CAN/CSA-ISO/IEC 9797-1:02 (R2010)

Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms Using a Block Cipher (Adopted ISO/IEC 9797-1:1999, first edition, 1999-12-15)
This National Standard of Canada is equivalent to International Standard ISO/IEC 9797-1:1999 (first edition, 1999-12-15). 1 Scope This part of ISO/IEC 9797 specifies six MAC algorithms that use a secret key and an n-bit block cipher to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the block length (in bits) n and strength of the block cipher, on the length (in bits) m of the MAC, and on the specific mechanism. The first three mechanisms specified in this part of ISO/IEC 9797 are co mmonly known as CBC-MAC (CBC is the abbreviation of Cipher Block Chaining). The calculation of a MAC as described in ISO 8731-1 and ANSI X9.9 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32,MAC Algorithm 1 and Padding Method 1 are used, and the block cipher is DEA (ANSI X3.92: 1981). The calculation of a MAC as described in ANSI X9.19 and ISO 9807 is a specific case of this part of ISO/IEC 9797 when n = 64, m = 32, either MAC Algorithm 1 or MAC Algorithm 3 is used (both with Padding Method 1), and the block cipher is DEA (ANSI X3.92: 1981). The fourth mechanism is a variant of CBC-MAC with a special initial transformation. It is recommended for applications, which require that the key length of the MAC algorithm is twice that of the block cipher. NOTES 1 For example, in the case of DEA (ANSI X3.92: 1981), the block cipher key length is 56 bits, while the MAC algorithm key length is 112 bits. 2 When used with DEA (which is also known as DES), this algorithm is called MacDES [12]. The fifth and sixth mechanism use two parallel instances of the first and fourth mechanism respectively, and combine the two results with a bitwise exclusive-or operation. They are recommended for applications, which require an increased security level against forgery attacks (cf. Annex B). The fifth mechanism uses a single length MAC algorithm key, while the sixth mechanism doubles the MAC algorithm key length. This part of ISO/IEC 9797 can be applied to the security services of any security architecture, process, or application.
OEN:
CSA
Langue:
English
Code(s) de l'ICS:
35.040
Statut:
Annulée
Date de Publication:
2002-02-28
Numéro Standard:
CAN/CSA-ISO/IEC 9797-1:02 (R2010)