|
VOLVER |
1.5.6.2 CATALOGUE OF SC 27 PROJECTS AND STANDARDS
Doc. No.: SC 27 N 2097
Date: August 7th, 1998
Source: passia@ni.din.de
Table of Contents |
|
|---|---|
| ISO 8372 | 1987, Modes of operation for a 64-bit block cipher algorithm |
| ISO/IEC 9796 | 1991, Digital signature schemes giving message recovery - Part 1: Mechanisms using redundancy |
| ISO/IEC 9796-2 | 1997, Digital signature schemes giving message recovery - Part 2: Mechanisms using a hash-function |
| ISO/IEC WD 9796-3 | 1996, Digital signatures schemes giving message recovery - Part 3: Mechanisms using a check function |
| ISO/IEC CD 9796-4 | 1998, Digital signature schemes giving message recovery - Part 4: Discrete logarithm based mechanisms |
| ISO/IEC 9797 | 1994, Data integrity mechanism using a cryptographic check function employing a block cipher algorithm |
| ISO/IEC 9798-1 | 1997, Entity authentication - Part 1: General (2nd edition) |
| ISO/IEC 9798-2 | 1994, Entity authentication - Part 2: Mechanisms using symmetric encipherment algorithms |
| ISO/IEC 9798-3 | (199?), Entity authentication - Part 3: Mechanisms using asymmetric signature techniques (2nd edittion awaiting publication) |
| ISO/IEC 9798-4 | 1995, Entity authentication - Part 4: Mechanisms using a cryptographic check function |
| ISO/IEC 9798-5 | (199?), Entity authentication - Part 5: Mechanisms using zero knowledge techniques (awaiting publication) |
| ISO/IEC 9979 | (199?), Procedures for the registration of cryptographic algorithms (2nd edition awaiting publication) |
| ISO/IEC 10116 | 1997, Modes of operation for an n- bit block cipher algorithm (2nd edition) |
| ISO/IEC 10118-1 | 1994, Hash-functions - Part 1: General |
| ISO/IEC 10118-2 | 1994, Hash-functions - Part 2: Hash-functions using an n-bit block cipher algorithm |
| ISO/IEC 10118-3 | 1998, Hash-functions - Part 3: Dedicated hash- functions |
| ISO/IEC FDIS 10118-4 | 1998, Hash-functions - Part 4: Hash-functions using modular arithmetic |
| ISO/IEC 11770-1 | 1996, Key management - Part 1: Framework |
| ISO/IEC 11770-2 | 1996, Key management - Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 11770-3 | (199?), Key management - Part 3: Mechanisms using asymmetric techniques (awaiting publication) |
| ISO/IEC TR 13335-1 | 1996, Guidelines for the management of IT Security (GMITS) - Part 1: Concepts and models for IT Security |
| ISO/IEC TR 13335-2 | 1997, Guidelines for the management of IT Security (GMITS) - Part 2: Managing and planning IT Security |
| ISO/IEC TR 13335-3 | 1998, Guidelines for the management of IT Security (GMITS) - Part 3: Techniques for the management of IT Security |
| ISO/IEC WD 13335-4 | 1997, Guidelines for the management of IT Security (GMITS) - Part 4: Selection of safeguards |
| ISO/IEC WD 13335-5 | 1997, Guidelines for the management of IT Security (GMITS) - Part 5: Safeguards for external connections |
| ISO/IEC 13888-1 | 1997, Non-repudiation - Part 1: General |
| ISO/IEC 13888-2 | 1998, Non-repudiation - Part 2: Using symmetric techniques |
| ISO/IEC 13888-3 | 1997, Non-repudiation - Part 3: Using asymmetric techniques |
| ISO/IEC WD 14516 | 1998, Guidelines on the use and management of Trusted Third Party services |
| ISO/IEC FDIS 14888-1 | 1998, Digital signatures with appendix - Part 1: General |
| ISO/IEC FDIS 14888-2 | 1998, Digital signatures with appendix - Part 2: Identity-based mechanisms |
| ISO/IEC FDIS 14888-3 | 1998, Digital signatures with appendix - Part 3: Certificate-based mechanisms |
| ISO/IEC WD 15292 | 1998, Protection Profile registration procedures |
| ISO/IEC FCD 15408-1 | 1998, Evaluation criteria for IT Security - Part 1: Introduction and general model |
| ISO/IEC FCD 15408-2 | 1998, Evaluation criteria for IT Security - Part 2: Security functional requirements |
| ISO/IEC FCD 15408-3 | 1998, Evaluation criteria for IT Security - Part 3: Security assurance requirements |
| ISO/IEC WD 15443 | 1998, A framework for IT Security assurance |
| ISO/IEC WD 15446 | 1998, Guide on the production of Protection Profiles and Security Targets |
| ISO/IEC WD 15816 | 1997, Security information objects |
| ISO/IEC WD 15945 | 1998, Specification of TTP services to support the application of digital signatures |
| ISO/IEC WD 15946-1 | 1998, Cryptographic techniques based on elliptic curves Part 1: General |
| ISO/IEC WD 15946-2 | 1998, Cryptographic techniques based on elliptic curves Part 2: Digital signatures |
| ISO/IEC WD 15946-3 | 1998, Cryptographic techniques based on elliptic curves Part 3: Key establishment |
| ISO/IEC WD 15947 | 1998, IT intrusion detection framework |
ISO 8372: 1987 (2nd confirm. 1997)
Information processing -
Modes of operation for a 64-bit block cipher algorithm
ISO 8372 specifies four modes of operation for a 64-bit block cipher algorithm. These modes are Electronic codebook (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), and Cipher Feedback (CFB). For some modes, padding may be required to insure that the input is of the necessary length. Padding techniques are not within the scope of this International Standard.
Block cipher algorithms operate on blocks of data of fixed size but messages to be enciphered can be of any size. Four modes of operation for block cipher algorithms are widely used to cover most of the practical requirements for the use of encipherment in computer and network systems.
 | Electronic Codebook (ECB) is the straightforward use of the blockcipher algorithm to encipher one block. |
| Cipher Block Chaining (CBC) uses the output of one encipherment step to modify the input of the next, so that each ciphertext block is dependent on all the previous plain text blocks. |
| Cipher Feedback (CFB) is another kind of chained encipherment where messages are treated character by character or bit by bit. |
| Output Feedback (OFB) uses the block cipher algorithm as pseudo- random generator, this mode turns a block cipher into a stream ciphers. |
The modes of operation as described in ANSI X3.106 and FIPS Publication 81 are a specific case of the modes specified in ISO 8372. The main difference lies in the use if arbitrary 64-bit block cipher algorithms in the case of ISO 8372.
1st edition 1987
2nd confirmation in 1997
ISO/IEC 9796: 1991
This International Standard specifies a digital signature scheme giving message recovery for messages of limited length and using a public-key system. This digital signature scheme includes:
| a signature process using a secret signature key and a signature function for signing messages; |
| a verification process using a public verification key and a verification function for checking signatures while recovering messages. |
During the signature process, messages to be signed are padded and extended if necessary. Artificial redundancy is then added, depending upon the message itself. No assumption is made as to the possible presence of natural redundancy in the messages. The artificial redundancy is revealed by the verification process. The removal of this artificial redundancy fives message recovery.
The International Standard does not specify the key production process, the signature function and the verification function. Annex A gives the example of a public-key system including key production, signature function and verification function. The various steps of these operations are illustrated by examples in annex B.
Some parameters in the scheme are related to security: this International Standard does not specify the values to be used in order to reach a given level of security. However, this International Standard is specified in such a way to minimize changes in its use if some of these parameter have to be modified.
Two types of digital signature schemes are clearly identified.
| When the verification process needs the message as part if the input, the scheme is named "signature scheme with appendix". The use of a hash-function is involved in the calculation of the appendix. |
| When the verification process reveals the, message together with its specific redundancy (sometimes called the "shadow of a message"), the scheme is named a "signature scheme giving message recovery". |
The International Standard specifies a scheme for digital signatures of messages of limited length. It allows a minimal resource requirement for verification. It does not involve the use of a hash-function and it avoids the known attacks against the generic algorithm in use. The message need not be in a natural language. It may be any arbitrary string of bits of limited length. Examples of such messages are cryptographic key materials and the result of hashing another, longer message, which is also called the "imprint of a message". A characteristic example is a structured set of a few strings of bits generated by cryptographic software and hardware, one of these strings coding control information produced within the hardware.
1st edition 1991
ISO/IEC 9796-2: 1997
To be provided.
CD 1996
DIS 1996
IS 1997
ISO/IEC WD 9796-3: 1996
To be provided.
WD 1996-05 (CD 1998-11)
(FDIS 1999-11)
(IS 2000-05)
ISO/IEC CD 9796-4: 1998
A digital signature in electronic exchange of information provides the same kind of facilities that are expected from a handwritten signature in paper-based mail. Hence it is applicable to providing entity authentication, data origin authentication, non-repudiation, and integrity of data.
The purpose of project JTC 1.27.07 is to specify digital signature mechanisms giving partial or total message recovery aiming at reducing storage and transmission overhead.
This part of the project specifies mechanisms based on the discrete logarithm problem.
The document specifies two digital signature schemes giving data recovery. Both schemes are based on the difficulty of the discrete logarithm problem. The first scheme is defined on a prime field and the second one on an elliptic curve over a finite field.
The document also defines a redundancy scheme using a hash- function for hashing the entire message, and specifies how the basic signature schemes are to be combined with the redundancy scheme.
If the message is short enough, then the entire message can be included in the signature, and recovered from the signature in the verification process. Otherwise, a part of the message may be included in the signature and the rest of the message is stored and transmitted along with the signature.
I SO/IEC 10118:1994, Information technology - Security techniques - Hash-functions
CD 1998-05
(FDIS 1999-05)
(IS 1999-11)
ISO/IEC 9797: 1994
Data integrity mechanisms provide a means for checking the integrity of data. Their purpose is the detection of any (unauthorized) modification of the data such as deletion, insertion, insertion or transportation of items within the data. Their purpose is not to provide means for securing the intactness of the contents of the data. The mechanism specified in ISO/IEC 9797 employs a block cipher algorithm which is used to calculate a cryptographic check value, called the Message Authentication Code (MAC), for the given data. The compression of the data to the MAC is an integral part of the method. The standard does however not include any specification on the implementation or coding of the text which has to be authenticated. The reliability of the outcome depends on the security of the keys and the algorithm employed as well as on factors concerning the implementation which are outside the scope of a generic standard as ISO/IEC 9797.
The calculation of cryptographic check values as described in ISO 8731, ANSI X9.9 and ANSI X9.19 is a specific case of the mechanism specific case of the mechanism specified in ISO/IEC 9797. The main difference lie in the use of arbitrary block cipher algorithms, the treatment of the last block of the message and the use of optional processes to increase the strength of the MAC.
The document describes the process of calculating the cryptographic check value using a block cipher algorithm as an enciphering algorithm in CBC (Cipher Block Chaining) mode, where the initialization value is zero and the output is restricted to the output after the encipherment of the last block. The MAC thus depends on all data but its length is at most equal to block length of the algorithm.
The generation of a MAC requires the selection of one of two specified padding methods. One of them allows to detect the addition or deletion of trailing '0' and is thus recommended if the length of the data is not known by the verifier. The standard also specifies in a normative annex two options which can be applied to the outcome of the last block of the "standard" calculation process. Their purpose is to enhance the security of the MAC with respect exhaustive key search and chosen plain text attacks. An informative annex provides examples for all the combinations of padding methods and optional processes.
ISO/IEC 9797 uses terms defined in:
| ISO 7498-2: 1989, Information processing systems - Open systems interconnection - Basic reference model - Part 2: Security architecture, |
| ISO/IEC 10116: 1997, Information technology - Security techniques - Modes of operation for an n-bit block cipher algorithm. |
1st edition 1989
2nd edition 1994
The 2nd edition ISO/IEC 9797 cancels and replaces the 1st edition.
Revision 1997
ISO/IEC 9798-1: 1997 (2nd edition)
The International Standard specifies entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities, and where required, exchanges with a trusted third party.
The details of the mechanisms and the contents of the authentication exchanges are not specified in this part but in the following parts of this multi-part International Standard.
ISO/IEC 9798-1 describes the general model for the entity authentication mechanisms of ISO/IEC 9798-2 (using symmetric encipherment algorithms), ISO/IEC 9798-3 (using a public key algorithm), ISO/IEC 9798-4 (using a cryptographic check function) and the future ISO/IEC 9798-5 (using asymmetric zero knowledge techniques). It contains definitions and notation, describes the authentication model and discusses requirements and constraints common to the other parts. The standard also contains informative annexes on the use of text fields, on time variant parameters (time stamps, sequence numbers, or random numbers), and on certificates.
ISO/IEC 9798-1 makes use of definitions of the following standards:
| ISO 7498-2: 1989, Information processing systems - Open systems interconnection - Basic reference model - Part 2: Security architecture. |
| ISO/IEC 10181-2: 1996, Information technology - Open systems interconnection - Security frameworks for open systems: Authentication framework. |
It contains definitions for ISO/IEC 9798-2, ISO/IEC 9798-3, ISO/IEC 9798-4, ISO/IEC 9798-5
1st edition 1991
2nd edition 1997
The 2nd edition cancels and replaces the 1st edition.
ISO/IEC 9798-2: 1994
The purpose of entity authentication is the corroboration that an entity is the one claimed. This part of ISO/IEC 9798 specifies entity authentication mechanisms using symmetric encipherment algorithms. These mechanism are characterized by the fact that the entity to be authenticated corroborates its identity by demonstrating its knowledge of a secret authentication key. This key is used to encipher specific data. The enciphered data can be deciphered and its contents validated by anyone sharing the entity's secret authentication key.
The claimant and verifier need to share a common secret authentication key, the establishment if which may involve a trusted third party. If the claimant and the verifier do not share a secret key they have to share a secret authentication key with a common trusted third party. If a trusted third party is involved it should be trusted by both the claimant and the verifier. The secret authentication key shared by a claimant and a verifier, or by an entity and a trusted third party is known only to those two parties and, possibly, to other parties they both trust.
The mechanisms specified in this part of ISO/IEC 9798 use time variant parameters such as time stamps, sequence numbers, or random numbers, to prevent valid authentication information from being accepted at a later time.
The document describes the required content of messages which are necessary to set up the conditions for entity authentication. This may be unilateral authentication, by means of which only a single entity is authenticated, or mutual authentication, where the two entities authenticate each other. This part of ISO/IEC 9798 specifies four authentication mechanisms where no trusted third party is involved. Two of these four are concerned with unilateral authentication while the other two specify mechanisms for mutual authentication. In addition, two mechanisms involving a trusted third party are specified. They can be used for unilateral or mutual authentication depending on the number of messages exchanged.
Messages may contain text fields the use and relationship of which is not specified in this standard. The standard contains an informative annex in their use which could, for instance, be key distribution. Some of the key distribution mechanisms specified in ISO/IEC 11770-2 makes use if the mechanisms specified in this part of ISO/IEC 9798. The standard also contains an informative annex on the use of time variant parameters.
This part
uses the definitions and notation described in
ISO/IEC9798-1: 1991, Information technology - Security techniques - Entity
authentication mechanisms - Part 1: General model.
1st edition 1994
Revision 1997
FCD 1998-05
(FDIS 1998-11)
(IS 1999-05, 2nd edition)
ISO/IEC 9798-3: (2nd edition awaiting publication)
Information technology - Security techniques - Entity authentication -
Part 3: Entity authentication using asymmetric signature techniques
The purpose of entity authentication is the corroboration that an entity is the one claimed. This part of ISO/IEC 9798 specifies entity authentication mechanisms employing a public key algorithm and a digital signature for the verification of the identity of an entity. The use of this standard is not restricted to a particular algorithm; any public key algorithm satisfying the requirements of the authentication mechanism(s) specified may be employed.
Entity authentication mechanisms based on a public key algorithm are characterized by the fact that the entity to be authenticated corroborates its identity by demonstrating its knowledge of its secret signature key. This key is used to digitally sign specific data. The signature can be verified by anyone knowing the entity's public verification key. It is thus of importance that the public verification key is valid and authentic. One way of obtaining a valid public key is by means of certificates distributed, for instance, by a trusted third party. Another way would be to distribute the public key by mutually agreed means. The means of obtaining a valid public verification key are outside the scope of the standard. The use of certificates is, therefore, only discussed in an informative annex.
The standard describes two mechanisms for unilateral authentication and three mechanisms for mutual authentication. In a unilateral authentication mechanism only one of the two entities is authenticated while in a procedure for mutual authentication the two communicating entities authenticate each other. Messages are sent between the claimant and the verifier for the verification of the claimant's identity. A message contains a signed part and an unsigned part. If information in the signed part of the message is already known to the verifier then it needs not be contained in the unsigned part. The provision of data in the unsigned part may also depend on the properties of the algorithm employed. To control uniqueness/timeliness of the messages ( which, for example, prevents valid authentication information from being accepted at a later time) the messages contain time variant parameters such as time stamps, sequence numbers and random numbers. Their properties are described as in an informative annex. Implementation requirements may make different time variant parameters preferable in different applications.
Messages may contain text fields the use and relationship of which is not specified in this standard. The standard contains an informative annex on their use which could, for instance, be key distribution. Some of the key distribution mechanisms specified in ISO/IEC 11770-3 makes use of the mechanisms specified in this part of ISO/IEC 9798.
The standard
makes use of definitions and notation in:
ISO/IEC 9798-1: 1997 , Information technology - Security techniques - Entity
authentication mechanisms - Part 1: General (2nd edition)
1st edition 1993
(2nd edition awaiting publication)
ISO/IEC 9798-4: 1995
The purpose of entity authentication is the corroboration that an entity is the one claimed. This part of ISO/IEC 9798 specifies entity authentication mechanisms using symmetric encipherment algorithms. These mechanisms are characterized by the fact that the entity to be authenticated corroborates its identity by demonstrating its knowledge of a secret authentication key. This key is used to encipher specific data. The enciphered data can be deciphered and its contents validated by anyone sharing the entity's secret authentication key.
The claimant and verifier need to share a common secret authentication key, the establishment if which may involve a trusted third party. If the claimant and the verifier do not share a secret key they have to share a secret authentication key with a common trusted third party. If a trusted third party is involved it should be trusted by both the claimant and the verifier. The secret authentication key shared by a claimant and a verifier, or by an entity and a trusted third party is known only to those two parties and, possibly, to other parties they both trust.
The mechanisms specified in this part of ISO/IEC 9798 use time variant parameters such as time stamps, sequence numbers, or random numbers, to prevent valid authentication information from being accepted at a later time.
The document describes the required content of messages which are necessary to set up the conditions for entity authentication. This may be unilateral authentication, by means of which only a single entity is authenticated, or mutual authentication, where the two entities authenticate each other. This part of ISO/IEC specifies four authentication mechanisms where no trusted third party is involved. Two of these four are concerned with unilateral authentication while the other two specify mechanisms for mutual authentication. In addition, two mechanisms involving a trusted third party are specified. They can be used for unilateral or mutual authentication depending on the number of messages exchanged.
Messages may contain text fields the use and relationship of which is not specified in this standard. The standard contains an informative annex in their use which could, for instance, be key distribution. Some of the key distribution mechanisms specified in ISO/IEC 11770-2 makes use if the mechanisms specified in this part of ISO/IEC 9798. The standard also contains an informative annex on the use of time variant parameters.
This part
uses the definitions and notation described in:
ISO/IEC 9798-1: 1991, Information information - Security techniques - Entity
authentication mechanisms - Part 1: General model.
1st edition 1995
Review 1998
ISO/IEC 9798-5: (awaiting publication)
The purpose of entity authentication is the corroboration that an entity is the one claimed. This part of ISO/IEC 9798 specifies three entity authentication mechanisms using zero knowledge techniques. All the mechanisms specified in this part of ISO/IEC 9798 provide unilateral authentication. These mechanisms are constructed using the principles of zero knowledge, but they will not be zero knowledge according to the strict (mathematical) definition.
The first mechanism is said to be based on identities. A trusted accreditation authority provides each claimant with private accreditation information, computed as a function of the claimant's identification data and the accreditation authority's private key.
The second mechanism is said to be certificate-based using discrete logarithms. Every claimant possesses a public key, private key pair for use in this mechanism. Every verifier of a claimant's identity must possess a trusted copy of the claimant's public verification key; the means by which this is achieved is beyond the scope of this standard, but it may be achieved through the distribution of certificates signed by a Trusted Third Party.
The third mechanism is said to be certificate-based using an asymmetric encipherment system. Every claimant possesses a public key, private key pair for an asymmetric cryptosystem. Every verifier of a claimant's identity must possess a trusted copy of the claimant's public key; the means by which this is achieved is beyond the scope of this standard, but it may be achieved through the distribution of certificates signed by a Trusted Third Party.
In an entity authentication mechanism, the claimant and verifier have a dialog, which the verifier uses to check that the claimant possesses a particular secret, typically a key. The base ingredients of such many dialogs are a challenge chosen by the verifier and sent to the claimant, and a response calculated by the claimant using the challenge and his secret information, which is returned to the verifier for checking. In the context of the use of asymmetric cryptographic techniques, a potential weakness of such a procedure is that the verifier may abuse the mechanism to compromise the claimant's secret key.
When asymmetric cryptography is being used, the claimant uses the secret key of his asymmetric key pair to compute the response to a verifier's challenge. The verifier may then, by choosing the challenge wisely, gain information about the secret key of the claimant that could not have been obtained just by knowing the claimant's public key.
This type of abuse of an exchange of cryptographic messages is known as using the claimant as an oracle' in that the claimant provides information about his secret key at the behest of the verifier. The idea behind a zero-knowledge identification mechanism is simply to remove this particular potential threat by careful design of the messages. This done by ensuring that the verifier cannot use the claimant as an oracle.
This part
uses the definitions and notation described in
ISO/IEC 9798-1: 1997,Information technology - Security techniques - Entity
authentication - Part 1: General(2nd edition).
CD 1995
DIS 1997
(IS awaiting publication)
ISO/IEC 9979: (2nd edition awaiting publication)
This International Standard specifies the procedures for the registering of cryptographic algorithms and the form of register entries.
This International Standard is for use by those wishing to make entries in the register and by the Registration Authority.
The ISO Register of cryptographic algorithms serves as a common reference point for the identification of cryptographic algorithms by a unique name. The register is also a repository of basic parameters identified with the register entry. The principal purpose of the register is to enable entities to identify and negotiate an agreed cryptographic algorithm.
This standard describes the role of the Registration Authority responsible for the maintenance of the ISO Register and the publishing of Register entries.
This standard also defines the three types of cryptographic algorithm to be registered:
| algorithms in which the complete description of the process accompanies the registration entry; |
| algorithms in which the complete description of the process is defined in an ISO document, or a standard maintained by a Member Body of ISO or by a liaison organisation; |
| algorithms in which the complete description is not fully defined (or not defined at all). |
The procedures for registration are presented: covering the submission of new register entries, responsibilities of the submitter, and submissions for the modifications or deletions. This standard defines the general contents of the register: the information that the submitter must supply that is mandatory and and information that is optional. It also specifies that exact form of the Register entries, with examples. Finally the standard provides a definition of a cryptographic algorithm for the purposes of registration.
Standards for generic security techniques, communications protocols, applications and services will make use of ISO/IEC 9979 as common reference point for identification of cryptographic algorithms and their basic parameters.
1st edition 1991
(IS 2nd edition awaiting publication)
Attachment 1 ISO/IEC 9979 Registration Authority
The register of cryptographic algorithms is kept on behalf of the International Standards Organisation by:
National Computing Centre Ltd (NCC)
Oxford House
Oxford Road
Manchester M1 7ED
United Kingdom
Records are kept in accordance with ISO/IEC 9979 under the terms of the following resolution, 48/1991:
Council, in accordance with the ISO/IEC Directives for the Technical Work (annex N to Part 1), approves the designation of the National Computing Centre (NCC, United Kingdom) as the registration authority for the implementation of ISO/IEC 9979, "Data cryptographic techniques - Procedures for the registration of cryptographic algorithms", prepared by ISO/IEC JTC 1, "Information Technology".
Entries for registration should be submitted in free-form text, under the headings set out in ISO/IEC 9979, Section 9, Sub-sections 9.2 to 9.13. Submission of new entries may, in accordance with ISO/IEC 9979, only be made by an ISO member body, an ISO technical committee or a liaison organisation.
The National Computing Centre Ltd (NCC) has not evaluated or made any judgment of the quality of protection provided by the registered algorithms. Registration of an algorithm does not imply that the algorithm is an ISO standard.
For further information; copies of the entry for an individual algorithm as submitted by the sponsoring ISO Member Body, or liaison organisation; cost of copies and for the registration of entries; contact:
Mr Chris Hook
Business Technology Department
NCC Services Ltd
Oxford Road
Manchester M1 7ED
United Kingdom
Tel: +44-161-228-6333
Fax: +44-161-228-1636
E-mail: enquiries@ncc.co.uk
Date: 13/05/98
| Entry index |
ISO Entry Name {ISO standard 9979 |
Proprietary entry name | Date Registered |
Sponsoring body/ Requested by |
|---|---|---|---|---|
| 0001 | b-crypt(1)} | B-Crypt | 19 August 92 | BSI/BT D&P |
| 0002 | idea-tm(2)} | IDE | 10 May 93 | SNV/Ascom Tech Ltd |
| 0003 | luc-pkcds(3)} | LUC Public-Key Crypto system & Digital Signature |
20 July 94 | Standards New Zealand / LUC Encryption Technology Ltd |
| 0004 | DES(4)} | Data Encryption Standard (DES) | 5 September 94 | ANSI/National Communications System NT |
| 0005 | cdmf(5)} | Commercial Data Masking Facility (CDMF) | 29 October 94 | ANSI/IBM Corporation |
| 0006 | skipjack(6)} | Skipjack | 3 1 October 94 | ANSI/National Security Agency |
| 0007 | rc4-ssc(7)} | RC4 Symmetric Stream Cipher | 31 October 94 | ANSI/RSA Data Security Inc |
| 0008 | rc2-sbc(8)} | RC2 Symmetric Block Cipher | 31 October 94 | ANSI/RSA Data Security Inc |
| 0009 | multi2(9)} | MULTI2 | 14 November 94 | IPA/Hitahi Ltd |
| 0010 | feal(10)} | FEAL | 14 November 94 | IPA/Nippon Telegraph & Telephone Corporation |
| 0011 | baras(11)} | BARAS | 18 August 95 | ETSI/ETSI |
| 0012 | sxal/mbal(12)} | SXAL (Substitution Xor Algorithm) / Multi Block Algorithm (MBAL) | 23 October 95 | IPA/Laurel Intelligent Systems Co. Ltd |
| 0013 | misty1(13)} | MISTY1 | 27 November 96 | IPA/Mitsubishi Electric Corporation |
| 0014 | encrip(14)} | ENCRIP | 12 February 97 | IPA/NEC Corporation C & C Laboratories |
| 0015 | acr(15)} | ACR | 8 May 97 | AFNOR/SAGEM SA |
| 0016 | fwz1(16)} | FWZ1 | 17 June 97 | Standards Institution of Israel (SII)/ Check Point Software Technologies |
| 0017 | speam1(17)} | SPEAM1 | 5 Dezember 97 | IPA/Matsushita Electric Industrial Co, Ltd |
| 0018 | elcurve(18)} | ELCURVE | 13 May 98 | IPA/Hitachi, Ltd. |
ISO/IEC 10116: 1997 (2nd edition)
ISO/IEC 10116 specifies four modes of operation for an n-bit block cipher algorithm. Those modes are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), and Cipher Feedback (CFB). For some modes, padding may be required to ensure that the input is of the necessary length. Padding techniques are not within the scope of this International Standard.
Block cipher algorithms operate on blocks of data of fixed size but messages to be enciphered can be of any size. Four modes of operation for block cipher algorithms are widely used to cover most of the practical requirements for the use of encipherment in computer and network systems.
| Electronic Codebook (ECB) is the straightforward use of the block cipher algorithm to encipher one block. |
| Cipher Block Chaining (CBC) uses the output of one encipherment step to modify the input of the next, so that each ciphertext block is dependent on all the previous plaintext blocks. |
| Cipher Feedback (CFB) is another kind of chained encipherment where messages are treated character by character or bit by bit. |
| Output Feedback (OFB) uses the block cipher algorithm as pseudo-random generator, this mode turns a block cipher into a stream cipher |
To support the selection of a suitable mode of operation, the properties of the four modes are described and compared.
The modes of operation as described in ISO/IEC 8372, ANSI X3.106 and FIPS Publication 81 are a specific case of the modes specified in ISO/IEC 10116. The main difference lies in the use of arbitrary n-bit block cipher algorithms in the case of ISO/IEC 10116.
1st edition 1991
2nd edition 1997
The 2nd edition cancels and replaces the 1st edition.
ISO/IEC 10118-1: 1994
Hash-functions map arbitrary strings of bits to a given range. They can be used for reducing a message to a short imprint for input to a digital signature mechanism, or for committing the user to a given string of bits without revealing this string. The input string of a hash- function is called a data string an the output string is called a hash- code.
This part of ISO/IEC 10118 contains definitions, symbols, abbreviations and requirements which are common to all the other parts of ISO/IEC 10118.
The document gives the definition of the terms "hash-function", "collision-resistant hash-function", "data string (or data)", "hash-code", "initializing value" and "padding", as well as the related notation. (Note: for the purpose of ISO/IEC 10118, a hash- function is defined as being what is generally called a one-way hash-function in the literature.)
It is required that the parties involved operate upon precisely the same data, use the same initializing values (if any) and the same padding methods (if any).
There are three informative annexes: Annex A provides some guidance on the choice of the initializing value. Annex B proposes two padding methods (method 1: append '0' bits if necessary; method 2: append a '1' bit then '0' bits if necessary). Annex C is bibliography.
There are no dependencies but the padding methods are the same as those standardized in ISO/IEC 9797.
1st edition 1994
Revision 1997
ISO/IEC 10118-2: 1994
This part of ISO/IEC 10118 specifies hash-functions which make use of an n-bit block cipher algorithm. They are therefore suitable for an environment in which such an algorithm is already implemented. Two types of hash-functions are specified. The first provides hash- codes of length smaller than or equal to n, where n is the block-length of the algorithm used. The second provides hash-codes of length less than or equal to 2n.
The hash-functions described in this document are based on a particular chaining mode of an n-bit block cipher algorithm, sometimes know as MDC (Manipulation -or Modification- Detection Code). The basic mode consists to enter the current data block as a data input of the cipher algorithm and the current hash-result as a key input of the cipher algorithm, then to Exclusive-Or the output of the cipher algorithm with the current data block to obtain the next current hash-result.
Two hashing operations are proposed. The first one, after splitting the data into n-bit blocks and padding the last one if necessary, iterates the basic mode described above. In this case, the hash-code (equal to the final current hash-result, possibly truncated) is a string of n bits or less. The second one operates twice the basic mode, starting with two distinct initializing values and mixing together the two outputs of the cipher algorithm at each iteration. In this case, the hash-code is a string of 2n bits or less, and the computation time is roughly the double of the time required in the first case.
There are three informative annexes: Annex A presents a way of implementing this standard with the algorithm known as DEA (ANSI X3.92) or DES. Annex B gives numerical examples, when using the algorithm and the parameters defined in annex A and the padding methods proposed in Annex B of Part 1 of ISO/IEC 10118. Annex C is bibliography.
This part of
ISO/IEC 10118 uses the definitions, notation, requirements and annexes (in particular
padding methods) of
ISO/IEC 10118-1: 1994, Information technology - Security techniques - Hash-functions -
Part 1: General.
1st edition 1994
Revision 1997
ISO/IEC 10118-3: 1998
This part of ISO/IEC 10118 specifies dedicated hash-functions, i.e. specially designed hash-functions. The hash-functions in this part of ISO/IEC 10118 are based on the iterative use of a round-function.
Three distinct round-functions are specified, giving rise to distinct dedicated hash-functions. The first and third provide hash-codes of lengths up to 160 bits, and the second provides hash-codes of lengths up to 128 bits.
Users who wish to employ a hash-function from this part of ISO/IEC 10118 shall select:
| one of the dedicated hash-functions specified; and |
| the length of the hash-code. |
NOTE: The first and second dedicated hash-functions are defined so as to facilitate software implementations for 'little-endian' computers, i.e. where the lowest-addressed byte in a word is interpreted as the least significant; conversely, the third round-function is defined so as to facilitate software implementations for 'big-endian' computers, i.e. where the lowest-addressed byte in a word is interpreted as the most significant. However, by adjusting the definition appropriately, any of the round-functions can be implemented on a 'big-endian' or a 'little-endian' computer. All the hash-functions defined in this part of ISO/IEC 10118 take a bit-string as input and give a bit-string as output; this is independent of the internal byte-ordering convention used within each hash-function.
This document describes two different cryptographic hash- functions designed specifically for the purpose. Cryptographic hash- functions have a number of possible uses as part of security systems, the most prominent of which is as part of a Digital signature with appendix mechanism.
This part of
ISO/IEC 10118 uses the definitions given in:
ISO/IEC 10118-1: 1994, Information technology - Security techniques - Hash-functions -
Part 1: General.
CD 1994
DIS 1996
IS 1998
ISO/IEC FDIS 10118-4: 1998
Hash-functions map
arbitrary strings of bits to a given range. They can be used for reducing a message to a
short imprint for input to a digital signature mechanism, or for committing the user to a
given string of bits without revealing this string.
This part of ISO/IEC 10118 specifies two collision-resistant hash-functions which make use of modular arithmetic employing a round-function using a composite modulus as a product of two large primes, and a reduction-function using a prime number only. These hash-functions compress messages of arbitrary but limited length to a hash-code whose length is determined by the length of the prime number used in the reduction-function. Thus, the hash- code is easily scaled to the input length of any mechanism (e.g., signature algorithm, identification scheme).
The hash-functions specified in this part of ISO/IEC 10118, known as MASH-1 and MASH-2
(Modular Arithmetic Secure Hash) are particularly suitable for environments in which
implementations of modular arithmetic of sufficient length are already available. The two
hash-functions differ only in the exponent used in the round-function.
The length of the prime number used in the reduction-function shall be at most half of the
length of the modulus used in the round-function.
The
hash-functions make use of a padding rule specified in Annex B of:
ISO/IEC 10118-1: 1994, Information technology - Security techniques - Hash-functions -
Part 1: General.
FCD 1997-11
FDIS 1998-05
(IS 1998-11)
ISO/IEC 11770-1: 1996
The purpose of key management is to provide procedures for handling cryptographic keying material to be used is symmetric or asymmetric cryptographic algorithm according to the security policy in force. This part of ISO/IEC 11770 identifies the objectives of key management of key management, describes general models on which key management mechanisms are based, defines the basic concepts of key management common to all parts of this multi-part standard, defines key management services, identifies the characteristics of key management mechanisms, specifies requirements for the management of keying material during its life cycle and describes a framework for the management of keying material during its life cycle.
The document addresses both - the automated and manual aspects of key management, including data elements and sequences of operations which are used to obtain key management services. It does not specify details of protocol exchanges.
The document describes the different methods for protecting keys: the protection by cryptographic techniques primarily work against disclosure, modification and deletion of keying material. The level of protection is dictated by the application the key is used for. On the other hand there exist techniques for the separation of functional use and cryptographic transformation to protect against unauthorized use. Protection by non-cryptographic techniques are the protection by physical and by organizational means.
A key life cycle model identifies different states and transitions and implicitly defines the services of key management. These services might be part of a key management system or provided by any other service provider. If the provider fulfill specific security and legal requirements it might be trusted by all entities involved, e.g. the service provider acts as a Trusted Third Party (TTP).
The document defines a conceptual model for key distribution within one domain and between domains. It also introduces a specific form of key distribution: the key translation. These concepts are needed for part 2 and part 3 of this standard.
This document is either part of a multi-part standard on key management or part of the OSI security framework architecture.
CD 1994
DIS 1995
IS 1996
ISO/IEC 11770-2: 1996
The purpose of key management is to provide procedures for handling cryptographic keying material to be used on a symmetric or asymmetric cryptographic algorithm according to the security policy in force. This part of ISO/IEC 11770 defines key establishment mechanisms using symmetric cryptographic techniques, more specifically either symmetric encipherment algorithms or cryptographic check functions. Such mechanisms can, e.g., be derived from entity authentication mechanisms of ISO/IEC 9798-2 by specifying the use of text fields available in those mechanisms. Other key establishment mechanisms exist for specific environments, see for example, ISO 8732.
The document does not explicitly address the issue of interdomain key management. Furthermore, it does not define the implementation of key management mechanisms; there may be different products that comply with this part of ISO/IEC 11770 and yet are not compatible.
The document describes the required content of messages which carry cryptographic keys or are necessary to set up the conditions under which secret keys can be established. Three environments exist for the establishment of keys: Point to Point, Key Distribution Centre (KDC) and Key Translation Centre (KTC). A point-to-point environment exists when two entities already share a key that can establish further keys. If two entities wish to communicate with each other using only symmetric techniques but do not currently share such a key, they shall make use of a KDC or KTC. The role of a KDC is to generate and distribute keys, whereas a KTC converts and distributes keys.
The key establishment mechanisms specified differ in their goals. Besides key establishment , goals may include unilateral or mutual authentication of the communicating entities. Further goals may be the verification of the integrity of the established key, or key confirmation. Some of the mechanisms enable more than one entity to contribute part of the established key K.
The document specifies sis point-to-point key establishment mechanisms (3 of them derived from authentication mechanisms of ISO/IEC 9798-2) four key establishment mechanisms for a KDC environment (2 of them derived from authentication mechanisms of ISO/IEC 9798-2), and four key establishment mechanisms for a KTC environment (2 of them derived from authentication mechanisms of ISO/IEC 9798-2).
Most, but
not all of the mechanisms make use of techniques specified in
ISO/IEC 9798-2: 1994, Information technology - Security techniques - Entity
Authentication - Part 2: Mechanisms using symmetric encipherment algorithms.
1st edition 1996
ISO/IEC 11770-3: (awaiting publication)
This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic techniques. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3.
This part of ISO/IEC 11770 does not cover aspects of key management such as key lifecycle management and mechanisms to store, archive, delete, destruct, etc. keys. It also does not cover the implementations of the transformations used in the key management mechanisms.
This part of ISO/IEC 11770 specifically addresses the use of asymmetric techniques to achieve the following goals:
| Establish a shared secret key between two entities A and B by key agreement. In a secret key agreement mechanism the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared key. |
| Establish a shared secret key between two entities A and B by key transport. In a secret key transport mechanism the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques. |
| Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of an entity A must be transferred to other entities in an authenticated way, but not requiring secrecy. |
This
document is part of a multi-part standard. Some mechanisms make use of the techniques
specified in
ISO/IEC 9798-3: (199?), Information technology - Security techniques - Entity
authentication mechanisms - Part 3: Entity authentication using asymmetric signature
techniques
CD 1993
DIS 1997-06
(IS awaiting publication)
ISO/IEC TR 13335-1: 1996
The Technical Report contains guidance essential to the effective management of IT Security and how the associated concepts are related. This guidance should be used to identify and manage all aspects of IT Security. Part 1 of the TR contains an overview of the basic concepts and models that are discussed in detail in the remaining two parts of the Technical Report. Familiarity with Part 1's background material is essential for a complete understanding of Parts 2 and 3.
Government and commercial organizations rely heavily on the use of information to conduct their business activities. Loss of confidentiality, integrity, availability and also accountability, authenticity and reliability, of information and services, can have an adverse impact on organizations. Consequently, there is a critical need to protect information and to manage the security of information technology (IT) systems within an organization. This requirement to protect information is particularly important in today's environment because many organizations are internally and externally connected by networks of IT systems.
IT Security management is a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, and also accountability, authenticity and reliability, for information and services. IT Security management functions include:
| Determining organizational IT Security objectives, strategies and policies; |
| Identifying and analyzing security threats to IT assets within the organization; |
| Determining organizational IT Security requirements; |
| Specifying appropriate safeguards for each of the security threats; |
| Monitoring the implementation of security services that are necessary in order to protect the information within the organization; and |
| Developing a security awareness programme. |
In order to fulfill these management responsibilities, the managers of IT systems security must be an integral part of an organization's overall management plan. As a result , several of the security topics addressed in this Technical Report have a broader management implications. This report will not attempt to focus on the broad management issues, but rather on the security aspects of the topics and how they are related to management in general.
The purpose of this TR is to provide guidance, not solutions, to specific security problems. Those individuals within an organization that are responsible for IT Security should be able to conveniently adapt the material in this report to fulfill their specific information security needs.
ISO 7498-2: 1989, Information processing systems - Open systems interconnection - Basic reference model - Part 2: Security architecture
PDTR 1993
DTR 1995
TR 1996
ISO/IEC TR 13335-2: 1997
IT Security Management is the overall process of establishing an adequate IT Security within an organization i.e. to achieve and maintain appropriate levels of confidentiality, integrity, availability, and also accountability, authenticity and reliability, for information and services. The purpose of this Technical Report is to provide guidance to specific security problems. Part 2 describes management and planning aspects. It is relevant to IT managers who typically have responsibility for procurement, design, implementation, or operation of IT systems. IT is also relevant to managers who are responsible for activities that make substantial use of IT systems. Such readers are expected to have managerial responsibilities relating to an organization's IT systems.
The aim of this Part of the Technical Report is to present the different activities related to the management of the planning of IT Security, as well as the associated roles and responsibilities within an organization.
The main IT Security management activities include:
| Determining IT Security objectives, strategies and policies; |
| Determining organizational IT Security requirements; |
| Managing IT Security risks; |
| Planning the implementation of adequate IT Security safeguards; |
| Developing a security awareness programme; |
| Planning follow-up programmes for monitoring, reviewing, and maintenance of security services; |
| Developing plans for incident handling. |
In order to fulfill these management responsibilities, the managers of IT systems security must be an integral part of an organization's overall management plan. As a result, several of the security topics addressed in this Technical Report have broader management implications. This report focuses on the security aspects of the topics and how they are related to management.
Familiarity with the concepts and models introduced in Part 1 is essential for a complete understanding this Part.
PDTR 1995
DTR 1996
TR 1997
ISO/IEC TR 13335-3: 1998
IT Security Management is a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, and also accountability, authenticity and reliability, for information and services. This part of ISO/IEC 13335 provides techniques for the management of IT security. The techniques are based on general guidelines laid out in Part 1 and Part 2 of ISO/IEC 13335. These guidelines are designed to assist the implementation of IT security.
This Working Draft will not focus on the broad management issues, but rather on the security aspects of the topics and how they are related to management in general. The material in this report should be adapted by the several organisations to fulfill their specific information security needs.
The aim of this document is to propose techniques for the successful management of IT security. It is not the intention to provide exhaustive solution, rather to identify the minimum requirements to be addressed. These minimum requirements may have to be complemented by additional measures dictated by the actual organisation and environment.
Several options for a strategic risk management are given, followed by a recommendation of the preferred approach, which is: carry out an initial high level risk analysis to identify systems of high risk, followed by detailed risk analysis and management on the high risk IT systems, and applying baseline security to low-risk systems.
Risk management techniques are explained in detail as well as the development of an IT security plan its implementation and testing, followed by considerations of regular review, incidental analysis, IT security awareness programme, accreditation and conceptual design.
ISO/IEC TR 13335 Part 1 and ISO/IEC TR 13335 Part 2.
PDTR 1995
DTR 1997
TR 1998
ISO/IEC WD 13335-4: 1998
IT security management is a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, and also accountability, authenticity and reliability, for information and services. This part of ISO/IEC TR 13335 provides guidance on the selection of safeguards, taking into account business needs and security concerns. It describes a process for the selection of safeguards according to security needs and the specific environment of an organization. It showes how to achieve appropriate protection, and how this can be supported by the application of baseline security.
The approach suggested in this part of ISO/IEC TR 13335 supports the techniques for the management of IT security laid out in Part 3.
