1、 STD-ITU-T RECMN T.3b-ENGL 1777 I 48b2591 Ob3b947 7b4 INTERNATIONAL TELECOMM UN KATION UNION ITU=T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU T.36 (07197) SERIES T: TERMINALS FOR TELEMATIC SERVICES Security capabilities for use with Group 3 facsimile terminals ITU-T Recommendation T.36 (Previou
2、sly CCITT Recommendation) STD-ITU-T RECMN T.3b-ENGL 1997 m 48b2591 Ob3b948 bTO ITU-T T-SERIES RECOMMENDATIONS TERMINALS FOR TELEMATIC SERVICES For further details, please refer to ITU-T List of Recommendations. ITU-T RECOMMENDATION T.36 SECURITY CAPABILITIES FOR USE WITH GROUP 3 FACSIMILE TERMINALS
3、Summary This Recommendation defines the two independent technical solutions which may be used in the context of secure facsimile transmission. The two technical solutions are based upon the HKM/HFX40 algorithms and the RSA algorithm. Annex A contains information regarding the HKWHFX4O algorithms. An
4、nex B contains information regarding the RSA algorithm. Annex C describes the use of the HKM system to provide secure key management capabilities for facsimile terminals. The provision of the capabilities is described in terms of two main procedures: - the procedure for one way registration between
5、entities X and Y (procREGxy); and - the procedure for the secure transmission of a secret key between entities X and Y (procSTKxy). Annex D covers the procedures for the use of the HFX4O carrier cipher system to provide message confidentiality for facsimile terminals. Annex E describes the HFX40-I h
6、ashing algorithm, in terms of its use, the necessary calculations and the information to be exchanged between the facsimile terminais to provide integrity for a transmitted facsimile message as either a selected or pre-programmed alternative to the encryption of the message. Source ITU-T Recommendat
7、ion T.36 was prepared by ITU-T Study Group 8 (1997-2000) and was approved under the WTSC Resolution No. 1 procedure on the 2nd of July 1997. Recommendation T.36 (07/97) i FOREWORD ITU (International Telecommunication Union) is the United Nations Specialized Agency in the field of telecommuni- cation
8、s. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of the ITU. The ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommuni
9、cation Standardization Conference (WTSC), which meets every four years, establishes the topics for study by the ITU-T Study Groups which, in their turn, produce Recommendations on these topics. The approval of Recommendations by the Members of the ITU-T is covered by the procedure laid down in WTSC
10、Resolution No. 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication admini
11、stration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS The ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. The ITU takes no position concerning the evidence, validity or
12、applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, the ITU hadhad not received notice of intellectual property, protected by patents, which may be requi
13、red to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. O ITU 1997 All rights reserved. No part of this publication may be reproduced or utilized in any form or b
14、y any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the ITU. 11 Recommendation T.36 (07/97) CONTENTS i Scope 2 References 3 Abbreviations . Annex A - Procedures for secure Group 3 document facsimile transmission using the HKM and HFX system
15、 A.l Introduction . A.2 Outline of the secure facsimile document procedure Annex B - Security in facsimile G3 based on the RSA algorithm B.l Preamble . B.2 Introduction . B.3 References . B.4 Technical description AnnexC-Procedures for the use of the HKM key management system for secure document fac
16、simile transmission c . 1 c.2 c.3 c.4 c.5 C.6 Scope . Conventions C.2.1 General Description of the HKM algorithm for use with facsimile terminals Registration mode . (2.4.1 Procedure for the registration between entities X and Y (procREGxy) C.4.2 Procedure for the registration between entities Y and
17、 X (procREGyx) C.4.3 Procedure for registration in a single call C.4.4 Authentication of registration Secure mode C.5. I Procedure for the secure transmission of SK from X to Y (procSTKxy) C.5.2 Use ofprocSTKxy and procSTKyx in secure mode . C.5.3 Mutual authentication of X and Y . C.5.4 Secre sessi
18、on key establishment between X and Y . C.5.5 Confirmation of receipt . C.5.6 Confirmation or denial of integrity . The HKM algorithm C.2.2 Symbols . C.6.1 C.6.2 C.6.3 C.6.4 C.6.5 (2.6.6 Introduction . Stored information Securely stored information Registration mode . C.6.4.1 procREGxy using algebrai
19、c notation C.6.4.2 Calculations at X to derive MPx . C.6.4.3 Calculations at X to derive TKx (2.6.4.4 C.6.4.5 Calculations at Y to derive RCNy . Secure mode C.6.5.1 procSTKxy using algebraic notation . C.6.5.2 Calculations at X to re-create MPx . C.6.5.3 Calculations at X to form ESSKx using HKMD+l
20、. C.6.5.4 Calculations at Y to recover SKx Calculations at Y to recover MPx by decrypting TKx The use of the HKM algorithm in secure mode Recommendation T.36 (07/97) Page 1 1 1 3 3 3 4 4 4 4 4 4 4 5 5 5 5 6 6 6 6 7 8 8 8 8 9 10 10 11 11 11 II 12 12 12 13 14 15 16 16 16 17 18 21 . III Page Annex D .
