【英文标准名称】:Informationtechnology-Securitytechniques-Keymanagement-Part4:Mechanismsbasedonweaksecrets
【原文标准名称】:信息技术.安全技术.密钥管理.第4部分:基于弱机密的机制
【标准号】:ISO/IEC11770-4-2006
【标准状态】:现行
【国别】:国际
【发布日期】:2006-05
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/IECJTC1/SC27
【标准类型】:()
【标准水平】:()
【中文主题词】:通路;算法;校验;代号系统;编码;用密码写的;数据处理;数据保护;数据安全;数据传输;定义;信息交换;信息技术;口令;资料保护;安全工程
【英文主题词】:Access;Algorithms;Authentication;Codesystems;Coding;Cryptographic;Dataprocessing;Dataprotection;Datasecurity;Datatransmission;Definition;Definitions;Informationinterchange;Informationtechnology;Passwords;Protectionofinformation;Safetyengineering
【摘要】:ThispartofISO/IEC11770defineskeyestablishmentmechanismsbasedonweaksecrets,i.e.,secretsthatcanbereadilymemorizedbyahuman,andhencesecretsthatwillbechosenfromarelativelysmallsetofpossibilities.Itspecifiescryptographictechniquesspecificallydesignedtoestablishoneormoresecretkeysbasedonaweaksecretderivedfromamemorizedpassword,whilepreventingoff-linebrute-forceattacksassociatedwiththeweaksecret.Morespecifically,thesemechanismsaredesignedtoachieveoneofthefollowingthreegoals.1)Balancedpassword-authenticatedkeyagreement:Establishoneormoresharedsecretkeysbetweentwoentitiesthatshareacommonweaksecret.Inabalancedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedthesameweaksecret,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.2)Augmentedpassword-authenticatedkeyagreement:EstablishoneormoresharedsecretkeysbetweentwoentitiesAandB,whereAhasaweaksecretand6hasverificationdataderivedfromaone-wayfunctionofA'sweaksecret.Inanaugmentedpassword-authenticatedkeyagreementmechanism,thesharedsecretkeysaretheresultofadataexchangebetweenthetwoentities,thesharedsecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandthecorrespondingverificationdata,andneitherofthetwoentitiescanpredeterminethevaluesofthesharedsecretkeys.NOTE-ThistypeofkeyagreementmechanismisunabletoprotectA'sweaksecretbeingdiscoveredby6,butonlyincreasesthecostforanadversarytogetA'sweaksecretfrom6.Thereforeitisnormallyusedbetweenaclient(A)andaserver(6).3)Password-authenticatedkeyretrieval:Establishoneormoresecretkeysforanentity,A,associatedwithanotherentity,6,whereAhasaweaksecretandBhasastrongsecretassociatedwithA'sweaksecret.Inanauthenticatedkeyretrievalmechanism,thesecretkeys,retrievablebyA(notnecessarilyderivableby6),aretheresultofadataexchangebetweenthetwoentities,andthesecretkeysareestablishedifandonlyifthetwoentitieshaveusedtheweaksecretandtheassociatedstrongsecret.However,althoughB'sstrongsecretisassociatedwithA'sweaksecret,thestrongsecretdoesnot(initself)containsufficientinformationtopermiteithertheweaksecretorthesecretkeysestablishedinthemechanismtobedetermined.NOTE-ThistypeofkeyretrievalmechanismisusedinthoseapplicationswhereAdoesnothavesecurestorageforastrongsecret,andrequiresB'sassistancetoretrievethestrongsecretforher.Itisnormallyusedbetweenaclient(A)andaserver(6).ThispartofISO/IEC11770doesnotcoveraspectsofkeymanagementsuchas—lifecyclemanagementofweaksecrets,strongsecretsandestablishedsecretkeys;—mechanismstostore,archive,delete,destroy,etc.weaksecrets,strongsecrets,andestablishedsecretkeys.NOTE-Thekeysgeneratedorretrievedthroughtheuseofweaksecretscannotbemoresecureagainstexhaustionthanthesumoftheweaksecretsthemselves.Withthisproviso,themechanismsspecifiedinthispartofISO/IEC11770arerecommendedforpracticaluseinlow-securityenvironments.
【中国标准分类号】:L04
【国际标准分类号】:35_040
【页数】:33P;A4
【正文语种】:英语