出版社:University of Bucharest and Nicolae Titulescu University
摘要:This paper focuses on the link between information security and cryptographyrepresented by National Institute of Standards and Technology (NIST) cryptographic standards,Federal Information Processing Standard FIPS 140-2 (Security requirements for cryptographicmodules) standard and Common Criteria for Information Technologies Security Evaluation (ISO15408) standard. Information security is the science of protecting information and informationsystems from unauthorized access, use, disclosure, disruption, modification or destruction.Cryptography deals with design, implementation and evaluating cryptographic algorithms (e.g.NIST AES selection process, SHA-3 completion etc.) in order to be used by products (softwareand/or hardware) which are intended to protect information or information systems. Before usingin information systems those cryptographic products need to be tested and evaluated also. Oneevaluation standard is FIPS 140-2. After this evaluation is obtained, from an accreditedLaboratory, the system itself needs to be evaluated in order to have a image of the assurance levelobtained. Usually these evaluation is made using ISO 15408 (Common Criteria for InformationTechnology Systems) standard.
关键词:cryptographic algorithms; FIPS 140-2; ISO 15408; crypto modules; security;evaluation.
