CAN CSA-ISO IEC 10181-6-2000 Information technology - Open Systems Interconnection - Security frameworks for open systems Integrity framework.pdf

1、National Standard of Canada CAN/CSA-ISOBEC 101 81-6-00 (ISO/IEC 10181 -6: 1996) CSA INTERNATIONAL / - International Standard ISO/IEC 10181-6:1996 (first edition 1996-09-15) has been adopted without modification as CSA Standard CAN/CSA-ISO/IEC 10181-6-00, which has been approved as a National Standar

2、d of Canada by the Standards Council of Canada. ISBN 1-55324-080-4 March 2000 Information technology - Open Systems Interconnection - Security frameworks for open systems: Integrity framework (Reaffirmed 2004) Technologies de iinformation - lnterconnexion de systernes ouverts (OS/) - Cadres gkneraux

3、 pour la this remains the continuing responsibility of the accredited standards-development organization. Those who have a need to apply standards are encouraged to use National Standards of Canada whenever practicable. These standards are subject to periodic review; therefore, users are cautioned t

4、o obtain the latest edition from the organization preparing the standard. The responsibility for approving National Standards of Canada rests with the Standards Council of Canada 45 OConnor Street, Suite 1200 Ottawa, Ontario, K1 P 6N7 Canada A National Standard of Canada is a standard which CSA INTE

5、RNATIONAL c . Les normes nationales du Canada sont publi6es en versions frangaise et anglaise. Although the intended primary application of this Standard is stated in its Scope, it is important to note that it remains the responsibility of the users to judge its suitability for their particular purp

6、ose. lnformotion technology - Open Systems hterconnection - Security frameworks for open systems: lnteqrity framework CAN/CSA-ISO/IEC 1 0 7 8 1-6-00 CAN/CSA-ISO/IEC 101 81 -6-00 Information technology - Open Systems Interconnection - Security pameworks for open systems: Intepity tkarnewovk CSA Prefa

7、ce Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC joint Technical Committee 1 on Informati

8、on Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the IS0 member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Con

9、sultative Committee (ITU-T). This international Standard was reviewed by the CSA TClT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. (A committee membership list is available on request from the CSA Project Manager.) From

10、 time to time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TClT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or CSA lnfo Update or contact a CSA Sales representative. This Standard has been formally approved, witho

11、ut modification, by these Committees and has been approved as a National Standard of Canada by the Standards Council of Canada. March 2000 0 CSA International - 2000 All rights reserved. No part of this publication may be reproduced in any form whatsoever without the prior permission of the publishe

12、r. ISO/IEC material is reprinted with permission. inquiries regarding this National Standord of Canada should be addressed to CSA lntemational, 7 78 Rexdale Boulevard, Toronto, Ontario, MPW 7 R3. March 2000 CSA/1 I NTE R N AT1 0 NAL STANDARD lSO/IEC I01 81 -6 First edition 1996-09-1 5 Information te

13、chnology - Open Systems Interconnection - Security frameworks for open systems: Integrity framework Technologies de linformation - lnterconnexion de s ystemes ouverts (USII - Cadres gdneraux pour la identifies possible classes of integrity mechanism; identifies facilities for each class of integrity

14、 mechanisms; identifies management required to support the class of integrity mechanism; 5) addresses the interaction of integrity mechanism and the supporting services with other security services and mechanisms. A number of different types of standard can use this framework, including: 1) 2) stand

15、ards that incorporate the concept of integrity; standards that specify abstract services that include integrity; 3) 4) standards that specify uses of an integrity service; standards that specify means of providing integrity within an open system architecture; and 5) standards that specify integrity

16、mechanisms. Such standards can use this framework as follows: - - standards of type l), 2), 3), 4) and 5) can use the terminology of this framework; standards of type 2), 3), 4) and 5) can use the facilities identified in clause 7; - standards of type 5) can be based upon the classes of mechanisms i

17、dentified in clause 8. Some of the procedures described in this security framework achieve integrity by the application of cryptographic techniques. This framework is not dependent on the use of particular cryptographic or other algorithms, although certain classes of integrity mechanisms may depend

18、 on particular algorithm properties. NOTE - Although IS0 does not standardize cryptographic algorithms, it does standardize the procedures used to register them in ISO/IEC 9979. The integrity addressed by this Recommendation I International Standard is that defined by the constancy of a data value.

19、This notion (constancy of a data value) encompasses all instances in which different representations of a data value are deemed equivalent (such as different ASN. 1 encodings of the same value). Other forms of invariance are excluded. The usage of the term data in this Recommendation I International

20、 Standard includes all types of data structures (such as sets or collections of data, sequences of data, file-systems and databases). ITU-T Rec. X.815 (1995 E) 1 ISO/IEC 101814 : 1996 (E) This framework addresses the provision of integrity to data that are deemed to be write-accessible to potential

21、attackers. Therefore, it focusses on the provision of integrity through mechanisms, both cryptographic and non-cryptographic that do not rely exclusively on regulating access. 2 Normative references The following Recommendations and International Standards contain provisions which, through reference

22、 in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recornmendation I International Standard are encoura

23、ged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and IS0 maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid

24、ITU-T Recommendations. 2.1 2.2 2.3 3 Identical Recommendations I International Standards ITU-T Recommendation X.200 (1994) I ISO/IEC 7498- 1: 1994, Znformution technology - Open Systems Interconnection - Basic Reference Model: The Basic Model. ITU-T Recommendation X.273 (1994) I ISO/IEC 1 1577: 1995

25、, Information technology - Open System Interconnection - Network layer security protocol. ITU-T Recommendation X.274 (1994) I ISO/IEC 10736: 1995, Znformufion technology - Telecommunications and information exchange between systems - Transport layer security protocol. ITU-T Recommendation X.8 10 ( 1

26、995) I ISO/IEC IO 1 8 1 - 1 1996, Infunnufion technology - Open Systems Interconnection - Security frameworks for open systems: Overview. ITU-T Recommendation X.81 I (1995) I ISOAEC 10181-211996, Znformation technology - Open Systems Interconnection - Security frameworks for open systems: Authentica

27、tion framework ITU-T Recommendation X.8 1 2 ( 1995) I ISO/IEC IO 1 8 1-3: 1996, Infonnation technology - Open Systems Interconnection - Security frameworks for open system: Access control framework, Paired Recornmendations I International Standards equivalent in technical content - ITU-T Recommendat

28、ion X.224 (19929, Protocol for providing rhe OSI connection-mode transport service. ISOAEC 8073: 1992, Information technology - Telecommunications and information exchange between systems - Open Systems Interconnection - Protocol for providing the connection-nwde transport service. CCITT Recommendat

29、ion X.800 (1991), Securio architecture for Open Systems Interconnection for CCITT applications. IS0 7498-2: 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. - Additional References - ISO/IEC 9979: 199 1, Data cryptographic t

30、echniques - Procedures for rhe registration of cryptographic algorithms. Definitions For the purposes of this Recommendation I International Standard, the following definitions apply. 3.1 tion X.200 I ISOAEC 7498-1 and makes use of the following terms defined in it: This Recommendation I Internation

31、al Standard builds on concepts developed in ITU-T Recommenda- a) 0-connection; b) (N)-entity; c) (N)-facility; 2 ITU-T Rc. X.815 (1995 E) ISO/IEC 10181-6 : 1996 ) d) (N)-layer; e) (N)-SDU; f) (N)-service; g) (N)-user-data. 3.2 tion X.800 I IS0 7498-2 and makes use of the following terms defined in i

32、t: This Recommendation I International Standard builds on concepts developed in CCITT Recommenda- a) access control; b) connection integrity; c) data integrity; d) decipherment; e) decryption; f) digital signature; g encipherment; h) encryption; i) identity-based security policy; j) integrity; k) ke

33、y; 1) routing control; m) rule-based security policy. NOTE -Where not otherwise qualified, the term “integrity” in this standard is taken to mean data integrity. This Recommendation I International Standard makes use of the following general security-related terms a) digital fingerprint; b) hash fun

34、ction; c) one-way function; 3.3 defined in ITU-T Rec. X.810 I ISO/IEC 10181-1: d) private key; e) public key; f) seal; g) secret key; h) trusted third party. 3.4 This Recommendation I International Standard builds on concepts developed in ITU-T Rec. X.811 I ISO/IEC 10181-2 and makes use of the follo

35、wing terms defined in it: - time variant parameter. 3.5 For the purpose of this Recommendation I International Standard, the following definitions apply: 3.5.1 These forms (connection and connectionless integrity) are described in annex A. integrity-protected channel: A communications channel to whi

36、ch an integrity service has been applied. NOTE - Two forms of integrity services for communication channels are referred to in CCIlT Rec. X.800 I IS0 7498-2. 3.5.2 and deletion) are prevented or detectable. integrity-protected environment: An environment in which unauthorized data alterations (inclu

37、ding creation 3.5.3 3.5.4 3.5.5 3.5.6 integrity-protected data: Data and all relevant attributes within an integrity-protected environment. shield: The conversion of data into integrity-protected data. unshield: The conversion of integrity protected data into the data originally shielded. validate:

38、The checking of integrity-protected data to detect loss of integrity. ITU-T Rm. X.815 (1995 E) 3 ISO/IEC 10181-6 : 1996 (E) 4 5 Abbreviations PDU Protocol Data Unit SDU Service Data Unit SII Shield Integrity Information MDII Modification Detection Integrity Information UII Unshield Integrity Informa

39、tion General discussion of integrity The purpose of the integrity service is to protect the integrity of data and of their relevant attributes which can be compromised in a number of different ways: 1) unauthorized data modification; 2) unauthorized data deletion; 3) unauthorized data creation; 4) u

40、nauthorized data insertion; 5) unauthorized data replay. The integrity service protects against these threats either by means of prevention or by detection with or without recovery. Effective integrity protection may not be possible if the necessary control information (such as keys and SII) is not

41、integrity and/or confidentiality protected; such protection often relies, implicitly or explicitly, on principles different from the ones embodied in the mechanism that protects the data. The notion of protected environments is explicitly used in this framework so as to capture the idea that integri

42、ty protection includes protection against unauthorized creation and/or deletion. Thus, unauthorized data creatioddeletion can be seen as unauthorized modifications of some protected environment. Similarly, insertion and replays can be seen as modifications of a structured collection of data (such as

43、 a sequence, or a data structure). We note that some alterations of data can be seen as having no impact OR their integrity. For instance, if an ASN.1 description contains a SET OF data type, there is no integrity violation if the members of the data type are reordered. Sophisticated integrity mecha

44、nisms may recognize that some transformations of structured data do not compromise the data integrity. Such mechanisms allow transformations of signed or sealed data without necessitating recomputations of the digital signature or sed, respectively. The objective of the integrity service is to prote

45、ct against or to detect unauthorized data modifications, including unauthorized data creation and deletion. The provision of the integrity service is accomplished through the following activities: 1) shield: the generation of integrity protected data from data; 2) validate: the checking of integrity

46、-protected data to detect integrity failure; 3) unshield: the regeneration of data from integrity-protected data. These activities do not necessarily employ cryptographic techniques. When they do use cryptographic techniques, they do not necessarily transform the data. For instance, the shield opera

47、tion may be provided by appending a seal or a digital signature to the data. In this case, after successful validation, urnhielding is performed through seddigital signature removal. The integrity service applies to Information Retrieval, Transfer, and Management as follows: 1) For information being

48、 transferred in an OS1 environment, the integrity service is provided by combining shielding, transfer using an (N-1)-facility, and urnhielding to form the transmission part of an 0-service. For data storage and retrieval, the integrity service is provided by combining shielding b) unauthorized data

49、 creation; c) unauthorized data deletion; d) unauthorized data insertion; e) unauthorized data replay; By the type of protection they support. The types of protection are: a) prevention of integrity compromise; b) detection of integrity compromise; By whether they include recovery mechanisms or not: In the former case (with recovery), the unshield operation may be able to recover the original data (and possibIy signal a recovery action or an error for purposes such as audit) whenever the validate operation indicates alteration. In the latter (without recovery), the unshield operation is u