|
|
||||||||||||
GB/T 39205-2020 PDF EnglishSearch result: GB/T 39205-2020
GB/T39205-2020 (GBT39205-2020): PDF in EnglishGB/T 39205-2020 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Light-weight authentication and access control mechanism ISSUED ON: OCTOBER 11, 2020 IMPLEMENTED ON: MAY 01, 2021 Issued by: State Administration for Market Regulation; Standardization Administration of the People’s Republic of China. Table of Contents Foreword ... 3 Introduction ... 4 1 Scope ... 6 2 Normative references ... 6 3 Terms and definitions ... 6 4 Symbols and abbreviations ... 7 4.1 Symbols ... 7 4.2 Abbreviations ... 7 5 Light-weight authentication mechanism ... 8 5.1 Overview ... 8 5.2 Authentication mechanism based on exclusive OR operation ... 8 5.3 Authentication mechanism based on cryptographic hash algorithm ... 10 5.4 Authentication mechanism based on block cipher algorithm ... 12 6 Light-weight access control mechanism ... 14 6.1 Overview ... 14 6.2 Access control mechanism based on block cipher algorithm ... 14 6.3 Access control mechanism based on access control list ... 16 Information security technology - Light-weight authentication and access control mechanism 1 Scope This Standard specifies the light-weight authentication mechanism and the access control mechanism. This Standard applies to the design, development and application of authentication and access control mechanisms in resource-constrained application scenarios, such as wireless sensor network, radio frequency identification, and near field communication. 2 Normative references The following documents are indispensable for the application of this document. For dated references, only the dated version applies to this document. For undated references, the latest edition (including all amendments) applies to this document. GB/T 15629.3-2014, Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 3: Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications GB/T 25069, Information security technology - Glossary GB/T 32905, Information security techniques - SM3 cryptographic hash algorithm GB/T 32907, Information security technology - SM4 block cipher algorithm ISO/IEC 29180:2012, Information technology - Telecommunications and information exchange between systems - Security framework for ubiquitous sensor networks 3 Terms and definitions Terms and definitions determined by GB/T 25069 and the following ones are applicable to this document. CT: Cryptographic Text DAE: Destination Access Entity ET: Encrypted Text HMAC: Hash Based Message Authentication Code KD: Key Derivation MAC: Message Authentication Code MEK: Message Encryption Key MIC: Message Integrality Check MIK: Message Integrality Key PSK: Pre-Shared Key SK: Session Key VP: Valid Period 5 Light-weight authentication mechanism 5.1 Overview The light-weight authentication mechanism reduces the complexity of calculation and communication in the authentication process while realizing the identity authenticity confirmation between entities. Compared with the usual mechanism, the light-weight authentication mechanism has the following measurement angles: a) Less occupancy of computing resources; b) Less interactive messages; c) Shorter time-consuming; d) Less required storage space. 5.2 Authentication mechanism based on exclusive OR operation The authentication mechanism, which is based on the exclusive OR operation, realizes the confirmation of identity authenticity between entity A and entity B through simple exclusive OR and shift operations. The authentication process is shown in Figure 1. Figure 2 -- Schematic diagram of message interaction of the authentication mechanism that is based on the cryptographic hash algorithm Before authentication, entity A shall have identity information IDA; entity B shall have identity information IDB; entity A and entity B shall have pre-shared key PSK; the use of pre-shared key PSK shall meet the needs of specific scenarios; the length of the random number shall be consistent with the PSK length. The authentication process is as follows: a) Entity A generates a random number NA, and sends an authentication request message that contains NA and IDA to entity B. b) After entity B receives the authentication request message from entity A, it generates a random number NB, and uses the pre-shared key PSK with entity A in the key list to calculate MIKǁSK=KD-HMAC(PSK,IDAǁIDBǁNAǁNB) according to IDA, IDB, NA, and NB, where IDA and IDB are respectively the identities of entity A and entity B; MIK is the message integrity key between entity A and entity B; SK is the session key between entity A and entity B. Then, entity B uses MIK to calculate the message authentication code MAC1=HMAC (MIK, NAǁNB), and constructs an authentication response message NAǁNBǁIDBǁMAC1 and sends it to entity A. c) After entity A receives the authentication response message from