1、INTERNATIONAL TELECOMMUNICATION UNION ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU X.272 (03/2000) SERIES X: DATA NETWORKS AND OPEN SYSTEM COM M U N I CAT I ON S Open Systems Interconnection - Security Protocols Data compression and privacy over frame relay networks ITU-T Recommendation X.2
2、72 (Formerly CCITT Recommendation) ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS PUBLIC DATA NETWORKS Services and facilities Interfaces Transmission, signalling and switching Network aspects Maintenance Administrative arrangements Model and notation Service definitions
3、 Connection-mode protocol specifications Connectionless-mode protocol specifications PICS proformas OPEN SYSTEMS INTERCONNECTION X.1-X.19 X.20-X.49 X.50-X.89 X.90-X.149 X. 150-X.179 X. 180-X. 199 X.200-X.209 X.210-X.2 19 X.220-X.229 X.230-X.239 X.240-X.259 Protocol Identification X.260-X.269 Layer M
4、anaged Objects X.280-X.289 - Conformance testing INTERWORKING BETWEEN NETWORKS General Satellite data transmission systems IP-based networks MESSAGE HANDLING SYSTEMS DIRECTORY OS1 NETWORKING AND SYSTEM ASPECTS Networking Efficiency Quality of service Naming, Addressing and Registration Abstract Synt
5、ax Notation One (ASN. 1) Systems Management framework and architecture Management Communication Service and Protocol Structure of Management Information Management functions and ODMA functions OS1 MANAGEMENT SECURITY OS1 APPLICATIONS Commitment, Concurrency and Recovery Transaction processing Remote
6、 operations OPEN DISTRIBUTED PROCESSING X.290-X.299 X.300-X.349 X.350-X.369 x.370-x.399 X.400-X.499 X.500-X.599 X.600-X.629 X.630-X.639 X.640-X.649 X.650-X.679 X.680-X.699 X.700-X.709 X.7 1 0-X.7 19 X.720-X.729 x.730-x.799 X.800-X.849 X.850-X.859 X.860-X.879 X.880-X.899 X.900-X.999 For further detai
7、ls, please rer to the list of ITD-T Recommendations. ITU-T Recommendation X.272 Data compression and privacy over frame relay networks Summary This Recommendation defines Data Compression and Privacy Service for Frame Relay networks. The presence of a data compression service in a network will incre
8、ase the effective throughput of the network. On the other hand, the increasing demand for transmitting sensitive data across public networks requires facilities for ensuring the privacy of the data. In order to achieve optimum compression ratios, it is essential to compress the data before encryptin
9、g it. Hence, it is desirable to provide facilities in the specification of the data compression service to negotiate data encryption protocols as well. Since the task of compressing and then encrypting the data is computational intensive, efficiency is achieved through providing simultaneous data co
10、mpression and encryption (secure data compression). Source ITU-T Recommendation X.272 was prepared by ITU-T Study Group 7 (1997-2000) and approved under the WTSC Resolution 1 procedure on 3 1 March 2000. ITU-T X.272 (03/2000) 1 FOREWORD The International Telecommunication Union (ITU) is the United N
11、ations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (U-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunica
12、tions on a worldwide basis. The World Telecommunication Standardization Conference (WTSC), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of U-T Recommendations is covered by the procedure
13、 laid down in WTSC Resolution 1. In some areas of information technology which fall within U-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommuni
14、cation administration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. U takes no position concerning the evidence, validity
15、or applicability of claimed Intellectual Property Rights, whether asserted by U members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, U had received notice of intellectual property, protected by patents, which may be required to imple
16、ment this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. o mu 2001 All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means,
17、electronic or mechanical, including photocopying and microfilm, without permission in writing from ITU. 11 ITU-T X.272 (03/2000) CONTENTS Page 1 1 2 Scope . References . Terms and definitions . 2 3 2 4 5 6 7 8 8.1 8.2 Abbreviations and acronyms . Conventions 3 3 Overview . Reference Model . 4 Common
18、 mode specification General fi-ame format . Negotiation of facilities . Authentication facility Authentication frame format . Authentication packet format Authentication procedures 9 9 10 11 9 9.1 9.2 9.3 10 10.1 11 11 11 13 15 17 17 18 19 19 Encryption facilities E Mode- 1 Specification . - 10.1.1
19、E Mode-1 Control Frame Formats 10.1.2 E Mode-1 Data Transfer Format . 10.1.3 E Mode-1 Control procedures 10.1.4 E - Mode-1 User Data Encryption - - - E Mode-2 Specification . 10.2.2 E Mode-2 Negotiation - 10.2.1 E Mode-2 Control Frame Formats - - 10.2.3 E Mode-2 Data Transfer . - 10.2 19 19 20 21 21
20、 24 24 25 11 11.1 Data Compression Facilities . C-Mode-1 Data Compression Encapsulation. 1 1.1.1 C Mode-1 Control Frame Formats . 1 1.1.2 C Mode- 1 Control procedures 1 1.1.3 C Mode- 1 Data Transfer Formats . - - - C - Mode-2 Data COMPRESSION ENCAPSULATION 11.2.1 C Mode-2 Control Frame Formats . 11.
21、2.2 C Mode-2 Control Message - - 11.2 26 26 12 12.1 Secure Data Compression Facilities . S-Mode- 1 Data Compression Encapsulation . ITU-T X.272 (03/2000) . 111 12.1.1 12.1.2 S-Mode-1 Control procedures . S-Mode-1 Control Frame Formats S-Mode- 1 Data Transfer Format 12.2.1 Anti-expansion Signalling F
22、ormat . S-Mode-2 Data Compression Encapsulation . S-Mode-2 Control Frame Formats 12.3.2 S-Mode-2 Control Message Multi-facility FRCP Data Transfer Encapsulation Encryption and Secure Data Compression Data . Encryption and Compressed Data . 12.2 12.3 12.3.1 1 3 13.1 13.2 Page 26 26 27 27 28 28 30 30
23、30 33 iv ITU-T X.272 (03/2000) Introduction This Recommendation specifies the procedures for performing Data Compression and Privacy over Frame Relay. This Recommendation applies to Unnumbered Information VI) control field frames. This Recommendation does not cover frames that use a Number Informati
24、on (I) control field. ITU-T X.272 (03/2000) V ITU-T Recommendation X.272 Data compression and privacy over frame relay networks 1 Scope The scope of this Recommendation covers the negotiation and encapsulation of Data Compression, Secure data compression, authentication and encryption over fi-ame re
25、lay. These protocols are based on PPP Link Control Protocol (IETF RFC 1661) 13 and PPP Encryption Control Protocol (IETF RFC 1968 14 and 1969 15). This Recommendation applies to Unnumbered Information JI) fi-ames encapsulated using 4.933 Annex E 7. It addresses data compression and privacy on both p
26、ermanent virtual connections (PVC) and switched virtual connections (SVC). 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated
27、were valid. All Recommendations and other references are subject to revision; all users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Rec
28、ommendations is regularly published. ITU-T I. 122 (1 993), Framework for frame mode bearer services. ITU-T 1.233.1 (1 99 i), ISDNfiame relaying bearer service. ITU-T 1.370 (1 99 i), Congestion management for the ISDN frame relaying bearer service. ITU-T E. 164 (1 99 i), Numberingplan for the ISDN. I
29、TU-T 4.922 (1992), ISDN data link layer specijkation for frame mode bearer services. ITU-T 4.921 (1993), ISDN user-network inter$ace -Data link layer specijkation. ITU-T 4.933 (1995), Digital subscriber signalling system No. 1 (DSSl) Signalling specijkations for frame mode switched and permanent vir
30、tual connection control and status monitoring. ITU-T 4.931 (1993), ISDN user-network inter$ace layer 3 specijkation for basic call control. ITU-T 4.850 (1993), Usage of cause and location in the Digital Subscriber Signalling System No. 1 and the Signalling System No. 7 ISDN User Part. ITU-T 4.95 1 (
31、1993), Stage 3 description for number identijkation supplementary services using DSSl. ITU-T X.36 Amendment 1 (1996), Inter$ace between Data Terminal Equipment (DTE) and Data Circuit-terminating Equipment (DCE) for public data network providing fiame relay data transmission service by dedicated circ
32、uit. ITU-T X. 121 (1992), International numbering plan for public data networks. IETF RFC 1661/STD 5 1 (1994), The Point-Point Protocol. IETF RFC 1968 (1996), The PPP Encryption Control Protocol PCP). IETF RFC 1969 (1996), The PPP DESEncryption Protocol (DESE). IETF RFC 1570 (1 994), PPP LCP Extensi
33、ons. ITU-T X.272 (03/2000) 1 171 181 191 20 21 IETF RFC 1993 (1 996), PPP Gandalf FZA Compression Protocol. IETF RFC 1340 (1 992), Assigned Numbers. IETF RFC 1994 (1 996), PPP Challenge Handshake Authentication Protocol (CHAP). IETF RFC 1974 (1 996), PPP Stuc LZS Compression Protocol. IETF RFC 1829
34、(1995), The ESP DES-CBC Transform. 3 Terms and definitions This Recommendation defines the following terms: 3.1 encoding. 3.2 synchronization, created and maintained by peers to encode/decode user data. 3.3 decoding, error detection, synchronization and negotiation. 3.4 procedures used by a data com
35、pression function to transport user data and control primitives. anti-expansion: A method to inhibit the expansion of user data due to compression data compression context: A vocabulary and other information for error detection and data compression function: An entity that performs the data compress