The aim of Part 4 of ISO/IEC TR 13335 is to provide guidance on the selection of safeguards. This guidance is given for the straight forward selection of baseline safeguards according to the IT system considered, and for the case that more detailed assessments of security needs and concerns should be taken into account. Part 4 helps to identify the appropriate level of safeguards for an organization-wide baseline and how additional safeguards can be selected.
In order to provide help for the safeguards selection, Part 4 shows how the process of safeguard selection can be supported by the use of manuals containing baseline safeguards, which are briefly described in the annex.
ISO/IEC TR 13335 Part 1, ISO/IEC TR 13335 Part 2 and ISO/IEC TR 13335 Part 3.
WD 1997-12
(PDTR 1998-10)
(DTR 1999-05)
(TR 1999-11)
ISO/IEC WD 13335-5: 1998
To provide guidance to an organization connecting its IT systems to external networks. This guidance includes the selection and use of safeguards to provide security for the external connections and the services supported by those connections, and additional safeguards required for the IT systems because of the connections.
Government and commercial organizations rely heavily on the use of information to conduct their business activities. Loss of confidentiality, integrity, availability, accountability, authenticity and reliability of information and services can have an adverse impact on organizations. Consequently, there is a critical need to protect information and to manage the security of IT systems within organizations. This requirement to protect information is particularly important in today's environment because many organizations are internally and externally connected by networks of IT systems.
In this context it is particularly important that adequate protection is afforded those network connections that are external from each of an organisation's IT system locations, including to other, geographically disparate, parts of the same organisation. The first step in determining whether an organization has adequate protection is to identify the security risks from the use of each external connections; advisce on security risk analysis and the related use of baseline approaches is contained in Part 3 of TR 13335. Once the risks have been identified then these risks can form the basis for the selection of security safeguards; general advice on this is contained in Part 4 of TR 13335. This Part (5) of TR 13335 complements and provides more detail on the selection of safeguards for external connections.
Before connecting to an external network, each organization (or at least the person responsible for the connection within the organization) should be clear about the business requirements, benefits and security risk scenarios of such a connection. Hence, the first step is to assess the requirements and benefits from the external connection, and the related security risk scenarios. These should be appropriate to the type of external connection proposed and the information to be transferred via the connection (as well as the other information potentially accessible from the connection). Then safeguards should be selected appropriate to the type of external connection, the network type and the risk scenarios.
This part of the Technical Report builds upon Part 4 in the specific area of safeguards for external connections.
WD 1997-12
(PDTR 1998-10)
(DTR 1999-05)
(TR 1999-11)
ISO/IEC 13888-1: 1997
The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurance or non-occurance of the event or action. This part of ISO/IEC 13888 describes a model for non-repudiation mechanisms providing evidence based on cryptographic check values generated by using symmetric or asymmetric cryptographic techniques. Non-repudiation mechanisms generic to the various non-repudation services are described and applied to a selection of specific non-repudiation services such as: non-repudiation of origin, non-repudiation of delivery, non-repudiation of submission, and non-repudiation of transport.
Non-repudiation services establish evidence: evidence establishes accountability regarding a particular event or action. There are two main types of evidence the nature of which depends on cryptographic techniques employed:
| Secure Envelopes generated by an evidence generating authority Trusted Third Party (TTP) using symmetric cryptographic techniques. |
| Digital Signatures generated by an evidence generator or an evidence generating authority (Trusted Third Party) using asymmetric cryptographic techniques. |
ISO/IEC 13888-1 describes generic evidence generation and verification mechanisms involving the generation of Secure Envelopes and Digital Signatures based on symmetric and asymmetric cryptographic techniques respectively. Cryptographic check functions common to both basic mechanisms are introduced in order to better represent non-repudiation tokens. Three kinds of tokens are defined, firstly, the generic non-repudiation token suitable for many non-repudiation services, secondly, the time stamping token generated by a trusted time stamping authority and, thirdly, the notarization token generated by a notary to provide evidence about the properties of the entities involved and of the data stored or communicated.
This multi-part standard provides non-repudiation mechanisms for the following phases of non-repudiation: evidence generation, evidence transfer, storage and retrieval, and evidence verification. Dispute arbitration is outside the scope of this standard.
This
document describes a model of non-repudiation mechanisms specified in the subsequent parts
of the multi-part standard on non-repudiation:
| ISO/IEC 13888-2: 1998, Information technology - Security techniques -
Non-repudiation - Part 2: Mechanisms using symmetric techniques, and |
| ISO/IEC 13888-3: 1997, Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric techniques. |
CD 1994
DIS 1996
IS 1997
ISO/IEC 13888-2: 1998
The goal of a non-repudiation service is to collect, maintain, make available, and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. The event or act on can be the generation of a message, sending of a message, receipt of a message, submission of a message transport of the message. This part of the standard specifies mechanisms for generation, exchange, and validation non-repudiation tokens using symmetric techniques, relying on the existence of an on-line mutually Trusted Third Party, available in an exchange.
Five non-repudiation tokens are specified in this standard using Secure Envelope constructed with MAC. Five basic mechanisms are described for establishment of non-repudiation of origin, delivery, submission and transport and for time stamping. Each of which requires that entities involved be able to communicate separately with the Trusted Third Party (TTP). The mechanisms require the use of the specified non-repudiation tokens. Three exemples of non-repudiation mechanisms are provided for establishment of non-repudiation of origin and non-repudiation of delivery between two entities. First mechanism implies the use of an on-line TTP which needs to be called for every evidence generation and every evidence verification. The second mechanism requires the use of a TTP which is needed to load appropriate keys in a trusted cryptographic device distributed by the TTP to different participants. As, in this case, the TTP is not involved during the generation of the verification of the evidence, this mechanism is referred to as using an off-line TTP.
Prior to the use if these mechanisms, it is assumed that each entity shares a secret key with the on-line Trusted Third Party. This secret key may be a permanent key or a temporary key established prior to use of this mechanism. The Trusted Third Party also holds a single key known only to itself. At least one common function for constructing MAC is shared by both entities in the non-repudiation service. The symmetric algorithm chosen for computing cryptographic check value MAC must be held by all participants on the non-repudiation services. The algorithm must operate in the data in such a way that the result is not undetectably alterable (with some acceptable probability) by any party not holding the secret key used in the transformation.
Familiarity with the definitions in Part 1 is essential to understanding Part 2. MAC algorithms for constructing non- repudiation tokens are defined in ISO/IEC 9797.
CD 1994
DIS 1997
IS 1998
ISO/IEC 13888-3: 1997
This part of ISO/IEC 13888 specifies two mechanisms for the provision of non-repudiation services using asymmetric cryptographic techniques. The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. The event or act on can be the generation of a message, sending of a message, receipt of a message, submission of a message transport of a message.
Non-repudiation mechanism are specified to establish the following non-repudiation services: non-repudiation of origin, non- repudiation of delivery, non-repudiation of submission, and non- repudiation of transport. Some of the mechanisms described in this standard require the existence of a Trusted Third Party (TTP) that will perform evidence generation, evidence transmission, evidence recording or evidence verification.
Non-repudiation mechanisms using digital signatures allow for generating evidence for non-repudiation of origin (NRO) and non- repudiation of delivery (NRD) without the direct involvement of a Trusted Third Party (TTP). This standard defines also mechanisms with the involvement of a TTP for NRO and NRD as well as for non- repudiation of submissions (NRS) and non-repudiations of transport (NRT). Independent of the TTP involvement, digital signatures are to generate non-repudiation tokens. Four basic non-repudiation mechanisms are defined to allow signatures to be generated as digital signatures giving message recovery and digital signatures with appendix.
Additional mechanisms are specified for supporting services such as time stamping service, notary service and evidence recording.
Familiarity with the non-repudiation model, definitions and notations in Part 1 is essential to understanding this part of the multipart standard.
Collision-resistant hash-functions are defined in the multipart standard ISO/IEC 10118.
A digital signature scheme giving message recovery is defined in ISO/IEC 9796.
Digital signatures with appendix are defined in the multipart standard ISO/IEC 14888.
CD 1995
DIS 1996
IS 1997
ISO/IEC WD 14516: 1998
Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security related issues for which general guidance is necessary to assist business users, systems and service developers and providers, etc. This includes guidance on issues related to the relationships, positions and roles of TTPs and other entities (e.g. network service providers and end users); the generic security requirements; who should provide what type of security; what the possible security solutions are; how to select security mechanisms to provide these services; and the operational use and management of TTP service security.
This document identifies different major categories of TTP services including electronic notary public, key management, certificate management and other services. Each of these major categories consists of several services which logically belong together.
This document provides guidance for the use and management of TTPs, a clear definition of the basic duties and services provided, their description and their purpose, and the roles and liabilities of a TTP and its users. It is intended primarily for enterprise users, system mangers, developers and TTP operators to select those TTP services needed for particular requirements, their subsequent management, use and operational deployment, and the establishment of a Security Policy within a TTP.
| ISO/IEC 9594-8, Information technology - Open systems inteconnection -
The Directory - Part 8: Authentication framework |
| ISO/IEC 9798-1, Information technology - Security techniques - Entity
authentication - Part 1: General |
| ISO/IEC 11770, Information technology - Security techniques - Key
management - Part 1: Framework Part 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 13888, Information technology - Security techniques -
Non-repudation - Part 1: General Part 2: Using symmetric techniques Part 3: Using asymmetric techniques |
| ISO/IEC TR 13335, Information technology - Security techniques -
Guidelines for the management of IT security (GMITS) - Part 1: Concepts and models for IT Security Part 2: Managing and planning IT Security Part 3: Techniques for the management of IT Security Part 5: Safeguards for external connections |
WD 1997-12
(PDTR 1998-11)
(DTR 1999-05)
(TR 1999-11)
ISO/IEC FDIS 14888-1: 1998
A digital signature in electronic exchange of information provides the same kind of facilities that are expected from a handwritten signature in paper-based mail. Hence it is applicable to the provision of authentication, integrity and non-repudiation of data.
The purpose of project JTC 1.27.08 is to specify digital signature mechanisms with appendix for messages of arbitrary length. This part if the project covers general principles and requirements for digital signature with appendix.
The document gives a general description of the signature and verification processes of a digital signature with appendix. The various applications like entity authentication, key management and non-repudiation do not belong to the objectives of this document.
Digital signature with appendix makes use if a collision resistant hash-functions, which is executed both in the signature and verification process. The other main function, in the signature process are pre-sign and sign, where the pre-sign function is independent of the message and the sign function is determined by the signature key. In the verification process the main function is the verify function which is determined by the verification key.
Among the known digital signatures with appendix three differentverification processes can be distinguished with respect to the order ofthe hash and verify functions. Some digital signatures haveverification processes where the hash and verify functions can becomputed in parallel.
| ISO/IEC 9796: 1991, Information technology - Security techniques - Digital signature scheme giving message recovery |
| ISO/IEC 10118: 1994, Information technology - Security techniques -
Hash-functions |
CD 1995-11
FDIS 1998-06
(IS 1998-11)
ISO/IEC FDIS 14888-2: 1998
With respect to the distribution of verification keys two types of digital signature mechanisms are clearly identified.
| When the verification key is a public function of the signer's identity, the mechanism is named an "identity-based signature mechanism". |
| When the verification key cannot be computed from the signer's identity but the verifier obtains the knowledge by some other means, e.g. by retrieving it from a certificate, the mechanism is named a "certificate-based signature mechanism". |
This document specifies the fundamental structure, the mathematical functions and possible data objects which constitute the signature and verification processes of an identity-based digital signature mechanism with appendix for messages of arbitrary length.
This signature mechanism requires the services of a trusted authority who derives a signer's signature key from a the signer's identity. In this procedure the trusted authority uses the digital signature scheme described in ISO/IEC 9796, Annex A, and its verification key forms a part of the public system parameters.
The signature process consists of three functions: pre-sign (randomization), hash and sign to be executed in this order. The verify function is determined by the signer's identity and is performed prior to the hash-function in the verification process.
| ISO/IEC 9796:1991, Information technology - Security techniques - Digital signature scheme giving message recovery |
| ISO/IEC 10118:1994, Information technology - Security techniques -
Hash-functions |
CD 1995-11
(FDIS 1998-06)
(IS 1998-11)
ISO/IEC FDIS 14888-3: 1998
This standard specifies digital signature mechanisms with appendix for messages of arbitrary length and is applicable to providing data origin authentication, non-repudation, and integrity of data.
In particular, this part of ISO/IEC 14888 provides
| a general description of certificate-based digital signature mechanisms whose security is based on the difficulty of the discrete logarithm problem in the underlying commutative group, |
| a general description of certificate-based digital signature mechanisms whose security is based on the difficulty of factoring, and |
| a variety of digital signature mechanisms with appendix using certificate-based mechanisms for messages of arbitrary length. |
The objectives of this Part of the standard are to specify the following processes and functions within the general model described in Part 1 of this standard. These include
| the process of generating key, |
| the process of producing signatures, and |
| the process of verification |
| ISO/IEC 9796: 1991, Information technology - Security techniques -
Digital signature scheme giving message recovery |
| ISO/IEC 9796-2: 1997, Information technology - Security techniques - Digital signature scheme giving message recovery - Part 2: Mechanisms using a hash-function |
| ISO/IEC 10118-3: 1998, Information technology - Security techniques -
Hash-functions - Part 3: Dedicated hash-function |
| ISO/IEC FDIS 10118-4: 1998, Information technology - Security
techniques - Hash-functions - Part 4: Hash-functions using modular arithmetic |
| ISO/IEC FDIS 14888-1: 1998, Information technology - Security techniques - Digital signatures with apendix - Part 1: General |
| ISO/IEC FDIS 14888-2: 1998, Information technology - Security techniques - Digital signatures with apendix - Part 2: Identity-based mechanisms |
CD 1995-11
FDIS 1998-06
(IS 1998-11)
ISO/IEC WD 15292: 1998
This International Standard defines the procedures to be applied by a Registration Authority in operating a Register of Protection Profiles and packages for the purposes of IT security evaluation.
A Protection Profile is defined within ISO/IEC 15408 as an implementation-independent set of security requirements for a category of IT products or systems which meet specific consumer needs. A package is defined as a reusable set of either functional or assurance components combined together to satisfy a set of identified security objectives.
This standard describes the technical and procedural regulations governing the operation of Registration Authorities validating and recording Protection Profiles and packages produced in accordance with ISO/IEC 15408.
It also describes the roles and responsibilities of such Registration Authorities and provides guidance to users of their services.
Protection Profiles and packages registered under the procedures of ISO/IEC 15292 will be defined and vetted in accordance with criteria given in ISO/IEC 15408.
WD 1998-05
(CD 1998-11)
(FDIS 1999-11)
(IS 2000-05)
ISO/IEC FCD 15408-1: 1998
This part 1 of the multi-part ISO is the introduction to the standard. Part 1 defines general concepts and principles of IT security evaluation and presents a general model for evaluation. IT security evaluation are formal investigations of the security properties of IT products and systems. Constructs are presented in this part for expressing security functional and assurance requirements and specifications for IT products and systems. The principal target audiences for all parts of this ISO/IEC 15408 are identified and pointers are given to the parts where their individual interests with respect to security criteria and evaluation are covered. This part also defines the ways in which the results of security evaluation may be expressed.
Part 1of ISO/IEC 15408 defines two forms for expressing IT security functional and assurance requirements.The protection profile (PP) construct allows creation of generalized reusable sets of these security requirements. The PP can be used by prospective consumers for specification and identification of products with IT security features which will meet their needs. The security target (ST) expresses the security requirements and specifies the security functions for a particular product or system to be evaluated, called the target of evaluation (TOE). The ST is used by evaluators as the basis for evaluations conducted in accordance with ISO/IE 15408.
Part 1 of ISO/IEC 15408 describes the general model of security evaluation used in Parts 2 and 3 of the Standard. This part also defines the content of the PP and ST, which establish the security requirements for TOEs and are intended to be composed largely of functional components from Part 2 and assurance levels from Part 3. Further, Part 3 sets the criteria for evaluation of PPs and STs.
CD 1996-04
FCD 1998-05
(FDIS 1998-11)
(IS 1999-05)
ISO/IEC FCD 15408-2: 1998
Part 1 of this multi-part International Standard defines general concepts and principles of IT security evaluation and presents a general model for the security evaluation of IT systems and products. Within this model, security functional components provide the basis for describing the desired security behaviour of a Target of Evaluation (TOE) and are intended to meet the security objectives as stated in a generic Protection Profile (PP) or specific Security Target (ST).
This part of ISO/IEC 15408 defines the required structure and content of security functional components. In addition, it provides a catalogue of predefined functional components that will meet the common security functionality requirements of many TOEs.
This part of ISO/IEC 15408 defines the content and presentation of the functional requirements of PPs and STs and provides guidance on the organisation of the requirements for new components. Functional requirements are to be expressed using a hierarchical structure of classes, families and components.
A wide range of functional components to meet common security requirements are being defined in a related catalogue. Their inclusion in a TOE offers a way to create trusted products or systems that address common security needs of the marketplace, and which may be evaluated efficiently, since their security functionality is based on components that are generally accepted to be valid and well understood.
This part of ISO/IEC 15408 uses the general model of security evaluation defined in Part 1 of the Standard. There are some interrelationships with assurance components defined in Part 3. ISO/IEC 15292 defines registration procedures for Protection Profiles and packages of components. These will use functional components either taken from the catalogue within this part of ISO/IEC 15408, or defined in accordance with its rules.
CD 1996-05
FCD 1998-05
(FDIS 1998-11)
(IS 1999-05)
ISO/IEC FCD 15408-3: 1998
Part 1 of this multi-part International Standard defines general concepts and principles of IT security evaluation and presents a general model for the security evaluation of IT systems and products. Within this model, the level of confidence that may be held in the IT security measures is assessed.
