study group 7/17 asn.1 asn.1: past uses, new developments, and future prospects in security and...

Study Group 7/17 Study Group 7/17 ASN.1ASN.1

ASN.1: Past uses, ASN.1: Past uses, new developments, new developments,

and future and future prospects in prospects in

security and e-security and e-commerce commerce

applicationsapplicationsJohn [email protected]

Note, for best viewing, this presentation needs the Dom Casual and Brush Script fonts to be on your machine.


A short history of A short history of communications communications

notationsnotations Bits and bytes picturesBits and bytes pictures TLV with tabular notationTLV with tabular notation ASN.1ASN.1 Text-based communicationText-based communication (Semantic) mark-up(Semantic) mark-up


ITU-T SG7 involvementITU-T SG7 involvement

Standardising notations to support Standardising notations to support communication for over twenty yearscommunication for over twenty years

ASN.1 one of the first notations to be ASN.1 one of the first notations to be developed and widely deployeddeveloped and widely deployed

Its use has spread to almost all ITU-T Its use has spread to almost all ITU-T Study GroupsStudy Groups

A major platform for the systems design A major platform for the systems design and testing methodologies of SG10and testing methodologies of SG10


Development of Development of encoding notations (1) encoding notations (1)

Diagrams of bits and bytes - e.g. IPv4Diagrams of bits and bytes - e.g. IPv4(The earliest approach, simple and clear, but focusing

totally on the bits-on-the-line.)

Tool support not possible - but see ECN discussion later.


Development of Development of encoding concepts (2)encoding concepts (2)

Each parameter has Each parameter has Parameter ID (or Parameter ID (or ttype), ype), llength, ength, vvaluealue

Tables list each parameter: Tables list each parameter: Tabular NotationTabular Notation

Tool support not possible - but see ECN discussion later.


Problems solved by TLV Problems solved by TLV encodingsencodings

Variable length fieldsVariable length fields OptionalityOptionality Permits random orderPermits random order Supports alternativesSupports alternatives Generalises to arbitrary depthGeneralises to arbitrary depth Provides “extensibility” easilyProvides “extensibility” easily


Abstract syntax Abstract syntax notation (ASN.1)notation (ASN.1)

The first attempt to hide encoding detailsThe first attempt to hide encoding details Easily understood by domain expertsEasily understood by domain experts Readily understood by programmers used Readily understood by programmers used

to data-type definitionsto data-type definitions Easily converted to language structures Easily converted to language structures

for implementationfor implementation Supports “extensibility”, even with very Supports “extensibility”, even with very

compact encodingscompact encodings


ASN.1 - A Superb ASN.1 - A Superb Notation, its Notation, its Number One!Number One!

But there are other interpretations!


A brief advert: A brief advert: Penetration of ASN.1Penetration of ASN.1 Telecommunications, including 3GPP Telecommunications, including 3GPP

mobile phonesmobile phones Multimedia standardsMultimedia standards Security-related systems, including Security-related systems, including

smart-cards and certificates - the basis smart-cards and certificates - the basis for e-commercefor e-commerce

Embedded systems communicationsEmbedded systems communications Air traffic controlAir traffic control Many, many othersMany, many others


Key features of ASN.1 Key features of ASN.1 todaytoday

Platform and language independentPlatform and language independent Tools support C, C++, Java Tools support C, C++, Java

implementationsimplementations Proven technology, widely usedProven technology, widely used Permits rapid development of error free Permits rapid development of error free

implementations through toolsimplementations through tools Can provide extremely compact but Can provide extremely compact but

extensible representations when necessaryextensible representations when necessary


Canonical encodingsCanonical encodings

Reduce decoder sizeReduce decoder size Reduce testing costsReduce testing costs Remove side-channel vulnerabilitiesRemove side-channel vulnerabilities Not easy to specify in the general case Not easy to specify in the general case

(ASN.1 has 15 years experience)(ASN.1 has 15 years experience) Essential for most security and Essential for most security and

digital signature workdigital signature work Are a Are a GGood ood TThinghing


Text-based Text-based communication (defined communication (defined

using BNF)using BNF) Easily displayed and debuggedEasily displayed and debugged Tools are generic and often freeTools are generic and often free Not easily related to data structuresNot easily related to data structures VerboseVerbose Does not scale well to complex Does not scale well to complex

structures - structures - ignore itignore it


XML mark-upXML mark-up The new boy on the block, but very importantThe new boy on the block, but very important Offers a lot of integration potentialOffers a lot of integration potential Even more verbose, so of limited application Even more verbose, so of limited application

at present (schema definition also verbose - at present (schema definition also verbose - see later)see later)

Generic tools (eg browser support) existGeneric tools (eg browser support) exist DTD and schema definition fairly obscureDTD and schema definition fairly obscure Attracting a lot of attention and interestAttracting a lot of attention and interest


Use ASN.1 to define Use ASN.1 to define your schema.your schema.

Use XML to define Use XML to define your abstract syntax.your abstract syntax.


Abstract syntax and Abstract syntax and schemasschemas

Just two words for the same thing?Just two words for the same thing? Do we need to map between ASN.1 type Do we need to map between ASN.1 type

definitions and XML schemas (or DTDs)?definitions and XML schemas (or DTDs)? Can XML mark-up directly support Can XML mark-up directly support

ASN.1 schemas?ASN.1 schemas? Can Packed Encoding Rules directly Can Packed Encoding Rules directly

support XML abstract syntax definitions?support XML abstract syntax definitions?

Just some of the issues addressed by current work


Why a linkage between Why a linkage between ASN.1 and XML?ASN.1 and XML?

Benefits of a closer integration of XML Benefits of a closer integration of XML schema specification languages and of tools schema specification languages and of tools for protocol implementationfor protocol implementation

Browser support to display ASN.1 valuesBrowser support to display ASN.1 values Very compact encodings become available Very compact encodings become available

for XMLfor XML Exploits the very real advantages of bothExploits the very real advantages of both


ASN.1 XML Value ASN.1 XML Value NotationNotation

The first of several steps to integrate The first of several steps to integrate ASN.1 and XMLASN.1 and XML

ASN.1 values can be displayed or ASN.1 values can be displayed or input in XML formatinput in XML format

XML Value Notation provides an XML Value Notation provides an XML Encoding Rule specificationXML Encoding Rule specification

UTF8 encoding of the XML Value to UTF8 encoding of the XML Value to be transferredbe transferred


ASN.1 XML Value ASN.1 XML Value Notation Example (1) Notation Example (1)

ASN.1 Schema ASN.1 Schema definitiondefinitionInvoice ::= SEQUENCE {Invoice ::= SEQUENCE {

numbernumber INTEGER,INTEGER,

namename UTF8String,UTF8String,

detailsdetails SEQUENCE OF LineItem,SEQUENCE OF LineItem,

chargecharge REAL,REAL,

authenticatorauthenticator BIT STRING}BIT STRING}

LineItem ::= SEQUENCE {LineItem ::= SEQUENCE {

part-nopart-no INTEGER,INTEGER,

quantityquantity INTEGER }INTEGER }



XML Schema definition XML Schema definition - part only!- part only!<xsd:complexType name="LineItem"><xsd:complexType name="LineItem">

<xsd:sequence><xsd:sequence>

<xsd:element <xsd:element

name="part-no" type="xsd:number"/>name="part-no" type="xsd:number"/>

<xsd:element<xsd:element

name="quantity" type="xsd:number"/>name="quantity" type="xsd:number"/>

</xsd:sequence></xsd:sequence>

</xsd:complexType> </xsd:complexType>

Compare:Compare:

LineItem ::= SEQUENCE {LineItem ::= SEQUENCE {

part-nopart-no INTEGER,INTEGER,

quantityquantity INTEGER }INTEGER }


ASN.1 XML Value ASN.1 XML Value Notation Example (3)Notation Example (3)this-invoice ::=this-invoice ::=

