1、BRITISH STANDARD BS ISO/IEC 10736:1995 Implementation of ISO/IEC 10736:1995 Information technology Telecommunications and information exchange between systems Transportlayer security protocolBSISO/IEC10736:1995 This British Standard, having been prepared under the directionof the Information Systems
2、 Technology Assembly,was published underthe authority of the Standards Board and comes intoeffect on 15September1995 BSI 01-2000 The following BSI references relate to the work on this standard: Committee reference IST/6 Draft for comment 91/69325 DC ISBN 0 580 24459 8 Committees responsible for thi
3、s British Standard The preparation of this British Standard was entrusted to Technical Committee IST/6 Data communications, upon which the following bodies were represented: British Computer Society British Telecommunications CCTA (Government Centre for Information Systems) Digital Equipment Co. Ltd
4、. IBM United Kingdom Ltd. Institution of Electrical Engineers International Computers Limited Logica UK Ltd. Nine Tiles Computer Systems Ltd. Rank Xerox (UK) Ltd. Amendments issued since publication Amd. No. Date CommentsBSISO/IEC10736:1995 BSI 01-2000 i Contents Page Committees responsible Inside f
5、ront cover National foreword ii Foreword vii Text of ISO/IEC 10736 1BSISO/IEC10736:1995 ii BSI 01-2000 National foreword This British Standard reproduces verbatim ISO/IEC10736:1995 and implements it as the UK national standard. This British Standard is published under the direction of the Informatio
6、n Systems Technology Assembly whose Technical Committee IST/6, Data communications, has the responsibility to: aid enquirers to understand the text; present to the responsible international committee any enquiries on interpretation, or proposals for change, and keep UK interests informed; monitor re
7、lated international and European developments and promulgate them in the UK. NOTEInternational and European Standards, as well as overseas standards, are available from Customer Services, BSI, 389 Chiswick High Road, LondonW44AL. A British Standard does not purport to include all the necessary provi
8、sions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, pagesi andii, theISO/IEC title p
9、age, pagesii toviii, pages1 to48 and aback cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside front cover.ISO/IEC10736:1995(E) ii BSI 01-2000 Contents Page Foreword vii Introduction 1 1 Scop
10、e 1 2 Normative references 2 2.1 Identical Recommendations|International Standards 2 2.2 Paired Recommendations|International Standards equivalent in technical content 2 2.3 Additional references 2 3 Definitions 3 3.1 Security reference model definitions 3 3.2 Additional definitions 3 4 Symbols and
11、abbreviations 4 5 Overview of the Protocol 5 5.1 Introduction 5 5.2 Security Associations and attributes 6 5.2.1 Security services for connection-oriented Transport protocol 9 5.2.2 Security Service for connectionless Transport protocol 9 5.3 Service assumed of the Network Layer 9 5.4 Security manag
12、ement requirements 9 5.5 Minimum algorithm characteristics 10 5.6 Security encapsulation function 10 5.6.1 Data encipherment function 10 5.6.2 Integrity function 10 5.6.3 Security label function 11 5.6.4 Security padding function 11 5.6.5 Peer Entity Authentication function 11 5.6.6 SA Function usin
13、g in band SA-P 11 6 Elements of procedure 11 6.1 Concatenation and separation 12 6.2 Confidentiality 12 6.2.1 Purpose 12 6.2.2 TPDUs and parameters used 12 6.2.3 Procedure 12 6.3 Integrity processing 13 6.3.1 Integrity Check Value (ICV) processing 13 6.3.1.1 Purpose 13 6.3.1.2 TPDUs and parameters u
14、sed 13 6.3.1.3 Procedure 13 6.3.2 Direction indicator processing 15 6.3.2.1 Purpose 15 6.3.2.2 TPDUs and parameters used 15 6.3.2.3 Procedure 15 6.3.3 Connection integrity sequence number processing 15 6.3.3.1 Unique sequence numbers 15 6.3.3.2 Purpose 16 6.3.3.3 Procedure 16 6.4 Peer address check
15、processing 16 6.4.1 Purpose 16 6.4.2 Procedure 16 6.5 Security labels for Security Associations 16ISO/IEC10736:1995(E) BSI 01-2000 iii Page 6.5.1 Purpose 16 6.5.2 TPDUs and parameters used 16 6.5.3 Procedure 17 6.6 Connection release 17 6.7 Key replacement 17 6.8 Unprotected TPDUs 17 6.9 Protocol id
16、entification 17 6.10 Security Association-Protocol 17 7 Use of elements of procedure 18 8 Structure and encoding of TPDUs 18 8.1 Structure of TPDU 18 8.2 Security encapsulation TPDU 19 8.2.1 Clear header 19 8.2.1.1 PDU clear header length 19 8.2.1.2 PDU type 19 8.2.1.3 SA-ID 19 8.2.2 Crypto sync 19
17、8.2.3 Protected contents 20 8.2.3.1 Structure of protected contents field 20 8.2.3.2 Content length 20 8.2.3.3 Flags 21 8.2.3.4 Label 21 8.2.3.5 Protected data 21 8.2.3.6 Integrity PAD 21 8.2.4 ICV 22 8.2.5 Encipherment PAD 22 8.3 Security Association PDU 22 8.3.1 LI 22 8.3.2 PDU Type 22 8.3.3 SA-ID