entity B, it first checks whether the random number NA in the authentication response message is consistent with the random number NA that is sent to entity B in step a). If they are inconsistent, entity A fails to authenticate entity B; if they are consistent, entity A calculates MIKǁSK=KD- HMAC(PSK,IDAǁIDBǁNAǁNB), and uses MIK to calculate the message authentication code MAC2=HMAC(MIK,NAǁNB). If MAC2≠MAC1, entity A fails to authenticate entity B; if MAC2=MAC1, entity A saves SK as the session key with entity B, and calculates MAC3=HMAC(MIK,NB), to construct an authentication confirmation message NBǁMAC3, and sends it to entity B. If entity A and entity B use this mechanism and do not contain a key confirmation message, after entity A sends the authentication confirmation message for a period of time or after it correctly decrypts the message that is sent by entity B using the session key, entity A successfully identifies entity B, and entity A enables the session key; if entity A and entity B use this mechanism and contain a key confirmation message, follow step e) to perform subsequent operations. d) After entity B receives the authentication confirmation message from entity A, it checks whether the random number NB in the authentication confirmation message is consistent with the random number NB that is sent to entity A in step b). If they are inconsistent, entity B fails to authenticate entity A; if they are consistent, entity B calculates the the length of the random number shall be consistent with the PSK length. The authentication process is as follows: a) Entity A generates a random number NA, and sends an authentication request message that contains NA to entity B; b) After entity B receives the authentication request message from entity A, it generates random numbers NB1 and NB2, calculates CT1ǁMIC1=E(PSK,NAǁNB1ǁNB2), and sends an authentication response message that contains NAǁCT1ǁMIC1 to entity A; c) After entity A receives the authentication response message from entity B, it first determines whether the NA in the message is consistent with the NA that is sent to entity B in step a). If they are inconsistent, entity A fails to authenticate entity B; if they are consistent, entity A uses PSK to decrypt and verify CT1ǁMIC1. If the verification of MIC1 fails, entity A fails to authenticate entity B; if the verification of MIC1 passes, it further verifies whether the decrypted NA is consistent with the NA that is sent to entity B in step a). If they are inconsistent, entity A fails to authenticate entity B; if they are consistent, entity A authenticates entity B successfully; entity A uses the decrypted NB2 as the session key with entity B, and calculates CT2ǁMIC2=E(NB2,NB1), and sends an authentication response confirmation message to entity B, which includes the field NB1ǁCT2ǁMIC2; d) After entity B receives the authentication response confirmation message from entity A, it first determines whether the NB1 in the message is consistent with the NB1 that is sent to entity A in step b). If they are inconsistent, entity B fails to authenticate entity A; if they are consistent, entity B uses NB2 to decrypt and verify CT2ǁMIC2. If the MIC2 verification fails, entity B fails to authenticate entity A; if the MIC2 verification passes, further verify whether the decrypted NB1 is consistent with the NB1 that is sent to entity A in step b). If they are inconsistent, entity B fails to authenticate entity A; if they are consistent, entity B authenticates entity A successfully, and entity B uses NB2 as the session key with entity A. Note: E is a block encryption algorithm; CTǁMIC=E(KEY,S) means using KEY to encrypt S and calculating the integrity check code, where CT stands for cryptographic text, MIC stands for integrity check code; the separation of CT and MIC depends on the specific application. In some modes, it is necessary to first derive the message integrity check key and the message encryption key according to the KEY, and then respectively use the two keys to calculate the integrity check code and the cryptographic text. In the decryption verification, the sequence of verifying the integrity check code and decrypting may be different according to the different used modes. a) Before the User sends an access request to the DAE in the network, it first sends an authentication request message to the DAE, which mainly contains the random number N1 that is generated by the User; b) After DAE receives the authentication request message from the User, it generates a random number N2, and uses the shared key KACr, DAE with ACr to calculate ET1=E(KACr,DAE,N1); send N1ǁN2ǁET1 as authentication response message to the User, where E is the symmetric encryption algorithm; c) After the User receives the authentication response message from DAE.......Source: https://www.ChineseStandard.net/PDF.aspx/GBT39205-2020 |