Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIPS Overview Larry Wagner Sr. Director of Engineering.

Similar presentations


Presentation on theme: "FIPS Overview Larry Wagner Sr. Director of Engineering."— Presentation transcript:

1 FIPS Overview Larry Wagner Sr. Director of Engineering

2 CONFIDENTIAL All Rights Reserved 2 What is FIPS? FIPS (Federal Information Processing Standard) A standard for the protection of valuable and sensitive but unclassified information throughout the government and DOD (Department of Defense)

3 CONFIDENTIAL All Rights Reserved 3 Why is FIPS Important? Protection from unauthorized use Protection of critical security parameters Prevention of undetected modification Use of approved security methods Indication of module operational status Detection and indication of errors

4 CONFIDENTIAL All Rights Reserved 4 Who requires FIPS? All U.S. Federal Agencies Department of Defense (DOD) Financial Institutions Postal Authorities Adapted by the Canadian and UK Governments Private sector (encouraged but not required)

5 CONFIDENTIAL All Rights Reserved 5 Who’s behind the FIPS standard? Cryptographic Module Validation Program (CMVP) Established by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) in 1995 Oversees the validation testing of cryptographic modules and algorithms Manages the National Voluntary Accreditation Program (NVLAP) accredited testing laboratories Issues Validation Certificates Maintains a list of validated modules and algorithms

6 CONFIDENTIAL All Rights Reserved 6 FIPS Security Levels Increasing Security Level 2 Level 3 Level 4 Level 1 The FIPS Security Standard (Publication 140-2, aka FIPS 140-2) defines 4 levels of security

7 CONFIDENTIAL All Rights Reserved 7 FIPS Security Levels FIPS Publication Level 1 Increasing Security Level 1: Basic security requirements Example: PC encryption board Very limited requirements FIPS approved Crypto Module Allows crypto functions to be done on a PC No physical security requirements All components must be “production grade”

8 CONFIDENTIAL All Rights Reserved 8 FIPS Security Levels FIPS Publication Level 2 (industry standard) Increasing Security Level 2: Physical Tamper evidence, role based authentication Tamper evident seals or locks Role-based authentication Stringent Cryptography Algorithms Allows cryptography in multi-user timeshared systems on a trusted operating system Examples: Network Appliances, secure data storage devices, secure cell phones

9 CONFIDENTIAL All Rights Reserved 9 FIPS Security Levels FIPS Publication Level 3 (less than 7% of all certificates) Increasing Security Level 3: Enhanced physical security, user based authentication Attempts to prevent intruders from gaining access to “critical security parameters” Identity-based authentication Requires a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces Examples: STMicro HDD SoC RISC Processor PriviaTech OmniPass

10 CONFIDENTIAL All Rights Reserved 10 FIPS Security Levels FIPS Publication Level 4 (less than 1% of all certificates) Increasing Security Level 4: Envelope and environmental protection Must detect & respond to all unauthorized attempts at physical access. Requires circuitry that zeroizes all plain text critical security parameters (CSPs) when the removable covers/door are opened Environmental protection for THB (Temperature/Humidity/Bias) Examples: HP – Atalla Crypto Subsystems (ACS) HP – Atalla security processors

11 CONFIDENTIAL All Rights Reserved 11 FIPS Security Levels FIPS Publication (last updated in Dec 2002) Level 2: Physical Tamper evidence, role based authentication Level 3: Enhanced physical security, user based authentication Level 4: Envelope and environmental protection Level 1: Basic security requirements < 8% Used for highly sensitive applications (ex. PrivaTechnologies)

12 CONFIDENTIAL All Rights Reserved 12 FIPS Security Areas 11 Specific Security Areas Cryptographic Module Specification Cryptographic Module ports and interfaces Roles, services, authentication Finite state model Physical security Operational environment Cryptographic key management EMI/EMC Regulatory Self-Tests Design Assurance Mitigation of Attacks

13 CONFIDENTIAL All Rights Reserved 13 FIPS Requirements Summary

14 CONFIDENTIAL All Rights Reserved 14 FIPS Certification Process Challenge  Year long process  Done in parallel with design  Managing the FW issues  HW Design finalization  Common Criteria has a dependency on FIPS Q1 FW & Compatible HW Available Algorithm Testing Design Assessment Source Code Review Operational Testing Report Submission Q2Q3Q4Q5Q6 Issuance of Certificate 3-6 mo after submission In-Evaluation Status

15 CONFIDENTIAL All Rights Reserved 15 SonicWall and FIPS SonicWall is dedicated to the FIPS program Currently Approved: TZ 170 running SonicOS 3.1e PRO 3060 and PRO 4060 running SonicOS 3.1e SSL-RX running 4.1 In the NIST queue since 2/08 awaiting certificate (in-evaluation status since 9/07): TZ 180 Series running SonicOS 5.0 TZ 190 Series running SonicOS 5.0 NSA E-Class (7500/6500/5500) running SonicOS 5.0 NSA 3500/4500/5000 running SonicOS 5.0

16 CONFIDENTIAL All Rights Reserved 16 Future of SonicWall and FIPS Plans for 2008: All NSA platforms running SonicOS 5.0 Maintenance upgrades for SonicOS 5.x and beyond Assessment of FIPS Updated standard to be ratified in In discussion for 2009: E-Class SSL-VPN (Aventail) 1H09 submission Next generation platforms

17 Thank You


Download ppt "FIPS Overview Larry Wagner Sr. Director of Engineering."

Similar presentations


Ads by Google