<Invoice><Invoice>

<number>32950</number><number>32950</number>

<name>funny-name with <</name><name>funny-name with <</name>

<details><details>

<Line-item><Line-item>

<part-no>296</part-no><part-no>296</part-no>

<quantity>2</quantity><quantity>2</quantity>

</Line-item></Line-item>

ContCont



ContinuedContinuedContinuationContinuation

<Line-item><Line-item>

<part-no>4793</part-<part-no>4793</part-no>no>

<quantity>74</quantity><quantity>74</quantity>

</Line-item> </Line-item> </details></details>

<charge>397.65</charge><charge>397.65</charge>

<authenticator form=hex><authenticator form=hex>

EFF8 E976 5403 629FEFF8 E976 5403 629F

</authenticator></authenticator>

</Invoice></Invoice>


Legacy protocols won’t Legacy protocols won’t die!die!

Tools (and staff training) investments lead Tools (and staff training) investments lead to new protocols being defined in the same to new protocols being defined in the same way as old ones, using the same encoding way as old ones, using the same encoding techniquestechniques

Need to re-define with new schema Need to re-define with new schema languages (eg ASN.1!), but retain the bits-languages (eg ASN.1!), but retain the bits-on-the-lineon-the-line

Requires an Encoding Control NotationRequires an Encoding Control Notation

Just some of the issues under current discussion


Encoding Control Encoding Control NotationNotation

The most recent area of ASN.1 workThe most recent area of ASN.1 work Aims to provide a common notation, Aims to provide a common notation,

common tools, for common tools, for allall protocols protocols Any notation to support this goal needs Any notation to support this goal needs

flexibility and has to include a notation for flexibility and has to include a notation for defining encodingsdefining encodings

The addition of ECN to ASN.1 makes it The addition of ECN to ASN.1 makes it very powerful in this areavery powerful in this area


Bluetooth Service Bluetooth Service Discovery Protocol in Discovery Protocol in

ASN.1ASN.1bluetooth-tag-encoding #TAG ::=bluetooth-tag-encoding #TAG ::=

{ENCODING SPACE SIZE 8{ENCODING SPACE SIZE 8

EXHIBITS HANDLE “Bluetooth tag” AT {0..7}EXHIBITS HANDLE “Bluetooth tag” AT {0..7}

length-delimited-repetitionlength-delimited-repetition

{< REFERENCE:length >} #REPETITION ::={< REFERENCE:length >} #REPETITION ::=

{ENCODING{ENCODING

{REPETITION-SPACE{REPETITION-SPACE

SIZE variable-with-determinantSIZE variable-with-determinant

MULTIPLE OF octetMULTIPLE OF octet

USING length } }USING length } }


The scene today (1)The scene today (1) ASN.1, XML, TTCN, SDL, ECN, IDL, SIP, ASN.1, XML, TTCN, SDL, ECN, IDL, SIP,

CORBA, etc etc plus various data dictionaries CORBA, etc etc plus various data dictionaries Some near-integration (eg ASN.1, TTCN, Some near-integration (eg ASN.1, TTCN,

SDL, and now XML)SDL, and now XML) Some similar functions, many differencesSome similar functions, many differences Some notations are rich in some areas, fewSome notations are rich in some areas, few

are rich in all areas.are rich in all areas. Schema mappings difficultSchema mappings difficult


The scene today (2)The scene today (2) Still a large divide between:Still a large divide between:

– Definitions of objects for storage (databases) and for communication (and of associated meta-data)

– Things that work for large systems and things that work for embedded and small systems

– Scalability between high-bandwidth comms and low-bandwidth air interfaces

– Definition of semantics, of rules of procedure, of syntax, and of encodings


But ASN.1 addressesBut ASN.1 addressesmost of these most of these

problems.problems.------------

It provides solutions It provides solutions that are both that are both

machine and human machine and human friendly.friendly.


It provides canonical It provides canonical encodings (CXER encodings (CXER and the compact and the compact Canonical-PER)Canonical-PER)


It provides full It provides full

extensibility support extensibility support for all encodings for all encodings

(including XER and (including XER and CXER)CXER)


Can you ask for Can you ask for more?more?

THE THE ENDEND

study group 7/17 asn.1 asn.1: past uses, new developments, and future prospects in security and...

Documents