Product Security
24.Dec.2020
U.S. Federal Information Processing Standard 140-3 Outlines Cryptographic Modules to Prevent Sensitive Data Leak
Federal Information Processing Standards (FIPS), formerly known as the Federal Information Security Management Act (FISMA), stipulates that US federal government departments and agencies must use verified cryptographic modules to ensure security and operability. Therefore, in 1996, the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) jointly established the FIPS 140 standard which defines the key security parameters of cryptographic systems to be provided by vendors to the U.S. Federal Government.
FIPS 140-3 is officially launching in September 2021
With the advancement of cryptographic technology, the FIPS 140 has been updated to FIPS 140-3, and the currently applied FIPS 140-2 will no longer be accepting new submissions for validation after September 22, 2021. In the future, all the hardware or software cryptographic modules provided by regulated industries such as cryptographic module vendors and cryptographic accelerator vendors, shall support the algorithms in the FIPS 140-3 certification list, which must also comply with relevant algorithms and cryptographic module requirements. Furthermore, the actual operations of these algorithms must be verified by accredited laboratories. Since FIPS 140-3 has set a high benchmark for security, industries like healthcare and finance are also considering adopting it to safeguard sensitive data.
FIPS 140-3 Validation Programs and Related Requirements
For the 140 series of FIPS, NIST has formulated the Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP) to provide detection and verification schemes for the cryptographic algorithms and cryptographic modules respectively. The programs are briefly described as follows:
Cryptographic Algorithm Validation Program, CAVP
CAVP provides verification testing of the approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their components. Cryptographic algorithm verification is a prerequisite of cryptographic module verification. Vendors must apply to accredited laboratories for algorithm implementation verification tests. An algorithm implementation successfully tested by a laboratory will be announced on the NIST official page to describe the vendor, implementation, operational environment, verification date, and algorithm details.
Cryptographic Module Validation Program, CMVP
CMVP provides the verification and testing for cryptographic modules. The prerequisite is that at least one FIPS-approved or NIST-recommended cryptographic algorithm that has passed CAVP cryptographic algorithm verification is used in the module. According to the use of the cryptographic algorithm, the relevant module boundary is defined, and the accredited laboratory conducts the testing and verification of the relevant hardware, software, firmware, system, and interface components within the boundary in compliance with the Derived Test Requirements (DTR). The verified testing results are submitted by the accredited laboratory to NIST for review. A cryptographic module that successfully passed the verification of a lab will also be announced on the NIST official page to describe the vendor, implementation, operational environment, verification date, algorithm certificate number, etc.
The security requirements in the FIPS 140-3 cryptographic module validation program include the following 11 areas:
- Cryptographic Module Specification
- Cryptographic Module Interfaces
- Roles, Services, and Authentication
- Software/Firmware Security
- Operational Environment
- Physical Security
- Non-invasive Security
- Sensitive Security Parameter Management
- Self-Tests
- Life-cycle Assurance
- Mitigation of Other Attacks
According to the complexity and rigidity of the requirements, there are a total of four Security Levels, from the lowest Security Level 1 to the strictest Security Level 4. The different Security Levels have different capabilities to resist attacks from different sources and with different purposes. For example, Security Level 1 is to prevent CVP (Cryptographic Validation Program) errors caused by internal human operations rather than to sustain intentional attacks. Security Level 4 is to block internal and external malicious attacks, or attacks aiming at the products for sensitive data theft conducted by organizations with great resources as well as advanced attack capability and knowledge.
For the 11 security areas listed above, each area has corresponding security requirements in its four Security Levels. The security requirements of the higher Security Levels contain those of the lower levels. The rating for the lowest Security Level of all security areas is the Overall Level Rating of the cryptographic modules. The differences in the general requirements for each Security Level are explained in the following:
For the 11 security areas listed above, each area has corresponding security requirements in its four Security Levels. The security requirements of the higher Security Levels contain those of the lower levels. The rating for the lowest Security Level of all security areas is the Overall Level Rating of the cryptographic modules. The differences in the general requirements for each Security Level are explained in the following:
Security Level 1
- The module must use at least one Security Function specified or recommended by NIST.
- It runs on a non-modifiable, limited-modifiable, or modifiable operating environment.
- Physical security requires only ordinary components.
- Mitigation mechanisms for all non-intrusive or other attacks are specified by documents.
Security Level 2
- For physical security, requirements are added for tamper-evidence mechanisms, including the use of tamper-resistant coatings or tamper-resistant locks.
- A role-based user authentication mechanism is used.
- The software modules run on a modifiable operating environment. It is necessary to provide an Access Control List (ACL) to protect the software modules from unauthorized execution, modification, disclosure, and reading.
Security Level 3
- Requirements are added to prevent unauthorized access to sensitive security parameters inside the modules.
- For physical security, requirements are added, including a tamper-resistance response mechanism, and a security mechanism to avoid detection attacks through vent holes.
- An Identity-based user authentication mechanism is used.
- The Trust Path or Split Knowledge methods are used for encryption when manually establishing key security parameters in plain text.
- A protection mechanism is added for the operating voltage and temperature range of the modules in the operating environment for safety concerns.
- All non-intrusive attack mitigation mechanisms are to be tested and confirmed to be in line with the Level 3 testing requirements.
- Life-cycle Assurance requirements are added, including the following: automated configuration management, detailed design, Low-level testing, and operation verification using the information provided by the vendor.
Security Level 4
- multi-factor user authentication mechanism is used.
- All the mitigation functions of non-intrusive attacks are to be tested and confirmed to be in line with the Level 4 testing requirements.
The Strict Requirements for Accredited Laboratories by NIST
The verification and evaluation operations of CAVP and CMVP are to be conducted in a Cryptographic and Security Testing (CST) laboratory accredited by the National Voluntary Laboratory Accreditation Program (NVLAP). NIST has set up strict requirements for CST laboratories: at least 2 testers of which must have passed the CVP tester certification exam, and the laboratory should also meet the ISO 17025 laboratory quality standard. Due to the strict requirements, there are only 20 laboratories in the world that have passed the NIST certification and become accredited CST laboratories. In terms of password security, only 81 laboratories globally have obtained CVP certification and become password security experts.
After the cryptographic module testing is conducted by an accredited CST testing laboratory, a verification report is produced, then after the report passes a NIST audit, the certificate will be published on the NIST official website. The FIPS 140-3 verified products can effectively reduce the error rate of cryptographic algorithms and prevent the leakage of sensitive data.
After the cryptographic module testing is conducted by an accredited CST testing laboratory, a verification report is produced, then after the report passes a NIST audit, the certificate will be published on the NIST official website. The FIPS 140-3 verified products can effectively reduce the error rate of cryptographic algorithms and prevent the leakage of sensitive data.
Onward Security has Met the Requirements of FIPS 140-3 Validation and Verification
Onward Security has rich experience in the introduction of cryptographic module standards and Cryptographic Validation Program Certification. For vendors whose cryptographic modules need to pass the FIPS 140-3 certification, Onward can help improve their understanding of the programs, therefore allowing the development team to accurately identify the technical requirements during the development period, fulfilling every requirement with the FIPS 140-3 consultation services. Onward Security can also provide FIPS 140-3 cryptographic algorithm and cryptographic module verification services to help customers save manpower and time significantly.
