양수미
정보보호 관련 표준
차례
 IETF 표준
 ISO/IEC JTC1 표준
 SC27
 SC27 이외
 ITU-T 표준
 기타 내용
IETF 표준
 IETF (Internet Engineering Task Force)
의 IESG (Internet Engineering Steering
Group) 내의 Security Area에서 제정한 표
준들로 여러 Working Group에서 연구/제정
된다.
 It is established to support internet
protocol engineering and development
tool at 1986 under the ISOC( internet
society).
 IETF (Internet Engineering Task Force)
의 주요한 목표는 인터넷의 운영상, 기술상의 문제점을 해결하
기 위하여 프로토콜 및 구조에 대한 표준을 제안하고 개발 하는
것
IETF Working Groups(Active)
 APPLICATIONS
 INTERNET
 OPERATIONS and MANAGEMENT
 REAL-TIME APPLICATIONS and INFR
ASTRUCTURE
 ROUTING
 SECURITY
 TRANSPORT
Security area Working Groups
 abfab





Application Bridging for
Federated Access Beyond web
dane
DNS-based Authentication of
Names Entities
emu
EAP(Extensible Authentication
Protocol) Method Update
ipsecme IP Security Maintenance and
Extensions
jose
Javascript Object Signing and
Encryption
keyprov Provisioning of Symmetric Keys
Security area Working Groups
 kitten
Common Authentication
Technology Next Generation
 krb-wg Kerberos
 mile
Managed Incident Lightweight
Exchange
 nea
Network Endpoint Assessment
 oauth Web Authorization Protocol
 pkix
Public-Key Infrastructure (X.509)
 tls
Transport Layer Security
차례
 IETF 표준
 ISO/IEC JTC1 표준
 SC27
 SC27 이외
 ITU-T 표준
 기타 내용
ISO/IEC JTC1 표준

ISO( International Organizaton for Standardization)/
IEC(International Electronical Commission)
JTC(Joint Technical Committee) 1
A
combined organization ( ISO/TC97 :
information processing system fields and
IEC/TC 83 : information equipments)
정보처리시스템에 대한 국제표준화 활동과
정보기기에 대한 국제표준화 활동을
통합하여 구성된 정보기술분야의 국제표준화
활동을 위한 공동기술위원회
 SC20( data cryptographic techniques) was
expended into SC27( security techniques).

ISO/IEC JTC1 표준
 SC27 : IT Security techniques
 IT 보안에 관한 일반적인 방법과 기술에 대한 표준을
주로 연구/제정한다.
 응용에 보안 메커니즘을 삽입하는 것을 제외한 정보기
술 보안을 위한 일반적 방법과 기술에 대한 표준화
 암호화 알고리즘의 표준화, 정보기술 시스템 보안 서비
스를 위한 일반적 요구 명세, 보안 기술 및 메커니즘 개
발, 문서 및 표준을 지원하는 관리 개발을 포함
 SC27이외
차례
 IETF 표준
 ISO/IEC JTC1 표준
 SC27
 SC27 이외
 ITU-T 표준
 기타 내용
ITU-T 표준
 ITU-T
(International Telecommunication Union-Te
lecommunication Standardization Sector)
통신표준을 정했던 국제적인 기관인 CCITT
(Consultative Committee for International Telegraph and Telephone
)가
개칭한 단체. 디지털전송을 위한 표준과 아
날로그 전송을 위한 인터페이스 표준을 정의
ITU-T 표준
 SG 2, 3, 5, 9, 11, 12, 13, 15, 16, 17,
TSAG(Telecommunication Standardization
Advisory Group)
 SG 17 : Security [, languages and
telecommunication software]
 국내에서는 한국정보통신기술협회 (TTA :
Telecommunication Technology Association) :
민간단체 성격의 정보통신표준제정기관이 담당
 TC10 : security committee( IT security
management, crypto technology, system
security group)






WP 1/17
Q1/17
Q2/17
Q3/17
Q4/17
Q5/17
Network and information security
Telecommunications systems security project
Security architecture and framework
Telecommunications information security management
Cybersecurity
Countering spam by technical means





WP 2/17 Application security
Q6/17 Security aspects of ubiquitous telecommunication services
Q7/17 Secure application services
Q8/17 Cloud computing security
Q9/17 Telebiometrics



WP 3/17 Identity management and languages
Q10/17 Identity management architecture and mechanisms
Q11/17 Directory services, Directory systems, and publickey/attribute certificates
Q12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers
(OIDs) and associated registration
Q13/17 Formal languages and telecommunication software
Q14/17 Testing languages, methodologies and framework
Q15/17 Open Systems Interconnection (OSI)




ITU-T SG17 주요 내용
차례
 IETF 표준
 ISO/IEC JTC1 표준
 SC27
 SC27 이외
 ITU-T 표준
 기타 내용
기타 표준화기구
ECMA(European computer manufacturers
association)


establish for data processing standard in Europe at 1961
TC 17( include communication), TC 36(IT security).TC
32( communication, network and interoperability, security)
ETSI(European telecommunication standards
institute)


establish for communication/information/broadcasting
standards in Europe at 1988
Standard process






Inception : start development of standard
Conception : define concept
Drafting : propose standard
Adoption ; adopt standard
Promotion ; implement standard
TC sec is security standard technical committee
-> OGG(Operational Co-ordination Group)
기타
인터넷보안기술포럼
(ISTF : Information Security Technology
Forum)
: 인터넷 보안기술분야의 민간업체들이
중심이 되어 구성된 포럼으로 시장수요를
반영한 사실(de-facto) 표준을 개발


Establish at 2000 for public internet
security standard
Network, PKI, mobile group.
NIST
 NIST (National Institute of Standards and
Technology)
To establish at 1901, named NBS(national bureau
of standards) and then renamed NIST at 1988
under DoC(Department of Commerce).
 10 research laboratories


Building and fire research
Chemical science and technology
Electronics and electrical engineering
Information technology
Manufacturing engineering
Materials science and engineering
Nanoscale science and technology
Neutron research
Physics
Technology services
NIST
 information
technology lab.
: 6 research areas






Advanced Network Technologies
Computer Security
Information Access
Mathematical & Computational Sciences
Software & Systems
Statistical Engineering
NIST
 암호화 기술
 첨단 인증 기술
 공개키 기반 구조
 인터네트워킹 보안
 평가 기준 및 제도
 보안 관리 및 지원
 컴퓨터 보안 자원 정보 센터
ANSI
 ANSI(American national standards institute)

To establish a non-profit organization at
1918.

Have three characteristics :
don’t develop standards,
ANS is used all industries,
ANS is voluntary.
Major fields : all technical fields
( accreditation인정서, patent,etc)
contribute ISO, IEC
ANSI certifies other standard
organizations
of USA

KATS
KATS
43