摘要
基于密码学原理的安全解决方案是网络空间安全研究的重要内容,能够为信息系统提供各种必要安全保障.然而,许多现实事例表明,在信息系统中完善地实施密码技术并非易事.尤其是,在现实系统中,实现密码理论方案的运行假设和前提条件非常困难,例如,选用语义安全的协议、不可预测的随机数和攻击者不能访问的密钥等.近年来,学术界取得了大量相关技术研究成果,包括安全问题和相应的解决方案(本文称为密码应用安全技术研究).另一方面,密码模块检测一直都是密码技术实际应用的重要环节:通过对密码模块的技术要求和检测,确保能够正确有效地实现密码算法功能.本文分析了当前密码应用安全技术研究和密码模块检测的安全要求,揭示了二者在密码理论方案的实现安全方面的联系和差异.然后,本文总结了现有密码应用安全技术研究成果,包括密码理论方案的选用、随机数发生器的设计和实现、密钥安全、密码计算的使用控制、密钥管理和PKI基础设施、以及应用功能密码协议的实现安全等方向.最后,基于现有密码应用安全技术研究成果,本文讨论了软件密码实现的特殊性和具体实施的注意事项.
The security solutions based on cryptography are hot topics in cyberspace security,they provide various security assurances for information systems.However,many real-world incidents indicate that it is difficult to deploy cryptographic technologies for information systems;particularly,in practice implementations,it is very difficult to satisfy the assumptions and preconditions of cryptography-based solutions.For example,the adoption of semantically-secure protocols,unpredictable random numbers and protected-well cryptographic keys.In recent years,there are research progresses on the security applications of cryptography,including the disclosure of security problems and the solutions.On the other hand,the cryptographic module validation is also important in the applications of cryptography:the security requirements and validation of cryptographic modules ensure the correct and effective implementations of cryptographic algorithms.This paper compares the research progresses on the security applications of cryptography and the security requirements of cryptographic modules,presents their relations and differences on the implementations of theoretical cryptography-based solutions.This paper surveys the research progresses on the security applications of cryptography,including the adoption of theoretical cryptography-based solutions,the design and implementation of random number generators,the security of cryptographic keys,the usage control of cryptographic computations,key management and PKI,and the secure implementations of applicationlayer cryptographic protocols.Finally,based on the research progresses on the security applications of cryptography,some special issues about the security of software cryptographic implementations are discussed.
作者
郑昉昱
林璟锵
魏荣
王琼霄
ZHENG Fang-Yu;LIN Jing-Qiang;WEI Rong;WANG Qiong-Xiao(Data Assurance and Commnications Security Research Center,Chinese Academy of Sciences,Bejing 100093,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;School of Cyber Security,University of Science and Technology of China,Hefei 230026,China)
出处
《密码学报》
CSCD
2020年第3期290-310,共21页
Journal of Cryptologic Research
基金
国家重点研发计划网络空间安全重点专项(2017YFB0802100)
国家自然科学基金(61772518,61902392)。
关键词
密码应用
密码模块
密码模块检测
软件密码实现
security applications of cryptography
cryptographic module
cryptographic module validation
software cryptographic implementations
