Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAK.KO-12.0235 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2013-12-18 ÃÑÆäÀÌÁö 34
ÇѱÛÇ¥ÁØ¸í ¿î¿µÃ¼Á¦º° ÀâÀ½¿ø ¼öÁý ¹× ÀÀ¿ë Áöħ
¿µ¹®Ç¥Áظí Guideline for the Collection and Application of Noise Source on Operating Systems
Çѱ۳»¿ë¿ä¾à ³­¼ö´Â ±â¹Ð¼º, ÀÎÁõ, Á¢±Ù ÅëÁ¦, ºÎÀÎ ºÀ¼â µî ¾ÏÈ£ÀÇ ¾ÈÀüÇÑ »ç¿ëÀ» À§Çؼ­ ²À ÇÊ¿äÇÑ ¿ä¼ÒÀÌ´Ù. ³­¼ö¸¦ »ý¼ºÇÏ´Â ³­¼ö¹ß»ý±â´Â ¾ÏÈ£ »ç¿ëÀ» À§ÇØ ³­¼ö¸¦ ÇÊ¿ä½Ã »ý¼ºÇÏ´Â ¾Ë°í¸®ÁòÀ¸·Î ¾ÈÀüÇÏ°Ô ¼³°èµÇ¾î¾ß ¾ÏÈ£µµ ¾ÈÀüÇÏ´Ù. °áÁ¤·ÐÀû ³­¼ö¹ß»ý±â(DRBG, Deterministic Random Bit Generator)ÀÇ ³í¸®´Â ¾ÈÀüÇÑ Ç¥ÁØÀ» »ç¿ëÇÑ´Ù°í °¡Á¤ÇÏ¸é °áÁ¤·ÐÀû ³­¼ö¹ß»ý±âÀÇ ¾ÈÀü¼ºÀº ³­¼ö¹ß»ý±âÀÇ ½Ãµå(seed)·Î »ç¿ëµÇ´Â ÀâÀ½¿øÀÇ ¾ÈÀü¼º¿¡ ÀÖ´Ù. ¾ÏÈ£ ÀÀ¿ë¿¡¼­ ÀâÀ½¿øÀÇ ¾ÈÀü¼ºÀº ¸Å¿ì Áß¿äÇÑ °ÍÀ» ¾Ë ¼ö ÀÖ´Ù.
º» Ç¥ÁØÀº À©µµ ¿î¿µÃ¼Á¦, ¸®´ª½º ¿î¿µÃ¼Á¦, ¾Èµå·ÎÀÌµå ¿î¿µÃ¼Á¦, iOS µî ¿î¿µÃ¼Á¦¿¡ µû¶ó ÀâÀ½¿øÀ» ¼öÁýÇÏ´Â ¹æ¹ýÀ» ±â¼úÇÑ´Ù. ÀϹÝÀûÀ¸·Î ¿î¿µÃ¼Á¦¿¡¼­ ¼öÁýÇÒ ¼ö ÀÖ´Â ÀâÀ½¿øÀº ½Ã½ºÅÛ À̺¥Æ®°¡ ¹ß»ýµÉ ¶§¸¶´Ù º¯°æµÇ´Â ¸¶¿ì½º Á¤º¸, Å°º¸µå Á¤º¸, ÀÎÅÍ·´Æ® ¿äû Á¤º¸, µð½ºÅ© Á¤º¸, ½Ã°£ Á¤º¸ µîÀÌ µÉ ¼ö ÀÖ´Ù. ¿î¿µÃ¼Á¦¿¡¼­ ¼öÁýÇÑ ÀâÀ½¿øÀÇ ¿£Æ®·ÎÇÇ°¡ Á¦ÇÑÀûÀÎ °æ¿ì Çϵå¿þ¾î·Î ±¸ÇöµÈ ÀâÀ½¿ø »ý¼º±â·ÎºÎÅÍ ÀâÀ½¿øÀ» Ãß°¡·Î ¼öÁýÇÑ´Ù. Çϵå¿þ¾î¿¡¼­ ¼öÁýÇÒ ¼ö ÀÖ´Â ÀâÀ½¿øÀº Á¦³Ê ´ÙÀÌ¿ÀµåÀÇ »êź ÀâÀ½, ¹ÝµµÃ¼ ȸ·ÎÀÇ ³»ÀçÀûÀÎ ¿­ ÀâÀ½, ÀÚÀ¯ ¹ßÁøÇÏ´Â ¸µ ¿À½Ç·¹ÀÌÅÍ µîÀ¸·Î Çϵå¿þ¾î ÀâÀ½¿ø ¹ß»ý±â¸¦ ±¸ÇöÇÏ´Â ¹æ¹ýÀÌ µÉ ¼ö ÀÖ°í, ¹°¸®Àû Çö»ó Áï ¹æ»ç¼± ºØ±«, ±¤ÀüÀÚ È¿°ú µîÀ¸·Î ÀâÀ½¿ø ¹ß»ý±â¸¦ ±¸ÇöÇÏ´Â ¹æ¹ýÀÌ µÉ ¼ö ÀÖ´Ù. º» Ç¥ÁØÀº ¼öÁýµÈ ÀâÀ½¿øÀÇ ÀÀ¿ë ¹æ¹ý ¹× ÀÀ¿ë ½Ã ÁÖÀÇ »çÇ× µîÀ» ±â¼úÇÑ´Ù.
¼öÁýµÇ´Â ÀâÀ½¿ø¿¡ ´ëÇÑ ¿£Æ®·ÎÇÇ °ËÁõÀº ±¹Á¦Ç¥ÁØ¿¡¼­ Á¤ÇÏ´Â °ËÁõ ¹æ¹ý¿¡ µû¸£¸ç º» Ç¥ÁØÀÇ Àû¿ë ¹üÀ§¿¡´Â ÇØ´çÇÏÁö ¾Ê´Â´Ù.
¿µ¹®³»¿ë¿ä¾à Random number is necessary in cryptography area which is applied for the confidentiality, the authentication, the repudiation, etc. The random bit generator which generates random number has to be designed safely so that cryptography applications should be secure. If it is assumed that the secure standard is used in the DRBG(Deterministic Random Bit Generator), the security of DRBG depends on the noise source which is used as the seed of random bit generator. It means that the noise source is very important.
This standard describes the method to collect noise source on Operating Systems as like Linux OS, Windows OS, Android OS, iOS, etc. Normally noise source can be collected whenever system events are happened, the noise source may become mouse information, keyboard information, interrupt request information, disk information, time information, etc. If the noise source which is collected on Operating Systems cannot satisfy entropy criteria, additionally we can collect noise source from noise source generator which is implemented by hardware. There are the shot noise of Zener diode, the thermic noise of semiconductor circuit, the noise of ring oscillator as a hardware noise source
This standard describes the method to apply the noise source to cryptography area and application note.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAK.KO-12.0235.pdf TTAK.KO-12.0235.pdf            

ÀÌÀü
ÀÎü È°µ¿ ±â¹Ý ¿¡³ÊÁö ÇϺ£½ºÆÃÀÇ Àü·Â º¯È¯ ¸ðµâ ÀÔÃâ·Â ÀÎÅÍÆäÀ̽º
´ÙÀ½
Â÷·® ³» ÀüÀÚÆÄ ¹æ»ç ÃøÁ¤À» À§ÇÑ Å×½ºÆ® °èȹ ¹× Àåºñ