ISO/IEC 17825-2016《密码模块的非入侵式攻击缓解技术的测试方法》标准解读

摘要：

从密码模块上保障数据隐私和安全是一种行之有效的手段，因此近年来对密码模块的安全性评估倍受关注。非入侵式攻击缓解技术是密码模块安全指标之一，本文结合GM/T 0083-2020国密标准对IEC 17825-2016进行了学习与解读。主要针对非入侵式攻击方法与安全功能的关联性、基本测试项目和流程、通过/失败测试指标、缓解技术等方面进行了解读。希望能为相关人员对标准及测试方法的理解和密码模块安全设计、应用、评估提供些许参考。

Abstract:

It is an effective means to protect data privacy and security from cryptographic modules, so the security evaluation of cryptographic modules has attracted much attention in recent years. Non-invasive attack mitigation technology is one of the security indicators of cryptographic modules. This paper studies and interprets ISO/IEC 17825-2016 based on GM/T 0083-2020, and mainly explores the correlation between non-invasive attack methods and security functions, basic test items and processes, pass/fail test indicators, mitigation techniques, etc. It is expected to provide some reference for relevant personnel to understand the standard and its test methods, as well as the security design, application and evaluation of the cryptographic module.

基金项目：本文受中国质量认证中心科技课题“商用密码产品安全测评关键技术研究”（课题编号：2022CQC18-GZ）资助。

作者简介：鹿福祥，工程师，硕士学位，研究方向为密码芯片的侧信道泄露评估与防护、数据中心检测和认证。陈传禄，高级工程师。胡进伟，高级工程师。陈鹏，工程师。