IEEE DRAFT 802.10C : D15 JAN 97
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
DRAFT STANDARD FOR INTEROPERABLE LAN/MAN SECURITY CLAUSE 3 - KEY MANAGEMENT
01-05-1998
12-01-2013
1 INTRODUCTION
1.1 SCOPE AND PURPOSE
1.2 OVERVIEW
2 DEFINITIONS
2.1 ACRONYMS
2.2 SECURITY DEFINITIONS
3 REFERENCES
4 KEY DISTRIBUTION TECHNIQUES
4.1 MANUAL KEY DISTRIBUTION TECHNIQUES
4.2 CENTER-BASED KEY DISTRIBUTION TECHNIQUES
4.3 CERTIFICATE-BASED DISTRIBUTION TECHNIQUES
4.4 MULTICAST KEY DISTRIBUTION TECHNIQUES
5 KEY MANAGEMENT MODEL
5.1 SECURITY ASSOCIATION LIFECYCLE
5.2 KEY MANAGEMENT APPLICATION ENTITY STRUCTURE
5.3 SEQUENCING OF APPLICATION LAYER SERVICES
5.3.1 Manually Distributed Key
5.3.2 Key Center Distribution
5.3.3 Certificate-Based Key Distribution
5.3.4 Multicast Key Distribution
5.3.4.1 Create Multicast Security Association
5.3.4.2 Spawn Multicast Security Association
5.3.5 Spawn Security Association
5.3.6 Delete Security Association
6 SERVICE DEFINITION
6.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE) SERVICES
6.1.1 Create Security Association (Create-SA)
6.1.1.1 Calling AE-Title
6.1.1.2 Called AE-Title
6.1.1.3 Key Management Technique Identifier List
6.1.1.4 Security Policy Identifier
6.1.1.5 Security Association Attributes List
6.1.1.6 Security Association Attributes
6.1.1.7 Calling SAID
6.1.1.8 Called SAID
6.1.1.9 Result
6.1.2 Spawn Security Association (Spawn-SA)
6.1.2.1 Spawn Option
6.1.2.2 Key Transformation Algorithm Identifier
6.1.2.3 Previously Established Calling SAID
6.1.2.4 Previously Established Called SAID
6.1.3 Delete Security Association (Delete-SA)
6.1.4 Create Multicast Security Association
(Create-MSA)
6.1.4.1 MKCTitle
6.1.4.2 Mcast Address List
6.1.4.3 Mcast Token List
6.1.5 Spawn Multicast Security Association
(Spawn-MSA)
6.1.5.1 MCastSAID
6.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO) SERVICES
6.2.1 Negotiate Key Management Algorithm (Pick-KM-Alg)
6.2.2 Select Key (Select-Key)
6.2.2.1 Keying Material Identifier
6.2.2.2 TransformAlgorithmIdentifier
6.2.3 Make Key (Make-Key)
6.2.3.1 Key Generation Algorithm Identifier
6.2.3.2 Calling Certificate Path
6.2.3.3 Called Certificate Path
6.2.3.4 Calling Key Generation Algorithm Parameters
6.2.3.5 Called Key Generation Algorithm Parameters
6.2.3.6 Calling Attribute Certification Path
6.2.3.7 Called Attribute Certification Path
6.2.4 Send Key (Send-Key)
6.2.4.1 KEK Identifier
6.2.4.2 Request Parameters
6.2.4.3 Response Parameters
6.2.5 Negotiate Security Association Attributes
(Pick-SA-Attrs)
6.2.5.1 Escrow Agent Info
6.2.6 Spawn Key (Spawn-Key)
6.2.6.1 Key Transformation Algorithm Identifier
6.2.7 Get Multicast Key (Get-MKey)
6.2.8 Delete Key (Delete-Key)
6.2.9 Release Peer Association (Release-P)
6.2.9.1 Release-request-reason
6.2.9.2 Release-response-reason
6.2.9.3 User Information
6.2.10 Abort Peer Association (Abort-P)
6.2.10.1 Abort Source
6.2.10.2 User Information
6.2.11 Protected Make Key (Protected-Make-Key)
6.2.12 Get Next Multicast Key (Get-Next-MKey)
6.2.13 Please Send Key (Please-Send-Key)
6.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
SERVICES
6.3.1 Request Key (Request-Key)
6.3.1.1 KDC AE-Title
6.3.1.2 Request Parameters
6.3.1.3 Response Parameters
6.3.2 Translate Key (Translate-Key)
6.3.2.1 KTC AE-Title
6.3.2.2 Request Parameters
6.3.2.3 Response Parameters
6.3.3 Release Center Association (Release-C)
6.3.4 Abort Center Association (Abort-C)
7 SECURITY EXCHANGES
7.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE)
SECURITY EXCHANGES
7.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO)
SECURITY EXCHANGES
7.2.1 Negotiate Key Management Algorithm
(Pick-KM-Alg) Security Exchange
7.2.2 Select Key (Select-Key) Security Exchange
7.2.3 Make Key (Make-Key) Security Exchange
7.2.4 Send Key (Send-Key) Security Exchange
7.2.5 Negotiate Security Association Attributes
