The National Institute of Standards and Technology (NIST) is responsible for developing and maintaining information security standards for the unclassified information, known as Federal Information Processing Standards (FIPS). Many private sector industries have adopted these standards, beginning with banking in 70’s and 80’s. Today some control system security product vendors are beginning to comply and even get certified to FIPS.
FIPS 140 documents the security requirements for a crypto module. A crypto module is the software and hardware that provides encryption, authentication, data integrity, non-repudiation and other security functions. A crypto module sits in a device, and the FIPS 140 boundary is often a single chip or chipset.
There is a formal validation process to achieving FIPS 140 certification that is performed by an independent accredited lab. The validation and certification process can often take one year or longer. FIPS 140 certified devices are listed on NIST’s website.
FIPS 140-2 Security Levels
FIPS 140-2 defines four security levels that increase in security as the level number increases.
- Level 1 – The lowest level of security places almost no physical or hardware security requirements and allows the crypto to be implemented on an “unevaluated operating system”. Essentially Level 1 verifies the crypto algorithms and protocols have been implemented correctly.
- Level 2 – Requires the device be tamper-evident, which doesn’t stop tampering, and adds role based authentication and authorization for a generic operator and administrator. Crypto must be implemented on an evaluated operating system. This is often met by the minimal operating system on a crypto chip.
- Level 3 – Moves from tamper-evident in Level 2 to tamper-resistant in Level 3. Tamper resistance identifies and responds to tampering, typically by zeroing sensitive crypto parameters such as keys. A sophisticated attacker may be able to circumvent the anti-tamper protection. Level 3 requires role based authentication and authorization for individual users. Red (plain text) / Black (cipher text) separation for interfaces is introduced as well as more stringent requirements for the operating system.
- Level 4 – Moves from tamper-resistant in Level 3 to tamper-proof in Level 4. The device must be highly resistant to sophisticated tampering attacks including freezing the device and all enclosure entry points.
Level 1 is rather simple and rarely selected by vendors. Most vendors certify to Level 2 or Level 3. Achieving Level 3 and Level 4 certification can be quite difficult and expensive. An appropriate level is selected based on the risk to the device.
FIPS 140 Revision History
The first version, FIPS 140-1, was issued in January 1994 and device validation began in July 1995.
FIPS 140-1 was revised in May 2001 as the current version is FIPS 140-2. There are important changes in the new version, such as the addition of logical red/black separation, authentication credential strength requirements, and mitigation of specific attacks, but the overall structure and purpose is the same as FIPS 140-1.
The first draft of FIPS 140-3 is complete and will be made public in the summer of 2007.
FIPS 140-2 Security Requirements
The general categories for the security requirements are the same for all four levels, but the security controls and assurance requirements in the category are increase at each level. The general categories are listed in the specification and certification report as follows:
- Cryptographic Module Specification – Crypto algorithms, protocols, boundaries and module security policy.
- Cryptographic Module Ports and Interfaces – Documentation of the interfaces and red/black separation at the higher levels.
- Roles, Services and Authentication – Requirements for authenticating and authorizing device users, typically operators and administrators.
- Finite State Model – Documentation of states and state transitions
- Physical Security – From little security to tamper evident to tamper resistant to tamper proof for the four levels.
- Operational Environment – The security and assurance of the crypto operating system (remember this is typically not Windows or UNIX; it is an OS on a chip).
- Cryptographic Key Management – Requirements for the entire key life cycle from generation to destruction. Manual and electronic key management methods are allowed.
- EMI/EMC – FCC standards not TEMPEST
- Self-Tests – A set of self test to determine the crypto and other security related components are operating properly.
- Design Assurance – A documentation package on the design process.
- Mitigation of Other Attacks – Specific attacks not covered in other requirements such as power and timing analysis attacks.