CAN/CSA-ISO/IEC 11577-97 (R2015)
Current
The latest, up-to-date edition.
Information Technology - Open Systems Interconnection - Network Layer Security Protocol (Adopted ISO/IEC 11577:1995)
Hardcopy , PDF
English, French
01-01-1997
1 Scope
2 Normative references
3 Definitions
4 Abbreviations
5 Overview of the Protocol
6 Protocol Functions Common to NLSP-CL and NLSP-CO
7 Protocol Functions FOR NLSP-CL
8 Protocol Functions for NLSP-CO
9 Overview of mechanisms used
10 Connection security control (NLSP-CO only)
11 SDT PDU Based encapsulation Function
12 No-Header Encapsulation Function (NLSP-CO only)
13 Structure and Encoding of PDUS
14 Conformance
Annex A - Mapping UN primitives to CCITT Rec. X.213 -
ISO 8348
Annex B - Mapping UN primitives to CCITT Rec. X.25 -
ISO 8208
Annex C - Security Association Protocol Using Key
Token Exchange and Digital Signatures
Annex D - NLSP PICS Proforma
Annex E - Tutorial on some Basic Concepts of NLSP
Annex F - Example of an Agreed Set of Security Rules
Annex G - Security Association and Attributes
Annex H - Example Key Token Exchange - EKE Algorithm
Scope This ITU-T Recommendation / International Standard specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer, which is defined by CCITT Rec. X.213 / ISO/IEC 8348, and ISO 8648. The protocol defined in this ITU-T Recommendation / International Standard is called the Network Layer Security Protocol (NLSP). This ITU-T Recommendation / International Standard specifies: (1) Support for the following security services defined in CCITT Rec. X.800 / ISO 7498-2: (a) peer entity authentication; (b) data origin authentication; (c) access control; (d) connection confidentiality; (e) connectionless confidentiality; (f) traffic flow confidentiality; (g) connection integrity without recovery (including Data Unit Integrity, in which individual SDUs on a connection are integrity protected); (h) connectionless integrity. (2) The functional requirements for implementations that claim conformance to this ITU-T Recommendation / International Standard. The procedures of this protocol are defined in terms of: (a) requirements on the cryptographic techniques that can be used in an instance of this protocol; (b) requirements on the information carried in the security association used in an instance of communication. Although the degree of protection afforded by some security mechanisms depends on the use of some specific cryptographic techniques, correct operation of this protocol is not dependent on the choice of any particular encipherment or decipherment algorithm. This is a local matter for the communicating systems. Furthermore, neither the choice nor the implementation of a specific security policy are within the scope of this ITU-T Recommendation / International Standard. The choice of a specific security policy, and hence the degree of protection that will be achieved, is left as a local matter among the systems that are using a single instance of secure communications. This ITU-T Recommendation / International Standard does not require that multiple instances of secure communications involving a single open system must use the same security protocol. Annex D provides the PICS proforma for the Network Layer Security Protocol in compliance with the relevant guidance given in ISO/IEC 9646-2.
DocumentType |
Standard
|
ISBN |
0317-5669
|
Pages |
122
|
ProductNote |
Reconfirmed EN
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Supersedes |
Scope This ITU-T Recommendation / International Standard specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer, which is defined by CCITT Rec. X.213 / ISO/IEC 8348, and ISO 8648. The protocol defined in this ITU-T Recommendation / International Standard is called the Network Layer Security Protocol (NLSP). This ITU-T Recommendation / International Standard specifies: (1) Support for the following security services defined in CCITT Rec. X.800 / ISO 7498-2: (a) peer entity authentication; (b) data origin authentication; (c) access control; (d) connection confidentiality; (e) connectionless confidentiality; (f) traffic flow confidentiality; (g) connection integrity without recovery (including Data Unit Integrity, in which individual SDUs on a connection are integrity protected); (h) connectionless integrity. (2) The functional requirements for implementations that claim conformance to this ITU-T Recommendation / International Standard. The procedures of this protocol are defined in terms of: (a) requirements on the cryptographic techniques that can be used in an instance of this protocol; (b) requirements on the information carried in the security association used in an instance of communication. Although the degree of protection afforded by some security mechanisms depends on the use of some specific cryptographic techniques, correct operation of this protocol is not dependent on the choice of any particular encipherment or decipherment algorithm. This is a local matter for the communicating systems. Furthermore, neither the choice nor the implementation of a specific security policy are within the scope of this ITU-T Recommendation / International Standard. The choice of a specific security policy, and hence the degree of protection that will be achieved, is left as a local matter among the systems that are using a single instance of secure communications. This ITU-T Recommendation / International Standard does not require that multiple instances of secure communications involving a single open system must use the same security protocol. Annex D provides the PICS proforma for the Network Layer Security Protocol in compliance with the relevant guidance given in ISO/IEC 9646-2.
Standards | Relationship |
ISO/IEC 11577:1995 | Identical |
ISO/IEC 7498-1:1994 | Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model |
ISO/IEC 9834-1:2012 | Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree |
ISO/IEC 9646-2:1994 | Information technology Open Systems Interconnection Conformance testing methodology and framework Part 2: Abstract Test Suite specification |
ISO/IEC 10731:1994 | Information technology Open Systems Interconnection Basic Reference Model Conventions for the definition of OSI services |
ISO/IEC 9979:1999 | Information technology Security techniques Procedures for the registration of cryptographic algorithms |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO/IEC 8348:2002 | Information technology — Open Systems Interconnection — Network service definition |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 8878:1992 | Information technology — Telecommunications and information exchange between systems — Use of X.25 to provide the OSI Connection-mode Network Service |
ISO/IEC TR 13594:1995 | Information technology Lower layers security |
ISO/IEC 8825:1990 | Information technology — Open Systems Interconnection — Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1) |
ISO/IEC 8473-1:1998 | Information technology — Protocol for providing the connectionless-mode network service: Protocol specification — Part 1: |
ISO/IEC 9646-1:1994 | Information technology Open Systems Interconnection Conformance testing methodology and framework Part 1: General concepts |
ISO/IEC 8208:2000 | Information technology — Data communications — X.25 Packet Layer Protocol for Data Terminal Equipment |
ISO/IEC 9834-3:2008 | Information technology — Open Systems Interconnection — Procedures for the operation of OSI Registration Authorities — Part 3: Registration of Object Identifier arcs beneath the top-level arc jointly administered by ISO and ITU-T |
ISO/IEC 10745:1995 | Information technology Open Systems Interconnection Upper layers security model |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.