NEW TRENDS IN IT&C SECURITY EVALUATION
NEW TRENDS IN IT&C SECURITY EVALUATION
Author(s): Emil Simion, Cristian Teodor PăunSubject(s): Essay|Book Review |Scientific Life
Published by: Universitatea Nicolae Titulescu
Keywords: cryptographic algorithms; FIPS 140-2; ISO 15408; crypto modules; security evaluation
Summary/Abstract: This paper focuses on the link between information security and cryptography represented by National Institute of Standards and Technology (NIST) cryptographic standards, Federal Information Processing Standard FIPS 140-2 (Security requirements for cryptographic modules) standard and Common Criteria for Information Technologies Security Evaluation (ISO 15408) standard. Information security is the science of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Cryptography deals with design, implementation and evaluating cryptographic algorithms (e.g. NIST AES selection process, SHA-3 completion etc.) in order to be used by products (software and/or hardware) which are intended to protect information or information systems. Before using in information systems those cryptographic products need to be tested and evaluated also. One evaluation standard is FIPS 140-2. After this evaluation is obtained, from an accredited Laboratory, the system itself needs to be evaluated in order to have a image of the assurance level obtained. Usually these evaluation is made using ISO 15408 (Common Criteria for Information Technology Systems) standard.
Journal: LESIJ - Lex ET Scientia International Journal
- Issue Year: XVII/2010
- Issue No: 2
- Page Range: 281-287
- Page Count: 7
- Language: English
