Cryptographic Module Finite State Model

This post is part of the Computer Security – Cryptography posts series.

The operation of a cryptographic module shall be specified using a Finite State Model (or equivalent) represented by a state transition diagram and/or a state transition table and state descriptions. The FSM shall be sufficiently detailed to demonstrate that the cryptographic module complies with all of the requirements of this standard.

Documentation shall include the FSM (or equivalent) using a state transition diagram and/or state transition table and state descriptions that shall specify:

  • The operational and error states of a cryptographic module.
  • The corresponding transitions from one state to another.
  • The input events, including data inputs and control inputs, which cause transitions from one state to another.
  • The output events, including internal module conditions, data outputs, and status outputs, resulting from transitions from one state to another.

The FSM of a cryptographic module shall include the following operational and error states:

Power on/off state. A state in which the module is powered off or in standby mode, and in which primary, secondary, or backup power is applied to the module. This state may distinguish between power sources being applied to a cryptographic module.

General initialization state: A state in which the cryptographic module is initializing non-cryptographic services.
Crypto-Officer state: a state in which the Crypto-Officer services are performed (e.g., cryptographic initialization, secure administration, and key management).

CSP entry state: a state for entering the CSPs into the cryptographic module.
User state: (if a User role is implemented): a state in which authorized users obtain security services, perform cryptographic operations, or perform other Approved or non-Approved functions.

Approved state: a state in which Approved security functions are performed.
Self-test state: a state in which the cryptographic module is performing self-tests.

Error state: a state when the cryptographic module has encountered an error condition (e.g., fail a self-test or attempt to encrypt without operational keys or CSPs). There may be one or more error conditions that result in a single module error state. Error states may include “hard” errors that indicate an equipment malfunction and that may require maintenance, service or repair of the cryptographic module, or recoverable “soft” errors that may require initialization or resetting of the module. Recovery from error states shall be possible, except for those caused by hard errors that require maintenance, service, or repair of the cryptographic module.

Each distinct cryptographic module service, security function use, error state, self test, or operator authentication shall be depicted as a separate state.

A cryptographic module may contain other states including, but not limited to, the following:

Bypass state: a state in which a service, as a result of module configuration or operator intervention, causes the plaintext output of a particular data or status item that would normally be output in encrypted form.

Quiescent state: a state in which the cryptographic module is dormant (e.g., low power, suspended or in hibernation.)

Published in Cryptography , Friday February 6th 2009
Tags: , ,



9 Responses to “Cryptographic Module Finite State Model”

  1. Sam says:

    Can somebody give me a basic explanation of public key cryptography and what it’s used for ?

  2. admin says:

    There are two functions – encrypting information so that only the intended receiver can read it, and authenticating a message so that the receiver has confidence that it was you who sent it.

    Public key cryptography is based on a system using two keys: one for encryption and another for decryption. One of the keys is “private” and the other is “public”
    and can freely be distributed.

  3. Rim says:

    How to get started with number coding and cryptography ?

  4. admin says:

    Read books:

    Practical Cryptography by Niels Ferguson (Author)and Bruce Schneier. The book is about how to build secure cryptographic systems.

    Introduction to Modern Cryptography: Principles and Protocols by Jonathan Katz and Yehuda Lindell. The book makes the approach to cryptography accessible to a broad audience.

    Foundations of Cryptography by Oded Goldreich. It fill the niche of theoretical cryptography.

  5. Arko says:

    I want to know contemporary applications of cryptography in the field of communication technology and information.

  6. Erik says:

    The RSA cryptosystem is still one of the strongest encryption methods out there for sending data securely in enterprise communication.

  7. Matt says:

    Where can I go to college to learn cryptography ?

  8. admin says:

    MIT ( Massachusetts Institute of Technology ). Exist a Cryptography and Information Security Group (CIS Group) at MIT. The group was founded in 1995 by professors: Shafi Goldwasser, Silvio Micali, and Ron Rivest.

  9. Marcos says:

    Cal Tech. Exist a group for Quantum Computation and Cryptography.

  10. Ken says:

    interesting post

  11. P. Silva says:

    a very good article about Cryptographic Module Finite State Model

Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved