ImageVerifierCode 换一换
格式:PDF , 页数:18 ,大小:1,022KB ,
资源ID:396936      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396936.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 9797-1994 Information technology - Security techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm《信息技术 保.pdf)为本站会员(bowdiet140)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 9797-1994 Information technology - Security techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm《信息技术 保.pdf

1、BRITISH STANDARD BS ISO/IEC 9797:1994 Implementation of ISO/IEC 9797:1994 Information technology Security techniques Data integrity mechanism using a cryptographic check function employing a block cipher algorithm UDC 681.3.04:003.26BSISO/IEC9797:1994 This British Standard, having been prepared unde

2、r the directionof the Information Systems Technology StandardsPolicy Committee, waspublished under the authorityof the Standards Boardand comes into effect on 15November1994 BSI 04-2000 First published October 1990 Second edition November 1994 The following BSI references relate to the work on this

3、standard: Committee reference IST/33 Draft for comment 93/640639 DC ISBN 0 580 23505 X Committees responsible for this British Standard The preparation of this British Standard was entrusted by the Information Systems Technology Standards Policy Committee (IST/-) to Technical Committee IST/33, upon

4、which the following bodies were represented: Association for Payment Clearing Services CCTA (the Government Centre for Information Systems) Department of Trade and Industry It Standards Unit (Itd6a) GCHQ GCHQ (CESG) IBM United Kingdom Ltd. International Computers Limited Ministry of Defence Rank Xer

5、ox Ltd. Amendments issued since publication Amd. No. Date CommentsBSISO/IEC9797:1994 BSI 04-2000 i Contents Page Committees responsible Inside front cover National foreword ii Foreword iii Text of ISO/IEC 9797 1BSISO/IEC9797:1994 ii BSI 04-2000 National foreword This British Standard reproduces verb

6、atim ISO/IEC9797:1994 and implements it as the UK national standard. This revision supersedes BS ISO/IEC9797:1990, which is now withdrawn. This British Standard is published under the direction of the Information Systems Technology Standards Policy Committee whose Technical Committee IST/33 has the

7、responsibility to: aid enquirers to understand the text; present to the responsible international committee any enquiries on interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK. NOTEInternation

8、al and European Standards, as well as overseas standards, are available from Customer Services, Sales Department, BSI,389 Chiswick High Road, London W4 4AL. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their

9、 correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, pages i and ii, theISO/IEC title page, pages ii to iv, pages 1 to 8 and a backcover. This standard has be

10、en updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside front cover.ISO/IEC9797:1994 (E) ii BSI 04-2000 Contents Page Foreword iii Introduction 1 1 Scope 1 2 Normative references 1 3 Definitions and notation 1 4 Requiremen

11、ts 1 5 MAC calculation 1 Annex A (normative) Optional Processes 4 Annex B (informative) Examples 6 Annex C (informative) Bibliography 8 Figure 1 The MAC calculation 3 Figure A.1 Optional process 1 4 Figure A.2 Optional process 2 5ISO/IEC9797:1994(E) BSI 04-2000 iii Foreword ISO (the International Or

12、ganization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the

13、respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of info

14、rmation technology, ISO and IEC have established a joint technical committee, ISO/IECJTC1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least75% of the national bo

15、dies casting a vote. International Standard ISO/IEC9797 was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology, Sub-Committee SC27, IT Security techniques. This second edition cancels and replaces the first edition (ISO/IEC9797:1989) which has been revised and extended to inc

16、lude an additional padding method, an additional method for the optional process as well as a new annex containing examples. Annex A forms an integral part of this International Standard. Annex B andAnnex C are for information only.iv blankISO/IEC9797:1994(E) BSI 04-2000 1 Introduction The mechanism

17、 specified in this International Standard is similar to that used in ISO8731-1, ISO9807 and in the ANSI X9.9 standard, except that it is defined in terms of an algorithm using n-bit data blocks and an m-bit check value, and that an additional padding method is specified. The calculation of cryptogra

18、phic check values as described in ISO8731-1, ANSI X9.9 and ANSI X9.19 is a specific case of this International Standard when n = 64 and m = 32, when padding method1 specified in5.1 is used, and when DEA (see ANSIX3.92:1981) is used. 1 Scope This International Standard specifies a method of using a k

19、ey and an n-bit block cipher algorithm to calculate an m-bit cryptographic check value. This method can be used as a data integrity mechanism to detect that data has not been altered in an unauthorised manner. The strength of the data integrity mechanism is dependent on the key length and its secrec

20、y, on the nature of the cryptographic algorithm, and on m, the length of the check value. This International Standard can be applied to the security services of any security architecture, process, or application. 2 Normative references The following standards contain provisions which, through refere

