FIPS - US Cryptographic Testing Standard B2-04FIPS - US Cryptographic Testing Standard ICCC 2005 Theme B2-04 Nithya Rachamadugu CygnaCom Solutions September 31, 2005

FIPS - US Cryptographic Testing Standard ICCC 2005 Theme B2-04

Nithya RachamaduguCygnaCom SolutionsSeptember 31, 2005

2© Copyright 2005 CygnaCom Solutions

FIPS 140-2

• FIPS- Federal Information Processing Standard

• 140 - Publication Number, 2 - Program revision

• Cryptographic standard

• De facto international standard for cryptographic module security requirements

• Joint program – NIST and CSE

• FIPS 140-2 and CC are independent information security standards

• NIST – National Institute of Standards and Technology (US)

• CSE-Communications Security Establishment (CA)


FIPS 140-2 to ISO/IEC 19790

• Cryptographic modules developed by vendors from around the world

• Australia, Israel, Singapore, U.K., France, Finland, Germany, Canada

– Protection Profiles developed throughout the world reference FIPS 140-1 and FIPS 140-2

• FIPS 140-2 developed to facilitate conversion to an ISO standard

• Cryptographic Module Validation Program(CMVP)


CMVP: Applicability of FIPS 140-2

• U.S. Federal organizations must use validatedcryptographic modules

• With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards.

• GoC departments are recommended by CSE to use validated cryptographic modules

• The FIPS 140-2 is Internationally recognized


Evaluation

• Evolving standard

- FIPS 140-1 started in 1995

- FIPS 140-2 after May 2002

- FIPS 140-3 expected in May 2007

• FIPS 140-2 contains specific security requirements of the cryptographic module.

• Common Criteria specifies generic requirements for a security product or system


Philosophy

• Strong commercially available cryptographic products are needed

• Government must work with the commercial sector and the cryptographic community for:– security,

– interoperability, and

– assurance


Products with Cryptographic modules

• FIPS 140-2 requirements only applies to the cryptographic functionality of a product– Scope of testing (or the “module”) may be the whole

product or subset of a product

• Applicable to hardware, software, and firmware cryptographic modules– e.g. software applications, cryptographic toolkits, postage

metering devices, radio encryption, data storage modules

• Must use the validated version and configuration

• A larger product can claim that is uses a FIPS 140-1/2 validated cryptographic module


Cryptographic module

Software/Hardware/firmware that employs cryptographic services:

• Encryption

• Signature

• Hashing

• Authentication

• Key management (generation, storage, import, export)


Conformance testing

• Purpose of CMVP

– cryptographic modules Conformance using the Derived Test Requirements (DTR)

– Not evaluation of cryptographic modules. Not required are:

• Vulnerability assessment

• Design analysis, etc.

• Laboratories

– Test submitted cryptographic modules

• NIST/CSE

– Validate tested cryptographic modules


validation flow

Vendor

Cryptographic

Module and

Algorithm

Designs and Produces

CMT

Lab

Tests for Conformance Cryptographic

Module and

Algorithm

Validates

Purchases

User

CMVP

Security and

Assurance

Test Results

and Signs

Certificate


What happens when a report is submitted (cont.)

[CMVP SYN]


Eleven Security Areas

• Cryptographic Module Specification

• Cryptographic Module Ports and Interfaces

• Roles, Services, and Authentication

• Finite State Model

• Physical Security

• Operational Environment

• Cryptographic Key Management

• EMI/EMC requirements

• Self Tests

• Design Assurance

• Mitigation of Other Attacks


Levels of Security

• Four levels - Level 1 thru Level 4

• Level 1 is the lowest, Level 4 most stringent

• Requirements are primarily cumulative by level

• Levels assigned for each of the 11 security sections

• Overall rating is lowest rating in all sections

• module must be configured and operated in accordance with the level it was validated


Example

• Physical Security at level 4 and all other security areas at level 1 receives Level 1.

• Machines located and operated in public areas

Reference: FIPS PUB 140-2,

S ti 4 S it



CC Security Considerations For crypto Modules

• Level 1: No CC requirement

• Level 2: EAL-2 Evaluated OS




CC Verses FIPS Overview

• The CC and FIPS 140-2 are different in the abstractness and focus of tests.

• CC is an evaluation against a created protection profile (PP) or security target (ST). Typically, a PP covers a broad range of products.

• FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC.


CC Verses FIPS Overview (cont.)

• A CC evaluation does not supercede or substitute for a FIPS 140-2 validation. The four security levels in FIPS 140-2 are not intended to map directly to specific CC EALs or to CC functional requirements.

• FIPS 140-2 is the current de facto standard for cryptography. There is no document that correlates CC functionality to FIPS 140-2 functionality. Therefore, a CC certificate cannot be a substitute for a FIPS 140-2 certificate.


Derived Test Requirements (DTR) Organization

• Tester and Vendor Requirements Are Derived From FIPS 140-2

• Implementation Guidance Issued by The CMVP Clarifies Testing and Documentation Requirements

FIPS 140-2

FIPS PUB 140-2

Derived Testing

Requirements Document

DTR

Tester Requirements Vendor RequirementsCompliance Requirements

FIPS 140-2

Implementation Guidance Document


• Cryptographic module testing is performed using the Derived Test Requirements (DTR)

• Assertions in the DTR are directly traceable to requirements in FIPS 140-2

• All FIPS 140-2 requirements are included in the DTR as assertions– Provides for one-to-one correspondence between the

FIPS and the DTR

• Assertion levy requirements on the – Cryptographic module vendor

– Tester of the cryptographic module


AES

TDES

IDEA

Blowfish

RC2

– Encryption/Decryption: IDEA, TDES, AES, Blowfish, RC2, RSA

*Note – Sample Algorithms Only - Not An Exhaustive List

Modules Implement Services, Which Use Algorithms:

SHA-1MD5

– Hashing / MACing: SHA-1, MD5

PRNGRNG

– Key Management: Random Number Generators (RNG, PRNG)

DSA

– Digital Signatures: DSA, RSA

RSA

Cryptographic Module Vs Algorithm

Reference: FIPS PUB 140-2

A A A d S it


What constitutes a module?

• Approved Security Functions– Symmetric Key – AES, Triple-DES, Skipjack

– Asymmetric Key –DSA, RSA, ECDSA

– Message Authentication – DES MAC, Triple-DES Mac, Enhanced Security DES, CCM Mode

– Hashing – Secure Hash Standard (SHS) – SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512

– Keyed Hash – HMAC

– Random Number Generator –

Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules.


Non-Approved Mode

( Encrypt/Decrypt Data )

Approved Mode

( Digital Signatures

Key Wrapping )RSA

IDEA

Blowfish

MD5

RC2RNG

Only Approved Algorithms and Security Functions Permitted

Non-Approved Functions and Algorithms Not Allowed in Approved Mode

– (Not Tested or Validated – Not To Be Used By U.S. Government)

DSA

#65 SHA-1

#130

AES

#2

PRNG

#10

TDES

#80

Approved Mode of Operation


Certificate Maintenance

• Possible changes

�No Security Relevant changes

�Less than 30% change to the same module

�Physical security changes

�More than 30% change or new module


FIPS 140-2 Resources

• FIPS 140-2 Standard– Appendices

– Annexes

• Derived Test Requirements (DTR)

• Implementation Guidance (IG)

• Frequently Asked Questions (FAQ)

• NIST Validation Lists– Pre-Validation List

– Validated Products List

– Algorithm Validation List

• http://csrc.nist.gov/cryptval/


Cost and schedule

• CMVP goal – certificate in six months

- under US $50,000 (Lab fee)

• NIST cost recovery

- Varies by level

- extended fee possible (additional charges)


Validation List - Certificate

[VAL]


Validation List – Certificate (cont)

[VAL]


Reference material

• NIST web : http://csrc.nist.gov/cryptval/

• All FIPS documents : http://csrc.nist.gov/cryptval/

• FIPS evaluated product list: FIPS 140-1 and FIPS 140-2 Cryptographic Modules Validation List


CMVP Web page



Contact Information:

• Nithya Rachamadugu

• Security Evaluation Laboratory Manager

• CygnaCom Solutions

• Suite 5200

• 7295 Jones Branch Drive

• McLean, VA 22102

• Tel: 703-270-3551

• Fax: 703-848-0985

• Email: [email protected]

Documents

FIPS - US Cryptographic Testing Standard B2-04FIPS - US Cryptographic Testing Standard ICCC 2005 Theme B2-04 Nithya Rachamadugu CygnaCom Solutions September 31, 2005