没有合适的资源?快使用搜索试试~ 我知道了~
NIST SP800-130 A framework for design Cryptographic Key Manageme...
需积分: 9 7 下载量 193 浏览量
2015-08-06
16:13:43
上传
评论
收藏 876KB PDF 举报
温馨提示
试读
120页
NIST.SP.800-130-a framework for design Cryptographic Key Management systems 设计密钥管理系统的参考。
资源推荐
资源详情
资源评论
NIST Special Publication 800-130
A Framework for Designing
Cryptographic Key Management
Systems
Elaine Barker
Miles Smid
Dennis Branstad
Santosh Chokhani
C O M P U T E R S E C U R I T Y
http://dx.doi.org/10.6028/NIST.SP.800-130
NIST Special Publication 800-130
A Framework for Designing
Cryptographic Key Management
Systems
Elaine Barker
Computer Security Division
Information Technology Laboratory
Miles Smid
Orion Security Solutions
Silver, Spring, MD
Dennis Branstad
NIST Consultant
Austin, TX
Santosh Chokhani
Cygnacom
McLean, VA
August 2013
U.S. Department of Commerce
Penny Pritzker, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director
http://dx.doi.org/10.6028/NIST.SP.800-130
SP 800-130 August 2013
ii
Authority
This publication has been developed by NIST to further its statutory responsibilities
under the Federal Information Security Management Act (FISMA), Public Law (P.L.)
107-347. NIST is responsible for developing information security standards and
guidelines, including minimum requirements for Federal information systems, but such
standards and guidelines shall not apply to national security systems without the express
approval of appropriate Federal officials exercising policy authority over such systems.
This guideline is consistent with the requirements of the Office of Management and
Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as
analyzed in Circular A-130, Appendix IV: Analysis of Key Sections. Supplemental
information is provided in Circular A-130, Appendix III, Security of Federal Automated
Information Resources.
Nothing in this publication should be taken to contradict the standards and guidelines
made mandatory and binding on Federal agencies by the Secretary of Commerce under
statutory authority. Nor should these guidelines be interpreted as altering or superseding
the existing authorities of the Secretary of Commerce, Director of the OMB, or any other
Federal official. This publication may be used by nongovernmental organizations on a
voluntary basis and is not subject to copyright in the United States. Attribution would,
however, be appreciated by NIST.
National Institute of Standards and Technology Special Publication 800-130
Natl. Inst. Stand. Technol. Spec. Publ. 800-130, 112 pages (August 2013)
CODEN: NSPUE2
Comments on this publication may be submitted to:
National Institute of Standards and Technology
Attn: Computer Security Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930
Email: ckmsdesignframework@nist.gov
Certain commercial entities, equipment, or materials may be identified in this document in order to
describe an experimental procedure or concept adequately. Such identification is not intended to imply
recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or
equipment are necessarily the best available for the purpose.
There may be references in this publication to other publications currently under development by NIST
in accordance with its assigned statutory responsibilities. The information in this publication, including
concepts and methodologies, may be used by Federal agencies even before the completion of such
companion publications. Thus, until each publication is completed, current requirements, guidelines,
and procedures, where they exist, remain operative. For planning and transition purposes, Federal
agencies may wish to closely follow the development of these new publications by NIST.
Organizations are encouraged to review all draft publications during public comment periods and
provide feedback to NIST. All NIST Computer Security Division publications, other than the ones
noted above, are available at http://csrc.nist.gov/publications.
http://dx.doi.org/10.6028/NIST.SP.800-130
SP 800-130 August 2013
iii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing
technical leadership for the Nation’s measurement and standards infrastructure. ITL
develops tests, test methods, reference data, proof of concept implementations, and
technical analyses to advance the development and productive use of information
technology. ITL’s responsibilities include the development of management,
administrative, technical, and physical standards and guidelines for the cost-effective
security and privacy of other than national security-related information in Federal
information systems. The Special Publication 800-series reports on ITL’s research,
guidelines, and outreach efforts in information system security, and its collaborative
activities with industry, government, and academic organizations.
Abstract
This Framework for Designing Cryptographic Key Management Systems (CKMS)
contains topics that should be considered by a CKMS designer when developing a CKMS
design specification. For each topic, there are one or more documentation requirements
that need to be addressed by the design specification. Thus, any CKMS that addresses
each of these requirements would have a design specification that is compliant with this
Framework.
Keywords
access control; confidentiality; cryptographic key management system; cryptographic
keys; framework; integrity; key management policies; key metadata; source
authentication.
Acknowledgements
The National Institute of Standards and Technology (NIST) gratefully acknowledges and
appreciates contributions by all those who participated in the creation, review, and
publication of this Framework. NIST also thanks the many contributions by the public
and private sectors whose thoughtful and constructive comments improved the quality
and usefulness of this publication. Many useful suggestions that were made during the
workshops held on CKMS at NIST in 2009, 2010, and 2012 have been incorporated in
this document.
SP 800-130 August 2013
iv
Contents
1. Introduction .............................................................................................. 1
1.1 Scope of this Framework ........................................................................................ 3
1.2 Audience ................................................................................................................. 3
1.3 Organization ........................................................................................................... 3
2. Framework Basics .................................................................................... 4
2.1 Rationale for Cryptographic Key Management ...................................................... 4
2.2 Keys, Metadata, Trusted Associations, and Bindings ............................................ 6
2.3 CKMS Applications ............................................................................................... 8
2.4 Framework Topics and Requirements .................................................................... 9
2.5 CKMS Design......................................................................................................... 9
2.6 CKMS Profiles ..................................................................................................... 11
2.7 CKMS Framework and Derived Profile ............................................................... 11
2.8 Differences between a Framework and a Profile .................................................. 12
2.9 Example of a Distributed CKMS Supporting a Secure E-Mail Application ........ 12
2.10 CKMS Framework Components and Devices.................................................... 13
3. Goals ....................................................................................................... 14
3.1 Providing Key Management to Networks, Applications, and Users .................... 14
3.2 Maximize the Use of COTS in a CKMS .............................................................. 15
3.3 Conformance to Standards.................................................................................... 16
3.4 Ease-of-use ........................................................................................................... 16
3.4.1 Accommodate User Ability and Preferences ................................................. 17
3.4.2 Design Principles of the User Interface.......................................................... 17
3.5 Performance and Scalability ................................................................................. 17
4. Security Policies ..................................................................................... 18
4.1 Information Management Policy ..........................................................................
19
4.2 Information Security Policy .................................................................................. 19
4.3 CKMS Security Policy ......................................................................................... 20
4.4 Other Related Security Policies ............................................................................ 21
4.5 Interrelationships among Policies ......................................................................... 22
4.6 Personal Accountability ........................................................................................ 22
4.7 Anonymity, Unlinkability, and Unobservability .................................................. 22
4.7.1 Anonymity ...................................................................................................... 22
4.7.2 Unlinkability................................................................................................... 23
4.7.3 Unobservability .............................................................................................. 23
4.8 Laws, Rules, and Regulations ............................................................................... 23
4.9 Security Domains ................................................................................................. 23
4.9.1 Conditions for Data Exchange ....................................................................... 24
4.9.2 Assurance of Protection ................................................................................. 24
4.9.3 Equivalence of Domain Security Policies ...................................................... 26
4.9.4 Third-Party Sharing ........................................................................................ 26
4.9.5 Multi-level Security Domains ........................................................................ 27
剩余119页未读,继续阅读
资源评论
xstsky163
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 自动驾驶-状态估计和定位之Error State EKF.pdf
- STM32F103ZET6+北斗
- 程序流程图的说明及图形示例
- FDN5618P-NL-VB一款SOT23封装P-Channel场效应MOS管
- Go语言基础(变量和基本类型).zip
- 基于CYCLONE2 (EP2C8Q) FPGA 设计PLL锁相环设置时钟Verilog源码Quartus工程文件.zip
- FDN372S-NL-VB一款SOT23封装N-Channel场效应MOS管
- date0425111111111111111111111
- 包含贪心算法的定义及python代码部分实现
- 自动驾驶-状态估计和定位之扩展卡尔曼滤波.pdf
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功