1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA
2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any
3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-22043-3 SANS 11770-2:2008Edition 2 ISO/IEC 11770-2:2008Edition 2SOUTH AFRICAN NATIONAL STANDARD Information Technology Security techniques
4、 Key management Part 2: Mechanisms using symmetric techniques Published by SABS Standards Division 1 Dr Lategan Road Groenkloof Private Bag X191 Pretoria 0001Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS This national standard is the identical implementation of ISO/IEC 11770-2:2008 a
5、nd is adopted with the permission of the International Organization for Standardization and the International Electrotechnical Commission. SANS 11770-2:2008 Edition 2 ISO/IEC 11770-2:2008 Edition 2 Table of changes Change No. Date Scope National foreword This South African standard was approved by S
6、ABS National Committee SC 71F, Information technology Information security, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. This SANS document was published in November 2008. This SANS document supersedes SABS ISO/IEC 11770-2:1996 (e
7、dition.1). Reference numberISO/IEC 11770-2:2008(E)ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC11770-2Second edition2008-06-15Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniquesTechnologies de linformation Techniques de scurit Gestion de cls Partie 2:
8、 Mcanismes utilisant des techniques symtriques SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, t
9、his file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secre
10、tariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ens
11、ure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part of this publi
12、cation may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Genev
13、a 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) ISO
14、/IEC 2008 All rights reserved iiiContents Page Foreword iv 1 Scope . 1 2 Normative references . 1 3 Terms and definitions. 2 4 Symbols and abbreviated terms . 3 5 Requirements 4 6 Point-to-point key establishment 5 6.1 Key Establishment Mechanism 1 5 6.2 Key Establishment Mechanism 2 5 6.3 Key Estab
15、lishment Mechanism 3 6 6.4 Key Establishment Mechanism 4 7 6.5 Key Establishment Mechanism 5 7 6.6 Key Establishment Mechanism 6 8 7 Mechanisms using a Key Distribution Centre . 9 7.1 Key Establishment Mechanism 7 10 7.2 Key Establishment Mechanism 8 11 7.3 Key Establishment Mechanism 9 12 7.4 Key E
16、stablishment Mechanism 10 14 8 Mechanisms using a Key Translation Centre 15 8.1 Key Establishment Mechanism 11 16 8.2 Key Establishment Mechanism 12 16 8.3 Key Establishment Mechanism 13 18 Annex A (normative) ASN.1 module. 21 Annex B (informative) Properties of key establishment mechanisms 23 Annex
17、 C (informative) Auxiliary techniques 25 Bibliography . 27 SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International Organization for Standardiz
18、ation) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization t
19、o deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO a
20、nd IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by
21、 the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of paten
22、t rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 11770-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This second edition cancels and replaces the first edition (
23、ISO/IEC 11770-2:1996), which has been technically revised. It also incorporates the Technical Corrigendum ISO/IEC 11770-2:1996/Cor.1:2005. ISO/IEC 11770 consists of the following parts, under the general title Information technology Security techniques Key management: Part 1: Framework Part 2: Mecha
24、nisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques Part 4: Mechanisms based on weak secrets SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .INTERNATIONAL STANDARD ISO/IEC 11770-2:2008(E) ISO/IEC 2
25、008 All rights reserved 1Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques 1 Scope The purpose of key management is to provide procedures for handling cryptographic keying material to be used in symmetric or asymmetric cryptographic algorithms ac
26、cording to the security policy in force. This part of ISO/IEC 11770 defines key establishment mechanisms using symmetric cryptographic techniques. Key establishment mechanisms using symmetric cryptographic techniques can be derived from the entity authentication mechanisms of ISO/IEC 9798-2 and ISO/
27、IEC 9798-4 by specifying the use of text fields available in those mechanisms. Other key establishment mechanisms exist for specific environments; see, for example, ISO 8732. Besides key establishment, the goals of such a mechanism might include unilateral or mutual authentication of the communicati
28、ng entities. Further goals might be the verification of the integrity of the established key, or key confirmation. This part of ISO/IEC 11770 addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC), and Key Translation Centre (KTC). This part of ISO/
29、IEC 11770 describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. It does not indicate other information which can be contained in the messages or specify other messages such as error message
30、s. The explicit format of messages is not within the scope of this part of ISO/IEC 11770. This part of ISO/IEC 11770 does not specify the means to be used to establish initial secret keys; that is, all the mechanisms specified in this part of ISO/IEC 11770 require an entity to share a secret key wit
31、h at least one other entity (e.g. a TTP). For general guidance on the key lifecycle see ISO/IEC 11770-1. This part of ISO/IEC 11770 does not explicitly address the issue of interdomain key management. This part of ISO/IEC 11770 also does not define the implementation of key management mechanisms; pr
32、oducts complying with this part of ISO/IEC 11770 might not be compatible. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenc
33、ed document (including any amendments) applies. ISO/IEC 11770-1, Information technology Security techniques Key management Part 1: Framework SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) 2 ISO/IEC 20
34、08 All rights reserved3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 11770-1 and the following apply. 3.1 distinguishing identifier information which unambiguously distinguishes an entity 3.2 entity authentication corroboration that an entity is
35、 the one claimed ISO/IEC 9798-1 3.3 explicit key authentication from entity A to entity B assurance for entity B that entity A is the only other entity that is in possession of the correct key ISO/IEC 11770-3 NOTE Implicit key authentication from A to B and key confirmation from A to B together impl
36、y explicit key authentication from A to B. 3.4 implicit key authentication from entity A to entity B assurance for entity B that entity A is the only other entity that can possibly be in possession of the correct key ISO/IEC 11770-3 3.5 key confirmation from entity A to entity B assurance for entity
37、 B that entity A is in possession of the correct key ISO/IEC 11770-3 3.6 key control ability to choose the key, or the parameters used in the key computation 3.7 key generating function function which takes as input a number of parameters, at least one of which shall be secret, and which gives as ou
38、tput keys appropriate for the intended algorithm and application, and which has the property that it is computationally infeasible to deduce the output without prior knowledge of the secret input 3.8 point-to-point key establishment direct establishment of keys between entities, without involving a
39、third party 3.9 random number time variant parameter whose value is unpredictable 3.10 redundancy information that is known and can be checked SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) ISO/IEC 20
40、08 All rights reserved 33.11 sequence number time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain time period 3.12 time variant parameter data item used to verify that a message is not a replay, such as a random number, sequence number, or a t
41、ime stamp 4 Symbols and abbreviated terms dK(Z) result of decrypting data Z with a symmetric encryption algorithm using the secret key K eK(Z) result of encrypting data Z with a symmetric encryption algorithm using the secret key K f key generating function F keying material FXkeying material origin
42、ated by entity X IXthe distinguishing identifier of entity X KDC Key Distribution Centre KTC Key Translation Centre KXYsecret key associated with entities X and Y MAC Message Authentication Code MACK(Z) result of applying a MAC function to data Z using the secret key K P Key Distribution Centre or K
43、ey Translation Centre R random number RXrandom number issued by entity X T/N time stamp or sequence number TVP Time Variant Parameter TVPXTime Variant Parameter issued by entity X TX/NXtime stamp or sequence number issued by entity X X|Y result of concatenating data items X and Y in that order The f
44、ields Text1, Text2, , specified in the mechanisms can contain optional data for use in applications outside the scope of this part of ISO/IEC 11770 (they can be empty). Their relationship and contents depend upon the specific application. One such possible application is message authentication (see
45、Annex C for an example). Likewise, optional plaintext text fields can be included as a prefix, or appended, to any of the messages. They have no security implications and are not explicitly included in the mechanisms specified in this part of ISO/IEC 11770. Data items that are optional in the mechan
46、isms are shown in square brackets, thus. SANS 11770-2:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-2:2008(E) 4 ISO/IEC 2008 All rights reserved5 Requirements The key establishment mechanisms specified in this part of ISO/
47、IEC 11770 make use of symmetric cryptographic techniques, more specifically, symmetric encryption algorithms, MACs, and/or key generating functions. The cryptographic algorithms and the key life-time shall be chosen such that it is computationally infeasible for a key to be deduced during its lifeti
48、me. If the following additional requirements are not met, the key establishment process may be compromised. a) For those mechanisms making use of a symmetric encryption algorithm, either assumption 1) or assumption 2) is required. 1) The encryption algorithm, its mode of operation, and the redundanc
49、y in the plaintext shall provide the recipient with the means to detect forged or manipulated data. 2) The integrity of the encrypted data shall be ensured by a MAC. Choices for encryption and integrity algorithms should be in accordance with the following. i) Assumption 1) above can be guaranteed if an authenticated encryption technique is used; use of one of the techniques standardized in ISO/IEC 19772 is recommended. ii) The choice for a symmetric encryption algorithm should be chosen from am
