The cryptographic module validation program and fips 140 2
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

The Cryptographic Module Validation Program and FIPS 140-2 PowerPoint PPT Presentation


  • 198 Views
  • Uploaded on
  • Presentation posted in: General

The Cryptographic Module Validation Program and FIPS 140-2. Firewalls. Smart Cards. SSL. PKI. TLS. Operating Systems. IPSEC. Telecom. DBMS. SMIME. Biometrics. IKE. Web Browsers. EKE. Healthcare. SPEKE. TUVIT. CSC. ARCA. SAIC. Accredited Testing Labs. CygnaCom. COACT.

Download Presentation

The Cryptographic Module Validation Program and FIPS 140-2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The cryptographic module validation program and fips 140 2

The Cryptographic Module Validation ProgramandFIPS 140-2


The cryptographic module validation program and fips 140 2

Firewalls

Smart Cards

SSL

PKI

TLS

Operating

Systems

IPSEC

Telecom

DBMS

SMIME

Biometrics

IKE

Web

Browsers

EKE

Healthcare

SPEKE

TUVIT

CSC

ARCA

SAIC

Accredited

Testing

Labs

CygnaCom

COACT

EWA

Atlan

Domus

InfoGard

SHA-1

FIPS

171

SHA-256

D-H

MQV

SHA-384

DES

MAC

RSA

SHA-512

Wrapping

HMAC

Industry Standard,

Specification or

Recommendation

Future Standard,

Specification or

Recommendation

Standard

in

Progress

Existing Standard

no

Testing

Existing Standard

Test Development

in Progress

Standard and

Testing

Available

IT

SECURITY

Security Specifications

Protocols

Systems

NIAP

FIPS 140-2

Crypto

Modules

Encryption

Hashing

Authentication

Signature

Key Mgt.

DES

DSA

RSA

CMVP

3DES

ECDSA

DSA2

Skipjack

RSA2

AES

ECDSA2


Cryptographic module validation program cmvp

Cryptographic Module Validation Program(CMVP)

  • Established by NIST and the Communications Security Establishment (CSE) in 1995

  • Original FIPS 140-1 requirements and updated FIPS 140-2 requirements developed with industry input

  • Six NVLAP-accredited testing laboratories

    • True independent 3rd party accredited testing laboratories

    • Can not test and provide design assistance


Cmvp accredited laboratories

CMVP Accredited Laboratories

EWA - Canada LTD, IT Security Evaluation Facility

Domus IT Security Laboratory

COACT Inc.

InfoGard Laboratories

Atlan Laboratories

CEAL: a CygnaCom Solutions Laboratory

Sixth CMT laboratory added in 2001


Applicability of fips 140 2

Applicability of FIPS 140-2

  • U.S. Federal organizations must use validated cryptographic modules

  • GoC departments are recommended by CSE to use validated cryptographic modules

  • International recognition


Flow of a fips 140 2 validation

Flow of a FIPS 140-2 Validation

Vendor

CMT Lab

CMVP

User

Designs and Produces

Tests for Conformance

Validates

Specifies and Purchases

Cryptographic Module and Algorithm

Cryptographic Module and Algorithm

Test Results and Signs Certificate

Security and Assurance


Fips 140 2 security levels

FIPS 140-2 Security Levels

  • Level 1 is the lowest, Level 4 most stringent

  • Requirements are primarily cumulative by level

  • Overall rating is lowest rating in all sections

Security Spectrum

Not Validated

Level 1

Level 2

Level 3

Level 4


Derived test requirements

Derived Test Requirements

  • Cryptographic module testing is performed using the Derived Test Requirements (DTR)

  • Assertions in the DTR are directly traceable to requirements in FIPS 140-2

  • All FIPS 140-2 requirements will be included in the DTR as assertions

    • Provides for one-to-one correspondence between the FIPS and the DTR


Derived test requirements concluded

Derived Test Requirements (concluded)

  • Each assertion will include requirements levied on the

    • Cryptographic module vendor

    • Tester of the cryptographic module

  • Modules tested against FIPS 140-2 will use the associated DTR


Revalidations

Revalidations

An updated version of a previously validated cryptographic

module can be considered for a revalidation rather than a full

validation depending on the extent of the modifications from the

previously validated version of the module.

