Cryptographic and data authentication procedures for storage devices that support length expansion, such as tape drives, are specified.
Such procedures include the following cryptographic modes of operation for the AES block cipher: CCM, GCM, CBC-HMAC, and XTS-HMAC.
In this standards are defined cryptographic transform for protection of data in sector-level storage devices.
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-5:v1:en
The goal of a non-repudiation service is to generate, collect, maintain, make available and verify evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non occurrence of the event or action.
Non-repudiation services establish evidence; evidence establishes accountability regarding a particular event or action. The entity responsible for the action, or associated with the event, with regard to which evidence is generated, is known as the evidence subject.
This part of ISO/IEC 13888 serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. ISO/IEC 13888 provides non-repudiation mechanisms for the following phases of non-repudiation:
— evidence generation;
— evidence transfer, storage and retrieval; and
— evidence verification.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:13888:-1:ed-3:v1:en
This document establishes five modes of operation for applications of an n-bit block cipher (e.g. protection of data during transmission or in storage). The defined modes only provide protection of data confidentiality.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:10116:ed-4:v1:en
ISO/IEC 10118 specifies hash-functions and is therefore applicable to the provision of authentication, integrity and non-repudiation services. Hash-functions can be used for:
— reducing a message to a short imprint for input to a digital signature mechanism.
— committing the user to a given string of bits without revealing this string.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:10118:-1:ed-3:v1:en
This part of ISO/IEC 10118 specifies hash-functions which make use of an n-bit block cipher algorithm.
Four hash-functions are specified. The first provides hash-codes of length less than or equal to n, where n is the block-length of the underlying block cipher algorithm used. The second provides hash-codes of length less than or equal to 2n; the third provides hash-codes of length equal to 2n; and the fourth provides hash-codes of length 3n.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:10118:-2:ed-3:v1:en
This document specifies dedicated hash-functions, i.e. specially designed hash-functions. The hash-functions in this document are based on the iterative use of a round-function. Distinct round-functions are specified, giving rise to distinct dedicated hash-functions.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:10118:-3:ed-4:v1:en
This part of ISO 28004 identifies supply chain risk and threat scenarios, procedures for conducting risks/threat assessments, and evaluation criteria for measuring conformance and effectiveness of the documented security plans in accordance with ISO 28000 and the ISO 28004 series implementation guidelines. An output of this effort will be a level of confidence rating system based on the quality of the security management plans and procedures implemented by the seaport to safeguard the security and ensure continuity of operations of the supply chain cargo being processed by the seaport. The rating system will be used as a means of identifying a measurable level of confidence (on a scale of 1 to 5) that the seaport security operations are in conformance with ISO 28000 for protecting the integrity of the supply chain.
This document defines key establishment mechanisms using symmetric cryptographic techniques.
This document addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC), and Key Translation Centre (KTC).
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:11770:-2:ed-3:v1:en
This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.
a) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement.
b) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport.
c) Make an entity's public key available to other entities via key transport.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:11770:-3:ed-3:v1:en
This document defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret.
Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:11770:-4:ed-2:v1:en
