1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 11770 2 2: KS X ISO/IEC 11770 2:2011 2011 12 29 http:/www.kats.go.krKS X ISO/IEC 11770 2:2011 : ( ) ( ) () () ( ) : () () () KAIST : (http:/www.standard.go.kr) : :2001 12 31 :2011 12 29 2011-0659 : : ( 02-509-7262) (http:/www.kats.go.kr). 10 5 ,
2、 . KS X ISO/IEC 11770 2:2011 i ii . iii 1 1 2 1 3 .1 4 .3 5 3 6 - - .4 6.1 .4 6.2 1 .5 6.3 2 .5 6.4 3 .6 6.5 4 .6 6.6 5 .7 6.7 6 .8 7 (KDC, Key Distribution Center)9 7.1 .9 7.2 7 .9 7.3 8 .10 7.4 9 .12 7.5 10 .13 8 (Mechanisms using a Key Translation Centre).14 8.1 .14 8.2 11 .15 8.3 12 .16 8.4 13 .
3、17 A( ) ASN.1 .20 B( ) .22 C( ) 24 27 KS X ISO/IEC 11770 2:2011 .28 KS X ISO/IEC 11770 2:2011 ii ISO IEC ISO/IEC JTC 1 , SCIT . ISO/IEC 11770 2 ISO/IEC JTC 1 SC 27, IT . KS X ISO/IEC 11770 . 1: 2: 3: 4: KS X ISO/IEC 11770 2:2011 iii 2008 2 ISO/IEC 11770 2, Information technology Security techniques
4、Key management Part 2: Mechanisms using symmetric techniques . KS X ISO/IEC 11770 2:2011 2: Information technology Security techniques-Key managementPart 2: Mechanisms using symmetric techniques 1 . . KS X ISO/IEC 9798 2 KS X ISO/IEC 9798 4 . . ISO/IEC 8732 . , . . 3 . - - , (KDC, Key Distribution C
5、enter) (KTC, Key Translation Center). . . . . . , . 2 . . ( ) . KS X ISO/IEC 11770 1, 1: 3 KS X ISO/IEC 11770 1 . , . KS X ISO/IEC 11770 2:2011 2 3.1 (distinguishing identifier) 3.2 (entity authentication) KS X ISO/IEC 9798 1 3.3 A B (explicit key authentication from entity A to entity B) B A . KS X
6、 ISO/IEC 11770 3 A B A B A B . 3.4 A B (implicit key authentication from entity A to entity B) B A . KS X ISO IEC 11770 3 3.5 A B (key confirmation from entity A to entity B) B A . KS X ISO IEC 11770 3 3.6 (key control) . 3.7 (key generating function) . . 3.8 (point-to-point key establishment) 3 . 3
7、.9 (random number) KS X ISO/IEC 11770 2:2011 3 3.10 (redundancy) 3.11 (sequence number) 3.12 (time variant parameter) , , 4 . dK(Z) K Z eK(Z) K Z f FX . IX X KDC (Key Distribution Center) . KTC (Key Translation Center) . KXY X Y MAC MACK(Z) K Z MAC P R RX X T/N TVP TVPX X TX/NX X X|Y X Y Text1, Text
8、2,.( ) . . ( B ). , . . . 5 , /KS X ISO/IEC 11770 2:2011 4 . . , . a) , 1) 2) . 1) , . 2) MAC . . i) 1) . ISO/IEC 19772 . ii) KS X ISO/IEC 18033 3 KS X ISO/IEC 18033 4 . iii) , KS X ISO/IEC 10116 . iv) MAC KS X ISO/IEC 9797 . 1 KDC KTC , 1) 2) . C b) 6., 7. 8. , . , , . 2 . ( ). b) . c) . , . d) , ,
9、 . . . KS X ISO/IEC 9798 1 B . KS X ISO/IEC 18031 . 6 - - 6.1 - - . 6 - - . . KS X ISO/IEC 11770 2:2011 5 a) KAB A B . b) A B K , . c) K , . 6.2 1 1 K TVP ( , R, T, N ). 1 K . A TVP . 1 1 ( 1 ). (1) A TVPA, RA, TA, NA B . (i) A B KAB TVPA f K . K f(KAB, TVPA) C , 1 KS X ISO/IEC 9798 2 KS X ISO/IEC 9
10、798 4 . C 6.3 2 2 K A . K . 2 2 KS X ISO/IEC 11770 2:2011 6 ( 2 ). (1) A B KAB F( K ) B . (i) , B K . 6.4 3 3 KS X ISO/IEC 9798 2 . K A . 3 , , B A . / . A B TA NA . 3 3 ( 3 ). (1) A B TA NA, IB F( K ) . IB . KAB . (i) , B , , , K . IB , , A B (1) ( B ). . 6.5 4 4 KS X ISO/IEC 9798 2 2 . K A . 4 , ,
11、 B A . / RB . B . KS X ISO/IEC 11770 2:2011 7 4 4 ( 4 ). (1) B A RB . (2) A B RB, IB, F( K ) . IB . KAB . (i) (2) , B , , , (1) A RB (2) K . B , , B (2) ( B ). . 6.6 5 5 KS X ISO/IEC 9798 2 2 . A B K . 5 A B . / . A B T N . 5 5 ( 5 ). (1) A B TA NA, IB, FA . IB . KAB . (i) (1) , B , , . KS X ISO/IEC
12、 11770 2:2011 8 (2) B A TB NB, IA FB . IA . KAB . (i) (2) , A , , . (ii) A B FA FB f K . K f(FA, FB) C 5 , FA FB . , f , ( f ). IB , , B A (1) ( B ). IA (2) . . 6.7 6 6 KS X ISO/IEC 9798 2 3 . A B K . 6 , , . / . A B . 6 6 ( 6 ). (1) B A (1) RB . (2) A B (2) RA, RB, IB, FA . IB . KAB . (i) (2) , B ,
13、 , (1) A RB (2) . (3) B A (3) RB RA, FB . KAB KS X ISO/IEC 11770 2:2011 9 . (i) (3) , A , (1) (2) RA RB (3) . (ii) A B FA FB f K . K f(FA, FB) C 1 6 , FA FB . 2 IB (2) ( B ). A (2) . . 3 6 4 A B 2 . 7 (KDC, Key Distribution Center) 7.1 (KDC) KDC . 4 . 3 KDC K . KDC K . KDC , . , KDC K . KDC . , KDC
14、MAC . , KDC , . KDC , - - . . a) 3 P KDC A B KAP KBP . KDC K , . b) KDC . c) K , . 7.2 7 KS X ISO/IEC 11770 2:2011 10 7 K KDC . 7 K . 7 7 ( 7 ). (1) A B IB (1) KDC KDC . (2) KDC F( K ) A . 2 . eKAP(F | IB | Text1) eKBP(F | IA | Text2) (i) (2) , A IB K . (3) A (3) B (2) . (i) (3) , B IA K . 7.3 8 8 K
15、S X ISO/IEC 9798 2 4 . K KDC . 8 A B . / . A, B KDC T N . KS X ISO/IEC 11770 2:2011 11 8 8 ( 8 ). (1) A KDC TVPA( , , ) B IB (1) KDC KDC . (2) KDC F( K ) (2) A . 2 . eKAP(TVPA| F | IB | Text1) eKBP(TP/NP| F | IA | Text2) (i) (2) , A (1) KDC TVPA (2) , IB K . (3) A (3) B (2) . (3) . eK(TA/NA| IB | Text3) K B F . (3) TA NA (1) TVPA . (i) (3) , B , , IA K . (ii) B (3) ,