1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 9798-1:2010 Information technology Security techniques Entity authentication Part 1: GeneralBS ISO/IEC 9798-1:2010 BRITISH STANDARD National foreword This British S
2、tandard is the UK implementation of ISO/IEC 9798-1:2010. It supersedes BS ISO/IEC 9798-1:1997 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on re
3、quest to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2010 ISBN 978 0 580 68064 9 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This Britis
4、h Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2010. Amendments issued since publication Date Text affectedBS ISO/IEC 9798-1:2010Reference number ISO/IEC 9798-1:2010(E) ISO/IEC 2010INTERNATIONAL STANDARD ISO/IEC 9798-1 Third edition 2010-07-01
5、Information technology Security techniques Entity authentication Part 1: General Technologies de linformation Techniques de scurit Authentification dentit Partie 1: Gnralits BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with
6、Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing pol
7、icy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every
8、care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2010 All rights reserved. Unless otherwise specif
9、ied, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Cas
10、e postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2010 All rights reservedBS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) ISO/IEC 2010 All rights reserved iiiContents Page Foreword iv Introduction.v 1
11、 Scope1 2 Normative references1 3 Terms and definitions .1 4 Symbols and abbreviated terms 5 5 Authentication model6 6 General requirements and constraints .6 Annex A (informative) Use of text field .7 Annex B (informative) Time variant parameters 8 Annex C (informative) Certificates 10 Bibliography
12、11 BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) iv ISO/IEC 2010 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of
13、 ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizat
14、ions, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Dir
15、ectives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of t
16、he national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 9798-1 was prepared by Joint Technical Committee I
17、SO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This third edition cancels and replaces the second edition (ISO/IEC 9798-1:1997), which has been technically revised. ISO/IEC 9798 consists of the following parts, under the general title Information technology Securit
18、y techniques Entity authentication: Part 1: General Part 2: Mechanisms using symmetric encipherment algorithms Part 3: Mechanisms using digital signature techniques Part 4: Mechanisms using a cryptographic check function Part 5: Mechanisms using zero-knowledge techniques Part 6: Mechanisms using man
19、ual data transfer BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) ISO/IEC 2010 All rights reserved vIntroduction In systems involving real-time communication, entity authentication is a fundamentally important security service. Depending on the specific application and security goals, entity authentic
20、ation can involve the use of a simple one-pass protocol providing unilateral authentication, or a multi-pass protocol providing unilateral or mutual authentication between the communicating parties. The goal of entity authentication is to establish whether the claimant of a certain identity is in fa
21、ct who it claims to be. In order to achieve this goal, there should be a pre-existing infrastructure which links the entity to a cryptographic secret (for instance a Public Key Infrastructure). The establishment of such an infrastructure is beyond the scope of ISO/IEC 9798. A variety of entity authe
22、ntication protocols are specified in ISO/IEC 9798 in order to cater for different security systems and security goals. For instance, when replay attacks are not practical or not an issue for a specific system, simple protocols with fewer passes between claimant and verifier may suffice. However, in
23、more complex communication systems, man-in-the-middle attacks and replay attacks are a real threat. In such cases one of the more involved protocols of ISO/IEC 9798 will be necessary to achieve the security goals of the system. There are two main models for authentication protocols. In one model, th
24、e claimant and verifier communicate directly in order to establish the authenticity of the claimant identity. In the other model, entities establish authenticity of identities using a common trusted third party. The security properties of a scheme that must be considered before choosing an authentic
25、ation protocol include the following: replay attack prevention; reflection attack prevention; forced delay prevention; mutual/unilateral authentication; whether a pre-established secret can be used, or a trusted third party needs to be involved to help establish such a shared secret. BS ISO/IEC 9798
26、-1:2010BS ISO/IEC 9798-1:2010 INTERNATIONAL STANDARD ISO/IEC 9798-1:2010(E) ISO/IEC 2010 All rights reserved 1Information technology Security techniques Entity authentication Part 1: General 1 Scope This part of ISO/IEC 9798 specifies an authentication model and general requirements and constraints
27、for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information betwe
28、en entities and, where required, exchanges with a trusted third party. The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798. 2 Normative references There are no normative references for this part of ISO/IEC 9798. 3 Terms and def
29、initions For the purposes of this document, the following terms and definitions apply. 3.1 asymmetric cryptographic technique cryptographic technique that uses two related transformations: a public transformation (defined by the public key) and a private transformation (defined by the private key) N
