Thursday, April 21, 2016

Cryptographic module related work in ISO/IEC JTC 1/SC 27/WG 3

Last updated: 2016-04-21

For several years the value of conformance testing against the FIPS 140-2 specification has been well accepted, and the assurance gained through validated conformance has been specified (with varying degrees of rigor) in several other markets. For example:
  • Other governments that recognize the assurance provided. Most noteworthy is Canada, who partners with NIST in operating the CMVP as a joint endeavor between NIST and the Communications Security Establishment of Canada (CSEC). There are  examples of others, such as the Japan CMVP which is part of the  Information-technology Promotion Agency (IPA). They developed and operate a validation program (similar to that used in the US and Canada) in support of procurement in compliance with the Japanese Standards for Information Security Measures for the Central Government Computer Systems.
  • Several Common Criteria national schemes who may often draw from cryptographic module or cryptographic algorithm validations in their own assurance work.
  • The UK’s information commissioner’s office and Treasury Solicitor’s Department, both of which recommend using FIPS 140-2 validated encryption products.
  • The Health industry. For example, the HITECH act provides for "safe harbor" from the costs of patient notification as well as the reputational risk if the data was protected  using encryption. The approved encryption processes to claim safe harbor are those that comply with the requirements of the Federal Information Processing Standards (FIPS) 140-2.
  • The Financial industry. This industry has long referenced use of FIPS 140-2 and its predecessors as a best practice. More recently, the Payment Card Industry has drawn heavily from FIPS 140-2 in their endeavors to obtain cryptography assurance within PCI environments and systems in several of their standards.
  • Voting Systems. The Electoral Assistance Commission’s Voluntary Voting System Guidelines recommend the use of FIPS 140-2 for cryptography in voting systems.
  •  Digital Cinema. FIPS 140-2 is specified in the digital cinema specification, V1.2.
Despite the obvious usefulness of the standard and the assurance that is gained from programmatic testing and validation of the results, it has been long recognized that a US government-produced standard (and US government validations) may not be appropriate for scenarios beyond the US Government regulation and so, in 2003, a project was initiated by ISO/IEC JTC 1 sub-committee 27 which focuses on IT security techniques. The project was allocated to Working Group 3, and the assigned editors and experts from the US, France and Japan led the international coordination to produce the first edition of ISO/IEC 19790 which was published in 2006.

A comparison of FIPS 140-2 and ISO/IEC 19790 is given in the blog "ISO's cryptographic module work".

A similar blog on ISO's work related to ISO/IEC 15408 (Common Criteria)  is also avilable. There is some overlap.

Work from ISO/IEC JTC 1/SC 27/WG 3 related to cryptographic modules

The work in ISO is not restricted to the specification and the associated test requirements. There are several other work items that have been published or are currently being developed in SC 27/WG 3. These include:

Requirements and testing

IS 19790:2012: Security requirements for cryptographic modules

Specifies security requirements specified intended to maintain the security provided by a cryptographic module.

This core standard is currently in it's second edition,  Note that the standard has been updated with a corrigendum in 2015.

IS 24759:2014: Test requirements for cryptographic modules

Specifies the methods to be used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012/Cor.1:2015. It also specifies the requirements for information that vendors provide to testing laboratories as supporting evidence for conformance testing.

This standard is currently in it's second edition,  Note that the standard has been updated with a corrigendum in 2015.

Deployed Modules 

DRAFT ISO/IEC TS 20540 Guidelines for testing cryptographic modules in their operational environment  

Describes the guidelines that may be used in operational testing of cryptographic
modules which are deployed as part of a security system. The operational tests are performed to determine the suitability and proper usage of a cryptographic module in its intended environment.

Non-Invasive attacks

IS 17825:2016: Testing methods for the mitigation of non-invasive attack classes against cryptographic modules

Specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790 for Security Levels 3 and 4. The test metrics are associated with the security functions specified in ISO/IEC 19790. Testing will be conducted at the defined boundary of the cryptographic module and I/O available at its defined boundary.

The test methods used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790 and the test metrics specified in this International Standard for each of the associated security functions specified in ISO/IEC 19790 are specified in ISO/IEC 24759. The test approach employed in this International Standard is an efficient "push-button" approach: the tests are technically sound, repeatable and have moderate costs.

DRAFT ISO/IEC TR 20085-1: Test tool requirements and test tool calibration methods for use in testing non-invasive attack mitigation techniques in cryptographic modules — Part 1: Test tools and techniques.

DRAFT ISO/IEC TR 20085-2: Test tool requirements and test tool calibration methods for use in testing non-invasive attack mitigation techniques in cryptographic modules — Part 2: Test calibration methods and apparatus

TR 30104:2015: Physical Security Attacks, Mitigation Techniques and Security Requirements

This technical report provides guidance and addresses the following topics:
  • a survey of physical security attacks directed against different types of hardware embodiments including a description of known physical attacks, ranging from simple attacks that require little skill or resource, to complex attacks that require trained, technical people and considerable resources;
  • guidance on the principles, best practices and techniques for the design of tamper protection mechanisms and methods for the mitigation of those attacks; and
  • guidance on the evaluation or testing of hardware tamper protection mechanisms and references to current standards and test programs that address hardware tamper evaluation and testing.

Cryptographic functions, algorithms and protocols

Note that the specification of cryptography and security mechanisms  is handled in WG 2: I have not listed their related work here. A full list of SC 27 work can be found in the ISO Standards Catalogue.

DRAFT IS 18367: Cryptographic algorithms and security mechanisms conformance testing

Intended to provide the basis for testing the implementation correctness of cryptographic algorithms published by ISO.
Conformance testing assures that an implementation of a cryptographic algorithm or security mechanism implementation is correct whether implemented in hardware, software or firmware or in a specific operating environment. Testing may consist of known-answer or Monte Carlo testing, or a combination of test methods. Testing may be performed on the actual implementation or modeled in a simulation environment.

2016: This document is in the late stages of development and is expected to be published before the end of 2016.

IS 29128:2011: Verification of cryptographic protocols: 

Establishes a technical base for the security proof of the specification of cryptographic protocols. It specifies design evaluation criteria for these protocols, as well as methods to be applied in a verification process for such protocols. It also provides definitions of different protocol assurance levels consistent with evaluation assurance components in ISO/IEC 15408.

DRAFT ISO/IEC 20543: Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408

Describes testing and evaluation methods for determining the acceptable randomness of non-deterministic and deterministic random bit generators for use in cryptographic applications.

Physically unclonable functions (PUFs)

DRAFT: ISO/IEC  20897:Security requirements, test and evaluation methods for physically unclonable functions (PUFs) for generating non-stored security parameters

2016: This standard is currently under development.


DRAFT ISO/IEC TR 19896-1: Competence requirements for information security testers and evaluators: Part 1: Introduction, concepts and general requirements

Provide the fundamental concepts related to the topic of the competence of the individuals responsible for performing IT product security evaluations and conformance testing. Provides the framework and the specialised requirements that specify the minimum competence of individuals performing IT product security evaluation and conformance testing using established standards.
This will support the goals of ISO CASCO conformity assessment by contributing standardized requirements for competency supporting ISO/IEC 17024.

 DRAFT ISO/IEC TR 19896-2: Competence requirements for information security testers and evaluators: Part 2: Knowledge, skills and effectiveness requirements for 19790 testers

This standard will establish  a baseline for the competence of ISO/IEC 19790 testers and validators with the goal of establishing conformity in the requirements for the training of ISO/IEC 19790 testing and validator professionals associated with cryptographic module conformance testing programs.

About testing and validation of conformance to ISO/IEC 19790

Now that there is an internationally recognized set of standards for the specification and testing of cryptographic modules, a base set of cryptographic standards and fundamentals, as well as a means of testing their implementation correctness, all the needed tools are in place for various authorities to develop validation programs - and use of the tools provide for consistent testing, validation, and certification of conformance to the ISO standard.

This is already happening.
  • In Japan, IPA operates a cryptographic module validation program with ISO/IEC 19790 as a basis known as the JCMVP.  At the ICMC in 2013, Japan announced that a memorandum of understanding between the JCMVP and the CMVP.
  • in Korea, the Korean Cryptographic Module Validation Program (KCMVP ) was established in 2005 and uses ISO/IEC 19790 as a basis for their program specifying the Korean approved set of cryptographic algorithms and security functions.
  • A validation program in Spain for cryptographic modules is based on the ISO standards
  • A validation program in Turkey for cryptographic modules is based on the ISO standards
  • Other national programs are under consideration 
With the development of validation programs using the standards -- and perhaps even one day mutual recognition by different programs -- the needs of the commercial sector around the world can be addressed. This would help developers and vendors of cryptographic modules to address markets on a multi-national basis (and may even help address some of the issues apparent in the critical infrastructures and the international supply chain).

To successfully offer such a service, a validation program must define the operational activities that are vital to a successful program. These activities include:
  • accrediting test laboratories
  • making program policies
  • defining the approved cryptographic functions,
  • establishing algorithm implementation testing and validation
  • establishing a management system for validating and certifying the testing results
  • providing any necessary interpretations of the standards
  • dealing with comments, requests, and issues from labs and vendors
  • policing the certificate and logo usage 
WG3 have produced a document that provides additional guidance on this topic:

ISO/IEC 15443  ("FRITSA")

ISO/IEC TR 15443-1:2012:  Security assurance framework -- Part 1: Introduction and concepts

ISO/IEC TR 15443-2:2012: Security assurance framework -- Part 2: Analysis

Substantially revised in 2012. Part one gives a discussion of the nature of security assurance, providing a framework for further discussions and documents. Part 2 of this technical report describes the "criteria for criteria". It discusses security assurance schemes, and how these themselves can be evaluated. While some schemes are of high quality, others may not be. What criteria can be used to tell?

By Fiona Pattinson

1 comment:

  1. Australian Risk Services: We provide services for Risk Management Plan, Security Risk Management, Enterprise Risk Management, Risk Management Courses


Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.