BS ISO IEC 11770-5-2012 Information technology Security techniques Key management Group key management《信息技术 安全技术 密钥管理 组密钥管理》.pdf

1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 11770-5:2011 Information technology Security techniques Key management Part 5: Group key managementBS ISO/IEC 11770-5:2011 BRITISH STANDARD National foreword This B

2、ritish Standard is the UK implementation of ISO/IEC 11770-5:2011. The UK participation in its preparation was entrusted to T e c h n i c a l C o m m i t t e e I S T / 3 3 , I T - S e c u r i t y t e c h n i q u e s . A list of organizations represented on this committee can be obtained on request to

3、 its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2012 ISBN 978 0 580 73449 6 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal ob

4、ligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 January 2012. Amendments issued since publication Date T e x t a f f e c t e dBS ISO/IEC 11770-5:2011Reference number ISO/IEC 11770-5:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO

5、/IEC 11770-5 First edition 2011-12-15 Information technology Security techniques Key management Part 5: Group key management Technologies de linformation Techniques de scurit Gestion de cls Partie 5: Gestion de cls de groupe BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) COPYRIGHT PROTECTED DOCUMEN

6、T ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member bod

7、y in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reservedBS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) ISO/IEC 2011 All

8、rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Normative references 1 3 Terms and definitions . 1 4 Symbols and abbreviations 4 5 Requirements . 5 6 Tree based key establishment mechanisms for multiple entities 5 6.1 General model 5 6.2 Joining process . 6 6.3 Leaving proc

9、ess 6 6.4 Rekeying process 6 6.5 Logical key structure 7 6.6 Symmetric key based key establishment mechanisms 8 7 Key chain based group key management . 12 8 Key chain based group key management with unlimited forward key chain . 13 8.1 Calculations by the key distribution centre 13 8.2 Calculations

10、 by the client entity 15 9 Key chain based group key management with limited forward key chain 18 9.1 Calculations by the key distribution centre 18 9.2 Calculations by the client entity 19 Annex A (normative) Object identifiers 20 Annex B (informative) Load balancing mechanism for general tree base

11、d structure . 21 Bibliography 22 BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) iv ISO/IEC 2011 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. Nat

12、ional bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interes

13、t. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with th

14、e rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard require

15、s approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 11770-5 was prepar

16、ed by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 11770 consists of the following parts, under the general title Information technology Security techniques Key management: Part 1: Framework Part 2: Mechanisms using symmetric te

17、chniques Part 3: Mechanisms using asymmetric techniques Part 4: Mechanisms based on weak secrets Part 5: Group key management BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) ISO/IEC 2011 All rights reserved vIntroduction This part of ISO/IEC 11770 does not specify the means to be used to establish i

18、nitial secret keys; that is, all the mechanisms specified in this part of ISO/IEC 11770 require an entity to share the secret key with another entity, the key distribution centre (KDC). For general guidance on the key lifecycle see ISO/IEC 11770-1. This part of ISO/IEC 11770 does not explicitly addr

19、ess the issue of interdomain key management. This part of ISO/IEC 11770 also does not define the implementation of key establishment mechanisms; products complying with this part of ISO/IEC 11770 might be compatible. This part of ISO/IEC 11770 does not specify the information which has no relation w

20、ith key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this part of ISO/IEC 11770. The mechanisms specified in this part of ISO/IEC 11770 have been assigned object identifiers in accordance with ISO/IEC

21、9834. The list of assigned object identifiers is given in the normative Annex A. Any change to the specification of the mechanisms resulting in a change of functional behavior will result in a change of the object identifier assigned to the mechanisms. BS ISO/IEC 11770-5:2011BS ISO/IEC 11770-5:2011

22、INTERNATIONAL STANDARD ISO/IEC 11770-5:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Security techniques Key management Part 5: Group key management 1 Scope This part of ISO/IEC 11770 specifies key establishment mechanisms for multiple entities to provide procedures for handling c

23、ryptographic keying material used in symmetric or asymmetric cryptographic algorithms according to the security policy in force. It defines symmetric key based key establishment mechanisms for multiple entities with a key distribution centre (KDC), and defines symmetric key establishment mechanisms

24、based on a general tree based structure with both individual rekeying and batched rekeying. It also defines key establishment mechanisms based on a key chain with both unlimited forward key chain and limited forward key chain. The two types of key establishment mechanisms can be combined by applicat

25、ions. This part of ISO/IEC 11770 also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. 2 Normative references The following referenced documents are indispensable for the application o

26、f this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 10118-3:2004, Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions ISO/IEC 14

27、888-2:2008, Information technology Security techniques Digital signatures with appendix Part 2: Integer factorization based mechanisms 3 Terms and definitions For the purpose of this document, the following terms and definitions apply. 3.1 active state of an entity in which the entity can obtain the

28、 shared secret key 3.2 ancestor keys of key k set of keys in a logical key hierarchy that are assigned to the ancestor nodes of the node to which k is assigned NOTE One of the keys in a set of ancestor keys is either the shared secret key or a key encryption key. BS ISO/IEC 11770-5:2011 ISO/IEC 1177

29、0-5:2011(E) 2 ISO/IEC 2011 All rights reserved3.3 ancestor nodes of node v set of nodes in a tree that can be reached by repeatedly going to the parent node from v 3.4 backward secrecy with interval T security condition in which an entity joining at time t = t 0cannot obtain any former shared secret

30、 keys at time t t 0+ T 3.10 inactive state of an entity in which the entity cannot obtain the shared secret key 3.11 individual key key shared between the key distribution centre and each entity 3.12 individual rekeying rekeying method in which the shared secret key, and optionally, key encryption k

31、eys are updated when an entity joins or leaves 3.13 key sequence of symbols that controls the operations of a cryptographic transformation 3.14 key chain set of cryptographic keys which are not necessarily independent 3.15 key distribution centre KDC entity trusted to generate or acquire, and distri

32、bute keys to entities BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) ISO/IEC 2011 All rights reserved 33.16 key encryption key cryptographic key that is used for the encryption or decryption of other keys ISO/IEC 19790:2006 3.17 leaf node node in a tree which is not a parent of any other node, i.e.

