BS ISO IEC 15149-4-2016 Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Security Protocol for Authent.pdf

1、BSI Standards Publication BS ISO/IEC 15149-4:2016 Information technology T e l e c o m m u n i c a t i o n s a n d information exchange between systems Magnetic field area network (MFAN) Part 4: Security Protocol for AuthenticationBS ISO/IEC 15149-4:2016 BRITISH STANDARD National foreword This Briti

2、sh Standard is the UK implementation of ISO/IEC 15149-4:2016. The UK participation in its preparation was entrusted to Technical Committee IST/6, Data communications. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport

3、to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 86907 5 ICS 35.110 Compliance with a British Standard cannot confer immunity from legal obligations

4、. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 January 2016. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 15149-4:2016 Information technology Telecommunications and information exchange between s

5、ystems Magnetic field area network (MFAN) Part 4: Security Protocol for Authentication Technologies de linformation Tlinformatique Rseau de zone de champ magntique (MFAN) INTERNATIONAL STANDARD ISO/IEC 15149-4 Reference number ISO/IEC 15149-4:2016(E) First edition 2016-01-15 ISO/IEC 2016 BS ISO/IEC

6、15149-4:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including ph

7、otocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41

8、 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 15149-4:2016(E)BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 1 4 Symbols and abbreviated terms . 2 4.1 Symbols . 2 4.2 Abbreviated terms .

9、 2 5 Overview . 2 6 Network elements . 3 6.1 General . 3 6.2 Time element 3 6.3 Physical element 3 6.4 Address element 3 7 Network functions. 3 7.1 General . 3 7.2 Request period 4 7.3 Response period 4 7.4 Confirmation period . 4 7.5 Key generation 4 8 Network status 5 8.1 General . 5 8.2 Network a

10、uthentication 5 9 MAC layer frame format 5 9.1 General . 5 9.2 Frame format 5 9.3 Frame type 5 9.4 Payload format 5 9.4.1 Request frame 5 9.4.2 Response frame . 6 9.4.3 Response confirmation frame 7 10 MAC layer function 9 10.1 General . 9 10.2 Authentication . 9 Annex A (informative) Security consi

11、derations .10 Bibliography .11 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standard

12、ization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mu

13、tual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document

14、and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2

15、 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development

16、 of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO speci

17、fic terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information

18、 technology, Subcommittee SC 6, Telecommunications and information exchange between systems. This first edition of ISO/IEC 15149-4, together with ISO/IEC 15149-1, ISO/IEC 15149-2, and ISO/IEC 15149-3, cancels and replaces ISO/IEC 15149:2011, which has been technically revised. ISO/IEC 15149 consists

19、 of the following parts, under the general title Information technology Telecommunications and information exchange between systems: Part 1: Air Interface Part 2: In-Band Control Protocol for Wireless Power Transfer Part 3: Relay Protocol for Extended Range Part 4: Security Protocol for Authenticati

20、oniv ISO/IEC 2016 All rights reservedBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E) Introduction This part of ISO/IEC 15149 provides protocols for magnetic field area networks (MFAN). MFAN can support the service based on wireless communication and wireless power transfer in harsh environments. MFAN

21、 is composed of four protocols; air interface, in-band control protocol, relay protocol and security protocol for authentication. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance

22、 with this document may involve the use of patents concerning MFSec technology given in this part of ISO/IEC 15149. ISO and IEC take no position concerning the evidence, validity and scope of these patent rights. The holders of these patent rights have assured the ISO and IEC that they are willing t

23、o negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statements of the holders of these patent rights are registered with ISO and IEC. Information on the declared patents may be obtained from: Patent Holder: Chin

24、a IWNCOMM Co., Ltd. Address: A201, QinFengGe, Xian Software Park, No. 68, Keji 2nd Road, Xian Hi-Tech Industrial Development Zone, Xian Shaanxi, P. R. China 710075 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights other than those id

25、entified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO (www.iso.org/patents) and IEC (http:/ /patents.iec.ch) maintain on-line databases of patents relevant to their standards. Users are encouraged to consult the databases for the most up to date

26、 information concerning patents. ISO/IEC 2016 All rights reserved vBS ISO/IEC 15149-4:2016BS ISO/IEC 15149-4:2016Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part 4: Security Protocol for Authentication 1 Scope This part of ISO

27、/IEC 15149 specifies security protocol for authentication in magnetic field networks. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For

28、undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 15149-1:2014, Information technology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part 1: Air Interface ISO/IEC 15149-3:2016, Information te

29、chnology Telecommunications and information exchange between systems Magnetic field area network (MFAN) Part 3: Relay Protocol for Extended Range 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 Magnetic Field Area Network MFAN wireless networ

30、k that provides reliable communication in harsh environments using magnetic field 3.2 Magnetic Field Area Network Coordinator MFAN-C device that manages the connection and release of nodes within the communication area and the sending and receiving time of data in an MFAN 3.3 Magnetic Field Area Net

31、work Node MFAN-N A device except the coordinator that forms a network in an MFAN INTERNATIONAL ST ANDARD ISO/IEC 15149-4:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E) 4 Symbols and abbreviated terms 4.1 Symbols exclusive or | concatenation O n fixed value +

