Computer Security – Cryptography
There is a symbiotic relationship between cryptography and the development of high-performance computing systems. Modern-day computers were created at the behest of twentieth-century cryptanalysts. As the complexity of cryptographic systems progressed from mechanical to electronic systems, so did the need to develop more efficient methods to cryptanalyze them.
Cryptographic Module – Operator Authentication & Logical Interfaces
This post is part of the Computer Security – Cryptography posts series.
Operator Authentication
Authentication mechanisms could be demanded within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and execute services within that role. For Security Levels 2-5, a cryptographic module shall [...]
Operational Environments and OS Requirements for Modificable Operational Enviroments
This post is part of the Computer Security – Cryptography posts series.
Operational Environment
The requirements of this section apply only to modules containing software that run in a modifiable operational environment. The requirements do not apply to hardware only modules or anymodules with a non-modifiable operational environment.
The operational environment of a cryptographic module is the set [...]
Cryptographic Module – Software and Services
This post is part of the Computer Security – Cryptography posts series.
Software
SECURITY LEVEL 1
The succeeding necessities shall implement to software contained within a cryptographic module for this level of security.
All cryptographic code within the module shall be in executable form.
A cryptographic mechanism utilizing an authorized integrity technique (for instance, an aapproved message authentication code [...]
Multiple-Chip Standalone and Embeded Cryptographic Modules
This post is part of the Computer Security – Cryptography posts series.
Standalone
SECURITY LEVEL 1
In plus to the necessities for Security Levels 1 and 2, the succeeding necessities shall implement to multiple-chip standalone cryptographic modules for this level of security.
The multiple-chip embodiment of the circuitry within the cryptographic module shall be covered with a hard potting [...]
Development of a Cryptographic Module
A proper development process provides assurance that the implementation of a cryptographic module corresponds to the module functional specification and Security Policy, that the cryptographic module is maintainable, and that the validated cryptographic module is reproducible.
We specifies the security requirements for the representation of a cryptographic module’s security functionality at various levels of abstraction from the functional specification to the implementation [..]
The following requirements shall apply to cryptographic
Cryptographic Module Finite State Model
The operation of a cryptographic module shall be specified using a Finite State Model (or equivalent) represented by a state transition diagram and/or a state transition table and state descriptions. The FSM shall be sufficiently detailed to demonstrate that the cryptographic module complies with all of the requirements of this standard.
Documentation shall include the FSM (or equivalent) using a state transition diagram and/or state transition table and state descriptions that [..]
Cryptography – Conditional Self-Tests
Conditional tests shall be performed by a cryptographic module when the conditions specified for the following tests occur: Pair-Wise Consistency Test, Software Load Test, Manual Key Entry Test, Continuous RBG Test, RBG Entropy Source Test, and Conditional Bypass Test.
Pair-Wise Consistency Test (for public and private keys). If a cryptographic module generates public or private keys, then the following pair-wise consistency tests for every pair of generated public and private keys [..]