Codes & Standards - Purchase
CAN/CSA-ISO/IEC 9797-1-02 (R2010)
Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms Using a Block Cipher (Adopted ISO/IEC 9797-1:1999, first edition, 1999-12-15)
SKU: 2414938
Published by CSA Group
Publication Year 2002
Reaffirmed in 2010
25 pages
Withdrawn
Product Details
Scope
This part of ISO/IEC 9797 specifies six MAC algorithms that use a secret key and an n-bit block cipher to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The str ength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the block length (in bits) n and strength of the block cipher, on the length (in bits) m of the MAC, and on the specific mechanism. The first three mechanisms specified in this part of ISO/IEC 9797 are co mmonly known as CBC-MAC (CBC is the abbreviation of Cipher Block Chaining). The calculation of a MAC as described in ISO 8731-1 and ANSI X9.9 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32,MAC Algorithm 1 and Padding Method 1 are used, and the block cipher is DEA (ANSI X3.92: 1981). The calculation of a MAC as described in ANSI X9.19 and ISO 9807 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32, either MAC Algorithm 1 or MAC Algorithm 3 is used (both with Padding Method 1), and the block cipher is DEA (ANSI X3.92: 1981). The fourth mechanism is a variant of CBC-MAC with a special initial transformation. It is recommended for applications, which require that the key length of the MAC algorithm is twice that of the block cipher. NOTES 1 For example, in the case of DEA (ANSI X3.92: 1981), the block cipher key length is 56 bits, while the MAC algorithm key length is 112 bits. 2 When used with DEA (which is also known as DES), this algorithm is called MacDES [12]. The fifth and sixth mechanism use two parallel instances of the first and fourth mechanism respectively, and combine the two results with a bitwise exclusive-or operation. They are recommended for applications, which require an increased security level against forgery attacks (cf. Annex B). The fifth mechanism uses a single length MAC algorithm key, while the sixth mechanism doubles the MAC algorithm key length. This part of ISO/IEC 9797 can be applied to the security services of any security architecture, process, or application. 2 Normative references The following standards contain provisions which, through reference in this text, constitute provisions of this part of ISO/IEC 9797. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this part of ISO/IEC 9797 are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 7498-2: 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. ISO/IEC 9798-1: 1997, Information technology - Security techniques - Entity authentication - Part 1: General. ISO/IEC 10116: 1997, Information technology - Security techniques - Modes of operation for an n-bit block cipher.
This part of ISO/IEC 9797 specifies six MAC algorithms that use a secret key and an n-bit block cipher to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The str ength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the block length (in bits) n and strength of the block cipher, on the length (in bits) m of the MAC, and on the specific mechanism. The first three mechanisms specified in this part of ISO/IEC 9797 are co mmonly known as CBC-MAC (CBC is the abbreviation of Cipher Block Chaining). The calculation of a MAC as described in ISO 8731-1 and ANSI X9.9 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32,MAC Algorithm 1 and Padding Method 1 are used, and the block cipher is DEA (ANSI X3.92: 1981). The calculation of a MAC as described in ANSI X9.19 and ISO 9807 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32, either MAC Algorithm 1 or MAC Algorithm 3 is used (both with Padding Method 1), and the block cipher is DEA (ANSI X3.92: 1981). The fourth mechanism is a variant of CBC-MAC with a special initial transformation. It is recommended for applications, which require that the key length of the MAC algorithm is twice that of the block cipher. NOTES 1 For example, in the case of DEA (ANSI X3.92: 1981), the block cipher key length is 56 bits, while the MAC algorithm key length is 112 bits. 2 When used with DEA (which is also known as DES), this algorithm is called MacDES [12]. The fifth and sixth mechanism use two parallel instances of the first and fourth mechanism respectively, and combine the two results with a bitwise exclusive-or operation. They are recommended for applications, which require an increased security level against forgery attacks (cf. Annex B). The fifth mechanism uses a single length MAC algorithm key, while the sixth mechanism doubles the MAC algorithm key length. This part of ISO/IEC 9797 can be applied to the security services of any security architecture, process, or application. 2 Normative references The following standards contain provisions which, through reference in this text, constitute provisions of this part of ISO/IEC 9797. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this part of ISO/IEC 9797 are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 7498-2: 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. ISO/IEC 9798-1: 1997, Information technology - Security techniques - Entity authentication - Part 1: General. ISO/IEC 10116: 1997, Information technology - Security techniques - Modes of operation for an n-bit block cipher.