HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (29 Sep 2024)

GB/T 15843.6-2018 PDF in English


GB/T 15843.6-2018 (GB/T15843.6-2018, GBT 15843.6-2018, GBT15843.6-2018)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 15843.6-2018English490 Add to Cart 0-9 seconds. Auto-delivery. Information technology -- Security techniques -- Entity authentication -- Part 6: Mechanisms using manual data transfer Valid
Standards related to (historical): GB/T 15843.6-2018
PDF Preview

GB/T 15843.6-2018: PDF in English (GBT 15843.6-2018)

GB/T 15843.6-2018 Information technology - Security techniques - Entity authentication - Part 6. Mechanisms using manual data transfer ICS 35.040 L80 National Standards of People's Republic of China Information technology security technology entity authentication Part 6. Mechanisms for manual data transfer Part 6. Mechanismsusingmanualdatatransfer (ISO /IEC 9798-6.2010, IDT) Published on.2018-09-17 Implementation of.2019-04-01 State market supervision and administration China National Standardization Administration issued Content Foreword I Introduction II 1 range 1 2 Normative references 1 3 Terms and Definitions 1 4 symbols and abbreviations 3 5 General requirements 3 6 Mechanisms using short test values 4 6.1 Overview 4 6.2 Mechanism 1. One device has a simple input interface and the other has a simple output interface 4 6.3 Mechanism 2. Both devices have a simple input interface 6 7 Mechanisms using short digest values or short keys 7 7.1 Overview 7 7.2 Mechanism 3. One device has a simple input interface and the other has a simple output interface 7 7.3 Mechanism 4. One device has a simple input interface and the other has a simple output interface 9 7.4 Mechanism 5. Both devices have a simple input interface 10 7.5 Mechanism 6. Both devices have a simple input interface 11 8 Mechanism using Message Authentication Code (MAC) 13 8.1 Overview 13 8.2 Mechanism 7. Both devices have a simple output interface 13 8.3 Mechanism 8. One device has a simple input interface and the other has a simple output interface 16 Appendix A (Normative) ASN.1 Definition 18 Appendix B (informative) Using a manual authentication protocol to perform key exchange 19 Appendix C (informative) Using a manual authentication protocol to perform public key exchange 21 Appendix D (informative) Mechanism security and parameter length selection 23 Appendix E (informative) A method for generating short test values 25 Appendix F (informative appendix) Comparative analysis of the safety and efficiency of mechanisms 1-8 Appendix G (informative) Method for generating short summary values 29 Reference 30 Foreword GB/T 15843 "Information Technology Security Technology Entity Identification" is divided into the following parts. --- Part 1. General; --- Part 2. Mechanisms using symmetric encryption algorithms; --- Part 3. Mechanisms using digital signature technology; --- Part 4. The mechanism of using the password check function; --- Part 5. Mechanisms using zero-knowledge technology; --- Part 6. The mechanism of using manual data transfer. This part is the sixth part of GB/T 15843. This part is drafted in accordance with the rules given in GB/T 1.1-2009. This part uses the translation method equivalent to ISO /IEC 9798-6.2010 "Information Technology Security Technology Entity Identification Part 6. The mechanism of using manual data transfer. Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This section drafted by. Chinese Academy of Sciences Data and Communication Protection Research and Education Center, Beijing Digital Certification Co., Ltd., Fei Tiancheng Letter Technology Co., Ltd. The main drafters of this section. Xia Luning, Zhang Guozhu, Zhang Qionglu, Lin Xueyan, Zhu Pengfei. introduction In daily communication, entity authentication is often required between two devices through non-secure channels, but non-secure channels are susceptible to active or Dynamic attacks, so-called active attacks, include malicious third parties performing data insertion, tampering, deletion, or playback on non-secure channels. The authentication mechanism specified in the other parts of GB/T 15843 applies to two devices sharing the same secret key, or each other owns each other. Asymmetric public key. The entity authentication mechanism described in this part of GB/T 15843 does not need to assume that the two parties establish a shared key relationship in advance, but use artificial Means for authentication, that is, entity authentication is achieved by manually transmitting a short data string from one device to another, or by manually comparing two Whether the short data strings output by the devices are consistent or not. In this section, the meaning of the term "physical authentication" is different from other parts. The two devices involved in the identification are used by the same one. The user holds, or is held by two different users who have a trusted communication path between them, and the user verifies that the two devices are performing the test of this part. Whether the data string is successfully shared after the mechanism. Of course, the data string can contain identifiers for two devices or one of them. As described in informative Appendix B and Appendix C, the manual authentication mechanism can be used as a secret key sharing or a reliable exchange of public keys. The basics. In addition, manual authentication mechanisms can be used as an exchange of other secret or public security parameters, including security policy statements or time. Poke and so on. In this part, the relevant content related to the cryptographic algorithm is implemented in accordance with relevant national laws and regulations; where it involves the use of cryptography to resolve confidentiality and complete Integrity, authenticity, and non-repudiation requirements are implemented in accordance with password-related national standards and industry standards. Information technology security technology entity authentication Part 6. Mechanisms for manual data transfer 1 Scope This part of GB/T 15843 specifies eight mechanisms for entity authentication based on manual data transfer between devices. This section refers to It is clear how these mechanisms are used to support key management functions and how to safely select the parameters of each mechanism. For these 8 mechanisms, this The definitions of ASN.1 are given in sections, and their safety levels and efficiencies are analyzed and compared. These mechanisms can be applied to multiple types of application scenarios. A typical application is in the personal network as a process for devices to access the network. In part, the user performs physical authentication between the two devices with wireless communication capabilities that they have mastered. 2 Normative references The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. GB/T 15843.1-2017 Information technology security technology entity identification Part 1. General (ISO /IEC 9798-1. 2010, IDT) 3 Terms and definitions The following terms and definitions as defined in GB/T 15843.1-2017 apply to this document. 3.1 Check value check-value A bit string, generated by a test function, transmitted from the originator of the communication to the receiver of the communication, and the receiver has the capability to check Test its correctness. 3.2 Test function check-valuefunction The function f maps a bit string and a short key to a test value of a fixed length b, and the short key can be easily input to The device is read from or read from. The validation function satisfies the following properties. --- For any key k and any bit string d, the function f(d, k) can be effectively calculated; --- Find two different bit strings d and d', so that for the key k there is f(d,k)=f(d',k), which is not feasible in calculation However, the k value that satisfies the above equation is not a small part of the value space of k. Note. In practice, a typical short key contains 4 to 6 numbers or letters. 3.3 Data origin identification dataoriginauthentication For the received data, confirm the authenticity of its source. [ISO 7498-2] 3.4 Digest value digest-value A bit string, generated by a digest function, passed from the originator of the communication to the receiver of the communication, and the receiver has the capability to check Test its correctness. 3.5 Summary function digestfunction The function d maps a bit string and a long key into a digest value of fixed length b bits. Summary values can be easily entered Read into or read from the user device and satisfy the following attributes. --- For any key k and any bit string m, d(m,k) can be effectively calculated; --- Find two different bit strings m and m' so that d(m,k)=d(m',k) for key k is computationally infeasible of. The ratio of the key satisfying this equation to the value of all possible keys is greater than (2-b ε), and b is the fixed length of the digest value. ε is a negligible number relative to 2-b. Note 1. In practice, if the length of the key k is a typical cryptographic hash length, for example 160 bits, then the second attribute above should be satisfied. This demand The theoretical lower bound of the length of the key from the hash function is generated. See Appendix F for more details. Note 2. A further discussion of the length of the key and the summary is given in Appendix D, Appendix F and Appendix G. 3.6 Hash function hash-function A function that maps an arbitrary long bit string into a fixed length bit string, which satisfies the following attributes. --- Given an output bit string, finding an input bit string to produce this output bit string is computationally infeasible; --- Given an input bit string, look for another different input bit string to produce the same output bit string, which is not calculated feasible. [ISO /IEC 10118-1] 3.7 Manual authentication certificate manualauthenticationcertificate A combination of a key and a check value, generated by one of the two devices participating in the authentication, and having the following attributes. when input to another This certificate can be used to complete the manual authentication process at a later time when a device is in use. 3.8 Message authentication code messageauthenticationcode;MAC An output bit string generated using a message authentication algorithm. [ISO /IEC 9797-1] 3.9 Message authentication algorithm messageauthenticationcode(MAC) algorithm Calculating a bit string and a key to obtain a fixed-length bit string algorithm, which satisfies the following attributes. --- For any key and any input bit string, it can be effectively calculated; --- For any specific key, calculate any new input bit string without any prior knowledge of this key The message authentication code is computationally infeasible, even if all previous input bit strings and corresponding message authentication codes are known. This means that the i-th input bit string is deliberately selected even after observing the first i-1 bit string and the corresponding message authentication code. Make it equal to one of the previous input bit strings, and the message authentication codes of the two will not be equal or have any correlation. [ISO /IEC 9797-1] 3.10 Artificial entity identification manualentityauthentication Message exchange between two devices via a (potentially non-secure) communication channel, while also passing a limited number manually According to this, the process of entity identification is realized. 