Mind the Gap: Updating FIPS 140 Mind the Gap: Updating FIPS 140 Steve Weingart Steve Weingart Futurex Futurex 864 Old Boerne Rd. 864 Old Boerne Rd. Bulverde, TX 78163 Bulverde, TX 78163 [email protected]Steve R. White Steve R. White IBM Thomas J. Watson Research IBM Thomas J. Watson Research Center Center P.O. Box 704 P.O. Box 704 Yorktown Heights, NY 10598 Yorktown Heights, NY 10598 [email protected][email protected]
15
Embed
Mind the Gap: Updating FIPS 140 Steve Weingart Futurex 864 Old Boerne Rd. Bulverde, TX 78163 [email protected] Steve R. White IBM Thomas J. Watson Research.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mind the Gap: Updating FIPS 140Mind the Gap: Updating FIPS 140
Steve WeingartSteve WeingartFuturexFuturex
864 Old Boerne Rd.864 Old Boerne Rd.Bulverde, TX 78163Bulverde, TX 78163
Changes in Standards and the EnvironmentChanges in Standards and the Environment
Proposal: Level 3.5Proposal: Level 3.5
Discussion/QuestionsDiscussion/Questions
History Federal Standard 1027 was primarily a hardware Federal Standard 1027 was primarily a hardware
standard for line encryption devices using single DESstandard for line encryption devices using single DES NIST developed FIPS 140 as a replacementNIST developed FIPS 140 as a replacement
It is more generalized. It is more generalized. It accepts both hardware and software implementationsIt accepts both hardware and software implementations It has the 11 criteria that cover the complete designIt has the 11 criteria that cover the complete design
During the development of FIPS 140 a level based During the development of FIPS 140 a level based system was proposed and acceptedsystem was proposed and accepted
FIPS 140-1 was made official in 1994FIPS 140-1 was made official in 1994 It became widely acceptedIt became widely accepted
FIPS 140-2, the first update, was made official in FIPS 140-2, the first update, was made official in 20012001
Things have changedThings have changed Both attack and defense technologies have Both attack and defense technologies have
improvedimproved Industry needs & requirements have changedIndustry needs & requirements have changed The standard, and its applicability, evolvesThe standard, and its applicability, evolves
History (cont)
Original proposed six level system
Level Name Description
1 None The attack can succeed “by accident” without the attacker necessarily being aware that a defense was intended to exist. No tools or skills are needed.
2 Intent The attacker must have a clear intent in order to succeed. Universally available tools (e.g. screwdriver, nail file) and minimal skills may be used.
3 Common Tools Commonly-available tools and skills may be used (e.g. those tools available from retail department or computer stores).
4 Unusual Tools Uncommon tools and skills may be used, but they must be available to a substantial population (e.g. lock pick, logic analyzer; hardware and software debugging skills, electronic design and construction skills). Typical engineers will have access to these tools and skills.
5 Special Tools Highly specialized tools and expertise may be used, as might be found in the laboratories of universities, private companies, or governmental facilities. The attack requires a significant expenditure of time and effort.
6 In Laboratory A successful attack would require a major expenditure of time and effort on the part of a number of highly qualified experts, and the resources available only in a few facilities in the world.
FIPS 140, 4 level system
Level Physical Security Design Assurance
1 Production grade equipment. Configuration management (CM). Secure installation and generation. Design and policy correspondence. Guidance documents.
2 Locks or tamper evidence. CM system. Secure distribution. Functional specification.
3 Tamper detection and response for covers and doors, epoxy potting
High-level language implementation.
4 Tamper detection response envelope. EFP or EFT.
Formal model. Detailed explanations (informal proofs). Preconditions and postconditions.
Changes Attack Technologies have developedAttack Technologies have developed
The Internet has become a forum for developmentThe Internet has become a forum for development Script Kiddies can obtain and try many software attacks Script Kiddies can obtain and try many software attacks
beyond their skill level beyond their skill level Expensive tools that were difficult to obtain are now Expensive tools that were difficult to obtain are now
Defense technologies have held up, mostlyDefense technologies have held up, mostly Not a great deal of new developmentNot a great deal of new development That is mostly OK, since the higher levels have heldThat is mostly OK, since the higher levels have held
Changes (cont)
The customer population has become larger and The customer population has become larger and more sophisticatedmore sophisticated Banking and FinancialBanking and Financial USPSUSPS
In General FIPS 140 has become accepted ‘Due In General FIPS 140 has become accepted ‘Due Diligence’Diligence’ for commercial cryptographic devicesfor commercial cryptographic devices
This has spotlighted some need for change in the This has spotlighted some need for change in the standardstandard
The Gap FIPS 140 has 4 levelsFIPS 140 has 4 levels
These 4 levels correspond roughly to levels 1, 2, These 4 levels correspond roughly to levels 1, 2, 3 & 6 from the originally proposed system3 & 6 from the originally proposed system
So, there is a large gap between level 3 and So, there is a large gap between level 3 and level 4level 4
A typical level 3 device can cracked in a few A typical level 3 device can cracked in a few hours by anyone with reasonable skillshours by anyone with reasonable skills
No level 4 device has been cracked publicly No level 4 device has been cracked publicly But, the level 4 requirements are so difficult But, the level 4 requirements are so difficult
that there are almost no level 4 devicesthat there are almost no level 4 devices
The Gap
0
50
100
150
200
250
Level 1Level 2 Level 3Level 4
Validations
The Gap There are 179 level 1 validations, 247 level 2 There are 179 level 1 validations, 247 level 2
Of the level 4 devices, about half are unique, the Of the level 4 devices, about half are unique, the rest are delta/re-validations.rest are delta/re-validations.
Level 4 is too difficult develop, and too expensive Level 4 is too difficult develop, and too expensive to manufacture for most vendorsto manufacture for most vendors
But industry requirements need more than level 3 But industry requirements need more than level 3 USPS and ANSI both require tamper detection, USPS and ANSI both require tamper detection,
UPSP requires EFT/EFPUPSP requires EFT/EFP We need something newWe need something new
1 – 1.25 mm max undetected 1 – 1.25 mm max undetected hole hole
Same as level 4 for single chipSame as level 4 for single chip EFT/EFPEFT/EFP Informal modelingInformal modeling
Meet new & emerging requirements for security Meet new & emerging requirements for security that is stronger than level 3that is stronger than level 3
Avoid the most difficult requirements of level 4:Avoid the most difficult requirements of level 4: Formal modelingFormal modeling Any/All tamper detection envelopeAny/All tamper detection envelope
This level of security is reasonable to develop and This level of security is reasonable to develop and manufacturemanufacture