Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
| Ç¥ÁعøÈ£ | [ÆóÁö] TTAK.KO-12.0341 | ±¸Ç¥ÁعøÈ£ | |
|---|---|---|---|
| Á¦°³Á¤ÀÏ | 2018-12-19 | ÃÑÆäÀÌÁö | 24 | 
| ÇѱÛÇ¥Áظí | ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£¸ðµâ¿¡ »ç¿ëµÇ´Â ÀâÀ½¿ø ½ÃÇèÆò°¡ Áöħ | ||
| ¿µ¹®Ç¥Áظí | Noise Source Testing Guidelines for Software Cryptographic Modules | ||
| Çѱ۳»¿ë¿ä¾à | ¾ÏÈ£ ¸ðµâÀÇ ¾ÈÀü¼ºÀ» º¸Àå¹Þ±â À§Çؼ´Â ¾ÏÈ£ Ű, º¸¾È ¸Å°³º¯¼ö, ³í½º µîÀÇ »ý¼º¿¡ »ç¿ëµÇ´Â ³¼ö°¡ ¾ÏÈ£ÇÐÀû ³¼ö ¹ß»ý±â·ÎºÎÅÍ ¾ÈÀüÇÏ°Ô »ý¼ºµÇ¾î¾ß ÇÑ´Ù. ¾ÏÈ£ÇÐÀû ³¼ö ¹ß»ý±â´Â Å©°Ô ¿£Æ®·ÎÇÇ ¼öÁý ´Ü°è¿Í ÀÇ»ç ³¼ö »ý¼º ´Ü°è·Î ³ª´ ¼ö ÀÖÀ¸¸ç, ÀÌ¿¡ ´ëÇÑ Æò°¡¹æ¹ýÀ¸·Î´Â ÀÇ»ç ³¼ö »ý¼º¿¡ »ç¿ëµÇ´Â °áÁ¤·ÐÀû ¾Ë°í¸®ÁòÀÇ ±¸Çö Á¤È®¼ºÀ» °ËÁõÇÏ´Â CAVP(Cryptographic Algorithm Validation Program)¿Í ÀâÀ½¿ø¿¡ ´ëÇÑ ¾ÈÀü¼º Æò°¡¹æ¹ýÀÎ Åë°èÀû ³¼ö¼º °ËÁ¤°ú ¿£Æ®·ÎÇÇ Å×½ºÆ®°¡ ÀÖ´Ù. ÀâÀ½¿ø¿¡ ´ëÇÑ Åë°èÀû ³¼ö¼º °ËÁ¤À¸·Î´Â ¹Ì±¹ NISTÀÇ SP 800-22¿Í µ¶ÀÏ BSIÀÇ AIS.31ÀÌ ´ëÇ¥ÀûÀ¸·Î Ȱ¿ëµÇ°í ÀÖÁö¸¸, ÃæºÐÈ÷ Å« µ¥ÀÌÅ͸¦ ¼öÁýÇØ¾ßÇÑ´Ù´Â Á¡°ú ÀâÀ½¿øÀÇ ºÐÆ÷´Â ¿¹ÃøÇÒ ¼ö ¾ø´Ù´Â Á¡À» °í·ÁÇßÀ» ¶§ Åë°èÀû ³¼ö¼º °ËÁ¤¸¸À¸·Î´Â ÀâÀ½¿øÀÇ ¾ÈÀü¼ºÀ» °ËÁõÇϱ⿡ ¾î·Á¿òÀÌ Á¸ÀçÇÑ´Ù. ¶ÇÇÑ, ÀâÀ½¿ø¿¡ ´ëÇÑ ¿£Æ®·ÎÇÇ Å×½ºÆ®·Î´Â ¹Ì±¹ NISTÀÇ SP 800-90B°¡ Ȱ¿ëµÇ°í ÀÖÁö¸¸, NIST SP 800-90B ¿ª½Ã ÃæºÐÈ÷ Å« µ¥ÀÌÅ͸¦ ¼öÁýÇØ¾ßÇϱ⠶§¹®¿¡ °í¼ÓÀ¸·Î »ý¼ºµÇ´Â Çϵå¿þ¾î ÀâÀ½¿øÀÇ Æò°¡¿¡ ÀûÇÕÇϴٴ Ư¡ÀÌ ÀÖ´Ù. ÀÌ¿Í °°Àº ÀÌÀ¯·Î ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ À§ÁÖÀÎ ±¹³» ȯ°æ¿¡ À§ÀÇ µÎ °¡Áö Æò°¡ ¹æ¹ýÀ» Á÷Á¢ Àû¿ëÇϱ⿡´Â ÇѰ谡 Á¸ÀçÇÑ´Ù. ÀÌ¿¡ ÀÌ Ç¥ÁØ¿¡¼´Â ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ À§ÁÖÀÎ ±¹³» ȯ°æÀ» °í·ÁÇÏ¿© ¡°¼ÒÇÁÆ®¿þ¾î ȯ°æ¿¡¼ÀÇ ³¼ö ¹ß»ý±â ÀâÀ½¿ø ¿£Æ®·ÎÇÇ °ËÁõ ¾Ë°í¸®Áò¡±(TTAK.KO-12.0306/R1)À» Àοë Ç¥ÁØÀ¸·Î ÇÏ¿©, Àοë Ç¥ÁØ¿¡ Á¦½ÃµÈ °ËÁõ ¾Ë°í¸®ÁòÀ» Ȱ¿ëÇÑ ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâÀÇ ÀâÀ½¿ø¿¡ ´ëÇÑ ½ÃÇè Æò°¡ ÀýÂ÷¿Í ±× Á¤·®ÀûÀÎ ±âÁØÀ» Á¦½ÃÇÑ´Ù. ÀÌ Ç¥ÁØ¿¡¼´Â ÀâÀ½¿ø ½ÃÇè Æò°¡ ÀýÂ÷, ½ÃÇè Æò°¡ Ç׸ñ ¹× ±âÁذú ¼ÒÇÁÆ®¿þ¾î ¾ÏÈ£ ¸ðµâ¿¡¼ ¼öÁýµÈ ÀâÀ½¿øÀ¸·Î ¾ÏÈ£ÇÐÀû ³¼ö ¹ß»ý±âÀÇ ½Ãµå ۸¦ »ý¼ºÇÏ´Â °¡À̵带 Á¦½ÃÇÑ´Ù. | ||
