ISO/IEC 18033-3

ISO/IEC 18033-3. It is an international standard that specifies a portfolio of block cipher algorithms for data confidentiality. Published by ISO/IEC JTC 1/SC 27, this standard forms a crucial part of the broader ISO/IEC 18033 series on encryption techniques. It provides a standardized set of well-vetted cryptographic primitives for use in securing information across diverse information technology systems.

Overview

The standard was developed to promote interoperability and security by defining a select group of block ciphers endorsed for international use. Its creation involved collaboration from global experts within ISO/IEC JTC 1/SC 27, the subcommittee responsible for IT Security techniques. This work aligns with other foundational standards like ISO/IEC 10116 for modes of operation. The selection process for the included ciphers considered extensive public scrutiny, such as the AES competition run by NIST, and the cryptographic analysis performed by projects like the NESSIE Project.

Standardized Block Ciphers

The standard specifies several well-known block cipher algorithms, each with defined block sizes and key sizes. The primary cipher is the Advanced Encryption Standard (AES), which was selected by NIST after the aforementioned AES competition. Other included ciphers are Camellia, developed by NTT and Mitsubishi Electric, and the older Triple DES algorithm, which is based on the original Data Encryption Standard (DES). The inclusion of MISTY1, a cipher designed by Mitsubishi Electric, and the SEED cipher from the Korea Internet & Security Agency (KISA), further demonstrates the international scope of the standard's cryptographic portfolio.

Modes of Operation

To utilize the specified block ciphers effectively, the standard references established block cipher modes of operation. These modes, which are detailed in standards like ISO/IEC 10116, define how algorithms like AES process data beyond a single block. Common modes include Cipher Block Chaining (CBC), Counter mode (CTR), and Galois/Counter Mode (GCM), the latter being standardized in ISO/IEC 19772 for authenticated encryption. The proper application of these modes is critical for achieving security goals like confidentiality and data integrity in various communication protocols and storage systems.

Security Considerations

The standard includes important guidance on the security parameters and limitations of each block cipher. It explicitly notes the deprecation of Triple DES for new systems due to its small block size and potential vulnerabilities, as highlighted by cryptanalysts and organizations like NIST. For AES and Camellia, it specifies the required number of rounds (cryptography) and validates their resistance to known attacks, such as differential cryptanalysis and linear cryptanalysis. The standard emphasizes that overall system security also depends on correct key management, as outlined in the ISO/IEC 11770 series, and secure implementation to avoid side-channel attacks.

Implementations and Usage

Algorithms from this standard are implemented in major cryptographic libraries worldwide, including the GNU Privacy Guard (GnuPG), OpenSSL, and the Microsoft Windows CryptoAPI. Their adoption is widespread in internet security protocols; for instance, AES is mandated in specifications like IEEE 802.11i for Wi-Fi Protected Access (WPA) and in the Internet Protocol Security (IPsec) suite. Governmental bodies, including the U.S. Federal Government via FIPS 197 and the European Union through recommendations from ENISA, have endorsed these ciphers. The standard's algorithms also underpin the security of payment systems defined by EMVCo and are integral to the Transport Layer Security (TLS) protocol used across the World Wide Web. Category:ISO standards Category:Cryptography standards Category:Computer security standards