18、 22 8.3.4 SA-P Type 22 8.3.5 SA PDU Contents 22 9 Conformance 23 9.1 General 23 9.2 Common static conformance requirements 23 9.3 TLSP with ITU-T Rec. X.234|ISO8602 static conformance requirements 23 9.4 TLSP with ITU-T Rec. X.224|ISO/IEC8073 static conformance requirements 23 9.5 Common dynamic con
19、formance requirements 23 9.6 TLSP with ITU-T Rec. X.234|ISO8602 dynamic conformance requirements 23 9.7 TLSP with ITU-T Rec. X.224|ISO/IEC8073 dynamic conformance requirements 23 10 Protocol implementation conformance statement (PICS) 23 Annex A PICS proforma 24 A.1 Introduction 24 A.1.1 Background
20、24 A.1.2 Approach 24ISO/IEC10736:1995(E) iv BSI 01-2000 Page A.2 Implementation identification 24 A.3 General statement of conformance 25 A.4 Protocol implementation 25 A.5 Security services supported 25 A.6 Supported functions 27 A.7 Supported Protocol Data Units (PDUs) 29 A.7.1 Supported Transport
21、 PDUs (TPDUs) 29 A.7.2 Supported parameters of issued TPDUs 30 A.7.3 Supported parameters of received TPDUs 30 A.7.4 Allowed values of issued TPDU parameters 31 A.8 Service, function, and protocol relationships 31 A.8.1 Relationship between services and functions 31 A.8.2 Relationship between servic
22、es and protocol 32 A.9 Supported algorithms 32 A.10 Error handling 33 A.10.1 Security errors 33 A.10.2 Protocol errors 33 A.11 Security Association 33 A.11.1 SA Generic Fields 33 A.11.2 Content Fields Specific to Key Exchange SA-P 35 Annex B Security Association Protocol Using Key Token Exchange and
23、 Digital Signatures 36 B.1 Overview 36 B.2 Key Token Exchange (KTE) 37 B.3 SA-Protocol Authentication 37 B.4 SA Attribute Negotiation 38 B.4.1 Service Negotiation 38 B.4.2 Label Set Negotiation 38 B.4.3 Key and ISN Selection 38 B.4.4 Miscellaneous SA Attribute Negotiation 38 B.4.5 Re-keying Overview
24、 39 B.4.6 SA Abort/Release Overview 39 B.5 Mapping of SA-Protocol Functions to Protocol Exchanges 39 B.5.1 KTE (First) Exchange 39 B.5.1.1 Request to Initiate the SA-Protocol 39 B.5.1.2 Receipt of the First Exchange PDU by Recipient 40 B.5.2 Authentication and Security Negotiation (Second) Exchange
25、40 B.5.2.1 Receipt of First Exchange PDU by Initiator 40 B.5.2.2 Receipt of the Second Exchange PDU by Recipient 41 B.5.3 Rekey Procedure 41 B.5.4 SA Release/Abort Exchange 42 B.5.4.1 Request to Initiate SA Release/Abort 42 B.5.4.2 Receipt of SA Abort/Release Requests 42 B.6 SA PDU SA Contents 42 B.
26、6.1 Exchange ID 43 B.6.2 Content Length 43 B.6.3 Content Fields 43 B.6.3.1 My SA-ID 44ISO/IEC10736:1995(E) BSI 01-2000 v Page B.6.3.2 Old Your SA-ID 44 B.6.3.3 Key Token 1, Key Token 2, Key Token 3, and Key Token 4 44 B.6.3.4 Authentication Digital Signature, Certificate 44 B.6.3.5 Service Selection
27、 44 B.6.3.6 SA Rejection Reason 44 B.6.3.7 SA Abort/Release Reason 45 B.6.3.8 Label 45 B.6.3.9 Key Selection 45 B.6.3.10 SA Flags 46 B.6.3.11 ASSR 46 Annex C An example of an agreed set of security rules (ASSR) 46 Annex D Overview of EKE Algorithm 47 Figure 1 TLSP with ITU-T Rec. X.234|ISO 8602 6 Fi
28、gure 2 TLSP with ITU-T Rec. X.224|ISO/IEC 8073 6 Figure 3 Illustration of exchanges to support peer entity authentication 11 Figure 4 TLSP Encapsulation Methods (TLSPs method for encapsulation and encipherment in support of Confidentiality as indicated in6.2) 13 Figure 5 TLSP Encapsulation Methods (
29、TLSPs method for encapsulation and ICV generation in support of integrity as indicated in6.3) 14 Figure 6 TLSP Encapsulation Method (TLSPs method for encapsulation and ICV generation in support of “Integrity and Confidentiality” as indicated in6.2 and6.3) 15 Figure 7 Structure of the TPDU 19 Figure
30、8 Format of the clear header 19 Figure 9 Protected contents 20 Figure 10 Flags field 21 Figure 11 Format of the label field 21 Figure 12 Format of the protected data field 21 Figure 13 SA PDU Structure 22 Figure B.2 SA Contents 43 Figure D.1 Illustration of On-Line Key Derivation and Digital Signatu
31、re using EKE 48 Table 1 TLSP elements of procedure 18 Table A.1 TLSP Implementation Identification 25 Table A.2 General Conformance Statement 25 Table A.3 CO and CL Transport Implemented 25 Table A.4 Service Element Proforma for CO 26 Table A.5 Service Element Proforma for C1, C2, C3 26 Table A.6 Se
32、rvice Element Proforma for C4 26 Table A.7 Service Element Proforma for C4L 27 Table A.8 Service Element Proforma for CLTP 27 Table A.9 Mandatory Functions for C0 27 Table A.10 Optional Functions for C0 27 Table A.11 Mandatory Functions for C1 28 Table A.12 Optional Functions for C1 28 Table A.13 Ma
33、ndatory Functions for C2, C3 28ISO/IEC10736:1995(E) vi BSI 01-2000 Page Table A.14 Optional Functions for C2, C3 28 Table A.15 Mandatory Functions for C4, C4L 29 Table A.16 Optional Functions for C4, C4L 29 Table A.17 Mandatory Functions for CLTP 29 Table A.18 Optional Functions for CLTP 29 Table A.
