View
236
Download
1
Category
Tags:
Preview:
Citation preview
The Cryptographic Module Validation Program
andFIPS 140-2
NIAP
SSLTLS
SMIMEIKEEKE
SPEKE
IPSEC
ITSECURITY
Systems
Smart Cards
PKI
Telecom
Biometrics
Healthcare
Firewalls
OperatingSystems
DBMS
WebBrowsers
CMVP
DES
3DES
AES
Skipjack
SHA-1
SHA-256
SHA-384
SHA-512
DESMAC
HMAC
FIPS 140-2Crypto
Modules
RSA
ECDSA
DSA
DSA2
RSA2ECDSA2 Wrapping
D-HMQV
RSA
FIPS171
Encryption Hashing Authentication Signature Key Mgt.
ProtocolsSecurity Specifications
Future Standard,Specification or
Recommendation
Standardin
Progress
Existing StandardTest Development
in Progress
Standard andTesting
Available
Existing Standardno
Testing
Industry Standard,Specification or
Recommendation
CygnaCom COACTSAIC TUVIT CSC
Domus InfoGard Atlan
AccreditedTesting
Labs
ARCA
EWA
Cryptographic Module Validation Program (CMVP)
Established by NIST and the Communications Security Establishment (CSE) in 1995
Original FIPS 140-1 requirements and updated FIPS 140-2 requirements developed with industry input
Six NVLAP-accredited testing laboratories True independent 3rd party accredited testing laboratories Can not test and provide design assistance
CMVP Accredited Laboratories
InfoGard Laboratories
CEAL: a CygnaCom Solutions Laboratory
COACT Inc.
EWA - Canada LTD, IT Security
Evaluation Facility
Domus IT Security Laboratory
Atlan Laboratories
Sixth CMT laboratory added in 2001
Applicability of FIPS 140-2
U.S. Federal organizations must use validated cryptographic modules
GoC departments are recommended by CSE to use validated cryptographic modules
International recognition
Vendor
Designs and Produces
Cryptographic Module and Algorithm
CMT Lab
Tests for Conformance
Cryptographic Module and Algorithm
CMVP
Validates
Test Results and Signs Certificate
User
Specifies and Purchases
Security and Assurance
Flow of a FIPS 140-2 Validation
Level 1 is the lowest, Level 4 most stringent
Requirements are primarily cumulative by level
Overall rating is lowest rating in all sections
Not Validated
Security Spectrum
Level 1
Level 2
Level 3
Level 4
FIPS 140-2 Security Levels
Derived Test Requirements
Cryptographic module testing is performed using the Derived Test Requirements (DTR)
Assertions in the DTR are directly traceable to requirements in FIPS 140-2
All FIPS 140-2 requirements will be included in the DTR as assertions Provides for one-to-one correspondence between the FIPS
and the DTR
Derived Test Requirements (concluded)
Each assertion will include requirements levied on the Cryptographic module vendor Tester of the cryptographic module
Modules tested against FIPS 140-2 will use the associated DTR
Revalidations
An updated version of a previously validated cryptographicmodule can be considered for a revalidation rather than a full validation depending on the extent of the modifications from the previously validated version of the module.
1. Modifications are made to hardware, software or firmware components that do not affect any FIPS 140-1 security relevant items.
Signed Letter from Accredited Laboratory
2. Modifications are made to hardware, software or firmware components that affect some of the FIPS 140-1 security relevant items.
Re-validation TE’s annotated as RE-Tested with an overall regression test performed
CMVP Status
Continued record growth in the number of cryptographic modules validated Over 200 Validations representing nearly 250
modules
All four security levels of FIPS 140-1 represented on the Validated Modules List
Over forty participating vendors
0
20
40
60
80
100
120
1995 1997 1999 2001
ProjectedLevel 4Level 3Level 2Level 1
FIPS 140-1 and FIPS 140-2 Validations by Year and Level
(January 15, 2002)
Certificate 150
May 23, 2001
Certificate 200 December 18,
2001
2001 Validation Milestones
• FIPS 140-2 Signed 05/25/01
• FIPS 140-2 DTR Available 11/15/01
• FIPS 140-2 Validations Accepted
Validated Modules By Type
Accelerators
Co-Processors
Routers/VPNs
Kernels/Toolkits
PDAs
PostalFaxes
Link/FrameEncryptors
Radios/Phones
PC/Smart/Tokens
FIPS 140-2 - Testing Begins
FIPS 140-2 Testing officially began November 15, 2001
FIPS 140-1 Testing ends May 25, 2002 Testing laboratories may submit FIPS 140-1
validation test reports until May 25, 2002 After May 25, 2002 all validations and
revalidations must be done against FIPS 140-2
FIPS 140-2 - Testing Begins …
Agencies may continue to purchase, retain and use FIPS 140-1 validated products after May 25, 2002.
