Powered by Google www.ChineseStandard.net Database: 189759 (7 Apr 2024)

GB/T 15843.6-2018 (GB/T15843.6-2018)

Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 15843.6-2018English490 Add to Cart 0-9 seconds. Auto-delivery. Information technology -- Security techniques -- Entity authentication -- Part 6: Mechanisms using manual data transfer Valid


Standards related to: GB/T 15843.6-2018

GB/T 15843.6-2018: PDF in English (GBT 15843.6-2018)

GB/T 15843.6-2018
Information technology - Security techniques - Entity authentication - Part 6. Mechanisms using manual data transfer
ICS 35.040
L80
National Standards of People's Republic of China
Information technology security technology entity authentication
Part 6. Mechanisms for manual data transfer
Part 6. Mechanismsusingmanualdatatransfer
(ISO /IEC 9798-6.2010, IDT)
Published on.2018-09-17
Implementation of.2019-04-01
State market supervision and administration
China National Standardization Administration issued
Content
Foreword I
Introduction II
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 symbols and abbreviations 3
5 General requirements 3
6 Mechanisms using short test values 4
6.1 Overview 4
6.2 Mechanism 1. One device has a simple input interface and the other has a simple output interface 4
6.3 Mechanism 2. Both devices have a simple input interface 6
7 Mechanisms using short digest values or short keys 7
7.1 Overview 7
7.2 Mechanism 3. One device has a simple input interface and the other has a simple output interface 7
7.3 Mechanism 4. One device has a simple input interface and the other has a simple output interface 9
7.4 Mechanism 5. Both devices have a simple input interface 10
7.5 Mechanism 6. Both devices have a simple input interface 11
8 Mechanism using Message Authentication Code (MAC) 13
8.1 Overview 13
8.2 Mechanism 7. Both devices have a simple output interface 13
8.3 Mechanism 8. One device has a simple input interface and the other has a simple output interface 16
Appendix A (Normative) ASN.1 Definition 18
Appendix B (informative) Using a manual authentication protocol to perform key exchange 19
Appendix C (informative) Using a manual authentication protocol to perform public key exchange 21
Appendix D (informative) Mechanism security and parameter length selection 23
Appendix E (informative) A method for generating short test values 25
Appendix F (informative appendix) Comparative analysis of the safety and efficiency of mechanisms 1-8
Appendix G (informative) Method for generating short summary values 29
Reference 30
Foreword
GB/T 15843 "Information Technology Security Technology Entity Identification" is divided into the following parts.
--- Part 1. General;
--- Part 2. Mechanisms using symmetric encryption algorithms;
--- Part 3. Mechanisms using digital signature technology;
--- Part 4. The mechanism of using the password check function;
--- Part 5. Mechanisms using zero-knowledge technology;
--- Part 6. The mechanism of using manual data transfer.
This part is the sixth part of GB/T 15843.
This part is drafted in accordance with the rules given in GB/T 1.1-2009.
This part uses the translation method equivalent to ISO /IEC 9798-6.2010 "Information Technology Security Technology Entity Identification Part 6.
The mechanism of using manual data transfer.
Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents.
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This section drafted by. Chinese Academy of Sciences Data and Communication Protection Research and Education Center, Beijing Digital Certification Co., Ltd., Fei Tiancheng
Letter Technology Co., Ltd.
The main drafters of this section. Xia Luning, Zhang Guozhu, Zhang Qionglu, Lin Xueyan, Zhu Pengfei.
introduction
In daily communication, entity authentication is often required between two devices through non-secure channels, but non-secure channels are susceptible to active or
Dynamic attacks, so-called active attacks, include malicious third parties performing data insertion, tampering, deletion, or playback on non-secure channels.
The authentication mechanism specified in the other parts of GB/T 15843 applies to two devices sharing the same secret key, or each other owns each other.
Asymmetric public key.
The entity authentication mechanism described in this part of GB/T 15843 does not need to assume that the two parties establish a shared key relationship in advance, but use artificial
Means for authentication, that is, entity authentication is achieved by manually transmitting a short data string from one device to another, or by manually comparing two
Whether the short data strings output by the devices are consistent or not.
In this section, the meaning of the term "physical authentication" is different from other parts. The two devices involved in the identification are used by the same one.
The user holds, or is held by two different users who have a trusted communication path between them, and the user verifies that the two devices are performing the test of this part.
Whether the data string is successfully shared after the mechanism. Of course, the data string can contain identifiers for two devices or one of them.
As described in informative Appendix B and Appendix C, the manual authentication mechanism can be used as a secret key sharing or a reliable exchange of public keys.
The basics. In addition, manual authentication mechanisms can be used as an exchange of other secret or public security parameters, including security policy statements or time.
Poke and so on.
In this part, the relevant content related to the cryptographic algorithm is implemented in accordance with relevant national laws and regulations; where it involves the use of cryptography to resolve confidentiality and complete
Integrity, authenticity, and non-repudiation requirements are implemented in accordance with password-related national standards and industry standards.
Information technology security technology entity authentication
Part 6. Mechanisms for manual data transfer
1 Scope
This part of GB/T 15843 specifies eight mechanisms for entity authentication based on manual data transfer between devices. This section refers to
It is clear how these mechanisms are used to support key management functions and how to safely select the parameters of each mechanism. For these 8 mechanisms, this
The definitions of ASN.1 are given in sections, and their safety levels and efficiencies are analyzed and compared.
These mechanisms can be applied to multiple types of application scenarios. A typical application is in the personal network as a process for devices to access the network.
In part, the user performs physical authentication between the two devices with wireless communication capabilities that they have mastered.
2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article.
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
GB/T 15843.1-2017 Information technology security technology entity identification Part 1. General (ISO /IEC 9798-1.
2010, IDT)
3 Terms and definitions
The following terms and definitions as defined in GB/T 15843.1-2017 apply to this document.
3.1
Check value check-value
A bit string, generated by a test function, transmitted from the originator of the communication to the receiver of the communication, and the receiver has the capability to check
Test its correctness.
3.2
Test function check-valuefunction
The function f maps a bit string and a short key to a test value of a fixed length b, and the short key can be easily input to
The device is read from or read from. The validation function satisfies the following properties.
--- For any key k and any bit string d, the function f(d, k) can be effectively calculated;
--- Find two different bit strings d and d', so that for the key k there is f(d,k)=f(d',k), which is not feasible in calculation
However, the k value that satisfies the above equation is not a small part of the value space of k.
Note. In practice, a typical short key contains 4 to 6 numbers or letters.
3.3
Data origin identification dataoriginauthentication
For the received data, confirm the authenticity of its source.
[ISO 7498-2]
3.4
Digest value digest-value
A bit string, generated by a digest function, passed from the originator of the communication to the receiver of the communication, and the receiver has the capability to check
Test its correctness.
3.5
Summary function digestfunction
The function d maps a bit string and a long key into a digest value of fixed length b bits. Summary values can be easily entered
Read into or read from the user device and satisfy the following attributes.
--- For any key k and any bit string m, d(m,k) can be effectively calculated;
--- Find two different bit strings m and m' so that d(m,k)=d(m',k) for key k is computationally infeasible
of. The ratio of the key satisfying this equation to the value of all possible keys is greater than (2-b ε), and b is the fixed length of the digest value.
ε is a negligible number relative to 2-b.
Note 1. In practice, if the length of the key k is a typical cryptographic hash length, for example 160 bits, then the second attribute above should be satisfied. This demand
The theoretical lower bound of the length of the key from the hash function is generated. See Appendix F for more details.
Note 2. A further discussion of the length of the key and the summary is given in Appendix D, Appendix F and Appendix G.
3.6
Hash function hash-function
A function that maps an arbitrary long bit string into a fixed length bit string, which satisfies the following attributes.
--- Given an output bit string, finding an input bit string to produce this output bit string is computationally infeasible;
--- Given an input bit string, look for another different input bit string to produce the same output bit string, which is not calculated
feasible.
[ISO /IEC 10118-1]
3.7
Manual authentication certificate manualauthenticationcertificate
A combination of a key and a check value, generated by one of the two devices participating in the authentication, and having the following attributes. when input to another
This certificate can be used to complete the manual authentication process at a later time when a device is in use.
3.8
Message authentication code messageauthenticationcode;MAC
An output bit string generated using a message authentication algorithm.
[ISO /IEC 9797-1]
3.9
Message authentication algorithm messageauthenticationcode(MAC) algorithm
Calculating a bit string and a key to obtain a fixed-length bit string algorithm, which satisfies the following attributes.
--- For any key and any input bit string, it can be effectively calculated;
--- For any specific key, calculate any new input bit string without any prior knowledge of this key
The message authentication code is computationally infeasible, even if all previous input bit strings and corresponding message authentication codes are known.
This means that the i-th input bit string is deliberately selected even after observing the first i-1 bit string and the corresponding message authentication code.
Make it equal to one of the previous input bit strings, and the message authentication codes of the two will not be equal or have any correlation.
[ISO /IEC 9797-1]
3.10
Artificial entity identification manualentityauthentication
Message exchange between two devices via a (potentially non-secure) communication channel, while also passing a limited number manually
According to this, the process of entity identification is realized.
3.11
Simple input interface simpleinputinterface
A device interface that allows the user to inform the device of a successful or unsuccessful completion of a step, such as 2 or 1 button, at a given time interval
The user chooses to press or not to press to inform the device of success or failure.
3.12
Simple output interface simpleoutputinterface
Allows the device to inform the user of the device interface for a successful or unsuccessful completion of a step, for example, can be implemented as a red-green indicator or separately
An indicator light that informs the user of success or failure through different blinking methods.
4 symbols and abbreviations
The following symbols and abbreviations apply to this document.
A, B The label of the entity involved in the authentication mechanism
d summary function for mechanisms 3 and 5, d(D, k) represents the digest value calculated for bit string D using key k
D A bit string shared between devices A and B, generated by performing an artificial entity authentication mechanism
h hash function, used in mechanisms 3~6
Distinguishing identifier of IU entity U
K In mechanisms 1 and 2, the (short) key used by the function being checked
k (long) key used in mechanisms 3~6
KA, KAi, KB, KBi random MAC key used in mechanisms 7 and 8.
MAC message authentication code
RU uses (short) random bit strings in mechanisms 4, 6, 7, and 8.
‖ In GB/T 15843.1-2017, X‖Y is defined as the result of cascading data items X and Y according to the given order. when
The result of cascading two or more data items is used as input in one of the mechanisms described in this section, then the result of this cascading should be able to be
It is parsed into the data items that make up it, that is, it can be interpreted unambiguously. This feature can be implemented in a variety of ways.
The method is related to a specific application, for example, the following method a) can be used to require a fixed length for each cascaded data item, and is executed in the mechanism
The entire process maintains their fixed length, or b) uses a method that ensures uniqueness for the sequence of data items after cascading
Encoding, for example using the Discernible Encoding Rules (DER) as defined by ISO /IEC 8825-1.
Note. Appendix D and Appendix F give guidelines on how to choose the appropriate short key and MAC key length.
5 General requirements
This chapter specifies the general requirements that the authentication mechanisms 1-8 should meet. In addition to these general requirements, each authentication mechanism should also meet the sixth
Specific requirements specified in Chapters, Chapters 7, and 8.
a) There should be a channel between the two devices performing manual pass authentication (eg wireless link or internet link), this link does not have to
It is safe, that is, the mechanism in this section is designed to be able to monitor or even tamper with the data being transmitted when an attacker has the ability to monitor or even tamper with the data being passed.
It can also be executed safely;
b) Two devices performing manual transfer authentication shall have both a user data input interface and an output interface;
c) The user data input interface of the device shall have at least the ability to indicate the success or unsuccessful completion of an authentication step (eg 2
Or 1 button, the user chooses to press or not to press during a given time interval to inform the device of success or failure)
The data input interface is hereinafter referred to as a simple input interface. In contrast, a standard input interface should support short symbol string input.
For example, a keyboard that supports numbers, hexadecimal numbers, or letters. Each device should have a standard unless otherwise stated
Quasi-data input interface;
d) The user data output interface of the device shall have at least the ability to indicate the success or failure of an authentication step (eg red
This is done in the form of a green light. This user data output interface is hereinafter referred to as a simple output interface. In contrast, a standard
The output interface should support the output of short symbol strings, such as numeric, hexadecimal or alphanumeric displays. Unless otherwise stated explicitly, no
Then each device should have a standard data output interface;
e) For mechanisms 1 and 2, the devices identified by the two implementing entities shall agree on the specific test function used and have
Force to implement this function;
Note 1. Appendix D gives a selection guide for the test functions, test values and random key lengths for mechanisms 1 and 2. Appendix E gives the mechanism
The construction method of the unconditional safety check function of 1 and 2.
f) For mechanisms 3 to 6, the devices identified by the two executing entities shall agree on the specific hash function h used and have the ability
Implement this function;
Note 2. Appendix D gives a selection guide for the input and output bit lengths of the hash function for mechanisms 3~6.
g) For mechanisms 3 and 5, the devices identified by the two implementing entities shall agree on the specific digest function d used, and
Ability to implement this function;
Note 3. Appendix D gives a guideline for the selection of the length of the summary for Mechanism 3 and Mechanism 5, and Appendix G gives the application for the use of Mechanism 3 and Mechanism 5.
