没有合适的资源?快使用搜索试试~ 我知道了~
800-21 Guideline for implementing crytography in the federal gov...
需积分: 3 0 下载量 29 浏览量
2012-11-08
16:58:13
上传
评论
收藏 611KB PDF 举报
温馨提示
试读
138页
安全标准800-21 Guideline for implementing crytography in the federal government
资源推荐
资源详情
资源评论
NIST Special Publication 800-21
Guideline for Implementing
Cryptography in the
Federal Government
Annabelle Lee
Security Technology Group
Computer Security Division
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
November, 1999
U.S. Department of Commerce
William M. Daley, Secretary
Technology Administration
Dr. Cheryl L. Shavers, Under Secretary of Commerce for Technology
National Institute of Standards and Technology
Raymond G. Kammer, Director
ii
iii
GUIDELINE FOR IMPLEMENTING
CRYPTOGRAPHY IN THE FEDERAL GOVERNMENT
1. INTRODUCTION............................................................................................ 1
1.1. Purpose.................................................................................................... 1
1.2. Audience .................................................................................................. 1
1.3. Scope....................................................................................................... 2
1.4. Content..................................................................................................... 3
1.5. Uses of Cryptography............................................................................... 4
2. STANDARDS AND CRITERIA....................................................................... 6
2.1. Benefits of Standards............................................................................... 7
2.2. Standards Organizations.......................................................................... 8
2.2.1. American National Standards Institute (ANSI) ................................... 8
2.3.2. Institute of Electrical and Electronics Engineers (IEEE) ................... 11
2.2.2. Internet Engineering Task Force (IETF)........................................... 11
2.2.3. International Organization for Standardization (ISO)........................ 12
2.3. Common Criteria .................................................................................... 12
2.4. FIPS Waiver Procedure.......................................................................... 13
3. SOME IMPLEMENTATION ISSUES............................................................ 14
3.1. Interfaces/Use of CAPIs......................................................................... 14
3.2. Hardware vs. Software Solutions ........................................................... 14
3.2.1. Public vs. Secret Key Cryptography................................................. 15
3.3. Key Management................................................................................... 15
3.3.1. Key Generation ................................................................................ 17
3.3.2. Key Use............................................................................................ 18
3.3.3. Key Archiving ................................................................................... 19
3.3.4. Key Destruction................................................................................ 20
3.4. Authentication ........................................................................................ 20
3.4.1. Traditional (Weak) Authentication .................................................... 20
3.4.2. Authentication Using Dynamic Authentication Data ......................... 21
3.4.3. Authentication Against Active Attacks .............................................. 22
4. CRYPTOGRAPHY METHODS .................................................................... 23
4.1. Symmetric/Secret Key Cryptography ..................................................... 23
4.1.1. Symmetric/Secret Encryption........................................................... 23
4.1.2. Message Authentication Code ......................................................... 27
4.2. Hash Functions ...................................................................................... 28
4.2.1. SHA and SHA-1 ............................................................................... 28
4.3. Asymmetric Key Cryptography............................................................... 29
4.3.1. Digital Signatures ............................................................................. 29
4.3.2. Key Transport/Agreement ................................................................ 37
4.4. Key Management................................................................................... 42
5. PUBLIC KEY INFRASTRUCTURE (PKI) ..................................................... 44
5.1. Public Key Infrastructure (PKI) Overview ............................................... 44
5.2. PKI Architectures ................................................................................... 45
5.3. Security Policies of Other CAs and the Network .................................... 46
iv
5.4. Interoperability........................................................................................ 46
5.5. Minimum Interoperability Specification for PKI Components (MISPC) ... 47
5.6. Federal PKI Architecture ........................................................................ 48
5.6.1. Architecture Components................................................................. 49
5.6.2. Operational Concept ........................................................................ 51
5.6.3. Federal PKI (FPKI) Steering Committee .......................................... 52
6. TESTING...................................................................................................... 53
6.1. Cryptographic Module Validation Program (CMVP) ............................... 55
6.1.1. Background...................................................................................... 55
6.1.2. FIPS PUB 140-1 Requirements ....................................................... 58
6.1.3. Validated Modules List ..................................................................... 60
6.1.4. Effective Use of FIPS PUB 140-1..................................................... 60
6.2. National Voluntary Laboratory Accreditation Program (NVLAP) ............ 60
6.3. Industry and Standards Organizations ................................................... 60
6.3.1. National Information Assurance Partnership (NIAP) ........................ 61
6.4. Certification and Management Authorization.......................................... 61
7. SELECTING CRYPTOGRAPHY - THE PROCESS..................................... 63
7.1. Planning Phase...................................................................................... 67
7.1.1. Security Policies............................................................................... 67
7.1.2. Risk Assessment.............................................................................. 71
7.1.3. Security Objectives........................................................................... 73
7.2. Definition Phase..................................................................................... 74
7.2.1. Security Requirements/Specifications.............................................. 75
7.2.2. Cryptographic Method Example....................................................... 83
7.2.3. Selecting Cryptographic Countermeasures...................................... 84
7.3. Acquisition Phase................................................................................... 94
7.3.1. Implementation Approach ................................................................ 95
7.4. Operations Phase .................................................................................. 97
7.4.1. Training and Documentation ............................................................ 97
7.4.2. Life Cycle Management of Cryptographic Components ................... 97
8. PUTTING IT ALL TOGETHER - EXAMPLES............................................... 99
8.1. Key Recovery Demonstration Project (KRDP) ....................................... 99
8.1.1. Department of Energy: EZ_ERA32 and the KRDP.......................... 99
8.1.2. U.S. Electronic Grants.................................................................... 103
8.2. Army Corps of Engineers ..................................................................... 106
8.2.1. ESS Architecture............................................................................ 107
8.2.2. Key Management ........................................................................... 108
8.2.3. Signature Generation and Verification............................................ 109
8.3. Treasury Electronic Certification System.............................................. 109
8.3.1. Program History ............................................................................. 109
8.3.2. ECS Process.................................................................................. 110
8.3.3. Future Plans: Windows-Based ECS (WECS)................................. 111
9. WHAT’S NEXT?......................................................................................... 112
9.1. Advanced Encryption Standard (AES) ................................................. 112
9.1.1. Minimum Acceptability Requirements ............................................ 112
9.1.2. Evaluation Criteria.......................................................................... 112
v
9.1.3. AES Finalists.................................................................................. 113
9.2. Key Agreement or Exchange ............................................................... 113
9.3. Key Recovery....................................................................................... 113
9.4. Technical Advisory Committee............................................................. 114
9.5. FIPS 140-2........................................................................................... 114
APPENDIX A: ACRONYMS............................................................................. 115
APPENDIX B: TERMS AND DEFINITIONS..................................................... 119
APPENDIX C: REFERENCE LIST................................................................... 129
剩余137页未读,继续阅读
资源评论
openingliu
- 粉丝: 0
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功