Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Guide to Table 6:<br />
March, 2007<br />
a. Column 1 (Cryptographic Information Type) identifies the type of cryptographic<br />
information.<br />
b. Column 2 (<strong>Security</strong> Service) indicates the type of security service provided by the<br />
cryptographic information.<br />
c. Column 3 (<strong>Security</strong> Protection) indicates the type of security protection for the<br />
cryptographic information.<br />
d. Column 4 (Association Protection) indicates the relevant types of associations for each<br />
type of cryptographic information.<br />
e. Column 5 (Assurance of Domain Parameter Validity) indicates the cryptographic<br />
information for which assurance shall be obtained as defined in [SP800-56] and<br />
[FIPS186-3] and in Section 5.4 of this recommendation. Assurance of domain parameter<br />
validity gives confidence that domain parameters are arithmetically correct.<br />
f. Column 6 (Period of Protection) indicates the length of time that the integrity and/or<br />
confidentiality of the cryptographic information needs to be maintained. The<br />
cryptographic information shall be destroyed at the end of the period of protection (see<br />
Sections 8.3.4).<br />
Table 6: Protection requirements for other cryptographic or related material<br />
Crypto.<br />
Information<br />
Type<br />
Domain<br />
parameters<br />
Initialization<br />
vectors<br />
<strong>Security</strong><br />
Service<br />
Depends on<br />
key assoc. with<br />
the parameters<br />
Depends on<br />
algorithm<br />
<strong>Security</strong><br />
Protection<br />
Archive;<br />
Integrity<br />
Archive;<br />
Integrity 26<br />
Shared secrets Support Confidentiality,<br />
Integrity<br />
Association<br />
Protection<br />
Usage or application;<br />
Private and public<br />
keys<br />
Assurance<br />
of Domain<br />
Parameter<br />
Validity<br />
Period of Protection<br />
Yes From generation until no<br />
longer needed to generate<br />
keys, or verify signatures<br />
Protected data From generation until no<br />
longer needed to process the<br />
protected data<br />
From generation until end of<br />
transaction.<br />
The shared secret shall be<br />
destroyed at the end of the<br />
period of protection<br />
26 IVs are not generally protected during transmission; however, the decryption system may be designed to detect or<br />
minimize the effect of unauthorized substitutions and modifications to transmitted IVs. In this case the decryption<br />
system forms the data integrity mechanism.<br />
77