Cryptographic Module – Software and Services

This post is part of the Computer Security – Cryptography posts series.

Software

SECURITY LEVEL 1

The succeeding necessities shall implement to software contained within a cryptographic module for this level of security.

  • All cryptographic code within the module shall be in executable form.
  • A cryptographic mechanism utilizing an authorized integrity technique (for instance, an aapproved message authentication code or a digital signature algorithm) that utilizes a cryptographic key shall be implemented to all software within the cryptographic module. The key may reside within the module.
  • The input and output of the module shall be directed through a defined module software interface.
  • The Module software interface shall not allow the operator of the service to read the software.
  • The Module software interfaceshall not allow the operator to modify module software without invoking the Software Load Test.
  • Any modifications to module software different than a complete reload shall pass the Software Load Test.
  • If a particular format for externally provided information is expected, then the module shall verify the format.

SECURITY LEVEL 2

In plus to the necessities of Security Level 1, the succeeding necessities shall implement to software contained within a cryptographic module for this level of security.

  • The approved integrity technique utilized in the Software Integrity Test shall consist of the generation of a digital signature utilizing an approved digital signature algorithm. The entity requesting validation shall generate the private key utilized to sign the code and the public key utilized to verify the code. The private signing key shall not reside within the module. The public verification key may reside with the module code.

SECURITY LEVEL 3

In plus to the necessities of Security Level 2, the succeeding necessities shall enforce to software contained within a cryptographic module for level of security.

  • An Module software interface command (id est, callable service) allowing a cryptographic officer to initiate the Software Integrity Test without instituting a power-down of the module shall be incorporated. The Module software interface command shall return an indication as to whether the Software Integrity Test was successful and a newly calculated hash value.1
  • The hash value of the module’s software shall be zeroized from the module upon completion of the Module software interface command which initiates the Software Integrity Test.

SECURITY LEVEL 4

In plus to the necessities of Security Level 3, the succeeding necessities shall implement to software contained within a cryptographic module for this level of security.

  • The module shall have the capacity to decrypt portions of the software that is encrypted when the module is first loaded. All Critical Security Parameters also as the Software Integrity Test software (including the public verification key and digital signature) shall be encrypted by the vendor utilizing a symmetric key. The symmetric key, or key components, shall at first be generated by the vendor and transported to the module site. The symmetric key shall not be retained within the module when the module is transported to the client. When the software is loaded into the module, the Cryptographic Officer(s) shall enter the symmetric key or key components to decrypt the encrypted portions. The Software Integrity Test, including the symmetric key (as data), shall then be performed as part of the pre-operational tests.
  • Before the module subsequently transitions to the pre-operational state, the Cryptographic Officer(s) may supply a new symmetric key, or key components (otherwise the current symmetric key shall be used). The Critical Security Parameters, and Software Integrity Test software (including the public verification key and digital signature) shall be encrypted and all plaintext copies of these values within the module shall be automatically zeroized.
  • A new key pair used by the Software Integrity Test, and a new symmetric encryption key shall be at first generated for each instance of this cryptographic module.
  • The mode of encryption utilized to protect Critical Security Parameters and the Software Integrity Test software (including the public verification key and digital signature) shall be approved encryption with an authentication mode.

SECURITY LEVEL 5

In plus to the necessities of Security Level 4, the succeeding necessity shall implement to software contained within a cryptographic module for this level of security.

  • In plus to all Critical Security Parameters and the Software Integrity Test software (including the public verification key and digital signature), the symmetric encryption described in Level 4 shall be implemented to all Public Security Parameters.
Cryptographic module

Cryptographic module

Services

A cryptographic module shall supply the succeeding services to operators:

  • Show Status: Output the current status of the cryptographic module. This could include the output of status indicators in response to a service request.
  • Show the Module’s Version Number: Output the name and the version number of the cryptographic module.
  • Perform Self-Tests: start and run pre-operational self-tests.
  • Execute Approved Security Function: Perform at least one Approved or Allowed security function used in an Approved mode of operation.
  • Zeroize: Perform zeroization .
  • A cryptographic module may supply other services, both Approved and non-Approved, in plus to the services defined above. Specific services may be supplied in more than one role (for instance, key entry services possibly supplied in the User role and the Crypto-Officer role).
  • Bypass Capability. The ability of a service to partially or totally circumvent a cryptographic function. If the module can output a specific data or status item in a cryptographically protected form, but instead (as a consequence of module configuration or operator intervention) can as well output the item in a non-protected form, then a bypass capability shall be defined.