  • Modifications are made to hardware, software or firmware components that do not affect any FIPS 140-1 security relevant items.

    • Signed Letter from Accredited Laboratory

  • Modifications are made to hardware, software or firmware components that affect some of the FIPS 140-1 security relevant items.

    • Re-validation TE’s annotated as RE-Tested with an overall regression test performed


Cmvp status

CMVP Status

  • Continued record growth in the number of cryptographic modules validated

    • Over 200 Validations representing nearly 250 modules

  • All four security levels of FIPS 140-1 represented on the Validated Modules List

  • Over forty participating vendors


Fips 140 1 and fips 140 2 validations by year and level january 15 2002

FIPS 140-1 and FIPS 140-2 Validations by Year and Level(January 15, 2002)


The cryptographic module validation program and fips 140 2

2001 Validation Milestones

Certificate 200 December 18, 2001

  • FIPS 140-2 Signed 05/25/01

  • FIPS 140-2 DTR Available 11/15/01

  • FIPS 140-2 Validations Accepted

Certificate 150

May 23, 2001


The cryptographic module validation program and fips 140 2

Validated Modules By Type

Link/Frame

Encryptors

Radios/Phones

Faxes

Postal

PC/Smart/Tokens

PDAs

Co-Processors

Kernels/Toolkits

Accelerators

Routers/VPNs


Fips 140 2 testing begins

FIPS 140-2 - Testing Begins

  • FIPS 140-2 Testing officially began November 15, 2001

  • FIPS 140-1 Testing ends May 25, 2002

  • Testing laboratories may submit FIPS 140-1 validation test reports until May 25, 2002

  • After May 25, 2002 all validations and revalidations must be done against FIPS 140-2


Fips 140 2 testing begins1

FIPS 140-2 - Testing Begins …

  • Agencies may continue to purchase, retain and use FIPS 140-1 validated products after May 25, 2002.

  • NIST has provided common algorithmic testing tool to Accredited Laboratories:

    • Includes DES, Triple-DES and AES

    • DSA and SHA-1 - to be integrated

    • ECDSA available as separate tool – to be integrated

    • RSA, SHA-{256,384,512}, DH, MQV - future


Cmvp status concluded

CMVP Status (concluded)

  • End of FIPS 140-1 testing and beginning of FIPS 140-2 testing and validations with new implementations of FIPS 197 (AES) expected to cause unparalleled growth

  • Increasing international recognition of the CMVP and FIPS 140-2


The cryptographic module validation program and fips 140 2

Communications

-

Electronics Security

Group (CESG)

-

UK

December 28, 2001

CESG proposes the use of FIPS 140 as the

basis for the evaluation of cryptographic

products used in a number of UK government

applications and encourages the setting up of

accredited laboratories in the UK to perform

these evaluations.


Making a difference

… Making a Difference

  • 164 Cryptographic Modules Surveyed (during testing)

    • 80 (48.8%) Security Flaws discovered

    • 158 (96.3%) Documentation Errors

  • 332 Algorithm Validations (during testing) (DES, Triple-DES, DSA and SHA-1)

    • 88 (26.5%) Security Flaws

    • 216 (65.1%) Documentation Errors

  • Areas of Greatest Difficulty

    • Physical Security

    • Self Tests

    • Random Number Generation

    • Key Management


Participating vendors january 15 2002

Alcatel

Algorithmic Research, Ltd.

Ascom Hasler Mailing Systems

Attachmate Corp.

Avaya, Inc.

Baltimore Technologies (UK) Ltd.

Blue Ridge Networks

Certicom Corp.

Chrysalis-ITS Inc.

Cisco Systems, Inc.

Cryptek Security Communications, LLC

CTAM, Inc.

Cylink Corporation

Dallas Semiconductor, Inc.

Datakey, Inc.

Ensuredmail, Inc.

Entrust Technologies Limited

Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd.

F-Secure Corporation

Fortress Technologies

Francotyp-Postalia

GTE Internetworking

IBM

Intel Network Systems, Inc.

IRE, Inc.

Kasten Chase Applied Research

L-3 Communication Systems

Litronic, Inc.

M/A Com Wireless Systems

Microsoft Corporation.

Motorola, Inc.

Mykotronx. Inc

National Semiconductor Corp.

nCipher Corporation Ltd.

Neopost

Neopost Industrie

Neopost Ltd.

Neopost Online

Netscape Communications Corp.

Participating Vendors (January 15, 2002)

NetScreen Technologies, Inc.

Network Associates, Inc.

Nortel Networks

Novell, Inc.

Oracle Corporation

Pitney Bowes, Inc.

PrivyLink Pte Ltd

PSI Systems, Inc.

Rainbow Technologies

RedCreek Communications

Research In Motion

RSA Data Security, Inc.

SchlumbergerSema

Spyrus, Inc.

Stamps.com

Technical Communications Corp.

Thales e-Security

TimeStep Corporation

Transcrypt International

Tumbleweed Communications Corp.

V-ONE Corporation, Inc.


Http www nist gov cmvp

http://www.nist.gov/cmvp

  • FIPS 140-1 and FIPS 140-2

  • Derived Test Requirements (DTR)

  • Annexes to FIPS 140-2

  • Implementation Guidance

  • Points of Contact

  • Laboratory Information

  • Validated Modules List

  • Special Publication 800-23


Additional background

ADDITIONALBACKGROUND


The cryptographic module validation program and fips 140 2

Level #

List of NVLAP

Accredited Labs

Module’s

Test

Report

List of

Validated

FIPS 140-1

Modules

Submits application;

Pays accreditation fee

Submits module for testing;

Pays testing fee

NVLAP

Program

Accredited

FIPS 140-1

Testing Lab

Cryptographic Module

Vendor

Conducts on-site

assessment;

Accredits labs

NIST publishes

list of NVLAP

Accredited Labs

Tests for

conformance

to FIPS 140-1;

Writes test report

Issue testing &

implementation

guidance

Issue

validation

certificate

To NIST/CSE for validation

NIST/CSE

NIST publishes list of

validated modules


Fips 140 1 basic requirements

FIPS 140-1: Basic Requirements

  • Defined module boundary.

  • Finite State Machine specification.

  • Defined security policy.

  • Specification of roles and services.

  • Selection of authentication mechanisms.

  • Self-tests of algorithms, random number generators, and critical functions during power-on.


Cryptographic algorithms

Cryptographic Algorithms

  • Must include at least one FIPS approved cryptographic algorithm.

    • Data Encryption Algorithm (DES)

    • Triple DES (allowed for U.S. Government use)

    • Digital Signature Standard (DSA, RSA), Secure Hash Algorithm (SHA-1)

  • Must meet requirements in FIPS algorithm standard.


Fips 140 1 security level 1

FIPS 140-1 Security Level 1

  • Specification of the cryptographic module boundary.

  • Production-grade equipment.

  • Logical separation of roles and services but no required authentication.

  • FIPS approved key management.

  • Allows software cryptographic services on a single user general purpose computer.


Fips 140 1 security level 2

FIPS 140-1 Security Level 2

  • Tamper evident coatings or seals, or pick-resistant locks.

  • Role-based authentication to determine if an operator is authorized to assume a specific role and perform a corresponding set of services.

  • Allows software cryptography in evaluated multi-user timeshared systems.


Fips 140 1 security level 3

FIPS 140-1 Security Level 3

  • Tamper detection and response for covers and doors.

  • Identity-based authentication.

  • Stronger requirements for entering and outputting critical security parameters and cryptographic keys.

  • Trusted path requirements for modules using trusted operating systems.


Fips 140 1 security level 4

FIPS 140-1 Security Level 4

  • Envelope of protection around the entire cryptographic module.

  • Environmental failure protection and testing.

  • Formal modeling for software.


The cryptographic module validation program and fips 140 2

Differences Between FIPS 140-1 and FIPS 140-2

140-1 & 2 Tables of Contents

FIPS 140-1

1. Overview

2. Glossary of Terms and Acronyms

3. Functional Security Requirements

4. Security Requirements

4.1 Cryptographic Modules

4.2 Cryptographic Module Interfaces

FIPS 140-2

1. Overview

2. Glossary of Terms and Acronyms*

3. Functional Security Requirements

4. Security Requirements

4.1 Cryptographic Module Specification*

4.2 Cryptographic Module Interfaces

* Section added or significantly revised


The cryptographic module validation program and fips 140 2

140-1 & 2 Tables of Contents (Continued)

FIPS 140-1

4.3 Roles and Services

4.4 Finite State Machine Model

4.5 Physical Security

4.6 Software Security

4.7 Operating System Security

4.8 Cryptographic Key Management

FIPS 140-2

4.3 Roles, Services, and Authentication

4.4 Finite State Machine Model

4.5 Physical Security*

4.6 Operating System Security*

4.7 Cryptographic Key Management

* Section added or significantly revised


The cryptographic module validation program and fips 140 2

140-1 & 2 Tables of Contents (Continued)

FIPS 140-1

4.9 Cryptographic Algorithms

4.10 EMI/EMC

4.11 Self-Tests

FIPS 140-2

4.8 EMI/EMC

4.9 Self-Tests

4.10 Design Assurance*

4.11 Mitigation of Other Attacks*

* Section added or significantly revised


The cryptographic module validation program and fips 140 2

140-1 & 2 Tables of Contents (Concluded)

FIPS 140-1

Appendices

A: Summary of Documentation Requirements

B: Recommended Software Development Practices

C: Selected References

FIPS 140-2

Appendices

A: Summary of Documentation Requirements

B: Recommended Software Development Practices*

C: Cryptographic Module Security Policy*

D: Selected Bibliography*

* Section added or significantly revised


Fips 140 2 final revisions

FIPS 140-2: Final Revisions

  • 4.2 Cryptographic Module Interfaces

    • Security Levels 3 and 4

      • Physical ports for input/output of plaintext CSPs shall be physically separate from other ports

      • Logical interfaces for input/output of plaintext CSPs shall be logically separate from all other interfaces

        • Requires implementation of a trusted path


Fips 140 2 final revisions continued

FIPS 140-2: Final Revisions (continued)

  • 4.6 Operational Environment

    • Operating system definition expanded to operational environment

      • general purpose operational environment refers to

        • the use of a commercially-available general purpose operating system (i.e., resource manager)

          • manages the software and firmware components within the cryptographic boundary

      • Limited operational environment refers to

        • a static non-modifiable virtual operational environment

          • with no underlying general purpose OS

        • Requirements in FIPS 140-2 do not apply

      • Modifiable operational environment refers to

        • an operating environment that may be reconfigured to add/delete/modify functionality and/or

        • may include general purpose OS capabilities

        • Requirements in FIPS 140-2 apply


Fips 140 2 final revisions continued1

FIPS 140-2: Final Revisions (continued)

  • 4.10 Design Assurance

    • Development

      • Deleted requirements addressed in other sections of FIPS 140-2

    • Guidance

      • Deleted security requirements for the IT environment

    • Functional Testing and Test Coverage

      • Deleted all requirements


  • Login