3.11 Simple input interface simpleinputinterface A device interface that allows the user to inform the device of a successful or unsuccessful completion of a step, such as 2 or 1 button, at a given time interval The user chooses to press or not to press to inform the device of success or failure. 3.12 Simple output interface simpleoutputinterface Allows the device to inform the user of the device interface for a successful or unsuccessful completion of a step, for example, can be implemented as a red-green indicator or separately An indicator light that informs the user of success or failure through different blinking methods. 4 symbols and abbreviations The following symbols and abbreviations apply to this document. A, B The label of the entity involved in the authentication mechanism d summary function for mechanisms 3 and 5, d(D, k) represents the digest value calculated for bit string D using key k D A bit string shared between devices A and B, generated by performing an artificial entity authentication mechanism h hash function, used in mechanisms 3~6 Distinguishing identifier of IU entity U K In mechanisms 1 and 2, the (short) key used by the function being checked k (long) key used in mechanisms 3~6 KA, KAi, KB, KBi random MAC key used in mechanisms 7 and 8. MAC message authentication code RU uses (short) random bit strings in mechanisms 4, 6, 7, and 8. ‖ In GB/T 15843.1-2017, X‖Y is defined as the result of cascading data items X and Y according to the given order. when The result of cascading two or more data items is used as input in one of the mechanisms described in this section, then the result of this cascading should be able to be It is parsed into the data items that make up it, that is, it can be interpreted unambiguously. This feature can be implemented in a variety of ways. The method is related to a specific application, for example, the following method a) can be used to require a fixed length for each cascaded data item, and is executed in the mechanism The entire process maintains their fixed length, or b) uses a method that ensures uniqueness for the sequence of data items after cascading Encoding, for example using the Discernible Encoding Rules (DER) as defined by ISO /IEC 8825-1. Note. Appendix D and Appendix F give guidelines on how to choose the appropriate short key and MAC key length. 5 General requirements This chapter specifies the general requirements that the authentication mechanisms 1-8 should meet. In addition to these general requirements, each authentication mechanism should also meet the sixth Specific requirements specified in Chapters, Chapters 7, and 8. a) There should be a channel between the two devices performing manual pass authentication (eg wireless link or internet link), this link does not have to It is safe, that is, the mechanism in this section is designed to be able to monitor or even tamper with the data being transmitted when an attacker has the ability to monitor or even tamper with the data being passed. It can also be executed safely; b) Two devices performing manual transfer authentication shall have both a user data input interface and an output interface; c) The user data input interface of the device shall have at least the ability to indicate the success or unsuccessful completion of an authentication step (eg 2 Or 1 button, the user chooses to press or not to press during a given time interval to inform the device of success or failure) The data input interface is hereinafter referred to as a simple input interface. In contrast, a standard input interface should support short symbol string input. For example, a keyboard that supports numbers, hexadecimal numbers, or letters. Each device should have a standard unless otherwise stated Quasi-data input interface; d) The user data output interface of the device shall have at least the ability to indicate the success or failure of an authentication step (eg red This is done in the form of a green light. This user data output interface is hereinafter referred to as a simple output interface. In contrast, a standard The output interface should support the output of short symbol strings, such as numeric, hexadecimal or alphanumeric displays. Unless otherwise stated explicitly, no Then each device should have a standard data output interface; e) For mechanisms 1 and 2, the devices identified by the two implementing entities shall agree on the specific test function used and have Force to implement this function; Note 1. Appendix D gives a selection guide for the test functions, test values and random key lengths for mechanisms 1 and 2. Appendix E gives the mechanism The construction method of the unconditional safety check function of 1 and 2. f) For mechanisms 3 to 6, the devices identified by the two executing entities shall agree on the specific hash function h used and have the ability Implement this function; Note 2. Appendix D gives a selection guide for the input and output bit lengths of the hash function for mechanisms 3~6. g) For mechanisms 3 and 5, the devices identified by the two implementing entities shall agree on the specific digest function d used, and Ability to implement this function; Note 3. Appendix D gives a guideline for the selection of the length of the summary for Mechanism 3 and Mechanism 5, and Appendix G gives the application for the use of Mechanism 3 and Mechanism 5. The method of identifying the algorithm and the hash function to construct the digest function. h) that for mechanisms 7 and 8, the devices identified by the two implementing entities shall agree on the specific message authentication algorithm used, and Have the ability to implement this algorithm; Note 4. Appendix D gives a selection guide for the message authentication algorithm, message authentication code and random key length for mechanisms 7 and 8. i) Before performing mechanisms 1-8, the two devices shall exchange a data string D (combining the hash values in mechanisms 3-6). D can be One device generates and sends to another device, or two devices generate a data string and send it to the two-way channel The other party, D is the cascade of data strings generated by both parties; j) The two devices performing the authentication can be controlled by the same user or by two different users, if the latter There should be a trusted communication path between users; k) Users of the equipment should participate in the authentication process throughout the process to ensure that these mechanisms are handled correctly. Manual data transfer between devices during execution There should be no significant delay in the delivery, and the device should automatically trigger a timeout as specified by the specification to exclude specific attacks. 6 Mechanisms using short test values 6.1 Overview This clause specifies two manual authentication mechanisms that use test values for a variety of different types of equipment. specifically. --- The first mechanism (mechanism 1) applies to one device with a simple input interface and the other device with a simple output interface Happening; --- The second mechanism (mechanism 2) applies when both devices have simple input interfaces. Standard input or output interfaces can be used to simulate simple input or output interfaces. So if both devices have standard input and Output interface, then both mechanisms are applicable. Both of these mechanisms are performed in such a way that one data string D is passed from one device to another through a channel shared by two devices. A device (or a cascade of data strings generated by each of the two devices), the artificial entity authentication mechanism is initiated. As a mechanism of identification If both devices confirm that the data string D they are mastering is the same as that of the other party. 6.2 Mechanism 1. One device has a simple input interface and the other has a simple output interface 6.2.1 Specific requirements This mechanism should meet the following specific requirements. a) This mechanism applies to one device (device A) with a simple input interface and the other device (device B) with a simple output interface Case; b) Equipment A shall have the ability to generate keys. 6.2.2 Data interaction process The process of data exchange and operation is as follows (see Figure 1). a) Both devices should output a signal confirming receipt of data string D and is ready to initiate the authentication mechanism. When observed two The devices are ready, the user should input a signal to device A to inform it that the mechanism can start; b) Equipment A shall generate a random key K that applies to the check function used by both parties. With this key K, device A should calculate The check value of the data string D, the check value and the key K should be subsequently output by the output interface of the device A, and the user should receive the output through it. The mouth reads the check value and the key K; c) The user should use the input interface of device B to input the check value and key K output from device A to device B. Equipment B should be Recalculate the check value with the key K for the data string D it stores. If the two check values match, device B should pass The simple output interface outputs a success signal to the user, otherwise the output failure signal is output; d) The user shall enter the result of the success or failure of the output of device B into device A through the simple input interface of device A. Figure 1 Manual identification mechanism 1 6.2.3 Manual authentication certificate In the manual authentication mechanism 1, no authentication information is transmitted through an unsecure channel. So if you get the number in device B Prior to string D, the random key K and the check value are passed from device A to device B, which does not affect the security of mechanism 1. random The combination of the key K and the test value (calculated using K, D) is