ITU-T X 800-1991 Security Architecture for Open Systems Interconnection for CCITT Applications (Study Group VII) 49 pp《CCIT开放网络互连安全结构研究组7 49pp》.pdf

1、INTERNATIONAL TELECOMMUNICATION UNION CCITT X.800 THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMM ITTEE DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS SECURITY ARCHITECTURE FOR OPEN SYSTEMS INTERCONNECTION FOR CCITT APPLICATIONS Reco

2、mmendation X.800 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*X=8OQ 91 m 4862593 0563723 8 m INTERNATIONAL TELECOMMUNICATION UNION CCITT THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONS U LTATIVE COM M ITTE E DATA COMMUNICA

3、TION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS SECURITY ARCHITECTURE FOR OPEN SYSTEMS INTERCONNECTION FOR CCITT APPLICATIONS Recommendation X.800 I Geneva, 1991 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Han

4、dling ServicesCCITT RECMN*X=BOO 91 4862593 05b3724T- FOREWORD The CCJIT (the International Telegraph and Telephone Consultative Committee) is a permanent organ of the International Telecommunication Union (ITU). CC is responsible for studying technical, operating and tariff questions and issuing Rec

5、ommendations on them with a view to standardizing telecommunications on a worldwide basis. The Plenary Assembly of CC which meets every four years, establishes the topics for study and approves Recommendations prepared by its Study Groups. The approval of Recommendations by the members of CCIT betwe

6、en Plenary Assemblies is covered by the procedure laid down in CCIIT Resolution No. 2 (Melbourne, 1988). Recommendation X.800 was prepared by Study Group VI1 and was approved under the Resolution No. 2 procedure on the 22nd of March 1991. CCIIT NOTE In this Recommendation, the expression “Administra

7、tion” is used for conciseness to indicate both a telecommunication Administration and a recognized private operating agency. o ITU 1991 All rights reserved. No part of ihis-publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and mic

8、rofilm, without permission in writing from the ITU. COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesRecommendation X.800 SECURITY ARCHITECTRE FOR OPEN SYSTEMS INTERCONNECIION FOR CCITT APPLICATIONS O Introduction Recommendation X.200 de

9、scribes the Reference Model for open systems interconnection (OSI). It establishes a framework for coordinating the development of existing and future Recommendations for the interconnection of systems. The objective of OS1 is to permit the interconnection of heterogeneous computer systems so that u

10、seful communication between application processes may be achieved. At various times, security controls must be established in order to protect the information exchanged between the application processes. Such controls should make the cost of improperly obtaining or modifying data greater than the po

11、tential value of so doing, or make the time required to obtain the data improperly so great that the value of the data is lost. This Recommendation defines the general security-related architectural elements which can be applied appropriately in the circumstances for which protection of communicatio

12、n between open systems is required. It establishes, within the framework of the Reference Model, guidelines and consraints to improve existing Recornmendations or to develop new Recommendations in the context of OS1 in order to allow secure communications and thus provide a consistent approach to se

13、curity in OSI. A background in security will be helpful in understanding this Recommendation. The reader who is not well versed in security is advised to read Annex A first. This Recommendation extends the Reference Model (Recommendation X.200) to cover security aspects which are general architectur

14、ai elements of communications protocols, but which are not discussed in the Reference Model. 1 Scope aud field of application This Recommendation: a) b) This Recommendation extends the field of application of Recommendation X.200, to cover secure communications between open systems. Basic security s

15、ervices and mechanisms and their appropriate placement have been identified for all layers of the Reference Model. In addition, the architecturai relationships of the security services and mechanisms to the Reference Model have been identified. Additional security measures may be needed in end syste

16、ms, installations and organizations. These measures apply in various application contexts. The definition of security services need4 to support such additional security measures is outside the scope of the Recornmendation. provides a general description of security services and related mechanisms, w

