Abstract
We provide the first systematic analysis of the ISO/IEC 11770 standard for key management techniques (2009, 2009), which describes a set of key establishment, key agreement, and key transport protocols. We analyse the claimed security properties, as well as additional modern requirements on key management protocols, for over 30 protocols and their variants. Our formal, tool-supported analysis of the protocols uncovers several incorrect claims in the standard. We provide concrete suggestions for improving the standard.
Highlights
The International Organisation for Standardisation (ISO) develops and promotes international standards, which include a wide variety of security mechanisms
Our analysis reveals that the majority of protocols for which mutual forward secrecy (MFS) is claimed only achieve weak Perfect Forward Secrecy (wPFS), and we interpret MFS as wPFS
We model unknown key share (UKS) attacks in the standard way, i.e. if the assumptions on the partner identities of the attacked session s do not match the assumptions of a session s, we allow the adversary to reveal the session key of s
Summary
The International Organisation for Standardisation (ISO) develops and promotes international standards, which include a wide variety of security mechanisms. One exception is the analysis of Basin et al of the ISO/IEC 9798 standard for entity authentication [4] in 2012. Their analysis uncovered a series of issues that led to an updated version of the 9798 standard. We focus on the ISO/IEC 11770 standard for key management protocols, in particular on Parts 2 and 3 of this standard. In positive contrast to other security protocol standards [5], the ISO/IEC 11770 standard explicitly specifies security properties for each of its protocols Two of these properties are structural properties, i.e. key control and replay detection. The ISO/IEC 11770 standard describes key management techniques. Part 4 describes mechanisms based on weak secrets, such as password-based key exchange protocols. The standard is expected to be extended with a sixth part on key derivation functions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
