Cisco IPS4345 Bedienungsanleitung PDF herunterladen (Seite 59)

Cisco Intrusion Prevention System Security Target

59

Section

Shall/Shall Not

Statement(s)

Should (Not) Statements

2

TOE

Compliant?

Rationale

Scheme (RSA-KEM-

KWS)

from one another by an

opponent, whether by error

message or timing.”

“A single error message

should be employed and

output the same way for each

error type. There should be

no difference in timing or

other behavior for the

different errors. In addition,

care should be taken to

ensure that even if there are

no errors, an implementation

does not reveal partial

information about the shared

secret

Z.”

“care should be taken to

ensure that an

implementation does not

reveal information about the

encapsulated secret value Z.

For instance, the observable

behavior of the KDF should

not reveal even partial

information about the Z value

employed in the key

derivation process.”

8 Key Agreement

Schemes

In many cases TLS is

deployed only with

server authentication.

None.

Yes

N/A

8.1 Common

Components for Key

Agreement

N/A, no shall

statements

None.

Yes

N/A

8.2 The KAS1 Family

N/A, no shall

statements

None.

Yes

N/A

8.2.1 KAS1 Family

Prerequisites

None.

None.

Yes

N/A

8.2.2 KAS1-basic

None.

None.

Yes

N/A

8.2.3 KAS1 Key

Confirmation

None.

None.

Yes

N/A

8.2.4 KAS1 Security

Properties

N/A, no shall

statements

None.

Yes

N/A

8.3 The KAS2 Family

N/A, no shall

statements

None.

Yes

N/A

8.3.1 KAS2 Family

Prerequisites

None.

None.

Yes

N/A

8.3.2 KAS2-basic

None.

“the observable behavior of

the key-agreement process

should not reveal partial

information about the shared

Yes

N/A

1 2 ... 54 55 56 57 58 59 60 61

Kommentare zu diesen Handbüchern

Keine Kommentare