ITU-T X 800 AMD 1-1996 Security Architecture for Open Systems Interconnection for CCITT Applications - Series X Data Networks and Open System Communication Security (Amendment 1 LaAN.pdf

1、 STD-ITU-T RECMN X-BOO-ENGL L97b Lidb2571 Ob27801 552 W INTERNATIONAL TELECOMMU N KATION UN ION ITU=T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU X.800 Amendment I (1 0/96) SERIES X: DATA NETWORKS AND OPEN SYSTEM COMMUN I CATI ON Security Security architecture for Open Systems Interconnection fo

2、r CCITT applications Amendment I : Layer Two Security Service and Mechanisms for LANs ITU-T Recommendation X.800 - Amendment I (Previously CCITT Recommendation) STD-ITU-T RECMN X*BOO-ENGL L77b LiBb257L Ob27802 477 = ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS AND OPEN SYSTEM COMMUNICATION UBLIC DAT

3、A NETWORKS Services and facilities Interfaces Transmission, signalling and switching Network aspects Maintenance Administrative arrangements 3PEN SYSTEM INTERCONNECTION Model and notation Service definitions Connection-mode protocol specifications Connectionless-mode protocol specifications PICS pro

4、forma Protocol Identification Security Protocols Layer Managed Objects Conformance testing General Satellite data transmission systems MESSAGE HANDLING SYSTEMS DIRECTORY OS1 NETWORKING AND SYSTEM ASPECTS INTERWORKING BETWEEN NETWORKS Networking Efficiency Naming, Addressing and Registration Abstract

5、 Syntax Notation One (ASN. 1) Systems Management framework and architecture Management Communication Service and Protocol Structure of Management Information OS1 MANAGEMENT X.l-X.199 X.l-X.19 X.2-X.49 X.50-X.89 X.90-X. 149 X. 150-X. 179 X. 180-X. 199 X.200-X.299 x.200-x.209 X.210-X.219 X.220-X.229 X

6、.230-X.239 X.240-X.259 X.260-X.269 X.270-X.279 X.280-X.289 X.290-X.299 x.300-x.399 x.3wx.349 x.350-x.399 x.400-x.499 x.500-x.599 X.600-X.699 X.600-X.629 X.630-X.649 X.650-X.679 X.680-X.699 X.700-X.799 X.700-X.709 X.710-X.719 X.720-X.729 Management functions x.730-x.799 OS1 APPLICATIONS X.850-X.899 C

7、ommitment, Concurrency and Recovery Transaction processing Remote operations OPEN DISTRTBUTED PROCESSING X.850-X.859 X. 860-X. 879 X.880-X.899 X.900-X.999 For*ther details, please refer to ITW-T List of Recommendations. STD.ITU-T RECMN X=AOO-ENGL 177b 48b257L Ob29803 325 m FOREWORD The IT-T (Telecom

8、munication Standardization Sector) is a permanent organ of the International Telecommunication Union (ITU). The IT-T is responsible for studying technical, operating and tariff questions and issuing Recommen- dations on them with a view to standardizing telecommunications on a worldwide basis. The W

9、orld Telecommunication Standardization Conference (WTSC), which meets every four years, establishes the topics for study by the IT-T Study Groups which, in their twn, produce Recommendations on these topics. The approval of Recommendations by the Members of the IT-T is covered by the procedure laid

10、down in WTSC Resolution No. 1 (Helsinki, March 1-12, 1993). Amendment 1 to IT-T Recommendation X.800 was prepared by IT-T Study Group 7 (1993-1996) and was approved under the WTSC Resolution No. 1 procedure on the 5th of October 1996. NOTE In this Recommendation, the expression “Administration” is u

11、sed for conciseness to indicate both a telecommunication administration and a recognized operating agency. O ITU 1997 All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without pe

12、rmission in writing from the ITU. Recommendation X.SOO/Am d.1 (1 0196) 1 STD-ITU-T RECMN X*AOO-ENGL 177b 48b2571 Ob2780Li 261 CONTENTS Page 1 D.0 Introduction 1 D. 1 LAN security services 1 D.2 LAN security mechanisms . 1 D.3 Table modificationsfor LAN securi ty . 2 Annex D - Layer Two Security Serv

