Part 1: General - Computer Security Resource Center - National ...

More documents

Recommendations

Info

Table of Contents March, 2007 PART 1: GENERAL....................................................................................................................15 1 INTRODUCTION ...................................................................................................................15 1.1 Goal/Purpose...................................................................................................................15 1.2 Audience .........................................................................................................................16 1.3 Scope...............................................................................................................................16 1.4 Purpose of FIPS and NIST Recommendations...............................................................17 1.5 Content and Organization ...............................................................................................17 2 GLOSSARY OF TERMS AND ACRONYMS .....................................................................19 2.1 Glossary ..........................................................................................................................19 2.2 Acronyms........................................................................................................................29 3 SECURITY SERVICES .........................................................................................................30 3.1 Confidentiality ................................................................................................................30 3.2 Data Integrity ..................................................................................................................30 3.3 Authentication.................................................................................................................30 3.4 Authorization ..................................................................................................................31 3.5 Non-repudiation ..............................................................................................................31 3.6 Support Services .............................................................................................................31 3.7 Combining Services........................................................................................................31 4 CRYPTOGRAPHIC ALGORITHMS ..................................................................................34 4.1 Classes of Cryptographic Algorithms.............................................................................34 4.2 Cryptographic Algorithm Functionality .........................................................................35 4.2.1 Hash Functions....................................................................................................35 4.2.2 Symmetric Key Algorithms used for Encryption and Decryption......................35 4.2.2.1 Advanced Encryption Standard (AES) ................................................36 4.2.2.2 Triple DEA (TDEA) ............................................................................36 4.2.2.3 Modes of Operation .............................................................................36 4.2.3 Message Authentication Codes (MACs) ............................................................36 4.2.3.1 MACs Using Block Cipher Algorithms...............................................36 4.2.3.2 MACs Using Hash Functions ..............................................................37 4.2.4 Digital Signature Algorithms..............................................................................37 7
March, 2007 4.2.4.1 DSA......................................................................................................37 4.2.4.2 RSA......................................................................................................37 4.2.4.3 ECDSA ................................................................................................37 4.2.5 Key Establishment Schemes...............................................................................38 4.2.5.1 Discrete Log Key Agreement Schemes Using Finite Field Arithmetic38 4.2.5.2 Discrete Log Key Agreement Schemes Using Elliptic Curve Arithmetic ............................................................................................39 4.2.5.3 RSA Key Transport..............................................................................39 4.2.5.4 Key Wrapping......................................................................................39 4.2.5.5 Key Confirmation ................................................................................39 4.2.6 Key Establishment Protocols ..............................................................................39 4.2.7 Random Number Generation ..............................................................................40 5 GENERAL KEY MANAGEMENT GUIDANCE................................................................41 5. 