17、hich may be provided by the Reference Model; and defines the positions within the Reference Model where the services and mechanisms may be provided. 1 Recommendation X.800 and IS0 7498-2 (Information processing systems - Open systems interconnection - Basic Reference Made1 -Part 2: Security architec

18、ture) are technically aligned. Recommendation X.800 1 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Services-CCITT RECMN%X=800 71 m 4862593 05b3726 3 m OS1 security functions are concerned only with those visible aspects of a communications p

19、ath which permit end systems to achieve the secure transfer of information between them. OS1 security is not concerned with security measures needed in end systems, installations, and organizations, except where these have implications on the choice and position of security services visible in OSI.

20、These latter aspects of security may be standardized but not within the scope of OS1 Recommendations. This Recommendation adds to the concepts and principles defined in Recommendation X.200; it does not modify them. It is not an implementation specification, nor is it a basis for appraising the conf

21、ormance of actual implementations. 2 References Rec. X.200 -Reference Model of open systems interconnection for CCIT applications. IS0 7498 - Information processing systems - Open systems interconnection - Basic Reference Model (1984). IS0 7498-4 - Information processing systems - Open systems inter

22、connection - Basic Reference Model - Part 4: Management framework (1989). IS0 7498/AD1- Information processing systems -Open systems interconnection - Basic Reference Model - Addendum 1: Connectionless-mode transmission (1987). IS0 8648 - Information processing systems - Open systems interconnection

23、 - Internal organization of the network layer (1988). 3 Definitions and abbreviations 3.1 following terms defined in it: This Recommendation builds on concepts developed in Recommendation X.200 and makes use of the a) (N)-connection; b) (N)-data-transmission; c) 0-entity; d) 0-facility; e) 0-layer;

24、f) Open system; g) Peer entities; h) 0-protocol; j) 0-protocol-data-unit; k) Orelay; 1) Routing; m) Sequencing; n) (N)-service; p) (N)-semice-daia-unit; q) (N)-user-data; r) Sub-network; s) OS1 resource; and t) Transfer syntax. 2 Recommendation X.800 COPYRIGHT International Telecommunications Union/

25、ITU TelecommunicationsLicensed by Information Handling Services3.2 standards: This Recommendation uses the foilowing terms drawn from the respective Recommendations/Intemational Connectionless-mode transmission (IS0 7498/AD 1) End system (Rec. X.20O/ISO 7498) Relaying and routing function (IS0 8648)

26、 Management information base (MIB) (IS0 74984) In addition, the following abbreviations are used. OS1 open systems interconnection; SDU for service data unit; SMiB for security management information base; and MIB for management information base. 3.3 For the purpose of this Recommendation, the follo

27、wing definitions apply: 3.3.1 access control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. 3.3.2 access control iist A list of entities, together with their access rights, which are authorized to have access to a resource.

28、3.3.3 accountability The property that ensures that the actions of an entity may be traced uniquely to the entity. 3.3.4 active threat The threat of a deliberate unauthorized change to the state of the system. Note - Examples of security-relevant active threats may be: modification of messages, repl

29、ay of messages, insertion of spurious messages, masquerading as an authorized entity and denial of service. 3.3.5 audit See security audit. 3.3.6 audit trail See security audit trail. 3.3.7 authentication See data origin authentication, and peer entity authentication. Note - In this Recommendation t

30、he term “authentication” is not used in connection with data integrity; the term “data integrity” is used instead. 3.3.8 authen tication information Information used to establish the validity of a claimed identity. 3.3.9 authentication exchange A mechanism intended to ensure the identity of an entit

31、y by means of information exchange. Recommendation X.800 3 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECflN*X.BOO 91 4862571 05b3728 7 3.3.10 authorization The granting of rights, which includes the granting of access based

32、on access rights. 3.3.1 1 availability The property of being accessible and useable upon demand by an authorized entity. 3.3.12 capability A token used as an identifier for a resource such that possession of the token confers access rights for the resource. 3.3.13 channel An information transfer pat

33、h. 3.3.14 ciphertext Data produced through the use of encipherment. The semantic content of the resulting data is not available. Note - Ciphertext may itself be input to encipherment, such that super-enciphered output is produced. 3.3.15 cleartext Intelligible data, the semantic content of which is

34、available. 3.3.16 confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. 3.3.17 credentials Data that is transferred to establish the claimed identity of an entity. 3.3.18 cryptanalysis sensitive data including cleartext.

