ImageVerifierCode 换一换
格式:PDF , 页数:58 ,大小:2.94MB ,
资源ID:588329      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-588329.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 17825-2016 Information technology Security techniques Testing methods for the mitigation of non-invasive attack classes against cryptographic modules《信息技术 安全技术 降低密码模块非侵入.pdf)为本站会员(sofeeling205)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 17825-2016 Information technology Security techniques Testing methods for the mitigation of non-invasive attack classes against cryptographic modules《信息技术 安全技术 降低密码模块非侵入.pdf

1、BSI Standards PublicationBS ISO/IEC 17825:2016Information technology Security techniques Testingmethods for the mitigationof non-invasive attack classesagainst cryptographic modulesBS ISO/IEC 17825:2016 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO/IEC17825:2

2、016. The UK participation in its preparation was entrusted to TechnicalCommittee IST/33/3, Security Evaluation, Testing and Specification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessarypro

3、visions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 78158 2ICS 35.040Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published u

4、nder the authority of theStandards Policy and Strategy Committee on 31 January 2016.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO/IEC 17825:2016Information technology Security techniques Testing methods for the mitigation of non-invasive attack classes against cryp

5、tographic modulesTechonologie de linformation Techniques de scurit Methodes de test pour la protection contre les attaques non intrusives des modules cryptographiquesINTERNATIONAL STANDARDISO/IEC17825Reference numberISO/IEC 17825:2016(E)First edition2016-01-15 ISO/IEC 2016BS ISO/IEC 17825:2016ii ISO

6、/IEC 2016 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posti

7、ng on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22

8、749 09 47copyrightiso.orgwww.iso.orgISO/IEC 17825:2016(E)BS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)Foreword v1 Scope . 12 Normative references 13 Terms and definitions . 14 Symbols and abbreviated terms . 45 Document organization . 46 Non-invasive attack methods 47 Associated Security Functions 78 N

9、on-invasive Attack Test Methods . 98.1 Introduction 98.2 Test Strategy 98.3 Side-Channel Analysis Workflow 98.3.1 Core Test Flow 98.3.2 Side-Channel Resistance Test Framework 108.3.3 Required Vendor Information . 118.3.4 TA Leakage Analysis .128.3.5 SPA/SEMA Leakage Analysis 138.3.6 DPA/DEMA Leakage

10、 Analysis 149 Side-Channel Analysis of Symmetric-Key Cryptosystems .159.1 Introduction . 159.2 Timing Attacks . 159.3 SPA/SEMA 159.3.1 Attacks on Key Derivation Process 159.3.2 Collision Attacks 169.4 DPA/DEMA 169.4.1 Introduction 169.4.2 Test Vectors .189.4.3 Detailed Procedure .1910 ASCA on Asymme

11、tric Cryptography.2510.1 Introduction . 2510.2 Detailed Side-Channel Resistance Test Framework .2710.3 Timing Attacks . 2810.3.1 Introduction 2810.3.2 Standard Timing Analysis . 2810.3.3 Micro-Architectural Timing Analysis 2910.4 SPA/SEMA 2910.4.1 Introduction 2910.4.2 Standard SPA/SEMA 2910.4.3 Mar

12、kov SPA/SEMA 3010.5 DPA/DEMA 3010.5.1 Introduction 3010.5.2 Standard DPA/DEMA 3010.5.3 Address-Bit DPA/DEMA . 3211 Non-invasive attack mitigation pass/fail test metrics 3311.1 Introduction . 3311.2 Security Level 3 . 3411.2.1 Time Limit 3411.2.2 SPA and SEMA .3411.2.3 DPA and DEMA .3411.2.4 Timing A

13、nalysis 34 ISO/IEC 2016 All rights reserved iiiContents PageBS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)11.2.5 Pre-processing conditions in differential analysis 3411.2.6 Pass / Fail condition .3411.3 Security Level 4 . 3511.3.1 Time Limit 3511.3.2 SPA and SEMA .3511.3.3 DPA and DEMA .3511.3.4 Timing

14、Analysis 3511.3.5 Pre-processing conditions in differential analysis 3511.3.6 Pass / Fail condition .36Annex A (normative) Requirements for measurement apparatus 37Annex B (informative) Emerging attacks 38Annex C (informative) Quality criteria for measurement setups 40Annex D (informative) Chosen-in

15、put method to accelerate leakage analysis 42Bibliography .43iv ISO/IEC 2016 All rights reservedBS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide

16、standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fiel

17、ds of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.The procedures used to develop this do

18、cument and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,

19、 Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the devel

20、opment of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO s

21、pecific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/IEC JTC 1, Informat

22、ion technology, SC 27, IT Security techniques. ISO/IEC 2016 All rights reserved vBS ISO/IEC 17825:2016BS ISO/IEC 17825:2016Information technology Security techniques Testing methods for the mitigation of non-invasive attack classes against cryptographic modules1 ScopeThis International Standard spec

23、ifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790 for Security Levels 3 and 4. The test metrics are associated with the security functions specified in ISO/IEC 19790. Testing will be conducted at the defined boundary of t

24、he cryptographic module and I/O available at its defined boundary.The test methods used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790 and the test metrics specified in this International Standard for each of the associated se

25、curity functions specified in ISO/IEC 19790 are specified in ISO/IEC 24759. The test approach employed in this International Standard is an efficient “push-button” approach: the tests are technically sound, repeatable and have moderate costs.2 Normative referencesThe following documents, in whole or

26、 in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO/IEC 19790, Information technology Securi

27、ty techniques Security requirements for cryptographic modulesISO/IEC 24759, Information technology Security techniques Test requirements for cryptographic modules3 Terms and definitionsFor the purposes of this document, the terms and definitions given in ISO/IEC 19790 and the following apply.3.1adva

28、nced SCAASCAadvanced exploitation of the fact that the instantaneous side-channels emitted by a cryptographic device depends on the data it processes and on the operation it performs to retrieve secret parameters3.2correlation power analysisCPAanalysis where the correlation coefficient is used as st

29、atistical method3.3critical security parameterCSPsecurity related information whose disclosure or modification can compromise the security of a cryptographic moduleEXAMPLE Secret and private cryptographic keys, authentication data such as passwords, PINs, certificates or other trust anchors.INTERNAT

30、IONAL STANDARD ISO/IEC 17825:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)Note 1 to entry: A CSP can be plaintext or encrypted.SOURCE: ISO/IEC 19790:2012, definition 3.183.4CSP classclass into which a CSP is categorisedEXAMPLE Cryptographic keys, authentication

31、 data such as passwords, PINs, biometric authentication data.3.5differential electromagnetic analysisDEMAanalysis of the variations of the electromagnetic field emanated from a cryptographic module, using statistical methods on a large number of measured electromagnetic emanations values for determi

32、ning whether the assumption of the divided subsets of a secret parameter is correct, for the purpose of extracting information correlated to security function operation3.6differential power analysisDPAanalysis of the variations of the electrical power consumption of a cryptographic module, for the p

33、urpose of extracting information correlated to cryptographic operation3.7electromagnetic analysisEMAanalysis of the electromagnetic field emanated from a cryptographic module as the result of its logic circuit switching, for the purpose of extracting information correlated to security function opera

34、tion and subsequently the values of secret parameters such as cryptographic keys3.8horizontal attackHAmodus operandi where sensitive information is extracted from a single measurement split into several parts3.9implementation under testIUTimplementation which is tested based on methods specified in

35、this International Standard3.10mutual information analysisMIAanalysis of the mutual dependence of two random variables3.11power analysisPAanalysis of the electric power consumption of a cryptographic module, for the purpose of extracting information correlated to security function operation and subs

36、equently the values of secret parameters such as cryptographic keys3.12rectangle attackRAmodus operandi where the observations acquisition phase mix horizontal and vertical attacks2 ISO/IEC 2016 All rights reservedBS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)3.13side-channel analysisSCAexploitation of

37、the fact that the instantaneous side-channels emitted by a cryptographic device depends on the data it processes and on the operation it performs to retrieve secret parameters3.14simple electromagnetic analysisSEMAdirect (primarily visual) analysis of patterns of instruction execution or logic circu

38、it activities, obtained through monitoring the variations in the electromagnetic field emanated from a cryptographic module, for the purpose of revealing the features and implementations of cryptographic algorithms and subsequently the values of secret parameters3.15simple power analysisSPAdirect (p

39、rimarily visual) analysis of patterns of instruction execution (or execution of individual instructions), in relation to the electrical power consumption of a cryptographic module, for the purpose of extracting information correlated to a cryptographic operation3.16timing analysisTAanalysis of the v

40、ariations of the response or execution time of an operation in a security function, which may reveal knowledge of or about a security parameter such as a cryptographic key or PIN3.17vertical attackVAmodus operandi where sensitive information is extracted from different algorithm executions ISO/IEC 2

41、016 All rights reserved 3BS ISO/IEC 17825:2016ISO/IEC 17825:2016(E)4 Symbols and abbreviated termsFor the purposes of this document, the symbols and abbreviated terms given in ISO/IEC 19790 and the following apply.DLC Discrete Logarithm CryptographyECC Elliptic Curve CryptographyEM Electro-MagneticH

42、MAC keyed-Hashing Message Authentication CodeIFC Integer Factorization CryptographyMAC Message Authentication CodePC Personal ComputerPCB Printed Circuit BoardRBG Random Bit GeneratorRNG Random Number GeneratorUSB Universal Serial Bus* multiplication symbol exponentiation symbol5 Document organizati

43、onClause 6 of this International Standard specifies the non-invasive attack methods that a cryptographic module shall mitigate against for conformance to ISO/IEC 19790.Clause 7 of this International Standard specifies for each non-invasive attack method the associated security functions specified in

44、 ISO/IEC 19790.Clause 8 of this International Standard specifies the non-invasive attack test methods.Clause 9 of this International Standard specifies the test methods for side-channel analysis of symmetric-key cryptosystems.Clause 10 of this International Standard specifies the test methods for si

45、de-channel analysis of asymmetric-key cryptosystems.Clause 11 of this International Standard specifies the non-invasive attack mitigation pass/fail test metrics for each non-invasive attack method to demonstrate conformance to ISO/IEC 19790.This International Standard shall be used together with ISO

46、/IEC 24759 to demonstrate conformance to ISO/IEC 19790.6 Non-invasive attack methodsThis clause specifies the non-invasive attack methods that need to be addressed for conformance to ISO/IEC 19790.The non-invasive attacks use side-channels (information gained from the physical implementation of a cr

47、yptosystem) emitted by the IUT such as: Its power consumption,4 ISO/IEC 2016 All rights reservedBS ISO/IEC 17825:2016ISO/IEC 17825:2016(E) Its electromagnetic emissions, Its computation time.The number of possible side-channels can increase in the future (e.g. photonic emissions49, acoustic emanatio

48、ns, etc.)In order to be more formal in the attacks taxonomy, a formalism will allow the relationships to be highlighted between the different attacks and to have a systematic way to describe a new attack.An attack is described in the following way:-YYY refers to the statistical treatment used in the

49、 attack (e.g. S for Simple, C for Correlation, MI for Mutual Information, ML for Maximum Likelihood, D for Difference of Means, etc.).NOTE 1 Other statistical treatments can be inserted like dOC which corresponds to a correlation treatment exploiting dth order moments (obtained for instance by raising each targeted point in the traces to a power d, or by combining d points per trace before processing the correlation).XXX refers to the kind of observed side channel: e.g. PA for Power Analysis, E

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1