Wednesday, May 18, 2016
Thursday, April 21, 2016
- Other governments that recognize the assurance provided. Most noteworthy is Canada, who partners with NIST in operating the CMVP as a joint endeavor between NIST and the Communications Security Establishment of Canada (CSEC). There are examples of others, such as the Japan CMVP which is part of the Information-technology Promotion Agency (IPA). They developed and operate a validation program (similar to that used in the US and Canada) in support of procurement in compliance with the Japanese Standards for Information Security Measures for the Central Government Computer Systems.
- Several Common Criteria national schemes who may often draw from cryptographic module or cryptographic algorithm validations in their own assurance work.
- The UK’s information commissioner’s office and Treasury Solicitor’s Department, both of which recommend using FIPS 140-2 validated encryption products.
- The Health industry. For example, the HITECH act provides for "safe harbor" from the costs of patient notification as well as the reputational risk if the data was protected using encryption. The approved encryption processes to claim safe harbor are those that comply with the requirements of the Federal Information Processing Standards (FIPS) 140-2.
- The Financial industry. This industry has long referenced use of FIPS 140-2 and its predecessors as a best practice. More recently, the Payment Card Industry has drawn heavily from FIPS 140-2 in their endeavors to obtain cryptography assurance within PCI environments and systems in several of their standards.
- Voting Systems. The Electoral Assistance Commission’s Voluntary Voting System Guidelines recommend the use of FIPS 140-2 for cryptography in voting systems.
- Digital Cinema. FIPS 140-2 is specified in the digital cinema specification, V1.2.
A comparison of FIPS 140-2 and ISO/IEC 19790 is given in the blog "ISO's cryptographic module work".
A similar blog on ISO's work related to ISO/IEC 15408 (Common Criteria) is also avilable. There is some overlap.
Work from ISO/IEC JTC 1/SC 27/WG 3 related to cryptographic modulesThe work in ISO is not restricted to the specification and the associated test requirements. There are several other work items that have been published or are currently being developed in SC 27/WG 3. These include:
Requirements and testing
IS 19790:2012: Security requirements for cryptographic modules
Specifies security requirements specified intended to maintain the security provided by a cryptographic module.This core standard is currently in it's second edition, Note that the standard has been updated with a corrigendum in 2015.
IS 24759:2014: Test requirements for cryptographic modules
Specifies the methods to be used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012/Cor.1:2015. It also specifies the requirements for information that vendors provide to testing laboratories as supporting evidence for conformance testing.This standard is currently in it's second edition, Note that the standard has been updated with a corrigendum in 2015.
DRAFT ISO/IEC TS 20540 Guidelines for testing cryptographic modules in their operational environmentDescribes the guidelines that may be used in operational testing of cryptographic
modules which are deployed as part of a security system. The operational tests are performed to determine the suitability and proper usage of a cryptographic module in its intended environment.
IS 17825:2016: Testing methods for the mitigation of non-invasive attack classes against cryptographic modules
Specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790 for Security Levels 3 and 4. The test metrics are associated with the security functions specified in ISO/IEC 19790. Testing will be conducted at the defined boundary of the cryptographic module and I/O available at its defined boundary.The test methods used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790 and the test metrics specified in this International Standard for each of the associated security functions specified in ISO/IEC 19790 are specified in ISO/IEC 24759. The test approach employed in this International Standard is an efficient "push-button" approach: the tests are technically sound, repeatable and have moderate costs.
DRAFT ISO/IEC TR 20085-1: Test tool requirements and test tool calibration methods for use in testing non-invasive attack mitigation techniques in cryptographic modules — Part 1: Test tools and techniques.
DRAFT ISO/IEC TR 20085-2: Test tool requirements and test tool calibration methods for use in testing non-invasive attack mitigation techniques in cryptographic modules — Part 2: Test calibration methods and apparatus
TR 30104:2015: Physical Security Attacks, Mitigation Techniques and Security RequirementsThis technical report provides guidance and addresses the following topics:
- a survey of physical security attacks directed against different types of hardware embodiments including a description of known physical attacks, ranging from simple attacks that require little skill or resource, to complex attacks that require trained, technical people and considerable resources;
- guidance on the principles, best practices and techniques for the design of tamper protection mechanisms and methods for the mitigation of those attacks; and
- guidance on the evaluation or testing of hardware tamper protection mechanisms and references to current standards and test programs that address hardware tamper evaluation and testing.
Cryptographic functions, algorithms and protocolsNote that the specification of cryptography and security mechanisms is handled in WG 2: I have not listed their related work here. A full list of SC 27 work can be found in the ISO Standards Catalogue.
