FED-STD-1027
TELECOMMUNICATIONS: GENERAL SECURITY REQUIREMENTS FOR EQUIPMENT USING THE DATA ENCRYPTION STANDARD
Organization:
DOD - NS - National Security Agency
Year: 1982
Abstract: This standard specifies the minimum general security requirements that are to be satisfied in implementing the Data Encryption Standard (DES) algorithm in a telecommunications environment. The DES itself specifies an algorithm used for cryptographically protecting certain U.S. Government information. (This algorithm is described in Federal Information Processing Standards Publication 46). The requirements defined in this standard affect the security of equipment implementing the DES algorithm. Other security requirements, which relate to the interface and interoperability of DES cryptographic equipment with associated terminal equipment (e.g., narrative text, automatic data processing, digital facsimile, digital voice, etc.), will be addressed in other Federal telecommunication standards.
This standard addresses the following security objectives:
a. To prevent inadvertent transmission of plain text.
b. To prevent theft, unauthorized use, or unauthorized modification of DES cryptographic equipment while installed.
c. To prevent unauthorized disclosure or modification of key variables while in DES cryptographic equipment.
d. To provide interoperability between key variable loaders and DES cryptographic equipment, and facilitate the use of standardized keying material for U.S. Government applications of the DES algorithm.
e. To prevent data encryption when a critical cryptographic failure condition exists, and to generate an alarm upon detection of a critical cryptographic failure.
This standard prescribes security requirements for implementation of the DES in telecommunication equipment and systems used by the departments and agencies of the U.S. Government.
This standard applies to all DES cryptographic components, equipment, systems, and services procured (including lease) by U.S. Government departments and agencies for the encryption of digital information in the telecommunications environment. This includes stand-alone DES cryptographic equipment as well as any Data Terminal Equipment and Data Circuit-terminating Equipment utilizing the DES algorithm for digital encryption. When DES cryptographic equipment is integrated into Data Terminal Equipment (DTE) or Data Circuit-terminating Equipment (DCE), this standard applies to those portions of the DTE or DCE design which implement the security requirements of this standard. The same degree of protection is required whether DES cryptographic equipment is in stand-alone units or is physically embedded in associated equipment. Guidance to facilitate the application of this standard, with respect to degradation of its security by improper implementation or use, will be provided for in a revision to Federal Property Management Regulation 41, Code of Federal Regulations 101-35.3.
Procedures for verifying that DES cryptographic equipment conform with this standard are available from the preparing activity.
The following definitions, conventions, and terminology apply in this standard.
a. Bypass: A condition which allows plain text to pass through equipment unaltered, with or without some delay.
b. DES: The Data Encryption Standard algorithm specified in Federal Information Processing Standards Publication 46.
c. DES Cryptographic Equipment: Equipment embodying one or more DES devices and associated controls, interfaces, power supplies, alarms, and the related hardware, software, and firmware used to encrypt, decrypt, authenticate, and perform similar operations on information.
d. DES Device: The electronic hardware part or subassembly which implements just the DES algorithm specified in Federal Information Processing Standards Publication 46, and which is validated by the National Bureau of Standards.
e. Initializing Vector (IV): A vector used in defining the starting point of an encryption process within a DES device.
f. Key Generator: A DES device plus those additional cryptographic functions required to implement: (1) a particular mode of encryption; (2) combining of plain text or cipher text with DES device output; (3) the initializing vector, and (4) associated alarms and self-testing.
g. Key Variable: A 64-bit input to DES cryptographic equipment, with 8 bits used for parity checking and 56 bits used in the DES device for encryption or decryption. Unless otherwise stated, reference to a DES key variable means a key variable in its unencrypted form.
h. Key Variable Loader: An electronic, self-contained unit which is capable of storing at least one 64-bit DES key variable and transferring that key variable, upon request, into DES cryptographic equipment.
i. Message: A generic term used to describe, in the broadest sense, information to be transferred which is represented by a digital sequence. This sequence should be numbered 1,2,. . .,N, where I represents the information unit transmitted first.
j. Physical Key: A device used to operate a mechanical lock.
k. Pseudorandom Binary Process: A deterministic technique for producing a sequence of binary digits which satisfy the statistical properties of a random bit stream.
l. S-Box: A nonlinear function which substitutes four output bits for six input bits within a DES device to make the DES algorithm a nonlinear process (see Federal Information Processing Standards Publication 46).
m. Zeroization: A method of erasing an electronically stored DES key variable by removing electrical power from the electronic storage, by overwriting that storage with an all ONEs or ZEROs pattern, or by otherwise irrevocably altering the contents of the DES key variable storage.
This standard addresses the following security objectives:
a. To prevent inadvertent transmission of plain text.
b. To prevent theft, unauthorized use, or unauthorized modification of DES cryptographic equipment while installed.
c. To prevent unauthorized disclosure or modification of key variables while in DES cryptographic equipment.
d. To provide interoperability between key variable loaders and DES cryptographic equipment, and facilitate the use of standardized keying material for U.S. Government applications of the DES algorithm.
e. To prevent data encryption when a critical cryptographic failure condition exists, and to generate an alarm upon detection of a critical cryptographic failure.
This standard prescribes security requirements for implementation of the DES in telecommunication equipment and systems used by the departments and agencies of the U.S. Government.
This standard applies to all DES cryptographic components, equipment, systems, and services procured (including lease) by U.S. Government departments and agencies for the encryption of digital information in the telecommunications environment. This includes stand-alone DES cryptographic equipment as well as any Data Terminal Equipment and Data Circuit-terminating Equipment utilizing the DES algorithm for digital encryption. When DES cryptographic equipment is integrated into Data Terminal Equipment (DTE) or Data Circuit-terminating Equipment (DCE), this standard applies to those portions of the DTE or DCE design which implement the security requirements of this standard. The same degree of protection is required whether DES cryptographic equipment is in stand-alone units or is physically embedded in associated equipment. Guidance to facilitate the application of this standard, with respect to degradation of its security by improper implementation or use, will be provided for in a revision to Federal Property Management Regulation 41, Code of Federal Regulations 101-35.3.
Procedures for verifying that DES cryptographic equipment conform with this standard are available from the preparing activity.
The following definitions, conventions, and terminology apply in this standard.
a. Bypass: A condition which allows plain text to pass through equipment unaltered, with or without some delay.
b. DES: The Data Encryption Standard algorithm specified in Federal Information Processing Standards Publication 46.
c. DES Cryptographic Equipment: Equipment embodying one or more DES devices and associated controls, interfaces, power supplies, alarms, and the related hardware, software, and firmware used to encrypt, decrypt, authenticate, and perform similar operations on information.
d. DES Device: The electronic hardware part or subassembly which implements just the DES algorithm specified in Federal Information Processing Standards Publication 46, and which is validated by the National Bureau of Standards.
e. Initializing Vector (IV): A vector used in defining the starting point of an encryption process within a DES device.
f. Key Generator: A DES device plus those additional cryptographic functions required to implement: (1) a particular mode of encryption; (2) combining of plain text or cipher text with DES device output; (3) the initializing vector, and (4) associated alarms and self-testing.
g. Key Variable: A 64-bit input to DES cryptographic equipment, with 8 bits used for parity checking and 56 bits used in the DES device for encryption or decryption. Unless otherwise stated, reference to a DES key variable means a key variable in its unencrypted form.
h. Key Variable Loader: An electronic, self-contained unit which is capable of storing at least one 64-bit DES key variable and transferring that key variable, upon request, into DES cryptographic equipment.
i. Message: A generic term used to describe, in the broadest sense, information to be transferred which is represented by a digital sequence. This sequence should be numbered 1,2,. . .,N, where I represents the information unit transmitted first.
j. Physical Key: A device used to operate a mechanical lock.
k. Pseudorandom Binary Process: A deterministic technique for producing a sequence of binary digits which satisfy the statistical properties of a random bit stream.
l. S-Box: A nonlinear function which substitutes four output bits for six input bits within a DES device to make the DES algorithm a nonlinear process (see Federal Information Processing Standards Publication 46).
m. Zeroization: A method of erasing an electronically stored DES key variable by removing electrical power from the electronic storage, by overwriting that storage with an all ONEs or ZEROs pattern, or by otherwise irrevocably altering the contents of the DES key variable storage.
Collections
:
Show full item record
contributor author | DOD - NS - National Security Agency | |
date accessioned | 2017-09-04T18:20:58Z | |
date available | 2017-09-04T18:20:58Z | |
date copyright | 04/14/1982 | |
date issued | 1982 | |
identifier other | AGJUDAAAAAAAAAAA.pdf | |
identifier uri | http://yse.yabesh.ir/std/handle/yse/203439 | |
description abstract | This standard specifies the minimum general security requirements that are to be satisfied in implementing the Data Encryption Standard (DES) algorithm in a telecommunications environment. The DES itself specifies an algorithm used for cryptographically protecting certain U.S. Government information. (This algorithm is described in Federal Information Processing Standards Publication 46). The requirements defined in this standard affect the security of equipment implementing the DES algorithm. Other security requirements, which relate to the interface and interoperability of DES cryptographic equipment with associated terminal equipment (e.g., narrative text, automatic data processing, digital facsimile, digital voice, etc.), will be addressed in other Federal telecommunication standards. This standard addresses the following security objectives: a. To prevent inadvertent transmission of plain text. b. To prevent theft, unauthorized use, or unauthorized modification of DES cryptographic equipment while installed. c. To prevent unauthorized disclosure or modification of key variables while in DES cryptographic equipment. d. To provide interoperability between key variable loaders and DES cryptographic equipment, and facilitate the use of standardized keying material for U.S. Government applications of the DES algorithm. e. To prevent data encryption when a critical cryptographic failure condition exists, and to generate an alarm upon detection of a critical cryptographic failure. This standard prescribes security requirements for implementation of the DES in telecommunication equipment and systems used by the departments and agencies of the U.S. Government. This standard applies to all DES cryptographic components, equipment, systems, and services procured (including lease) by U.S. Government departments and agencies for the encryption of digital information in the telecommunications environment. This includes stand-alone DES cryptographic equipment as well as any Data Terminal Equipment and Data Circuit-terminating Equipment utilizing the DES algorithm for digital encryption. When DES cryptographic equipment is integrated into Data Terminal Equipment (DTE) or Data Circuit-terminating Equipment (DCE), this standard applies to those portions of the DTE or DCE design which implement the security requirements of this standard. The same degree of protection is required whether DES cryptographic equipment is in stand-alone units or is physically embedded in associated equipment. Guidance to facilitate the application of this standard, with respect to degradation of its security by improper implementation or use, will be provided for in a revision to Federal Property Management Regulation 41, Code of Federal Regulations 101-35.3. Procedures for verifying that DES cryptographic equipment conform with this standard are available from the preparing activity. The following definitions, conventions, and terminology apply in this standard. a. Bypass: A condition which allows plain text to pass through equipment unaltered, with or without some delay. b. DES: The Data Encryption Standard algorithm specified in Federal Information Processing Standards Publication 46. c. DES Cryptographic Equipment: Equipment embodying one or more DES devices and associated controls, interfaces, power supplies, alarms, and the related hardware, software, and firmware used to encrypt, decrypt, authenticate, and perform similar operations on information. d. DES Device: The electronic hardware part or subassembly which implements just the DES algorithm specified in Federal Information Processing Standards Publication 46, and which is validated by the National Bureau of Standards. e. Initializing Vector (IV): A vector used in defining the starting point of an encryption process within a DES device. f. Key Generator: A DES device plus those additional cryptographic functions required to implement: (1) a particular mode of encryption; (2) combining of plain text or cipher text with DES device output; (3) the initializing vector, and (4) associated alarms and self-testing. g. Key Variable: A 64-bit input to DES cryptographic equipment, with 8 bits used for parity checking and 56 bits used in the DES device for encryption or decryption. Unless otherwise stated, reference to a DES key variable means a key variable in its unencrypted form. h. Key Variable Loader: An electronic, self-contained unit which is capable of storing at least one 64-bit DES key variable and transferring that key variable, upon request, into DES cryptographic equipment. i. Message: A generic term used to describe, in the broadest sense, information to be transferred which is represented by a digital sequence. This sequence should be numbered 1,2,. . .,N, where I represents the information unit transmitted first. j. Physical Key: A device used to operate a mechanical lock. k. Pseudorandom Binary Process: A deterministic technique for producing a sequence of binary digits which satisfy the statistical properties of a random bit stream. l. S-Box: A nonlinear function which substitutes four output bits for six input bits within a DES device to make the DES algorithm a nonlinear process (see Federal Information Processing Standards Publication 46). m. Zeroization: A method of erasing an electronically stored DES key variable by removing electrical power from the electronic storage, by overwriting that storage with an all ONEs or ZEROs pattern, or by otherwise irrevocably altering the contents of the DES key variable storage. | |
language | English | |
title | FED-STD-1027 | num |
title | TELECOMMUNICATIONS: GENERAL SECURITY REQUIREMENTS FOR EQUIPMENT USING THE DATA ENCRYPTION STANDARD | en |
type | standard | |
page | 12 | |
status | Active | |
tree | DOD - NS - National Security Agency:;1982 | |
contenttype | fulltext |