Security work in SC27
Next: TC68 - Banking
Up: ISO Existing and
Previous: Other SC21 projects
SC27 is the successor of SC20.
While, initially, there were doubts about SC27's ability to shake its past,
SC27 has initialized promising work and appears to have strong support.
SC27 consists of the following three groups:
- on Generic Security
Requirements; its scope covers Security Requirements and Services
as well as Guidelines.
- on Security Mechanisms.
- on Security Techniques.
WG1's work is of particular importance because the charter of this group
includes a key management
framework, security information objects, risk analysis, and
audit/access control. The key management framework is pursued as a three part standards:
- Key management using symmetric cryptographic techniques;
- Key management using asymmetric techniques.
The last two parts of this standard are developed in WG2 whose program of work
includes the following projects :
- Modes of Operation for n-Bit Block Cipher Algorithms,
which is a generalization of ISO 8372, Modes of Operation for 64-Bit Block Cipher Algorithm.
- Entity Authentication Mechanism using an n-bit Secret Key
- Cryptographic Mechanisms for Key Management using Secret Key
- Entity Authentication using a Public Key with Two-way and
- Authentication with a Three-way Handshake using Zero-knowledge
- Digital Signature Scheme with Message Recovery,
- Hash Functions for Digital Signatures,
- Zero Knowledge Techniques.
WG3's program of work includes the following:
- Glossary for Computer Security Evaluation Criteria;
- Registry for Functionality Classes;
- Liaison for Common Criteria (see Section 3.1) Editorial Board;
- Evaluation Criteria for Information Technology Security.
Fri Oct 7 16:17:21 EDT 1994