ISO/IEC 9798 2011 2 4 ISO/IEC 9798-2 (Mechanisms using symmetric encipherment algorithms), ISO/IEC 9798-3 (Mechanisms using digital signature techniques), ISO/IEC 9798-4 (Mechanisms using a cryptographic check function) 1 ISO/IEC 9798-2, 9798-3, 9798-4 ISO/IEC 9798-2, 9798-3, 9798-4 2 2009 1
3 3.1 forward security 3.2 IOTP DSA, ECDSA, RSASSA-PKCS1-v1 5, RSA-PSS, RSA-OAEP, RSAES-PKCS1-v1 5 [15, 16, 14] IOTP 3.3 Abadi, Needham M.Abadi R.Needham [1] 11 Abadi Needham 2
1. 2. 3. 4. 5. 6. Nonce (Number used once) 7. 8. 9. nonce 10. 11. IOTP 1, 2, 3, 4, 10, 11 4 ISO/IEC 9798-2, 9798-3, 9798-4 4.1 ISO/IEC 9798-2, 9798-3, 9798-4 Time variant parameter ISO/IEC 9798-2, 9798-3, 9798-4 Time variant parameter 3
ISO/IEC 18031 ISO/IEC 9798-2, 9798-3, 9798-4 A, B e K K I U I K UV U V N U U P R U U T N U U Time variant parameter T oken UV U V T U U T V P U U Time variant parameter X Y X Y ss(y 1 Y j ) Y 1 Y j f K (X) K f 4.2 ISO/IEC 9798-2 ISO/IEC 9798-2 Time variant parameter ISO/IEC 18031 Coordinate Universal Clock (UTC) ISO/IEC 9798-1 ISO/IEC 9798-2 Time variant parameter Time variant parameter Time variant parameter Time variant parameter 4.2.1 Mechanism 1-One-pass authentication Mechanism 1-One-pass authentication 1. A = B : T oken AB T oken AB = T ext 2 e KAB (T N A I B T ext 1 ) 1: Mechanism 1-One-pass authentication 4
4.2.2 Mechanism 2-Two-pass authentication Mechanism 2-Two-pass authentication 1. B = A : R B T ext 1 2. A = B : T oken AB T oken AB = T ext 3 e KAB (R B I B T ext 2 ) 2: Mechanism 2-Two-pass authentication 4.2.3 Mechanism 3-Two-pass authentication Mechanism 3-Two-pass authentication 1. A = B : T oken AB 2. B = A : T oken BA T oken AB = T ext 2 e KAB (T N A I B T ext 1 ) T oken BA = T ext 4 e KAB (T N B I B T ext 3 ) 3: Mechanism 3-Two-pass authentication 4.2.4 Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext 1 2. A = B : T oken AB 3. B = A : T oken BA T oken AB = T ext 3 e KAB (R A R B I B T ext 2 ) T oken BA = T ext 5 e KAB (R B R A T ext 4 ) 4: Mechanism 4-Three-pass authentication 5
4.2.5 Mechanism 5-Four-pass authentication Mechanism 5-Four-pass authentication 1. A = P : T V P A I B T ext 1 2. P = A : T oken P A 3. A = B : T oken AB 4. B = A : T oken BA T oken P A = T ext 4 e KAP (T V P A K AB I B T ext 3 ) e KBP (T N P K AB I A T ext 2 ) T oken AB = T ext 6 e KBP (T N P K AB I A T ext 2 ) e KBP (T N A I B T ext 5 ) T oken BA = T ext 8 e KAB (T N B I A T ext 7 ) 5: Mechanism 5-Four-pass authentication 4.2.6 Mechanism 6-Five-pass authentication Mechanism 6-Five-pass authentication 1. B = A : R B T ext 1 2. A = P : R A R B I B T ext 2 3. P = A : T oken P A 4. A = B : T oken AB 5. B = A : T oken BA 6. T oken P A = T ext 5 e KAP (R A K AB I B T ext 4 ) e KBP (R B K AB I A T ext 3 ) T oken AB = T ext 7 e KBP (R B K AB I A T ext 3 ) e KAB (R A R B T ext 6 ) T oken BA = T ext 9 e KAB (R B R A T ext 8) 6: Mechanism 6-Five-pass authentication 4.3 ISO/IEC 9798-3 ISO/IEC 9798-3 6