33、 has no child nodes 3.18 logical key hierarchy tree used for managing the shared secret key and key encryption keys 3.19 logical key structure logical structure to manage keys NOTE This structure has no correlation with the network topology. 3.20 one-way function function with the property that it i

34、s easy to compute the output for a given input but it is computationally infeasible to find for a given output an input which maps to this output ISO/IEC 11770-3:2008 3.21 one-way function with trapdoor function that is known to be easy to compute but hard to invert unless some secret information (t

35、rapdoor) is known 3.22 parent node of node c node on which node c hangs 3.23 perfect backward secrecy security condition in which a joining entity cannot obtain any former shared secret keys 3.24 perfect forward secrecy security condition in which a leaving entity cannot obtain any subsequent shared

36、 secret keys 3.25 random number time variant parameter whose value is unpredictable ISO/IEC 11770-1:2010 3.26 rekeying process of updating and redistributing the shared secret key, and optionally, key encryption keys NOTE This process is executed by the key distribution centre. 3.27 root node node i

37、n a tree which is not a child of any other node BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) 4 ISO/IEC 2011 All rights reserved3.28 shared secret key key which is shared with all the active entities via a key establishment mechanism for multiple entities 3.29 symmetric key based key establishment

38、 mechanism for multiple entities process of establishing a shared secret key between all active entities, using symmetric cryptographic techniques 3.30 tree connected, acyclic graph with an identified special vertex, the root node 4 Symbols and abbreviations AK Ancestor key BWK iBackward key for the

39、 time instance i CK Child key COM(X,Y) Function, which generates from the data items X and Y a key designed to be applied as key of the used encryption algorithm CUT(k,S) Function which outputs a substring of length k of the least significant bits of a string S of bits d Number of children of a pare

40、nt node (see term d-ary tree) e(K,Z) Result of encrypting data Z with a symmetric encryption algorithm using the secret key K f One-way function with trap door f - 1Inverted function of f, which requires the trapdoor of f FWK iForward key for the time instance i g 1One-way function g 2One-way functi

41、on h Number of ancestor nodes of a leaf node excluding the root node IK Individual key IK x Individual key shared between entity x and the key distribution centre KDC Key distribution centre KEK Key encryption key LKH Logical key hierarchy m Number of entities connected to the hub in a star structur

42、e MAC(K,Z) MAC function as defined in ISO/IEC 9797 using key K and data Z r BWKinit Random number to initialize the backwardkey chain BS ISO/IEC 11770-5:2011 ISO/IEC 11770-5:2011(E) ISO/IEC 2011 All rights reserved 5r FWKinit Random number to initialize the forward key chain RSA Digital signature me

43、chanism as defined in ISO/IEC 14888-2 s Private key SHA-1 Dedicated hash function as defined in ISO/IEC 10118-3 SSK Shared secret key Public key X|Y Result of concatenating data items X and Y in that order 5 Requirements The key establishment mechanisms specified in this part of ISO/IEC 11770 realiz

44、e point-to-multipoint key communication by using logical key structures. The point-to-multipoint communication requires a key updating process when a new entity joins or an entity leaves the communication in order to maintain the secrecy of the communication. a) There are two types of security requi

45、rements, perfect backward secrecy and forward secrecy and backward secrecy and forward secrecy with intervals. One of these security requirements shall be chosen depending on the security requirements of the particular application. Key establishment mechanisms for multiple entities require two diffe

46、rent rekeying methods according to the security requirements: individual rekeying and batched rekeying. Individual re-keying provides perfect backward secrecy and forward secrecy, and batched rekeying provides backward secrecy and forward secrecy with interval T. The rekeying method and parameter se

47、tting have a strong influence on the security requirements; thus, they shall be determined according to the security policy of the application. b) The encryption algorithm shall be chosen in accordance with the following: 1) A symmetric encryption algorithm shall be chosen from among those standardi

48、sed in ISO/IEC 18033-3 and ISO/IEC 18033-4. 2) If a block cipher encryption algorithm is used, then the Mode of Operation employed shall be one of those standardised in ISO/IEC 10116, ISO/IEC 18033-3, ISO/IEC 18033-4 and ISO/IEC 19772. An encryption algorithm used for key encryption shall provide in

49、tegrity, and input length shall be more than 128 bits. One of the mechanisms in ISO/IEC 19772 shall be used for integrity protection. c) The shared secret key is established using either a secure or insecure communication channel. At least the individual key shall be exchanged between the key distribution centre and each entity using a secure channel in order to allow secure communication. A secure communication channel is one where an attacker cannot eavesdrop or tamper with messages in t