ISO/IEC 9797-2:2011
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Information technology Security techniques Message Authentication Codes (MACs) Part 2: Mechanisms using a dedicated hash-function
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
16-07-2021
English
02-05-2011
Message Authentication Code (MAC) algorithms are data integrity mechanisms that compute a short string (the Message Authentication Code or MAC) as a complex function of every bit of the data and of a secret key. Their main security property is unforgeability: someone who does not know the secret key should not be able to predict the MAC on any new data string.
MAC algorithms can be used to provide data integrity. Their purpose is the detection of any unauthorized modification of the data such as deletion, insertion, or transportation of items within data. This includes both malicious and accidental modifications. MAC algorithms can also provide data origin authentication. This means that they can provide assurance that a message has been originated by an entity in possession of a specific secret key.
ISO/IEC 9797-2:2011 specifies three MAC algorithms that are based on a dedicated hash-function (selected from ISO/IEC 10118-3).
ISO/IEC 9797-2:2011 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC.
The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of the hash-function and its strength, on the length (in bits) m of the MAC, and on the specific mechanism.
The first mechanism specified in ISO/IEC 9797-2:2011 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2011 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2011 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
DevelopmentNote |
Together with ISO/IEC 9797-1 supersedes ISO/IEC 9797 (04/2004)
|
DocumentType |
Standard
|
Pages |
39
|
PublisherName |
International Organization for Standardization
|
Status |
Withdrawn
|
SupersededBy | |
Supersedes |
Standards | Relationship |
AS ISO/IEC 9797.2:2019 | Identical |
NEN ISO/IEC 9797-2 : 2011 | Identical |
INCITS/ISO/IEC 9797-2 : 2012 | Identical |
BS ISO/IEC 9797-2:2011 | Identical |
CAN/CSA-ISO/IEC 9797-2:13 (R2017) | Identical |
CSA ISO/IEC 9797-2:2013 | Identical |
15/30324800 DC : 0 | BS ISO/IEC 16512-2 - INFORMATION TECHNOLOGY - RELAYED MULTICAST PROTOCOL: SPECIFICATION FOR SIMPLEX GROUP APPLICATIONS |
BS ISO 11568-4:2007 | Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle |
INCITS/ISO/IEC 9798-4 : 1999 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENTITY AUTHENTICATION - PART 4: MECHANISMS USING A CRYPTOGRAPHIC CHECK FUNCTION |
ISO/IEC 20648:2016 | Information technology — TLS specification for storage systems |
I.S. EN ISO 12855:2015 | ELECTRONIC FEE COLLECTION - INFORMATION EXCHANGE BETWEEN SERVICE PROVISION AND TOLL CHARGING (ISO 12855:2015) |
13/30293476 DC : 0 | BS EN 62601 - INDUSTRIAL COMMUNICATION NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - WIA-PA |
INCITS/ISO/IEC 15946-3 : 2002 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CRYPTOGRAPHIC TECHNIQUES BASED ON ELLIPTIC CURVES - PART 3: KEY ESTABLISHMENT |
DD IEC PAS 62601 : DRAFT MAR 2009 | INDUSTRIAL COMMUNICATION NETWORKS - FIELDBUS SPECIFICATIONS - WIA-PA COMMUNICATION NETWORK AND COMMUNICATION PROFILE |
CAN/CSA-ISO/IEC 18033-2:06 (R2016) | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENCRYPTION ALGORITHMS - PART 2: ASYMMETRIC CIPHERS |
ISO/IEC 10118-1:2016 | Information technology Security techniques Hash-functions Part 1: General |
I.S. EN 62734:2015 | INDUSTRIAL NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - ISA 100.11A |
BS ISO/IEC 9796-2:2010 | Information technology. Security techniques. Digital signature schemes giving message recovery Integer factorization based mechanisms |
ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
CEN/TS 14821-5:2003 | Traffic and Travel Information (TTI) - TTI messages via cellular networks - Part 5: Internal services |
EN 62734:2015 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
EN 62601:2016 | Industrial networks - Wireless communication network and communication profiles - WIA-PA |
ISO/IEC 11770-5:2011 | Information technology Security techniques Key management Part 5: Group key management |
CSA ISO/IEC 18033-2 :2006 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENCRYPTION ALGORITHMS - PART 2: ASYMMETRIC CIPHERS |
09/30202174 DC : 0 | BS EN 50159 - RAILWAY APPLICATIONS - COMMUNICATION, SIGNALLING AND PROCESSING SYSTEMS - SAFETY RELATED COMMUNICATION IN TRANSMISSION SYSTEMS |
INCITS/ISO/IEC 9798-4 : 1999 : R2005 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENTITY AUTHENTICATION - PART 4: MECHANISMS USING A CRYPTOGRAPHIC CHECK FUNCTION |
ISO/IEC 9796-2:2010 | Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms |
10/30228327 DC : 0 | BS ISO/IEC 18031 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ISO/IEC 16512-2:2016 | Information technology Relayed multicast protocol: Specification for simplex group applications Part 2: |
12/30259506 DC : DRAFT JAN 2012 | BS EN 62734 - INDUSTRIAL COMMUNICATION NETWORKS - FIELDBUS SPECIFICATIONS - WIRELESS SYSTEMS FOR INDUSTRIAL AUTOMATION: PROCESS CONTROL AND RELATED APPLICATIONS (BASED ON ISA 100.11A) |
ISO/IEC 11770-4:2017 | Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets |
16/30288045 DC : 0 | BS ISO/IEC 20009-4 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ANONYMOUS ENTITY AUTHENTICATION - PART 4: MECHANISMS BASED ON WEAK SECRETS |
18/30331887 DC : 0 | BS ISO/IEC 20889 - INFORMATION TECHNOLOGY- SECURITY TECHNIQUES - PRIVACY ENHANCING DATA DE-IDENTIFICATION TECHNIQUES |
PD ISO/TR 14742:2010 | Financial services. Recommendations on cryptographic algorithms and their use |
BS ISO/IEC 18367:2016 | Information technology. Security techniques. Cryptographic algorithms and security mechanisms conformance testing |
INCITS/ISO/IEC 18033-2 : 2008 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENCRYPTION ALGORITHMS - PART 2: ASYMMETRIC CIPHERS |
ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
BS ISO/IEC 18031 : 2011 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
I.S. EN 62601:2016 | INDUSTRIAL NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - WIA-PA |
PREN 50159 : DRAFT 2009 | RAILWAY APPLICATIONS - COMMUNICATION, SIGNALLING AND PROCESSING SYSTEMS - SAFETY-RELATED COMMUNICATION IN TRANSMISSION SYSTEMS |
ISO/IEC 11889-1:2015 | Information technology — Trusted platform module library — Part 1: Architecture |
ISO/IEC 18367:2016 | Information technology — Security techniques — Cryptographic algorithms and security mechanisms conformance testing |
ISO/IEC 11889-2:2015 | Information technology — Trusted Platform Module Library — Part 2: Structures |
04/30040717 DC : DRAFT JUL 2004 | ISO/IEC 18033-2 - INFORMATION TECHNOLOGY - ENCRYPTION ALGORITHMS - PART 2: ASYMMETRIC CIPHERS |
BS ISO/IEC 16512-2:2016 | Information technology. Relayed multicast protocol: Specification for simplex group applications |
09/30214048 DC : 0 | BS ISO/IEC 9796-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - DIGITAL SIGNATURE SCHEMES GIVING MESSAGE RECOVERY - PART 2: INTEGER FACTORIZATION BASED MECHANISMS |
BS EN 50159:2010 | Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems |
BS ISO/IEC 20009-4:2017 | Information technology. Security techniques. Anonymous entity authentication Mechanisms based on weak secrets |
14/30302807 DC : 0 | BS ISO/IEC 11889-4 - INFORMATION TECHNOLOGY - TRUSTED PLATFORM MODULE - PART 4: SUPPORTING ROUTINES |
BS ISO/IEC 20648:2016 | Information technology. TLS specification for storage systems |
BS EN ISO 12855:2015 | Electronic fee collection. Information exchange between service provision and toll charging |
IEC PAS 62601:2009 | Industrial communication networks - Fieldbus specifications - WIA-PA communication network and communication profile |
CAN/CSA-ISO/IEC 18031:13 (R2017) | Information technology - Security techniques - Random bit generation (Adopted ISO/IEC 18031:2011, second edition, 2011-11-15) |
INCITS/ISO/IEC 11770-5 : 2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - KEY MANAGEMENT - PART 5: GROUP KEY MANAGEMENT |
CSA ISO/IEC 18031 : 2013 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ISO 15764:2004 | Road vehicles Extended data link security |
BS ISO 16609:2012 | Financial services. Requirements for message authentication using symmetric techniques |
CAN/CSA-ISO/IEC 11889-4:16 | Information technology Trusted Platform Module Library Part 4: Supporting Routines (Adopted ISO/IEC 11889-4:2015, second edition, 2015-12-15) |
BS ISO/IEC 11770-4:2017 | Information technology. Security techniques. Key management Mechanisms based on weak secrets |
ISO/TR 14742:2010 | Financial services Recommendations on cryptographic algorithms and their use |
UNE-EN 50159:2011 | Railway applications - Communication, signalling and processing systems - Safety-related communication in transmission systems |
IEC 62734:2014 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
CEI EN 50159 : 2012 | RAILWAY APPLICATIONS - COMMUNICATION, SIGNALLING AND PROCESSING SYSTEMS - SAFETY-RELATED COMMUNICATION IN TRANSMISSION SYSTEMS |
14/30302798 DC : 0 | BS ISO/IEC 11889-1 - INFORMATION TECHNOLOGY - TRUSTED PLATFORM MODULE - PART 1: ARCHITECTURE |
BS ISO/IEC 11770-5:2011 | Information technology Security techniques. Key management Group key management |
BS IEC 62601:2011 | Industrial communication networks. Fieldbus specifications. WIA-PA communication network and communication profile |
BS ISO/IEC 11889-4:2009 | Information technology. Trusted platform module Commands |
DIN EN 62601:2016-10 | Industrial networks - Wireless communication network and communication profiles - WIA-PA (IEC 62601:2015); English version EN 62601:2016 |
10/30237107 DC : DRAFT DEC 2010 | BS ISO/IEC 11770-5 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - KEY MANAGEMENT - PART 5: GROUP KEY MANAGEMENT |
BS EN 62734:2015 | Industrial networks. Wireless communication network and communication profiles. ISA 100.11a |
INCITS/ISO/IEC 18031 : 2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
BS ISO/IEC 19790:2012 | Information technology. Security techniques. Security requirements for cryptographic modules |
14/30302801 DC : 0 | BS ISO/IEC 11889-2 - INFORMATION TECHNOLOGY - TRUSTED PLATFORM MODULE - PART 2: STRUCTURES |
15/30321754 DC : 0 | BS ISO/IEC 20648 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TLS SPECIFICATION FOR STORAGE SYSTEMS |
07/30173155 DC : 0 | BS ISO/IEC 9798-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENTITY AUTHENTICATION - PART 2: MECHANISMS USING SYMMETRIC ENCIPHERMENT ALGORITHMS |
09/30207165 DC : 0 | BS EN 62601 - INDUSTRIAL COMMUNICATION NETWORKS - FIELDBUS SPECIFICATIONS - WIA-PA COMMUNICATION NETWORK AND COMMUNICATION PROFILE |
16/30335688 DC : 0 | BS ISO/IEC 11770-4 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - KEY MANAGEMENT - PART 4: MECHANISMS BASED ON WEAK SECRETS |
ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
