Transcript The Federal Information Processing Standards (FIPS

The Federal
Information
Processing Standards
(FIPS) Encryption
Suite
Sean Smith
COSC 316 - 001
Overview
●
●
This presentation will give a brief look at the
approved cryptographic key management
methods, key generations, random number
generators, hashes, and encryption
algorithms for use by government agencies
and government contractors and vendors.
The purpose of this presentation is to make
readers aware of the strength of protections
needed to participate in government
computing.
Definitions
●
●
The Federal Information Processing
Standards (FIPS) are a set of standards
that describe the approved manners for
document processing, encryption
algorithms, and other information
technology standards for use within nonmilitary government agencies and
government contractors and vendors.
The FIPS Encryption Suite refers to the
approved encryption algorithms as outlined
by these standards.
FIPS Code 140-2
●
●
The FIPS Code 140-2 is a document
published by National Institute of Standards
and Technology which outlines the
standards that a cryptographic module
must meet.
It outlines all the security functions that a
cryptographic module must be able to meet
to reach the required levels of security for
government use as well as listing approved
security functions and algorithms.
FIPS Code 140-2
Section 4.3.2
●
This section of the FIPS Code 140-2
describes the necessary functions for a
cryptographic module. These functions are:
●
Show Status
–
●
Perform Self-Tests
–
●
Displays the current status of the module.
Initiates and run self-tests prescribed in Section 4.9
Perform Approved Security Function
–
Perform an Approved Security Function as specified
in Annex A of FIPS Code 140-2, e.g. encryption
FIPS Code 140-2
Section 4.7
●
●
This section describes the security
requirements for the cryptographic key
management methods employed by the
module.
These requirements include standards
addressing:
●
Random Number Generators
●
Key Generation
●
Key Establishment
●
Key Entry and Output
●
Key Storage
●
Key Zeroization
FIPS Code 140-2
Section 4.7.1
Random Number Generator Standards
●
If a cryptographic module employs a random number generator,
it must meet the following specification:
●
●
●
●
Pass the continuous random number generator test
specified in Section 4.9
Further, commercially available nondeterministic random
number generators may be used to seed deterministic random
number generators
Random number generators are required for the generation of
cryptographic keys. Unapproved random number generators
may only be used as input to approved random number
generators or as initialization vectors for approved security
functions.
Approved Random Number Generators are listed in Annex C of
FIPS Code 140-2
Approved Random Number Generators
from Annex C of FIPS Code 140-2
●
●
●
●
●
Digital Signature Standard from FIPS Code 186-2
with Change Notice 1 or Change Notice 2
Digital Signatures Using Reversible Public Key
Cryptography for the Financial Services Industry
(rDSA)
Public Key Cryptography for the Financial Services
Industry: The Elliptic Curve Digital Signature
Algorithm (ECDSA)
NIST Recommended Random Number Generator
Recommendation for Random Number Generation
Using Deterministic Random Bit Generators
FIPS Code 140-2
Section 4.7.2
Key Generation Standards
●
If a cryptographic module generates keys internally, then it must
meet these specifications:
●
●
●
A key may only be generated using one of the approved key
generation methods listed in Annex C of FIPS Code 140-2
(included in documents provided by previous slide)
Methods to compromise the key generation method shall
require at least as many operations to determine the
generated key
If intermediate key generation values are output from the
module, the values should be output either
–
–
Encrypted
Under split knowledge procedures (no one knows the full
key)
FIPS Code 140-2
Section 4.7.3
Key Establishment Standards
●
In a cryptographic module, key establishment may be performed in a number
of ways:
●
Automated methods
–
●
Manual methods
–
●
●
●
●
Such as the public key algorithm
Manually transporting a key-loading device (e.g. CD)
A combination of the two previous methods
All key establishment methods must be on the approved list provided in
Annex D of the FIPS Code 140-2
Compromising the key establishment method must take at least as many
operations as determining the key being agreed upon or transported.
If a key transport method is used, the key must meet the key entry/output
specifications found in Section 4.7.4 of FIPS Code 140-2
Approved Key Establishment Methods
from Annex D of FIPS Code 140-2
●
Key Agreement
●
●
Key Transport
●
●
Keys generated within a particular cryptographic module
Key Entry
●
●
Method of key establishment where key is generated by one party and securely
transported to any other parties
Key Generation
●
●
Method of key establishment where key is generated from information provided by
separate parties
Key is either entered manually or electronically
Key Derivation
●
Key is derived from certain parameters using an approved key derivation technique
These methods are discussed in more detail in the Implementation Guidance for FIPS Code
140-2.
FIPS Code 140-2
Section 4.7.4
Key Entry and Output
●
If keys are entered or output by the cryptographic module, the entry or output of keys
must be input manually or via electronic means (smart cards/tokens, PC cards, etc.).
●
●
●
●
●
Any seed keys entered during key generation must also be put in using these
methods.
All secret and private keys may only be output in encrypted form during an approved
mode of operation.
Public keys may be output in plain text form
Any entered key must be associated with the correct entity, e.g. person, group, or
process
Manually entered keys should be verified for accuracy using the manual key entry
test from Section 4.9.
●
●
During entry, the entered values may be displayed temporarily to improve
accuracy.
If encrypted components are manually entered into the module, the plain text
values should not be displayed.
FIPS Code 140-2
Section 4.7.4
Key Entry and Output (Contd)
●
Security Levels 1 and 2
●
●
●
Secret and private keys input into the module using automated methods must be input in
encrypted form
Secret and private keys input into the module using manual methods may be input using
plain text form
Security Levels 3 and 4
●
●
●
Secret and private keys input into the module using automated methods must be input in
encrypted form
Secret and private keys input into the module using manual methods must be input in
encrypted form or using split knowledge procedures.
If using split knowledge procedures,
–
Each operator must be authenticated seperately
–
Keys must be input directly into the module without traveling through any other
intervening systems where keys may be stored, combined or processed
–
A minimum of two key components is required
–
Proof that knowledge of n key components is required to reconstruct the key and that
knowledge of n-1 key components provides no usable information other than key
length
FIPS Code 140-2
Section 4.7.5
Key Storage Standards
●
Keys may be stored within the module in
either plain text or encrypted forms
provided:
●
●
Plain text secret and private keys are
inaccessible to unauthorized operators
Keys are associated to the correct entity to
which the key is assigned
FIPS Code 140-2
Section 4.7.6
Key Zeroization Standards
●
●
A cryptographic module shall provide
methods to zeroize all plain text secret and
private keys as well as any critical security
parameters
Zeroization of encrypted elements is not
required.
FIPS Code 140-2
Section 4.9
●
●
This section describes the tests that a cryptographic module shall perform or have available for
use.
An cryptographic module is required to have:
●
Power-up self tests
–
Tests that run when the module powers on
Cryptographic algorithm tests
●
Integrity testing
●
Critical functions test
Conditional self tests
●
●
–
Tests that are required to run when an applicable security function is invoked
Pairwise consistency test
●
Firmware load test
●
Manual key entry test
●
Continuous random number generator test
●
Bypass test
If a self test fails, the cryptographic module should enter an error state and output an error
indicator while also inhibiting any data output from the module.
●
●
Approved Security Functions
from Annex A of FIPS Code 140-2
●
This section describes the available
security functions that the FIPS Code
approves for use.
●
Symmetric Key Encryptions
–
–
–
●
Advanced Encryption Standard (AES)
Triple-DES Encryption Algorithm (TDEA)
Escrowed Encryption Standard (EES)
Asymmetric Key Encryptions
–
–
–
Digital Signature Standards (DSS)
Elliptic Curve Digital Signature Algorithm (ECDSA)
RSA
Approved Security Functions
(Contd)
from Annex A of FIPS Code 140-2
●
Secure Hash Standards (SHS)
●
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512,
SHA-512/224, SHA-512/256
Random Number Generators
●
Discussed previously in Annex C
Message Authentication
–
–
Triple DES
– AES
– SHS
Each of these Standards has a relevant section in the
FIPS Code.
–
●
Conclusion
●
●
This presentation has gone over the
overarching software requirements for an
appropriate cryptographic module suited for
government use as prescribed by FIPS
Code 140-2.
It has touched upon the approved methods
for generating and managing keys as well
as approved encryption schemes allowed
for by the FIPS Code.
Questions?
References
•
Easter, Randall J., and Carolyn French. "Annex A: Approved Security Functions for FIPS PUB
140 - 2, Security Requirements for Cryptographic Modules." NIST Computer Security
Publications - FIPS (Federal Information Processing Standards). NIST, 30 May 2012. Web. Nov.Dec. 2013. <http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf>.
•
Easter, Randall J., and Carolyn French. "Annex C: Approved Random Number Generators for
FIPS PUB 140 - 2, Security Requirements for Cryptographic Modules." NIST Computer Security
Publications - FIPS (Federal Information Processing Standards). NIST, 16 Feb. 2012. Web.
Nov.-Dec. 2013. <http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf>.
•
Easter, Randall J., and Carolyn French. "Annex D: Approved Key Establishment Techniques for
FIPS PUB 140 - 2, Security Requirements for Cryptographic Modules." NIST Computer Security
Publications - FIPS (Federal Information Processing Standards). NIST, 2 Jan. 2012. Web. Nov.Dec. 2013. http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexd.pdf.
•
"FIPS 186 - (DSS), Digital Signature Standard." Information Technology Laboratory Homepage.
N.p., n.d. Web. Nov.-Dec. 2013. <http://www.itl.nist.gov/fipspubs/fip186.htm>.
•
Rouse, Margaret. "FIPS (Federal Information Processing Standards)." What Is FIPS? N.p., Mar.
2011. Web. 17 Nov. 2013. <http://whatis.techtarget.com/definition/FIPS-Federal-InformationProcessing-Standards>.
•
US. National Institute of Standards and Technology. Information Technology Laboratory. FIPS
140-2. NIST, n.d. Web. Nov.-Dec. 2013. <csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>.