Cryptographic Module – Operator Authentication & Logical Interfaces

You are here: Technology Topics » Computer & Gadgets » Computer & Network Security » Cryptography » Cryptographic Module – Operator Authentication & Logical Interfaces

This post is part of the Computer Security – Cryptography posts series.

Operator Authentication

Authentication mechanisms could be demanded within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and execute services within that role. For Security Levels 2-5, a cryptographic module shall support at least one of the following mechanisms to control access to the module:

• Role-Based Authentication: If role-based authentication mechanisms are supported by a cryptographic module, the module shall require that one or more roles either be implicitly or explicitly selected by the operator and shall authenticate the assumption of the selected role (or set of roles). The cryptographic module isn’t mandatory to authenticate the individual identity of the operator.The selection of roles and the authentication of the assumption of selected roles could be combined. If a cryptographic module allows an operator to modify roles, then the module shall authenticate the assumption of any role that wasn’t previously authenticated.
• Identity-Based Authentication: If identity-based authentication mechanisms are supported by a cryptographic module, the module shall demand that the operator be individually and uniquely identified, shall demand that one or more roles either be implicitly or explicitly selected by the operator, and shall authenticate the identity of the operator and the authorization of the operator to assume the selected role or set of roles. The authentication of the identity of the operator, selection of roles, and the authorization of the assumption of the selected roles could be combined. If a cryptographic module allows an operator to modify roles, then the module shall verify the authorization of the identified operator to assume any role that wasn’t antecedently authorized.

For a software cryptographic module, the OS can apply the authentication mechanism. If the OS applies the authentication mechanism, then the authentication mechanism shall conform to the necessities of this section.

A cryptographic module may allow an authenticated operator to execute all of the services permitted within an authorized role, or may demand separate authentication for each service or for different sets of services. When a cryptographic module is powered off and subsequently powered on, the results of previous authentications shall not be retained and the module shall demand the operator to be re-authenticated.

Several types of authentication information could be demanded by a cryptographic module to apply the supported authentication mechanisms, including (but not limited to) the knowledge or ownership of a password, PIN (Personal Identification Number), cryptographic key, or equivalent; possession of a physical key, token, or equivalent; or verification of personal characteristics (for instance, biometrics).

Authentication data within a cryptographic module shall be protected against unauthorized disclosure, modification, and substitution.
The initialization of authentication mechanisms may warrant special treatment. If a cryptographic module doesn’t contain the authentication information needed to authenticate the operator first the module is accessed, then other authorized methods (for instance, procedural controls or use of factory-set or default authentication information) shall be utilized to control access to the module and initialize the authentication mechanisms.

If default authentication data is utilized to control access to the module, then default authentication data shall be replaced upon first-time authentication. This default authentication data doesn’t need to meet the zeroization requirements .

The authentication mechanism could constitute a group of mechanisms of various authentication attributes that jointly conform to the strength of authentication necessities of this section. If the cryptographic module utilizes cryptographic functions to authenticate the operator, then those cryptographic functions shall be authorized or permitted cryptographic functions.

The combined strength of the authentication mechanism shall meet the succeeding specs:

• For each attempt to utilize the authentication mechanism, the probability shall be equal to or less than one in 100,000,000 that a single attempt will succeed or a false acceptance will happen (for example, guessing a password, false acceptance error rate of a biometric device, or some combination of authentication methods.)
• For multiple attempts to utilize the authentication mechanism during a one-minute period, the probability shall be equal to or less than one in 10,000,000 that a single attempt will succeed or a false acceptance will happen.
• Authentication strength necessities shall be met by the module’s implementation and shall not rely on documented procedural controls or security rules (for instance, password size restrictions).
• If passwords are used as an authentication mechanism, then limitations shall be implemented by the module on password selection to forbid the utilization of weak passwords that are more susceptible to attacks (for instance, dictionary attacks).
• Feedback of authentication information to an operator shall be obscured during authentication (for instance, no visible display of characters when entering a password). Non-significant characters may be displayed in place of the actual authentication information.
• Feedback offered to an operator during an attempted authentication shall not weaken the strength of the authentication mechanism beyond the necessitated authentication strength.
• If the module employs default authentication information to control access to the module for first-time authentication, then the default authentication information shall be unique per module unit delivered.

SECURITY LEVEL 1

For Security Level 1, a cryptographic module isn’t demanded to employ authentication mechanisms to control access to the module.

SECURITY LEVEL 2

For Security Level 2, a cryptographic module shall apply role-based authentication to control access to the module.

SECURITY LEVEL 3

For Security Level 3, a cryptographic module shall apply identity-based authentication mechanisms to control access to the module.

SECURITY LEVELS 4 AND 5

In plus to the necessities of Security Level 3, Security Levels 4 and 5 shall as well conform to the succeeding necessity.The cryptographic module shall enforce two-factor identity-based authentication.