If a cryptographic module implements a bypass capability, then

  • The operator shall assume an authorized role prior to configuring the bypass capability.
  • Two independent internal actions shall be demanded to deactivate the mechanisms that are configured to prevent the inadvertent bypass of security functions due to a single error.The two independent internal actions shall alter software and/or hardware behavior that is dedicated to mediate the bypass.
  • The module shall show its status to indicate whether:
    • the module is providing services without the use of cryptographic functions (the bypass capability is activated), or
    • the module is providing services with the use of a cryptographic function (the bypass capability isn’t activated)

External Software Loading: If a cryptographic module has the capability of loading software from an external source, then

  • The logic performing the external software loading shall be logically disconnected from all data output.
  • The cryptographic module shall not execute the loaded code until after the Software Load Test has with success controlled the validity of the externally loaded code.
  • The cryptographic module shall not execute any loaded Approved security functions until after the Cryptographic Algorithm self-tests have been with success accomplished.
  • The module shall support an Approved authentication technique to verify the validity of software that may be loaded. Defining a limited or non-modifiable operational environment by means of procedurally-enforced security rules interdicting the utilization of the external software loading capability shall not be allowed.

Published in Cryptography , Monday July 27th 2009
Tags: ,



25 Responses to “Cryptographic Module – Software and Services”

  1. John says:

    I am doing a civil war project on cryptography and I want to know what kind of cryptography existed during the Civil War era ?

  2. Mcwalter says:

    American Natives were used because they spoke an un-known to the enemy language

  3. Ted says:

    enigma encoding machine

  4. rashed says:

    I think cypher wheels

  5. Minko says:

    I want to know if cryptography is a science career

  6. Marcos says:

    In my opinion it is a math career. So, because math is a science, yes.

  7. Asmin says:

    It is possible to decode information without knowing key ? If the answer is yes, then how is quantum cryptography unconditionally secure ?

  8. Tony says:

    Exist a difference between statistically secure and realistically secure. The chances of someone breaking a 32 character code is not impossible,and it depends on the amount of time and computing power available to decipher, but is more difficult than a 4 digit code.

  9. Kahn says:

    At this time there is no good way to predict how a quantum computer could decipher a generic code.

  10. Krinker says:

    If a public key is broken into its prime factors, it would be possible to construct the private key and thus it would be possible to decipher encrypted data.

  11. Hans says:

    Quantum computers are not invincible and they have limitations as well.

    Algorithms have to be developed that make proper use of quantum computers. But, encryption algorithms can be built in different modes that give you no advantage to using quantum computers.

  12. Sam says:

    What is the role of the session key in public key schemes?

  13. admin says:

    In all public key systems, the encryption and decryption times are very lengthy compared to other block-oriented algorithms such as DES for equivalent data sizes.

    Therefore in most implementations of public-key systems, a temporary, random session key of much smaller length than the message is generated for each message and alone encrypted by the public key algorithm.

  14. Max says:

    What’s RSA ?

  15. admin says:

    RSA is a public-key cryptosystem defined by Rivest, Adleman and Shamir.

  16. Andrew says:

    What is authentication and the key-exchange problem ?

  17. admin says:

    The key exchange problem involves:
    1) ensuring that keys are exchanged so that the sender and receiver can perform encryption and decryption

    2)doing so in such a way that ensures an eavesdropper or outside party cannot break the code. Authentication adds the requirement that

    3)there is some assurance to the receiver that a message was encrypted by ‘a given entity’ and not ’someone else’.

  18. Alvaro says:

    What is a product cipher ?

  19. admin says:

    A product cipher is a block cipher that iterates several weak operations such as substitution, transposition, modular addition/multiplication, and linear transformation.

  20. Alvaro says:

    What are the the main parameters of a product cipher ?

  21. admin says:

    block length,key bits and number of rounds

  22. admin says:

    What makes a product cipher secure ?

  23. admin says:

    Nonlinearity,highly random,at least 5 rounds of DES and must produce ciphertext which functionally depends on every bit of the plaintext and the key.

  24. Ken says:

    interesting post

  25. P. Silva says:

    a very good article about Cryptographic Module – Software

Leave a Reply


Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved