Wednesday, November 6, 2019

First Commercial ACVP Testing with Regular Three-party Setup Completed

The atsec Automated Cryptographic Validation Protocol (ACVP) tool set demonstrated that ACVT is fully production-ready with the completion of the ACVP test run of 3,529 test vector sets managed by 329 test sessions. The testing marks the first successful production test run of ACVT with the three-party approach commonly used during FIPS 140-2 testing. The three parties are the vendor of the cryptographic implementation executing the testing, NIST maintaining the ACVP server and awarding the certificates, as well as the lab, atsec, interfacing with the vendor and NIST.

The successful testing was executed on a large array of Apple devices including iPhones, iPads, macOS devices, Apple watches, Apple TV devices and the embedded Apple T2 security chip. By using ACVP, the entire test round, starting from obtaining the test vectors until receiving the certificate for all these devices, took about two weeks. The old CAVS test approach would’ve taken many more weeks. The full automation of the testing significantly paid off in faster turnaround times as well as consistency of the testing. By removing the human factor to a large degree the potential for errors was minimized.

The power and versatility of the atsec ACVP test tools supported the testing. With the ACVP Proxy capability of maintaining several thousand test vectors in an offline database, testing was conducted with test beds that were not connected to the Internet. In addition, the ACVP Parser was capable of delivering tests to even the tiniest of execution environments within the Apple Watch Series 1 and the Apple T2 security chip. The ACVP Parser’s versatility provided the seamless management of tests through integration with Apple’s tooling for the three target modules identified as the User Space module, Kernel Space module, and the Apple Secure Enclave Processor (hardware module).

The development of the atsec ACVP tool set, as well as the execution of the tool set with the ACVP production servers, also helped NIST to bring ACVP into a production-ready state and to identify shortcomings in handling such a massive volume of tests.

atsec would like to thank Apple engineer Shawn Geddis, who supported the ACVP testing. Also, atsec would like to thank the NIST ACVT team for fast and professional interaction to resolve issues during the development phase.

The atsec ACVP test tools allow an immediate integration with different cryptographic implementations including cryptographic hardware. atsec is therefore the partner for you to turn your ACVP testing into a success story requiring limited effort and offering fast turnaround times.

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.