GB/T 15843.1-2017 English PDF (GBT15843.1-2017)
GB/T 15843.1-2017 English PDF (GBT15843.1-2017)
GB/T 15843.1-2017: Information technology -- Security techniques -- Entity authentication -- Part 1: General
Information technology - Security techniques - Entity authentication - Part 1.General ICS 35.040
National Standards of People's Republic of China
Replace GB/T 15843.1-2008
Information technology security technology entity authentication
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Issued by China National Standardization Administration
Table of contents
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Symbols and abbreviations 4
5 Identification model 5
6 General requirements and restrictions 6
Appendix A (informative appendix) Use of text fields 7
Appendix B (informative appendix) Time-varying parameters 8
Appendix C (informative appendix) Certificate 10
GB/T 15843 "Information Technology Security Technical Entity Identification" is divided into six parts. ---Part 1.General Provisions;
---Part 2.The mechanism of using symmetric encryption algorithms;
---Part 3.The mechanism of using digital signature technology;
---Part 4.Using the mechanism of password verification function;
---Part 5.The mechanism of adopting zero-knowledge technology;
---Part 6.Using the mechanism of manual data transfer.
This part is Part 1 of GB/T 15843.
This section was drafted in accordance with the rules given in GB/T 1.1-2009. This part replaces GB/T 15843.1-2008 "Information Technology Security Technical Entity Authentication Part 1.Overview", and Compared with GB/T 15843.1-2008, the main changes are as follows.
---Change the standard name to "Information Technology Security Technical Entity Identification Part 1.General Provisions"; ---The preface adds Part 6 of GB/T 15843;
---Modified the term "asymmetric encryption method" "asymmetric signature method" "challenge" "decryption" "encryption" "subject" "private decryption key" Definition of "symmetric encryption algorithm" and "token";
---The content of B.1 in Appendix B has been added, and the serial numbers of the original articles have been moved backward. The translation method used in this part is equivalent to the adoption of ISO /IEC 9798-1.2010 "Information Technology Security Technical Entity Identification Part 1. General Provisions.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). The main drafting units of this section. Data and Communication Protection Research and Education Center of Chinese Academy of Sciences, PWC Information Technology Co., Ltd. The main drafters of this section. Wang Lei, Cha Daren, Xiang Ji, Shen Jiahui, Li Danyi, Jing Jiwu, Guo Xiaobo, Xie Chao. The previous releases of the standards replaced by this part are.
---GB/T 15843.1-1995, GB/T 15843.1-1999, GB/T 15843.1-2008.
In real-time communication systems, entity authentication is an important basic security service. For specific applications and security goals, the entity authentication machine The system can realize one-way authentication through one-time transmission protocol, and also complete one-way or two-way authentication between communicating entities through multiple transmission protocols. The purpose of the entity authentication mechanism is to verify whether the claimant of a certain identity is the entity it claims. In cryptography, the reality of this target It is now based on an infrastructure that can associate entity identities with public keys (e.g., public key infrastructure PKI), but this type of infrastructure The establishment of implementation does not belong to the scope of GB/T 15843. The entity authentication mechanism has two main models. One model is to confirm the identity of the claimant through direct communication between the claimant and the verifier; the other One model is to verify the identity of the claimant through a trusted third party. GB/T 15843 specifies the different types of entity authentication protocols in the entity authentication mechanism. The choice of entity authentication protocol is based on the system The security features of the system include the following.
---Whether it is resistant to replay attacks;
--- Whether to resist reflection attacks;
--- Whether to resist violence delay;
---One-way or two-way authentication;
---Whether there is preset secret information that can be used, or whether a trusted third party is needed to help establish shared secret information. For example, without paying attention to the specific system of replay attacks, only a simple transmission protocol between the claimant and the verifier can achieve entity authentication; However, a complex communication system that may have a man-in-the-middle attack or replay attack requires a multi-transmission protocol to ensure security. Information technology security technology entity authentication
This part of GB/T 15843 specifies the authentication model and general constraint requirements in the entity authentication mechanism in detail, and is based on this verification The authenticity of the entity's identity, the entity to be authenticated proves its identity by displaying some private information. The entity authentication mechanism determines how Information exchange between entities, as well as information exchange between entities and trusted third parties. The details of the entity authentication mechanism and the content of authentication exchange do not belong to the standard content of this part, and are in other parts of GB/T 15843 Regulations.
2 Normative references
This section does not use any normative references.
3 Terms and definitions
The following terms and definitions apply to this document.
Two cryptographic techniques with related transformations are used. one is a public transformation defined by a public key, and the other is a private transformation defined by a private key. There are transformations.
Note. Given the public transformation, it is computationally infeasible to derive the private transformation. 3.2
Asymmetric encryption method
Based on the encryption method of asymmetric cryptography, the public transformation is used for encryption and the private transformation is used for decryption. 3.3
Asymmetric key pair
A pair of related keys, where the private key defines the private transformation, and the public key defines the public transformation. 3.4
Asymmetric signature method
In the signature method based on asymmetric cryptography, the private transformation is used for signature and the public transformation is used for verification. 3.5
A data item randomly generated by the verifier and sent to the claimant. The claimant generates a data item together with the secret information it possesses. A response is sent to the verifier.
The authenticated entity itself or a representative entity for the purpose of verification. Note. The claimant has the necessary parameters and private data for authentication exchange. 5 Identification model
The general model of the entity authentication mechanism is shown in Figure 1.All entities and exchanges do not need to appear in every authentication mechanism. In the authentication mechanism involved in other parts of GB/T 15843, entity A is regarded as the claimant in one-way authentication, and entity B is regarded as the verification In two-way authentication, entity A and entity B are both the claimant and the verifier. During the authentication process, entities generate and exchange standardized messages called tokens. One-way authentication requires at least one token exchange, while two-way authentication Otherwise, at least two tokens must be exchanged. If you want to initialize the authentication mechanism by sending a challenge, you need to add another pass. If involved If you trust a third party, you may need to add several more passes.
6 General requirements and restrictions
In order to realize the identity authentication between entities, the entities should use common cryptographic techniques and parameter sets. During the operational lifetime of the key, all time-varying parameter values (i.e., timestamp, serial number, and random number) used for key operations should not be Repetitive, at least the possibility of repetition is extremely small.
The premise of the authentication mechanism is to assume that both entities A and B know the identities claimed by each other. This can be done by communicating between the two entities Identifiers are added to the exchanged information, or it can be displayed from the context of the mechanism used. The authenticity of the entity is only confirmed at the moment of the authentication exchange. In order to ensure the authenticity of subsequent communication data, the authentication exchange must Must be used in conjunction with a secure communication method (such as integrity services). Appendix A
Use of text fields
The tokens involved in the subsequent parts of GB/T 15843 contain text fields. The purpose of the different text fields in a given pass and each The relationship between text fields depends on specific application examples. The text field can contain additional time-varying parameters. For example, if the entity authentication mechanism uses a sequence number, then in the text field of its token Contains the timestamp. The message receiver can verify whether any timestamp in the message is within a predetermined time window. Detection of forced delay (see Appendix B).
If there are multiple valid keys, the identifier of each key is included in the plaintext text field; if there are multiple trusted third As an identifier to distinguish trusted third parties, it is included in the text field. The text field can also be used for key distribution (see ISO /IEC 11770-2 and ISO /IEC 11770-3). If any of the mechanisms specified in the subsequent parts of GB/T 15843 is embedded in such an application, that allows the two entities Either party uses additional messages to initialize authentication before starting the mechanism, then some intrusion attacks are possible. Sex is that an intruder may reuse an illegally obtained token (see ISO /IEC 10181-2). To avoid this type of attack, text The field indicates which entity is required to be authenticated.
The examples given above are not complete.
B.1 Three types of time-varying parameters
Time-varying parameters are used to control uniqueness and timeliness, and they can detect the replay of messages. To achieve this, different information exchange examples The authentication information should be different.
Certain types of time-varying parameters can be used to detect "forced delay" (the delay introduced by the adversary in the communication medium). Involved more than once In the message delivery mechanism, other methods (such as the use of "timeout clock" to force the maximum allowable time between specific messages Gap) detection forced delay.
The three types of time-varying parameters used in the subsequent parts of GB/T 15843 are timestamps, serial numbers and random numbers. Available in different applications Choose the most desirable time-varying parameter according to the needs of the realization, or you can choose a variety of time-varying parameters appropriately (for example, choose the time stamp and serial number at the same time). Have The details of parameter selection are outside the scope of this section. B.2 Timestamp
The mechanism involving timestamp is mainly to use the same time base to logically connect the claimant and verifier. Recommended benchmark time The clock is Coordinated Universal Time (UTC). The verifier uses a fixed-size acceptance window. The verified token received by the verifier through the calculation The time difference between the time stamp in and the time when the verifier receives the token to control the timeliness. If the difference falls within the window, the message is accepted. recording All messages in the current window are rejected for the second and subsequent same messages that appear in the same time window, and uniqueness is achieved based on the above two points. A mechanism should be adopted to ensure that the clocks of the communication parties are synchronized, and the clock synchronization performance should be good enough, which can make replay attacks The probability of occurrence is low to an acceptable level. In addition, it should also ensure that all information related to the verification timestamp, especially the communication parties The clock will not be tampered with.
The mechanism using time stamps can detect forced delays.
B.3 Serial number
The sequence number can be used by the verifier to detect the replay of the message, thereby controlling the uniqueness. The claimant and verifier pre-determine how to give Message numbers are agreed, and the basic idea of message replay based on sequence number detection is that a message with a specific number can only be accepted once (or when specified Only accepted once in the room). Use the above strategy to check the serial number sent with the message to determine whether the message is acceptable. If this If the sequence number does not meet the above strategy, the message is rejected. When using the serial number, additional "bookkeeping" may be required. The claimant shall record the serial number previously used and/or the serial number that will still be used effectively in the future. The claimant should also keep the aforementioned records for all potential verifiers with which he wishes to communicate. Similarly, the verifier should also provide for all possible claims Party keeps these records. When the normal sequence is destroyed (such as system failure), a special program is required to reset or restart the sequence number counter. The verifier cannot detect the forced delay through the use of the serial number by the claimant. For mechanisms involving two or more message delivery, such as If the message sender can calculate the time interval between the message sending and the expected reply, and the delay exceeds the predetermined time slot, the message is rejected. Then, the forced delay can be detected.
B.4 Random number
Random numbers can be used by various mechanisms specified in the subsequent parts of GB/T 15843 to prevent replay or gap attacks. Claim All random numbers in GB/T 15843 are selected from a large enough range so that the probability of repeated use of the same key is small, and The probability that a third party predicts a certain value correctly is also very small. The term "random number" used in GB/T 15843 also includes meeting the same requirements The pseudo-random number.
In order to prevent replay or blanking attacks, the verifier first generates a random number sent to the claimant, and the claimant returns the random number The protected part of the token responds (this is usually called a challenge-response). This process will include two message associations with specific random numbers Tie up. If the verifier uses the same random number again, the third party that recorded the previous authentication exchange can change the recorded order The card is sent to the verifier for verification, thereby disguising yourself as the claimant and passing verification. In order to prevent this kind of attack, the random number is required to repeat The probability must be very low.