by comparing the number of bits transmitted resulting from the use of mechanism A, compared to other mechanisms commonly in use that are not considered to be lightweight mechanisms. The claim can be further substantiated by referencing practical implementations in which the energy consumption is experimentall

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1