SlideShare a Scribd company logo

INFO 610 FISMA Presentation

Download as PPTX, PDF
K
knandermueller

This is an executive summary of the FIPS 140-2 Standard for Security Requirments for Cryptographic Modules

EducationTechnology
1 of 15
FIPS 140-2 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES Prepared by: Marc Santoro For INFO 610
Q: What is FIPS 140-2? A: A Standard that outlines four levels of security for cryptographic devices based on ten criteria *source FIPS 140-2
• Level 1 • Level 2 Moderate Security Basic Security Tamper proof No physical coatings, role security required, based cost effective authentication High Security Enhanced Tamper proof Security coatings and Tamper proof response, identit coatings and y based response, authentication, s identify based ecurity envelope authentication • Level 4 • Level 3 *source FIPS 140-2
COMPONENTS A [module] shall be comprised of either software, hardware, or firmware, or any combination thereof A cryptographic boundary shall consist of an explicitly defined perimeter All algorithms shall be FIPS approved Documentation shall be provided Module Specification *source FIPS 140-2
A cryptographic module shall have the following four interfaces: Data Input Interface * Status Data Output Output Interface Interface Control Input Interface Ports and Interfaces *source FIPS 140-2
A cryptographic module shall support the following authorized roles for operators: User Role Crypto Officer Role Maintenance Role Roles, Services, and Authentication *source FIPS 140-2
A Cryptographic module shall include the following operational and error states: Power Crypto Key Entry On/Off Officer States States States Self Test Error User States States States Finite State Model *source FIPS 140-2
Each Security level shall incorporate the physical security requirements of the preceding level, with incremental additional security measures added each level: Level 1: Production-grade components (with standard passivation). Level 2: Evidence of tampering (e.g., cover, enclosure, or seal). Level 3: Automatic zeroization when accessing the maintenance access interface. Tamper response and zeroization circuitry. Protected vents. Level 4: EFP or EFT for temperature and voltage. Security envelope provided. Physical Security *source FIPS 140-2
Each Security level shall incorporate the Operating System requirements of the preceding level, with incremental additional security measures added each level. The operating system shall be evaluated at the FIPS CC evaluation assurance level appropriate for the security level. Operating System Environment *source FIPS 140-2
Cryptographic keys shall be implemented according to a procedure that takes the following into account: 1. • Random Number Generators (RNGs) 2. • Key Generation 3. • Key Establishment 4. • Key Entry and Output 5. • Key Storage 6. • Key Zeroization Key Management *source FIPS 140-2
Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) shall meet the following requirements:  For Security Levels 1 and 2, a cryptographic module shall (at a minimum) conform to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use).  For Security Levels 3 and 4, a cryptographic module shall (at a minimum) conform to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B (i.e., for home use). EMI/EMC *source FIPS 140-2
A cryptographic module shall perform power-up self-tests and conditional self-tests to ensure that the module is functioning properly.  Power-up tests shall be performed by a cryptographic module when the module is powered up (after being powered off, reset, rebooted, etc.).  Conditional tests shall be performed by a cryptographic module when the conditions specified for the following tests occur: pair-wise consistency test, software/firmware load test, manual key entry test, continuous random number generator test, and bypass test. Self-Tests *source FIPS 140-2
Design assurance pertains to the following: Configuration Management Delivery and Operation Development Documentation Design Assurance *source FIPS 140-2
Security Level 1 Level 2 Level 3 Level 4 Module Specification of cryptographic module, cryptographic boundary, Approved algorithms, and Approved Specification modes of operation. Description of cryptographic module, including all hardware, software, and firmware components. Statement of module security policy. Ports and Required and optional interfaces. Data ports for unprotected critical security parameters Interfaces Specification of all interfaces and of all logically or physically separated from other data ports. input and output data paths. Roles, Services, Logical separation Role-based or Identity-based operator authentication. and Authorization of required and identity-based optional roles and operator services. authentication. Finite State Model Specification of finite state model. Required states and optional states. State transition diagram and specification of state transitions. Physical Security Production grade Locks or tamper Tamper detection Tamper detection and response equipment. evidence. and response for envelope. EFP or EFT. covers and doors. Operating Single operator. Referenced PPs Referenced PPs Referenced PPs plus trusted path Environment Executable code. evaluated at EAL2 plus trusted path evaluated at EAL4. Approved integrity with specified evaluated at EAL3 technique. discretionary plus security policy access control modeling. mechanisms and auditing. Key Management Key management mechanisms: random number and key generation, key establishment, key distribution, key entry/output, key storage, and key zeroization. EMI/EMC 47 CFR FCC Part 15. Subpart B, Class A 47 CFR FCC Part 15. Subpart B, Class B Self-Tests Power-up tests: cryptographic algorithm tests, software/firmware integrity tests, critical functions tests. Conditional tests. Design Assurance Configuration CM system. Secure High-level language Formal model. Detailed management (CM). distribution. Functional implementation. explanations . Secure install/config specification. Pre/Postconditions. *source FIPS 140-2
Mitigation of Other Attacks:  Power Analysis  Timing Analysis  Fault Induction Final Thoughts *source FIPS 140-2

Recommended

MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityCharles Guillemet
 
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2Bloombase
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresIRJET Journal
 
RFID Innovation Frontline 2009 1 Q
RFID Innovation Frontline 2009 1 QRFID Innovation Frontline 2009 1 Q
RFID Innovation Frontline 2009 1 QAlex G. Lee, Ph.D. Esq. CLP
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Netravati resume
Netravati resumeNetravati resume
Netravati resumeNetravati Kittur
 

Recommended

MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityCharles Guillemet
 
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2
Blbs tn-bloombase-cryptographic-module-nist-fips-140-2-certification-uslet-en-r2Bloombase
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresIRJET Journal
 
RFID Innovation Frontline 2009 1 Q
RFID Innovation Frontline 2009 1 QRFID Innovation Frontline 2009 1 Q
RFID Innovation Frontline 2009 1 QAlex G. Lee, Ph.D. Esq. CLP
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Netravati resume
Netravati resumeNetravati resume
Netravati resumeNetravati Kittur
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersPositive Hack Days
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systemsPeter Wood
 
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg122. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12CRISP Project
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
SenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbookSenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbookHans Bronkhorst
 
Ceh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingCeh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingVi Tính Hoàng Nam
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure
 
An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition Fraunhofer AISEC
 
Patent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case StudyPatent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case StudyAlex G. Lee, Ph.D. Esq. CLP
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersAleksandr Timorin
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
 
Samsung FIPS
Samsung FIPSSamsung FIPS
Samsung FIPSSanjay Chetwani
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-CertificationDavid Kiefer
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO CertificationFIDO Alliance
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 

More Related Content

What's hot

Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersPositive Hack Days
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systemsPeter Wood
 
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg122. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12CRISP Project
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
SenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbookSenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbookHans Bronkhorst
 
Ceh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingCeh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingVi Tính Hoàng Nam
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure
 
An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition Fraunhofer AISEC
 
Patent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case StudyPatent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case StudyAlex G. Lee, Ph.D. Esq. CLP
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersAleksandr Timorin
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
 

What's hot (16)

Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
 
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg122. crisp final conf ste fi workshop_reflections iec-tc79 wg12
2. crisp final conf ste fi workshop_reflections iec-tc79 wg12
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devices
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securityppt
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault Injection
 
SenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbookSenseTek Stratos Micra 25 installers handbook
SenseTek Stratos Micra 25 installers handbook
 
Ceh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingCeh v5 module 22 penetration testing
Ceh v5 module 22 penetration testing
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glance
 
An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition
 
Patent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case StudyPatent Mining for Business Insights: RFID Case Study
Patent Mining for Business Insights: RFID Case Study
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
 

Similar to INFO 610 FISMA Presentation

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-CertificationDavid Kiefer
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO CertificationFIDO Alliance
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
SafeLogic - AFCEA WEST 2020 - Innovation Showcase
SafeLogic - AFCEA WEST 2020 - Innovation ShowcaseSafeLogic - AFCEA WEST 2020 - Innovation Showcase
SafeLogic - AFCEA WEST 2020 - Innovation ShowcaseWalter Paley
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Userssaddamhusain hadimani
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
Bloombase Spitfire KeyCastle Payment Systems Key Server Specifications
Bloombase Spitfire KeyCastle Payment Systems Key Server SpecificationsBloombase Spitfire KeyCastle Payment Systems Key Server Specifications
Bloombase Spitfire KeyCastle Payment Systems Key Server SpecificationsBloombase
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesFIDO Alliance
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 

Similar to INFO 610 FISMA Presentation (20)

Samsung FIPS
Samsung FIPSSamsung FIPS
Samsung FIPS
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
GGM8000-FIPs-Certification
GGM8000-FIPs-CertificationGGM8000-FIPs-Certification
GGM8000-FIPs-Certification
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO Certification
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
SafeLogic - AFCEA WEST 2020 - Innovation Showcase
SafeLogic - AFCEA WEST 2020 - Innovation ShowcaseSafeLogic - AFCEA WEST 2020 - Innovation Showcase
SafeLogic - AFCEA WEST 2020 - Innovation Showcase
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; Firewalls
 
checkpoint
checkpointcheckpoint
checkpoint
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Users
 
Firewalls
FirewallsFirewalls
Firewalls
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Bloombase Spitfire KeyCastle Payment Systems Key Server Specifications
Bloombase Spitfire KeyCastle Payment Systems Key Server SpecificationsBloombase Spitfire KeyCastle Payment Systems Key Server Specifications
Bloombase Spitfire KeyCastle Payment Systems Key Server Specifications
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
Rfid security access control system
Rfid security access control systemRfid security access control system
Rfid security access control system
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

INFO 610 FISMA Presentation

  • 1. FIPS 140-2 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES Prepared by: Marc Santoro For INFO 610
  • 2. Q: What is FIPS 140-2? A: A Standard that outlines four levels of security for cryptographic devices based on ten criteria *source FIPS 140-2
  • 3. • Level 1 • Level 2 Moderate Security Basic Security Tamper proof No physical coatings, role security required, based cost effective authentication High Security Enhanced Tamper proof Security coatings and Tamper proof response, identit coatings and y based response, authentication, s identify based ecurity envelope authentication • Level 4 • Level 3 *source FIPS 140-2
  • 4. COMPONENTS A [module] shall be comprised of either software, hardware, or firmware, or any combination thereof A cryptographic boundary shall consist of an explicitly defined perimeter All algorithms shall be FIPS approved Documentation shall be provided Module Specification *source FIPS 140-2
  • 5. A cryptographic module shall have the following four interfaces: Data Input Interface * Status Data Output Output Interface Interface Control Input Interface Ports and Interfaces *source FIPS 140-2
  • 6. A cryptographic module shall support the following authorized roles for operators: User Role Crypto Officer Role Maintenance Role Roles, Services, and Authentication *source FIPS 140-2
  • 7. A Cryptographic module shall include the following operational and error states: Power Crypto Key Entry On/Off Officer States States States Self Test Error User States States States Finite State Model *source FIPS 140-2
  • 8. Each Security level shall incorporate the physical security requirements of the preceding level, with incremental additional security measures added each level: Level 1: Production-grade components (with standard passivation). Level 2: Evidence of tampering (e.g., cover, enclosure, or seal). Level 3: Automatic zeroization when accessing the maintenance access interface. Tamper response and zeroization circuitry. Protected vents. Level 4: EFP or EFT for temperature and voltage. Security envelope provided. Physical Security *source FIPS 140-2
  • 9. Each Security level shall incorporate the Operating System requirements of the preceding level, with incremental additional security measures added each level. The operating system shall be evaluated at the FIPS CC evaluation assurance level appropriate for the security level. Operating System Environment *source FIPS 140-2
  • 10. Cryptographic keys shall be implemented according to a procedure that takes the following into account: 1. • Random Number Generators (RNGs) 2. • Key Generation 3. • Key Establishment 4. • Key Entry and Output 5. • Key Storage 6. • Key Zeroization Key Management *source FIPS 140-2
  • 11. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) shall meet the following requirements:  For Security Levels 1 and 2, a cryptographic module shall (at a minimum) conform to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use).  For Security Levels 3 and 4, a cryptographic module shall (at a minimum) conform to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B (i.e., for home use). EMI/EMC *source FIPS 140-2
  • 12. A cryptographic module shall perform power-up self-tests and conditional self-tests to ensure that the module is functioning properly.  Power-up tests shall be performed by a cryptographic module when the module is powered up (after being powered off, reset, rebooted, etc.).  Conditional tests shall be performed by a cryptographic module when the conditions specified for the following tests occur: pair-wise consistency test, software/firmware load test, manual key entry test, continuous random number generator test, and bypass test. Self-Tests *source FIPS 140-2
  • 13. Design assurance pertains to the following: Configuration Management Delivery and Operation Development Documentation Design Assurance *source FIPS 140-2
  • 14. Security Level 1 Level 2 Level 3 Level 4 Module Specification of cryptographic module, cryptographic boundary, Approved algorithms, and Approved Specification modes of operation. Description of cryptographic module, including all hardware, software, and firmware components. Statement of module security policy. Ports and Required and optional interfaces. Data ports for unprotected critical security parameters Interfaces Specification of all interfaces and of all logically or physically separated from other data ports. input and output data paths. Roles, Services, Logical separation Role-based or Identity-based operator authentication. and Authorization of required and identity-based optional roles and operator services. authentication. Finite State Model Specification of finite state model. Required states and optional states. State transition diagram and specification of state transitions. Physical Security Production grade Locks or tamper Tamper detection Tamper detection and response equipment. evidence. and response for envelope. EFP or EFT. covers and doors. Operating Single operator. Referenced PPs Referenced PPs Referenced PPs plus trusted path Environment Executable code. evaluated at EAL2 plus trusted path evaluated at EAL4. Approved integrity with specified evaluated at EAL3 technique. discretionary plus security policy access control modeling. mechanisms and auditing. Key Management Key management mechanisms: random number and key generation, key establishment, key distribution, key entry/output, key storage, and key zeroization. EMI/EMC 47 CFR FCC Part 15. Subpart B, Class A 47 CFR FCC Part 15. Subpart B, Class B Self-Tests Power-up tests: cryptographic algorithm tests, software/firmware integrity tests, critical functions tests. Conditional tests. Design Assurance Configuration CM system. Secure High-level language Formal model. Detailed management (CM). distribution. Functional implementation. explanations . Secure install/config specification. Pre/Postconditions. *source FIPS 140-2
  • 15. Mitigation of Other Attacks:  Power Analysis  Timing Analysis  Fault Induction Final Thoughts *source FIPS 140-2