Download presentation
Presentation is loading. Please wait.
Published byJodie Robinson Modified over 8 years ago
1
Mind the Gap: Updating FIPS 140 Steve Weingart Futurex 864 Old Boerne Rd. Bulverde, TX 78163 weingart@futurex.com Steve R. White IBM Thomas J. Watson Research Center P.O. Box 704 Yorktown Heights, NY 10598 srwhite@watson.ibm.com
2
Outline History FED Standard 1027 FIPS 140 – 1 Levels Changes in Technology Changes in Standards and the Environment Proposal: Level 3.5 Discussion/Questions
3
History Federal Standard 1027 was primarily a hardware standard for line encryption devices using single DES NIST developed FIPS 140 as a replacement It is more generalized. It accepts both hardware and software implementations It has the 11 criteria that cover the complete design During the development of FIPS 140 a level based system was proposed and accepted FIPS 140-1 was made official in 1994 It became widely accepted FIPS 140-2, the first update, was made official in 2001
4
Things have changed Both attack and defense technologies have improved Industry needs & requirements have changed The standard, and its applicability, evolves History (cont)
5
Original proposed six level system LevelNameDescription 1NoneThe attack can succeed “by accident” without the attacker necessarily being aware that a defense was intended to exist. No tools or skills are needed. 2IntentThe attacker must have a clear intent in order to succeed. Universally available tools (e.g. screwdriver, nail file) and minimal skills may be used. 3Common ToolsCommonly-available tools and skills may be used (e.g. those tools available from retail department or computer stores). 4Unusual ToolsUncommon tools and skills may be used, but they must be available to a substantial population (e.g. lock pick, logic analyzer; hardware and software debugging skills, electronic design and construction skills). Typical engineers will have access to these tools and skills. 5Special ToolsHighly specialized tools and expertise may be used, as might be found in the laboratories of universities, private companies, or governmental facilities. The attack requires a significant expenditure of time and effort. 6In LaboratoryA successful attack would require a major expenditure of time and effort on the part of a number of highly qualified experts, and the resources available only in a few facilities in the world.
6
FIPS 140, 4 level system LevelPhysical SecurityDesign Assurance 1Production grade equipment.Configuration management (CM). Secure installation and generation. Design and policy correspondence. Guidance documents. 2Locks or tamper evidence.CM system. Secure distribution. Functional specification. 3Tamper detection and response for covers and doors, epoxy potting High-level language implementation. 4Tamper detection response envelope. EFP or EFT. Formal model. Detailed explanations (informal proofs). Preconditions and postconditions.
7
Changes Attack Technologies have developed The Internet has become a forum for development Script Kiddies can obtain and try many software attacks beyond their skill level Expensive tools that were difficult to obtain are now available SEM FIB NC Machining Defense technologies have held up, mostly Not a great deal of new development That is mostly OK, since the higher levels have held
8
Changes (cont) The customer population has become larger and more sophisticated Banking and Financial USPS In General FIPS 140 has become accepted ‘Due Diligence’ for commercial cryptographic devices This has spotlighted some need for change in the standard
9
The Gap FIPS 140 has 4 levels These 4 levels correspond roughly to levels 1, 2, 3 & 6 from the originally proposed system So, there is a large gap between level 3 and level 4 A typical level 3 device can cracked in a few hours by anyone with reasonable skills No level 4 device has been cracked publicly But, the level 4 requirements are so difficult that there are almost no level 4 devices
10
The Gap
11
There are 179 level 1 validations, 247 level 2 validations, 120 level 3 validations & 11 level 4 validations (557 total) Of the level 4 devices, about half are unique, the rest are delta/re-validations. Level 4 is too difficult develop, and too expensive to manufacture for most vendors But industry requirements need more than level 3 USPS and ANSI both require tamper detection, UPSP requires EFT/EFP We need something new
12
The Proposal Level 3.5 Essentially level 3 plus: Tamper detection required 1 – 1.25 mm max undetected hole Same as level 4 for single chip EFT/EFP Informal modeling
13
Meet new & emerging requirements for security that is stronger than level 3 Avoid the most difficult requirements of level 4: Formal modeling Any/All tamper detection envelope This level of security is reasonable to develop and manufacture The Advantages
14
Questions?
15
Thank You! Steve Weingart weingart@futurex.com eingart@futurex.com Steve R. White srwhite@watson.ibm.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.