1 Key Types and Other Information ..................................................................................41 5.1.1 Cryptographic Keys ............................................................................................41 5.1.2 Other Cryptographic or Related Information......................................................43 5.2 Key Usage.......................................................................................................................44 5.3 Cryptoperiods..................................................................................................................44 5.3.1 Risk Factors Affecting Cryptoperiods ................................................................45 5.3.2 Consequence Factors Affecting Cryptoperiods ..................................................46 5.3.3 Other Factors Affecting Cryptoperiods ..............................................................46 5.3.3.1 Communications versus Storage..........................................................46 5.3.3.2 Cost of Key Revocation and Replacement ..........................................46 5.3.4 Cryptoperiods for Asymmetric Keys..................................................................46 5.3.5 Symmetric Key Usage Periods and Cryptoperiods.............................................47 5.3.6 Cryptoperiod Recommendations for Specific Key Types ..................................49 5.3.7 Recommendations for Other Keying Material....................................................56 5.4 Assurances ......................................................................................................................57 5.4.1 Assurance of Integrity (Also Integrity Protection) .............................................57 5.4.2 Assurance of Domain Parameter Validity ..........................................................57 5.4.3 Assurance of Public Key Validity.......................................................................57 5.4.4 Assurance of Private Key Possession .................................................................57 5.5 Compromise of Keys and other Keying Material...........................................................58 8
Page 1 and 2: ARCHIVED PUBLICATION The attached p
Page 3 and 4: Abstract March, 2007 This Recommend
Page 5 and 6: Authority March, 2007 This document
Page 7: March, 2007 key validation, account
Page 11 and 12: March, 2007 8 KEY MANAGEMENT PHASES
Page 13 and 14: March, 2007 10.2.9 Compromise Manag
Page 15 and 16: March, 2007 Figure 3: Key states an
Page 17 and 18: March, 2007 1.2 Audience The audien
Page 19 and 20: March, 2007 1. Section 1, Introduct
Page 21 and 22: March, 2007 Backup A copy of inform
Page 23 and 24: March, 2007 Digital signature The r
Page 25 and 26: Key Management Policy Key Managemen
Page 27 and 28: Proof of possession (POP) Pseudoran
Page 29 and 30: March, 2007 Split knowledge A proce
Page 31 and 32: March, 2007 3 Security Services Cry
Page 33 and 34: March, 2007 However, it is often th
Page 35 and 36: March, 2007 4 Cryptographic Algorit
Page 37 and 38: March, 2007 operates on blocks (chu
Page 39 and 40: March, 2007 minimum key size 7 of 1
Page 41 and 42: March, 2007 2. The protocols trigge
Page 43 and 44: March, 2007 7. Symmetric key wrappi
Page 45 and 46: March, 2007 9. Random numbers: The
Page 47 and 48: March, 2007 In general, where stron
Page 49 and 50: March, 2007 a. When a symmetric key
Page 51 and 52: March, 2007 information. For less s
Page 53 and 54: 8. Symmetric and Asymmetric RNG key
Page 55 and 56: 15. Private ephemeral key agreement
Page 57 and 58: Key Type 12. Symmetric Key Agreemen
Page 59 and 60:
March, 2007 establishment keys, see
Page 61 and 62:
March, 2007 c. Restricting plaintex
Page 63 and 64:
March, 2007 algorithms completely i
Page 65 and 66:
March, 2007 Table 3: Hash function
Page 67 and 68:
Table 4: Recommended algorithms and
Page 69 and 70:
March, 2007 size is available, the
Page 71 and 72:
Security life of data up to 4 years
Page 73 and 74:
March, 2007 6 Protection Requiremen
Page 75 and 76:
Table 5: Protection requirements fo
Page 77 and 78:
Key Type Security Service Private e
Page 79 and 80:
March, 2007 Crypto. Security Securi
Page 81 and 82:
March, 2007 may be applied only to
Page 83 and 84:
March, 2007 All cryptographic infor
Page 85 and 86:
March, 2007 8. Domain parameters (e
Page 87 and 88:
March, 2007 6. Destroyed Compromise
Page 89 and 90:
March, 2007 a. A private signature
Page 91 and 92:
2 Pre-Operational Phase 3 7 1 4 Ope
Page 93 and 94:
March, 2007 8.1 Pre-operational Pha
Page 95 and 96:
8.1.5.1.1 Distribution of Static Pu
Page 97 and 98:
March, 2007 and then provide eviden
Page 99 and 100:
March, 2007 listed in Section 8.1.5
Page 101 and 102:
March, 2007 encrypting key or publi
Page 103 and 104:
March, 2007 8.1.5.3.5 Intermediate
Page 105 and 106:
March, 2007 of keying material and
Page 107 and 108:
March, 2007 2. The application in w
Page 109 and 110:
March, 2007 and the key derivation
Page 111 and 112:
March, 2007 Type of Key Archive? Re
Page 113 and 114:
March, 2007 All records of the enti
Page 115 and 116:
March, 2007 other cryptographic inf
Page 117 and 118:
March, 2007 access to information e
Page 119 and 120:
March, 2007 1. Private key used to
Page 121 and 122:
March, 2007 10.2 Content of the Key
Page 123 and 124:
March, 2007 Management Specificatio
Page 125 and 126:
March, 2007 is the same value as th
Page 127 and 128:
March, 2007 If the decision is made
Page 129 and 130:
March, 2007 only, and then shall be
Page 131 and 132:
March, 2007 may be stored in backup
Page 133 and 134:
March, 2007 and the method of key r
Page 135 and 136:
March, 2007 ephemeral key pairs, an
Page 137 and 138:
B.3.14.7 Key Control Information Ma
Page 139 and 140:
March, 2007 to be saved. Keys for t
Page 141 and 142:
[HAC] Handbook of Applied Cryptogra
Page 143:
March, 2007 the owner by the CA tha
show all

Part 1: General - Computer Security Resource Center - National ...

Create successful ePaper yourself

Delete template?

Save as template?