BS ISO IEC 18014-4-2015 Information technology Security techniques Time-stamping services Traceability of time sources《信息技术 安全技术 时间标记业务 时间源的可追踪性》.pdf

1、BSI Standards Publication BS ISO/IEC 18014-4:2015 Information technology Security techniques Time- stamping services Part 4: Traceability of time sourcesBS ISO/IEC 18014-4:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 18014-4:2015. The UK participa

2、tion in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are respons

3、ible for its correct application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 83552 0 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standar

4、ds Policy and Strategy Committee on 30 April 2015. Amendments issued since publication Date Text affectedBS ISO/IEC 18014-4:2015 Information technology Security techniques Time-stamping services Part 4: Traceability of time sources Technologies de linformation Techniques de scurit Services dhorodata

5、ge Partie 4: Traabilit des sources du temps INTERNATIONAL STANDARD ISO/IEC 18014-4 Reference number ISO/IEC 18014-4:2015(E) First edition 2015-04-15 ISO/IEC 2015 BS ISO/IEC 18014-4:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015 All rights reserved. Unless otherwise

6、 specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

7、 or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ISO/IEC 18014-4:2015(E)BS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E)Foreword iv

8、Introduction v 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Symbols and abbreviated terms . 3 5 General 4 6 Time tr ac eability chains and c ertification of tr ac eability . 4 6.1 Time dissemination and traceability chains 4 6.2 Time auditing of TSA clock by TAA 4 7 Technical

9、requirements for T AA. 5 7.1 Policy on requirements for TAA . 5 7.2 Requirements for TAA clock 5 7.2.1 General 5 7.2.2 Configuration of TAA clock 5 7.2.3 Time synchronization with UTC(k) . 6 7.2.4 Accuracy of TAA clock 6 7.2.5 Time offset measurements and retention of data . 6 7.2.6 Records of instr

10、ument manipulation and their retention 6 7.3 Requirements for time audit . 6 7.3.1 General 6 7.3.2 Time audit policy . 6 7.3.3 Authentication of TSA clock . 6 7.3.4 Measurements of time offset . 7 7.3.5 Time offset certificates . 7 7.3.6 Retention of records . 7 7.3.7 Measures against extraordinary

11、time discrepancy of TSA clock 7 7.4 Requirements for time dissemination 7 7.4.1 General 7 7.4.2 Time dissemination policy 8 7.4.3 Authentication of TSA clock . 8 7.4.4 Time dissemination control . 8 7.4.5 Measures against falsification of disseminated time 8 7.5 Other requirement . 8 Annex A (inform

12、ative) R elation betw een time offset c ertificat e and e xisting national standar ds 9 Annex B (informative) Traceability chains and required accuracy .10 Annex C (informative) Examples of TAA-based trusted time source schemes from ITU-R TF.1876 12 Annex D (informative) Required accuracy and freque

13、ncy stability of the reference clock 13 Bibliography .14 ISO/IEC 2015 All rights reserved iii Contents PageBS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized sys

14、tem for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees c

15、ollaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used

16、 to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the

17、ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identif

18、ied during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation o

19、n the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is

20、ISO/IEC JTC 1, Information technology, SC 27, IT Security techniques. ISO/IEC 18014 consists of the following parts, under the general title Information technology Security techniques Time-stamping services: Part 1: Framework Part 2: Mechanisms producing independent tokens Part 3: Mechanisms produci

21、ng linked tokens Part 4: Traceability of time sourcesiv ISO/IEC 2015 All rights reservedBS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E) Introduction ISO/IEC 18014-1, ISO/IEC 18014-2, and ISO/IEC 18014-3 provide a general framework and specify time- stamping methods for time-stamping services offered

22、by the time-stamping authority (TSA). This part of ISO/IEC 18014 describes an overall architecture for providing trusted time to the TSA and specifies technical guidelines to guarantee its correctness through the use of the time assessment authority (TAA). ISO/IEC 2015 All rights reserved vBS ISO/IE

23、C 18014-4:2015BS ISO/IEC 18014-4:2015Information technology Security techniques Time- stamping services Part 4: Traceability of time sources 1 Scope This part of ISO/IEC 18014 defines the functionality of the time assessment authority (TAA), describes an overall architecture for providing the time t

24、o the time-stamping authority (TSA) and to guarantee the correctness of it through the use of the TAA, and gives technical guidelines for the TAA to provide, and to provide assurance in, a trusted time source to the TSA. 2 Normative references The following documents, in whole or in part, are normat

25、ively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 18014 -1, Information technology Securit y techniques T

26、ime-stamping ser vices Part 1: Framework ITU-R TF.1876, Trusted time source for Time Stamp Authority 3 T erms a nd definiti ons For the purposes of this document, the following terms and definitions apply. 3.1 accuracy closeness of the agreement between the result of a measurement and the true value

27、 of the measurand Note 1 to entry: Accuracy is generally characterized by the overall uncertainty of a measured value. SOURCE: ITU-R TF.686-3:2013, Annex 1 3.2 leap second intentional time step of one second used to adjust UTC to ensure approximate agreement with UT1 SOURCE: ISO 8601:2004, 2.2.2 3.3

28、 measurement process of experimentally obtaining one or more quantity values that can be reasonably attributed to a quantity SOURCE: ISO/IEC GUIDE 99:2007, 2.1 INTERNATIONAL ST ANDARD ISO/IEC 18014-4:2015(E) ISO/IEC ISO pub-date year All rights reserved 1BS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E

29、) 3.4 second basic unit of time or time interval that is equal to the duration of 9 192 631 770 periods of the radiation corresponding to the transition between the two hyperfine levels of the ground state of caesium-133 SOURCE: ISO 80000-3:2006, 3.13.a 3.5 time assessment authority TAA entity which

