Difference between revisions of "Why you need to use a FIPS 140-2 validated cryptomodule"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
== Why you need to use a FIPS 140-2 validated cryptomodule ==
+
If you are performing an application security verification according to the [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard (ASVS)] verification requirements, you will need to make sure that any cryptographic functions are being performed by a FIPS 140-2 validated cryptomodule.
  
The OWASP ASVS includes verification requirements that prescribe the use of a FIPS 140-2 validated cryptomodule. The applicable ASVS requirement reads in part:
 
  
''"V7.1: Verify that cryptographic modules used by the application have been validated against FIPS 140-2 ..."''
+
A cryptomodule, whether it is a software library or a hardware device, basically consists of three parts:
  
This is an important requirement for both public and private sector applications. A validated cryptomodule is... The requirement to use a validated cryptomodule was included in the standard to ensure that...
+
*Components that implement cryptographic algorithms (symmetric and asymmetric algorithms, hash algorithms, random number generator algorithms, and message authentication code algorithms)
  
== How to find out if the cryptomodule(s) that you are using is (are) FIPS 140-2 validated ==
+
*Components that call and manage cryptographic functions and their inputs and outputs (inputs and outputs include cryptographic keys and so-called critical security parameters)
  
Here is how you can find out if the cryptomodule(s) that you are using is (are) FIPS 140-2 validated...
+
*A physical container around the components that implement cryptographic algorithms and the components that call and manage cryptographic functions
  
CMVP module validation lists: http://csrc.nist.gov/groups/STM/cmvp/validation.html
 
  
== How to find out if the cryptomodule(s) that you are using is (are) operating in an approved or in an allowed mode ==
+
The security of a cryptomodule and its services depends on the correct implementation and integration of each of these three parts. While most folks understand that implementing cryptographic algorithms correctly is a hard thing to do, most folks do not understand that calling and managing cryptographic functions and their inputs and outputs, and ensuring the secure construction of the physical container around the components, are equally important in determining the security of a cryptomodule and its services.
  
Here is how you can find out if your validated cryptomodule(s) is (are) operating in an approved or in an allowed mode...
 
  
== References ==
+
While there certainly are shortcomings in the FIPS 140-2 program, using a FIPS 140-2 validated cryptomodule certainly provides a greater chance that the cryptomodule is providing the services that you are expecting from it.
  
For more information...
 
  
CMVP: http://csrc.nist.gov/groups/STM/cmvp/index.html
+
Helpful hints:
  
CAVP: http://csrc.nist.gov/groups/STM/cavp/index.html
+
*CMVP: http://csrc.nist.gov/groups/STM/cmvp/index.html
 +
*CAVP: http://csrc.nist.gov/groups/STM/cavp/index.html
  
 
[[Category:OWASP Application Security Verification Standard Project]]
 
[[Category:OWASP Application Security Verification Standard Project]]
 
+
[[Category:How To]]
{{Stub}}
+

Revision as of 09:51, 16 January 2009

If you are performing an application security verification according to the OWASP Application Security Verification Standard (ASVS) verification requirements, you will need to make sure that any cryptographic functions are being performed by a FIPS 140-2 validated cryptomodule.


A cryptomodule, whether it is a software library or a hardware device, basically consists of three parts:

  • Components that implement cryptographic algorithms (symmetric and asymmetric algorithms, hash algorithms, random number generator algorithms, and message authentication code algorithms)
  • Components that call and manage cryptographic functions and their inputs and outputs (inputs and outputs include cryptographic keys and so-called critical security parameters)
  • A physical container around the components that implement cryptographic algorithms and the components that call and manage cryptographic functions


The security of a cryptomodule and its services depends on the correct implementation and integration of each of these three parts. While most folks understand that implementing cryptographic algorithms correctly is a hard thing to do, most folks do not understand that calling and managing cryptographic functions and their inputs and outputs, and ensuring the secure construction of the physical container around the components, are equally important in determining the security of a cryptomodule and its services.


While there certainly are shortcomings in the FIPS 140-2 program, using a FIPS 140-2 validated cryptomodule certainly provides a greater chance that the cryptomodule is providing the services that you are expecting from it.


Helpful hints: