Larry Wagner Sr. Director of Engineering

Slides:

Advertisements

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Technology Services – National Institute of Standards and Technology The U.S. Conformity Assessment System and the Role of NIST Ileana M. Martinez National.

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

Agenda Scope of Requirement Security Requirements

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Applied Cryptography for Network Security

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Key Management in Cryptography

Unclassified Controlled Cryptographic Item Access Briefing

Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

1 FIPS 140 Validation for a “System-on-a-Chip” September 27, 2005 NIST Physical Testing Workshop.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

4-th International Conference for Confidence and Security in the Information Society Mikhail Senatorov Andrey Shcherbakov Trusted information and telecommunication.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

1 Using PKI for the Census MSIS 2004, Geneva Mel Turner, Lise Duquet Statistics Canada.

WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) The Challenge in Developing an SCA Compliant.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

FIPS Status and Schedules Allen Roginsky CMVP NIST September 28, 2005.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

Action SecWG1012:9 “Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.” Where this question comes.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.

CSCE 727 Awareness and Training Secure System Development and Monitoring.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

Protect Your Hardware from Hacking and Theft

FIPS 140 Validation for a “System-on-a-Chip”

Security and Encryption

Waterproof And Shock Resistant

NAAS 2.0 Features and Enhancements

Waterproof And Shock Resistant

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

IS4550 Security Policies and Implementation

Waterproof And Shock Resistant

NSA Security-Enhanced Linux (SELinux)

Security in SDR & cognitive radio

IT Applications with Emerging Techniques: Security Solutions

Presentation transcript:

Larry Wagner Sr. Director of Engineering FIPS Overview Larry Wagner Sr. Director of Engineering

FIPS (Federal Information Processing Standard) What is FIPS? FIPS (Federal Information Processing Standard) A standard for the protection of valuable and sensitive but unclassified information throughout the government and DOD (Department of Defense) CONFIDENTIAL All Rights Reserved

Why is FIPS Important? Protection from unauthorized use Protection of critical security parameters Prevention of undetected modification Use of approved security methods Indication of module operational status Detection and indication of errors CONFIDENTIAL All Rights Reserved

Who requires FIPS? All U.S. Federal Agencies Department of Defense (DOD) Financial Institutions Postal Authorities Adapted by the Canadian and UK Governments Private sector (encouraged but not required) CONFIDENTIAL All Rights Reserved

Who’s behind the FIPS standard? Cryptographic Module Validation Program (CMVP) Established by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) in 1995 Oversees the validation testing of cryptographic modules and algorithms Manages the National Voluntary Accreditation Program (NVLAP) accredited testing laboratories Issues Validation Certificates Maintains a list of validated modules and algorithms http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf CONFIDENTIAL All Rights Reserved

FIPS Security Levels The FIPS Security Standard (Publication 140-2, aka FIPS 140-2) defines 4 levels of security Level 4 Level 3 Level 2 Increasing Security Level 1 CONFIDENTIAL All Rights Reserved

FIPS Security Levels FIPS Publication 140-2 Level 1 Very limited requirements FIPS approved Crypto Module Allows crypto functions to be done on a PC No physical security requirements All components must be “production grade” Example: PC encryption board Increasing Security Level 1: Basic security requirements CONFIDENTIAL All Rights Reserved

FIPS Security Levels FIPS Publication 140-2 Level 2 (industry standard) Tamper evident seals or locks Role-based authentication Stringent Cryptography Algorithms Allows cryptography in multi-user timeshared systems on a trusted operating system Level 2: Physical Tamper evidence, role based authentication Increasing Security Examples: Network Appliances, secure data storage devices, secure cell phones CONFIDENTIAL All Rights Reserved

STMicro HDD SoC RISC Processor FIPS Security Levels FIPS Publication 140-2 Level 3 (less than 7% of all certificates) Examples: STMicro HDD SoC RISC Processor PriviaTech OmniPass Level 3: Enhanced physical security, user based authentication Attempts to prevent intruders from gaining access to “critical security parameters” Identity-based authentication Requires a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces Increasing Security CONFIDENTIAL All Rights Reserved

FIPS Security Levels FIPS Publication 140-2 Level 4 (less than 1% of all certificates) Level 4: Envelope and environmental protection Must detect & respond to all unauthorized attempts at physical access. Requires circuitry that zeroizes all plain text critical security parameters (CSPs) when the removable covers/door are opened Environmental protection for THB (Temperature/Humidity/Bias) Increasing Security Examples: HP – Atalla Crypto Subsystems (ACS) HP – Atalla security processors CONFIDENTIAL All Rights Reserved

FIPS Security Levels FIPS Publication 140-2 (last updated in Dec 2002) Level 4: Envelope and environmental protection < 8% Used for highly sensitive applications (ex. PrivaTechnologies) Level 3: Enhanced physical security, user based authentication Level 2: Physical Tamper evidence, role based authentication Level 1: Basic security requirements CONFIDENTIAL All Rights Reserved

FIPS Security Areas 11 Specific Security Areas Cryptographic Module Specification Cryptographic Module ports and interfaces Roles, services, authentication Finite state model Physical security Operational environment Cryptographic key management EMI/EMC Regulatory Self-Tests Design Assurance Mitigation of Attacks CONFIDENTIAL All Rights Reserved

FIPS Requirements Summary CONFIDENTIAL All Rights Reserved

FIPS Certification Process Q1 Q2 Q3 Q4 Q5 Q6 FW & Compatible HW Available Algorithm Testing In-Evaluation Status Design Assessment Source Code Review Operational Testing Report Submission Issuance of Certificate 3-6 mo after submission Challenge Year long process Done in parallel with design Managing the FW issues HW Design finalization Common Criteria has a dependency on FIPS CONFIDENTIAL All Rights Reserved

SonicWall and FIPS SonicWall is dedicated to the FIPS program Currently Approved: TZ 170 running SonicOS 3.1e PRO 3060 and PRO 4060 running SonicOS 3.1e SSL-RX running 4.1 In the NIST queue since 2/08 awaiting certificate (in-evaluation status since 9/07): TZ 180 Series running SonicOS 5.0 TZ 190 Series running SonicOS 5.0 NSA E-Class (7500/6500/5500) running SonicOS 5.0 NSA 3500/4500/5000 running SonicOS 5.0 CONFIDENTIAL All Rights Reserved

Future of SonicWall and FIPS Plans for 2008: All NSA platforms running SonicOS 5.0 Maintenance upgrades for SonicOS 5.x and beyond Assessment of FIPS 140-3. Updated standard to be ratified in 2009. In discussion for 2009: E-Class SSL-VPN (Aventail) 1H09 submission Next generation platforms CONFIDENTIAL All Rights Reserved

Thank You