(Pick-SA-Attrs) Security Exchange
7.2.6 Spawn Key (Spawn-Key) Security Exchange
7.2.7 Get Multicast Key (Get-MKey) Security Exchange
7.2.8 Delete Key (Delete-Key) Security Exchange
7.2.9 Protected Make Key (Protected-Make-Key)
7.2.10 Get Next Multicast Key (Get-Next-MKey)
7.2.11 Please Send Key (Please-Send-Key) Security Exchange
7.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
SECURITY EXCHANGES
7.3.1
7.3.2 Request Key (Request-Key) Security Exchange
7.3.3 Translate Key (Translate-Key) Security Exchange
7.4 OBJECT IDENTIFIERS
7.5 OBJECT CLASS DEFINITIONS
7.5.1 Key Generation Algorithm Object Class
7.5.2 Security Protocol Attributes Object Class
7.5.3 Center Protocol Object Class
7.6 SECURITY TRANSFORMATIONS AND PROTECTION MAPPINGS
7.6.1 Integrity and Privacy Security Transformation
7.6.1.1 Other Details
7.6.2 Integrity Security Transformation
7.6.3 Seal and Encrypt Protection Mapping
7.6.4 Sealed Protection Mapping
8 KMAE CONTROL FUNCTION
8.1 KMAE CONTROL FUNCTION STATE TABLES
8.2 SAMPLE TIMING DIAGRAMS
9 APPENDIX A LOCATING SDE KEY MANAGEMENT ENTITIES
9.1 PROBE FRAMES
9.1.1 Probe Request
9.1.2 Probe Processing
9.1.3 Probe Response
9.2 ADDRESS DISCOVERY SCENARIO
10 APPENDIX B CERTIFICATE REPLACEMENT
10.1 SERVICE DEFINITION (CERT-REPLACE)
10.1.1 Certificate-To-Be-Replaced
10.1.2 Replacement-Indicator
10.2 REPLACE-CERTIFICATE
10.2.1 Replacement-Material
10.3 SECURITY EXCHANGES
11 APPENDIX C COMPROMISED MATERIAL LISTS
11.1 SECURITY DEFINITION (CML-REQUEST)
11.1.1 Name
11.1.2 Attribute-Id
11.1.3 Attribute-Value
11.2 REQUEST-CML
11.3 SECURITY EXCHANGES
12 APPENDIX D KEY DISTRIBUTION SCENARIOS
12.1 MANUAL KEY DISTRIBUTION SCENARIO
12.2 CENTER-BASED KEY DISTRIBUTION SCENARIO
12.3 CERTIFICATE-BASED KEY DISTRIBUTION SCENARIO
12.3.1 X9.44 RSA Key Transfer Scenario
12.3.2 X9.42 Diffie-Hellman Key Agreement Scenario
13 APPENDIX E SDE ATTRIBUTE NEGOTIATIONS
13.1 SECURITY ATTRIBUTES FOR SECURE DATA EXCHANGE (SDE)
Specifies a cryptographic key management architecture and protocol.
DocumentType |
Draft
|
PublisherName |
Institute of Electrical & Electronics Engineers
|
Status |
Superseded
|
MIL-HDBK-818-1 Base Document:1992 | SURVIVABLE ADAPTABLE FIBER OPTIC EMBEDDED NETWORK (SAFENET) NETWORK DEVELOPMENT GUIDANCE |
ISO 8650:1988 | Information processing systems — Open Systems Interconnection — Protocol specification for the Association Control Service Element |
ISO/IEC 7498-3:1997 | Information technology — Open Systems Interconnection — Basic Reference Model: Naming and addressing |
ISO/IEC 7498-1:1994 | Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model |
ISO/IEC 10736:1995 | Information technology Telecommunications and information exchange between systems Transport layer security protocol |
ISO/IEC 9545:1994 | Information technology Open Systems Interconnection Application Layer structure |
ISO/IEC 8824:1990 | Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1) |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 11586-1:1996 | Information technology Open Systems Interconnection Generic upper layers security: Overview, models and notation |
ISO/IEC 11586-4:1996 | Information technology Open Systems Interconnection Generic upper layers security: Protecting transfer syntax specification |
ISO/IEC 11577:1995 | Information technology Open Systems Interconnection Network layer security protocol |
ISO/IEC 11586-3:1996 | Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) protocol specification |
ISO/IEC 11586-2:1996 | Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) service definition |
ISO/IEC 8649:1996 | Information technology Open Systems Interconnection Service definition for the Association Control Service Element |
ISO/IEC 10745:1995 | Information technology Open Systems Interconnection Upper layers security model |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.