Course: Cyber Security / Information Security

Year: I, Sem I
Subject: Cryptography
Paper No.: I, Paper Title: Cryptography
Lecture No. 1
Lecture Title: Cryptographic Standards

Script
INTRODUCTION & INTERNATIONAL CRYPTOGRAPHIC
STANDARDS

Hello Everybody. Today in this lecture we will study about cryptographic

standards. Standards have been divided into six categories : International
Standards, Banking security standards, International security architectures, U.S.
government Federal Information Processing Standards , Internet standards and
Wireless Standards
CRYPTOGRAPHIC STANDARDS
 International standards – Cryptographic
techniques
 Banking security standards (ANSI, ISO)
 International security architectures and
frameworks
 U.S. government standards (FIPS)
 Internet standards and RFCs
 Wireless Standards

This lecture focuses on the topic of cryptographic standards which has significant impact
on the use of cryptography in practice. Cryptographic standards serve two important
goals: facilitating widespread use of well-accepted cryptography techniques; and
promoting interoperability between components involving security mechanisms in
various systems.

Now let us first discuss International standards in Cryptographic techniques

 INTERNATIONAL
CRYPTOGRAPHY
STANDARDS

The International Organization for Standardization ISO and the International Electro-
technical Commission IEC developed standards individually and jointly in the area of
cryptography. Table shows selected ISO and IEC standards on cryptographic
techniques.

INTERNATIONAL CRYPTOGRAPHY STANDARDS

Standards # Major claim or area

ISO 8372 Modes of operation for a 64-bit cipher

ISO/IEC 9796 Signatures with message recovery (e.g., RSA)

ISO/IEC 9797 Message Authentication Code (MAC)

ISO/IEC 9798 –1 Entity Authentication – introduction

–2 —using symmetric encipherment
—using public-key techniques
–3 —using keyed one-way functions
–4 —using zero-knowledge techniques
–5
ISO/IEC 9979 Register of cryptographic algorithms

ISO/IEC 10116 Modes of operation for an n-bit cipher

ISO/IEC 10118–1 Hash functions – introduction

–2 —using block ciphers
—customized algorithms
–3 —using modular arithmetic
–4
ISO/IEC 11770–1 Key management – introduction
–2 —symmetric techniques
—asymmetric techniques
–3
ISO/IEC 13888–1 Non-repudiation – introduction
–2 —symmetric techniques
—asymmetric techniques
–3
ISO/IEC 14888–1 Signatures with appendix – introduction
–2 —identity-based mechanisms
—certificate-based mechanisms
–3
As shown ISO 8372 is standard published in 1987 which specifies the four well-
known modes of operation of a block cipher which are electronic codebook (ECB),
cipher block chaining (CBC), cipher feedback (CFB), and output feedback (OFB).

ISO & IEC 9796 standard specifies a generic mechanism for digital signature
schemes giving message recovery. The main part of the standard is a redundancy
scheme, intended to be generically applicable to a large class of signature schemes,
although this standard is specifically designed to preclude attacks on schemes such
as RSA and Rabin which have a multiplicative property.

ISO & IEC 9797 standard defines a message authentication code (MAC) based on
the CBC mode of operation of a block cipher, similar to the MAC algorithms of ISO
8731–1, ISO 9807, ANSI X9.9, and ANSI X9.19.

In ISO & IEC 9798: Parts subsequent to the introduction of this standard specify
entity authentication mechanisms based on: symmetric encryption algorithms as
(9798 part 2); public-key signature algorithms as (9798 part 3); a cryptographic
check function or MAC as (9798 part 4); and other customized techniques as (9798
part 5). The mechanisms use timestamps, sequence numbers, and random numbers
as time-variant parameters.

ISO & IEC 9979 standard specifies procedures allowing certain entities to register
encryption algorithms in an official ISO register of such algorithms. The standard
specifies the formats required for such register entries, and registration results in
the assignment of a unique identifier to each algorithm.

ISO & IEC 10116 standard specifies the same four modes of block-cipher operation
as ISO 8372, but allows general n-bit block ciphers. It also provides greater detail
regarding various properties of the modes, and sample calculations based on DES.

ISO & IEC 10118 is a multi-part standard on cryptographic hashing algorithms.

10118 part 1 specifies common definitions and general requirements. Part 2 specifies
two generic constructions based on n-bit block ciphers. This draft standard part 3
includes customized algorithms like SHA–1, RIPEMD-128 and RIPEMD-160 and
part 4 includes modular arithmetics, MASH-1 and MASH-2.

ISO & IEC 11770 multi-part standard addresses generic key management and
specifies key establishment mechanisms. 11770 part 1 is a key management
framework and overview. 11770 part 2 specifies key establishment mechanisms
based on symmetric techniques, whereas part 3 specifies key establishment
mechanisms based on asymmetric techniques.

ISO & IEC 13888 multi-part standard addresses non-repudiation services like
protection against false denials related to the transfer of a message from an
originator to a recipient. Part one of this draft provides a non-repudiation model
and overview. Part-2 specifies mechanisms involving symmetric techniques whereas
part 3 specifies mechanisms involving asymmetric techniques and the use of digital
signatures.
ISO & IEC 14888 multi-part standard addresses schemes for signature with ANSI
X9.30 part 1 standards. Its part 1 provides common definitions and a general
overview. Part –2 addresses identity-based signature mechanisms. And part –3
addresses certificate-based mechanisms, wherein this public key is explicitly
specified.

BANKING SECURITY STANDARDS

So these were International Cryptographic Standards. Now let us move on to Banking

security standards

BANKING SECURITY STANDARDS

 ANSI
 ISO

Banking security standards have been developed by American National Standards

Institute ANSI and by International Organization for Standardization ISO. Banking
security standards are typically divided into wholesale and retail banking.

ANSI develops standards through various Accredited Standards Committees (ASCs).

Accredited committees include ASC X3 – Information Processing Systems and ASC X9
– Financial Services. Table shows selected ANSI encryption and banking security
standards developed under X3 and X9.
As shown ANSI X3.92 standard specifies the DES algorithm, which ANSI standards
refer to as the Data Encryption Algorithm (DEA). X3.92 is technically the same as
FIPS 46.

ANSI X3.106 standard specifies DES modes of operation, or DEA modes of

operation as referred to in ANSI standards. X3.106 is technically the same as FIPS
81.

ANSI X9.8 standard addresses PIN management and security.

ANSI X9.9 standard specifies a DES-based message authentication code (MAC)

algorithm for wholesale banking.

ANSI X9.17 standard, which was the basis for ISO 8732, specifies manual and
automated symmetric methods for wholesale banking key management, including
key establishment techniques and protection of keys in key management facilities.

ANSI X9.19 standard specifies a DES-based message authentication code (MAC)

algorithm for retail banking.
ANSI X9.23 standard addresses message formatting and representation issues
related to the use of DES encryption in wholesale banking transactions. These
include field delimiting and padding, as well as filtering methods required to
prevent ciphertext bit sequences from interfering with communications protocols
when inadvertently interpreted as control characters.

ANSI X9.24 standard, specifies manual and automated methods for retail key
management, addressing authentication and (DES-based) encryption of PINs, keys,
and other data.

ANSI X9.26 standard specifies two main classes of entity sign on authentication
mechanisms. The first involves user passwords. The second involves cryptographic
keys used in DES-based challenge-response protocols.

ANSI X9.28 standard extends X9.17 to allow the distribution of keying material
between subscriber nodes who neither share a common key, nor share a key with a
common central server.

ANSI X9.30 suite of ANSI public-key standards, X9.30 part 1 and X9.30 part 2
specify DSA and SHA for the financial services industry.

ANSIX9.31 standard part 1 specifies a signature mechanism based on an RSA

signature algorithm and standard X9.31 part 2 defines hash functions for use with
Part 1, including MDC-2.

ANSI X9.42 standard specifies several variations of unauthenticated Diffie-Hellman

key agreement, providing shared symmetric keys for subsequent cryptographic use.

ANSI X9.45 standard employs a particular type of attribute certificate called an

authorization certificate to allow a party to determine whether a received message
or signed document is authorized with respect to relevant rules or limits or not.

ANSI X9.52 standard for encryption offers improvements over DES security by
specifying a number of modes of operation for triple-DES encryption.

ANSI X9.55 standard specifies extensions to the certificate definitions of ANSI

X9.57 standard.
.
ANSI X9.57 certificate management standard includes both technical specifications
defining public-key certificates for electronic commerce, and business controls
necessary to employ this technology.

