DB43/T 1841-2020 区块链加密安全技术测评标准

DB43/T 1841-2020 Blockchain encryption security technology evaluation standards

湖南省地方标准 简体中文 现行 页数:25页 | 格式:PDF

基本信息

标准号
DB43/T 1841-2020
标准类型
湖南省地方标准
标准状态
现行
中国标准分类号(CCS)
国际标准分类号(ICS)
发布日期
2020-09-30
实施日期
2020-12-30
发布单位/组织
湖南省市场监督管理局
归口单位
-
适用范围
-

发布历史

研制信息

起草单位:
起草人:
出版信息:
页数:25页 | 字数:- | 开本: -

内容描述

ICS35.240

L70

DB43

湖南省地方标准

DB43/T1841—2020

信息安全技术

区块链加密安全技术测评要求

Informationsecuritytechnology-Evaluationrequirements

forblockchainencryptionsecuritytechnology

2020-09-30发布2020-12-30实施

湖南省市场监督管理局发布

DB43/T1841—2020

目次

前言························································································································································Ⅲ

1范围····················································································································································1

2规范性引用文件·································································································································1

3术语和定义········································································································································1

4等级测评概述·····································································································································2

4.1等级测评方法·································································································································2

4.2单项测评········································································································································2

5第一级测评要求·································································································································2

5.1密码算法使用安全测评要求······································································································2

5.2加解密设备及配置安全测评要求·······························································································3

5.3密钥管理安全测评要求··············································································································4

5.4账本安全测评要求·····················································································································5

6第二级测评要求·································································································································6

6.1密码算法安全测评要求··············································································································6

6.2加解密设备及配置安全测评要求·······························································································7

6.3密钥管理安全测评要求··············································································································7

6.4账本安全测评要求·····················································································································9

7第三级测评要求·······························································································································10

7.1密码算法安全测评要求············································································································10

7.2加解密设备及配置安全测评要求·····························································································11

7.3密钥管理安全测评要求············································································································11

7.4账本安全测评要求···················································································································13

8第四级测评要求·······························································································································14

8.1密码算法使用安全测评要求····································································································14

8.2加密设备及配置安全测评要求································································································15

8.3密钥管理安全测评要求············································································································15

8.4账本安全测评要求···················································································································17

9测评结论··········································································································································18

9.1风险分析和评价·······················································································································18

9.2等级测评结论···························································································································18

参考文献················································································································································19

I

DB43/T1841—2020

II

DB43/T1841—2020

前言

本文件按照GB/T1.1—2020给出的规则起草。

本文件由中共湖南省委网络安全和信息化委员会办公室提出。

本文件由湖南省区块链和分布式记账技术标准化技术委员会(筹)归口。

本文件起草单位:湖南链信安科技有限公司、湖南天河国云科技有限公司、湖南省东方区块链安全

技术检测中心、湖南省人民政府发展研究中心、湖南天河云链科技有限公司。

本文件主要起草人:杨征、李财、陈昕、谭林、聂璐璐、梁琪、梁亮、汪武、聂朗、尹海波、黄帅、

柳兴、郭慧、殷新文、丁雅琪、沈浪、张祥、宋姝、姜载乐、刘齐平、郑婷婷、胡钦、邹曼瑜等。

III

DB43/T1841—2020

IV

DB43/T1841—2020

信息安全技术区块链加密安全技术测评要求

1范围

本文件规定了区块链加密安全技术测评指标要求。包括第一级、第二级、第三级、第四级区块链加

密安全技术测评要求。

本文件适用于测评机构对区块链加密安全进行的测评工作,也适用于区块链技术开发者参考使用。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文件,仅

该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。

GB/T17964—2008信息安全技术分组密码算法的工作模式

GB/T25069—2010信息安全技术术语

GB/T28448—2019信息安全技术网络安全等级保护测评要求

GM/T0050—2016密码设备管理设备管理技术规范

3术语和定义

GB/T17964—2008、GB/T25069—2010、GB/T28448—2019界定的下列术语和定义适用于本文件。

3.1

测评对象targetoftestingandevaluation

等级测评过程中不同测评方法作用的对象,主要涉及相关配套制度文档、设备设施及人员等。

[GB/T28448—2019]

3.2

等级测评testingandevaluationforclassifiedcybersecurityprotection

测评机构依据国家网络安全等级保护制度规定,按照有关管理规范和技术标准,对未涉及国家秘密

的网络安全等级保护状况进行检测评估的活动。

[GB/T28448—2019]

3.3

加密encipherment/encryption

对数据进行密码变换以产生密文的过程。一般包含一个变换集合,该变换使用一套算法和一套输入

参量。输入参量通常被称为密钥。

[GB/T17964—2008]

3.4

解密decipherment/decryption

加密过程对应的逆过程。

[GB/T17964—2008]

1

DB43/T1841—2020

3.5

密钥key

密钥是一种参数,它是在明文转换为密文或将密文转换为明文的算法中输入的参数。

[GB/T17964—2008]

3.6

密钥管理keymanagement

根据安全策略,实施并运用对称密钥材料进行产生、等级、认证、注销、分发、安装、存储、归档、

撤销、衍生、销毁和恢复的服务。

[GB/T17964—2008]

3.7

公开密钥/公钥publickey

在某一实体的非对称密钥对中,能够公开的密钥。

[GB/T25069—2010]

3.8

数字签名digitalsignature

附加在数据单元上的数据,或是对数据单元所做的密码变换,这种数据或变换允许数据单元的接受

者用以确认数据单元的来源和完整性,并保护数据防止被人(例如接受者)伪造或抵赖。

[GB/T25069—2010]

4等级测评概述

4.1等级测评方法

等级测评实施的基本方法是针对待定的测评对象,采用相关的测评手段,遵从一定的测评规程,获

取需要的证据数据,给出是否达到特定级别安全保护能力的评判。

本标准中针对每一个要求项的测评就构成一个单项测评,针对某个要求项的所有具体测评内容构成

测评实施。根据调研结果,分析等级保护对象的业务流程和数据流,确定测评工作范围。结合等级保护

对象的安全级别进行综合分析,测评对象可以根据类别加以描述,包括密码算法、加密设备、密钥管理

以及账本安全。

本标准账中每个级别测评要求都包括密码算法安全测评要求、加密设备及配置测评要求、密钥管理

安全测评要求以及账本安全测评要求四部分内容。

4.2单项测评

单项测评是针对各安全要求项的测评,支持测评结果的可重复性和可再现性。本标准中单项测评包

括测评指标、测评对象、测评实施和单元判定结果构成。

5第一级测评要求

5.1密码算法使用安全测评要求

5.1.1对称加密算法

该测评单元包括以下要求:

2

DB43/T1841—2020

a)测评指标:使用对称加密算法时应保证数据的安全加密。

b)测评对象:对称加密算法模块。

c)测评实施包括以下内容:

1)是否使用国际AES或国密SM4、SM7等安全级别及以上的对称加密算法。

d)测评判定:如果以上测评实施内容为肯定,则符合本测评单元指标要求,否则不符合本测评单

元指标要求。

5.1.2非对称加密算法

a)测评指标:使用非对称加密算法时应保证数据的安全加密。

b)测评对象:非对称加密算法模块。

c)测评实施包括以下内容:

1)是否使用国际RSA、ECC或国密SM2、SM9等安全级别及以上的非对称加密算法。

d)测评判定:如果以

定制服务

    相似标准推荐

    更多>