Logical Interfaces

A cryptographic module shall have the succeeding four logical interfaces (“input” and “output” are pointed from the perspective of the module):

• information output interface: All output information (except status information output via the status output interface) from a cryptographic module (including plaintext, ciphertext, Sensitive Security Parameters, and control data for another module) shall exit via the “information output” interface. For a given communication channel, all information output via the “information output” interface shall be disallowed when an error state exists and before successfully passing the pre-operational Software Integrity Test
• information input interface: All input information (except control information entered via the control input interface) executed by a cryptographic module (including plaintext, ciphertext, Sensitive Security Parameters, and status data from another module) shall enter via the “information input” interface.
• Control input interface: All input commands, signals, and control information (including function calls and manual controls such as switches, buttons, and keyboards) utilized to check the operation of a cryptographic module shall enter via the “control input” interface.
• Status output interface: All output signals, indicators, and status information (including return codes and physical indicators such as Light Emitting Diodes and displays) utilized to indicate the status of a cryptographic module shall exit via the “status output” interface. Status output may be either implicit or explicit.

The cryptographic module shall discern between information and control data for input, and information and status data for output.

All electrical power externally offered to a cryptographic module (including power from an external power source or batteries) shall enter via a power port. A power port isn’t needed when all power is offered or maintained within the cryptographic boundary ofthe cryptographic module (for instance., by an internal battery).

During manual Sensitive Security Parameters entry, the entered values may be temporarily showed to permit visual verification to improve accuracy.

To prevent the inadvertent output of delicate data, two independent internal actions shall be needed to output Critical Security Parameters. These two independent internal actions shall be dedicated to mediating the output of the Critical Security Parameters.

SECURITY LEVELS 1 AND 2

For Security Levels 1 and 2, Critical Security Parameters may be entered and output via physical port(s) and logical interface(s) divided with other physical ports and logical interfaces of the cryptographic module.

SECURITY LEVELS 3, 4, AND 5

The module shall use a separate, dedicated physical port for the input or output of Critical Security Parameter’s, or a Trusted Channel shall be used to protect the Critical Security Parameters entering and leaving the cryptographic module. If a Trusted Channel is utilized, the documentation shall stipulate the security strength of the Trusted Channel.



24 Responses to “Cryptographic Module – Operator Authentication & Logical Interfaces”

1. Alex says:

   I am searching for a free encryption / cryptographic software
2. admin says:

   TrueCrypt
   FreeOTFE
   CompuSec
   CryptoExpert Lite
   Scramdisk Encryption
   PGP (Pretty Good Privacy) Public Key Encryption
   Camouflage
3. Kerin says:

   What equation it is used for Elliptic Curves ?
4. admin says:

   Weierstrass equation
5. Vas says:

   Which are the International standardization organizations for cryptography ?
6. Tim says:

   International Organization for Standardization (ISO)
   International Electrotechnical Commission (IEC)
   International Telecommunication Union (ITU)
7. Vas says:

   What is ISO 7498-2 ?
8. Tim says:

   ISO 7498-2 it is security standard developed by JTC1 SC21) and was intended to serve as a security specific addition to ISO/IEC 7498-1, the OSI reference model.

   There are two other parts to this standard, namely ISO/IEC 7498-3, dealing with naming and addressing, and ISO/IEC 7498-4, covering management issues. A version
   of ISO 7498-2 has also been adopted as ITU recommendation X.800.
9. Nick says:

   What is the difference between symmetric and asymmetric ciphers ?
10. admin says:

    Asymmetric ciphers are much more mathematically complex than symmetric ciphers. They are based on the difficulties involved in solving certain mathematical problems. They are often probabilistic instead of deterministic.
11. Keny says:

    What are the categorizations for stream ciphers ?
12. admin says:

    Stream ciphers can be divided into two types: synchronous and self-synchronous (depending on the way that the keystream generator works).

    In a synchronous stream cipher the keystream generator produces keystream blocks that only depend upon the secret key K and the starting variable.

    In a self-synchronous stream cipher each keystream block produced depends not only on the secret key and the starting variable but also on the ciphertexts that have previously been produced by the algorithm.
13. Mira says:

    What is a cryptosystem ?
14. admin says:

    A cryptosystem system is a method of disguising messages so that only certain people can see through the disguise.
15. Andrew says:

    What is Lattice-based cryptography ?
16. admin says:

    It is new style of cryptography based on mathematical structures called lattices. The main advantage of lattice-based cryptography is that it seems to resist attacks made by quantum computers.
17. Vivian says:

    What are quantum computers ?
18. admin says:

    Quantum computers are theoretical systems that use the properties of atomic particles to solve problems.
19. Reks says:

    What is a hybrid cipher ?
20. admin says:

    A hybrid cipher is an asymmetric encryption scheme that uses both symmetric
    and asymmetric techniques.

    In general this is done by generating a random symmetric key, encrypting the message using a symmetric encryption scheme and the newly generated symmetric key, and then encrypting the symmetric key using asymmetric techniques.
21. Lulu says:

    What is a Hash Function ?
22. admin says:

    Hash functions are a cryptographic algorithm that takes an input of any size and outputs a fixed-length “hash code” that is, in some sense, difficult to predict in advance.
23. Ken says:

    interesting post
24. P. Silva says:

    a very good article about Cryptographic Module – LOGICAL INTERFACES