34、19 TPDUs Supported 30 Table A.20 Mandatory Parameters for COTP, CLTP 30 Table A.21 Optional Parameters for COTP, CLTP 30 Table A.22 Mandatory parameters for COTP, CLTP 30 Table A.23 Values for Parameters of issued TPDUs for COTP, CLTP 31 Table A.24 Values for parameters of received TPDUs for COTP, C
35、LTP 31 Table A.25 Mapping of security services to supported functions 32 Table A.26 Mapping of security services to SE TPDU parameters 32 Table A.27 Supported algorithms 33 Table A.28 Mandatory security error actions for COTP, CLTP 33 Table A.29 Protocol error actions for COTP, CLTP 33 Table A.30 34
36、 Table A.31 35ISO/IEC10736:1995(E) BSI 01-2000 vii Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the de
37、velopment of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-govern
38、mental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IECJTC1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publica
39、tion as an International Standard requires approval by at least75% of the national bodies casting a vote. International Standard ISO/IEC10736 was prepared by Joint Technical Committee ISO/IECJTC1, Information technology, Subcommittee SC6, Telecommunications and information exchange between systems,
40、in collaboration with ITU-T. The identical text is published as ITU-T RecommendationX.274. Annex A andAnnex B form an integral part of this International Standard. Annex C andAnnex D are for information only.viii blankISO/IEC10736:1995(E) BSI 01-2000 1 Introduction The transport protocol specified i
41、n ITU-T Rec.X.224|ISO/IEC8073 provides the connection oriented transport service described in ITU-T Rec.234|ISO/IEC8072. The transport protocol specified in ITU-T Rec.234|ISO/IEC8602 provides the connectionless-mode transport service described in ISO/IEC8072. This Recommendation|International Standa
42、rd specifies optional additional functions to ITU-TRec.X.224|ISO/IEC8073 and ITU-TRec.X.234|ISO/IEC8602 permitting the use of cryptographic techniques to provide data protection for transport connections or for connectionless-mode TPDU transmission. 1 Scope The procedures specified in this Recommend
43、ation|International Standard operate as extensions to those defined in ITU-T Rec.X.224|ISO/IEC8073 and ITU-TRec.X.234|ISO/IEC8602 and do not preclude unprotected communication between transport entities implementing ITU-TRec.X.224|ISO/IEC8073 or ITU-T Rec.X.234|ISO8602. The protection achieved by th
44、e security protocol defined in this Recommendation|International Standard depends on the proper operation of security management including key management. However, this Recommendation|International Standard does not specify the management functions and protocols needed to support this security proto
45、col. This protocol can support all the integrity, confidentiality, authentication and access control services identified in CCITT Rec.X.800|ISO7498-2 as relevant to the transport layer. The protocol supports these services through use of cryptographic mechanisms, security labelling and attributes, s
46、uch as keys and authenticated identities, pre-established by security management or established through the use of the Security Association Protocol (SA-P). Protection can be provided only within the context of a security policy. This protocol supports peer-entity authentication at the time of conne
47、ction establishment. In addition, rekeying is supported within the protocol through the use of SA-P or through means outside the protocol. Security associations can only be established within the context of a security policy. It is a matter for the users to establish their own security policy, which
48、 may be constrained by the procedures specified in this Recommendation|International Standard. The following items could be included in a Security Policy: a) the method of SA establishment/release, the lifetime of SA; b) Authentication/Access Control mechanisms; c) Label mechanism; d) the procedure
49、of the receiving an invalid TPDU during SA establishment procedure or transmission of protected PDU; e) the lifetime of Key; f) the interval of the rekey procedure in order to update key and security control information (SCI) exchange procedure; g) the time out of SCI exchange and rekey procedure; h) the number of retries of sci exchange and rekey procedure. This Recommendation|International Standard defines a protocol which may be used for Security Association establis