13、ice and Mechanisms for LANs . 11 Recommendation X.SOO/Amd.l (10/96) STD-ITU-T RECMN X-BOO-ENGL L77b 98b2572 Ob29805 LTB SUMMARY Recommendation X.800 provides an overview of security services allocated to the seven layers of the OS1 Reference Model. Amendment 1, which is to be published as Annex Dy e

14、xtends the security services of the Data Link Layer to accommodate LAN security. . Recommendation X.800/Amd.l (10/96) 111 I-.- - STD-ITU-T RECMN X*BOO-ENGL L99b 48b259L Ob29807 T70 Amendment 1 to Recommendation X800 SECURITY ARCHITECTURE FOR OPEN SYSTEMS INTERCONNECTION FOR CCITT APPLICATIONS Annex

15、D Layer Two Security Service and Mechanisms for LANs (Geneva, 1996) D.0 Introduction This annex covers Layer 2 Security Services and Mechanisms for Local Area Networks (LANs). The illustration of the placement of security services in Table 2 of clause 7 suggests that only confidentiality services sh

16、ould be available at layer2. However, it is recognized that in some environments that deploy LANs, additional layer 2 security services and mechanisms may be required. For example, an organization may not deploy full OS1 functionality or incorporating layer 2 relays may require security services oth

17、er than confidentiality. D. 1 LAN securiy services The security services that may be provided, singly or in combination, in the data link layer for LANs are: a) peer entity authentication; b) data origin authentication; c) access control; d) connection confidentiality; e) connectionless confidential

18、ity; f) g) connectionless integrity. connection integrity without recovery; and D.2 LAN securiv mechanisms The identified security services can be provided as follows: a) the peer entity authentication service can be provided by an appropriate combination of cryptographi- cally-derived or protected

19、authentication exchanges, protected password exchange and signature mechanisms; the data origin authentication service can be provided by encipherment or signature mechanisms; the access control service can be provided through the appropriate use of specific access control mechanisms; b) c) d) e) f)

20、 the connection confidentiality service can be provided by an encipherment mechanism; the connectionless confidentiality service can be provided by an encipherment mechanism; the connection integrity without recovery service can be provided by using a data integrity mechanism, sometimes in conjuncti

21、on with an encipherment mechanism; and the connectionless integrity service can be provided by using a data integrity mechanism, sometimes in conjunction with an encipherment mechanism. g) Recommendation X.800/Amd.l (1 0/96) 1 STD-ITU-T RECMN X-BOO-ENGL L77b 9 LiBb259L Ob27808 907 D.3 Table modifcat

22、ions for LAN security Table 2K.800 has not been modified but would reflect the legend Y for layer 2 (LANs) for the following security services: - Peer Entity Authentication; - Data Origin Authentication; - Access Control Service; - - Connectionless Integrity. Connection Integrity without Recovery; a

23、nd 2 Recommendation X.OO/Amd.l (10/96) STD=ITU-T RECMN X-BOO-ENGL 197b = 98b2591 Ob29807 8q3 m Series A Series B Series C Series D Series E Series F Series G Series H Series I Series J Series K Series L Series M Series N Series O Series P Series Q Series R Series S Series T Series U Series V Series

24、X Series Z ITU-T RECOMMENDATIONS SERIES Organization of the work of the ITU-T Means of expression General telecommunication statistics General tariff principles Telephone network and ISDN Non-telephone telecommunication services Transmission systems and media Transmission of non-telephone signals In

25、tegrated services digital network Transmission of sound-programme and television signals Protection against interference Construction, installation and protection of cables and other elements of outside plant Maintenance: international transmission systems, telephone circuits, telegraphy, facsimile

26、and leased circuits Maintenance: international sound-programme and television transmission circuits Specifications of measuring equipment Telephone transmission quality Switching and signalling Telegraph transmission Telegraph services terminal equipment Terminal equipments and protocols for telematic services Telegraph switching Data communication over the telephone network Data networks and open system communication Programming languages - STD-ITU-T RECMN X-800-ENGL L99b LiBb259L Ob27810 5b5 Printed in Switzerland Geneva, 1997