《ISO IEC 27071-2023.docx》由会员分享,可在线阅读,更多相关《ISO IEC 27071-2023.docx(17页珍藏版)》请在第壹文秘上搜索。
1、INTERNATIONA1.STANDARDISO/IEC27071editionFirSt202307CybersecuritySecurityrecommendationsforestab1.ishingtrustedconnectionsbetweendevicesandservicesCybersecuriteRecommandationsdesecuritepouretab1.issementdeconnexionsdeconfianceentredispositifsetservicesReferencenumberISO/IEC27071:2023(E)ISO/IEC2023CO
2、PYRIGHTPROTECTEDDOCUMENTIS0/1EC2023IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0DmkfifiU81.andonnet8CH-1214Vernier,GenevaPhone:M1.227490111觥ftte:丽丽BQrgPub1.ishedinSwitzer1.andContentsForewordivIntroductionv2 Scope13 Normativereferences1Termsanddefinitions13.1 Termsre1.atingtoc1.oudcomputing13.2 Ter
3、msre1.atingtoc1.oudcomputingro1.esandactivities245 Abbreviatedterms5Frameworkandcomponentsforestab1.ishingatrustedconnection55.1 Overview55.2 Hardwaresecuritymodu1.e95.3 RtHJttdStrust105.5 Authenticationandkeyestab1.ishment105.6 Remoteattestation10Securityrecommendationsforestab1.ishingatrustedconne
4、ction106.1 Hardwaresecuritymodu1.e106.2 Rootoftrust116.3 AtohettyMiOn一.andkey.estab1.ishment116.5 Remoteattestation116.6 DatOInteg1.1.tyandauthenticity.126.7 Trusteduserinterface12Annex A (informative)Threats13Annex B (informative)So1.utionsforcomponentsofatrustedconnection18Annex C (informative)Exa
5、mp1.eofestab1.ishingatrustedconnection一.一._.一,23Bib1.iography24ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(Jtunibcnjot)SdrniIHGspartHipidisye耐unr3optowMi01.HtanrfandaiionS出adwrddBudiughtechnimitteesestab1.ishedbytherespectiveorganizationtode
6、a1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interestOtherinternationa1.ornizations,governmenta1.andnon-governmenta1.rin1.iaisonwithISOandIEC,a1.sotakepartintheTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceftKdeddeatibe
7、dthcindFrent1.S(W山也(Wmr小曲如卿闻IarJ帏序瞅崛jp15gIraJi1dinISO/IECDirectives.Part2(seewww.iso.org/dircctivesorwww.iec.ch/members.experts/refdocs).屣Gd(八)IEC0MYn(S温食闸由KM段粒SSibA哂Atef1.Wferni佃前VhIent菰加iMMi俄艇abih1.yiheanyc1.aimedpatentrightsinrespectthereof.Asofthedateofpub1.icationofthisdocument,ISOandIEChadnotr
8、eceivednoticeof(八)patent(三)whichmayberequiredtoimp1.ementthisdocument.However,寐降艇由曲觎eda祜b1.三WWeM0碗notbehe1.dresponsib1.eforidentifyinganyora1.1.suchpatentrights.AnytradeusedinthisconstitutenameendorsementdocumentisinformationgivenfortheconvenienceofusersanddoesnotForanexp1.anationofthevo1.untarynatu
9、reofstandards,themeaningofISOspecifictermsand邮)X觑怂1.itedOrRan脚娜I删01ass热情h2ton住排触标福dead明ces陕www.iso.org/iso/foreword.htm1.IntheIEC,seevrww.iec.chunderstanding-standards.瓯Cv腑。胁也加卜破舰。到6腑Wg仍SO1.Jtecom/n/hrmotiontechno1.ogy,Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheusersnationa1.standards
10、屋.2R),隔U*P8RMiteesthesebodiescanbefoundatwwwishFgmembeFht111.andIntroductionartificia1.inte1.1.igence(A1.),scenarios.essentia1.toestab1.ishtrustedconnectionsbetweendevicesandservicesessentia1.devicesServiceservicesdistinguishconfidentia1.itjrbyintegritytheauthorizeddeviceenough.thosema1.iciousServic
11、esxrucia1.thisway,shou1.dtoiistinguishre1.iab1.ygenuineSemcegenuineunintendedservicesorIdentitywithoutaofre1.iab1.erootrequirementsestab1.ishingre1.iab1.eVirtua1.izedensuretheuti1.izationattacks,authenticationbetweenaremoteattestationbetweencssen1.ia1.andpreventingimpersonationa1.gorithmsinfromsenso
12、rsshou1.dintegrated1.abe1.theanddevicerdigita1.1.ysigned(ororgeneratedcryptomechanisms)processtrustedcomputingconnectionshaveainfrastructurere1.ationshipwithcertificationauthoritymodu1.es hardwaresecuritymodu1.estoestab1.ishthere1.iab1.erootoftrust; Channekauthenticationandkeyestab1.ishmentbetweende
13、vicesandservicestoestab1.ishasecurity dataidentitytokeepthedataintegrityandauthenticity1.ongterm.mobi1.edevices,PCs1.Onvironnient.Thisdocumen1.infrastructurehe1.ptrustedservices.partcsdocu11entcanissueWiththedeve1.opmentoftheinternetofthings(IoT),mobi1.eservices,c1.oudcomputing,bigdataandingrowingnu
14、mberofitVSecuritychanne1.se.g.securesockets1.ayer(SS1.)ortransport1.ayersecurity(T1.S)protoco1.s)areusedbetweenfortheandtotoprotectandsensorsofofdata,butisnotfromItisofotherdevicesordataforgedbyadversaries.Thus,theSerViCeshou1.dbeab1.etoensurethatthedatacomesfromtheauthorizeddevice.Inaddition,itInfortheitdevicebeab1.etotheidentifythefromandservice,inparticu1.arforc1.oudservices,whichmayhavethousandsofsuchservicesrunning.ofre1.iab1.erootstrustTheOfcanbeforged,socontro1.scritica1.torootsoftrustaredescribedinISO/IEC27070.
