Renaudt Nunez, IT Security Consultant, atsec Information Security
As a continuation to ICMC 2016’s presentation by Dr. Allen Roginsky “Improving
Module’s Performance When Executing the Power-up Tests”, we bring you an updated discussion on the topic of random sampling and the progress made by a working group of Cryptography Security Test Labs(CSTL), vendors, and CMVP.
We will start by revisiting the initial problem presented by Dr. Roginsky that many vendors face when validating a cryptographic module that either has numerous files included within the boundary of the module or lacks the processing capability to complete the integrity testing in a timely manner. In either case, we will demonstrate how the antiquated method provides a performance hit to vendors in a field in which “time is money”. Next we will provide the audience with details of the methods proposed by the aforementioned working group on how to align the FIPS 140-2 standard’s requirement that “software/firmware integrity test be applied to all validated software and firmware components of the cryptographic module when the module is powered up” with methods that can be used to confirm that no modification has been made whether accidental or intentional. In the end, the overall goal of the presentation will be introduction of a new Implementation Guidance update that will be included in an upcoming release of the FIPS 140-2 IG.
The presenter’s goal is that the audience is aware the methods that can be used to improve the performance of their product while at the same time meeting the demands set by the FIPS 140-2 standard. By the end of this presentation, product vendors should have a better understanding of how to plan their design for future validations.