• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

CAN/CSA-ISO/IEC 11577-97 (R2015)

Current

Current

The latest, up-to-date edition.

Information Technology - Open Systems Interconnection - Network Layer Security Protocol (Adopted ISO/IEC 11577:1995)

Available format(s)

Hardcopy , PDF

Language(s)

English, French

Published date

01-01-1997

£168.93
Excluding VAT

1 Scope
2 Normative references
3 Definitions
4 Abbreviations
5 Overview of the Protocol
6 Protocol Functions Common to NLSP-CL and NLSP-CO
7 Protocol Functions FOR NLSP-CL
8 Protocol Functions for NLSP-CO
9 Overview of mechanisms used
10 Connection security control (NLSP-CO only)
11 SDT PDU Based encapsulation Function
12 No-Header Encapsulation Function (NLSP-CO only)
13 Structure and Encoding of PDUS
14 Conformance
Annex A - Mapping UN primitives to CCITT Rec. X.213 -
          ISO 8348
Annex B - Mapping UN primitives to CCITT Rec. X.25 -
          ISO 8208
Annex C - Security Association Protocol Using Key
          Token Exchange and Digital Signatures
Annex D - NLSP PICS Proforma
Annex E - Tutorial on some Basic Concepts of NLSP
Annex F - Example of an Agreed Set of Security Rules
Annex G - Security Association and Attributes
Annex H - Example Key Token Exchange - EKE Algorithm

Scope This ITU-T Recommendation / International Standard specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer, which is defined by CCITT Rec. X.213 / ISO/IEC 8348, and ISO 8648. The protocol defined in this ITU-T Recommendation / International Standard is called the Network Layer Security Protocol (NLSP). This ITU-T Recommendation / International Standard specifies: (1) Support for the following security services defined in CCITT Rec. X.800 / ISO 7498-2: (a) peer entity authentication; (b) data origin authentication; (c) access control; (d) connection confidentiality; (e) connectionless confidentiality; (f) traffic flow confidentiality; (g) connection integrity without recovery (including Data Unit Integrity, in which individual SDUs on a connection are integrity protected); (h) connectionless integrity. (2) The functional requirements for implementations that claim conformance to this ITU-T Recommendation / International Standard. The procedures of this protocol are defined in terms of: (a) requirements on the cryptographic techniques that can be used in an instance of this protocol; (b) requirements on the information carried in the security association used in an instance of communication. Although the degree of protection afforded by some security mechanisms depends on the use of some specific cryptographic techniques, correct operation of this protocol is not dependent on the choice of any particular encipherment or decipherment algorithm. This is a local matter for the communicating systems. Furthermore, neither the choice nor the implementation of a specific security policy are within the scope of this ITU-T Recommendation / International Standard. The choice of a specific security policy, and hence the degree of protection that will be achieved, is left as a local matter among the systems that are using a single instance of secure communications. This ITU-T Recommendation / International Standard does not require that multiple instances of secure communications involving a single open system must use the same security protocol. Annex D provides the PICS proforma for the Network Layer Security Protocol in compliance with the relevant guidance given in ISO/IEC 9646-2.

DocumentType
Standard
ISBN
0317-5669
Pages
122
ProductNote
Reconfirmed EN
PublisherName
Canadian Standards Association
Status
Current
Supersedes

Scope This ITU-T Recommendation / International Standard specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer, which is defined by CCITT Rec. X.213 / ISO/IEC 8348, and ISO 8648. The protocol defined in this ITU-T Recommendation / International Standard is called the Network Layer Security Protocol (NLSP). This ITU-T Recommendation / International Standard specifies: (1) Support for the following security services defined in CCITT Rec. X.800 / ISO 7498-2: (a) peer entity authentication; (b) data origin authentication; (c) access control; (d) connection confidentiality; (e) connectionless confidentiality; (f) traffic flow confidentiality; (g) connection integrity without recovery (including Data Unit Integrity, in which individual SDUs on a connection are integrity protected); (h) connectionless integrity. (2) The functional requirements for implementations that claim conformance to this ITU-T Recommendation / International Standard. The procedures of this protocol are defined in terms of: (a) requirements on the cryptographic techniques that can be used in an instance of this protocol; (b) requirements on the information carried in the security association used in an instance of communication. Although the degree of protection afforded by some security mechanisms depends on the use of some specific cryptographic techniques, correct operation of this protocol is not dependent on the choice of any particular encipherment or decipherment algorithm. This is a local matter for the communicating systems. Furthermore, neither the choice nor the implementation of a specific security policy are within the scope of this ITU-T Recommendation / International Standard. The choice of a specific security policy, and hence the degree of protection that will be achieved, is left as a local matter among the systems that are using a single instance of secure communications. This ITU-T Recommendation / International Standard does not require that multiple instances of secure communications involving a single open system must use the same security protocol. Annex D provides the PICS proforma for the Network Layer Security Protocol in compliance with the relevant guidance given in ISO/IEC 9646-2.

Standards Relationship
ISO/IEC 11577:1995 Identical

ISO/IEC 7498-1:1994 Information technology Open Systems Interconnection Basic Reference Model: The Basic Model
ISO/IEC 9834-1:2012 Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree
ISO/IEC 9646-2:1994 Information technology Open Systems Interconnection Conformance testing methodology and framework Part 2: Abstract Test Suite specification
ISO/IEC 10731:1994 Information technology Open Systems Interconnection Basic Reference Model Conventions for the definition of OSI services
ISO/IEC 9979:1999 Information technology Security techniques Procedures for the registration of cryptographic algorithms
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO/IEC 8348:2002 Information technology Open Systems Interconnection Network service definition
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 8878:1992 Information technology — Telecommunications and information exchange between systems — Use of X.25 to provide the OSI Connection-mode Network Service
ISO/IEC TR 13594:1995 Information technology Lower layers security
ISO/IEC 8825:1990 Information technology — Open Systems Interconnection — Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)
ISO/IEC 8473-1:1998 Information technology Protocol for providing the connectionless-mode network service: Protocol specification Part 1:
ISO/IEC 9646-1:1994 Information technology Open Systems Interconnection Conformance testing methodology and framework Part 1: General concepts
ISO/IEC 8208:2000 Information technology Data communications X.25 Packet Layer Protocol for Data Terminal Equipment
ISO/IEC 9834-3:2008 Information technology — Open Systems Interconnection — Procedures for the operation of OSI Registration Authorities — Part 3: Registration of Object Identifier arcs beneath the top-level arc jointly administered by ISO and ITU-T
ISO/IEC 10745:1995 Information technology Open Systems Interconnection Upper layers security model

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.