标准摘要
[中文适用范围]: 本文件介绍了白盒密码学(WBC)的安全特性,并提供了测试和评估的最佳实践。WBC 是一种加密算法,专门用于密钥或秘密,但其中所述的密钥无法被提取。WBC 实现可以包含明源代码的加密算法和/或实现该算法的设备。在两种情况下,安全功能都已实施,以防止攻击者发现密钥或秘密。安全特性包括在白盒密码学实现中隐藏的安全参数。测试和评估的最佳实践包括数学和实际分析、静态和动态分析以及非侵入性和侵入性分析。本文件与 ISO/IEC 19790 关联,该标准规定了加密模块的安全要求。在这些模块中,关键安全参数 (CSPs) 和公共安全参数 (PSPs) 是需要保护的资产。WBC 是隐藏 CSP 在实现内部的一种解决方案。 [外文原描述]: This document introduces security properties and provides best practices on the test and evaluation of white box cryptography (WBC). WBC is a cryptographic algorithm specialized for a key or secret, but where the said key cannot be extracted. The WBC implementation can consist of plain source code for the cryptographic algorithm and/or of a device implementing the algorithm. In both cases, security functions are implemented to deter an attacker from uncovering the key or secret. Security properties consist in the secrecy of security parameters concealed within the implementation of the white box cryptography. Best practices for the test and evaluation includes mathematical and practical analyses, static and dynamic analyses, non-invasive and invasive analyses. This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic modules. In those modules, critical security parameters (CSPs) and public security parameters (PSPs) are the assets to protect. WBC is one solution to conceal CSPs inside of the implementation.
英文名称Information security, cybersecurity and privacy protection - Security techniques - Security properties and best practices for test and evaluation of white box cryptography