Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

Algorithm Yellow Book v.01 - The CCSDS Collaborative Work

advertisement 
CCSDS
CRYPTOGRAPHIC
ALGORITHMS TEST
PLAN
DRAFT CCSDS RECORD
CCSDS 000.0-Y-0
Draft Yellow Book
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
FOREWORD
[Foreword text specific to this document goes here. The text below is boilerplate.]
Through the process of normal evolution, it is expected that expansion, deletion, or
modification of this document may occur. This document is therefore subject to CCSDS
document management and change control procedures, which are defined in the Procedures
Manual for the Consultative Committee for Space Data Systems. Current versions of CCSDS
documents are maintained at the CCSDS Web site:
http://www.ccsds.org/
Questions relating to the contents or status of this document should be addressed to the
CCSDS Secretariat at the address indicated on page i.
CCSDS 000.0-Y-0
Page i
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
At time of publication, the active Member and Observer Agencies of the CCSDS were:
Member Agencies
–
–
–
–
–
–
–
–
–
–
–
Agenzia Spaziale Italiana (ASI)/Italy.
British National Space Centre (BNSC)/United Kingdom.
Canadian Space Agency (CSA)/Canada.
Centre National d’Etudes Spatiales (CNES)/France.
China National Space Administration (CNSA)/People’s Republic of China.
Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)/Germany.
European Space Agency (ESA)/Europe.
Federal Space Agency (FSA)/Russian Federation.
Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil.
Japan Aerospace Exploration Agency (JAXA)/Japan.
National Aeronautics and Space Administration (NASA)/USA.
Observer Agencies
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Austrian Space Agency (ASA)/Austria.
Belgian Federal Science Policy Office (BFSPO)/Belgium.
Central Research Institute of Machine Building (TsNIIMash)/Russian Federation.
Centro Tecnico Aeroespacial (CTA)/Brazil.
Chinese Academy of Sciences (CAS)/China.
Chinese Academy of Space Technology (CAST)/China.
Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia.
Danish National Space Center (DNSC)/Denmark.
European Organization for the Exploitation of Meteorological Satellites
(EUMETSAT)/Europe.
European Telecommunications Satellite Organization (EUTELSAT)/Europe.
Hellenic National Space Committee (HNSC)/Greece.
Indian Space Research Organization (ISRO)/India.
Institute of Space Research (IKI)/Russian Federation.
KFKI Research Institute for Particle & Nuclear Physics (KFKI)/Hungary.
Korea Aerospace Research Institute (KARI)/Korea.
MIKOMTEK: CSIR (CSIR)/Republic of South Africa.
Ministry of Communications (MOC)/Israel.
National Institute of Information and Communications Technology (NICT)/Japan.
National Oceanic and Atmospheric Administration (NOAA)/USA.
National Space Organization (NSPO)/Chinese Taipei.
Naval Center for Space Technology (NCST)/USA.
Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan.
Swedish Space Corporation (SSC)/Sweden.
United States Geological Survey (USGS)/USA.
CCSDS 000.0-Y-0
Page ii
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
DOCUMENT CONTROL
Document
Title and Issue
Date
Status
CCSDS
000.0-Y-0
CCSDS Cryptographic Algorithms
Test Plan, Draft CCSDS Record,
Issue 0
May 2011
Current draft
CCSDS 000.0-Y-0
Page iii
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
CONTENTS
Section
Page
DOCUMENT CONTROL.................................................................................................... III
CONTENTS .......................................................................................................................... IV
1 INTRODUCTION.......................................................................................................... 1-1
1.1 PURPOSE ............................................................................................................... 1-1
1.2 SCOPE .................................................................................................................... 1-1
1.3 APPLICABILITY ................................................................................................... 1-1
1.4 RATIONALE .......................................................................................................... 1-1
1.5 DOCUMENT STRUCTURE ................................................................................. 1-1
1.6 REFERENCES ....................................................................................................... 1-2
2 OVERVIEW ................................................................................................................... 2-1
3 ALGORITHM TESTING GOALS .............................................................................. 3-2
3.1 CONFIDENTIALITY ALGORITHMS .................................................................. 3-2
3.2 AUTHENTICATION ALGORITHMS .................................................................. 3-2
4 TEST PLAN DETAILS ................................................................................................. 4-3
4.1 TEST CASE #1: AES COUNTER MODE TEST WITH 128-BIT KEY............... 4-4
4.1.1 TEST DESCRIPTION ................................................................................ 4-4
4.1.2 EXPECTED RESULTS .............................................................................. 4-4
4.2 TEST CASE #2: AES COUNTER MODE TEST WITH 192-BIT KEY............... 4-4
4.2.1 TEST DESCRIPTION ................................................................................ 4-4
4.2.2 EXPECTED RESULTS .............................................................................. 4-4
4.3 TEST CASE #3: AES COUNTER MODE TEST WITH 256-BIT KEY............... 4-4
4.3.1 TEST DESCRIPTION ................................................................................ 4-4
4.3.2 EXPECTED RESULTS .............................................................................. 4-5
4.4 TEST CASE #4: AES GCM TEST WITH 128-BIT KEY ..................................... 4-5
4.4.1 TEST DESCRIPTION ................................................................................ 4-5
4.4.2 EXPECTED RESULTS .............................................................................. 4-5
4.5 TEST CASE #5: AES GCM TEST WITH 192-BIT KEY ..................................... 4-5
4.5.1 TEST DESCRIPTION ................................................................................ 4-5
4.5.2 EXPECTED RESULTS .............................................................................. 4-5
4.6 TEST CASE #6: AES GCM TEST WITH 256-BIT KEY ..................................... 4-5
4.6.1 TEST DESCRIPTION ................................................................................ 4-5
4.6.2 EXPECTED RESULTS .............................................................................. 4-6
4.7 TEST CASE #7:HMAC AUTHENTICATION WITH SHA-1ERROR! BOOKMARK NOT DEFINE
4.7.1 TEST DESCRIPTION ...............ERROR! BOOKMARK NOT DEFINED.
4.7.2 EXPECTED RESULTS .............ERROR! BOOKMARK NOT DEFINED.
4.8 TEST CASE #8: HMAC AUTHENTICATION WITH SHA-256 ......................... 4-6
4.8.1 TEST DESCRIPTION ................................................................................ 4-6
4.8.2 EXPECTED RESULTS .............................................................................. 4-6
4.9 TEST CASE #9: HMAC AUTHENTICATION WITH SHA-1 AND
TRUNCATION......................................ERROR! BOOKMARK NOT DEFINED.
4.9.1 TEST DESCRIPTION ...............ERROR! BOOKMARK NOT DEFINED.
CCSDS 000.0-Y-0
Page iv
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.10
4.11
4.12
4.13
4.14
4.9.2 EXPECTED RESULTS .............ERROR! BOOKMARK NOT DEFINED.
TEST CASE #10: HMAC AUTHENTICATION WITH SHA-256 AND
TRUNCATION....................................................................................................... 4-6
4.10.1 TEST DESCRIPTION ................................................................................ 4-6
4.10.2 EXPECTED RESULTS .............................................................................. 4-6
TEST CASE #11: CMAC AUTHENTICATION WITH AES 128-BIT KEY ....... 4-7
4.11.1 TEST DESCRIPTION ................................................................................ 4-7
4.11.2 EXPECTED RESULTS .............................................................................. 4-7
TEST CASE #12: CMAC AUTHENTICATION WITH AES 192-BIT KEY ....... 4-7
4.12.1 TEST DESCRIPTION ................................................................................ 4-7
4.12.2 EXPECTED RESULTS .............................................................................. 4-7
TEST CASE #13: CMAC AUTHENTICATION WITH AES 256-BIT KEY ....... 4-7
4.13.1 TEST DESCRIPTION ................................................................................ 4-7
4.13.2 EXPECTED RESULTS .............................................................................. 4-7
TEST CASE #14: DIGITAL SIGNATURE AUTHENTICATION ....................... 4-8
4.14.1 TEST DESCRIPTION ................................................................................ 4-8
4.14.2 EXPECTED RESULTS .............................................................................. 4-8
Table
Page
Table 1- Confidentiality Algorithm Tests .............................................................................. 4-3
Table 2- Authentication/Integrity Algorithm Tests ................................................................ 4-3
CCSDS 000.0-Y-0
Page v
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1
1.1
INTRODUCTION
PURPOSE
The purpose of this document is to describe the prototype testing to be conducted for the
CCSDS Cryptographic Algorithms specified in CCSDS 353.0-B-1 (reference [1]).
1.2
SCOPE
The scope of this document is the testing of the CCSDS cryptographic algorithms to provide
confidentiality, authentication, and integrity for spacecraft and ground systems.
1.3
APPLICABILITY
The CCSDS Cryptographic Algorithms will be used to provide data confidentiality,
command authentication, and data/command integrity. The algorithms may be Agencyimplemented for specific missions, may be government produced, may be open source, or
may be purchased as commercial-off-the-shelf products. In any case, the algorithms must be
shown to be in conformance with their respective specifications, must be proven to be bug
and malware free, and must be proven to be interoperable with other implementations of the
same algorithm.
1.4
RATIONALE
The CCSDS Procedures Manual states that for a Recommendation to become a Blue Book,
the standard must be tested in an operational manner. The following requirement for an
implementation exercise were excerpted from reference [2]:
“At least two independent and interoperable prototypes or implementations must have
been developed and demonstrated in an operationally relevant environment, either real
or simulated.”
This document outlines the Security Working Group’s approach to meeting this requirement.
1.5
DOCUMENT STRUCTURE
This document describes the testing that must be accomplished to allow the CCSDS
Cryptographic Algorithms to proceed forward as a Recommendation.
CCSDS 000.0-Y-0
Page 1-1
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1.6
REFERENCES
The following documents are referenced in this document. At the time of publication, the
editions indicated were valid. All documents are subject to revision, and users of this
document are encouraged to investigate the possibility of applying the most recent editions of
the documents indicated below. The CCSDS Secretariat maintains a register of currently
valid CCSDS documents.
[1] CCSDS Cryptographic Algorithms.
Washington DC: CCSDS, <date>
CCSDS 353.0-B-1.
Blue Book.
Issue 1.
[2] Procedures Manual for the Consultative Committee for Space Data Systems, CCSDS
A00.0-Y-9. Yellow Book. Issue 9. Washington DC: CCSDS, November 2003.
[3] Advanced Encryption Standard (AES). Federal Information Processing Standards
Special
Publication
197.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
[4] NIST, The Keyed Hash Message Authentication Code, Federal Information
Processing Standard 198-1 (FIPS-198-1), U.S. National Institute of Standards and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips198-1/FIPS-1981_final.pdf, July 2008.
[5] NIST, Digital Signature Standard, Federal Information Processing Standard 186-3,
U.S.
National
Institute
of
Standards
and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf, June 2009.
[6] Dworkin, M.
Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and
Technology Special Publication 800-38D. Gaithersburg, Maryland: NIST, November
2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[7] Dworkin, M.; Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication; NIST Special Publication 800-38B; National Institute of
Standards and Technology (NIST); http://csrc.nist.gov/publications/nistpubs/80038B/SP_800-38B.pdf; May 2005.
[8] Dworkin, M. Recommendation for Block Cipher Modes of Operation: Methods and
Techniques. National Institute of Standards and Technology Special Publication 80038A.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf.
CCSDS 000.0-Y-0
Page 1-2
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
2
OVERVIEW
This CCSDS Cryptographic Algorithms test plan will describe the manner in which
algorithm testing will be accomplished. It will describe the manner in which the algorithms
are to be implemented, keyed, and data exchanged between the testing parties to determine if
the algorithms are performing as expected.
While the CCSDS Procedures Manual requires that testing be performed in an “operationallike” setting, in this case it would make sense to only test the algorithms in a space-like
network environment if over-the-air testing is necessary. However, since the plan is to test
only the cryptographic algorithms to ensure their correctness and interoperation, we propose
that an independent implementation is used to encrypt data and another implementation is
used to decrypt it. This would be done using all the recommended modes for encryption.
Likewise, for authentication an implementation would be used to create a message
authentication code (MAC) with a different implementation used to verify the MAC. This
would be performed for HMAC, CMAC, and digital signature.
We would anticipate that such testing could be carried out via the internet potentially using
something as simple as email to send encrypted or MAC’d data between the testing parties
which would then be fed into the local algorithm implementations.
CCSDS 000.0-Y-0
Page 2-1
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
3
ALGORITHM TESTING GOALS
All algorithm implementations must conform to their respective specifications. AES must be
shown to be conformant with FIPS Pub 197 (reference [3]). HMAC must be shown to be
conformant with FIPS Pub 198-1 (reference [4]). CMAC must be shown to be conformant
with FIPS Pub 800-38B (reference [7]). Digital Signature must be shown to be conformant
with FIPS Pub 186-2 (reference [5]).
3.1
CONFIDENTIALITY ALGORITHMS
The CCSDS confidentiality algorithms will be tested to confirm that independent
implementations can successfully interoperate in the cryptographic modes specified in
CCSDS 353.0-B-1 (reference [1]).
Testing will confirm that the implementations of the AES algorithm will support multiple key
sizes. Specifically they must support 128-bit, 192-bit, and 256-bit size keys. Testing will be
carried out using all three key sizes.
Testing will also confirm that the implementations of AES operate correctly in counter mode.