Now let us move on to banking security standards given by ISO

ISO banking security standards are developed under the ISO technical committee TC68
for Banking and Related Financial Services. TC68 subcommittees include TC68-SC2 for
whole-sale banking security and TC68-SC6 for retail banking security and smart card
security. Table 3 shows the lists of selected ISO banking security standards. W
indicates wholesale and R indicates retail
As shown in table wholesale banking ISO 8730 standard together with ISO 8731, a
standard for message authentication code (MAC) algorithms forms the
international equivalent of ANSI X9.9.

ISO 8731 standard specify particular MAC algorithms complementary to the

companion standard ISO 8730. Part one of 8731 specifies a DES-based CBC-MAC
with m = 32 whereas part 2 specifies the Message Authenticator Algorithm, MAA.

ISO 8732 standard for key management in wholesale banking was derived from
ANSI X9.17, and is its international equivalent.

ISO 9564 standard, specifies minimum measures for the management and security
of Personal Identification Numbers (PINs).

ISO 9807 standard for message authentication in retail banking is analogous to

ANSI X9.19 but does not address data representation issues.

ISO 10126 multi-part standard is the international equivalent of X9.23 which

addresses the confidentiality protection of financial messages.

ISO 10202 eight-part standard addresses security architecture issues for integrated
circuit cards (chip-cards) used for financial transactions. In particular, ISO 10202
part 7 specifies key management aspects.

ISO 11131 standard for sign-on authentication is the international non-DES specific
standard analogue of ANSI X9.26.

ISO 11166 multi-part standard specifies key management asymmetric techniques

for distributing keys for symmetric algorithms. It was developed from ISO 8732,
which uses symmetric techniques only. Part 1 specifies general principles,
procedures, and formats whereas Part 2 specifies the RSA algorithm for both
encipherment and digital signatures.

ISO 11568 multi-part standard addresses retail key management and life cycle
issues. It is originated from X9.24, but is generalized for international use and
addresses both symmetric and public-key techniques.

ARCHITECTURE & FRAMEWORK

So these were various banking security standards. Now let us move on to International
security architectures and frameworks

INTERNATIONAL
SECURITY ARCHITECTURE
and
FRAMEWORKS

Table shows the lists of selected ISO & IEC standards on security frameworks and
architectures.

ISO/IEC SECURITY
ARCHITECTURE / FRAMEWORK

ISO/IEC # Subject
7498-2 OSI security architecture
9594-8 Authentication framework
10181 OSI security frameworks

As shown in ISO 7498 part 2 the OSI basic reference model of ISO 7498 defines a
communications protocol stack with seven layers: application, presentation, session,
transport, network, data-link and physical layers. However ISO 7498 part 2
specifies the security architecture for the basic reference model, including the
placement of security services and mechanisms within these layers.

ISO & IEC 9594 part 8 defines both simple authentication techniques based on
passwords and so-called strong authentication techniques based on secret values.
ISO & IEC 10181 specification is a series of security frameworks intended to
provide context and background, consisting of security frameworks overview,
authentication framework, access control framework, non-repudiation framework,
confidentiality framework, integrity framework, security audit and alarms
framework.

FIPS

So now after framework architecture let us move on to U.S. government Federal

Information Processing Standards (FIPS)

U.S. Government

Federal Information Processing

Standards
(FIPS)

These are publicly announced standards developed by the United States federal
government for use in computer systems by all non-military government agencies and by
government contractors, when properly invoked and tailored on a contract. The purpose
of FIPS is to ensure that all federal government and agencies adhere to the same
guidelines regarding security and communication.

Table as shown lists selected security-related Federal Information Processing

Standards (FIPS) publications. These are developed under the National Institute of
Standards and Technology (NIST), for use by U.S. federal government departments.
As shown in table FIPS 46 standard specifies the DES algorithm.
FIPS 74 standard provides guidelines for implementing and using DES.
FIPS 81 standard specifies 4 basic DES modes of operation.
FIPS 112 standard provides guidelines on password management and usage.

FIPS 113 standard specifies the customary DES-based CBC-MAC algorithm,

referred to as the Data Authentication Algorithm (DAA).

FIPS 140 part 1 standard specifies security requirements for the design and
implementation of cryptographic modules for protecting unclassified information,
including hardware, firmware, software modules, and combinations thereof.

FIPS 171 specifies, for use by U.S. federal government departments, a subset of the
key distribution techniques of ANSI X9.17. The objective of specifying a subset is to
increase interoperability and decrease system costs.

FIPS 180 and 180 part 1 hash algorithm specified in the original standard FIPS 180
is the Secure Hash Algorithm, SHA and revised version SHA 1 was specified shortly
thereafter in FIPS 180 part 1.

