NIST Cryptographic Module Validation Program

1
NISTCryptographic ModuleValidation Program
May 7th to 9th, 2001 Crystal City, Virginia

• May 7, 2001

Randall J. Easter randall_easter_at_nist.gov
1030-1100am - Technical
2
(No Transcript)
3
Cryptographic Module Validation Program (CMVP)

• Established by NIST and the Communications
  Security Establishment (CSE) in 1995
• Original FIPS 140-1 requirements and updated FIPS
  140-2 requirements developed with industry input
• Five NVLAP-accredited independent testing
  laboratories
• Currently, over 140 validation certificates
  representing over 160 modules

4
FLOW OF A FIPS 140-1 VALIDATION
Vendor
CMT Lab
CMVP
User
Designs and Produces
Tests for Conformance
Validates
Specifies and Purchases
Cryptographic Module and Algorithm
Cryptographic Module and Algorithm
Test Results and Signs Certificate
Security and Assurance
5
FIPS 140-2 Security Levels
Security Spectrum
Not Validated
Level 1
Level 2
Level 3
Level 4

• Level 1 is the lowest, Level 4 most stringent
• Requirements are primarily cumulative by level
• Overall rating is lowest rating in all sections

6
Applicability of FIPS 140-1

• U.S. Federal organizations must use validated
  cryptographic modules
• GoC departments are recommended by CSE to use
  validated cryptographic modules
• FIPS 140-1 is the de-facto standard for
  cryptographic modules in North America, with
  interest shown by ANSI, ISO, Germany, UK, Taiwan,
  and Japan

7
CMVP Status

• Continued record growth in the number of
  cryptographic modules validated
• All four security levels of FIPS 140-1
  represented on the Validated Modules List
• Over forty participating vendors
• More CMT laboratories likely to be added this
  year
• Possibility of labs outside of the U.S. and
  Canada this year

8
CMVP Status(concluded)

• Emergence of FIPS 140-2 and AES early this year
  to cause unparalleled growth
• Adoption of FIPS 140-2 by ANSI (X9.66) also
  expected to increase number of cryptographic
  module validations
• Increasing international recognition of the CMVP
  and FIPS 140-2

9

FIPS 140-1 Validated Modules by Year and
Level (as of December 31, 2000)
10
FIPS 140-2 Implementation Schedule
FIPS 140-1 FIPS 140-2
APPROVAL DATE OF FIPS 140-2
EFFECTIVE DATE OF FIPS 140-2
(6 months after approval date)
TRANSITION PERIOD TO FIPS 140-2
(6 months after effective date)
Future
11
140-1 2 Tables of Contents
FIPS 140-1 1. Overview 2. Glossary of Terms and
Acronyms 3. Functional Security Requirements 4.
Security Requirements 4.1 Cryptographic
Modules 4.2 Cryptographic Module Interfaces
Draft FIPS 140-2 1. Overview 2. Glossary of
Terms and Acronyms 3. Functional Security
Requirements 4. Security Requirements 4.1
Cryptographic Module Specification 4.2
Cryptographic Module Interfaces
Section added or significantly revised
12
140-1 2 Tables of Contents (Continued)
FIPS 140-1 4.3 Roles and Services 4.4
Finite State Machine Model 4.5 Physical
Security 4.6 Software Security 4.7
Operating System Security 4.8 Cryptographic
Key Management
Draft FIPS 140-2 4.3 Roles, Services, and
Authentication 4.4 Finite State Machine Model
4.5 Physical Security 4.6 Operating System
Security 4.7 Cryptographic Key Management

Section added or significantly revised
13
140-1 2 Tables of Contents (Continued)
FIPS 140-1 4.9 Cryptographic Algorithms
4.10 EMI/EMC 4.11 Self-Tests
Draft FIPS 140-2 4.8 EMI/EMC 4.9
Self-Tests 4.10 Design Assurance 4.11
Mitigation of Other Attacks
Section added or significantly revised
14
140-1 2 Tables of Contents (Concluded)
FIPS 140-1 Appendices A Summary of
Documentation Requirements B Recommended
Software Development Practices C Selected
References
Draft FIPS 140-2 Appendices A Summary of
Documentation Requirements B Recommended
Software Development Practices C Cryptographic
Module Security Policy D Selected
Bibliography
Section added or significantly revised
15
Derived Test Requirements

• Cryptographic module testing is performed using
  the Derived Test Requirements (DTR)
• Assertions in the DTR are directly traceable to
  requirements in FIPS 140-2
• Provides for one-to-one correspondence between
  the FIPS and the DTR
• Each assertion will include requirements levied
  on the
• Cryptographic module vendor
• Tester of the cryptographic module

16
(No Transcript)
17
Validated Modules By Type
Link/Frame Encryptors
Radios/Phones
Faxes
Postal
PC/Smart/Tokens
PDAs
Co-Processors
Kernels/Toolkits
Accelerators
Routers/VPNs
18
FIPS 140-1 Level 4 Products
IBM zSeries 900 CMOS Cryptographic
Coprocessor
Advanced
Configurable
Crypto Environment Security Processor
Datacryptor 2000 family
IBM 4758-002 PCI Cryptographic Coprocessor
(Miniboot Layers 0 and 1)
Zaxus, A Thomson-CSF Racal Company, SafeGuard
Security Subsystem (SGSS)
19
FIPS 140-1 Product Display
20
Cryptographic Module Vendors(as of March 31,
2001)

• Alcatel (TimeStep)
• Attachmate Corp.
• Baltimore Technologies
• Certicom Corp.
• Chrysalis-ITS
• Cisco Systems
• Cryptek Secure Comm.
• Cylink
• Dallas Semiconductor
• Datakey
• Entrust Technologies
• Ericsson
• Fortress Technologies
• Francotyp-Postalia

• GTE
• IBM Corp.
• Intel Network Systems
• IRE
• L-3 Comm. Systems
• Litronic, Inc.
• Microsoft, Corp.
• Motorola, Inc.
• Mykotronx. Inc
• nCipher
• Neopost
• Neopost Industrie
• Neopost Online
• Netscape

Network Associates, Inc. Nortel Networks Novell
Inc. Oracle Corp. Pitney Bowes, Inc. PSI Systems,
Inc. RedCreek Comm. RSA Data Security,
Inc. Spyrus, Inc. Stamps.com Technical Comm.
Corp. TimeStep Corp. Transcrypt
International V-ONE Corp. Zaxus (RACAL)
21
http//www.nist.gov/cmvp

• FIPS 140-1 and FIPS 140-2 (soon)
• Derived Test Requirements (DTR)
• Approved Security Functions (soon)
• Implementation Guidance
• Points of Contact
• Laboratory Information
• Validated Modules List
• Other Useful Links

22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
Questions?

• Randy Easter - randall.easter_at_nist.gov