The method of identifying the algorithm and the hash function to construct the digest function.
h) that for mechanisms 7 and 8, the devices identified by the two implementing entities shall agree on the specific message authentication algorithm used, and
Have the ability to implement this algorithm;
Note 4. Appendix D gives a selection guide for the message authentication algorithm, message authentication code and random key length for mechanisms 7 and 8.
i) Before performing mechanisms 1-8, the two devices shall exchange a data string D (combining the hash values in mechanisms 3-6). D can be
One device generates and sends to another device, or two devices generate a data string and send it to the two-way channel
The other party, D is the cascade of data strings generated by both parties;
j) The two devices performing the authentication can be controlled by the same user or by two different users, if the latter
There should be a trusted communication path between users;
k) Users of the equipment should participate in the authentication process throughout the process to ensure that these mechanisms are handled correctly. Manual data transfer between devices during execution
There should be no significant delay in the delivery, and the device should automatically trigger a timeout as specified by the specification to exclude specific attacks.
6 Mechanisms using short test values
6.1 Overview
This clause specifies two manual authentication mechanisms that use test values for a variety of different types of equipment. specifically.
--- The first mechanism (mechanism 1) applies to one device with a simple input interface and the other device with a simple output interface
Happening;
--- The second mechanism (mechanism 2) applies when both devices have simple input interfaces.
Standard input or output interfaces can be used to simulate simple input or output interfaces. So if both devices have standard input and
Output interface, then both mechanisms are applicable.
Both of these mechanisms are performed in such a way that one data string D is passed from one device to another through a channel shared by two devices.
A device (or a cascade of data strings generated by each of the two devices), the artificial entity authentication mechanism is initiated. As a mechanism of identification
If both devices confirm that the data string D they are mastering is the same as that of the other party.
6.2 Mechanism 1. One device has a simple input interface and the other has a simple output interface
6.2.1 Specific requirements
This mechanism should meet the following specific requirements.
a) This mechanism applies to one device (device A) with a simple input interface and the other device (device B) with a simple output interface
Case;
b) Equipment A shall have the ability to generate keys.
6.2.2 Data interaction process
The process of data exchange and operation is as follows (see Figure 1).
a) Both devices should output a signal confirming receipt of data string D and is ready to initiate the authentication mechanism. When observed two
The devices are ready, the user should input a signal to device A to inform it that the mechanism can start;
b) Equipment A shall generate a random key K that applies to the check function used by both parties. With this key K, device A should calculate
The check value of the data string D, the check value and the key K should be subsequently output by the output interface of the device A, and the user should receive the output through it.
The mouth reads the check value and the key K;
c) The user should use the input interface of device B to input the check value and key K output from device A to device B. Equipment B should be
Recalculate the check value with the key K for the data string D it stores. If the two check values match, device B should pass
The simple output interface outputs a success signal to the user, otherwise the output failure signal is output;
d) The user shall enter the result of the success or failure of the output of device B into device A through the simple input interface of device A.
Figure 1 Manual identification mechanism 1
6.2.3 Manual authentication certificate
In the manual authentication mechanism 1, no authentication information is transmitted through an unsecure channel. So if you get the number in device B
Prior to string D, the random key K and the check value are passed from device A to device B, which does not affect the security of mechanism 1. random
The combination of the key K and the test value (calculated using K, D) is called a manual authentication certificate. Using a manual authentication certificate, Mechanism 1 provides
A means of delay identification. Obviously, this approach only applies if the data string D is generated by device A and sent to device B. Make
The authentication protocol for manually authenticating the certificate is as follows (should meet the requirements of 6.2.1), and it should be noted that this protocol can support the data origination.
No, but does not provide the ability to identify entities.
Suppose device A generates data string D, but needs to send it to device B later.
a) Device A generates a random key K for a given check function and uses key K to calculate the test value for data string D. dense
The key K and the check value are then output to the user via the output interface of device A and read by the user;
b) The user should use the input interface of device B to input the key K and check value output by device A to device B, and device B
Save locally;
c) After a period of time, when device B receives the data string D from device A, it recalculates the data string D using the key K.
The value of the test, if it is consistent with the previously stored test value, device B accepts the data string D and inputs it through its simple output interface.
A success signal is sent to the user, otherwise a failure signal is output.
Note. Data string D can contain multiple types of data, such as the device's public key, identity, service domain, and so on. Appendix B provides an example of a manual identification certificate.
Books can be used to establish a shared key between two devices.
6.3 Mechanism 2. Both devices have a simple input interface
6.3.1 Specific requirements
This mechanism should meet the following specific requirements.
a) that the mechanism specified in this clause applies to the case where both devices (A and B) have simple input interfaces;
b) One of the devices (Device A) should have the ability to generate a key.
