FIPS 140-2 Validated Encryption
The Lumension® Cryptographic Kernel (LCK) – a stand-alone software cryptography module which is delivered as part of the Lumension® Endpoint Management and Security Suite – provides the FIPS 140-2 Level 2 validated encryption capabilities of Lumension® Device Control. These core ciphering capabilities protect organizations from malicious theft or accidental loss of data through the use of removable devices (e.g., USB flash drives) and media (e.g., CDs / DVDs), and include support for the following FIPS-approved encryption algorithms:
- Advanced Encryption Standard (AES) – 256-bit in CBC, ECB, OFB, CFB128 and CTR modes
- Secure Hash Algorithm (SHA) – SHA-1, SHA-256, SHA-384, and SHA-512 (byte-oriented)
- Keyed-Hash Message Authentication Code (HMAC) – using SHA-1, SHA-256, SHA-384, and SHA-512
- ANSI11 X9.31 Appendix A.2.4 Pseudo Random Number Generator (PRNG)
- Elliptic Curve Digital Signature Algorithm (ECDSA) – 192-, 224-, 256-, 384-, and 521-bit P curves
- Elliptic Curve Digital Signature Algorithm (ECDSA) – 163-, 233-, 283-, 409-, and 571-bit K curves
- Rivest Shamir and Adleman (RSA) – 1024-, 2048- and 4096-bit signature generation/verification
Validation by the National Institute of Standards and Technology (NIST), acting for the Department of Commerce and in concert with the Communications Security Establishment Canada (CSEC), assures governmental and private-sector users alike that:
- It meets the highest standards available for software-based cryptography modules.
- The design and implementation of the cryptographic module itself is highly secure.
- It is certified and ready for use by governmental agencies and other organizations requiring the highest level of security and encryption commercially available.
For more information on the FIPS 140-2 Level 2 validation of the Lumension® Cryptographic Kernel, please read the press release here. See the Lumension® Cryptographic Kernel Validation Certificate (certificate no. 1567) and the FIPS 140-2 validation listing. Further details are covered in the FAQs below.
Frequently Asked Questions
What is the Lumension® Cryptography Kernel?
The Lumension® Cryptographic Kernel (Lumension® Cryptography Kernel) is a stand-alone software crypto module which is delivered as part of the Lumension® Endpoint Management and Security Suite and used as part of the integrated Lumension® Device Control module.
Why use FIPS 140 Level 2 validated cryptography?
The FIPS140-2 Level 2 validation is the result of 3rd party test labs evaluating the implementation of cryptographic functions to ensure they are correct and in accordance with best practices for robustness and data integrity. The Level 2 validation further assures that all measures have been taken to prevent any tampering with or spoofing of cryptographic operations.
When will the Lumension® Cryptography Kernel be available?
Now. See the Lumension® Cryptographic Kernel Validation Certificate (certificate no. 1567) and the FIPS 140-2 validation listing for further details.
Does FIPS 140-2 certification apply to the US only?
No. It applies directly in the US (via FISMA and such) and Canada (via CSE); see the general FIPS 140-2 FAQs for more details. But FIPS 140-2 is also respected worldwide, in both the public and private sectors.
Who needs FIPS 140-2 validated cryptography?
Several governmental and private sector organizations need validated cryptography. First, US and Canadian governmental agencies are required to use FIP 140-2 accredited products. Second, companies in the financial / banking sector are looking for FIPS 140-2 accredited products to meet their regulatory obligations. And last, many organizations in a variety of industries are looking for FIPS 140-2 accredited products to protect their valuable, revenue-generating Intellectual Property (IP) and customer data.
Does this impact other certifications / regulations?
Yes. Having FIPS 140-2 validated cryptography helps governmental agencies and private sector organizations met many other standards; here is a partial list:
- GLBA – Gramm-Leach-Bliley Act
- ISO 11568 – Banking – Key management (retail)
- ISO 15782 – Banking – Certificate management
- ISM – Information Security Manual (formerly ASCI 33) from Australia
- 21 CFR Part 11 – Title 21 Code of Federal Regulations (21 CFR Part 11): Electronic Records; Electronic Signatures
- COBIT – Control Objectives for Information and related Technology
- OMB A-130 (Office of Management and Budget)
- HIPAA – Health Insurance Portability and Accountability Act
- COPPA – Children's Online Privacy Protection Act
- ESIGN – Electronic Signatures in Global and National Commerce Act
- GISRA – Government Information Security Reform Act
- CISP – Cardholder Information Security Program
- CESG – Communications-Electronics Security Group
- DCID 6-3 (Director of Central Intelligence Directive)
- EMV (a specification for IC card payment systems developed by Europay, Mastercard and Visa)
How does the Lumension® Cryptography Kernel work?
The Lumension® Cryptography Kernel is a self-contained cryptographic library which is delivered as part of Lumension® Device Control. The library provides all of the necessary cryptographic services needed for Device Control. These services include random number generation, key pair generation, and secure hash algorithms, all used in the encryption of data
Which Operating Systems does the Lumension® Cryptography Kernel support?
The Lumension® Cryptography Kernel supports the same Operating Systems as theLumension® Device Control module. However, in order to adhere to FIPS140-2 standards, you must use an OS which is certified at Common Criteria EAL4 or higher. These include Windows 7, Vista and XP, and Windows Server 2003, 2008 and 2008 R2; here is the list of validated operating systems.
What encryption algorithms does Lumension® Cryptography Kernel support?
The Lumension® Cryptographic Kernel uses the following FIPS-approved encryption algorithms:
Advanced Encryption Standard (AES)
256-bit in CBC, ECB, OFB, CFB128 and CTR modes
Secure Hash Algorithm (SHA)
SHA-1, SHA-256, SHA-384, and SHA-512 (byte-oriented)
Keyed-Hash Message Authentication Code (HMAC)
Using SHA-1, SHA-256, SHA-384, and SHA-512
ANSI11 X9.31 Appendix A.2.4 Pseudo Random Number Generator (PRNG)
Elliptic Curve Digital Signature Algorithm (ECDSA)
P12 curves -192, 224, 256, 384, and 521-bit
Elliptic Curve Digital Signature Algorithm (ECDSA)
K13 curves -163, 233, 283, 409, and 571-bit
Rivest Shamir and Adleman (RSA)
Signature generation/verification: 1024, 2048 and 4096 bits
The Lumension® Cryptography Kernel also implements the following non-approved algorithms when in non-FIPS mode of operation:
- RSA key transport (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)
- Elliptic Curve Integrated Encryption Scheme
What is FIPS 140-2?
Federal Information Processing Standard 140-2 (FIPS 140-2) is entitled "Security Requirements for Cryptographic Modules." It's a standard that describes government requirements that hardware and software products should meet for Sensitive but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communications Security Establishment (CSE), and is being adopted by the financial community through the American National Standards Institute (ANSI).
The [FIPS 140-2] standard specifies the security requirements that are to be satisfied by a cryptographic module [which is defined as a “set of hardware, software, and/or firmware that implements Approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.”] utilized within a security system protecting unclassified information within computer and telecommunication systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/ electromagnetic compatibility (EMI/EMC), and self-testing.
FIPS 140-2 is actually the third version of the FIPS 140 standard. NIST reviews the FIPS 140 standard every five years to determine if further updates are needed; FIPS 140-2 was released in Dec-02. At this time, NIST only accepts applications for FIPS 140-2 certificates. However, any product previously evaluated for FIPS 140-1 can still be purchased by the federal government today. It is important to note that the FIPS 140-1 or 140-2 certificate applies only to that version of the product that was submitted for validation, and all product updates are subject to re-evaluation against the current version of the standard. Finally, a new version of the document, FIPS 140-3, is under review and is scheduled to be released soon.
What are the four levels of FIPS 140-2?
The FIPS 140-2 standard defines four levels of security: Level 1, Level 2, Level 3, and Level 4. Level 1 is the lowest; Level 4 is the highest, and the levels build upon one another (e.g., a Level 4 device must generally meet all Level 1, 2 and 3 requirements in addition to the Level 4 requirements). For example, many hardware modules require the following physical security:
- Level 1: Production grade equipment
- Level 2: Production grade equipment and tamper-evidence
- Level 3: Production grade equipment, tamper-evidence, and tamper response or hardening
- Level 4: Production grade equipment, tamper-evidence, tamper response or hardening, and a tamper detection envelope
Another level discriminator is the type of authentication required:
- Level 1: No authentication or role-based authentication
- Level 2: Role-based authentication
- Level 3: Identity-based authentication
- Level 4: Identity-based authentication
The standard itself has a full table of requirements at each level. The bulk of the effort required for validation is completed by meeting level 1 requirements, with slightly more work required for Level 2 and again for Level 3. However, there is a large gap between what is required to meet Level 3 and Level 4, and products that are actually validated on a level 4 are very rare and expensive.
A common misconception is that the -2 in FIPS 140-2 specifies a Level 2 certificate. This is not accurate, as the -2 in FIPS 140-2 specifies the version of the standard that NIST currently recognizes. FIPS 140-2 is the most current version of the validation standard, and it superseded the former FIPS 140-1 version in 2002.
Isn't FIPS 140-2 for hardware only?
No. The old Federal Standard 1027 and FIPS 140 dealt mostly with hardware. However, FIPS 140-2 covers both software and hardware implementations of encryption and other cryptographic technology for unclassified use. Specifically: "cryptographic-based security systems to protect unclassified information within computer and telecommunication systems (including voice systems) that are not subject to Section 2315 of Title 10, U.S. Code, or Section 3502(2) of Title 44, U.S. Code."
Why is a new FIPS 140 release planned?
By mandate, NIST must review all Federal Information Processing Standards Publications every five years. Reviews determine if the standards should be modified, kept as-is, or deprecated as technology and government needs change. FIPS 140-2 was released in 2001 and came due for review in 2006. Although the existing FIPS 140-2 standard does a good job of addressing many validation needs, FIPS 140-3 is designed to strengthen requirements, and update requirements in the face of new technologies, attacks, and techniques. The release date for FIPS 140-3 is, as of this writing, still TBD.
Where do I get the FIPS 140-2 Standards?
There are three important parts to the standard:
- the actual FIPS 140-2 Standard, which defines the requirements in their highest form;
- the Derived Test Requirements, which explains vendor responsibilities to test FIPS 140-2 requirements and testing requirements to determine compliance; and
- the Implementation Guidance, which documents FAQs, decisions, policies, and updates to FIPS 140-2 testing and compliance.
What is the CMVP?
The Cryptographic Module Validation Program (CMVP) is responsible for maintaining the FIPS 140-2 standard and ensuring that certified modules comply with it. It is this latter responsibility from which the program finds its role as validator. It ensures that the testing performed by the laboratory has been carried out correctly.
The CMVP was established by NIST and the Communications Security Establishment Canada (CSEC) in July 1995. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic and Security Testing (CST) laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP).
The web site is at http://csrc.nist.gov/groups/STM/cmvp/index.html
Who validates products for FIPS 140-2 compliance?
The National Institute of Standards and Technology, acting for the Department of Commerce and in concert with the Communications Security Establishment Canada (CSEC), issues 140-2 validation certificates. NIST will only validate products that have been evaluated by a NVLAP-accredited laboratory for FIPS 140-2 Overview. Information on the accreditation program along with lists of laboratories and validated products can be found at http://csrc.ncsl.nist.gov/cryptval/.
What value does validation offer? (short answer)
Because of the complex nature of cryptographic products, users traditionally has little choice but to trust that the product is working as advertised and is actually protecting their data in a secure manner. This validation offers the comfort that a governmentally-approved independent 3rd party has examined the product in detail and ensures it complies with strict security requirements.
What value does validation offer? (longer answer)
There are several reasons to use FIPS 140-2 validated products:
For Government Agencies
FIPS 140-2 validation is required by the Federal government as a condition of purchase for any products that implement cryptography. Although not all agencies are aware of this, more and more RFPs, contracts, and specifications are requiring FIPS 140-2 certification as a pre-requisite to bid proposals. While it used to be possible to get a waiver signed, thus making a product exempt from these requirements for a limited amount of time, that practice was limited by FISMA and as a result obtaining a waiver is now rare.
For the Financial Sector
The ANSI group X9.F3 does security standards for financial services and have drafted ANSI X9.66 as an adoption of FIPS 140-2. In addition, several other ANSI standards refer to FIPS 140-2, and groups like Identrus are requiring it. Many commercial standards used by the financial industry require that data be protected through security measures such as cryptography. It is likely that common business practice in the financial community will include higher levels of FIPS 140-2 certification for all cryptographic products, and a FIPS 140-2 validation would go a long way toward meeting compliance with such standards.
For product security assurance
Independent review and analysis of a product's security against government standards for good security engineering may improve, measure or validate its strength. Thus, this FIPS 140-2 validation provides a great way to measure and assure product security and integrity.
For international assurance of security
There is currently no international standard that defines security engineering requirements for cryptographic modules. Many in the international community are looking towards the published U.S. and Canadian requirements as an indicator and assurance of acceptable quality. This may eventually solidify into a Common Criteria protection profile that implements FIPS 140-2.
Any other reasons?
As mentioned, the Federal Information Security Management Act (FISMA) of 2002 removed the statutory provision that allowed agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision is included in the Computer Security Act of 1987 but FISMA supersedes that Act. Therefore, the references to the "waiver process" contained in some of FIPS documents are no longer valid.
If an agency specifies that information or data must be cryptographically protected, then FIPS 140-2 is applicable. FIPS 140-2 precludes the use of cryptography that has not been validated for the cryptographic protection of sensitive or valuable data within Federal systems.
More information on this topic can be found at http://www.itl.nist.gov/fipspubs
In addition, the Cryptographic Module Validation Program analyzed the data from the first 164 modules tested. They found that 50% of modules had some sort of security flaw, and 25% of the algorithms used were incorrectly implemented. This demonstrates the importance of the FIPS 140-2 validation to assure the security and integrity of your cryptographic module.
Are FIPS 140-2 validated cryptographic modules guaranteed secure?
Certified compliance with the standard certainly increases the assurance that you can draw from the cryptographic module. This fact is highlighted when you consider that nearly 50% of modules were found to have security flaws, and around 25% of the cryptographic algorithms were found to be incorrectly implemented.
However, there are of course no absolute guarantees.
More questions on FIPS 140-2?
Check out the CMVP FAQ at http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf