Computer Security – Cryptography

There is a symbiotic relationship between cryptography and the development of high-performance computing systems. Modern-day computers were created at the behest of twentieth-century cryptanalysts. As the complexity of cryptographic systems progressed from mechanical to electronic systems, so did the need to develop more efficient methods to cryptanalyze them.

Cryptographic Module – Operator Authentication & Logical Interfaces

This post is part of the Computer Security – Cryptography posts series.
Operator Authentication
Authentication mechanisms could be demanded within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and execute services within that role. For Security Levels 2-5, a cryptographic module shall [...]

Operational Environments and OS Requirements for Modificable Operational Enviroments

This post is part of the Computer Security – Cryptography posts series.
Operational Environment
The requirements of this section apply only to modules containing software that run in a modifiable operational environment. The requirements do not apply to hardware only modules or anymodules with a non-modifiable operational environment.
The operational environment of a cryptographic module is the set [...]

Cryptographic Module – Software and Services

This post is part of the Computer Security – Cryptography posts series.
Software
SECURITY LEVEL 1
The succeeding necessities shall implement to software contained within a cryptographic module for this level of security.

All cryptographic code within the module shall be in executable form.
A cryptographic mechanism utilizing an authorized integrity technique (for instance, an aapproved message authentication code [...]

Multiple-Chip Standalone and Embeded Cryptographic Modules

This post is part of the Computer Security – Cryptography posts series.
Standalone
SECURITY LEVEL 1
In plus to the necessities for Security Levels 1 and 2, the succeeding necessities shall implement to multiple-chip standalone cryptographic modules for this level of security.

The multiple-chip embodiment of the circuitry within the cryptographic module shall be covered with a hard potting [...]

Development of a Cryptographic Module

A proper development process provides assurance that the implementation of a cryptographic module corresponds to the module functional specification and Security Policy, that the cryptographic module is maintainable, and that the validated cryptographic module is reproducible.

We specifies the security requirements for the representation of a cryptographic module’s security functionality at various levels of abstraction from the functional specification to the implementation [..]

The following requirements shall apply to cryptographic

Cryptographic Module Guidance

The requirements in this section are intended to ensure that all entities using the cryptographic module have adequate guidance and procedures to administer and use the module in a secure manner. Guidance documentation consists of administrator and non-administrator guidance.

Administrator guidance is written material that is used by the Crypto Officer and/or other administrative roles for the correct configuration, maintenance, and administration of the cryptographic module. The administrator guidance contains information [..]

Cryptographic Module Finite State Model

The operation of a cryptographic module shall be specified using a Finite State Model (or equivalent) represented by a state transition diagram and/or a state transition table and state descriptions. The FSM shall be sufficiently detailed to demonstrate that the cryptographic module complies with all of the requirements of this standard.

Documentation shall include the FSM (or equivalent) using a state transition diagram and/or state transition table and state descriptions that [..]

Cryptographic Modules – Design

A design is an engineering solution that addresses the functional specification for a cryptographic module. The design is intended to provide assurance that the functional specification of a cryptographic module corresponds to the intended functionality described in the Security Policy.

Cryptographic modules shall be designed to allow the testing of the implemented functionality to this standard, where possible without compromising the security of the module, so that all the services of [..]

Cryptography – Configuration Management

Configuration management specifies the security requirements for a configuration management system implemented by a cryptographic module vendor, providing assurance that the integrity of the cryptographic module is preserved by requiring discipline and control in the processes of refinement and modification of the cryptographic module and related documentation.

A configuration management system is put in place to prevent accidental or unauthorized modifications to, and provide change traceability for, the cryptographic module and [..]