30、OTE The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. 3.2 asymmetric encryption system system based on asymmetric cryptographic techniques whose public operation is used for encryption and whose pri
31、vate operation is used for decryption 3.3 asymmetric key pair pair of related keys where the private key defines the private transformation and the public key defines the public transformation 3.4 asymmetric signature system system based on asymmetric cryptographic techniques whose private transform
32、ation is used for signing and whose public transformation is used for verification BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) 2 ISO/IEC 2010 All rights reserved3.5 challenge data item chosen at random and sent by the verifier to the claimant, which is used by the claimant, in conjunction with sec
33、ret information held by the claimant, to generate a response which is sent to the verifier 3.6 claimant entity which is or represents a principal for the purposes of authentication NOTE A claimant includes the functions and the private data necessary for engaging in authentication exchanges on behal
34、f of a principal. 3.7 ciphertext data which has been transformed to hide its information content 3.8 cryptographic check function cryptographic transformation which takes as input a secret key and an arbitrary string, and which gives a cryptographic check value as output NOTE The computation of a co
35、rrect check value without knowledge of the secret key shall be infeasible. 3.9 cryptographic check value information which is derived by performing a cryptographic transformation on the data unit 3.10 decryption reversal of a corresponding encryption 3.11 digital signature (signature) data appended
36、to, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient 3.12 distinguishing identifier information which unambiguously distinguishes an entity in the context
37、 of an authentication exchange 3.13 encryption reversible operation by a cryptographic algorithm converting data into ciphertext so as to hide the information content of the data 3.14 entity authentication corroboration that an entity is the one claimed 3.15 interleaving attack masquerade which invo
38、lves use of information derived from one or more ongoing or previous authentication exchanges 3.16 key sequence of symbols that controls the operation of a cryptographic transformation NOTE Examples are encryption, decryption, cryptographic check function computation, signature generation, or signat
39、ure verification. BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) ISO/IEC 2010 All rights reserved 33.17 masquerade pretence by an entity to be a different entity 3.18 mutual authentication entity authentication which provides both entities with assurance of each others identity 3.19 plaintext unencip
40、hered information 3.20 principal entity whose identity can be authenticated 3.21 private decryption key private key which defines the private decryption transformation 3.22 private key key of an entitys asymmetric key pair that is kept secret and which should only be used by that entity 3.23 private
41、 signature key private key which defines the private signature transformation NOTE This is sometimes referred to as a secret signature key. 3.24 public encryption key public key which defines the public encryption transformation 3.25 public key key of an entitys asymmetric key pair which can be made
42、 public 3.26 public key certificate (certificate) public key information of an entity signed by the certification authority and thereby rendered unforgeable NOTE See also Annex C. 3.27 public key information information specific to a single entity and which contains at least the entitys distinguishi
43、ng identifier and a public key for this entity NOTE Other information regarding the certification authority, the entity, and the public key may be included in the public key certificate, such as the validity period of the public key, the validity period of the associated private key, or the identifi
44、er of the involved algorithms (see also Annex C). 3.28 public verification key public key which defines the public verification transformation 3.29 random number time variant parameter whose value is unpredictable (see also Annex B) BS ISO/IEC 9798-1:2010 ISO/IEC 9798-1:2010(E) 4 ISO/IEC 2010 All ri
45、ghts reserved3.30 reflection attack masquerade which involves sending a previously transmitted message back to its originator 3.31 replay attack masquerade which involves use of previously transmitted messages 3.32 sequence number time variant parameter whose value is taken from a specified sequence
46、 which is non-repeating within a certain time period NOTE See also Annex B. 3.33 symmetric cryptographic technique cryptographic technique that uses the same secret key for both the originators and the recipients transformation NOTE Without knowledge of the secret key, it is computationally infeasib
47、le to compute either the originators or the recipients transformation. 3.34 symmetric encryption algorithm encryption algorithm that uses the same secret key for both the originators and the recipients transformation 3.35 time stamp time variant parameter which denotes a point in time with respect t
48、o a common reference NOTE See also Annex B. 3.36 time variant parameter data item used to verify that a message is not a replay, such as a random number, a time stamp or a sequence number NOTE See also Annex B. 3.37 token message consisting of data fields relevant to a particular communication and w
49、hich contains information that has been transformed using a cryptographic technique 3.38 trusted third party security authority or its agent, trusted by other entities with respect to security related activities NOTE In the context of ISO/IEC 9798, a trusted third party is trusted by a claimant and/or a verifier for the purposes of authentication. 3.39 unilateral authentication entity authentication which provides one entity with assurance of the others identity but not vice versa 3.