DRAFT IS 18367: Cryptographic algorithms and security mechanisms conformance testingIntended to provide the basis for testing the implementation correctness of cryptographic algorithms published by ISO.
Conformance testing assures that an implementation of a cryptographic algorithm or security mechanism implementation is correct whether implemented in hardware, software or firmware or in a specific operating environment. Testing may consist of known-answer or Monte Carlo testing, or a combination of test methods. Testing may be performed on the actual implementation or modeled in a simulation environment.
2016: This document is in the late stages of development and is expected to be published before the end of 2016.
IS 29128:2011: Verification of cryptographic protocols:Establishes a technical base for the security proof of the specification of cryptographic protocols. It specifies design evaluation criteria for these protocols, as well as methods to be applied in a verification process for such protocols. It also provides definitions of different protocol assurance levels consistent with evaluation assurance components in ISO/IEC 15408.
DRAFT ISO/IEC 20543: Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408Describes testing and evaluation methods for determining the acceptable randomness of non-deterministic and deterministic random bit generators for use in cryptographic applications.
Physically unclonable functions (PUFs)
DRAFT: ISO/IEC 20897:Security requirements, test and evaluation methods for physically unclonable functions (PUFs) for generating non-stored security parameters2016: This standard is currently under development.
DRAFT ISO/IEC TR 19896-1: Competence requirements for information security testers and evaluators: Part 1: Introduction, concepts and general requirements
Provide the fundamental concepts related to the topic of the competence of the individuals responsible for performing IT product security evaluations and conformance testing. Provides the framework and the specialised requirements that specify the minimum competence of individuals performing IT product security evaluation and conformance testing using established standards.
This will support the goals of ISO CASCO conformity assessment by contributing standardized requirements for competency supporting ISO/IEC 17024.
DRAFT ISO/IEC TR 19896-2: Competence requirements for information security testers and evaluators: Part 2: Knowledge, skills and effectiveness requirements for 19790 testersThis standard will establish a baseline for the competence of ISO/IEC 19790 testers and validators with the goal of establishing conformity in the requirements for the training of ISO/IEC 19790 testing and validator professionals associated with cryptographic module conformance testing programs.
About testing and validation of conformance to ISO/IEC 19790
This is already happening.
- In Japan, IPA operates a cryptographic module validation program with ISO/IEC 19790 as a basis known as the JCMVP. At the ICMC in 2013, Japan announced that a memorandum of understanding between the JCMVP and the CMVP.
- in Korea, the Korean Cryptographic Module Validation Program (KCMVP ) was established in 2005 and uses ISO/IEC 19790 as a basis for their program specifying the Korean approved set of cryptographic algorithms and security functions.
- A validation program in Spain for cryptographic modules is based on the ISO standards
- A validation program in Turkey for cryptographic modules is based on the ISO standards
- Other national programs are under consideration
- accrediting test laboratories
- making program policies
- defining the approved cryptographic functions,
- establishing algorithm implementation testing and validation
- establishing a management system for validating and certifying the testing results
- providing any necessary interpretations of the standards
- dealing with comments, requests, and issues from labs and vendors
- policing the certificate and logo usage
ISO/IEC 15443 ("FRITSA")
ISO/IEC TR 15443-1:2012: Security assurance framework -- Part 1: Introduction and concepts
ISO/IEC TR 15443-2:2012: Security assurance framework -- Part 2: AnalysisSubstantially revised in 2012. Part one gives a discussion of the nature of security assurance, providing a framework for further discussions and documents. Part 2 of this technical report describes the "criteria for criteria". It discusses security assurance schemes, and how these themselves can be evaluated. While some schemes are of high quality, others may not be. What criteria can be used to tell?
Tuesday, April 12, 2016
atsec information security corporation’s Vice President of Business Development, Fiona Pattinson, has been recognized today by the International Committee for International Technology Standards (INCITS) for outstanding technical contribution to the development of Cyber Security Standards in their CS1 Committee. During the INCITS meeting in Tampa, Florida, Fiona Pattinson was presented with a prestigious Technical Excellence Award in recognition for her long term contribution and dedication to the development of International and National Standards.
|Fiona Pattinson receiving the award|
“INCITS is recognizing Fiona’s numerous contributions to the INCITS/CS1 - Cyber Security standards community. As a long time participant and a technical expert on the committee, Fiona has been providing expert contributions on a wide variety of standards projects assigned to ISO/IEC JTC 1/SC 27WG3. In addition, she has accepted many roles, such as editor, co-editor, study period rapporteur and liaison. On most occasions at the international meetings, she presently serves as acting WG 3 recording secretary and as a member of the drafting committee. She continues to serve the committee as the US sub-head of delegation to the SC 27IWG3 meetings,” added Helmut Kurth, Vice President and Chief Scientist of atsec corporation.
Friday, April 1, 2016
Recognizing the need for secure IT products in all regions of the world, and in support of an internationally agreed Arrangement allowing for the mutual recognition of independently evaluated and validated information technology (IT) products, the Vatican has decided to sign the ISO/IEC 15408 International Recognition Arrangement (I2RA) and has started to validate the security evaluations of IT products.
The I2RA was established in 1996 and was used as the basis for mutually accepting certificates for the assurance of IT products. At that time it was in competition with another arrangement called the Common Criteria Recognition Arrangement (CCRA), which some nations viewed as the more attractive option.
The I2RA signatories therefore started a process to weaken the CCRA thus strengthening the importance and influence of the I2RA. Finally this process was successful.
The Vatican has announced that it has joined the existing signatories to the I2RA as the first Certificate Authorizing member. This provides much needed value to the existing certificate-consuming members1 of the arrangement.
atsec's Vice President, Fiona Pattinson stated:
"Convincing the Vatican to join this hitherto little known Arrangement has been a long term goal of atsec. Drawing from our long experience in helping nation-states to establish validation schemes under the now obsolete CCRA it seemed natural to help the Vatican to establish an evaluation and validation Scheme within the I2RA in order to continue to support those developers that wish to demonstrate to assurance-consumers that their products offer a modicum of assurance in their security functionality."
The Vatican has set up its own evaluation facility that analyzes IT products for compliance with ISO/IEC 15408 in context with divine security principals and a newly established policy that eliminates security flaws using a new vulnerability assessment and mitigation technology named 'exorcism'. Details of this technology have not been published but the Vatican has stated that this technology has been very successful in the past for projects performed in other areas.
Objections came from several Intelligence Agencies who stated that international mutual recognition of evaluations not performed under their control, and resulting in the eradication of a large number of vulnerabilities, may have a negative influence on their ability to perform the work they are supposed to do. They also objected to the use of 'supernatural' assessment methods claiming to provide a high level of assurance.
Some Voodoo priests in the Caribbean have announced that they are also considering setting up a security evaluation and validation scheme and will potentially convince their countries to join the I2RA.
1 including Atlantis, Caledonia, Tantooine, Dagobah, Rivendell, Gondor, Equestria, Estovakia, Grand Fenwick, Krakozhia, Loompa Land, Moldavia and Molvanîa, Oceania, Qumar, Rohan, Shangri-La, Republic of Tirania, and the United Federation.
Tuesday, March 22, 2016
Cryptographic Algorithm Validations
The Cryptographic Algorithm Validation Program (CAVP) is an organization that is managed solely by the National Institute of Standards and Technology (NIST). Information about the CAVP scheme, including the official validation lists, can be found at NIST's web page for the CAVP.
The CAVP certifies that certain algorithms and related security functions are implemented correctly through testing supervised by accredited testing laboratories using test vectors. This testing supports verification of the correctness of the algorithm implementation.
The CAVP was instigated to provide assurance that cryptographic algorithms are implemented correctly in cryptographic modules. NIST statistics have indicated that close to 26% of algorithms tested showed errors in implementation that were corrected as a result of the testing process.
In addition to satisfying NIST requirements, the assurance given by CAVP certification is widely used by other assurance programs and in some industries. The following are examples.
- The Cryptographic Module Validation Program (CMVP), specifies that certificates, issued by the CAVP, for the Approved Security Functions are provided as a pre-requisite for the Federal Information Processing Standard (FIPS) 140-2 validation.
Note that the CAVP and the CMVP are closely linked but are formally independent of each other.
- The National Information Assurance Partnership (NIAP) specifies that certificates, issued by the CAVP must be provided for all NIST approved security functions specified in their Approved Protection Profiles for Common Criteria evaluation.
Note that the NIAP Scheme Policy #5 for this topic also allows CMVP validation. This policy is supplemented with an FAQ. As noted above a CMVP validation against FIPS 140-2 will assure that the Cryptographic Alogorithm Validation System (CAVS) certificates are already in place.
- The financial industry frequently specifies that CAVP certificates are provided to demonstrate assurance of implementation correctness.
- The 2005 Voting System standards also recommends using CMVP validation (and hence the provision of CAVP certificates.)
Forward-looking vendors are turning to the CAVP certification scheme to provide assurance to an audience demanding assurance that algorithm implementations have been implemented correctly. Costs and the time needed to obtain CAVP certification are relatively small compared to certifications such as Common Criteria and FIPS 140-2.