32、 binary addition 4.2 Abbreviated terms AuRc Authentication Response Confirmation AuRq Authentication Request AuRs Authentication Reponse MFSec MFAN Security PSK Pre-Shared Key RN Random Number RNc Random Number generated by Coordinator RNn Random Number generated by Node SORNc Secret Output with Ran

33、dom Number computed by Coordinator SORNn Secret Output with Random Number computed by Node SRNc Secret Random Number generated by Coordinator SRNn Secret Random Number generated by Node SS Shared Secret UID Unique Identifier UID C Unique Identifier of Coordinator UID N Unique Identifier of Node 5 Ov

34、erview MFAN, like some other networks, e.g. Wireless Sensor Networks, suffered from many specific network security threats. To countermeasure those threats, some security procedures should be deployed in such networks. The security threats of networks, which are specified in the ITU-T X.800 and ITU-

35、T X.805, are applicable to MFAN, as follows: Destruction of information and/or other resources Corruption or modification of information Disclosure of information2 ISO/IEC 2016 All rights reservedBS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E) In addition, the specific threats to nodes such as sensor

36、 mode compromise, eavesdropping, privacy of sensed data, denial of service attack, and malicious use of commodity network are also applicable to MFAN. The following security requirements specified in ITU-T X.805 could be applicable to MFAN: Data Confidentiality Data Authentication/identification Dat

37、a Integrity This part of ISO/IEC 15149 specifies an MFAN security (MFSec) protocol that uses the exclusive or operation for mutual authentication between MFAN-C and MFAN-N. See Annex A for security considerations of MFSec. NOTE The exclusive or is extremely common as a component in complex ciphers.

38、By itself, using a constant repeating key, a simple exclusive or crypto can trivially be broken using frequency analysis. If the content of any message can be guessed or otherwise known then the key can be revealed (the exclusive or crypto is vulnerable to a known-plaintext attack, since plaintextci

39、phertext=key). Its primary advantage is that it is simple to implement, and that the exclusive or operation is computationally inexpensive. A simple repeating exclusive or crypto is therefore sometimes used for hiding information in cases where either no particular or light security is required. 6 N

40、etwork elements 6.1 General The security network elements of MFAN consist of time and physical elements. 6.2 Time element Specified in ISO/IEC 15149-3:2016, 6.2. 6.3 Physical element Specified in ISO/IEC 15149-3:2016, 6.3. 6.4 Address element Specified in ISO/IEC 15149-3:2016, 6.4. 7 Network functio

41、ns 7.1 General The superframe of MFSec protocol consists of request, response and confirmation period. The authentication protocol requires that MFAN-C and MFAN-N shall have a PSK with 8-octet before they start the authentication procedure. How to generate and set a high quality PSK is out of the sc

42、ope of this standard. The key update function is not supported in this international standard. Figure 1 shows the MFSec protocol message exchange. ISO/IEC 2016 All rights reserved 3BS ISO/IEC 15149-4:2016ISO/IEC 15149-4:2016(E) MFAN-C MFAN-N Authentication Request (SRNc) Authentication Response (SOR

43、Nc|SRNn) Figure 1 MFSec protocol 7.2 Request period During the request period, MFAN-C shall generate an 8-octet random number RNc, and compute SRNc = (RNc + UID C+ O n ) PSK, where O nis defined by a manufacturer. MFAN-C then sends AuRq packet to MFAN-Ns. O nshall be 8-octet in length. NOTE The reco

44、mmendation of the value of O nis 5555 5555 5555 5555 h. 7.3 Response period During the response period, MFAN-N shall compute RNc = (SRNc PSK) - UID C- O n , and SORNc = (PSK + UID C+ O n ) RNc, where, PSK and RNc means bit-wise rotate PSK and RNc left for n bits, respectively (n is the number of bin

45、ary value 1 of RNc). Then MFAN-N shall generate an 8-octet random number RNn and compute SRNn = (RNn + UID N+ O n ) PSK. MFAN-N sends AuRs packet to the MFAN-C. When the MFAN-C receives AuRs packet from the MFAN-N, it shall compute the value of (SORNc RNc) and (PSK + UID C+ O n ), then compare the v

46、alue of (PSK + UID C+ O n ) with (SORNc RNc). If these two values are equivalent, then the authentication is successful, otherwise the authentication is failed. 7.4 Confirmation period When the authentication procedure of MFAN-C is successful, MFAN-C shall compute RNn = (SRNn PSK) - UID N- O n , and

47、 SORNn = (PSK + UID N+ O n ) RNn, where, RNn means bit-wise rotate RNn left for n bits (n is the number of binary value 1 of RNn). MFAN-C sends AuRc packet to MFAN-N. Finally, when MFAN-N receives AuRc packet from the MFAN-C, it shall compute the value of (SORNn RNn) and (PSK + UID N+ O n ), then co

48、mpare the value of (PSK + UID N+ O n ) with (SORNn RNn). If these two values are equivalent, then the authentication is successful, otherwise the authentication is failed. 7.5 Key generation For the MFAN-N and MFAN-C that support secure communication or high layer secure application, a shared secret

49、 (SS) may be used and shall be established between the two nodes after the successful authentication procedure: SS= (UID N+ UID C )RNcRNnPSK. SS service is optional. SS is used to derive additional keys used by MFAN and possibly other applications. The lifetime of SS should be expired after disconnection. A new SS should be established or updated by a new MFSec authentication procedure. The key derivation func