1、 International Telecommunication Union ITU-T X.1197TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services IPTV security Guidelines on criteria for selecting cryptographic algorithms for IPTV service
2、and content protection Recommendation ITU-T X.1197 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X
3、.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Tel
4、ebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.11
5、80X.1199CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1
6、500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list
7、of ITU-T Recommendations. Rec. ITU-T X.1197 (04/2012) i Recommendation ITU-T X.1197 Guidelines on criteria for selecting cryptographic algorithms for IPTV service and content protection Summary Recommendation ITU-T X.1197 provides guidelines on the criteria for selecting cryptographic algorithms for
8、 IPTV service and content protection (SCP). It also provides a list of cryptographic algorithms to provide confidentiality, data origin authentication and integrity for IPTV SCP services. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1197 2012-04-13 17 Keywords Block cipher, crypto
9、graphic algorithm. ii Rec. ITU-T X.1197 (04/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a per
10、manent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establ
11、ishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary stan
12、dards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Rec
13、ommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents
14、 are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed
15、Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not r
16、eceived notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T
17、/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1197 (04/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Terms and definitions . 1 3.1 Terms defined elsewhere 1 3.2 Ter
18、ms defined in this Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview 3 6.1 General principles . 3 6.2 1997 OECD guidelines for cryptography policy b-OECD 3 6.3 EC Directives (directives of the European Parliament and of the Council) . 4 7 Requirements for cryptographic alg
19、orithms in IPTV . 4 7.1 General requirements for cryptographic algorithms in ITU-T X.1191 . 4 7.2 Specific requirements of cryptographic algorithms for IPTV SCP 5 8 Criteria for selecting cryptographic algorithms for IPTV SCP 5 8.1 Security . 5 8.2 Performance 5 8.3 Licensing issues 6 8.4 Maturity o
20、f cryptographic algorithms 6 8.5 Degree of endorsement . 6 8.6 Level of adoption of a cryptographic algorithm . 6 8.7 Number of cryptographic algorithms . 6 Appendix I Examples of possible cryptographic algorithms for the application of the criteria in clause 8 of this Recommendation. 7 Appendix II
21、Examples of cryptographic algorithms for SRTP, IPSec and TLS protocols 9 Appendix III OECD cryptography guidelines 11 Appendix IV EC Directives 13 Bibliography. 15 Rec. ITU-T X.1197 (04/2012) 1 Recommendation ITU-T X.1197 Guidelines on criteria for selecting cryptographic algorithms for IPTV service
22、 and content protection 1 Scope Recommendation ITU-T X.1197 provides guidelines on the criteria for selecting cryptographic algorithms for IPTV service and content protection (SCP). It also provides a list of cryptographic algorithms to provide confidentiality, data origin authentication, and integr
23、ity for IPTV SCP services. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in the text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other referen
24、ces are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to
25、 a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.1191 Recommendation ITU-T X.1191 (2009), Functional requirements and architecture for IPTV security aspects. ITU-T Y.1911 Recommendation ITU-T Y.1911 (2010), IPTV services and
26、nomadism: Scenarios and functional architecture for unicast delivery. ISO/IEC 18033-1 ISO/IEC 18033-1 (2005), Information technology Security techniques Encryption algorithms Part 1: General. 3 Terms and definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined els
27、ewhere: 3.1.1 asymmetric encryption system b-ISO/IEC 9798-1: System based on asymmetric cryptographic techniques whose public transformation is used for encryption and whose private transformation is used for decryption. 3.1.2 block cipher ISO/IEC 18033-1: Symmetric encryption system with the proper
28、ty that the encryption algorithm operates on a block of plaintext, i.e., a string of bits of a defined length, to yield a block of ciphertext. 3.1.3 cipher ISO/IEC 18033-1: Alternative term for encryption system. 3.1.4 ciphertext b-ITU-T X.800: Data produced through the use of encipherment. The sema
29、ntic content of the resulting data is not available. NOTE Ciphertext may itself be input to encipherment, such that super-enciphered output is produced. 3.1.5 cryptanalysis b-ITU-T X.800: The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sen
30、sitive data, including cleartext. 3.1.6 encryption b-ITU-T X.800: See encipherment. 2 Rec. ITU-T X.1197 (04/2012) 3.1.7 encipherment b-ITU-T X.800: The cryptographic transformation of data (see cryptography) to produce ciphertext. NOTE Encipherment may be irreversible, in which case the correspondin
31、g decipherment process cannot feasibly be performed. 3.1.8 encryption system ISO/IEC 18033-1: Cryptographic technique used to protect the confidentiality of data, and which consists of three component processes: an encryption algorithm, a decryption algorithm, and a method for generating keys. 3.1.9
32、 plaintext ISO/IEC 18033-3: Unenciphered information. 3.1.10 scrambling ITU-T X.1191: Process designed to protect multimedia content; scrambling usually uses encryption technology to protect content. 3.1.11 scrambling algorithm ITU-T X.1191: Algorithm used in a scrambling or a descrambling process.