36、ion encoding, data compression function definition: A specification that describes the format and 3.5 3.6 3.7 3.8 3.9 1) 2) 4 decoder: An entity that decompresses user data. encoder: An entity that compresses user data. history buffer: The type of vocabulary used for data compression. Ox stands for
37、hexadecimal numbers. longitudinal check byte (LCB): The LCB is calculated for each fi-ame by: exclusive ORing OxFF to the first octet of the payload and storing the result. Then, each subsequent octet of the payload is XORed to the result generating the next value of the result. Abbreviations and ac
38、ronyms This Recommendation uses the following abbreviations: A Authentication bit Ack Acknowledgement CBC Cipher Block Chaining CCP Compression Control Protocol C/D Control/data CHAP Challenge Handshake Authentication Protocol C-Mode- 1 C/U Compressed/uncompressed C/R DC Data Compression DCCI Data c
39、ompression context identifier DCFD Data Compression Function Definition DCP Data Compression Protocol Default Data Compression Mode 1 Frame Header as described in ITU-T 4.922 2 ITU-T X.272 (03/2000) DCPCP DES DLCI DTE E - Mode-i Ext. FCS FECN FR FRCP FZA LCB LCP LZS NLPID OUI PDU PVC RA SCA S-Mode-
40、i svc XOR DCP Control Protocol Data Encryption Standard Data Link Control Identifier Data Terminal Equipment Default Data Encryption Mode 1 Extension Bit Frame Check Sequence as described in ITU-T 4.922 Frame Header as described in ITU-T 4.922 Frame Relay Frame Relay Compression and Privacy Protocol
41、 Secure Data Compression Algorithm Longitudinal Check Byte Link Control Protocol Data Compression Algorithm Network Layer Protocol Identifier Organization Unique Identifier Protocol Data Unit Permanent Virtual Connection Reset Acknowledge Secure Data Compression Algorithm Default Secure Compression
42、Mode 1 Switched Virtual Connection Boolean Exclusive OR 5 Conventions This Recommendation uses some words for defining the significance of each particular requirement. These words are: Must, Shall, or Mandatory - The item is an absolute requirement of this Recommendation. Should - The item is highly
43、 desirable. May or Optional - The item is not compulsory, and may be followed or ignored according to Not Applicable - the item is outside the scope of this Recommendation. the requirements of the implementor. 6 Overview This Recommendation specifies the encapsulation of Frame Relay Compression and
44、Privacy Protocol (FRCP) over fi-ame relay networks. This Recommendation allows the negotiation and implementation of several facilities. The list includes: Authentication procedures; Data encryption facility; Secure Data compression facility and Data Compression facility. The FRCP provides two modes
45、 of operation for the encryption facility: O E Mode-1: E Mode-1 is the default mode and is mandatory for any implementation that supports the encryption facility. It allows negotiation of encryption parameters. The proposed default encryption algorithm is the Data Encryption Standard (DES) 56-bit ke
46、y ITU-T X.272 (03/2000) 3 O with Cipher Block Chaining (CBC) 21. The secret Data Encryption Standard (DES) key shared between the communicating parties is eight octets in length. This key consists of a 56-bit quantity used by the Data Encryption Standard (DES) algorithm. The 56-bit key is stored as
47、a 64-bit (eight octet) quantity, with the least significant bit of each octet used as a parity bit. E-Mode-2: E-Mode-2 is optional and allows full negotiation of encryption algorithms, both standard and proprietary, and their associated parameters. This mode is based on the Encryption Control Protoc
48、ol for PPP 14. This mode can be used to support encryption keys that are greater than 56 bits in length. The size of the key is vendor specific. In addition, the FRCP provides two modes of operation for the secure data compression facility: O S-Mode-1: S-Mode-1 is the mandatory mode and uses the def
49、ault algorithms and fi-ame formats defined in this Recommendation. S-Mode- 1 provides a simple negotiation protocol to enable secure data compression service with default parameters. The secure data compression algorithm requires the use of an encryption key. The encryption key shared between the communicating parties is eight octets in length. This key consists of a 56-bit quantity used that is stored as a 64-bit (eight octets) quantity, with the least significant bit of each octet used as a parity bit. algorithms and their associated parameters. O S-Mode-
