FIPS 140-1 PDF

Production-grade chip with standard passivation. Production-grade chip and production-grade multi-chip embodiment. Production-grade chips, production-grade multi-chip embodiment, and production-grade enclosure. Security Level 2 Level 1 requirements.

Author:Tom Dalar
Country:El Salvador
Language:English (Spanish)
Genre:Love
Published (Last):9 August 2009
Pages:190
PDF File Size:9.32 Mb
ePub File Size:11.92 Mb
ISBN:861-5-89869-786-8
Downloads:73361
Price:Free* [*Free Regsitration Required]
Uploader:Goltizshura



Production-grade chip with standard passivation. Production-grade chip and production-grade multi-chip embodiment. Production-grade chips, production-grade multi-chip embodiment, and production-grade enclosure.

Security Level 2 Level 1 requirements. Opaque tamper evident coating. Level 1 requirements. Opaque enclosure with mechanical locks or tamper evident seals for covers and doors. Security Level 3 Levels 1 and 2 requirements. Hard opaque tamper evident coating.

Levels 1 and 2 requirements. Hard opaque potting material, strong non-removable enclosure, or strong removable cover with removal detection and zerioization circuitry. Protected vents. Hard opaque potting material, or strong enclosure with tamper response and zeroization circuitry for covers and doors. Security Level 4 Levels 1, 2, and 3 requirements. Hard opaque removal resistant coating. Levels 1, 2, and 3 requirements. Tamper detection envelope with tamper response and zeroization circuitry.

Depending on the security level of a cryptographic module, the physical security mechanisms may be designed such that unauthorized attempts at access, use or modification will either have a high probability of being detected subsequent to the attempt by leaving visible signs i. Generally speaking, Security Level 1 simply requires minimal physical protection through the use of production-grade enclosures, Security Level 2 requires the addition of tamper evident counter measures, Security Level 3 requires the use of strong enclosures with tamper detection and response counter measures for covers and doors, and Security Level 4 requires the use of strong enclosures with tamper detection and response counter measures for the entire enclosure.

Documentation shall include a complete specification of the physical embodiment and security level for which the physical security mechanisms of a cryptographic module are designed, as well as a complete description of the applicable physical security mechanisms that are employed by the module. Single-chip modules include single IC chips, smart cards with a single IC chip, and other systems that incorporate a single IC chip to implement cryptographic functions.

Because of its small size and its fabrication, a single chip has some inherent tamper resistance. A few additional requirements provide reasonable physical security. The chip shall be of production-grade quality, which shall include standard passivation techniques i. The chip shall be covered with an opaque tamper evident coating e. The material shall be opaque within the visible spectrum.

A hard, opaque tamper evident coating shall be used e. A hard, opaque removal-resistant coating shall be used. The hardness and adhesion characteristics of the material shall be such that attempting to peel or pry the material from the module will have a high probability of resulting in serious damage to the module i.

The solvency characteristics of the material shall be such that dissolving the material to remove it will have a high probability of dissolving or seriously damaging the module. The module shall either include environmental failure protection EFP features or undergo environmental failure testing EFT as specified in Section 4.

Multiple-chip embedded cryptographic modules include adaptors and expansion boards, and other modules that are not single chips and are not contained within physically protected standalone modules. Typical size and space constraints restrict the physical security mechanisms that can be effectively employed.

The chips shall be of production-grade quality, which shall include standard passivation techniques i. The module shall be implemented as a production-grade multiple-chip embodiment i. The module shall be encapsulated within an opaque tamper evident material e. A hard opaque potting material e. The enclosure shall be designed such that attempts to remove or penetrate it will have a high probability of causing serious damage to the module i. The circuitry shall continuously monitor the cover, and upon the removal of the cover, shall immediately zeroize all plaintext cryptographic keys and other unprotected critical security parameters.

The circuitry shall be operational whenever plaintext cryptographic keys or other unprotected critical security parameters are contained within the module.

If the module is contained within a cover or enclosure and if the cover or enclosure contains any ventilation holes or slits, then they shall be small and constructed in a manner that prevents undetected physical probing inside the enclosure e. The contents of the module shall be completely contained within a tamper detection envelope e. The module shall contain tamper response and zeroization circuitry. The circuitry shall continuously monitor the tamper detection envelope for tampering, and upon the detection of tampering, shall immediately zeroize all plaintext cryptographic keys and other unprotected critical security parameters see Section 4.

The circuitry shall be operational whenever plaintext cryptographic keys or other unprotected critical security parameters are contained within the cryptographic module. The modules may contain two or more IC chips that are interconnected e. Typical size and space constraints may no longer restrict the physical security mechanisms that can be effectively employed.

The circuitry within the module shall be implemented as a production-grade multiple-chip embodiment i. The module shall be entirely contained within a metal or hard plastic production-grade enclosure, which may include doors or removable covers. The enclosure shall be opaque within the visible spectrum. If the enclosure includes any doors or removable covers, then either they shall be locked with pick-resistant mechanical locks that employ physical or logical keys, or they shall be protected via tamper evident seals e.

The multi-chip embodiment of the circuitry within the module shall be encapsulated within a hard opaque potting material e. The enclosure shall be designed such that attempts to remove it will have a high probability of causing serious damage to the circuitry within the module i. If the enclosure contains any removable covers or doors, then the module shall contain tamper response and zeroization circuitry. The circuitry shall continuously monitor the covers and doors, and upon the removal of a cover or the opening of a door, shall immediately zeroize all plaintext cryptographic keys and other unprotected critical security parameters.

