Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAK.KO-12.0341 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2018-12-19 ÃÑÆäÀÌÁö 24
ÇѱÛÇ¥ÁØ¸í ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£¸ðµâ¿¡ »ç¿ëµÇ´Â ÀâÀ½¿ø ½ÃÇèÆò°¡ Áöħ
¿µ¹®Ç¥Áظí Noise Source Testing Guidelines for Software Cryptographic Modules
Çѱ۳»¿ë¿ä¾à ¾ÏÈ£ ¸ðµâÀÇ ¾ÈÀü¼ºÀ» º¸Àå¹Þ±â À§Çؼ­´Â ¾ÏÈ£ Å°, º¸¾È ¸Å°³º¯¼ö, ³í½º µîÀÇ »ý¼º¿¡ »ç¿ëµÇ´Â ³­¼ö°¡ ¾ÏÈ£ÇÐÀû ³­¼ö ¹ß»ý±â·ÎºÎÅÍ ¾ÈÀüÇÏ°Ô »ý¼ºµÇ¾î¾ß ÇÑ´Ù. ¾ÏÈ£ÇÐÀû ³­¼ö ¹ß»ý±â´Â Å©°Ô ¿£Æ®·ÎÇÇ ¼öÁý ´Ü°è¿Í ÀÇ»ç ³­¼ö »ý¼º ´Ü°è·Î ³ª´­ ¼ö ÀÖÀ¸¸ç, ÀÌ¿¡ ´ëÇÑ Æò°¡¹æ¹ýÀ¸·Î´Â ÀÇ»ç ³­¼ö »ý¼º¿¡ »ç¿ëµÇ´Â °áÁ¤·ÐÀû ¾Ë°í¸®ÁòÀÇ ±¸Çö Á¤È®¼ºÀ» °ËÁõÇÏ´Â CAVP(Cryptographic Algorithm Validation Program)¿Í ÀâÀ½¿ø¿¡ ´ëÇÑ ¾ÈÀü¼º Æò°¡¹æ¹ýÀÎ Åë°èÀû ³­¼ö¼º °ËÁ¤°ú ¿£Æ®·ÎÇÇ Å×½ºÆ®°¡ ÀÖ´Ù.
ÀâÀ½¿ø¿¡ ´ëÇÑ Åë°èÀû ³­¼ö¼º °ËÁ¤À¸·Î´Â ¹Ì±¹ NISTÀÇ SP 800-22¿Í µ¶ÀÏ BSIÀÇ AIS.31ÀÌ ´ëÇ¥ÀûÀ¸·Î È°¿ëµÇ°í ÀÖÁö¸¸, ÃæºÐÈ÷ Å« µ¥ÀÌÅ͸¦ ¼öÁýÇؾßÇÑ´Ù´Â Á¡°ú ÀâÀ½¿øÀÇ ºÐÆ÷´Â ¿¹ÃøÇÒ ¼ö ¾ø´Ù´Â Á¡À» °í·ÁÇßÀ» ¶§ Åë°èÀû ³­¼ö¼º °ËÁ¤¸¸À¸·Î´Â ÀâÀ½¿øÀÇ ¾ÈÀü¼ºÀ» °ËÁõÇϱ⿡ ¾î·Á¿òÀÌ Á¸ÀçÇÑ´Ù. ¶ÇÇÑ, ÀâÀ½¿ø¿¡ ´ëÇÑ ¿£Æ®·ÎÇÇ Å×½ºÆ®·Î´Â ¹Ì±¹ NISTÀÇ SP 800-90B°¡ È°¿ëµÇ°í ÀÖÁö¸¸, NIST SP 800-90B ¿ª½Ã ÃæºÐÈ÷ Å« µ¥ÀÌÅ͸¦ ¼öÁýÇؾßÇϱ⠶§¹®¿¡ °í¼ÓÀ¸·Î »ý¼ºµÇ´Â Çϵå¿þ¾î ÀâÀ½¿øÀÇ Æò°¡¿¡ ÀûÇÕÇϴٴ Ư¡ÀÌ ÀÖ´Ù. ÀÌ¿Í °°Àº ÀÌÀ¯·Î ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ À§ÁÖÀÎ ±¹³» ȯ°æ¿¡ À§ÀÇ µÎ °¡Áö Æò°¡ ¹æ¹ýÀ» Á÷Á¢ Àû¿ëÇϱ⿡´Â ÇÑ°è°¡ Á¸ÀçÇÑ´Ù.
ÀÌ¿¡ ÀÌ Ç¥ÁØ¿¡¼­´Â ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ À§ÁÖÀÎ ±¹³» ȯ°æÀ» °í·ÁÇÏ¿© ¡°¼ÒÇÁÆ®¿þ¾î ȯ°æ¿¡¼­ÀÇ ³­¼ö ¹ß»ý±â ÀâÀ½¿ø ¿£Æ®·ÎÇÇ °ËÁõ ¾Ë°í¸®Áò¡±(TTAK.KO-12.0306/R1)À» Àοë Ç¥ÁØÀ¸·Î ÇÏ¿©, Àοë Ç¥ÁØ¿¡ Á¦½ÃµÈ °ËÁõ ¾Ë°í¸®ÁòÀ» È°¿ëÇÑ ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâÀÇ ÀâÀ½¿ø¿¡ ´ëÇÑ ½ÃÇè Æò°¡ ÀýÂ÷¿Í ±× Á¤·®ÀûÀÎ ±âÁØÀ» Á¦½ÃÇÑ´Ù. ÀÌ Ç¥ÁØ¿¡¼­´Â ÀâÀ½¿ø ½ÃÇè Æò°¡ ÀýÂ÷, ½ÃÇè Æò°¡ Ç׸ñ ¹× ±âÁØ°ú ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ¿¡¼­ ¼öÁýµÈ ÀâÀ½¿øÀ¸·Î ¾ÏÈ£ÇÐÀû ³­¼ö ¹ß»ý±âÀÇ ½Ãµå Å°¸¦ »ý¼ºÇÏ´Â °¡À̵带 Á¦½ÃÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à To ensure the security of cryptographic modules, random numbers used to secret key, security parameters, nonce etc. shall be securely generated from the cryptographic random number generator. The cryptographic random number generator is composed of two major step, which are collecting noise sources and generating pseudorandom numbers. The evaluation methods of the cryptographic random number generator are testing soundness of noise sources and CAVP(Cryptographic Algorithm Validation Program) for implementation conformance.
NIST SP 800-22 and BSI AIS.31 are usually used to verify the statistical randomness of noise sources. However, there are some problems such that too many noise sources are required for the tests and the distributions of noise sources are unknown. Therefore, the tests have difficulty in verifying the soundness of noise sources. NIST SP 800-90B is used to estimate the entropy of noise sources, but it is appropriate to test noise sources generated at high speed from hardware cryptographic modules due to various sources of noise. Therefore, it is also not suitable to directly apply these tests for noise sources generated from software cryptographic modules.
The standard is to propose the testing guidelines and its criterion using the algorithms which are cited in ¡°Entropy Evaluation Algorithms for Noise Sources in Software Environments(TTAK.KO-12.0306/R1)¡± for considering our environments. The standard is to specify the testing guidelines, testing items and guide of generating the seed of the cryptographic random number generator using noise sources in software cryptographic modules.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAK.KO-12.0341.pdf TTAK.KO-12.0341.pdf            

ÀÌÀü
Ŭ¶ó¿ìµå Ä¿³ØƼµå ÀÚµ¿Â÷ º¸¾È ¿ä±¸»çÇ×
´ÙÀ½
È¿°úÀûÀÎ Á¤º¸º¸È£ °Å¹ö³Í½º¸¦ À§ÇÑ ±ÝÀ¶º¸¾È Á¶Á÷ü°è Áöħ