NIST has provided common algorithmic testing tool to Accredited Laboratories:
Includes DES, Triple-DES and AES DSA and SHA-1 - to be integrated ECDSA available as separate tool – to be integrated RSA, SHA-{256,384,512}, DH, MQV - future
CMVP Status (concluded)
End of FIPS 140-1 testing and beginning of FIPS 140-2 testing and validations with new implementations of FIPS 197 (AES) expected to cause unparalleled growth
Increasing international recognition of the CMVP and FIPS 140-2
Communications-Electronics Security Group (CESG) - UK
• December 28, 2001
– CESG proposes the use of FIPS 140 as the basis for the evaluation of cryptographic products used in a number of UK government applications and encourages the setting up of accredited laboratories in the UK to perform these evaluations.
… Making a Difference
164 Cryptographic Modules Surveyed (during testing)
80 (48.8%) Security Flaws discovered 158 (96.3%) Documentation Errors
332 Algorithm Validations (during testing)
(DES, Triple-DES, DSA and SHA-1) 88 (26.5%) Security Flaws 216 (65.1%) Documentation Errors
Areas of Greatest Difficulty Physical Security Self Tests Random Number Generation Key Management
AlcatelAlgorithmic Research, Ltd.Ascom Hasler Mailing SystemsAttachmate Corp.Avaya, Inc.Baltimore Technologies (UK) Ltd.Blue Ridge NetworksCerticom Corp.Chrysalis-ITS Inc.Cisco Systems, Inc.Cryptek Security Communications,
LLCCTAM, Inc.Cylink CorporationDallas Semiconductor, Inc.Datakey, Inc.Ensuredmail, Inc.Entrust Technologies LimitedEracom Technologies Group,
Eracom Technologies Australia, Pty. Ltd.
F-Secure CorporationFortress Technologies Francotyp-PostaliaGTE InternetworkingIBMIntel Network Systems, Inc.IRE, Inc.Kasten Chase Applied ResearchL-3 Communication SystemsLitronic, Inc.M/A Com Wireless SystemsMicrosoft Corporation.Motorola, Inc.Mykotronx. IncNational Semiconductor Corp.nCipher Corporation Ltd.NeopostNeopost IndustrieNeopost Ltd.Neopost Online Netscape Communications Corp.
NetScreen Technologies, Inc.Network Associates, Inc.Nortel NetworksNovell, Inc.Oracle CorporationPitney Bowes, Inc.PrivyLink Pte LtdPSI Systems, Inc.Rainbow TechnologiesRedCreek CommunicationsResearch In MotionRSA Data Security, Inc.SchlumbergerSemaSpyrus, Inc.Stamps.comTechnical Communications Corp.Thales e-SecurityTimeStep CorporationTranscrypt InternationalTumbleweed Communications Corp.V-ONE Corporation, Inc.
Participating Vendors (January 15, 2002)
FIPS 140-1 and FIPS 140-2 Derived Test Requirements (DTR) Annexes to FIPS 140-2 Implementation Guidance Points of Contact Laboratory Information Validated Modules List Special Publication 800-23
http://www.nist.gov/cmvp
ADDITIONALBACKGROUND
NVLAP Program
Accredited FIPS 140-1Testing Lab
Cryptographic Module Vendor
Level #
NIST/CSE
Module’s Test Report
List of ValidatedFIPS 140-1Modules
List of NVLAPAccredited Labs
Submits application;Pays accreditation fee
Conducts on-siteassessment;Accredits labs
Tests forconformanceto FIPS 140-1;Writes test report
Submits module for testing;Pays testing fee
Issue validationcertificate
To NIST/CSE for validation
NIST publishes list ofvalidated modules
Issue testing &implementationguidance
NIST publisheslist of NVLAP Accredited Labs
FIPS 140-1: Basic Requirements
Defined module boundary. Finite State Machine specification. Defined security policy. Specification of roles and services. Selection of authentication mechanisms. Self-tests of algorithms, random number
generators, and critical functions during power-on.
