Data protection using controller-based encryption solution (2)

Source: Internet
Author: User
Data protection using controller-based encryption solution (2) FIPS 140-2 verification level and requirements

The first blog in this encryption series explains controller-based encryption (CBE) and outlines the FIPS verification process. Let's take a look at the Federal Information Processing Standards 140 (FIPS 140-2, Federal Information Processing Standards) verification level and requirements.

FIPS 140-2 verification level

There are eleven fields related to the design and implementation of the encryption module. The security level of each field can be divided into 1 (lowest) to 4 (highest.

The encryption module also has a general security rating, which is the minimum value of the security rating obtained from the eleven independent fields.

The overall rating of the encryption module is not necessarily the most important indicator of the rating, which cannot be ignored. According to the use environment of the encryption module, the rating of a specific field may be more important to users than the total rating.

When determining the applicable rating of a product, consider the following:

1. Customer/end user requirements:What is the customer's rating? Many end users only need FIPS 140-2 level verification, but some organizations have stricter requirements.

2. Competitive environment:If the competitor's verification level is Level 2, Level 1 verification is not suitable. On the contrary, a third-level verification may bring about a competitive advantage.

3. Product design:Sometimes, product features or features may make it unable to meet high-level testing requirements. For example, if the encryption module does not support identity-based authentication, it will not be able to perform Level 3 tests on roles, services, and authentication, so it will not be able to obtain the overall Level 3 rating.

4. Cost and time:In general, the higher the verification level, the more cost and time required to pass the verification process.

FIPS 140-2 security requirements

The following table lists the four verification-level security requirements involved in 11 design and implementation areas.

Category

Level 1

Level 2

Level 3

Level 4

Password module

Password module, border, approved security functions

FIPS running mode

Port and interface

Interface Definition

Logically separate data channels

Roles, businesses, and certifications

No authentication

Role-based authentication

ID-based authentication

FSM

Determines the running status

Physical security

Mass production level

Tampered evidence

Tampering response

EFP/EFT

Running environment

Single User

EAL operating system

E_3 OS

 

EAL4 OS

Core Management

Plaintext manual input

Encrypted manual input

EMI/EMC

FCC Class

FCC Class B

Self-test

Power-on and condition tests

Design Assurance

CM system

Security dist.

Advanced lang.

Advanced lang.

Mitigate other attacks

Threats beyond the scope of requirements

The last article in this series will provide some useful tips for readers who are interested in submitting an encryption module set for FIPS verification.

 

Data protection using controller-based encryption solution (2)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.