1 / 9

**FIPS 140 Level 3 Software Hardening: Challenges & Solutions**

This article explores the advantages and barriers of software versus hardware solutions in meeting FIPS 140 Level 3 requirements. It delves into the importance of cryptographic key management, operational environment, and physical security. The text presents insights on circumvention research, emphasizing the need for robust software crypto standards and tamper-resistant techniques. It calls for further research on mitigating threats posed by generic attacks like Wurster’s Generic Attack and Hyper-Threading Vulnerability. The conclusion stresses the necessity of defining Level 3 software crypto standards and evaluating its impact on the industry.

Download Presentation

**FIPS 140 Level 3 Software Hardening: Challenges & Solutions**

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005

  2. Software vs. Hardware • Software is preferable to hardware due to cost & flexibility • Plus: • Ease of deployment • Ease of upgrade • Diversity • Generality • Malleability

  3. Barriers to Software Solutions • Environment • Crypto Culture • Attacker Expertise • Hardware good, software bad: • Tampering is more difficult to hide with hardware • Harder to “turn” hardware away from its intended purpose • Reliability & redundancy • Cracker sophistication needs to be higher • Independent of host applications • Cracker opportunities typically require physical access

  4. Meeting FIPS 140 Level 3 • Cryptographic module ports and interfaces • Notion of a “data port” nebulous in software • Interfaces may be viable points (i.e., APIs) • Can be expected of “good programming practices” • Roles, Services, & Authentication • Identity-based operator authentication • Two factor authentication should suffice • Software module should be self-authenticating as well • Design Assurance • High-level language implementation is standard software practice

  5. Meeting FIPS 140 Level 3 • Physical Security • Parts are hardware specific • Anti-debug technologies would need to be deployed • Obfuscation can meet many of the requirements • Some are too hardware specific and would have to be ignored • Must remember that there are a lot of reverse engineering tools, and so must ensure software crypto solutions are adequately prepared • Tamper detection hard when software can easily be replicated • OS-level and OS-hardware interaction can help alleviate above

  6. Meeting FIPS 140 Level 3 • Operational Environment • EAL3 requirement • Can be met with EAL3 operating systems • Cryptographic Key Management • White-box cryptography resolves this issue • EMI/EMC • Software can manipulate EMI/EMC signals • However, the bandwidth may be too low to provide sufficient attack significance • Furthermore, white-box cryptography with its use of consistent lookup tables should aid in resisting timing attacks

  7. Circumvention Research • Interesting research coming out of Canada • Wurster’s Generic Attack • Hyper-Threading Vulnerability • Similarities in that unprivileged users can modify the execution stream of certain popular processors without detection: • Difficult to detect attack code • Feasible even where emulator-based attacks fail • Attack code is generic and not program dependent • Further research necessary to determine the true threats posed • At present it seems there are no viable solutions to the above threats

  8. Conclusion • Notwithstanding current circumvention research, efforts must be made in examining viable software crypto standards • Obfuscation and other tamper resistant techniques should be examined • Research must be pursued that accurately defines: • What is necessary for Level 3 software crypto • Adequate tests for Level 3 crypto • Impact of software crypto on the industry

  9. Thank You! Eugen BacicChief ScientistCinnabar Networks Inc.ebacic@cinnabar.ca

More Related