Time variant parameter ISO/IEC 18031 Coordinate Universal Clock (UTC) ISO/IEC 9798-1 ISO/IEC 9798-2 Time variant parameter Time variant parameter Time variant parameter Time variant parameter 4.3.1 Mechanism 1-One-pass authentication Mechanism 1-One-pass authentication 1. A = B : Cert A T oken AB T oken AB = T A B T ext2 ss A ( T A B T ext1) N A N A 7: Mechanism 1-One-pass authentication 4.3.2 Mechanism 2-Two-pass authentication Mechanism 2-Two-pass authentication 1. B = A : R B T ext1 2. A = B : Cert A T oken AB T oken AB = R A R B B T ext3 ss A (R A R B B T ext2) 8: Mechanism 2-Two-pass authentication 4.3.3 Mechanism 3-Two-pass authentication Mechanism 3-Two-pass authentication 7
1. A = B : Cert A T oken AB 2. B = A : Cert B T oken BA T oken AB = T A B T ext2 ss A ( T A B T ext1) N A N A T oken BA = T B N B A T ext4 ss B ( T B N B A T ext3) 9: Mechanism 3-Two-pass authentication 4.3.4 Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext1 2. A = B : Cert A T oken AB 3. B = A : Cert B T oken BA T oken AB = R A R B B T ext3 ss A (R A R B B T ext2) T oken BA = R B R A A T ext5 ss B (R B R A A T ext4) 10: Mechanism 4-Three-pass authentication 4.3.5 Mechanism -Two-pass parallel authentication Mechanism 5-Two-pass parallel authentication 1. A = B : Cert A R A T ext1 1. B = A : Cert B R B T ext2 2. B = A : T oken BA 2. A = B : T oken AB T oken AB = R A R B B T ext4 ss A (R A R B B T ext3) T oken BA = R B R A A T ext6 ss B (R B R A A T ext5) 11: Mechanism 5-Two-pass parallel authentication 8
4.3.6 Five pass authentication (initiated by A) Five pass authentication (initiated by A) 1. A = B : R A I A T ext 1 2. B = A : I B T oken BA 3. A = P : R A R B I A I B T ext4 4. P = A : T ext7 T okent A 5. A = B : T oken AB Option 1 T oken AB = T ext 9 ResA ss T (R B ResA T ext5) ss A (R B R A B A T ext8) T oken BA = R A R B T ext3 ss B (B R A R B A T ext2) T oken T A = ResA ResB ss T (R A ResB T ext6) ss T (R B ResA T ext5) Option 2 T oken AB = R A T ext 9 T okent A ss A (R B R A B A T ext8) T oken BA = R A R B T ext3 ss B (B R A R B A T ext2) T oken T A = ResA ResB ss T (R A R B ResA ResB T ext5) I A = A or CertA I B = B or CertB ResA = (CertA Status), (A P A ) or F ailure ResB = (CertB Status), (B P B ) or F ailure 12: Five pass authentication (initiated by A) 4.3.7 Five pass authentication (initiated by B) Five pass authentication (initiated by B) 9
1. B = A : R B I B T ext 1 2. A = T P : R A R A I A I B T ext2 3. T P = A : T ext5 T okent A 4. A = B : I A T okenab 5. B = A : T oken BA Option 1 T oken AB = T ext 7 R A ResA ss T (R B ResA T ext3) ss A (R B R A B A T ext6) T oken BA = R A R B T ext9 ss B (A R A R B B T ext8) T oken T A = ResA ResB ss T (R A ResB T ext4) ss T (R B ResA T ext3) Option 2 T oken AB = R A T ext 7 T okent A ss A (R B R A B A T ext6) T oken BA = R A R B T ext9 ss B (R A R B A B T ext8) T oken T A = ResA ResB ss T (R A R B ResA ResB T ext3) I A = A or CertA I B = B or CertB ResA = (CertA Status), (A P A ) or F ailure ResB = (CertB Status), (B P B ) or F ailure 13: Five pass authentication (initiated by B) 4.4 ISO/IEC 9798-4 ISO/IEC 9798-4 CCF Time variant parameter ISO/IEC 18031 Coordinate Universal Clock (UTC) ISO/IEC 9798-1 ISO/IEC 9798-4 Time variant parameter Time variant parameter Time variant parameter Time variant parameter 10
4.4.1 Mechanism 1-One-pass authentication Mechanism 1-One-pass parallel authentication 1. A = B : T oken AB T oken AB = T A T ext2 f KAB ( T A B T ext1) N A N A 14: Mechanism 1-One-pass authentication 4.4.2 Mechanism 2-Two-pass authentication Mechanism 2-Two-pass parallel authentication 1. B = A : R B T ext1 2. A = B : T oken AB T oken AB = T ext3 f KAB (R B B T ext2) 15: Mechanism 2-Two-pass authentication 4.4.3 Mechanism 3-Two-pass authentication Mechanism 3-Two-pass parallel authentication 11
T oken AB = T oken BA = 1. A = B : T oken AB 2. B = A : T oken BA T A T ext2 f KAB ( T A B T ext1) N A N A T B T ext4 f KAB ( T B A T ext3) N B N B 16: Mechanism 3-Two-pass authentication 4.4.4 Mechanism 4-Three-pass authentication Mechanism 4-Three-pass authentication 1. B = A : R B T ext1 2. A = B : T oken AB 3. B = A : T oken BA T oken AB = R A T ext3 f KAB (R A R B B T ext2) T oken BA = T ext5 f KAB (R B R A T ext4) 17: Mechanism 4-Three-pass authentication 5 ISO/IEC 9798-2, 9798-3, 9798-4 ISO/IEC 9798-2, 9798-3, 9798-4 9798-3 Three-pass mutual authentication [4] 9798-3 Three-pass mutual authentication 9798 1. ISO/IEC 9798-2, 9798-3, 9798-4 ISO/IEC 2. 12
3. ISO/IEC 9798-2, 9798-3, 9798-4 Time variant parameter ISO/IEC 9798-2, 9798-3, 9798-4 [1] M.Abadi and R.Needham, Prudent engineering practice for cryptographic protocols, DEC SRC Technical Report 125, Digital Equipment Corporation (1995) [2] R.Anderson, Security Engineering : A Guide to Buiding Dependable Distributed Systems, John & Wiley Sons (2001) [3] M.Burrows, M.Abadi, and R.Needham, A logic for authentication, SRC Technical Report 39, Digital Equipment Corporation (1989) [4] W.Diffie, P.C.van Oorschot and M.Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, 2 (1992) 107-125 [5] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 1: General, ISO/IEC JTC 1/SC 27 DIS 9798-1: (1996) [6] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Entity authentication using symmetric techniques, ISO/IEC JTC 1/SC 27 N489 CD 9798-2: (1992) [7] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Entity authentication using symmetric techniques, ISO/IEC JTC 1/SC 27 N739 DIS 9798-2: (1993) 13
[8] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 2: Mechanisms using symmetric encipherment algorithms, ISO/IEC JTC 1/SC 27 N2145 FDIS 9798-2: (1998) [9] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 3: Mechanisms using digital signature techniques, BS ISO/IEC 9798-3: (1998) [10] ISO/IEC Information Technology - Security Technology - Entity Authentication Part 4: Mechanisms using a cryptographic check function, ISO/IEC JTC 1/SC 27 N2289 FDIS 9798-4: (1999) [11] J.Katz and Y.Lindell, Introduction to Modern Cryptography, Chapman & Hall (2008) [12] W.Mao, Modern Cryptography, Prentice Hall (2004) [13] A.J.Menezes, P.C.van Oorschot and S.A.Vanstone, Handbook of Applied Cryptography, CRC Press (1997) [14] DSA NIST FIPS 186-2 (+Change Notice 1) [15] RSA PKCS #1 v2.1: RSA Cryptography Standard [16] ECDSA SEC 1: Elliptic Curve Cryptography(September 20, 2000 Version 1.0) 14