21、Procedures for the use of the HFX40 carrier cipher to provide message confidentiality for secure document facsimile transmission D.l Scope . D.2 Description of the HFX4O algorithm for use with facsimile terminals in secure mode D.3 D.3.1 Introduction . D.3.2 Stored information D.3.3 Selection of the
22、 primes D.3.4 D.3.5 Use of the tables to encrypt the message and of the multiplexer to modify the tables Annex E - Procedures for the use of the HFX40-I hashing system to provide message integrity for secure document facsimile transmission E.l Scope . E.2 Use ofthe HFX40-I hashing system . E.3 The H
23、FX40-I hashing system for use with facsimile terminals Re-ordering of the system modulating prime numbers . Calculation of the primitives to be used with HFX4O-I First encryption (scrambling) of PH to form SH . Encryption of SH to form ESH . Use of the HKM Algorithm to produce a PseudoRandom Sequenc
24、e . Calculations using HKM to generate a PRS Example calculations for the HFX40 algorithm . Calculations using HFX40 to generate 3 PRSs . E.3.1 Introduction . E.3.2 Stored information E.3.3 E.3.4 E.3.5 Calculation of PH E.3.6 E.3.7 E.4.1 Introduction . E.4 E.4.1.1 21 21 22 22 22 23 23 23 24 27 27 27
25、 28 28 28 28 29 30 30 32 32 32 34 iv Recommendation T.36 (07197) STD-ITU-T RECMN T-3b-ENGL 1997 m LibZ591 Ob3b55 830 Recommendation T.36 SECURITY CAPABILITIES FOR USE WITH GROUP 3 FACSIMILE TERMINALS (Geneva, 1997) 1 Scope This Recommendation defines the two independent technical solutions which may
26、 be used in the context of secure facsimile transmission: a solution based on the HKWHFX40 algorithms as described in Annex A and in Annex GT.30; a solution based on the RSA algorithm as described in Annex B and in Annex WT.30. 2 References The following ITU-T Recommendations and other references co
27、ntain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; all users of this Recommendation are therefore encouraged to investig
28、ate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. - ITU-T Recommendation T.30 (1 996), Procedures for document facsimile transmission in the general switched te
29、lephone network. 3 Abbreviations This Recommendation uses the following abbreviations. ASCII B(n) ESH ESIM ESSK HKM HKMD+I I Dx IDY IM IMY ITU-T mod n American Standard Code for Information Interchange Base value (n) Encrypted and Scrambled plain Hash (24 decimal digits) Encrypted Scrambled Integrit
30、y Message. A 12-decimal digit number Encrypted Scrambled Secret Key. A 12-decimal digit number the HKM encryption algorithm double encryption using the HKM algorithm Last six digits of the facsimile identification (facsimile telephone number) of X Last six digits of the facsimile identification (fac
31、simile telephone number) of Y Integrity Message used to confirm or deny integrity of the received message (12 decimal digits) Integrity Message generated by Y to confirm or deny integrity of the received message. A 12-digit decimal number International Telecommunication Union - Telecommunication Sta
32、ndardization Sector modulo arithmetic using base n Recommendation T.36 (07/97) 1 Previous page is blank M Px MPY OT OTx OTY PH P(n) Primitive procREGxy procSTKxy PRS RCN RNCn RN IM RNK RNSRn RNSSn SCn SH SK SRn ss SSK SSn ssx TKx UCN Mutual Primitive of X. A l6-decimal digit number, only generatable
33、 by X. MPx is produced by X using the HKM algorithm with primitives formed from UINx, UCNx, IDx and IDy Mutual Primitive of Y One-Time key. A 6- to 64-decimal digit number agreed by both users One-Time key as first used by X in Xs registration with Y One-Time key as first used by Y, when Y initiates
34、 Ys registration with X to complete the mutual registration, whether it is different or identical to OTx Plain Hash of the message (24 decimal digits) Phase value (n) A 64-digit composite number formed from UIN and UCN Procedure for registration between X and Y Procedure for the secure transmission
35、of a secret key from X to Y PseudoRandom Sequence Registered Crypt Number. A 16-decimal digit number Non-secret random number associated with an SCn. A 4-decimal digit number Non-secret random number associated with an IM. A 4-decimal digit number Non-secret random number used to provide variation o
36、f the primitives generated from MPx when encrypting an SK. A 4-decimal digit number Non-secret random number associated with an SRn. A 4-decimal digit number Non-secret random number associated with an SSn. A 4-decimal digit number Secret Challenge key, number n. A 12-decimal digit number Scrambled
37、plain Hash (24 decimal digits) A Secret Key which may be an SCn, SRn, SSn, etc. A 12-decimal digit number Secret Response key, number n. A 12-decimal digit number Secret Session key used with the HFX4O-I integrity algorithm (12 decimal digits) Scrambled Secret Key. A 12-decimal digit number Secret S
38、ession key, number n, to be used with the carrier cipher and/or hash. A 12-decimal digit number Secret Session key generated by X to be used with the HFX40 cipher algorithm (12 decimal digits) Transfer Key, an encryption of MPx generated by X. A 16-decimal digit number Unique Crypt Number, e.g. UCNx
39、, UCNy. A 16-decimal digit number known only to the system 2 Recommendation T.36 (07/97) STD-ITU-T RECMN T-3b-ENGL 1997 4Bb2591 Ob3b757 b3 UIN X Name of one entity X XORd Exclusively ORd Y Y Unique Identity Number, eng. UINx, UINy. A 48-decimal digit number known only to the system Suffix identiQing
40、 ownership or generation by X Name of a second entity Suffix identifying ownership or generation by Y Annex A Procedures for secure Group 3 document facsimile transmission using the HKM and HFX system A. 1 In trod uction A.l.l communications using the HKM and HFX systems. A.1.2 A.1.3 This Annex desc
41、ribes the procedures used by Group 3 document facsimile terminals to provide secure Use of this Annex is optional. The error correction defined in Annex AT.30 or Annex Cm.30 (as appropriate) is mandatory. A.2 Outline of the secure facsimile document procedure A.2.1 entities (terminals or terminal op
42、erators): - mutual entity authentication; - secret session key establishment; - document confidentiality; - confirmation of receipt; - The HKM and HFX systems provide the following capabilities for secure document communications between confirmation or denial of document integrity. A.2.2 Functions K
43、ey management is provided using the HKM system defined in Annex C. Two procedures are defined: the first being registration and the second being the secure transmission of a secret key. Registration establishes mutual secrets and enables all subsequent transmissions to be provided securely. In subse
44、quent transmissions, the HKM system provides mutual authentication, a secret session key for document confidentiality and integrity, confirmation of receipt and a confirmation or denial of document integrity. Document confidentiality is provided using the carrier cipher defined in Annex D. The carri
45、er cipher uses a 12-decimal digit key which is approximately equivalent to 40 bits. Document integrity is provided using the system defined in Annex E. Annex E defines the hashing algorithm including the associated calculations and information exchange. Recommendation T.36 (07/97) 3 Annex B Security
46、 in facsimile G3 based on the RSA algorithm B.l Preamble (The preamble is left blank on purpose.) B.2 Introduction This Annex specifies the mechanisms to offer security features based on the RSA cryptographic mechanism. B.3 References - ISO/IEC 9796: 1991, Information technology - Securiy techniques
47、 - Digital signature scheme giving message recovery. RIVEST (R.L.), SHAMIR (A.), ADLEMAN (L.): A method for obtaining digital signatures and public-key cryptosysterns, Annex A: RSA, CACM (Communications of the ACM), Vol. 2 1, No. 2, pp. 120- 126, 1978. 2nd lSO/IEC CD 101 18-3:1995, Information techn
48、ology - Securist techniques - Hash functions - Part 3: Dedicated hash-functions. - - - ISO/IEC JTC l/SC 27 N1108: 0 SHA- 1 (Secure Hash Algorithm), described in Secure Hash Standard, FIPS (Federal Information Processing Standard) PUB 180-1, April 1995, an algorithm which comes from the NIST (Nationa
49、l Institute of Standardization) in USA. MD-5 (RFC 1321). - ISO/IEC 9979: 1991, Information technology - Securiy techniques - Procedures for the Registration of cryptographic algorithms. B.4 Technical description A full description of this solution is given in Annex WT.30. Annex C Procedures for the use of the HKM key management system for secure document facsimile transmission C.l Scope The purpose of this Annex is to define the HKM key management system to be used with facsimile terminals to enable the secure exchange of keys. The HKM key management system is intended to be applic