called a manual authentication certificate. Using a manual authentication certificate, Mechanism 1 provides A means of delay identification. Obviously, this approach only applies if the data string D is generated by device A and sent to device B. Make The authentication protocol for manually authenticating the certificate is as follows (should meet the requirements of 6.2.1), and it should be noted that this protocol can support the data origination. No, but does not provide the ability to identify entities. Suppose device A generates data string D, but needs to send it to device B later. a) Device A generates a random key K for a given check function and uses key K to calculate the test value for data string D. dense The key K and the check value are then output to the user via the output interface of device A and read by the user; b) The user should use the input interface of device B to input the key K and check value output by device A to device B, and device B Save locally; c) After a period of time, when device B receives the data string D from device A, it recalculates the data string D using the key K. The value of the test, if it is consistent with the previously stored test value, device B accepts the data string D and inputs it through its simple output interface. A success signal is sent to the user, otherwise a failure signal is output. Note. Data string D can contain multiple types of data, such as the device's public key, identity, service domain, and so on. Appendix B provides an example of a manual identification certificate. Books can be used to establish a shared key between two devices. 6.3 Mechanism 2. Both devices have a simple input interface 6.3.1 Specific requirements This mechanism should meet the following specific requirements. a) that the mechanism specified in this clause applies to the case where both devices (A and B) have simple input interfaces; b) One of the devices (Device A) should have the ability to generate a key. 6.3.2 Data interaction process The process of data exchange and operation is as follows (see Figure 2). a) Both devices should output a signal confirming receipt of data string D and is ready to initiate the authentication mechanism. When observed two The devices are ready, the user should input a signal to device A to inform it that the mechanism can start; b) Device A generates a random key K that is applicable to the check function used by both parties. With this key K, device A should calculate the number According to the check value of string D, the check value and key K are output through the output interface of device A, and device A should also pass device B. The shared channel passes the key K to device B; c) Device B shall use the received key K to calculate the test value of the locally stored data string D and output the key K and the check value; d) The user should compare the check value and key K output by both devices. If they are consistent, the user connects through the simple input of the two devices. The port inputs the acceptance signal to the two devices; if the verification value or the key value is inconsistent, the authentication fails, and the user should pass the two devices. The simple input interface inputs a rejection signal to both devices. If the two devices have not received the user’s acceptance signal for a long time, then The authentication failed (this requires a timeout mechanism). Figure 2 manual identification mechanism 2 7 Mechanisms using short digest values or short keys 7.1 Overview This article specifies four manual authentication mechanisms involving manual delivery of short digest values or short keys. These four mechanisms apply to different types Equipment, specifically. --- The first two mechanisms (mechanism 3 and mechanism 4) apply to one device with a simple input interface and another device with a simple output interface; --- The latter two mechanisms (Mechanism 5 and Mechanism 6) apply to both devices with a simple input interface. Standard input or output interfaces can be used to simulate simple input or output interfaces. So if both devices have standard input and Output interface, then all four mechanisms are applicable. All mechanisms are implemented in the following way. a data string D and a hash value are passed from a device through the channel between the two parties Passed to another (D can also be a cascade of data strings generated by each of the two devices), and the artificial entity authentication mechanism is initiated. As a guide As a result of the mechanism, both devices confirm that the data string D they have mastered is the same as the other party. 7.2 Mechanism 3. One device has a simple input interface and the other has a simple output interface 7.2.1 Specific requirements This mechanism should meet the following specific requirements. a) This mechanism applies to one device (device A) with a simple input interface and the other device (device B) with a simple output interface Case; b) Equipment A shall have the capability to generate (long) random keys. 7.2.2 Data interaction process The process of data exchange and operation is as follows (see Figure 3). a) that device A and device B should temporarily share data string D, for example by performing unprotected messages on the channel be...... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.