30、 audits the time of the TSA clock and may also disseminate time to the TSA 3.6 time assessment authority clock TAA clock clock system of the TAA, used for time audit and time dissemination Note 1 to entry: In the actual implementations, each TAA has more than one TAA clock for back up purposes. 3.7

31、time audit audit of the time of downstream clocks in time traceability chains in order to check that it is consistent within the required accuracies 3.8 time dissemination distribution of a time signal from one location to another 3.9 t i m e o f f s e t c e r t i f i c a t e certificate issued by a

32、 TAA to certify the measured time offset of a TSA clock with respect to the TAA clock 3.10 time scale system of ordered marks which can be attributed to instants on the time axis, one instant being chosen as the origin SOURCE: ISO 8601:2004, 2.1.4 3.11 time-stamping authority TSA trusted third party

33、 trusted to provide a time-stamping service SOURCE: ISO/IEC 18014-1:2008, 3.17 3.12 time-stamp token TST data structure containing a verifiable cryptographic binding between a data items representation and a time-value Note 1 to entry: A time-stamp token can also include additional data items in the

34、 binding. SOURCE: ISO/IEC 18014-1:2008, 3.15 3.13 time traceability chain chain consisting of a sequence of reference clocks starting with UTC(k), used to relate the time from an end user to a timing centre2 ISO/IEC 2015 All rights reservedBS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E) 3.14 timing c

35、entre organization with the means to disseminate the UTC(k) time to a TSA with the required accuracy Note 1 to entry: The UTC(k) generated by the timing centre can be used in real time and its time difference from UTC is regularly published by the BIPM (the Bureau International des Poids et Measures

36、). 3.15 traceability property of the result of a measurement or the value of a standard whereby it can be related to stated references, usually national or international standards, through an unbroken chain of comparisons all having stated uncertainties SOURCE: ITU-R TF.686-3:2013, ANNEX 1 3.16 TSA

37、clock clock of the TSA, which generates the time information included in the TST Note 1 to entry: In the actual implementations, each TSA has more than one TSA clock for back up purpose. 3.17 UTC time scale maintained by the Bureau International des Poids et Measures (BIPM) and the International Ear

38、th Rotation Service (IERS) that forms the basis of a coordinated dissemination of standard frequencies and time signals Note 1 to entry: UTC is Coordinated Universal Time defined by ITU-R. SOURCE: ISO 19108:2002, 4.1.3 3.18 UTC(k) time scale realized by institute “k” and kept in close agreement with

39、 UTC, with the goal to be within 100 ns, according to Recommendation S5 (1993) of the Consultative Committee for the Definition of the Second SOURCE: ITU-R TF.536-2:2003, 2 4 Symbols and abbreviated terms For the purpose of this document, the following abbreviations apply: GNSS Global Navigation Sat

40、ellite System GPS Global Positioning System NMI National Measurement Institute NTP Network Time Protocol OID Object Identifier TTP Trusted Third Party URL Uniform Resource Locator ISO/IEC 2015 All rights reserved 3BS ISO/IEC 18014-4:2015ISO/IEC 18014-4:2015(E) 5 General In time-stamping services, th

41、e TSA clock used to create time-stamp tokens is required to be synchronized with UTC within the declared accuracy, and shall be managed so as to guarantee the correctness of the time parameter included in the time-stamp token. The TAA certifies the traceability of the time reference of the TSA to th

42、e time scale of UTC(k) provided by a timing centre and may, optionally, distribute time information to the TSA. The function of the TAA may be performed by a timing centre or by a TTP. As for time-stamping services, those specified in ISO/IEC 18014-1 shall be referred to. As for functionalities of t

43、he TAA, those defined in ITU-R TF.1876 shall be referred to. This part of ISO/IEC 18014 describes an overall architecture for providing accurate and traceable time to the TSA and for certifying the traceability of the time of the TSA to UTC(k). It also addresses technical requirements for the TAA: a

44、) to provide certification to the TSA by auditing that the time used in the TSA is within the required accuracy, and b) to distribute time information to the TSA if the TAA operates in time dissemination mode. NOTE This part of ISO/IEC 18014 is based partly on JIS X 5094. 11 6 Ti me tr ac eability c

45、 hains and c ertificatio n of tr ac eability 6.1 Time dissemination and traceability chains Timing centres can disseminate their UTC time scale by broadcast over a radio, telephone or network path as services to end users. These services allow end users to connect to a timing centre and to establish

46、 a time traceability chain. 12The TSA, as an end user, uses time signals from the clock located upstream in the chain as a reference signal. The chain thus enables traceability of a time signal to UTC(k). The TSA clock and the TAA clock are located downstream from the timing centre on such time trac

47、eability chains, and the TAA clock is located upstream from the TSA clock when the TAA operates in time dissemination mode, as described in 6.2. Traceability chains can also be established through time signals not controlled by a timing centre, provided that an NMI monitors and compares these signal

48、s to its UTC time scale. 12This type of traceability chain is realized by using a certified GNSS timing receiver. The TSA can use a local oscillator controlled via the timing signal from the receiver as a traceable reference time source for the TSA clock. In this case, the timing centre referred to

49、by the TAA is usually different from the NMI associated with the GNSS, as shown in case d) of Figure C.1. The type of broadcast services used depends on the required accuracy for downstream clocks in the chain. The NTP 2can be used to synchronize clocks over computer networks. 6.2 Time auditing of TSA clock by T AA The role of the TAA is to audit that the TSA clock synchronized with UTC(k) is traceable to UTC(k) within the required accu