35、 The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or 3.3.19 cryptographic checkvalue unit. Information which is derived by performing a cryptographic transformation (see cryptography) on the data Note - The derivation of the checkvalue may be

36、performed in one or more steps and is a result of a mathematical function of the key and a data unit. It is usually used to check the integrity of a data unit. 3.3.20 cryptography its information content, prevent its undetected modification and/or prevent its unauthorized us. The discipline which em

37、bodies principles, means, and methods for the transformation of data in order to hide Note - Cryptography determines the methods used in encipherment and decipherment. An attack on a cryptographic principle, means, or method is cryptanalysis. 3.3.21 data integrity The property that data has not been

38、 altered or destroyed in an unauthorized manner. 3.3.22 data orwn authentication The corroboration that the source of data received is as claimed. 4 Recommendation X.800 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Services3.3.23 deciphermen

39、t The reversal of a corresponding reversible encipherment. 3.3.24 decryption See decipherment. 3.3.25 denial of service The prevention of authorized access to resources or the delaying of time-critical operations. 3.3.26 digital signature of the data unit to prove the source and integrity of the dat

40、a unit and protect against forgery e.g. by the recipient. 3.3.27 encipherment Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient The cryptographic transformation of data (see cryptography) to produce ciphertext. Note - Encipherment may be ir

41、reversible, in which case the corresponding decipherment process cannot feasibly be performed. 3.3.28 encryption See encipherment. 3.3.29 end-to-end encipherment only within or at the destinaiion end system. (See also link-by-link encipherment.) 3.3.30 identity-based security policy Encipherment of

42、data within or at the source end system, with the corresponding decipherment occurring A security policy based on the identities and/or attributes of users, a group of users, or entities acting on behalf of the users and the resources/objects being accessed. 3.3.31 integrity See data integrity. 3.3.

43、32 key A sequence of symbols that controls the operations of encipherment and decipherment. 3.3.33 key management The generation, storage, distribution, deletion, archiving and application of keys in accordance With a security policy. 3.3.34 link-by-link encipherment The individual application of en

44、cipherment to data on each link of a communications system, (See also end- Note -The implication of link-by-link encipherment is that data will be in cleartext form in relay entities. to-end encipherment.) 3.3.35 manipulation detection A mechanism which is used to detect whether a data unit has been

45、 modified (either accidentally or intentionally). 3.3.36 masquerade The pretence by an entity to be a different entity. Recommendation X.800 5 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*X.BOO 71 4862593 05637305 3.3.37

46、notarization The registration of data with a trusted third party that allows the later assurance of the accuracy of its characteristics such as content, origin, time and delivery. 3.3.38 passive threat The threat of unauthorized disclosure of information without changing the state of the system. 3.3

47、.39 password Confidential authentication information, usually composed of a smng of characters. 3.3.40 peer-entity authentication The corroboration that a peer entity in an association is the one claimed. 3.3.41 physical security The measures used to provide physical protection of resources against

48、deliberate and accidental threats. 3.3.42 policy See security policy. 3.3.43 privacy The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Note - Because this term relates to the right

49、of individuals, it cannot be very precise and its use should be avoided except as a motivation for reqiring security. 3.3.44 repudiation Denial by one of the entities involved in a communication of having participated in all or pata of the communication. 3.3.45 routing control The application of rules during the process of routing so as to chose or avoid specific networks, links or relays. 3.3.46 rule-based security policy A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed a