BS ISO/IEC 10736:1995

1. Scope
2. Normative references
2.1 Identical Recommendations/International Standards
2.2 Paired Recommendations/International Standards
        equivalent in technical content
2.3 Additional references
3. Definitions
3.1 Security reference model definitions
3.2 Additional definitions
4. Symbols and abbreviations
5. Overview of the Protocol
5.1 Introduction
5.2 Security Associations and attributes
5.2.1 Security services for connection-oriented Transport
        protocol
5.2.2 Security Service for connectionless Transport
        protocol
5.3 Service assumed of the Network Layer
5.4 Security management requirements
5.5 Minimum algorithm characteristics
5.6 Security encapsulation function
5.6.1 Data encipherment function
5.6.2 Integrity function
5.6.3 Security label function
5.6.4 Security padding function
5.6.5 Peer Entity Authentication function
5.6.6 SA Function using in band SA-P
6. Elements of procedure
6.1 Concatenation and separation
6.2 Confidentiality
6.2.1 Purpose
6.2.2 TPDUs and parameters used
6.2.3 Procedure
6.3 Integrity processing
6.3.1 Integrity Check Value (ICV) processing
6.3.2 Direction indicator processing
6.3.3 Connection integrity sequence number processing
6.4 Peer address check processing
6.4.1 Purpose
6.4.2 Procedure
6.5 Security labels for Security Associations
6.5.1 Purpose
6.5.2 TPDUs and parameters used
6.5.3 Procedure
6.6 Connection release
6.7 Key replacement
6.8 Unprotected TPDUs
6.9 Protocol identification
6.10 Security Association-Protocol
7. Use of elements of procedure
8. Structure and encoding of TPDUs
8.1 Structure of TPDU
8.2 Security encapsulation TPDU
8.2.1 Clear header
8.2.2 Crypto sync
8.2.3 Protected contents
8.2.4 ICV
8.2.5 Encipherment PAD
8.3 Security Association PDU
8.3.1 LI
8.3.2 PDU Type
8.3.3 SA-ID
8.3.4 SA-P Type
8.3.5 SA PDU Contents
9. Conformance
9.1 General
9.2 Common static conformance requirements
9.3 TLSP with ITU-T Rec. X.234/ISO 8602 static
        conformance requirements
9.4 TLSP with ITU-T Rec. X.224 / ISO/IEC 8073 static
        conformance requirements
9.5 Common dynamic conformance requirements
9.6 TLSP with ITU-T Rec. X.234 / ISO 8602 dynamic
        conformance requirements
9.7 TLSP with ITU-T Rec. X.224 / ISO/IEC 8073 dynamic
        conformance requirements
10. Protocol implementation conformance statement (PICS)
Annex A - PICS proforma
A.1 Introduction
A.1.1 Background
A.1.2 Approach
A.2 Implementation identification
A.3 General statement of conformance
A.4 Protocol implementation
A.5 Security services supported
A.6 Supported functions
A.7 Supported Protocol Data Units (PDUs)
A.7.1 Supported Transport PDUs (TPDUs)
A.7.2 Supported parameters of issued TPDUs
A.7.3 Supported parameters of received TPDUs
A.7.4 Allowed values of issued TPDU parameters
A.8 Service, function, and protocol relationships
A.8.1 Relationship between services and functions
A.8.2 Relationship between services and protocol
A.9 Supported algorithms
A.10 Error handling
A.10.1 Security Errors
A.10.2 Protocol Errors
A.11 Security Association
A.11.1 SA Generic Fields
A.11.2 Content Fields Specific to Key Exchange SA-P
Annex B - Security Association Protocol using
          Key Token Exchange and Digital Signatures
B.1 Overview
B.2 Key Token Exchange (KTE)
B.3 SA-Protocol Authentication
B.4 SA-Attribute Negotiation
B.4.1 Service Negotiation
B.4.2 Label Set Negotiation
B.4.3 Key and ISN Selection
B.4.4 Miscellaneous SA Attribute Negotiation
B.4.5 Re-keying Overview
B.4.6 SA Abort
B.5 Mapping of SA-Protocol Functions to Protocol
        Exchanges
B.5.1 KTE (First) Exchange
B.5.1.1 Request to Initiate the SA-Protocol
B.5.1.2 Receipt of the First Exchange PDU by Recipient
B.5.2 Authentication and Security Negotiation (Second)
        Exchange
B.5.2.1 Receipt of First Exchange PDU by Initiator
B.5.2.2 Receipt of the Second Exchange PDU by Recipient
B.5.3 Rekey Procedure
B.5.4 SA Release / Abort Exchange
B.5.4.1 Request to Initiate SA Release / Abort
B.5.4.2 Receipt of SA Abort/Release Requests
B.6 SA PDU - SA Contents
B.6.1 Exchange ID
B.6.2 Content Length
B.6.3 Content Fields
B.6.3.1 My SA-ID
B.6.3.2 Old Your SA-ID
B.6.3.3 Key Token 1, Key Token 2, Key Token 3, and Key
        Token 4
B.6.3.4 Authentication Digital Signature, Certificate
B.6.3.5 Service Selection
B.6.3.6 SA Rejection Reason
B.6.3.7 SA Abort/Release Reason
B.6.3.8 Label
B.6.3.9 Key Selection
B.6.3.10 SA Flags
B.6.3.11 ASSR
Annex C - An example of an agreed set of security rules (ASSR)
Annex D - Overview of EKE algorithm

Defines a protocol which may be used for Security Association establishment. Specifies one algorithm for authentication and key distribution which is based on public key crypto systems. Defines a security protocol that achieves protection that depends on the proper operation of security management including key management. Does not specify the management functions and protocols needed to support this security protocol. Supports peer-entity authentication at the time of connection establishment.

The procedures specified in this Recommendation | International Standard operate as extensions to those defined in ITU-T Rec. X.224 | ISO/IEC 8073 and ITU-T Rec. X.234 | ISO/IEC 8602 and do not preclude unprotected communication between transport entities implementing ITU-T Rec. X.224 | ISO/IEC 8073 or ITU-T Rec. X.234 | ISO 8602. The protection achieved by the security protocol defined in this Recommendation | International Standard depends on the proper operation of security management including key management. However, this Recommendation | International Standard does not specify the management functions and protocols needed to support this security protocol. This protocol can support all the integrity, confidentiality, authentication and access control services identified in CCITT Rec. X.800 I ISO 7498-2 as relevant to the transport layer. The protocol supports these services through use of cryptographic mechanisms, security labelling and attributes, such as keys and authenticated identities, pre-established by security management or established through the use of the Security Association - Protocol (SA-P). Protection can be provided only within the context of a security policy. This protocol supports peer-entity authentication at the time of connection establishment. In addition, rekeying is supported within the protocol through the use of SA-P or through means outside the protocol. Security associations can only be established within the context of a security policy. It is a matter for the users to establish their own security policy, which may be constrained by the procedures specified in this Recommendation | International Standard. The following items could be included in a Security Policy: the method of SA establishment/release, the lifetime of SA; Authentication/Access Control mechanisms; Label mechanism; the procedure of the receiving an invalid TPDU during SA establishment procedure or transmission of protected PDU; the lifetime of Key; the interval of the rekey procedure in order to update key and security control information (SCI) exchange procedure; the time out of SCI exchange and rekey procedure; the number of retries of sci exchange and rekey procedure. this Recommendation | International Standard defines a protocol which may be used for Security Association establishment. Entities wishing to establish an SA must share common mechanisms for authentication and key distribution. this Recommendation | International Standard specifies one algorithm for authentication and key distribution which is based on public key crypto systems. The implementation of this algorithm is not mandatory; however, when an alternative mechanism is used, it shall satisfy the following conditions: All SA attributes defined in 5.2 are derived. Derived keys are authenticated.