6.3.2 Data interaction process
The process of data exchange and operation is as follows (see Figure 2).
a) Both devices should output a signal confirming receipt of data string D and is ready to initiate the authentication mechanism. When observed two
The devices are ready, the user should input a signal to device A to inform it that the mechanism can start;
b) Device A generates a random key K that is applicable to the check function used by both parties. With this key K, device A should calculate the number
According to the check value of string D, the check value and key K are output through the output interface of device A, and device A should also pass device B.
The shared channel passes the key K to device B;
c) Device B shall use the received key K to calculate the test value of the locally stored data string D and output the key K and the check value;
d) The user should compare the check value and key K output by both devices. If they are consistent, the user connects through the simple input of the two devices.
The port inputs the acceptance signal to the two devices; if the verification value or the key value is inconsistent, the authentication fails, and the user should pass the two devices.
The simple input interface inputs a rejection signal to both devices. If the two devices have not received the user’s acceptance signal for a long time, then
The authentication failed (this requires a timeout mechanism).
Figure 2 manual identification mechanism 2
7 Mechanisms using short digest values or short keys
7.1 Overview
This article specifies four manual authentication mechanisms involving manual delivery of short digest values or short keys. These four mechanisms apply to different types
Equipment, specifically.
--- The first two mechanisms (mechanism 3 and mechanism 4) apply to one device with a simple input interface and another device with a simple output
interface;
--- The latter two mechanisms (Mechanism 5 and Mechanism 6) apply to both devices with a simple input interface.
Standard input or output interfaces can be used to simulate simple input or output interfaces. So if both devices have standard input and
Output interface, then all four mechanisms are applicable.
All mechanisms are implemented in the following way. a data string D and a hash value are passed from a device through the channel between the two parties
Passed to another (D can also be a cascade of data strings generated by each of the two devices), and the artificial entity authentication mechanism is initiated. As a guide
As a result of the mechanism, both devices confirm that the data string D they have mastered is the same as the other party.
7.2 Mechanism 3. One device has a simple input interface and the other has a simple output interface
7.2.1 Specific requirements
This mechanism should meet the following specific requirements.
a) This mechanism applies to one device (device A) with a simple input interface and the other device (device B) with a simple output interface
Case;
b) Equipment A shall have the capability to generate (long) random keys.
7.2.2 Data interaction process
The process of data exchange and operation is as follows (see Figure 3).
a) that device A and device B should temporarily share data string D, for example by performing unprotected messages on the channel between the two parties
Exchange to achieve;
b) The equipment shall generate and securely store the random key k, k shall apply to the digest function d used by both parties. Equipment A should calculate h(k)
And pass it to device B, the delivery method does not have to be secure, for example, can be transmitted through the channel between the two parties;
c) Both devices should output signals through their standard output interface to confirm that they have completed steps a) and b) and that they
It is ready to start the authentication mechanism. After observing the confirmation signal output by both parties, the user should connect through the simple input of device A.
Enter a signal to inform the device A that the authentication mechanism can begin;
d) Device A shall calculate the short digest value d(D, k) and output it through its own standard output interface. User should be from device A
The standard output interface reads the short digest value and enters it into device B using device B's standard input interface;
e) Device A shall pass key k to device B through the channel between the two parties. After receiving k, device B should calculate h(k) and check
Check if it is equal to the value received in step b). If they are equal, device B performs step f), otherwise device B should give a loss.
Defeat the signal, and a strategy should be implemented to ensure that the new mechanism 3 instance is refused in a short time;
f) Device B shall recalculate the short digest value d(D, k) using the key k and its stored data string D. If the calculated digest value
Equivalent to the copy received by device B in step d), device B outputs a success message to the user via its simple output interface
No. Otherwise, a failure signal should be output and a strategy should be implemented to ensure that the new mechanism 3 instance is refused to be started in a short time;
g) The user shall enter the result of the success or failure of the output of device B into device A through the simple input interface of device A. If set
If standby A does not receive any signal, it should be considered a failure (this requires a timeout mechanism).
Note 1. The delay strategy used in steps e) and f) prevents such a type of man-in-the-middle attack. the attacker attempts to counterfeit device A after device B gives a failure signal.
The identity immediately starts the mechanism 3 again. At this time, since the device A is still waiting for the signal to be input by the user in the step g), it may be successfully attacked.
Note 2. In this mechanism, device B trusts device A because it is the random key k generated by device A and therefore first determines the correct value of d(D, k). Such as
If device B also has the ability to generate a random key, device A and device B do not have to trust each other. But if so, it might make this machine
The system becomes more complicated because it requires more network communication and synchronization overhea...
......