Testing will be carried out using all three key sizes with AES in counter mode (reference [8]).
To confirm that authenticated encryption operates correctly, AES will be tested using the
Galois/Counter Mode (GCM). Again, all three key sizes will be tested with AES in GCM
mode (reference [6]).
3.2
AUTHENTICATION ALGORITHMS
The CCSDS authentication algorithms will be tested to confirm that independent
implementations can successfully interoperate.
Three authentication algorithms are specified in CCSDS 353.0-B-1 (reference [1]).
For hash-based authentication, testing will confirm that the implementations of HMAC
utilize the SHA-256 hash algorithm and interoperate (reference [4]). Testing will be carried
out using a reference test key known to the testing parties. Testing will be carried out with
and without truncation of the resulting MAC.
For cryptographic-based authentication, testing will confirm that the implementations of
CMAC are interoperable (reference [7]).
For digital signature-based authentication, testing will confirm that the implementations
utilize the RSA Digital Signature Algorithm (DSA) (reference [5]) and that they are
interoperable.
CCSDS 000.0-Y-0
Page 3-2
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4
TEST PLAN DETAILS
Table 1 synopsizes the tests to be performed for the confidentiality algorithms. Table 2
synopsizes the tests to be performed for the authentication/integrity algorithms.
Confidentiality
Algorithm
Mode
Key Size
AES
Counter
128
AES
Counter
192
AES
Counter
256
AES
GCM
128
AES
GCM
192
AES
GCM
256
Table 1- Confidentiality Algorithm Tests
Authentication/Integrity
Algorithm
Mode
Key Size
HMAC w/SHA-256
w/o truncation
256
HMAC w/SHA-256
w/truncation
256
CMAC w/AES
N/A
128
CMAC w/AES
N/A
192
CMAC w/AES
N/A
256
Digital Signature
RSA
1024
Table 2- Authentication/Integrity Algorithm Tests
CCSDS 000.0-Y-0
Page 4-3
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.1
TEST CASE #1: AES COUNTER MODE TEST WITH 128-BIT KEY
4.1.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”) using a 128-bit test key (e.g., 000102030405060708090A0B0C0D0E0F) using AES in
Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
via a network connection, via email, or even via voice. The recipient testers will use the
same 128-bit test key to decrypt the cipher text.
4.1.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.2
TEST CASE #2: AES COUNTER MODE TEST WITH 192-BIT KEY
4.2.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”)
using
a
192-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F1011121314151617) using AES in Counter Mode.
The resultant cipher text will be sent to one or more recipient testers either via a network
connection, via email, or even via voice. The recipient testers will use the same 192-bit test
key to decrypt the cipher text.
4.2.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.3
TEST CASE #3: AES COUNTER MODE TEST WITH 256-BIT KEY
4.3.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”)
using
a
256-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F) using AES
in Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
via a network connection, via email, or even via voice. The recipient testers will use the
same 256-bit test key to decrypt the cipher text.
CCSDS 000.0-Y-0
Page 4-4
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.3.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.4
TEST CASE #4: AES GCM TEST WITH 128-BIT KEY
4.4.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”) using a 128-bit test key (e.g., 000102030405060708090A0B0C0D0E0F) using AES
GCM. The resultant cipher text will be sent to one or more recipient testers either via a
network connection, via email, or even via voice. The recipient testers will use the same
128-bit test key to decrypt the cipher text.
4.4.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
4.5
TEST CASE #5: AES GCM TEST WITH 192-BIT KEY
4.5.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”)
using
a
192-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F1011121314151617) using AES in Counter Mode.
The resultant cipher text will be sent to one or more recipient testers either via a network
connection, via email, or even via voice. The recipient testers will use the same 192-bit test
key to decrypt the cipher text.
4.5.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
4.6
TEST CASE #6: AES GCM TEST WITH 256-BIT KEY
4.6.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data (e.g. “Mary had a little
lamb”)
using
a
256-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F) using AES
in Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
CCSDS 000.0-Y-0
Page 4-5
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
via a network connection, via email, or even via voice. The recipient testers will use the
same 256-bit test key to decrypt the cipher text.
4.6.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
4.7
TEST CASE #7: HMAC AUTHENTICATION WITH SHA-256
4.7.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set (e.g. “Mary had a little lamb whose fleece was white as
snow”)
using
a
256-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F)
using
HMAC with SHA-256. The resultant MAC will be sent to one or more recipient testers
either via a network connection, via email, or even via voice. The recipient testers will use
the same 256-bit test key to verify the authenticity of the MAC.
