What is the FIPS Certification Process?
I have recently read several online articles questioning what it means for a cryptographic module to be FIPS 140-2 validated. While the FIPS certification process is very complicated and replete with regulations, some of the information presented in the articles themselves and the comments made by readers of those articles contain inaccuracies and some misunderstandings about what is included and required as part of a FIPS 140-2 validation process. The purpose of this article is to clear up a few of those misconceptions.
A significant misconception is that U.S. government algorithms have been designed by the National Security Agency (NSA). This is not true. Let us take the case of the Advanced Encryption Standard. The selection of a new symmetric key cipher was an open and transparent process, open to cryptographers from around the world. The process was conducted through a series of rounds, with input from a variety of renowned experts in the field. The algorithm that was finally selected, Rijndael, was proposed by two Belgian cryptographers and not the NSA. A similar process was followed for the upcoming update to the Secure Hash Algorithm (SHA-3).
The FIPS certification process requires that you use algorithms that are approved by the National Institute for Standards and Technology and the Communications Security Establishment Canada, and are listed in Annex A of the FIPS 140-2 standard. These algorithms are recognized as being acceptable for use within the governments of the United States and Canada. A vendor submitting a product for FIPS 140-2 validation does not have the option of using different algorithms. This is not to say there are not other good cryptographic algorithms, but there are also a lot of poor cryptographic algorithm choices. Standards are maintained by limiting vendors to the approved algorithms.
Another misconception is that an attack on one of these approved algorithms demonstrates a weakness in the FIPS 140-2 program. In fact, the answer is just the opposite. The majority of the requirements in FIPS 140-2 have nothing to do with the algorithms themselves. The requirements relate to how the cryptographic module is designed and operated securely. Although we would prefer to never see a cryptographic module attacked successfully, practically we know this will happen. If a cryptographic module was designed so well that the best attack available to an attacker is to try and compromise the cryptographic algorithms themselves, then we view that as a success. A poorly designed cryptographic module provides attack vectors that allow an attacker to bypass the difficulty of attacking a cryptographic algorithm.
Recent issues should not be viewed as weaknesses, but strengths of these programs. As issues are discovered with cryptographic algorithms, we have a robust and open process to develop alternatives and provide good, secure options for products to use.
Need to get your product through the FIPS certification process or have questions about any of the regulations or standards associated with FIPS? Corsec has completed more than 300 certifications for our clients. Get in touch.