1、- -6b-97- FED-STD-LO27 TE m 7777777 00025Li3 7 m I FED-STD-I 027 April 14, 1982 FEDERAL STANDARD TELECOMMUNICATIONS: GENERAL SECURITY REQUIREMENTS FOR EQUIPMENT USING THE DATA ENCRYPTION STANDARD This standard is issued by the General Services Administration pursuant to the Federal Property and Admi
2、nistrative Services Act of 1949, as amended. 1. Scope 1.1 This standard specifies the minimum general security requirements that are to be satisfied in implementingPthe Data Encryption Standard (DES) algorithm in a telecommunications environment. The DES itself specifies an algorithm used for crypto
3、graphically protecting certain U.S. Government information. (This algorithm is described in Federal Information Processing Standards Publication 46). The requirements defined in this standard affect the security of equipment implementing the DES algorithm. Other security requirements, which relate t
4、o the interface and interoperability of DES cryptographic equipment with associated terminal equipment (e.g., narrative text, automatic data processing, digital facsimile, digital voice, etc.), will be addressed in other Federal telecommunication standards. 1.2 Security Objectives. This standard add
5、resses the following security objectives: Descri tion. a. b. installed. c. d. use of standardized keying material for U.S. Government applications of the DES algorithm. e. upon detection of a critical cryptographic failure. Purpose. This standard prescribes security requirements for implementation o
6、f the DES in telecommunication To prevent inadvertent transmission of plain text. To prevent theft, unauthorized use, or unauthorized modification of PES cryptographic equipment while To prevent unauthorized disclosure or modification of key variables while in DES cryptographic equipment. To provide
7、 interoperability between key variable loaders and DES cryptographic equipment, and facilitate the To prevent data encryption when a critical cryptographic failure condition exists, and to generate an alarm 1.3 equipment and systems used by the departments and agencies of the U.S. Government. 1.4 A
8、lication. This standard applies to all DES cryptographic components, equipment, systems, and services procurehg lease) by U.S. Government departments and agencies for the encryption of digital information in the telecommunications environment. This includes stand-alone DES Cryptographic equipment as
9、 well as any Data Terminal Equipment and Data Circuit-terminating Equipment utilizing the DES algorithm for digital encryption. When DES cryptographic equipment is integrated into Data Terminal Equipment (DTE) or Data Circuit-terminating Equipment (DCE), this standard applies to those portions of th
10、e DTE or DCE design which implement the security requirements of this Standard. The same degree of protection is required whether DES cryptographic equipment is in stand-alone units or is physically embedded in associated equipment. Guidance to facilitate the application of this standard, with respe
11、ct to degradation of its security by improper implementation or use, will be provided for in a revision to Federal Property Management Regulation 41, Code of Federal Regulations 101-35.3. 1.5 are available fiom the preparing activity. 1.6 Verifying Conformance. Procedures for verifying that DES cryp
12、tographic equipment conform with this standard Definitions and Conventions. The following definitions, conventions, and terminology apply in this standard. a. b. DES: The Data Encryption Standard algorithm specified in Federal Information Processing Standards Publication 46. c. DES Cryptographic Equ
13、ipment: Equipment embodying one or more DES devices and associated controls, interfaces, power supplies, alarms, and the related hardware, software, and firmware used to encrypt, decrypt, authenticate, and perform similar operations on information. Bypass: A condition which allows plain text to pass
14、 through equipment unaltered, with or without some delav. THIS DOCUMENT CONTAINS /a PAGES. Licensed by Information Handling ServicesProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-FED-STD-LO27 TE 7777777 00025LIq 7 FEDSTD-I 027 d. DES Device: The ele
15、ctronic hardware part or subassembly which implements just the DES algorithm specified in Federal Information Processing Standards Publication .46, and which is validated by the National ureau of Standards. e. Initializing Vector (IV): A vector used in defining the starting point of an encryption pr
16、ocess within a DES device. f. Key Generator: A DES device plus those additional cryptographic functions required to implement: (I) a particular mode of encryption; (2) combining of plain text or cipher text with DES device output; (3) the initializing vector; and (4) associated alarms and self-testi
17、ng. g. Key Variable: A 64-bit input to DES cryptographic equipment, with 8 bits used for parity checking and 56 bits used in the DES device for encryption or decryption. Unless otherwise stated, reference to a DES key variable means a key variable in its unencrypted form. h. key variable and transfe