FIPS 185 Encryption Standard specifies the parameters for use with the Clipper key
escrow system.

FIPS 186 standard is the Digital Signature Standard (DSS), which specifies the
Digital Signature Algorithm (DSA).

FIPS 196 standard on entity authentication using asymmetric techniques was

derived from the two-pass and three-pass random-number based mechanisms.
INTERNET & WIRELESS STANDARDS

Now after FIPS let us move on to Internet standards and RFCs

INTERNET SECURITY
STANDARDS

and

RFCs
Documents called Requests for Comments (RFCs) are official working notes of the
Internet research and development community.

Table shows the lists of selected security-related Internet RFCs. The hashing
algorithms MD2, MD4, and MD5 are specified in RFCs 1319-1321, respectively. The
Internet Privacy- Enhanced Mail (PEM) specifications are given in RFCs 1421-
1424. The Generic Security Service Application Program Interface (GSS-API) is
given in RFC 1508 which is a high-level security API which isolates application code
from implementation details. Specific implementation mechanisms Kerberos V5
network authentication is given in RFC 1510 for symmetric-based techniques, and
SPKM for public-key based techniques………… RFC 1828 specifies a method for
using keyed MD5 as a MAC………….. MIME Object Security Services (MOSS).
MOSS makes use of the RFC 1847 framework of multipart signed and multipart
encrypted MIME messages, and facilitates encryption and signature services for
MIME including key management based on asymmetric techniques. RFC 1848
defines MOSS in RFC 1847………… RFC 1938 specifies an authentication
technique based on Lamport’s one-time password scheme.
Now after Internet security standards let us move on to Public Key Cryptographic
Standards PKCS: In cryptography, PKCS is a group of public-key
cryptography standards devised and published by RSA Security Incorporation, starting in
the early 1990s. The company published the standards to promote the use of the
cryptography techniques to which they had patents, such as the RSA algorithm,
the Schnorr signature algorithm and several others. A suite of specifications called
PKCS has parts as listed in Table shown.

# Version Name

PKCS #1 2.1 RSA Cryptography Standard

PKCS #2 - Withdrawn

PKCS #3 1.4 Diffie–Hellman Key Agreement Standard

PKCS #4 - Withdrawn

PKCS #5 2.0 Password-based Encryption Standard

PKCS #6 1.5 Extended-Certificate Syntax Standard

PKCS #7 1.5 Cryptographic Message Syntax Standard

PKCS #8 1.2 Private-Key Information Syntax Standard

PKCS #9 2.0 Selected Attribute Types

PKCS #10 1.7 Certification Request Standard

PKCS #11 2.20 Cryptographic Token Interface

Personal Information Exchange Syntax

PKCS #12 1.0
Standard

PKCS #13 – Elliptic Curve Cryptography Standard

PKCS #14 – Pseudo-random Number Generation

Cryptographic Token Information Format

PKCS #15 1.1
Standard

As shown in table PKCS 1 is RSA Cryptography Standard, PKCS 2 is Withdrawn,

PKCS 3 is Diffie–Hellman Key Agreement Standard, PKCS 4 is Withdrawn.
PKCS 5 is Password based Encryption Standard. PKCS 6 is Extended-
Certificate Syntax Standard and PKCS 7 is Cryptographic Message Syntax
Standard. PKCS 8 is Private-Key Information Syntax Standard, PKCS 9 is
Selected Attribute Types, PKCS 10 is Certification Request Standard. PKCS 11 is
Cryptographic Token Interface, PKCS 12 is Personal Information Exchange Syntax
Standard. PKCS 13 is Elliptic Curve Cryptography Standard. PKCS 14 is Pseudo
random Number Generation and PKCS 15 is Cryptographic Token
Information Format Standard

These were Public Key Cryptographic Standards. Now let us move over to
Wireless Security Standards

WIRELESS SECURITY
STANDARDS

 WEP
 WPA

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE

802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in
September 1999, its intention was to provide data confidentiality comparable to that of a
traditional wired network. Further in 2003 the Wi-Fi Alliance announced that WEP had
been superseded by Wi-Fi Protected Access (WPA). In 2004, WPA was upgraded to
WPA also called as 802.11i.
So friends in this lecture we covered cryptographic standards. Firstly we discussed
International Standards followed by Banking security standards, International security
architectures, U.S. government Federal Information Processing Standards FIPS , Internet
standards and in last Wireless Standards were discussed.
Thank you