Information technology - Small computer system interface (SCSI) - Part 481: Security features for SCSI commands (SFSC)

ISO/IEC 14776-481:2019 defines a device model that is applicable to all SCSI devices. Other command standards expand on the general SCSI device model in ways appropriate to specific types of SCSI devices. ISO/IEC 14776 (all parts) specifies the interfaces, functions, and operations necessary to ensure interoperability between conforming SCSI implementations. This document is a functional description. Conforming implementations employ any design technique that does not violate interoperability. This document defines security features for use by all SCSI devices. This document defines the security model that is basic to every device model and the parameter data that applies to any device model. For additional information on the security goals and threat model discussed in this document see Annex A.

General Information

Status
Published
Publication Date
12-Dec-2019
Current Stage
PPUB - Publication issued
Start Date
19-Dec-2019
Completion Date
13-Dec-2019
Ref Project

Buy Standard

Standard
ISO/IEC 14776-481:2019 - Information technology - Small computer system interface (SCSI) - Part 481: Security features for SCSI commands (SFSC)
English language
143 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


ISO/IEC 14776-481
Edition 1.0 2019-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Small Computer System Interface (SCSI) –
Part 481: Security features for SCSI commands (SFSC)

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about
ISO/IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address
below or your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
ISO/IEC 14776-481
Edition 1.0 2019-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Small Computer System Interface (SCSI) –

Part 481: Security features for SCSI commands (SFSC)

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.200 ISBN 978-2-8322-7663-1

ISO/IEC
14776-481
Information technology -
Small Computer System Interface (SCSI) -
Part 481: Security features for SCSI commands (SFSC)
Reference
ISO/IEC 14776-481
Contents
Page
FOREWORD. 9
INTRODUCTION. 11
1 Scope. 12
2 Normative references. 12
3 Terms and definitions, symbols, abbreviations, and conventions . 14
3.1 Terms and definitions . 14
3.2 Abbreviations and symbols. 24
3.2.1 Abbreviations. 24
3.2.2 Symbols. 25
3.2.3 Mathematical operators . 25
3.3 Keywords. 25
3.4 Editorial conventions . 27
3.5 Numeric and character conventions . 27
3.5.1 Numeric conventions . 27
3.5.2 Units of measure . 28
3.5.3 Byte encoded character strings conventions. 29
3.6 Bit and byte ordering . 29
4 Security features model common to all device types. 31
4.1 Security features for SCSI devices. 31
4.1.1 Security associations. 31
4.1.1.1 Principles of SAs . 31
4.1.1.2 SA parameters. 32
4.1.1.3 Creating an SA . 34
4.1.2 Key derivation functions . 35
4.1.2.1 KDFs overview . 35
4.1.2.2 IKEv2-based iterative KDF . 36
4.1.2.3 HMAC-based KDFs . 36
4.1.2.4 AES-XCBC-PRF-128 IKEv2-based iterative KDF . 38
4.1.3 Using IKEv2-SCSI to create an SA . 38
4.1.3.1 Overview. 38
4.1.3.2 IKEv2-SCSI Protocol summary . 42
4.1.3.3 IKEv2-SCSI Authentication. 44
4.1.3.3.1 Overview. 44
4.1.3.3.2 Pre-shared key authentication. 45
4.1.3.3.3 Digital signature authentication . 46
4.1.3.3.3.1 Overview. 46
4.1.3.3.3.2 Certificates and digital signature authentication . 46
4.1.3.3.3.3 Example of certificate use for digital signature authentication. 47
4.1.3.3.3.4 Handling of the Certificate Request payload and the Certificate payload . 47
4.1.3.3.4 Constraints on skipping the Authentication step. 47
4.1.3.4 Summary of IKEv2-SCSI shared keys nomenclature and shared key sizes . 49
4.1.3.5 Device Server Capabilities step. 50
4.1.3.6 IKEv2-SCSI Key Exchange step . 52
4.1.3.6.1 Overview. 52
4.1.3.6.2 Key Exchange step SECURITY PROTOCOL OUT command. 52
4.1.3.6.3 Key Exchange step SECURITY PROTOCOL IN command. 53
4.1.3.6.4 Key Exchange step completion . 54
4.1.3.6.5 After the Key Exchange step . 54
4.1.3.7 IKEv2-SCSI Authentication step. 54

4.1.3.7.1 Overview. 54
4.1.3.7.2 Authentication step SECURITY PROTOCOL OUT command . 55
4.1.3.7.3 Authentication step SECURITY PROTOCOL IN command . 56
4.1.3.8 Generating shared keys . 57
4.1.3.8.1 Overview. 57
4.1.3.8.2 Generating shared keys when the Authentication step is skipped . 58
4.1.3.8.3 Generating shared keys when the Authentication step is processed . 58
4.1.3.8.4 Initializing shared key generation . 58
4.1.3.8.4.1 Initializing for SA creation shared key generation . 58
4.1.3.8.4.2 Initializing for generation of shared keys used by the created SA. 59
4.1.3.8.5 Generating shared keys used for SA management. 59
4.1.3.8.6 Generating shared keys for use by the created SA. 60
4.1.3.9 IKEv2-SCSI SA generation. 61
4.1.3.10 Abandoning an IKEv2-SCSI CCS. 62
4.1.3.11 Deleting an IKEv2-SCSI SA . 63
4.1.4 Security progress indication . 63
4.1.5 ESP-SCSI encapsulations for parameter data . 64
4.1.5.1 Overview. 64
4.1.5.2 ESP-SCSI required inputs . 64
4.1.5.3 ESP-SCSI data format before encryption and after decryption . 65
4.1.5.4 ESP-SCSI outbound data descriptors . 66
4.1.5.4.1 Overview. 66
4.1.5.4.2 ESP-SCSI CDBs or Data-Out Buffer parameter lists including a descriptor length. 67
4.1.5.4.2.1 Initialization vector absent . 67
4.1.5.4.2.2 Initialization vector present . 68
4.1.5.4.3 ESP-SCSI Data-Out Buffer parameter lists for externally specified descriptor length. 70
4.1.5.4.3.1 Initialization vector absent . 70
4.1.5.4.3.2 Initialization vector present . 71
4.1.5.5 ESP-SCSI Data-In Buffer parameter data descriptors . 71
4.1.5.5.1 Overview. 71
4.1.5.5.2 ESP-SCSI Data-In Buffer parameter data including a descriptor length . 72
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.