18、rring that key variable, upon request, into DES cryptographic equipment. i. Message: A generic term used to describe, in the broadest sense, information to be transferred which is represented by a digital sequence. This sequence should be numbered 1,2,. . .,N, where Irepresents the information unit
19、transmitted first. j. Physical Key: A device used to operate a mechanical lock. k. Pseudorandom Binary Process: A deterministic technique for producing a sequence of binary digits which satisfy the statistical properties of a random bit stream. 1. S-Box: A nonlinear function which substitutes four o
20、utput bits for six input bits within a DES device to make the DES algorithm a nonlinear process (see Federal Information Processing Standards Publication 46). m. Zeroization: A method of erasing an electronically stored DES key variable by removing electrical power from the electronic storage, by ov
21、erwriting that storage with an all ONES or ZEROS pattern, or by otherwise irrevocably altering the contents of the DES key variable storage. Key Variable Loader: An electronic, self-contained unit which is capable of storing at least one 64-bit nES 2. Referenced Documents a. Federal Information Proc
22、essing Standards Publication 46: DATA ENCRYPTION STANDARD. January, 1977. (Copies of this standard are available from the National Technical Information Service, U.S. Department of Commerce, 5285 Port Royal Road, Springfield, VA 22161.) b. Federal Information Processing Standards Publication 81: DES
23、 MODES OF OPERATION. December, 1980. (Copies of this standard are available from the National Technical Information Service, U.S. Department of Commerce, 5285 Port Royal Road, Springfield, VA 22161.) c. Federal Standard 1031: TELECOMMUNICATIONS: GENERAL PURFOSE 37-POSITION AND 9-POSITION (Copies of
24、this standard are available from GSA, Specifications and Consumer Information Distribution Branch (WFSIS), Bldg. 197 (Washington Navy Yard), Washington, OC 20407). d. Military Standard 461R: ELECTROMAGNETIC EMISSION AND SUSCEPTIRILITY REQUIREMENTS FOR THE CONTROL OF ELECTROMAGNETIC INTERFEREN CE. (C
25、opies of this standard are available from the Naval Publications and Forms Center, 5801 Tabor Avenue, Philadelphia, PA 19120.) e. Military Standard 462: MEASUREMENT OF ELECTROMAGNETIC INTERFERENCE CHARACTERISTICS. (Copies of this standard are available from the Naval Publications and Forms Center, 5
26、801 Tabor Avenue, Philadelphia, PA 19120.) f. National Bureau of Standards Special Publication 500-20: VALIDATING THE CORRECTNESS OF HARDWARE IMPLEMENTATIONS OF THE NBS DATA ENCRYPTION STANDARD. September, 1980. (Copies of this publication are available as SN 003-003-01861-9 from the Superintendent
27、of Documents, U.S. Government Printing Office, Washington, D.C. 20402) g. National Bureau of Standards Special Publication 500-61: MAINTENANCE TESTING FOR THE DATA ENCRY PTION STANDARD. August, 1980. (Copies of this publication are available as SN 003-003-02225-0 from the Superintendent of Documents
28、, U.S. Government Printing Office, Washington, D.C. 20402.) h. Proposed Federal Standard 1026: TELECOMMUNICATIONS: INTEROPERABILITY AND SECURITY REQUIREMENTPFOR USE OF THE BATA ENCRYPTION STANDtRD IN THE PHYSICRL ANI) nATA LINK LAYERS OF DATA COMMUNICATIONS; dated.June 1, 1981. , INTERFACE BETWEEN D
29、ATA TERMINAL EOUIPMENT AND DATA CRCUIT-TERMINATING EOUIPMENT. . . * 2 I. . - .I . .+ . -i Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-3. Requirements FED-STD-IO27 3.1 Ph sical Security. DES cryptographic equipment shall be designed to restrict ph
30、ysical access to internally stored DES key :ariables and to deter theft, unauthorized use, or unauthorized modification of the equipment when installed. The level of physical security provided shall be such that unauthorized attempts at access or use will either be unsuccessful or will have a high p
31、robability of being detected during penetration or subsequent to penetration, The installation design must minimize the possibility of penetration which cannot be visually detected. 3.1.1 Locks. At least one lock shall be used to limit access to the key variable entry controls. When the Cipher Block
32、 Ch-g mode is used and the Initializing Vector (IV) is externally entered into DES cryptographic equipment, access to the associated controls shall be limited by the same lock which protects the key variable entry controls. In addition, certain other controls shall be operated by means of a physical
33、 key-operated selection switch or shall be accessible only upon opening or removing a locked cover (see sectlon 3.7). The physical key used to operate or access these controls shall be different from the physical key used to limit access to the key variable entry controls. Note that the two locks pr
