ISO/IEC 9797-3:2011/Amd 1:2020

Overview

ISO/IEC 9797-3:2011/Amd 1:2020 is an important amendment to the international standard covering Information Technology Security Techniques specifically focused on Message Authentication Codes (MACs) using universal hash-functions. Published by ISO and IEC, this amendment provides updates and clarifications enhancing the original 2011 standard.

This document is part of the ISO/IEC 9797 series and is prepared by the joint technical committee ISO/IEC JTC 1, Subcommittee SC 27, which specializes in information security, cybersecurity, and privacy protection. The amendment reflects advances in cryptographic mechanisms, especially concerning the usage and configuration of universal hash-function based MAC algorithms like GMAC.

Key Topics

• Universal Hash-Function Based MACs: The standard specifies mechanisms for constructing MACs utilizing universal hash functions, which are fundamental for ensuring message integrity and authentication in cryptographic protocols.

• GMAC Algorithm Updates: The amendment revises the specifications for GMAC:

  • GMAC is applicable with any 128-bit block cipher from ISO/IEC 18033-3.
  • Output tag lengths (t) must be multiples of 8 bits, typically between 96 and 128 bits.
  • A 64-bit tag length is allowed but only for specialized applications involving voice, video, or data streams where some forgery risks are manageable.

• Security Guidance: The document advises caution on using shorter authentication tags (especially 64 bits) due to vulnerabilities to targeted forgery attacks. It emphasizes the importance of selecting tag lengths that balance security and performance needs.

• Annex Updates:

  • Annex A defines object identifiers for algorithm identification in security protocols.
  • Annex B provides practical numerical examples to aid implementers in applying the algorithms correctly.
  • Annex C discusses security properties and considerations for the standardized algorithms.

Applications

This amendment supports secure message authentication across various sectors including:

• Cybersecurity Protocols: Enhancing cryptographic integrity checks within secure communication channels.
• Financial Services: Protecting transaction data from tampering using robust MAC algorithms.
• Telecommunications: Enabling authentication for voice and video data streams, with tailored tag lengths for performance-sensitive media.
• IoT and Embedded Systems: Lightweight authentication suitable for constrained environments where universal hash-functions provide efficiency gains.
• Software and Firmware Integrity Verification: Ensuring update authenticity and integrity using standardized MACs.

By specifying updated requirements for MAC tag lengths and algorithm identifiers, the amendment ensures interoperability and secure implementation in line with global standards.

Related Standards

• ISO/IEC 9797 series: Covers other parts detailing MAC algorithms using different cryptographic approaches.
• ISO/IEC 18033-3: Specifies block ciphers suitable for use with GMAC, ensuring compatibility and security in encryption and authentication.
• NIST SP 800-38D: Provides recommendations for Galois/Counter Mode (GCM) and GMAC, referenced for guidance on secure implementation and tag length considerations.
• ISO/IEC Directives Parts 1 and 2: Outline editorial and procedural rules ensuring consistency in international standard development.

Keywords: ISO/IEC 9797-3 Amendment 1, message authentication codes, MAC, universal hash-function, GMAC, cryptographic security, information technology security, ISO cybersecurity standard, tag length, message integrity, authentication algorithms.