NIST SP800-135 Rev1: 安全应用特定密钥衍生函数要求

NIST
SP800
需积分: 9 2 下载量 88 浏览量 更新于2024-07-16 收藏 374KB PDF 举报
NIST SP800-135 rev1是美国国家标准与技术研究院(National Institute of Standards and Technology, NIST)发布的第800系列特别出版物中的一个推荐标准,专注于已有的应用特定密钥衍生函数(Existing Application-Specific Key Derivation Functions)的安全要求。该文档主要关注于多个关键互联网安全协议的加密需求,包括: 1. **美国金融服务业标准**: - ANS X9.42-2001(公钥密码学,使用离散对数加密算法生成对称密钥)和ANS X9.63-2001(基于椭圆曲线的公钥密码学,用于密钥协商和传输)。 2. **互联网密钥交换**: - IKE(版本1和2),用于安全网络连接的密钥管理。 3. **网络安全协议**: - Secure Shell (SSH):版本1、1.1和1.2的加密协议,用于远程登录和数据传输。 - Transport Layer Security (TLS):不同版本(1.0、1.1、1.2),提供端到端的数据加密。 - Secure Real-time Transport Protocol (SRTP),实时通信的加密协议。 4. **网络管理系统**: - SNMPv3的用户模型(USM),安全管理协议的一部分。 5. **可信平台模块**: - TPM(Parts 1, 2, 和 3),用于系统安全和固件完整性保护。 NIST SP800-135定义了这些KDFs(密钥衍生函数)的安全要求,强调了加密密钥的重要性,特别是在互联网安全应用和协议中。它涵盖了核心概念,如Diffie-Hellman密钥交换、哈希函数、随机性提取、密钥扩展、伪随机函数(PRF)、HMAC(Hash-based Message Authentication Code)等。这些KDFs必须满足严格的安全标准,以确保在协议执行过程中生成的密钥强度足够,抵御各种攻击,如密码破解和协议漏洞利用。因此,了解和遵循NIST SP800-135的要求对于保障网络通信的安全至关重要。

NIST SP800-88_rev1.pdf

437 浏览量
Based on the results of categorization, the system owner should refer to NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems, which specifies that, ...

NIST SP800-18 Rev1.pdf

204 浏览量
Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), requires each federal agency to develop, document, and implement an agency-wide information ...

NIST SP800-160v1.pdf

584 浏览量
FIPS 201 originally required that all PIV credentials and associated keys be stored in a PIV Card. While the use of the PIV Card for electronic authentication works well with traditional desktop and ...

NIST SP800-61 rev1.pdf

262 浏览量
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more ...

NIST SP800-51rev1.pdf

2020-02-18 上传
1.2 Purpose and Scope The purpose of this document is to provide recommendations for using vulnerability naming schemes. The document covers two schemes: CVE and CCE. The document gives an ...

NIST SP800-22rev1a.pdf

307 浏览量
This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic applications, such as the ...

NIST SP800-66 Rev1.pdf

170 浏览量
The National Institute of Standards and Technology ...mentioned several NIST publications in the preamble to the HIPAA Security Rule, CMS does not require their use in complying with the Security Rule.1

NIST SP800-107 rev1.pdf

140 浏览量
Federal Information Processing Standard (FIPS) 180-3, the Secure Hash Standard (SHS) [FIPS 180-3], specifies five approved hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. Secure hash ...

NIST SP800-67 Rev1.pdf

130 浏览量
This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-...

NIST SP800-60 Vol1 Rev1.pdf

133 浏览量
Title III of the E-Government Act (Public Law 107-347), titled the Federal Information Security Management Act (FISMA), tasked the National Institute of Standards and Technology (NIST) to develop: ...
艾米的爸爸
  • 粉丝: 800
  • 资源: 314
上传资源 快速赚钱

最新资源