Approved Key Establishment Techniques for FIPS PUB 140-2


Security Requirements for Cryptographic Modules
January 2, 2013 (Draft)

Introduction

Federal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover eleven areas related to the secure design and implementation of the cryptographic module. These areas include the following:

1. Cryptographic Module Specification

2. Cryptographic Module Ports and Interfaces

3. Roles, Services, and Authentication

4. Finite State Model

5. Physical Security

6. Operational Environment

7. Cryptographic Key Management

8. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)

9. Self Tests

10. Design Assurance

11. Mitigation of Other Attacks



APPROVED KEY ESTABLISHMENT TECHNIQUES

Transitions

National Institute of Standards and Technology, Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Special Publication 800-131A, January 2011. Sections relevant to this Annex: 1, 5, 6, 7 and 8.

Key Establishment Techniques

1. Key establishment techniques allowed in a FIPS Approved mode of operation with appropriate restrictions are listed in FIPS 140-2 Implementation Guidance Section D.2.

2. National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-3, June, 2009. (DSA2, RSA2 and ECDSA2)

3. National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revision1), Special Publication 800-56A, March 2007.

4. National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, Special Publication 800-56B, August 2009.

5. National Institute of Standards and Technology, Recommendation for Key Derivation Using Pseudorandom Functions, Special Publication 800-108, October 2009, Revised.

6. National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, Special Publication 800-132, December 2010.

7. National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135rev1, December 2011.

8. National Institute of Standards and Technology, Recommendation for Key Derivation through Extraction-then-Expansion, Special Publication 800-56C, November 2011.

 
9. National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012.
 

Source and full text:
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexd.pdf


0 yorum: