• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

BS ISO/IEC 11577:1995

Current
Current

The latest, up-to-date edition.

Information technology. Open systems interconnection. Network layer security protocol
Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

15-10-1995

1 Scope
2 Normative references
    2.1 Identical Recommendations/International
         Standards
    2.2 Paired Recommendations/International Standards
         equivalent in technical content
    2.3 Additional References
3 Definitions
    3.1 Reference Model definitions
    3.2 Security Architecture definitions
    3.3 Service Convention definitions
    3.4 Network Service definitions
    3.5 Internal Organisation of the Network Layer
         definitions
    3.6 Connectionless Network Protocol definitions
    3.7 Upper Layer Security Model definitions
    3.8 Conformance Testing definitions
    3.9 Additional definitions
4 Abbreviations
    4.1 Data Units
    4.2 Protocol Data Unit Fields
    4.3 Parameters
    4.4 Miscellaneous
5 Overview of the Protocol
    5.1 Introduction
    5.2 Overview of Services Provided
    5.3 Overview of Services Assumed
    5.4 Security Associations and Security Rules
    5.5 Overview of Protocol - Protection Functions
    5.6 Overview of Protocol - NLSP-CL
    5.7 Overview of Protocol - NLSP-CO
6 Protocol Functions Common to NSLP-CL and NLSP-CO
    6.1 Introduction
    6.2 Common SA Attributes
    6.3 Common Functions on a Request for an Instance of
         Communication
    6.4 Secure Data Transfer Protocol Functions
    6.5 Use of a Security Association Protocol
7 Protocol Functions FOR NLSP-CL
    7.1 Services Provided by NLSP-CL
    7.2 Services Assumed
    7.3 Security Association Attributes
    7.4 Checks
    7.5 In-Band SA Establishment
    7.6 Processing NLSP-UNITDATA Request
    7.7 Processing UN-UNOTDATA Indication
8 Protocol Functions for NLSP-CO
    8.1 Services Provided by NLSP-CO
    8.2 Services Assumed
    8.3 Security Association Attributes
    8.4 Checks and other Common Functions
    8.5 NLSP-Connect Functions
    8.6 NLSP-DATA Functions
    8.7 NLSP-EXPEDITED-DATA Function
    8.8 RESET Functions
    8.9 NLSP-DATA ACKNOWLEDGE
    8.10 NLSP-DISCONNECT
    8.11 Other Functions
    8.12 Peer Entity Authentication
9 Overview of Mechanisms used
    9.1 Security Services and Mechanisms
    9.2 Functions Supported
10 Connection security control (NLSP-CO only)
    10.1 Overview
    10.2 SA-Attributes
    10.3 Procedures
    10.4 CSC-PDU Fields used
11 SDT PDU Based encapsulation Function
    11.1 Overview
    11.2 SA Attributes
    11.3 Procedures
    11.4 PDU Fields used
12 No-Header Encapsulation Function (NLSP-CO-only)
    12.1 Overview
    12.2 SA Attributes
    12.3 Procedures
13 Structure and Encoding of PDUS
    13.1 Introduction
    13.2 Content Field Format
    13.3 Protected Data
    13.4 Security Association PDU
    13.5 Connection Security Control PDU
14 Conformance
    14.1 Static Conformance Requirements
    14.2 Dynamic Conformance Requirements
    14.3 Protocol Implementation Conformance Statement
Annex A - Mapping UN primitives to CCITT Rec.X.213/ISO
          8348
Annex B - Mapping UN primitives to CCITT Rec.X.25/ISO
          8208
Annex C - Security Association Protocol Using Key Token
          Exchange and Digital Signatures
      C.1 Overview
      C.2 Key Token Exchange (KTE)
      C.3 SA-Protocol Authentication
      C.4 SA Attribute Negotiation
      C.5 SA Abort/Release
      C.6 Mapping of SA-Protocol Functions to Protocol
          Exchanges
      C.7 SA PDU - SA Contents
Annex D - NLSP PICS Proforma
      D.1 Introduction
      D.2 Abbreviation and Special Symbols
      D.3 Instructions for Completing the PICS Proforma
      D.4 Identification
      D.5 Features Common to NSLP-CO and NLSP-CL
      D.6 Features Specific to NSLP-CL
      D.7 Features Specific to NSLP-CO
Annex E - Tutorial on some Basic Concepts of NSLP
      E.1 Basis of Protection
      E.2 Underlying vs NLSP Service
      E.3 NLSP Addressing
      E.4 Connection Mode NLSP
      E.5 Connectless Mode NLSP
      E.6 Security Attributes and Associations
      E.7 Dynamic Functional Relationship between NLSP
          and CLNP
      E.8 Dynamic Functionality Related to Layered Model
Annex F - Example of an Agreed Set of Security Rules
Annex G - Security Associations and Attributes
Annex H - Example Key Token Exchange - EKE Algorithm

Specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer.

This ITU-T Recommendation | International Standard specifies a protocol to be used by End Systems and Intermediate Systems in order to provide security services in the Network layer, which is defined by CCITT Rec. X.213 | ISO/IEC 8348, and ISO 8648. The protocol defined in this ITU-T Recommendation | International Standard is called the Network Layer Security Protocol (NLSP). This ITU-T Recommendation | International Standard specifies: Support for the following security services defined in CCITT Rec. X.800 | ISO 7498-2: peer entity authentication; data origin authentication; access control; connection confidentiality; connectionless confidentiality; traffic flow confidentiality; connection integrity without recovery (including Data Unit Integrity, in which individual SDUs on a connection are integrity protected); connectionless integrity. The functional requirements for implementations that claim conformance to this ITU-T Recommendation | International Standard. The procedures of this protocol are defined in terms of: requirements on the cryptographic techniques that can be used in an instance of this protocol; requirements on the information carried in the security association used in an instance of communication. Although the degree of protection afforded by some security mechanisms depends on the use of some specific cryptographic techniques, correct operation of this protocol is not dependent on the choice of any particular encipherment or decipherment algorithm. This is a local matter for the communicating systems. Furthermore, neither the choice nor the implementation of a specific security policy are within the scope of this ITU-T Recommendation | International Standard. The choice of a specific security policy, and hence the degree of protection that will be achieved, is left as a local matter among the systems that are using a single instance of secure communications. This ITU-T Recommendation | International Standard does not require that multiple instances of secure communications involving a single open system must use the same security protocol. Annex D provides the PICS proforma for the Network Layer Security Protocol in compliance with the relevant guidance given in ISO/IEC 9646-2.

Committee
IST/6
DevelopmentNote
Supersedes 93/640428 DC. (08/2005)
DocumentType
Standard
Pages
112
PublisherName
British Standards Institution
Status
Current
Supersedes

Standards Relationship
ISO/IEC 11577:1995 Identical
ISO 11577 : 1ED 1995 Identical

ISO/IEC 9834-1:2012 Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree
ISO/IEC 9979:1999 Information technology Security techniques Procedures for the registration of cryptographic algorithms
ISO/IEC 8208:2000 Information technology Data communications X.25 Packet Layer Protocol for Data Terminal Equipment
ISO/IEC 9834-3:2008 Information technology — Open Systems Interconnection — Procedures for the operation of OSI Registration Authorities — Part 3: Registration of Object Identifier arcs beneath the top-level arc jointly administered by ISO and ITU-T

View more information
£318.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.