33、3.1.12 service and content protection (SCP) ITU-T X.1191: A combination of service protection and content protection or the system or implementation thereof. 3.1.13 symmetric encryption system ISO/IEC 18033-1: Encryption system based on symmetric cryptographic techniques that uses the same secret ke
34、y for both the encryption and decryption algorithms. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 cryptographic algorithm suite: A set of cryptographic algorithms and relevant cryptographic parameters used for encryption, integrity protection, messa
35、ge origin authentication, key establishment, and non-repudiation, as well as corresponding key sizes and other parameters. 3.2.2 cryptographic methods: Cryptographic techniques, services, systems, products and key management systems. 3.2.3 cryptography: The discipline which embodies principles, mean
36、s, and methods for the transformation of data in order to hide its information content, establish its authenticity, prevent its undetected modification, prevent its repudiation and/or prevent its unauthorized use. NOTE Cryptography determines the methods used in encipherment and decipherment. An att
37、ack on a cryptographic principle, means, or method is cryptanalysis. 3.2.4 security strength: A measure of the difficulty of discovering the key in bits. 4 Abbreviations and acronyms CBC Cipher Block Chaining ECB Electronic Code Book EC European Commission IPTV Internet Protocol Television OECD Orga
38、nization for Economic Co-operation and Development OFB Output Feedback mode IETF Internet Engineering Task Force IPSec Internet Protocol Security ISO/IEC International Organization for Standardization/International Electrotechnical Commission Rec. ITU-T X.1197 (04/2012) 3 SCP Service and Content Pro
39、tection SDO Standards Development Organization SRTP Secure Real-Time Transport Protocol TLS Transport Layer Protocol 5 Conventions None. 6 Overview 6.1 General principles The following principles should be applied when determining the criteria for selecting cryptographic algorithms for ITU-T IPTV SC
40、P systems: Existing criteria that have been developed by ITU-T and other standards development organizations (e.g., ISO/IEC JTC 1/SC 27 and IETF) are used when determining the criteria. Based on the security strength and the selection criteria described in clause 8 of this Recommendation, cryptograp
41、hic algorithms for IPTV SCP system are selected from: publically available cryptographic algorithms that have been standardized ISO/IEC JTC 1/SC 27; cryptographic algorithms with a low computational complexity and a small carbon footprint, if applicable. 6.2 1997 OECD guidelines for cryptography pol
42、icy b-OECD On 27 March 1997, the Council of the OECD recommended guidelines for a cryptography policy b-OECD. Cryptographic algorithms include algorithms for encryption, message authentication and key derivation algorithms. The guidelines were primarily aimed at governments, in terms of policy recom
43、mendations, but with anticipation that they would be widely read and followed by both the private and public sectors. Since each of the eight principles outlined in the OECD guidelines addresses an important policy concern, they should be implemented as a whole to balance the various interests at st
44、ake. Among the eight principles outlined in the OECD guidelines, four are of importance in the selection of cryptographic algorithms for IPTV SCP: 1. Trust in cryptographic methods 2. Choice of cryptographic methods 3. Market driven development of cryptographic methods 4. Standards for cryptographic
45、 methods. These four principles are extracted from the guidelines included in Appendix III. 4 Rec. ITU-T X.1197 (04/2012) 6.3 EC Directives (directives of the European Parliament and of the Council) A set of EC communication directives, intended to harmonize electronic communication regulation throu
46、ghout the European community, forms the basis for the European regulatory regime. Among the set of EC Directives covering the area of electronic communications, the following two are of importance from a regulatory perspective, in the selection of cryptographic algorithms for the IPTV SCP: 1. Univer
47、sal Service Directive (Directive 2002/22/EC) 2. Access Directive (Directive 2002/19/EC). These Directives were amended on 25 November 2009. The Universal Service Directive addresses the question of interoperability of digital consumer equipment in Article 24, in conjunction with Annex VI, which refe
48、rs to the common European scrambling algorithm. The Access Directive adds aspects of conditional access systems, addressing in Article 6, the implementation of measures by the European Commission and the responsibilities of national regulatory authorities. The Access Directive also includes, in conj
49、unction with Annex I, further conditions for conditional access systems. The text referring to these two EC Directives can be found in Appendix IV of this Recommendation. 7 Requirements for cryptographic algorithms in IPTV 7.1 General requirements for cryptographic algorithms in ITU-T X.1191 The general requirements and/or recommendations, described in ITU-T X.1191, can be applied for selecting the cryptographic algorithm: Requirements for scrambling algorithms Sc