CSA CAN/CSA-ISO/IEC 11770-4-07 Information technology - Security techniques - Key management - Part 4: Mechanisms based on weak secrets - Incorporates Corrigendum 1: December 2010
Данный раздел/документ содержится в продуктах:
- Техэксперт: Машиностроительный комплекс
- Картотека зарубежных и международных стандартов
- ISO ISO/IEC 24727-4 Identification cards - Integrated circuit card programming interfaces - Part 4: Application programming interface (API) administration - First Edition
- 35
- ISO ISO/IEC 24727-4 Identification cards - Integrated circuit card programming interfaces - Part 4: Application programming interface (API) administration - First Edition
- 35.240
- CENELEC CLC/TR 62685 Industrial communication networks - Profiles - Assessment guideline for safety devices using IEC 61784-3 functional safety communication profiles (FSCPs)
- ISO 7498-2 Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture - First Edition
- BSI BS ISO/IEC 9797-2 Information technology - Security techniques - Message authentication codes (MACs) Part 2: Mechanisms using a dedicated hashfunction
- BSI DD CEN/TS 14821-5 Traffic and Travel Information (TTI) TTI messages via cellular networks Part 5: Internal services
- BSI BS ISO/IEC 9797-2 Information technology - Security techniques - Message authentication codes (MACs) Part 2: Mechanisms using a dedicated hashfunction
- ISO 7498-2 Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture - First Edition
- BSI BS ISO/IEC 9797-2 Information technology - Security techniques - Message authentication codes (MACs) Part 2: Mechanisms using a dedicated hashfunction
- BSI DD CEN/TS 14821-5 Traffic and Travel Information (TTI) TTI messages via cellular networks Part 5: Internal services
- BSI DD CEN/TS 14821-5 Traffic and Travel Information (TTI) TTI messages via cellular networks Part 5: Internal services
- BSI BS ISO/IEC 10118-1 Information Technology - Security Techniques - Hash-Functions - Part 1: General
- BSI BS ISO/IEC 10118-4 + A1 Information Technology - Security Techniques - Hash-Functions - Part 4: Hash-Functions Using Modular Arithmetic - CORR: August 31, 2014; AMD: December 31, 2014
- ISO ISO/IEC 10118-1 Information Technology - Security Techniques - Hash-Functions - Part 1: General - Second Edition
- Картотека зарубежных и международных стандартов
CSA Standards
Information technology - Security techniques - Key management - Part 4: Mechanisms based on weak secrets - Incorporates Corrigendum 1: December 2010
N CAN/CSA-ISO/IEC 11770-4-07
Annotation
This part of ISO/IEC 11770 defines key establishment mechanisms based on weak secrets, i.e., secrets that can be readily memorized by a human, and hence secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing off-line brute-force attacks associated with the weak secret. More specifically, these mechanisms are designed to achieve one of the following three goals.
1) Balanced password-authenticated key agreement: Establish one or more shared secret keys between two entities that share a common weak secret. In a balanced password-authenticated key agreement mechanism, the shared secret keys are the result of a data exchange between the two entities, the shared secret keys are established if and only if the two entities have used the same weak secret, and neither of the two entities can predetermine the values of the shared secret keys.
2) Augmented password-authenticated key agreement: Establish one or more shared secret keys between two entities A and B, where A has a weak secret and B has verification data derived from a one-way function of A's weak secret. In an augmented password-authenticated key agreement mechanism, the shared secret keys are the result of a data exchange between the two entities, the shared secret keys are established if and only if the two entities have used the weak secret and the corresponding verification data, and neither of the two entities can predetermine the values of the shared secret keys.
NOTE – This type of key agreement mechanism is unable to protect A's weak secret being discovered by B, but only increases the cost for an adversary to get A's weak secret from B. Therefore it is normally used between a client (A) and a server (B).
