Cryptography – Configuration Management
This post is part of the Computer Security – Cryptography posts series.
Configuration management specifies the security requirements for a configuration management system implemented by a cryptographic module vendor, providing assurance that the integrity of the cryptographic module is preserved by requiring discipline and control in the processes of refinement and modification of the cryptographic module and related documentation.
A configuration management system is put in place to prevent accidental or unauthorized modifications to, and provide change traceability for, the cryptographic module and related documentation.
SECURITY LEVELS 1 AND 2
The following security requirement shall apply to cryptographic modules for Security Levels 1 and 2.
- A configuration management system shall be implemented for a cryptographic module and module components within the cryptographic boundary, and for associated module documentation.
- Each version of each configuration item (e.g., cryptographic module, module hardware parts, module software components, module HDL, user guidance, Security Policy, etc.) that comprises the module and associated documentation shall be assigned and labeled with a unique identification number.
- The configuration management system shall track and maintain the changes to the identification and version or revision of each configuration item throughout the life-cycle of the validated cryptographic module.
- Documentation shall specify and describe the configuration management system used for the cryptographic module.
SECURITY LEVELS 3, 4, AND 5
In addition to the requirements for Security Levels 1 and 2, the configuration items shall be managed using an automated configuration management system.
7 Responses to “Cryptography – Configuration Management”
What math should I be learning for cryptography ?
Number Theory, Mathematical Analysis,Discreet Mathematics, Abstract Algebra, Real Analysis, Mathematical Modeling, Symbolic logic …
What are the difference between Symmetric and Asymmetric Ciphers ?
Symmetric Ciphers
One key to encrypt and decrypt
Key is array of bytes
Block size is small and fixed; key size may be variable
Specifically designed to scatter bits
Message can be encrypted as is
Faster
Brute-force attacks try keys
Asymmetric Ciphers
One key to encrypt, another key to decrypt
Key is typically one or more integers
Block size may be large and depends on key size
Designed around a hard mathematical problem
Message requires transformation before being encrypted
Slower
Brute-force attacks decompose a parameter to recover keys
What is MultiPrime RSA Algorithm ?
The MultiPrime RSA algorithm is a patented (U.S. Patent 5,848,159) extension
of the CRT method that uses more primes in the modulus n. The public
key is still the same, but n is now made of three or more primes.
The MultiPrime RSA algorithm is a method and apparatus are disclosed for improving public key encryption and decryption schemes that employ a composite number formed from three or more distinct primes.
The encryption or decryption tasks may be broken down into sub-tasks to obtain encrypted or decrypted sub-parts that are then combined using a form of the Chinese Remainder Theorem to obtain the encrypted or decrypted value. A parallel encryption/decryption architecture is disclosed to take advantage of the inventive method.
The MultiPrime RSA algorithm decryption is done using a natural extension of the CRT method: Each additional prime pi requires an exponent di = d mod p and a coefficient ci = pi-1 mod p
interesting post
a very good article about Cryptography – Configuration Management