34、eviously described may be used in conjunction with each other (“two person control“) when protection against the possibility of unauthorized use is considered necessary. All locks shall be of. the pick-resistant variety (MEDECO or equivalent). 3.1.2 Mountin A means shall be provided to protect again
35、st theft and substitution of DES cryptographic equipment when instdih or without a key variable present). A solution such as a mounting mechanism accessible only from the interior of the locked equipment shall be used to deter removal of the equipment by any means other than determined force. 3.1.3
36、Standby Periods. DES cryptographic equipment shall be designed so that operating personnel can conveniently make it -bmle retaining the key variable) during periods when the equipment is in standby, and not in operation. This shall be implemented in such a manner as to prevent unauthorized use, for
37、example, by reapplication of power. Once placed in standby, equipment shall not be capable of being restored to operation without the operation of at least one lock. 3.1.4 Equipment Enclosure. DES cryptographic equipment enclosures shall be designed such that a physical lock must be operated in orde
38、r to disassemble the equipment to an extent that would permit undetectable access to internal circuitry. Also, all holes placed in the outside surface of the equipment during manufacture shall be located such that undetectable access to key variable storage and processing circuitry, as well as undet
39、ectable disassembly of the equipment, are not possible using these holes. 3.2 Key Variables. The security provided by DES cryptographic equipment is dependent upon the DES key variable. The same DES key variable must be inserted into equipment in a link or network to make a grouping of equipment cry
40、ptographically unique and compatible. A DES key variable consists of 64 bits (KI through K64), 56 bits of which are randomly or pseudorandomly derived and 8 bits of which are odd parity check bits. Each bit of odd parity is computed individually on its preceding seven-bit group of random or pseudora
41、ndom bits according to the convention shown in table 1. 3.2.1 Key Variable Entry. Two approved methods of entering unencrypted DES key variables into DES cryptographic equipment are described below. All DES cryptographic equipment shall utilize at least one of these two methods of key variable entry
42、. This is required to perform one or more of the following: (I) to enter DES key variables for normal encryption and decryption, (2) to provide the capability to enter a key variable to decrypt encrypted and electronically transmitted key variables, and (3) to facilitate maintenance. Ciphertext outp
43、ut shall be inhibited during transfer of key variables into DES devices. A means of permitting operating personnel to either conveniently correct errors made during manual key variable entry or to reenter the entire key variable shall be provided. When a DES key variable is assembled into a single 6
44、4-bit sequence, the bits shall be ordered in the following manner: KI,K2, . , ,K64. This numbering corresponds to the numbering of key variable bits defined in Federal Information Processing Standards Publication 46. 3.2.1.1 Method 1. DES cryptographic equipment may contain an integral capability to
45、 manually enter DES key variables from printed form. The printed DES key variables shall consist of a sequence of 16 symbols (VI,V2, . .,V16) entered starting with the left-most symbol (VI). Each printed symbol represents a four-bit binary word corresponding to four bits of the DES key variable, as
46、defined in table 2. Manual entry can be accomplished by any technique which provides relatively easy, reliable loading (e+, keyboard, rotary switches, thumbwheel switches, etc.). if a DES key variable is displayed electrically or mechanically, all visual residue of the DES key variable shall be remo
47、ved automatically after if is accepted as valid (see section 3.2.4). 3.2.1.2 Method 2. DES cryptographic equipment may accept key variables in electronic form from an externally connected key variable loader in accordance with the electrical and mechanical interface requirements of this standard. Wh
48、en the 64-bit DES key variable sequence is transferred serially, the order of transfer is as listed in section 3.2.1, with KI being the first bit transferred. After a DES key variable has been entered into a key variable loader and verified by the key variable loader (successful parity check), there
49、 shall be no visual or mechanical residue of the key variable available to a person having access to the key variable loader. The key variable loader shall have a zeroize capability controlled by operating personnel. 3 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PED-STD-I 027 3.2.1.2.1 Key Variable Transfer Operation. Electronic key variable transfer into DES cryptographic eauipment from a key variable loader is initiated by the DES cryptographic equipment under control
