Cryptography

Cryptography – Conditional Self-Tests

Friday, February 6th, 2009

Conditional tests shall be performed by a cryptographic module when the conditions specified for the following tests occur: Pair-Wise Consistency Test, Software Load Test, Manual Key Entry Test, Continuous RBG Test, RBG Entropy Source Test, and Conditional Bypass Test.

Pair-Wise Consistency Test (for public and private keys). If a cryptographic module generates public or private keys, then the following pair-wise consistency tests for every pair of generated public and private keys [..]

Social tagging: cipher, cryptography, rsa encryption

Cryptography – Pre-Operational Self-Test

Friday, February 6th, 2009

The pre-operational tests shall be performed by a cryptographic module between the time a cryptographic module is powered on, either from a power-off state or a quiescent state (e.g., low power, suspend or hibernate) and the time that the cryptographic module uses a function or provides a service using the function to be tested.

Prior to using a security function, the pre-operational test(s) of that security function shall pass successfully. The [..]

Social tagging: cryptography algorithms, diffie-hellman, encrypting

Cryptography – SSP Zeroization

Friday, February 6th, 2009

A module shall provide methods to zeroize all CSPs (including temporarily stored values) within the module.

Once a CSP is zeroized, the CSP shall not be retrievable from the module. Zeroization of PSPs, encrypted CSPs, or CSPs otherwise physically or logically protected within an additional embedded validated module (meeting the requirements of this standard) is not required at levels below Security Level 5.

Keys used only to perform pre-operational self-tests shall be [..]

Social tagging: ciphers, encrypt, public key cryptography

Cryptography – SSP Entry and Output

Friday, February 6th, 2009

SSPs may be entered into or output from a module. If SSPs are entered into or output from a module, theentry or output of SSPs is performed using manual (e.g., entered via a keyboard or output via a visual display) or electronic (e.g., via a smart card/tokens, PC card, other electronic key loading device, or the module operating system) methods or some combination thereof.

Documentation shall specify the SSP entry and [..]

Social tagging: data encryption, encrypted, rsa encryption

Cryptography – Environmental Failure Testing Procedures

Friday, February 6th, 2009

EFT shall involve a combination of analysis, simulation, and testing of a cryptographic module to provide reasonable assurance that environmental conditions or fluctuations (accidental or induced) outside the module’s normal operating ranges for temperature and voltage will not compromise the security of the module.

EFT shall demonstrate that, if the operating temperature or voltage falls outside the normal operating range of the cryptographic module resulting in a failure, at no time [..]

Social tagging: cryptography algorithms, rsa, ssl

Single-Chip Cryptographic Modules

Friday, February 6th, 2009

The following requirements are specific to single-chip cryptographic modules.

SECURITY LEVEL 1

There are no additional Security Level 1 requirements for single-chip cryptographic modules.

SECURITY LEVEL 2

In addition to the requirements for Security Level 1, the following requirements shall apply to single-chip cryptographic modules for Security Level 2.

The cryptographic module shall be covered with a tamper-evident coating (e.g., a tamper-evident passivation material or a tamper-evident material covering the passivation) or contained in atamper-evident [..]

Social tagging: data encryption algorithm, diffie-hellman, rsa

Cryptography – General Physical Security Requirements

Friday, February 6th, 2009

The following requirements shall apply to all physical embodiments:

Documentation shall specify the physical embodiment and the security level for which the physical security mechanisms of a cryptographic module are implemented.
Whenever zeroization is performed for physical security purposes, the zeroization shall occur in a sufficiently small time period so as to prevent the recovery of the sensitive data between the time of detection and the actual zeroization.
If a module includes [..]

Social tagging: AES, electronic digital signature, quantum cryptography

Cryptographic Module Specification

Thursday, February 5th, 2009

A cryptographic module shall be a set of hardware and software that implements cryptographic functions or processes, including cryptographic algorithms and, optionally, key generation, and is contained within a defined cryptographic boundary.

In an Approved mode of operation a cryptographic module shall implement at least one Approved or Allowed security function. Certain non-Approved security functions are allowed for use in an Approved mode of operation. Allowed security functions used in an [..]

Social tagging: ciphers, cryptography and network security, PKI

Cryptography – Acronyms

Thursday, February 5th, 2009

The following acronyms and abbreviations are used throughout this standard:

CMS Configuration Management System

CSP Critical Security Parameter

DPA Differential Power Analysis

EDC Error Detection Code

EFP Environmental Failure Protection [..]

Social tagging: ciphers, SHA, ssl encryption

Cryptography – Security Levels

Thursday, February 5th, 2009

Security Level 1

Security Level 1 provides the lowest level of assurance. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved security function must be used). No specific physical security mechanisms are required in a Security Level 1 cryptographic module beyond the basic requirement for production-grade components.

Security Level 1 allows the software components of a cryptographic module to be executed on a general purpose computing system [..]

Social tagging: diffie-hellman, network security, ssl