Cryptographic Algorithms
Must include at least one FIPS approved cryptographic algorithm. Data Encryption Algorithm (DES) Triple DES (allowed for U.S. Government use) Digital Signature Standard (DSA, RSA), Secure
Hash Algorithm (SHA-1) Must meet requirements in FIPS algorithm
standard.
FIPS 140-1 Security Level 1
Specification of the cryptographic module boundary.
Production-grade equipment. Logical separation of roles and services but no
required authentication. FIPS approved key management. Allows software cryptographic services on a
single user general purpose computer.
FIPS 140-1 Security Level 2
Tamper evident coatings or seals, or pick-resistant locks.
Role-based authentication to determine if an operator is authorized to assume a specific role and perform a corresponding set of services.
Allows software cryptography in evaluated multi-user timeshared systems.
FIPS 140-1 Security Level 3
Tamper detection and response for covers and doors. Identity-based authentication. Stronger requirements for entering and outputting
critical security parameters and cryptographic keys. Trusted path requirements for modules using trusted
operating systems.
FIPS 140-1 Security Level 4
Envelope of protection around the entire cryptographic module.
Environmental failure protection and testing. Formal modeling for software.
Differences Between FIPS 140-1 and FIPS 140-2140-1 & 2 Tables of Contents
FIPS 140-11. Overview2. Glossary of Terms and Acronyms3. Functional Security Requirements4. Security Requirements 4.1 Cryptographic Modules 4.2 Cryptographic Module Interfaces
FIPS 140-21. Overview2. Glossary of Terms and Acronyms*3. Functional Security Requirements4. Security Requirements 4.1 Cryptographic Module Specification* 4.2 Cryptographic Module Interfaces
* Section added or significantly revised
140-1 & 2 Tables of Contents (Continued)
FIPS 140-1 4.3 Roles and Services 4.4 Finite State Machine Model 4.5 Physical Security 4.6 Software Security 4.7 Operating System Security 4.8 Cryptographic Key Management
FIPS 140-2 4.3 Roles, Services, and Authentication 4.4 Finite State Machine Model 4.5 Physical Security* 4.6 Operating System Security* 4.7 Cryptographic Key Management
* Section added or significantly revised
140-1 & 2 Tables of Contents (Continued)
FIPS 140-1 4.9 Cryptographic Algorithms 4.10 EMI/EMC 4.11 Self-Tests
FIPS 140-2 4.8 EMI/EMC 4.9 Self-Tests 4.10 Design Assurance* 4.11 Mitigation of Other Attacks*
* Section added or significantly revised
140-1 & 2 Tables of Contents (Concluded)
FIPS 140-1Appendices A: Summary of Documentation Requirements B: Recommended Software Development Practices C: Selected References
FIPS 140-2Appendices A: Summary of Documentation Requirements B: Recommended Software Development Practices* C: Cryptographic Module Security Policy* D: Selected Bibliography*
* Section added or significantly revised
FIPS 140-2: Final Revisions
4.2 Cryptographic Module Interfaces Security Levels 3 and 4
Physical ports for input/output of plaintext CSPs shall be physically separate from other ports
Logical interfaces for input/output of plaintext CSPs shall be logically separate from all other interfaces
Requires implementation of a trusted path
FIPS 140-2: Final Revisions (continued)
4.6 Operational Environment Operating system definition expanded to operational
environment general purpose operational environment refers to
the use of a commercially-available general purpose operating system (i.e., resource manager)
manages the software and firmware components within the cryptographic boundary
Limited operational environment refers to a static non-modifiable virtual operational environment
with no underlying general purpose OS Requirements in FIPS 140-2 do not apply
Modifiable operational environment refers to an operating environment that may be reconfigured to add/delete/modify
functionality and/or may include general purpose OS capabilities Requirements in FIPS 140-2 apply
FIPS 140-2: Final Revisions (continued)
4.10 Design Assurance Development
Deleted requirements addressed in other sections of FIPS 140-2 Guidance
Deleted security requirements for the IT environment Functional Testing and Test Coverage
Deleted all requirements
Recommended