Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.

Published byLogan Blaze Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations."— Presentation transcript:

1 Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations Speakers: Les Biggs Pat Lareau November 8, 1999

2 Page 2 ©1999 InfoGard Laboratories, Inc What a cryptomodule provides the CA Secure, trusted cryptographic services Key and certificate management services Physical protection of: >sensitive data (e.g. keys) >cryptographic and certificate management functions Enforcement of the CA’s security policy

3 Page 3 ©1999 InfoGard Laboratories, Inc What FIPS 140-1 certification provides the CA: Assurance That the cryptomodule implements its security policy That sound cryptographic processes are employed That cryptographic processes are correctly implemented That Non-cryptographic processes are implemented as specified (Optional)

4 Page 4 ©1999 InfoGard Laboratories, Inc Critical areas addressed by FIPS 140-1 Key generation and management services Algorithm security Access control Interface control Physical protection for data and functions "Health" monitoring mechanisms EM emanations Assurance that the design implements the spec

5 Page 5 ©1999 InfoGard Laboratories, Inc Level 1 Basic security requirements Level 2 Tamper evidence, role-based authentication Level 3 Enhanced physical security, identity-based authentication Level 4-Envelope protection Environmental protection, Formal Modeling Increasing Security FIPS 140-1 Security Levels

6 Page 6 ©1999 InfoGard Laboratories, Inc Evaluation Vs Verification Vs Certification Evaluation >A self-guided examination of device characteristics by a tester with credentials acceptable to the sponsor Verification >A self-guided process for verifying compliance to a standard by a tester with credentials acceptable to the sponsor Certification >A formal, standardized testing process, performed by an accredited laboratory, to validate claimed compliance to an official standard

7 Page 7 ©1999 InfoGard Laboratories, Inc Validation Process Steps Module Documentation Physical Product Validation Testing Validation Plan Report Generation Submit Report to NIST/CSE

8 Page 8 ©1999 InfoGard Laboratories, Inc Validation Process Steps Module Documentation Physical Product Validation Testing Validation Plan Report Generation Submit Report to NIST/CSE

9 Page 9 ©1999 InfoGard Laboratories, Inc Validation Process Steps Module Documentation Physical Product Validation Testing Validation Plan Report Generation Submit Report to NIST/CSE

10 Page 10 ©1999 InfoGard Laboratories, Inc Validation Process Steps Module Documentation Physical Product Validation Testing Validation Plan Report Generation Submit Report to NIST/CSE

11 Page 11 ©1999 InfoGard Laboratories, Inc Relative roles and positioning of FIPS 140-1 and CC in CA evaluations  FIPS is a detailed specification  CC provides a language for developing specifications  FIPS is a specific, detailed testing process  CC provides a process for developing test requirements

12 Page 12 ©1999 InfoGard Laboratories, Inc Relative roles and positioning, cont’  FIPS addresses core cryptographic requirements  CC addresses system wide security objectives (may reference FIPS in the protection profile)  FIPS is mandated as an outgrowth of US federal law  CC is voluntary on an international scale

13 Page 13 ©1999 InfoGard Laboratories, Inc Other critical CA processes may also be protected by the cryptomodule  Cryptomodule can be at the center of the CA, enforcing security rules  Cert database protection from modification and substitution  Secure, strong database access control  Secure database management  secure, authenticated CA and database communications/exchanges

14 Page 14 ©1999 InfoGard Laboratories, Inc FIPS 140-1 naturally extends to non- federal sectors USPS DOD Banking Point of sale/credit card International support

15 Page 15 ©1999 InfoGard Laboratories, Inc Snapshot program status Number of certifications Certifications by Level Certification levels Vs Time Physical configurations

16 Page 16 ©1999 InfoGard Laboratories, Inc FIPS 140-1 Certifications

17 Page 17 ©1999 InfoGard Laboratories, Inc Certifications by Level

18 Page 18 ©1999 InfoGard Laboratories, Inc Certification Level Vs Time

19 Page 19 ©1999 InfoGard Laboratories, Inc Physical Configuration

20 Page 20 ©1999 InfoGard Laboratories, Inc Module cost Levels 1 thru 3 gradually increase in cost >$100 to $ 800 range Big jump at level 4 >$2,000 range Security levels should scale with CA’s level in the PKI

21 Page 21 ©1999 InfoGard Laboratories, Inc What we want to leave with you today  FIPS is not just crypto, it is a way of thinking about a problem  FIPS cryptomodules can implement and protect more than crypto  What distinguishes FIPS from other processes

Download ppt "Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations."

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.

DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.
Validation and Verification of CDM Projects Climate Change Kiosk on CDM/DNA, COP9 December 6, 2003 Marco van der Linden SGS Climate Change Programme.

Validation and Verification of CDM Projects Climate Change Kiosk on CDM/DNA, COP9 December 6, 2003 Marco van der Linden SGS Climate Change Programme.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Manager, Product Evaluation

Manager, Product Evaluation
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Similar presentations

Ads by Google