It should be pointed out that CAVP certification does not by itself provide any assurance that the algorithm itself is sound. It does, however, provide assurance that the chosen algorithm was implemented correctly.
Cryptographic Module Validations
The CMVP is a joint program between NIST and the Canadian Security Establishment (CSE). This organization provides a validation and certification program for conformance claims to FIPS 140-2 a specification for Security Requirements for Cryptographic Modules.
Validated cryptographic modules are specified or accepted by a variety of organizations, including the following.
- Cryptographic Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are mandated, by law, to the Federal Agencies in the USA for the protection of sensitive information.
"If a government agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated."
The CMVP is responsible for validating cryptographic modules.
- For National Security Systems, the DoD or CIA rather than NIST lead the way, with the following legislation and policies currently applicable.
- The Committee on National Security Systems Policy (CNSSP)-11, the national policy governing the acquisition of information assurance (IA) and IA-enabled information technology products is applicable to all U.S. National Security Systems used by or on behalf of U.S. Government Departments and Agencies establishes the NIAP, which in turn has issued NIAP Scheme Policy #5 requiring CAVP validation and ideally CMVP validation. This policy is supplemented with an FAQ.
- The Federal Information Security Management Act (FISMA) 2002 removed a waiver for FIPS 140-2 validation that was in place as FIPS 140-2 became widely adopted.
- In Canada, FIPS 140-2 is recommended by the government. The Government of Canada recommends that Federal Departments purchase CMVP validated cryptographic modules.
- Some non-governmental organizations and even other standards refer to FIPS 140-2 as a means of providing appropriate assurance for cryptographic modules. This includes a variety of topics from digital cinema specifications through voting system standards.
Common Terminology MistakesThe algorithm is FIPS certified/validated"—Incorrect
While some algorithms are specified using a Federal Information Processing Standard (FIPS), some are specified through NIST Special Publications (SPs) and some through standards from other standards bodies such as ANSI and IEEE. So, in no case is there a "FIPS certification". The certification is performed by the CAVP.
"The algorithm is FIPS 140 certified/validated"—Incorrect
The FIPS 140 standard was withdrawn many years ago.
"The algorithm is FIPS 140-2 certified/validated"—Incorrect
It is the CAVP that perform the validations, certifications are issued by NIST.
"The algorithm is certified/validated by CAVP"—Correct
"The cryptographic module is FIPS certified/validated"—Incorrect
It is the CMVP that perform the validations, certifications are issued by NIST/CSE.
"The cryptographic module is FIPS 140-2 certified/validated by NIST/CSE"—Correct
"The cryptographic module is NIST certified"—Incorrect
Certifications are signed and issued by both NIST and CSE together, unless the module is an ITAR item, in which case the validation work is performed in the U.S. by NIST.
Common MisconceptionsCAVP certificates are the same as FIPS 140-2 certificates issued by the CMVP.
They are not. As explained above, CAVP certificates are applicable only to the cryptographic algorithms and supporting security functions specified in the Annexes of FIPS 140-2. The CMVP only issues certificates for a complete cryptographic module.
The CAVP can certify all the algorithms I designed into my product.
This is not true. The CAVP supports the CMVP with the validation of cryptographic functions specified in Annex A of FIPS 140-2. Note that the content of Annex A changes from time to time. These usually include cryptographic functions defined in other Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), ANSI standards and ISO standards. Many of the cryptographic functions defined in Annex A also appear in the US algorithm suite B. Note that for some cryptographic functions automated tests have not been established and so alternative means of the CAVP approving them are used.
The NIAP requires FIPS 140-2 for conformance to Common Criteria.
The NIAP does not require FIPS 140-2 compliance for cryptographic modules included in a CC evaluation. Note, however, that by law (FISMA, 2002) the standard is applicable to all Federal Agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems. While the NIAP does not require FIPS 140-2 validation, it is necessary to have FIPS 140-2 validation for cryptographic modules used by Federal Agencies.
CAVP certificates are the same as a FIPS 140-2 validation.
The CAVP certifications establish only that the cryptographic functions are implemented correctly. FIPS 140-2 certification establishes that a cryptographic module uses cryptographic functions that are already certified by the CAVP, as well as meeting the specification for other attributes of a cryptographic module. These include some essential elements of the design and functionality of an entire cryptographic module including its operational environment, physical security, cryptographic key management, and self-tests.
A FIPS 140-2 certificate shows that a cryptographic module is secure.
This is not true. The security requirements specified in FIPS 140-2 are intended to maintain the security provided by a cryptographic module. However, conformance to FIPS 140-2 is not sufficient to ensure that a particular cryptographic module is secure.
OpenSSL is certified; therefore I do not need to repeat CAVP certification when I use an OpenSSL module for my Common Criteria work.
Both CAVP and CMVP certificates are very specific about the version number of the cryptographic module that has been validated along with the platform that the certification is relevant to. The certificates must match the exact version of the cryptographic module (e.g. OpenSSL) as well as the platform (e.g. OS and processors) in order for them to be valid in your use-case.
Monday, November 16, 2015
Friday, November 6, 2015
Day one of the 2015 International Cryptographic Module Conference (ICMC) was host to more than twenty speakers on a variety of topics concerning cryptographic modules.
|The atsec Table in the Exhibits Area|
The speakers included Yi Mao, Ph.D., CST Lab Manager and Stephan Mueller, Principal Consultant and Evaluator, both of atsec information security corporation.
|Stephan Mueller Presenting||Yi Mao Presenting|
Stephan Mueller's speech presented an Analysis of Linux /dev/random. Yi Mao's presentation was titled "Enough Entropy? Justify It!" and concluded with a parody song and animation called "Let It Go (RNG Version)." The animation can be viewed on atsec's animations page.
Thursday, November 5, 2015
The 2015 International Cryptographic Module Conference (ICMC) started yesterday with a day of pre-conference workshops on FIPS 140 Projects, Breaking into Embedded Devices, and Addressing Unique Security Challenges through Standardization.
The main conference was opened today by Yi Mao, Ph.D., CST Lab Manager of atsec, followed by keynote speakers Phil Zimmermann (Creator of PGP, Co-founder, Silent Circle), Paul Kocher (President, Chief Scientist, Cryptography Research), and Marianne Bailey (Principal Director, Deputy CIO for Cybersecurity, DOD).
The next two days will see presentations from more than thirty speakers on a wide variety of topics concerning cryptographic modules. atsec information security is represented by Yi Mao, Stephan Mueller, Swapneela Unkule, and Di Li. For more information on the conference, please visit the ICMC website.
ICMC 2016 was announced with changes in season and location!. The conference will be held May 18-20, 2016, at the Shaw Centre in Ottawa, Ontario. ICMC grows into an expanded international venue, with a new late-Spring timeframe that avoids conflict with other industry events. The call for presentations is now open at Speaking at ICMC 2016 with a deadline of December 15, 2015.
Wednesday, May 27, 2015
Wednesday, May 20, 2015
|Ron Ross, NIST Fellow, delivers his keynote presentation|
The ISO/IEC 27001 standard is a globally accepted standard for ISMS. It is widely used in Europe and Asia, but to date it has not been as widely adopted in the United States, this first conference of its kind in the U.S. was held last week in Austin, Texas.
atsec initiated the organization of the conference due to the history of atsec and the ISO/IEC 27001 standard. Sal La Pietra, atsec CEO, in his closing remarks at the conference said, "We organized this conference because we believe in the 27K standard and atsec owes the foundation and growth of the company to the standard." Much of atsec's early business in Europe was related to the ISO 27001 standard. atsec was assisted in the development of the conference by Cyberdefenses and BSI.
A day of pre-conference workshops was followed by the conference opening with keynote presentations by
- David Cannon, President & CEO, CertTest Training Center,
- Ron Ross, Fellow, National Institute of Standards and Technology (NIST),
- Scott Bullock CCSK, CISSP, CISM, Information Security Manager, Websense Cloud Services,
The conference was capped with a summary panel discussion on the subject of Integrating ISO/IEC 27001 with Existing Management Systems. The panel was moderated by Vern Williams, Chief Security Officer of CyberDefenses, and consisted of Fiona Pattinson, VP of atsec information security, John DiMaria ISO Product Manager of BSI Group America, Timothy Woodcome, Director of NQA USA, and David Ochel, Senior Information Security Manager of Rêv Worldwide. It was clear from the enthusiastic participation and discussion of the attendees that a conference on the subject of ISO/IEC 27001 has been needed and was valued highly by the community.
|Vern Williams moderates the summary panel|
Thank you to everyone for attending! We are truly sorry that the typically beautiful Austin Spring weather chose not to cooperate on the week of the conference.
The conference organizers would like to thank Vern Williams and Willibert Fabritius for their invaluable contribution to the organization of the conference. We would also like to thank all of the conference sponsors: BSI, CyberDefenses, Inc., SGS, UL DQS Inc., DEKRA Certification, Inc., National Quality Assurance, The Open Group, SecuraStar, and Developing Telecoms. We are also grateful for the able assistance of Bill Rutledge of Cnxtd (“Connected”) Event Media Services.