4.7.2 EXPECTED RESULTS
If the MAC is verified, the HMAC/SHA-256 test is successful.
4.8
TEST CASE #8: HMAC AUTHENTICATION WITH SHA-256 AND
TRUNCATION
4.8.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set (e.g. “Mary had a little lamb whose fleece was white as
snow”)
using
a
256-bit
test
key
(e.g.,
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F)
using
HMAC with SHA-256. The resultant MAC will be truncated to 160-bits and will be sent to
one or more recipient testers either via a network connection, via email, or even via voice.
The recipient testers will use the same 256-bit test key to verify the authenticity of the MAC.
4.8.2 EXPECTED RESULTS
If the MAC is verified, the HMAC/SHA-256/truncation test is successful.
CCSDS 000.0-Y-0
Page 4-6
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.9
TEST CASE #9: CMAC AUTHENTICATION WITH AES 128-BIT KEY
4.9.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set (e.g. “Mary had a little lamb whose fleece was white as
snow”) using a 128-bit test key (e.g., 2b7e151628aed2a6abf7158809cf4f3c) using CMAC
with AES. The resultant MAC will be sent to one or more recipient testers either via a
network connection, via email, or even via voice. The recipient testers will use the same
128-bit test key to verify the authenticity of the MAC.
4.9.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/128 test is successful.
4.10 TEST CASE #10: CMAC AUTHENTICATION WITH AES 192-BIT KEY
4.10.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set (e.g. “Mary had a little lamb whose fleece was white as
snow”) using a 192-bit test key (e.g., 8e73b0f7da0e6452c810f32b809079e562f8ead2
522c6b7b) using CMAC with AES. The resultant MAC will be sent to one or more recipient
testers either via a network connection, via email, or even via voice. The recipient testers
will use the same 192-bit test key to verify the authenticity of the MAC.
4.10.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/192 test is successful.
4.11 TEST CASE #11: CMAC AUTHENTICATION WITH AES 256-BIT KEY
4.11.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set (e.g. “Mary had a little lamb whose fleece was white as
snow”) using a 256-bit test key (e.g., 603deb1015ca71be2b73aef0857d77811f352c07
3b6108d72d9810a30914dff4) using CMAC with AES. The resultant MAC will be sent to
one or more recipient testers either via a network connection, via email, or even via voice.
The recipient testers will use the same 256-bit test key to verify the authenticity of the MAC.
4.11.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/256 test is successful.
CCSDS 000.0-Y-0
Page 4-7
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.12 TEST CASE #12: DIGITAL SIGNATURE AUTHENTICATION
4.12.1 TEST DESCRIPTION
Two or more testers may participate. All testers involved must first obtain or generate a
public/private key pair no less than 1024 bits. The public keys of all involved testers must be
shared either directly, via a public key server, pre-cached, or by some other means determined
by the testers. One tester will use the RSA Digital Signature Algorithm to digitally sign a
data set (e.g., “Mary had a little lamb whose fleece was white as snow”) using the tester’s
private key. The resultant digitally signed data will be sent to one or more recipient testers
either via a network connection, via email, or even via voice. The recipient testers will use
the signer’s public key to verify the authenticity of the data.
4.12.2 EXPECTED RESULTS
If the digital signature is verified, the Digital Signature Authentication test is successful.
CCSDS 000.0-Y-0
Page 4-8
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
ANNEX A
[ANNEX TITLE]
[Annexes contain ancillary information. See CCSDS A20.0-Y-2, CCSDS Publications
Manual (Yellow Book, Issue 2, June 2005) for discussion of the kinds of material contained
in annexes.]
CCSDS 000.0-Y-0
Page A-1
May 2011
Related documents
Claire Addison - Foundation Scotland
Claire Addison - Foundation Scotland
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
BITTT and CCSDS in China
BITTT and CCSDS in China
Tutorial 4
Tutorial 4
Clinical Trial Protocol Outline
Clinical Trial Protocol Outline
Orange Book (Experimental Specification) Template
Orange Book (Experimental Specification) Template
Meeting 53 Slides
Meeting 53 Slides
Chris Shelton - Storage Arrays
Chris Shelton - Storage Arrays
Algorithms Green Book v.13 - The CCSDS Collaborative Work
Algorithms Green Book v.13 - The CCSDS Collaborative Work
SDLS protocol yellow book draft v3 28032014
SDLS protocol yellow book draft v3 28032014
NGU_draft_GB_July5_2012 - The CCSDS Collaborative Work
NGU_draft_GB_July5_2012 - The CCSDS Collaborative Work
Download
advertisement