1 / 38

정보보호 관련 표준

양 수 미. 정보보호 관련 표준. 차례. IETF 표준 ISO/IEC JTC1 표준 SC27 SC27 이외 ITU-T 표준 기타 내용. IETF 표준. IETF (Internet Engineering Task Force) 의 IESG (Internet Engineering Steering Group) 내의 Security Area 에서 제정한 표준들로 여러 Working Group 에서 연구 / 제정된다 .

lore
Download Presentation

정보보호 관련 표준

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 양 수 미 정보보호 관련 표준

  2. 차례 • IETF 표준 • ISO/IEC JTC1 표준 • SC27 • SC27 이외 • ITU-T 표준 • 기타 내용

  3. IETF 표준 • IETF(Internet Engineering Task Force)의 IESG(Internet Engineering Steering Group) 내의 Security Area에서 제정한 표준들로 여러 Working Group에서 연구/제정된다. • It is established to support internet protocol engineering and development tool at 1986 under the ISOC( internet society).

  4. IETF (Internet Engineering Task Force) 의 주요한 목표는 인터넷의 운영상, 기술상의 문제점을 해결하기 위하여 프로토콜 및 구조에 대한 표준을 제안하고 개발 하는 것

  5. IETF Working Groups(Active) • APPLICATIONS • INTERNET • OPERATIONS and MANAGEMENT • REAL-TIME APPLICATIONS and INFRASTRUCTURE • ROUTING • SECURITY • TRANSPORT

  6. Security area Working Groups • abfab Application Bridging for Federated Access Beyond web • dane DNS-based Authentication of Names Entities • emu EAP(Extensible Authentication Protocol) Method Update • ipsecme IP Security Maintenance and Extensions • joseJavascript Object Signing and Encryption • keyprov Provisioning of Symmetric Keys

  7. Security area Working Groups • kitten Common Authentication Technology Next Generation • krb-wg Kerberos • mile Managed Incident Lightweight Exchange • nea Network Endpoint Assessment • oauth Web Authorization Protocol • pkix Public-Key Infrastructure (X.509) • tls Transport Layer Security

  8. 차례 • IETF 표준 • ISO/IEC JTC1 표준 • SC27 • SC27 이외 • ITU-T 표준 • 기타 내용

  9. ISO/IEC JTC1 표준 • ISO( International Organizaton for Standardization)/ IEC(International Electronical Commission)JTC(Joint Technical Committee) 1 • A combined organization ( ISO/TC97 : information processing system fields and IEC/TC 83 : information equipments) • 정보처리시스템에 대한 국제표준화 활동과 정보기기에 대한 국제표준화 활동을 통합하여 구성된 정보기술분야의 국제표준화 활동을 위한 공동기술위원회 • SC20( data cryptographic techniques) was expended intoSC27( security techniques).

  10. ISO/IEC JTC1 표준 • SC27 : IT Security techniques • IT 보안에 관한 일반적인 방법과 기술에 대한 표준을 주로 연구/제정한다. • 응용에 보안 메커니즘을 삽입하는 것을 제외한 정보기술 보안을 위한 일반적 방법과 기술에 대한 표준화 • 암호화 알고리즘의 표준화, 정보기술 시스템 보안 서비스를 위한 일반적 요구 명세, 보안 기술 및 메커니즘 개발, 문서 및 표준을 지원하는 관리 개발을 포함 • SC27이외

  11. 차례 • IETF 표준 • ISO/IEC JTC1 표준 • SC27 • SC27 이외 • ITU-T 표준 • 기타 내용

  12. ITU-T 표준 • ITU-T(International Telecommunication Union-Telecommunication Standardization Sector) 통신표준을 정했던 국제적인 기관인 CCITT(Consultative Committee for International Telegraph and Telephone)가 개칭한 단체. 디지털전송을 위한 표준과 아날로그 전송을 위한 인터페이스 표준을 정의

  13. ITU-T 표준 • SG 2, 3, 5, 9, 11, 12, 13, 15, 16, 17, TSAG(Telecommunication Standardization Advisory Group) • SG 17 : Security [, languages and telecommunication software] • 국내에서는 한국정보통신기술협회 (TTA : Telecommunication Technology Association) : 민간단체 성격의 정보통신표준제정기관이담당 • TC10 : security committee( IT security management, crypto technology, system security group)

  14. WP 1/17 Network and information security • Q1/17 Telecommunications systems security project • Q2/17 Security architecture and framework • Q3/17 Telecommunications information security management • Q4/17 Cybersecurity • Q5/17 Countering spam by technical means • WP 2/17 Application security • Q6/17 Security aspects of ubiquitous telecommunication services • Q7/17 Secure application services • Q8/17 Cloud computing security • Q9/17 Telebiometrics • WP 3/17 Identity management and languages • Q10/17 Identity management architecture and mechanisms • Q11/17 Directory services, Directory systems, and public-key/attribute certificates • Q12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration • Q13/17 Formal languages and telecommunication software • Q14/17 Testing languages, methodologies and framework • Q15/17 Open Systems Interconnection (OSI)

  15. ITU-T SG17 주요 내용

  16. 차례 • IETF 표준 • ISO/IEC JTC1 표준 • SC27 • SC27 이외 • ITU-T 표준 • 기타 내용

  17. 기타 표준화기구 • ECMA(European computer manufacturers association) • establish for data processing standard in Europe at 1961 • TC 17( include communication), TC 36(IT security).TC 32( communication, network and interoperability, security) • ETSI(European telecommunication standards institute) • establish for communication/information/broadcasting standards in Europe at 1988 • Standard process • Inception : start development of standard • Conception : define concept • Drafting : propose standard • Adoption ; adopt standard • Promotion ; implement standard • TC sec is security standard technical committee-> OGG(Operational Co-ordination Group)

  18. 기타 • 인터넷보안기술포럼 (ISTF : Information Security Technology Forum) : 인터넷 보안기술분야의 민간업체들이 중심이 되어 구성된 포럼으로 시장수요를 반영한 사실(de-facto) 표준을 개발 • Establish at 2000 for public internet security standard • Network, PKI, mobile group.

  19. NIST • NIST (National Institute of Standards and Technology) • To establish at 1901, named NBS(national bureau of standards) and then renamed NIST at 1988 under DoC(Department of Commerce). • 10 research laboratories • Building and fire researchChemical science and technologyElectronics and electrical engineeringInformation technologyManufacturing engineeringMaterials science and engineeringNanoscale science and technologyNeutron researchPhysicsTechnology services

  20. NIST • information technology lab. : 6 research areas • Advanced Network Technologies • Computer Security • Information Access • Mathematical & Computational Sciences • Software & Systems • Statistical Engineering

  21. NIST • 암호화 기술 • 첨단 인증 기술 • 공개키 기반 구조 • 인터네트워킹 보안 • 평가 기준 및 제도 • 보안 관리 및 지원 • 컴퓨터 보안 자원 정보 센터

  22. ANSI • ANSI(American national standards institute) • To establish a non-profit organization at 1918. • Have three characteristics : don’t develop standards, ANS is used all industries, ANS is voluntary. • Major fields : all technical fields ( accreditation인정서, patent,etc) contribute ISO, IEC ANSI certifies other standard organizations of USA

  23. KATS

  24. KATS

More Related