April 23, 2014

FIPS 140-3 is Dead

Let's all agree to stop referring to "FIPS 140-3" as the next revision of FIPS 140-2.

Instead, let's use "FIPS 140-4" to identify the follow-on standard that the United States Department of Commerce will eventually approve.

Here are the latest developments and my projections for FIPS 140-4:
  • The Division Chief of NIST's Computer Security Division has moved into a new role. Matthew Scholl is now the Acting Division Chief.
  • Since Matt Scholl is serving in an "Acting" role, expect no progress on FIPS 140-4 until the Division Chief role is officially filled. (NOTE: This is absolutely no dig on Matt -- he understands the FIPS 140 revision history very well and I imagine he is being asked to focus on other matters as Acting Division Chief)
  • I suspect the new Division Chief will have someone in NIST put a bow on ISO/IEC 19790:2012 and present it as FIPS 140-4 to the Secretary of Commerce for signature.
With these developments and projections in mind, here is my guess at a FIPS 140-4 schedule:

Estimated
Duration
Activity Estimated
Completion Date
3-6 months Division Chief role filled at NIST; FIPS 140-4 presented to
the Secretary of Commerce
Aug-Oct 2014
Up to 6 months Secretary of Commerce signs FIPS 140-4 Feb-Apr 2015
6 months FIPS 140-4 effective; FIPS 140-2 transition period begins Aug-Oct 2015
6 months FIPS 140-2 transition period ends Feb-Apr 2016

The FIPS 140-2 transition period is expected to be a 6 month period where cryptographic modules may be tested to FIPS 140-2 requirements or FIPS 140-4 requirements.

Mark Minnoch is an Account Manager at InfoGard Laboratories.  His guesses at a FIPS 140-4 schedule and next year's Superbowl champ are always free.

April 9, 2014

OpenSSL Heartbleed Bug and FIPS


(Image from heartbleed.com)
The Q&A section at Heartbleed.com states that "OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality."

Although the OpenSSL FIPS module does not mitigate the heartbeat vulnerability, it is also important to note that the vulnerability exists outside of the OpenSSL FIPS cryptographic module boundary.

The vulnerability affects TLS implementations in certain OpenSSL libraries.

"The OpenSSL FIPS module is completely unaffected by the heartbeat vulnerability (CVE-2014-0160)," confirms Steve Marquess, Founding Partner at OpenSSL Software Foundation, Inc. 

The OpenSSL FIPS Object Module achieved FIPS 140-2 Certificate #1747 in 2012 (the certificate is maintained frequently by OpenSSL Software Foundation, Inc.)

Mark Minnoch is an Account Manager at InfoGard Laboratories.  The InfoGard FIPS Team performed the OpenSSL FIPS Object Module FIPS 140-2 validation for OpenSSL Software Foundation.

April 1, 2014

8 Important requirements for your FIPS 140-3 Survival Kit

Why 8? Because 8 is my favorite, positive, single-digit number.

(Also, some might say I am relying on my Magic 8 Ball for my FIPS 140-3 posts.)

This is the second post in my FIPS 140-3 Survival Kit series. As of this post, no formal announcement has been made on the replacement standard to FIPS 140-2.  Be sure to read the first post for proper context.

For Technology Vendors in the planning phase for future products, here are 8 important requirements that are likely to change from the current FIPS 140-2 requirements:


  1. EMI/EMC testing - there are no EMI/EMC requirements in ISO 19790. Everyone is thrilled that this requirement got cut -- especially those vendors with short-shelf-life products.
  2. EFP or EFT for Level 3 - This FIPS 140-2 Level 4 requirement has been pushed down to Level 3 in ISO 19790. (Note: Only EFP is allowed at Level 4 in ISO 19790)
  3. Cryptographic integrity tests - For Level 2 and above, either an Approved keyed MAC based integrity check (Level 2) or an Approved digital signature based integrity test (Levels 2-4) is required. FIPS 140-2 allowed a non-cryptographic error detection code as a start-up integrity check for HW/FW modules.
  4. Conditional tests for algorithms - known-answer tests (KATs) are not required for all of the Approved algorithms on power-up. A conditional test of an Approved algorithm is required prior to use of that algorithm. This will allow for faster module start-up times!
  5. Degraded operation - ISO 19790 allows for a module to transition to a degraded operation if the mechanism or function causing the failure is isolated.
  6. One role minimum - Only the Crypto Officer Role is required. Other roles may be defined as needed (User Role, Maintenance Role, ...).
  7. Multi-factor authentication - If you are designing a Level 4 module, then you will need to employ multi-factor identity based authentication for access control.
  8. Zeroisation gets stricter - At Levels 2 and 3, you can no longer overwrite an SSP (Sensitive Security Parameter) with another SSP. Temporary SSPs must be zeroised when no longer needed. At Level 4, even cryptographically protected SSPs must be zeroised. (Note: In ISO 19790, things get "zeroised" not "zeroized")
My next FIPS 140-3 Survival Kit post will take a look into SSPs.

Mark Minnoch is an Account Manager at InfoGard Laboratories.  His other favorite single-digit numbers are 0 (because zero is awesome) and -3 (that's right -- negative-three).