21、nce in this text, constitute provisions of this International Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the m

22、ost recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. ISO/IEC 10116:1991, Informatio

23、n technology Modes of operation for an n-bit block cipher algorithm. 3 Definitions and notation 3.1 Definitions This International Standard makes use of the following terms defined in ISO7498-2 and ISO/IEC10116. 3.1.1 cryptographic check value information which is derived by performing a cryptograph

24、ic transformation on the data unit 3.1.2 data integrity the property that data has not been altered or destroyed in an unauthorized manner 3.1.3 n-bit block cipher algorithm a block cipher algorithm with the property that plaintext blocks and ciphertext blocks are n bits in length 3.2 Notation This

25、International Standard refers to the cryptographic check value as a Message Authentication Code (MAC). In contexts where the terms “most significant bit/byte” and “least significant bit/byte” have a meaning, e.g., where strings of bits are treated as numerical values, then the leftmost bits of a blo

26、ck shall be the most significant. 4 Requirements The length (m) of the MAC will be less than or equal to the block length (n). The result of the calculation and of any optional process is an information block of length n. The m leftmost bits of the final n-bit block form the MAC. 5 MAC calculation 5

27、.1 Padding and blocking The generation of a MAC requires the selection of one of two padding methods. The way in which the selection is made is beyond the scope of this International Standard. Method 1 The data for which the MAC is to be calculated shall be appended with as few (possibly none) “0” b

28、its as necessary to obtain a data string whose length (in bits) is an integer multiple of n.ISO/IEC9797:1994(E) 2 BSI 04-2000 Method 2 The data for which the MAC is to be calculated shall be appended with a single “1” bit. The resulting datashall then be appended with as few (possibly none) “0” bits

29、 as necessary to obtain a data string whose length (in bits) is an integer multiple of n. NOTEIf the length of data is not known by a verifier then padding method 2 should be used, since it permits a verifier to detect the addition or deletion of trailing “0” bits. The resulting data is divided into

30、 n-bit blocks (D 1 , D 2 ,., D q ). The bits which are padded to the original data, according to the chosen padding method, are only used for calculating and verifying the MAC. Consequently, the padding bits (if any) need not be stored or transmitted with the data. The verifier shall know whether or

31、 not the padding bits have been stored or transmitted, and which padding method is in use. 5.2 The cryptographic key The key should be randomly or pseudo-randomly generated. If the same algorithm is used for encipherment of the message, the key used for the calculation of the MAC should be different

32、 from that used for encipherment. 5.3 The initial stage The MAC is calculated as illustrated in Figure 1. The input register is initialized with the first block (D 1 ). This input data (I 1 ) is passed through the algorithm (A), which uses a key (K) to produce n bits in the output register (O 1 ). 5

33、.4 Subsequent stages The next n bits of data (D 2 ) are bitwise exclusive ored with the n bits of the output register (O 1 ) and the result is loaded into the input register of the next stage (I 2 ). The contents of the input register (I 2 ) is passed through the algorithm (A), which uses the key (K

34、) to produce n bits in the output register (O 2 ). This operation continues until all blocks have been processed. The result will be the final output block(O q ). 5.5 Optional Process The final output block (O q ) may be subjected to optional processing to increase the strength of the MAC. The optio

35、nal process (if used) shall be selected from those specified in normative Annex A. 5.6 The MAC The m leftmost bits of the final n-bit block form the MAC. NOTEUse of the optional process specified inA.1 ofAnnex A reduces the threat of exhaustive search attacks. In particular, this optional process is

36、 recommended when m = n.ISO/IEC9797:1994(E) BSI 04-2000 3 Figure 1 The MAC calculationISO/IEC9797:1994(E) 4 BSI 04-2000 Annex A (normative) Optional Processes A.1 Optional process 1 The following procedure specifies an optional process (see5.5) which may be used in accordance with a predefined agree

37、ment between sender and receiver. This optional process increases the strength of the MAC with respect to exhaustive key search and chosen plaintext attacks. In this optional process two cryptographic keys are used, which are denoted by (K) and (K 1 ). The n-bit block (O q ) is first generated using

38、 key (K) in the procedure specified in5.3 and5.4. Two additional steps shall then be performed (seeFigure A.1): a) decipher the output (O q ) using key (K 1 ) to obtain ; a) encipher using key (K) to obtain . This completes the optional process. The MAC is obtained as specified in5.6. A.2 Optional p

39、rocess 2 The following procedure specifies an optional process (see 5.5) which may be used in accordance with a predefined agreement between sender and receiver. This optional process increases the strength of the MAC with respect to chosen plaintext attacks. In this optional process two cryptograph

40、ic keys are used, which are denoted by (K) and (K 1 ), where (K 1 ) may be derived from (K). NOTEAn example of how to derive (K 1 ) from (K) is to complement alternate blocks of four bits of (K) commencing with the first four bits. The n-bit block (O q ) is first generated using key (K) in the proce

41、dure specified in5.3 and5.4. Figure A.1 Optional process 1 O q () O q () O q ()ISO/IEC9797:1994(E) BSI 04-2000 5 An additional step shall then be performed (seeFigure A.2): encipher the output (O q ) using key (K 1 ) to obtain (). This completes the optional process. The MAC is obtained as specified

42、 in5.6. Figure A.2 Optional process 2 O q ISO/IEC9797:1994(E) 6 BSI 04-2000 Annex B (informative) Examples This annex presents examples of the generation of a MAC employing the DEA (seeANSIX3.92) for padding methods1 and2 as well as optional processes1 and2. The plaintexts are the7-bit ASCII codes (

43、no parity) for “NowEisEtheEtimeEforEall” and “NowEisEtheEtimeEforEit”, where “E” denotes a blank. The first plaintext does not require any padding if padding method1 is chosen. The key (K) is0123456789ABCDEF. The key (K 1 ) in optional process1 was chosen to be FEDCBA9876543210, while the key (K 1 )

44、 in optional process2 was derived according to the note inA.2. B.1 Padding method1 Example 1: NowEisEtheEtimeEforEallE If no optional process is used the MAC consists of the m leftmost bits of(O 3 ). Optional process1 The MAC consists of them leftmost bits of (). Optional process 2 The MAC consists

45、of them leftmost bits of (). Example 2: NowEisEtheEtimeEforEit If no optional process is used the MAC consists of the m leftmost bits of(O 3 ). key (K) 01 23 45 67 89 AB CD EF D 1 4E 6F 77 20 69 73 20 74 D 2 68 65 20 74 69 6D 65 20 D 3 66 6F 72 20 61 6C 6C 20 I 1= D 1 4E 6F 77 20 69 73 20 74 O 1 3F

46、A4 0E 8A 98 4D 48 15 I 2= O 1 _ D 2 57 C1 2E FE F1 20 2D 35 O 2 0B 2E 73 F8 8D C5 85 6A I 3= O 2 _ D 3 6D 41 01 D8 EC A9 E9 4A O 3 70 A3 06 40 CC 76 DD 8B key (K 1 ) FE DC BA 1 76 54 32 10 B4 8D 36 EC 7A D5 69 4F A1 C7 2E 74 EA 3F A9 B6 O 3 O 3 O 3 key (K 1 ) F1 D3 B5 97 79 5B 3D 1F 10 F9 BC 67 A0 3

47、C D5 D8 key (K) 01 23 45 67 89 AB CD EF D 1 4E 6F 77 20 69 73 20 74 D 2 68 65 20 74 69 6D 65 20 D 3 66 6F 72 20 69 74 00 00 I 1= D 1 4E 6F 77 20 69 73 20 74 O 1 3F A4 0E 8A 98 4D 48 15 I 2= O 1 _ D 2 57 C1 2E FE F1 20 2D 35 O 2 0B 2E 73 F8 8D C5 85 6A I 3= O 2 _ D 3 6D 41 01 D8 E4 B1 85 6A O 3 E4 5B

48、 3A D2 B7 CC 08 56 O 3 O 3 ISO/IEC9797:1994(E) BSI 04-2000 7 Optional process1 The MAC consists of them leftmost bits of (). Optional process 2 The MAC consists of them leftmost bits of (). B.2 Padding method2 Example 1: NowEisEtheEtimeEforEallE If no optional process is used the MAC consists of the

49、 m leftmost bits of (O 4 ). Optional process1 The MAC consists of them leftmost bits of (). Optional process 2 The MAC consists of them leftmost bits of (). key (K 1 ) FE DC BA 98 76 54 32 10 32 8A C7 8B A1 CA 0B 3F 2E 2B 14 28 CC 78 25 4F key (K 1 ) F1 D3 B5 97 79 5B 3D 1F 21 5E 9C E6 D9 1B C7 FB key (K) 01 23 45 67 89 AB CD EF D 1 4E 6F 77 20 69 73 20 74 D 2 68 65 20 74 69 6D 65 20 D 3 66 6F 72 20 61 6C 6C 20 D 4 80 00 00 00 00 00 00 00 I 1= D 1 4E 6F 77 20 69 73 20 74 O 1 3F A4 0E 8A 98 4D 48 15 I 2= O 1 _ D 2 57 C1 2E

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1