ISO/IEC 17825:2024
(Main)Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules
Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules
This document specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790:2012 for security levels 3 and 4. The test metrics are associated with the security functions addressed in ISO/IEC 19790:2012. Testing is conducted at the defined boundary of the cryptographic module and the inputs/outputs available at its defined boundary. This document is intended to be used in conjunction with ISO/IEC 24759:2017 to demonstrate conformance to ISO/IEC 19790:2012. NOTE ISO/IEC 24759:2017 specifies the test methods used by testing laboratories to assess whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012 and the test metrics specified in this document for each of the associated security functions addressed in ISO/IEC 19790:2012. The test approach employed in this document is an efficient “push-button” approach, i.e. the tests are technically sound, repeatable and have moderate costs.
Technologie de l'information — Techniques de sécurité — Méthodes de test pour la protection contre les attaques non intrusives des modules cryptographiques
General Information
Relations
Buy Standard
Standards Content (Sample)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
17825
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Testing methods for
Voting begins on:
2023-09-01 the mitigation of non-invasive attack
classes against cryptographic modules
Voting terminates on:
2023-10-27
Techonologie de l'information — Techniques de sécurité — Methodes
de test pour la protection contre les attaques non intrusives des
modules cryptographiques
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 17825:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 17825:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
17825
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Testing methods for
Voting begins on:
the mitigation of non-invasive attack
classes against cryptographic modules
Voting terminates on:
Techonologie de l'information — Techniques de sécurité — Methodes
de test pour la protection contre les attaques non intrusives des
modules cryptographiques
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/IEC FDIS 17825:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
© ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 17825:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms.3
5 Document organization . 4
6 Non-invasive attack methods .4
7 Non-invasive attack test methods .7
7.1 General . 7
7
...
ISO/IEC JTC 1/SC 27 NXXXX
Style Definition: Heading 1: Indent: Left: 0 pt, First
line: 0 pt, Tab stops: Not at 21.6 pt
ISO/IEC FDIS 17825:2023(E)
Style Definition: Heading 2: Font: Bold, Tab stops: Not
at 18 pt
ISO/IEC JTC1/SC 27/WG 3
Style Definition: Heading 3: Font: Bold
Date: 2023-04-0408-18
Style Definition: Heading 4: Font: Bold
Style Definition: Heading 5: Font: Bold
Secretariat: DIN
Style Definition: Heading 6: Font: Bold
Information technology — Security techniques — Testing methods for the mitigation of non-
Style Definition: ANNEX
invasive attack classes against cryptographic modules
Style Definition: AMEND Terms Heading: Font: Bold
Style Definition: AMEND Heading 1 Unnumbered:
Techonologie de l'information — Techniques de sécurité — Methodes de test pour la protection contre
Font: Bold
les attaques non intrusives des modules cryptographiques
Formatted: Font: Bold
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 17825:2023(E)
© ISO/IEC 2022 2023 Formatted
Formatted: Indent: Left: 14.2 pt, Right: 14.2 pt, Space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part
Before: 0 pt, No page break before, Adjust space
of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or
between Latin and Asian text, Adjust space between
mechanical, including photocopying, or posting on the internet or an intranet, without prior written per-
Asian text and numbers
mission. Permission can be requested from either ISO at the address below or ISO’sISO's member body
Formatted: Default Paragraph Font
in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Formatted: Indent: Left: 14.2 pt, First line: 0 pt, Right:
14.2 pt, Adjust space between Latin and Asian text,
Phone: + 41 22 749 01 11
Adjust space between Asian text and numbers
Email: copyright@iso.org
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Indent: Left: 14.2 pt, First line: 0 pt, Right:
14.2 pt, Adjust space between Latin and Asian text,
Published in Switzerland.
Adjust space between Asian text and numbers
ii © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 17825:2023(E)
Contents
Introduction . vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 3
5 Document organization . 4
6 Non-invasive attack methods . 4
7 Non-invasive attack test methods . 7
7.1 General . 7
7.2 Test strategy . 7
7.3 Side-channel analysis workflow . 8
8 Side-channel analysis of symmetric-key cryptosystems . 13
8.1 Introduction . 13
8.2 Timing attacks . 13
8.3 SPA/SEMA . 14
8.4 DPA/DEMA . 14
9 ASCA on asymmetric cryptography .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.