ISO/IEC 9798プロトコルの安全性評価

Size: px

Start display at page:

Download "ISO/IEC 9798プロトコルの安全性評価"

ともあきこしの
8 years ago
Views:

1 ISO/IEC ISO/IEC (Mechanisms using symmetric encipherment algorithms), ISO/IEC (Mechanisms using digital signature techniques), ISO/IEC (Mechanisms using a cryptographic check function) 1 ISO/IEC , , ISO/IEC , ,

2 3 3.1 forward security 3.2 IOTP DSA, ECDSA, RSASSA-PKCS1-v1 5, RSA-PSS, RSA-OAEP, RSAES-PKCS1-v1 5 [15, 16, 14] IOTP 3.3 Abadi, Needham M.Abadi R.Needham [1] 11 Abadi Needham 2

3 Nonce (Number used once) nonce IOTP 1, 2, 3, 4, 10, 11 4 ISO/IEC , , ISO/IEC , , Time variant parameter ISO/IEC , , Time variant parameter 3

4 ISO/IEC ISO/IEC , , A, B e K K I U I K UV U V N U U P R U U T N U U Time variant parameter T oken UV U V T U U T V P U U Time variant parameter X Y X Y ss(y 1 Y j ) Y 1 Y j f K (X) K f 4.2 ISO/IEC ISO/IEC Time variant parameter ISO/IEC Coordinate Universal Clock (UTC) ISO/IEC ISO/IEC Time variant parameter Time variant parameter Time variant parameter Time variant parameter Mechanism 1-One-pass authentication Mechanism 1-One-pass authentication 1. A = B : T oken AB T oken AB = T ext 2 e KAB (T N A I B T ext 1 ) 1: Mechanism 1-One-pass authentication 4

5 4.2.2 Mechanism 2-Two-pass authentication Mechanism 2-Two-pass authentication 1. B = A : R B T ext 1 2. A = B : T oken AB T oken AB = T ext 3 e KAB (R B I B T ext 2 ) 2: Mechanism 2-Two-pass authentication Mechanism 3-Two-pass authentication Mechanism 3-Two-pass authentication 1. A = B : T oken AB 2. B = A : T oken BA T oken AB = T ext 2 e KAB (T N A I B T ext 1 ) T oken BA = T ext 4 e KAB (T N B I B T ext 3 ) 3: Mechanism 3-Two-pass authentication Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext 1 2. A = B : T oken AB 3. B = A : T oken BA T oken AB = T ext 3 e KAB (R A R B I B T ext 2 ) T oken BA = T ext 5 e KAB (R B R A T ext 4 ) 4: Mechanism 4-Three-pass authentication 5

6 4.2.5 Mechanism 5-Four-pass authentication Mechanism 5-Four-pass authentication 1. A = P : T V P A I B T ext 1 2. P = A : T oken P A 3. A = B : T oken AB 4. B = A : T oken BA T oken P A = T ext 4 e KAP (T V P A K AB I B T ext 3 ) e KBP (T N P K AB I A T ext 2 ) T oken AB = T ext 6 e KBP (T N P K AB I A T ext 2 ) e KBP (T N A I B T ext 5 ) T oken BA = T ext 8 e KAB (T N B I A T ext 7 ) 5: Mechanism 5-Four-pass authentication Mechanism 6-Five-pass authentication Mechanism 6-Five-pass authentication 1. B = A : R B T ext 1 2. A = P : R A R B I B T ext 2 3. P = A : T oken P A 4. A = B : T oken AB 5. B = A : T oken BA 6. T oken P A = T ext 5 e KAP (R A K AB I B T ext 4 ) e KBP (R B K AB I A T ext 3 ) T oken AB = T ext 7 e KBP (R B K AB I A T ext 3 ) e KAB (R A R B T ext 6 ) T oken BA = T ext 9 e KAB (R B R A T ext 8) 6: Mechanism 6-Five-pass authentication 4.3 ISO/IEC ISO/IEC

7 Time variant parameter ISO/IEC Coordinate Universal Clock (UTC) ISO/IEC ISO/IEC Time variant parameter Time variant parameter Time variant parameter Time variant parameter Mechanism 1-One-pass authentication Mechanism 1-One-pass authentication 1. A = B : Cert A T oken AB T oken AB = T A B T ext2 ss A ( T A B T ext1) N A N A 7: Mechanism 1-One-pass authentication Mechanism 2-Two-pass authentication Mechanism 2-Two-pass authentication 1. B = A : R B T ext1 2. A = B : Cert A T oken AB T oken AB = R A R B B T ext3 ss A (R A R B B T ext2) 8: Mechanism 2-Two-pass authentication Mechanism 3-Two-pass authentication Mechanism 3-Two-pass authentication 7

8 1. A = B : Cert A T oken AB 2. B = A : Cert B T oken BA T oken AB = T A B T ext2 ss A ( T A B T ext1) N A N A T oken BA = T B N B A T ext4 ss B ( T B N B A T ext3) 9: Mechanism 3-Two-pass authentication Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext1 2. A = B : Cert A T oken AB 3. B = A : Cert B T oken BA T oken AB = R A R B B T ext3 ss A (R A R B B T ext2) T oken BA = R B R A A T ext5 ss B (R B R A A T ext4) 10: Mechanism 4-Three-pass authentication Mechanism -Two-pass parallel authentication Mechanism 5-Two-pass parallel authentication 1. A = B : Cert A R A T ext1 1. B = A : Cert B R B T ext2 2. B = A : T oken BA 2. A = B : T oken AB T oken AB = R A R B B T ext4 ss A (R A R B B T ext3) T oken BA = R B R A A T ext6 ss B (R B R A A T ext5) 11: Mechanism 5-Two-pass parallel authentication 8

9 4.3.6 Five pass authentication (initiated by A) Five pass authentication (initiated by A) 1. A = B : R A I A T ext 1 2. B = A : I B T oken BA 3. A = P : R A R B I A I B T ext4 4. P = A : T ext7 T okent A 5. A = B : T oken AB Option 1 T oken AB = T ext 9 ResA ss T (R B ResA T ext5) ss A (R B R A B A T ext8) T oken BA = R A R B T ext3 ss B (B R A R B A T ext2) T oken T A = ResA ResB ss T (R A ResB T ext6) ss T (R B ResA T ext5) Option 2 T oken AB = R A T ext 9 T okent A ss A (R B R A B A T ext8) T oken BA = R A R B T ext3 ss B (B R A R B A T ext2) T oken T A = ResA ResB ss T (R A R B ResA ResB T ext5) I A = A or CertA I B = B or CertB ResA = (CertA Status), (A P A ) or F ailure ResB = (CertB Status), (B P B ) or F ailure 12: Five pass authentication (initiated by A) Five pass authentication (initiated by B) Five pass authentication (initiated by B) 9

10 1. B = A : R B I B T ext 1 2. A = T P : R A R A I A I B T ext2 3. T P = A : T ext5 T okent A 4. A = B : I A T okenab 5. B = A : T oken BA Option 1 T oken AB = T ext 7 R A ResA ss T (R B ResA T ext3) ss A (R B R A B A T ext6) T oken BA = R A R B T ext9 ss B (A R A R B B T ext8) T oken T A = ResA ResB ss T (R A ResB T ext4) ss T (R B ResA T ext3) Option 2 T oken AB = R A T ext 7 T okent A ss A (R B R A B A T ext6) T oken BA = R A R B T ext9 ss B (R A R B A B T ext8) T oken T A = ResA ResB ss T (R A R B ResA ResB T ext3) I A = A or CertA I B = B or CertB ResA = (CertA Status), (A P A ) or F ailure ResB = (CertB Status), (B P B ) or F ailure 13: Five pass authentication (initiated by B) 4.4 ISO/IEC ISO/IEC CCF Time variant parameter ISO/IEC Coordinate Universal Clock (UTC) ISO/IEC ISO/IEC Time variant parameter Time variant parameter Time variant parameter Time variant parameter 10

11 4.4.1 Mechanism 1-One-pass authentication Mechanism 1-One-pass parallel authentication 1. A = B : T oken AB T oken AB = T A T ext2 f KAB ( T A B T ext1) N A N A 14: Mechanism 1-One-pass authentication Mechanism 2-Two-pass authentication Mechanism 2-Two-pass parallel authentication 1. B = A : R B T ext1 2. A = B : T oken AB T oken AB = T ext3 f KAB (R B B T ext2) 15: Mechanism 2-Two-pass authentication Mechanism 3-Two-pass authentication Mechanism 3-Two-pass parallel authentication 11

12 T oken AB = T oken BA = 1. A = B : T oken AB 2. B = A : T oken BA T A T ext2 f KAB ( T A B T ext1) N A N A T B T ext4 f KAB ( T B A T ext3) N B N B 16: Mechanism 3-Two-pass authentication Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext1 2. A = B : T oken AB 3. B = A : T oken BA T oken AB = R A T ext3 f KAB (R A R B B T ext2) T oken BA = T ext5 f KAB (R B R A T ext4) 17: Mechanism 4-Three-pass authentication 5 ISO/IEC , , ISO/IEC , , Three-pass mutual authentication [4] Three-pass mutual authentication ISO/IEC , , ISO/IEC 2. 12

13 3. ISO/IEC , , Time variant parameter ISO/IEC , , [1] M.Abadi and R.Needham, Prudent engineering practice for cryptographic protocols, DEC SRC Technical Report 125, Digital Equipment Corporation (1995) [2] R.Anderson, Security Engineering : A Guide to Buiding Dependable Distributed Systems, John & Wiley Sons (2001) [3] M.Burrows, M.Abadi, and R.Needham, A logic for authentication, SRC Technical Report 39, Digital Equipment Corporation (1989) [4] W.Diffie, P.C.van Oorschot and M.Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, 2 (1992) [5] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 1: General, ISO/IEC JTC 1/SC 27 DIS : (1996) [6] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Entity authentication using symmetric techniques, ISO/IEC JTC 1/SC 27 N489 CD : (1992) [7] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Entity authentication using symmetric techniques, ISO/IEC JTC 1/SC 27 N739 DIS : (1993) 13

14 [8] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Mechanisms using symmetric encipherment algorithms, ISO/IEC JTC 1/SC 27 N2145 FDIS : (1998) [9] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 3: Mechanisms using digital signature techniques, BS ISO/IEC : (1998) [10] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 4: Mechanisms using a cryptographic check function, ISO/IEC JTC 1/SC 27 N2289 FDIS : (1999) [11] J.Katz and Y.Lindell, Introduction to Modern Cryptography, Chapman & Hall (2008) [12] W.Mao, Modern Cryptography, Prentice Hall (2004) [13] A.J.Menezes, P.C.van Oorschot and S.A.Vanstone, Handbook of Applied Cryptography, CRC Press (1997) [14] DSA NIST FIPS (+Change Notice 1) [15] RSA PKCS #1 v2.1: RSA Cryptography Standard [16] ECDSA SEC 1: Elliptic Curve Cryptography(September 20, 2000 Version 1.0) 14

橡セキュリティポリシー雛形策定に関する調査報告書

橡セキュリティポリシー雛形策定に関する調査報告書 13 2 KM 12 7 10 ISO/IEC TR 13335 Techniques for the Management of IT Security ISO/IEC 15408 Evaluation Criteria for IT Security BS7799 A Code of Practice for Information Security Management RFC2196 Site