ISO/IEC 11889-4:2015 | Information technology — Trusted Platform Module Library — Part 4: Supporting Routines |
IEC 62280:2014 | Railway applications - Communication, signalling and processing systems - Safety related communication in transmission systems |
EN 50159:2010 | Railway applications - Communication, signalling and processing systems - Safety-related communication in transmission systems |
ISO 12855:2015 | Electronic fee collection Information exchange between service provision and toll charging |
IEC 62601:2015 | Industrial networks - Wireless communication network and communication profiles - WIA-PA |
EN ISO 12855:2015 | Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015) |
BS ISO/IEC 11889-1:2009 | Information technology. Trusted platform module Overview |
11/30231411 DC : 0 | BS ISO 16609 - FINANCIAL SERVICES - REQUIREMENTS FOR MESSAGE AUTHENTICATION USING SYMMETRIC TECHNIQUES |
BS ISO/IEC 11889-2:2009 | Information technology. Trusted platform module Design principles |
PD ISO/IEC TR 29149:2012 | Information technology. Security techniques. Best practices for the provision and use of time-stamping services |
BS ISO/IEC 18033-2 : 2006 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENCRYPTION ALGORITHMS - PART 2: ASYMMETRIC CIPHERS |
DD CEN/TS 14821-5:2003 | Traffic and Travel Information (TTI). TTI messages via cellular networks Internal services |
BS ISO/IEC 10118-1:2016 | Information technology. Security techniques. Hash-functions General |
CAN/CSA-ISO/IEC 11889-2:16 | Information technology Trusted Platform Module Library Part 2: Structures (Adopted ISO/IEC 11889-2:2015, second edition, 2015-12-15) |
CAN/CSA-ISO/IEC 11889-1:16 | Information technology Trusted Platform Module Library Part 1: Architecture (Adopted ISO/IEC 11889-1:2015, second edition, 2015-12-15) |
ISO/IEC 20009-4:2017 | Information technology — Security techniques — Anonymous entity authentication — Part 4: Mechanisms based on weak secrets |
ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
I.S. EN 50159:2010 | RAILWAY APPLICATIONS - COMMUNICATION, SIGNALLING AND PROCESSING SYSTEMS - SAFETY-RELATED COMMUNICATION IN TRANSMISSION SYSTEMS |
ISO/IEC TR 29149:2012 | Information technology Security techniques Best practices for the provision and use of time-stamping services |
CAN/CSA-ISO/IEC 10118-1:18 | Information technology - Security techniques - Hash-functions - Part 1: General (Adopted ISO/IEC 10118-1:2016, third edition, 2016-10-15) |
INCITS/ISO/IEC 20889:2018 (2019) | Privacy enhancing data de-identification terminology and classification of techniques |
INCITS/ISO/IEC 10118-1:2016(R2019) | Information technology -- Security techniques -- Hash-functions -- Part 1: General |
CAN/CSA-ISO/IEC 18367:18 | Information technology — Security techniques — Cryptographic algorithms and security mechanisms conformance testing (Adopted ISO/IEC 18367:2016, first edition, 2016-12-15) |
CAN/CSA-ISO/IEC 16512-2:18 | Information technology — Relayed multicast protocol: Specification for simplex group applications (Adopted ISO/IEC 16512-2:2016, third edition, 2016-04-01) |
CAN/CSA-ISO/IEC 20648:18 | Information technology ? TLS specification for storage systems (Adopted ISO/IEC 20648:2016, first edition, 2016-03-01) |
ISO/IEC 18032:2005 | Information technology Security techniques Prime number generation |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 10118-1:2016 | Information technology Security techniques Hash-functions Part 1: General |
ISO/IEC 646:1991 | Information technology ISO 7-bit coded character set for information interchange |
ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
ISO/IEC 10181-6:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.