This is the first article of in our comprehensive series introducing Hardware Security Modules (HSM). We understand that some of these concepts can be difficult to grasp all in one read. So for this introduction, we don’t quite intend to break the ice, but only aim to scratch the surface on the topic of cryptographic module security standards.

Mainly, we aim to answer 3 essential questions in this regard:

What is the current security standard of testing and certifying cryptographic modules? Why is it important to comply with these standards? And lastly, how to comply?

First of all, we offer a simplified introduction to FIPS 140-2. Further, we show you the essential purpose behind FIPS and why it is so important. Finally, we summarize the procedure to have your HSM tested and certified as a FIPS compliant module, and also we break down the legal requirements you will need to follow when implementing an HSM or any cryptographic module used to handle sensitive information.So let’s take a quick look at what it means, and how to become, “FIPS 140-2 Tested and Certified”

What is FIPS 140-2?

The requirements specified in the Federal Information Processing Standard (FIPS) PUB 140- 2 outline a total of 11 areas of design and implementation of products in applied cryptography. These areas include:

cryptographic module specification

roles, services, and authentication

ports and interfaces

operational environment

physical security

EMI / EMC

key management

design assurance

To boot, every certified cryptographic module is categorized into 4 levels of security:

Security Level

1. Security Level 2. Security Level 3. Security Level 4. Cryptographic Module Specification. Specification of cryptographic module, cryptographic boundary, Approved algorithms, and Approved modes of operation. Description of cryptographic module including all hardware, software, and firmware components. Statement of module security policy. Cryptographic Module Interfaces. Required and optional interfaces. Specification of all interfaces and of all input and output data paths. Data ports for unprotected critical security parameters physically separated from other data ports. Roles, Services, and Authentication. Logical separation of required and optional roles and services. Role-based or identity-based operator authentication. Identity-based operator authentication. Finite State Machine Model. Specification of finite state machine model. Required states and optional states. State transition diagram and specification of state transitions. Physical Security. Production-grade equipment. Locks or tamper evidence. Tamper detection and response for covers and doors. Tamper detection and response envelope. EFP and EFT. Operating System Security. Executable code. Authenticated software. Single operator. CAPP evaluated at EAL2. CAPP plus trusted path evaluated at EAL3 plus security policy modeling. CAPP plus trusted path evaluated at EAL4 plus security policy modeling, covert channel analysis, and modularity. Cryptographic Key Management. Approved key generation/distribution techniques. Entry/output of keys in encrypted form or direct entry/exit with split knowledge procedures. EMI/EMC. FCC Part 15. Subpart B, Class A (Business use). Applicable FCC requirements (for voice). FCC Part 15. Subpart B, Class B (Home use). Self-Tests. Power-up tests: cryptographic algorithm tests, software/firmware integrity tests, critical functions tests. Conditional tests. Statistical RNG/PRNG tests – callable on demand. Statistical RNG/PRNG tests–performed at power-up. Design Assurance. Configuration management (CM). Secure installation and generation. Design and policy correspondence. Guidance documents. CM system. Secure distribution. Functional specification. Functional testing. High-level language implementation. Test Coverage analysis. Formal model. Detailed explanations (informal proofs). Preconditions and postconditions. Mitigation of Other Attacks. Specification of mitigation of attacks for which no testable requirements are currently available

Based on security requirements in the above areas, FIPS 140-2 defines 4 levels of security

Level 1 - The lowest security that can be applied to a cryptographic module. The sole basis of its security is the fact that it uses a cryptographic function.

Level 2 - These modules have temper evidence as an additional security feature. This cryptographic device will allow authorized operators to open the seals and access the keys, but only after successfully authenticating.

Level 3 - This level of security is measured by tamper detection and response, enhanced protection of private key pairs, and identity-based authentication.

Level 4 - This is the highest level of security. To be certified a level 4 device, the module must be tamper resistant and provide environmental (voltage or temperature) failure protection.

An example of a level 4 certified HSM is Utimaco’s Hardware security modules. Every Utimaco HSMs has been laboratory-tested and certified against FIPS 140-2 standards to help you comply with the standards you need to meet.

Reasons to use a FIPS-certified HSM

To bar unauthorized users from accessing sensitive information

To protect from any unauthorized activity in private systems

To prevent changes from being made without your knowledge or permission

To detect errors immediately, before sensitive information has been damaged or compromised

Why is FIPS Compliance important?

The FIPS 140-2 standard is applicable to all Federal departments and agencies operate or are operated for them under contract and use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems). Additionally, FIPS compliance is required in any regulated industry that collects, stores, transfers, shares or disseminates sensitive information. This includes products in regulated industries such as Banking, Health-care institutions, and National Defense. If you want to sell into these industries and cryptography is a central component of your product, you'll need to prove FIPS compliance.To certify a cryptographic module such as an HSM, Private vendors must first undergo a series of FIPS testing by an independent, accredited Cryptographic and Security Testing (CST) laboratory, such as the National Voluntary Lab Accreditation Program. First, the CST laboratory uses the Derived Test Requirements (DTR) and Implementation Guidance (IG) to test cryptographic modules. Then they must validate the test results before issuing a certificate.

What are the requirements of FIPS 140-2?

An FIPS 140-2 compliant cryptographic module must satisfy the following:

Cryptographic Module Ports & Interfaces

Roles, Services, & Authentication

Finite State Model

Physical Security

General



Single Chip Crypto Modules



Multi Chip Crypto Modules



Multi Chip Standalone Crypto Modules



Environmental Failure Protection/Testing



Operational Environment



Operating System Requirements





Crypto Key Management





Random Number Generators (RNGs)





Key Generation





Key Establishment





Key Entry & Output





Key Storage





Key Zeroization





EMI/EMC Compatibility





Self-Tests





Design Assurance





Configuration Management





Mitigation of other Attacks

The NIST specifies certain crypto algorithms as FIPS 140-2 compliant, and also identifies which algorithms can be used for symmetric, asymmetric, message authentication, and hashing cryptographic functions. The following is a list of approved cryptographic algorithms:

Symmetric



Asymmetric



Message

Authentication Hashing



AES DSS TDES SHA1 TDES SHS AES SHA-256 EES RNG HMAC SHA-512

AES= Advanced Encryption Standard

TDES= Triple Data Encryption Standard

EES= Escrowed Encryption Standard

DSS= Digital Signature Standard

SHS= Secure Hash Standard

RNG= Random Number Generators

HMAC= Hash Message Authentication Code

The FIPS 140-2 standard is applicable to all Federal departments and any regulated industry that collects, stores, transfers, shares or disseminates sensitive information. More importantly, a cryptographic device with high security is necessary to maintain the privacy and integrity of the sensitive information protected by the module. Now that you have a general idea on the importance of FIPS 140-2 and how to comply, take some time to reflect on what you’ve learned and written down any ideas that come to mind. Then when you’re ready, let’s continue on to Part 2 of the Comprehensive Guide to Hardware Security Modules.

References