| ¿µ¹®³»¿ë¿ä¾à | To ensure the security of cryptographic modules, random numbers used to secret key, security parameters, nonce etc. shall be securely generated from the cryptographic random number generator. The cryptographic random number generator is composed of two major step, which are collecting noise sources and generating pseudorandom numbers. The evaluation methods of the cryptographic random number generator are testing soundness of noise sources and CAVP(Cryptographic Algorithm Validation Program) for implementation conformance. NIST SP 800-22 and BSI AIS.31 are usually used to verify the statistical randomness of noise sources. However, there are some problems such that too many noise sources are required for the tests and the distributions of noise sources are unknown. Therefore, the tests have difficulty in verifying the soundness of noise sources. NIST SP 800-90B is used to estimate the entropy of noise sources, but it is appropriate to test noise sources generated at high speed from hardware cryptographic modules due to various sources of noise. Therefore, it is also not suitable to directly apply these tests for noise sources generated from software cryptographic modules. The standard is to propose the testing guidelines and its criterion using the algorithms which are cited in ¡°Entropy Evaluation Algorithms for Noise Sources in Software Environments(TTAK.KO-12.0306/R1)¡± for considering our environments. The standard is to specify the testing guidelines, testing items and guide of generating the seed of the cryptographic random number generator using noise sources in software cryptographic modules. | ||
| ±¹Á¦Ç¥ÁØ | |||
| °ü·ÃÆÄÀÏ | TTAK.KO-12.0341.pdf | ||
 
		
 
			 
			 
			 
			 
			 
		 
		




 
					 
					 
					 
					 
					 
					 
			 
					 
					 
					 
			 
					 
					 
					 
					
 
			 
					 
					





 
		 
		 
		 
		 
		 
	 
		 
		 
		