FIPS PUB 140-3 (DRAFT) FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION (Will Supersede FIPS PUB 140-2, 2001 May 25) SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8900 U.S. Department of Commerce Secretary Technology Administration Under Secretary for Technology National Institute of Standards and Technology Director Abstract The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard that will be used by Federal organizations when these organizations specify that cryptographic- based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides five increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module physical ports and logical interfaces; roles, authentication, and services; software security; operational environment; physical security; physical security – non-invasive attacks; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. Key words: computer security, telecommunication security, physical security, software security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS). ii TABLE OF CONTENTS 1. OVERVIEW....................................................................................................................................... 1 1.1 Security Level 1.............................................................................................................................. 2 1.2 Security Level 2.............................................................................................................................. 2 1.3 Security Level 3.............................................................................................................................. 2 1.4 Security Level 4.............................................................................................................................. 3 1.5 Security Level 5.............................................................................................................................. 4 2. GLOSSARY OF TERMS AND ACRONYMS.................................................................................. 5 2.1 Glossary of Terms .......................................................................................................................... 5 2.2 Acronyms ..................................................................................................................................... 11 3. FUNCTIONAL SECURITY OBJECTIVES.................................................................................... 13 4. SECURITY REQUIREMENTS....................................................................................................... 14 4.1 Cryptographic Module Specification............................................................................................ 16 4.1.1 Types of Cryptographic Modules ......................................................................................... 16 4.1.2 Cryptographic Boundary ...................................................................................................... 16 4.1.3 Multiple Approved Modes of Operations............................................................................. 17 4.1.4 Degraded Functionality ........................................................................................................ 17 4.1.5 Security Strength of the Module........................................................................................... 17 4.2 Cryptographic Module Physical Ports and Logical Interfaces...................................................... 17 4.3 Roles, Authentication, and Services ............................................................................................. 18 4.3.1 Roles..................................................................................................................................... 19 4.3.2 Operator Authentication ....................................................................................................... 19 4.3.3 Services................................................................................................................................. 21 4.4 Software Security ......................................................................................................................... 22 4.5 Operational Environment ............................................................................................................. 24 4.5.1 Operating System Requirements for Modifiable Operational Environments ....................... 25 4.6 Physical Security .......................................................................................................................... 27 4.6.1 General Physical Security Requirements.............................................................................. 29 4.6.2 Single-Chip Cryptographic Modules.................................................................................... 30 4.6.3 Multiple-Chip Embedded Cryptographic Modules............................................................... 31 4.6.4 Multiple-Chip Standalone Cryptographic Modules.............................................................. 33 4.6.5 Environmental Failure Protection/Testing............................................................................ 34 4.7 Physical Security – Non-Invasive Attacks.................................................................................... 35 4.8 Sensitive Security Parameter Management .................................................................................. 36 4.8.1 Random Bit Generators ........................................................................................................ 36 4.8.2 SSP Generation..................................................................................................................... 37 4.8.3 SSP Establishment................................................................................................................ 37 4.8.4 SSP Entry and Output........................................................................................................... 37 4.8.5 SSP Storage .......................................................................................................................... 38 4.8.6 SSP Zeroization .................................................................................................................... 39 4.9 Self-Tests...................................................................................................................................... 40 4.9.1 Pre-Operational Self-Tests.................................................................................................... 40 4.9.2 Conditional Self-Tests .......................................................................................................... 41 4.9.3 Critical Functions Tests ........................................................................................................ 43 4.10 Life-Cycle Assurance ................................................................................................................... 43 4.10.1 Configuration Management.................................................................................................. 43 4.10.2 Design................................................................................................................................... 44 4.10.3 Finite State Model ................................................................................................................ 45 4.10.4 Development......................................................................................................................... 46 4.10.5 Vendor Testing ..................................................................................................................... 47 4.10.6 Delivery and Operation......................................................................................................... 47 4.10.7 Guidance Documents............................................................................................................ 48 4.11 Mitigation of Other Attacks.......................................................................................................... 48 APPENDIX A: SUMMARY OF DOCUMENTATION REQUIREMENTS .............................................. 50 iii APPENDIX B: RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES .................................. 54 APPENDIX C: CRYPTOGRAPHIC MODULE SECURITY POLICY...................................................... 56 APPENDIX D: SELECTED BIBLIOGRAPHY.......................................................................................... 59 iv 1. OVERVIEW