If the enclosure contains any ventilation holes or slits, then they shall be small and constructed in a manner that prevents undetected physical probing inside the enclosure e. The enclosure shall contain tamper detection mechanisms that provide a tamper detection envelope, such as cover switches e.

These mechanisms shall be designed to detect tampering by means such as cutting, drilling, milling, grinding or dissolving of the potting material or cover. The circuitry shall continuously monitor the tamper detection mechanisms for tampering, and upon the detection of tampering, shall immediately zeroize all plaintext cryptographic keys and other unprotected critical security parameters.

If the devices or circuitry are operated outside of this range, their correct operation is not guaranteed. Deliberate or accidental excursions outside the specified normal operating range can cause erratic operation or failure of the electronic devices or circuitry within a cryptographic module that can compromise the security of the module.

In order to provide reasonable assurance that the security of a cryptographic module cannot be compromised by environmental conditions, the module may either employ environmental failure protection EFP features or undergo environmental failure testing EFT.

For Security Levels 1, 2, and 3, a cryptographic module is not required to employ environmental failure protection EFP features nor undergo environmental failure testing EFT. At Security Level 4, a cryptographic module shall either employ environmental failure protection EFP features or undergo environmental failure testing EFT.

The protection features shall involve additional electronic circuitry or devices that shall continuously measure these environmental conditions. Documentation shall provide a complete specification and description of the environmental failure protection features employed within a module. The manufacturer of a module shall perform the required testing and shall provide documentation that completely specifies the nature of the environmental failure tests performed and the results of those tests.

The voltage range to be tested shall be from the smallest negative voltage with respect to ground which causes the destruction of the electronic devices or circuitry, to the smallest positive voltage with respect to ground which causes the destruction of the electronic devices or circuitry, including reversing the polarity of the voltages. The module shall be subjected to excursions outside its specified normal operating range while being operated in a normal manner.

The electronic devices or circuitry may fail at any point outside the normal operating ranges, but at no time shall the security of the module be compromised. If at any time during the test, the security of the module is compromised due to the failure of electronic circuitry or devices, then the design of the electronic circuitry or devices shall be corrected and the module shall be retested.

These requirements do not apply to microcode or system software whose source code is not available to the module manufacturer.

These requirements do not apply to any software or firmware that can be shown not to affect the security of the module. Documentation shall identify any software or firmware that is excluded from the software security requirements and explain the rationale for the exclusion.

Documentation shall include a detailed description of the design of the software within the module e. Documentation shall include a detailed explanation of the correspondence between the design of the software and the cryptographic module security policy i.

Documentation shall include a complete source code listing for all software contained within the module. For each software module, software function and software procedure, the source code listing shall be annotated with comments that clearly depict the relationship of these software entities to the design of the software. All software within a cryptographic module shall be implemented using a high-level language, except that the limited use of low-level languages e.

Documentation shall include a specification of a formal model i. The formal model shall be specified using a formal specification language that is a rigorous notation based on established mathematics, such as first order logic or set theory. Documentation shall include a detailed explanation informal proof of the correspondence between the formal model and the cryptographic module security policy. For each software module, software function and software procedure, the source code listing shall be annotated with comments that clearly specify 1 the pre-conditions required upon entry into the module, function or procedure in order for it to execute correctly, and 2 the post-conditions expected to be true when execution of the module, function or procedure is complete.

These conditions may be specified using any notation that is sufficiently detailed to completely and unambiguously explain the behavior of a module, function or procedure. While a mechanically checked proof is not required, it shall be possible to prove from the pre- and post-conditions that a module, function or procedure is consistent with the formal model.

Documentation shall include a detailed explanation informal proof of the correspondence between the software design as reflected by the pre- and post-condition annotations and the formal model.

These practices will facilitate the analysis of the software for conformance to the requirements of this standard, and will reduce the chances of programming errors. An example of a cryptographic module for which the operating system requirements apply is a cryptographic module which is a general purpose computer running cryptographic software as well as untrusted user-supplied software e. In this case, the hardware, operating system and cryptographic software are considered part of the cryptographic module, and hence, the operating system requirements apply.

Note that as a consequence of these requirements, multi-user, multi-processing operating systems are explicitly excluded from Security Level 1, and hence, must satisfy the requirements for Security Levels 2, 3 or 4.

All cryptographic software shall be installed only as executable code in order to discourage scrutiny and modification by users. A cryptographic mechanism using a FIPS approved authentication technique e. Use of the cryptographic module shall be limited to a single user at a time Security Level 1 only.

Use of the cryptographic module shall be dedicated to the cryptographic process during the time the cryptographic process is in use Security Level 1 only.

All cryptographic software, cryptographic keys and other critical security parameters, and control and status information shall be under the control of an operating system that provides controlled access protection i. Security Level 2 only.

EDEXCEL IGCSE ACCOUNTING STUDENT BOOK PDF

You are viewing this page in an unauthorized frame window.

A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products. When selecting a module from a vendor, verify that the module is either the product or application itself e. If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing. The descriptions do not imply endorsement by the U.

PUER AETERNUS VON FRANZ PDF

FIPS 140-2

Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. The cryptographic modules are produced by the private sector or open source communities for use by the U. A commercial cryptographic module is also commonly referred to as a hardware security module HSM. It does not specify in detail what level of security is required by any particular application.

AMPROBE DM7C PDF

FIPS 140-1 and FIPS 140-2 Vendor List

FIPS does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and at the highest security level some aspects of the comments contained in the source code. User agencies desiring to implement cryptographic modules should confirm that the module they are using is covered by an existing validation certificate. For Levels 2 and higher, the operating platform upon which the validation is applicable is also listed. Vendors do not always maintain their baseline validations.

Related Articles