Cryptographic Module Specification
This post is part of the Computer Security – Cryptography posts series.
A cryptographic module shall be a set of hardware and software that applies cryptographic functions or processes, including cryptographic algorithms and, optionally, key generation, and is contained within a defined cryptographic boundary.
In an Approved mode of operation a cryptographic module shall implement at least one Approved or Allowed security function. Certain non-Approved security functions are permitted for utilization in an Approved mode of operation. Permitted security functions utilized in an Approved mode of operation shall conform to all of the applicable necessities . The user shall be capable to decide when an Approved mode of operation is selected. All Approved modes of operation shall be specified in the module Security Policy.
Non-Approved functions can be executed if they aren’t utilized to offer security relevant functionality (for instance, a non-Approved algorithm may be utilized to encrypt information or keys but the result is considered plaintext and offers no security relevant functionality until encrypted with an Approved algorithm). Non-Approved security functions may as well be utilized in non-Approved modes of operation.
The hardware and software of a cryptographic module can be excluded from the requirements of this standard if the vendor can certify that the excluded hardware and software doesn’t affect the security of the module.
SECURITY LEVELS 1 AND 2
For Security Levels 1 and 2, the cryptographic module Security Policy shall specify when a cryptographic module is executing in an Approved mode of operation.
SECURITY LEVELS 3, 4 AND 5
In plus to the demands of Security Level 2, for Security Levels 3, 4 and 5, a cryptographic module shall indicate when an Approved mode of operation is selected.
Types of Cryptographic Modules
A cryptographic module shall be specified as one of the succeeding types:
- Hardware module is a module composed primarily of hardware, which may as well contain some software.
- Software module is a module that’s composed exclusively of software.
- Hybrid module is a module whose cryptographic functionality is principally contained in software, which as well includes some special purpose hardware within the cryptographic boundary of the module.
Cryptographic Boundary
A cryptographic boundary shall consist of an explicitly defined perimeter that institutes the physical boundary of a cryptographic module. The necessities of this standard shall implement to all components within this boundary, including all hardware and software. The cryptographic boundary shall include the processor(s) and other hardware components that offer for the operational environment of the module.
Cryptographic module
11 Responses to “Cryptographic Module Specification”
what topics do you think I should cover for a cryptography presentation ?
With math or without math
explain algorithms like AES, DES
I want to explain algorithms like AES, DES without being mathematical
Cryptography methods in use today it is a good title
Encryption text in images. It is one of the newest ways of sending data that is encrypted.
History of cryptography. Start with Encrypting documents on a IBM-PCAT at 5MHZ.
The future of encrypted communication recorded on the Internet
Types of Cryptographic Modules
Encryption power. As time passes, computers become more powerful so breaking the encryption is more easy.
Breaking the codes to stop terrorism.What the government and other authorities are doing about this subject ?
interesting post
a very good article about Cryptographic Module Specification