In order to allow an evaluation of the assurance in a Target of Evaluation (TOE), seven evaluation assurance levels labelled EAL1 to EAL7 are defined in this Part 3 of the International Standard, representing ascending levels of confidence in the IT security of the TOE. EAL1 represents an entry point below which no useful confidence can be held in, and EAL7 supports the highest level of confidence. The remaining levels represent an interpolation in between EAL1 and EAL7.
The EALs are mainly used for defining the assurance requirements in a generic Protection Profile (PP) or a TOE specific Security Target (ST).
This part of the International Standard specifies the assurance aspects of the technical security measures, especially the security functions implemented in hardware or software. They need to be addresses from different points of view and, in this International Standard, it is distinguished between seven general aspects like "vulnerability assessment", "tests" or "guidance documents". A central role plays the analysis of the security functions at different levels of detail, which will go down to the implementation for higher assurance evaluations.
Additionally, evaluation criteria for PPs and STs are defined which allow to assess whether PPs and STs form a useful basis for an evaluation. This part of the International Standard defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organisation of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order. The EALs represent a choice of appropriate assurance components.
This part of the International Standard uses the general model of security evaluation defined in Part 1 of the Standard. There are some interrelationships with functionality components defined in Part 2. Project JTC1.27.20 is in the initial study period of examining registration procedures for Protection Profiles. These profiles will normally use assurance requirements from this Part 3 in the form of EALs at least as a basis for the definition of the assurance requirements.
CD 1996-04
FCD 1998-05
(FDIS 1998-11)
(IS 1999-05)
ISO/IEC WD 15443: 1998
This Technical Report will create a framework to include those approaches which contribute to assurance in IT Security. The approaches identified for consideration at the outset of the project are as follows (more will be added during the project):
| application of the assurance requirements in the ISO evaluation criteria, |
| developmental assurance techniques, |
| techniques used to develop highly reliable and robust systems, |
| testing of the conformance of security features using standardised test suites, |
| specification of technical requirements on personnel, |
| prior success record of developers in producing high assurance products, |
| formalised commitment of developers to maintain and service their products. |
Evaluation assurance will be included as one of the approaches for consideration and will be treated on an equal footing with the other approaches.
The framework will be a major contribution to the understanding and application of assurance approaches to IT Security products and systems. It will describe the need for assurance and the different approaches. It will support analysis of the equivalency, effectiveness and required resources of assurance approaches, and analysis of how elements of different approaches may be combined.
The descriptions of the various approaches will be developed in sufficient detail for the work of the project. The framework will define metrics to allow different approaches and different approaches to be compared. The framework will include guidance to provide some basis for making trade-offs among the various approaches. The framework will contain recommendations for achieving recognition of the results of applying the assurance approaches and will identify any new international standards needed to formalise particular approaches.
The Technical Report will reference ISO/IEC 15408 for the definition of evaluation assurance.
WD 1998-05
(PDTR 1998-11)
(DTR 1999-11)
(TR 2000-11)
ISO/IEC WD 15446: 1998
To develop a Technical Report for the approaches, processes and techniques to be followed when developing a Protection Profile or Security Target.
This work item is intended to provide the guidance necessary to support the development of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with the standard for Information Technology Security Evaluation. The objective is to provide a general guidance body of material, with annexes which provide guidance for specific product types, e.g. firewalls or relational databases.
A guidance document is required to ensure that PPs and STs are developed in an efficient and consistent manner. The guidance document will ensure that PPs and STs are uniformly structured and that alignment efforts prior to registration will be minimised.
The guidance is primarily aimed at those who are involved in the development of PPs and STs. However, it is also likely to be useful to evaluators of PPs and STs, and to those who are responsible for defining and monitoring the application of the methodology for PP and ST evaluation.
The Technical Report will reference ISO/IEC 15408 for the definition of the model, structure and sets of functional and assurance requirements.
WD 1998-05
(PDTR 1998-11)
(DTR 1999-11)
(TR 2000-11)
ISO/IEC WD 15816: 1997
The scope includes:
| the definition of guidelines and a method for specifying the abstract syntax of generic and specific Security Information Objects; |
| generic and specific Security Information Object specifications; |
| a partial definition of the semantics of the various component parts of security information object classes. |
The scope of this International Standard covers only the "statics" of SIOs through syntactic definitions in terms of ASN.1 descriptions and additional semantic explanations. It does not cover the "dynamics" of SIOs, for example rules relating to their creation and deletion.
The document provides object definitions that are needed in more than one security standard to avoid multiple and different definitions of the same functionality. It references existing definitions in other International Standards. The document contains methods and guidelines for defining basic security-related information objects and for constructing new ones from existing components. It also provides a collection of generic and specific SIO definitions.
It is intended that other standards will refer to this standard for the definition of SIOs.
WD 1997-11
(CD 1998-10)
(FDIS 1999-05)
(IS 1999-11)
ISO/IEC WD 15945: 1998
Technical services definitions and protocols are required to allow for the implementation of TTP services and related commercial applications.
This IS focuses on
| implementation and interoperability, |
| service specifications and, |
| technical requirements. |
This International Standard will define those TTP services needed to support the application of digital signatures in commercial applications.
This standard will also define interfaces and protocols to enable interoperability between entities associated with these TTP services.
This standard does not describe the management of TTPs or other organizational, operational or personal issues. Those topics are mainly covered in TR 14516.
| ISO/IEC 9594-8:1997, Information technology - Open Systems
Interconnection - The Directory - Part 8: Authentication Framework |
| ISO/IEC 9796, Information technology - Security techniques - Digital signatures giving message recovery |
| ISO/IEC 10118, Information technology - Security techniques -
Hash-functions - Part 1: General Part 2: Hash-functions using an n-bit block cipher algorithm Part 3: Dedicated hash-functions |
| ISO/IEC 11770, Information technology - Security techniques - Key
management - Part 1: Framework Part 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 13888, Information technology - Security services -
Non-repudiation - Part 1: General Part 2: Using symmetric techniques Part 3: Using asymmetric techniques |
| ISO/IEC FDIS 14888, Information technology - Security techniques -
Digital signatures with appendix - Part 1: General Part 2: Identity-based mechanisms Part 3: Certificate-based mechanisms |
WD 1997-12
(CD 1999-05)
(FDIS 1999-11)
(IS 2000-05)
ISO/IEC WD 15946-1*: 1998
To be provided.
(WD 1998-11)
(CD 1999-11)
(FDIS 2000-11)
(IS 2001-11)
* Subject to endorsement by JTC 1 of the subdivison of the project
ISO/IEC WD 15946-2*: 1998
To be provided.
(WD 1998-11)
(CD 1999-11)
(FDIS 2000-11)
(IS 2001-11)
* Subject to endorsement by JTC 1 of the subdivison of the project
ISO/IEC WD 15946-3*: 1998
International Standard ISO/IEC 15946 specifies public-key cryptographic techniques based on elliptic curves. They include the establishment and transport of keys for secret-key systems and digital signature mechanisms.
This part of ISO/IEC 15946 specifies techniques for key agreement and for key transport that use elliptic curves.
The scope of this standard is restricted to cryptographic techniques based on elliptic curves defined over finite fields of prime power order (including the specials cases of prime order or characteristic two). The representation of elements of the underlying finite (i.e. which basis is used) is outside the scope of this standard.
This part of ISO/IEC 15946 specifically addresses the use of elliptic curve public-key techniques to achieve the following goals:
| Establish a shared secret key between two entities A and B by key agreement. In a secret key agreement mechanism the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared key. |
| Establish a shared secret key between two entities A and B by key transport. In a secret key transport mechanism the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques. |
This document is part of a multi-part standard. Some mechanisms make use of the techniques specified in
| ISO/IEC 11770-3, Information technology - Security techniques - Key
management – Part 3: Mechanisms using asymmetric techniques. |
(WD 1998-11)
(FCD 1999-11)
(FDIS 2000-11)
(IS 2001-11)
* Subject to endorsement by JTC 1 of the subdivison of the project
ISO/IEC WD 15947: 1998
The project explains the role of intrusion detection in IT risk management. It seeks to establish common definitions for intrusion detection terms and concepts. It will define a framework for intrusion detection systems.
The objective of the Intrusion Detection Project is to define a framework for detection of intrusions into IT systems. It seeks to establish common definitions for intrusion detection terms and concepts. It describes the methodologies and concepts and the relationships among them; it addresses possible orderings of intrusion detection tasks and related activities, and attempts to relate these tasks and processes to an organization's or enterprise's procedures to demonstrate the practical integration of intrusion detection within an organization or enterprise security policy.
| ISO/IEC TR 13335, Information technology - Guidelines for the
management of IT Security - Part 1: Concepts and models for IT Security Part 2: Managing and planning IT Security Part 3: Techniques for the management of IT Security Part 4: Selection of safeguards Part 5: Safeguards for external connections |
(PDTR 1998-10)
(DTR 1999-10)
(TR 2000-04)
