Security work in SC27

SC27 is the successor of SC20. While, initially, there were doubts about SC27's ability to shake its past, SC27 has initialized promising work and appears to have strong support. SC27 consists of the following three groups:

WG1

on Generic Security Requirements; its scope covers Security Requirements and Services as well as Guidelines.

WG2

on Security Mechanisms.

WG3

on Security Techniques.

WG1's work is of particular importance because the charter of this group includes a key management framework, security information objects, risk analysis, and audit/access control. The key management framework is pursued as a three part standards:

• Overview;
• Key management using symmetric cryptographic techniques;
• Key management using asymmetric techniques.

The last two parts of this standard are developed in WG2 whose program of work includes the following projects :

1. Modes of Operation for n-Bit Block Cipher Algorithms, which is a generalization of ISO 8372, Modes of Operation for 64-Bit Block Cipher Algorithm.
2. Entity Authentication Mechanism using an n-bit Secret Key Algorithm,
3. Cryptographic Mechanisms for Key Management using Secret Key Techniques,
4. Entity Authentication using a Public Key with Two-way and Three-way Handshake,
5. Authentication with a Three-way Handshake using Zero-knowledge Techniques,
6. Digital Signature Scheme with Message Recovery,
7. Hash Functions for Digital Signatures,
8. Zero Knowledge Techniques.

WG3's program of work includes the following:

• Glossary for Computer Security Evaluation Criteria;
• Registry for Functionality Classes;
• Liaison for Common Criteria (see Section 3.1) Editorial Board;
• Evaluation Criteria for Information Technology Security.