ImageVerifierCode 换一换
格式:PDF , 页数:23 ,大小:276.44KB ,
资源ID:733234      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-733234.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI GR QSC 004-2017 Quantum-Safe Cryptography Quantum-Safe threat assessment (V1 1 1)《量子安全密码 量子安全威胁评估(V1 1 1)》.pdf)为本站会员(jobexamine331)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI GR QSC 004-2017 Quantum-Safe Cryptography Quantum-Safe threat assessment (V1 1 1)《量子安全密码 量子安全威胁评估(V1 1 1)》.pdf

1、 ETSI GR QSC 004 V1.1.1 (2017-03) Quantum-Safe Cryptography; Quantum-Safe threat assessment Disclaimer The present document has been produced and approved by the Quantum-Safe Cryptography (QSC) ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this

2、 ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP REPORT ETSI ETSI GR QSC 004 V1.1.1 (2017-03) 2 Reference DGR/QSC-004 Keywords quantum cryptography, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 9

3、3 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/

4、or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print

5、 of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at

6、https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means

7、, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. Europe

8、an Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partner

9、s. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GR QSC 004 V1.1.1 (2017-03) 3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative refe

10、rences 5g33 Abbreviations . 6g34 Overview of approach to threat assessment . 6g35 Assessment of Quantum Computing timetable 8g35.1 Overview 8g35.2 QC requirements for Shors algorithm 9g35.3 QC requirements for Grovers algorithm 9g36 Threat assessment against aspects of QC deployments 9g36.1 Algorith

11、m vulnerabilities . 9g36.1.1 Overview 9g36.1.2 Symmetric algorithms . 10g36.1.3 Public key cryptography . 10g36.1.4 Random number generation 10g36.2 Security Protocols. 11g36.2.1 Introduction. 11g36.2.2 Transport Layer Security (TLS) 11g36.2.3 Internet Protocol Security (IPSec)/Internet Key Exchange

12、 (IKE) 11g36.2.4 Secure/Multipurpose Internet Mail Exchange (S/MIME) . 12g36.2.5 Public Key Infrastructure (PKI) 12g36.2.6 Application of security protocols 12g37 Industry specific issues . 13g37.1 Banking and e-commerce . 13g37.2 Intelligent Transport Systems . 13g37.3 eHealth . 15g37.4 Trusted Pla

13、tform Modules 17g37.5 Digital Media and Content Protection 18g37.5.1 System overview . 18g37.5.2 Digital Transmission Licensing Authority (DTLA) . 18g37.5.3 Digital Living Network Alliance (DLNA) 18g37.5.4 Advanced Access Content System Licensing Authority (AACSLA) . 18g38 Summary, conclusions and r

14、ecommendations . 19g3Annex A: Authors Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation,

15、 including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Group Report (GR) has bee

16、n produced by ETSI Industry Specification Group (ISG) Quantum-Safe Cryptography (QSC). Modal verbs terminology In the present document “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal

17、 forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction Quantum Computers (QC) represent a paradigm shift in computing and the result of having any quantum computer of reasonable size, and availability, is

18、 that the existing hard problems upon which the asymmetric cryptography domain is built will not be considered hard anymore. The simple result is that asymmetric cryptography, using Elliptic Curves, or number factorization, will be invalidated. Similarly, there will be an impact on the security leve

19、l afforded by symmetric cryptographic schemes. Much of the this is well known and documented in ETSIs White Paper i.2, and in the ETSI Guide on the impact of quantum computing on business continuity i.4 and many other places. The purpose of the present document is to expand a little on the previous

20、publications in this field but with a general reflection that the concern (worry) regarding a quantum computing attack is not going to have the same impact across all users of quantum vulnerable cryptography. The present document gives a very simplified consideration of the attack likelihood for whe

21、n a viable QC exists and reflects that risk against the business sectors requirements, in order to know how to use cryptographic technology in the sector. This is used to assist industry in determining how long they have to respond to the availability of QC and retain trust and security in their ope

22、rations. ETSI ETSI GR QSC 004 V1.1.1 (2017-03) 5 1 Scope The present document presents the results of a simplified threat assessment following the guidelines of ETSI TS 102 165-1 i.3 for a number of use cases. The method and key results of the analysis is described in clause 4. The present document

23、makes a number of assumptions regarding the timescale for the deployment of viable quantum computers, however the overriding assertion is that quantum computing will become viable in due course. This is examined in more detail in clause 5. The impact of quantum computing attacks on the cryptographic

24、 deployments used in a number of existing industrial deployment scenarios are considered in clause 7. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative references References are either specific (identified by date of publication an

25、d/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of

26、 publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI White Paper Quantum Safe Cryptography V1.0.0 (2014-10): “Quantum

27、Safe Cryptography and Security; An introduction, benefits, enablers and challenges“; ISBN 979-10-92620-03-0. i.2 Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, Journal Of Cryptology, vol. 14, p. 255-293, 2001. i.3 ETSI TS 102 165-1: “Telecommunications and Internet converge

28、d Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.4 ETSI EG 203 310 (V1.1.1): “ CYBER; Quantum Computing Impact on security of ICT Systems; Recommendations on Business Continuity and Algorithm Se

29、lection“. i.5 ISO/HL7 21731:2014 Health informatics - HL7 version 3 - Reference information model - Release 4. i.6 Digital Living Network Alliance: DNLA Guidelines. NOTE: Available from http:/www.dlna.org/guidelines/ i.7 Advanced Access Content System (AACS): Introduction and Common Cryptographic El

30、ements. NOTE: Available from http:/ i.8 ETSI TS 102 940: “Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management“. ETSI ETSI GR QSC 004 V1.1.1 (2017-03) 6 3 Abbreviations For the purposes of the present document, the following abbreviations ap

31、ply: AACS Advanced Access Control System AACSLA Advanced Access Content System Licensing Authority AEAD Authenticated Encryption with Associated Data AES Advanced Encryption Standard CA Certificate Authority CAM Co-operative Awareness Message CIA Confidentiality Integrity AvailabilityDEM Event Notif

32、ication Message DH Diffie Hellman DHCP Dynamic Host Configuration PRotocol DLNA Digital Living Network Alliance DSA Digital Signature Algorithm DTCP Digital Transmission Content Protection DTLA Digital Transmission Licensing Authority DTS Datagram TLS EAP Extensible Authentication Protocol EC Ellipt

33、ic Curve ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithms EV Extended Validation (Certificate) HRNG Hardware Random Number Generator ICT Information & Communication Technology IKE Internet Key Exchange IP Internet Protocol ITS Intel

34、ligent Transport System ITS-S Intelligent Transport System Station LAN Local Area Network MAC Message Authentication Code PKI Public Key Infrastructure QC Quantum Computer or Quantum Computing QSC Quantum-Safe Cryptography RSA Rivest Shamir Adleman TCP Transmission control Protocol TLS Transport Lay

35、er Security TPM Trusted Platform Module UDP User Datagram Protocol VPN Virtual Private Network WAP Wi-Fi Protected Access XML eXtensible Markup Language 4 Overview of approach to threat assessment Threat assessment in most environments consider 2 metrics: Likelihood of an attack and impact of the at

36、tack. Underlying these metrics are a further set of metrics addressing such issues as availability requirements (i.e. time needed to access the vulnerability), equipment (i.e. the complexity or cost of equipment needed to launch the attack) and so forth which are described in some detail in ETS TS 1

37、02 165-1 i.3. The calculation of risk is taken most often as the product of likelihood and impact and categorized as high, medium or low (different risk management systems may use more than 3 classifications but ETSIs approach has only considered 3 with a view to defining countermeasures against hig

38、h and medium risk vulnerabilities). The considerations behind the security of most cryptographic systems is that the security strength of an algorithm is optimal when the only feasible attack is brute force evaluation of the key space. ETSI ETSI GR QSC 004 V1.1.1 (2017-03) 7 ETSI EG 203 310 i.4 stat

39、es (with some editorial extensions): “ if the promise of quantum computing holds true then the following impacts will be immediate on the assumption that the existence of viable quantum computing resources will be used against cryptographic deployments: Symmetric cryptographic strength will be halve

40、d, e.g. AES with 128 bit keys giving 128 bit strength will be reduced to 64 bit strength (in other words to retain 128 bit security will require to implement 256 bit keys). Elliptic curve cryptography will offer no security. RSA based public key cryptography will offer no security. The Diffie-Hellma

41、n-Merkle key agreement protocol will offer no security. NOTE: The common practice is to refer to the key agreement protocol developed by Messrs Diffie, Hellman and Merkle as simply the Diffie-Hellman or DH protocol as the formal recognition of Merkles role was made after DH became the accepted term.

42、 With the advent of realizable Quantum Computers, everything that has been transmitted or stored and that has been protected by one of the known to be vulnerable algorithms, or that will ever be stored or transmitted, will become unprotected and thus vulnerable to public disclosure.“ The purpose of

43、threat assessment is, in part, to identify where protective measures should be applied for countering the threat. The quantification of risk assists this by addressing those parts of the system most vulnerable and recommending where countermeasures should be applied. For the specific case of the imp

44、act of quantum Computing on the security of ICT systems as addressed by ETSI EG 203 310 i.4 the broad assertion for business continuity is that systems have to be developed and deployed to be crypto-agile. The intent is to ensure that processes are in place that allow algorithms and keys to be chang

45、ed across the business quickly enough to counter the viable introduction of quantum computers. The factors to be considered in assessment of the likelihood element in determining the potential of an attack are the following: System knowledge: For the majority of crypto-systems under consideration, i

46、t should be assumed that the algorithms are public knowledge (e.g. RSA, ECC (various modes). Time: For those systems open to attack by quantum computing, it is assumed that no new vulnerability is exposed, rather than a quantum computer invalidates the core assertion of a solution to the underlying

47、problem is infeasible without access to the key itself. Thus the time factor for access to material to retrieve the private key of an asymmetric pair is treated as essentially null (using the formulation given in ETSI TS 102 165-1 i.3 the term is “an attack can be identified or exploited in less tha

48、n an hour“). Expertise: There is comparatively little expertise in the programming of quantum computers even if some algorithms, like Shors and Grovers, have been well described. However, the ability to take the data from a public key certificate and feed it into a well-defined instance of Shors alg

49、orithm and to retrieve the private key is likely to be trivial and to tend towards the laymen end of the expertise scale. Opportunity: Only access to the public key certificate is required and this is public by default, hence there is no barrier to opportunity to the input data to an attack. Equipment: Assuming access to the input data, the barrier to breaking existing asymmetric cryptography is the existence of a viable quantum computer. For the cur

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1