I have not heard that, and my understanding of FIPS 140-2 does not match that. My summarization of the FIPS levels of validation are as follows;
1) Approved algorithms with no ACLs, no physical security, on an untrusted OS. Example: A software library on a typical PC. 2) Physical security includes tamper evidence such as seals, or coatings making tamper obvious; Role-based authentication; runs on a "trusted" OS such as meets certain Common Criteria (CC) and is EAL2 or higher. 3) Stronger physical security including tamper-resistance and/or tamper-response mechanisms. At this level, the device detects and responds to intrusions by doing things such as zeroizing key stores. Identity-based authentication; that is, instead of logging in as backup operator, or administrator, you log in as yourself and the system maps you to the roles you can perform. Must include trusted path (EAL FTP_TRP.1) and be on an EAL3 OS (If I recall correctly). 4) To be honest, I've never evaluated nor purchased a level 4 device, so I'm not entirely sure what the requirements are other than all of Level 3, and running an EAL4 OS and being seriously tamper and/or environmentally aware. That is, I believe it has to monitor its temperature, voltages, error-rates, etc. and zeroizes if it is operating outside normal parameters. For instance, if someone tried to chill the system RAM in order to attack memory, the module may detect the sudden drop in temperature in the environment and wipe the crypto-module. I'm not certain on this one. Also, modules can include any algorithms they want, but in FIPS mode will only use FIPS algorithms. This makes them undesirable if you want a module that provides for protection of RSA keys (one example). Eric Lengvenis Security Architecture Phone: 612-667-5837 Fax: 612-667-7037 255 2nd Avenue South Minneapolis, MN 55479 MAC N9301-01J This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ali, Saqib Sent: Friday, May 02, 2008 12:44 PM To: [email protected] Subject: Re: [FDE] FIPS 140-2: When operated in FIPS mode? (Flagstone, Spyrus,Utimaco, Poinsect, MobileArmor) Eric, Thanks for the clarification. Elsewhere, I learned that a encryption production (hardware or software) is restricted to single-user mode when operating in FIPS mode. That is, there can be only ONE user account that can perform the decryption. Administrative / Helpdesk or other recovery accounts are not possible in FIPS mode. Is this correct? Thanks On Thu, May 1, 2008 at 1:47 PM, <[EMAIL PROTECTED]> wrote: > Just because they use FIPS approved or validated algorithms doesn't mean > they are FIPS validated modules. There is much more than just correctly > implementing the algorithm to FIPS mode. Some that come to mind are > zeroizing the key store if a tamper is suspected, or if account lock-out > numbers are reached, etc. Depending on the level of validation physical > keys (dongles, USB, smart cards) are needed to enable the device. > > Most encryption products have the option of running in FIPS mode or > non-FIPS mode. Generally FIPS modes are far more restrictive and slower > than necessary for typical non-classified usage. But, if you are storing > the root of your PKI on the disk, it would probably be considered a best > practice. > > Eric Lengvenis > Security Architecture > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the > addressee, you must not use, copy, disclose, or take any action based on > this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation. > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Ali, Saqib > Sent: Thursday, May 01, 2008 2:55 PM > To: fde > Subject: [FDE] FIPS 140-2: When operated in FIPS mode? (Flagstone, > Spyrus,Utimaco, Poinsect, MobileArmor) > > I was looking at the FIPS 140-2 Certificate[1] for the Stonewood's > Flagstone product, and it has a clause that says "(When operated in > FIPS mode)". What does this clause mean? > > I was under the impression that since Flagstone only implement FIPS > validated encryption algorithms (128-bit AES CBC/ECB and ANSI X9.31 > AES 128 bit RNG) there would no non-FIPS mode. > > I later found out that, Spyrus, Utimaco, Poinsect, MobileArmor have > the same clause. > > > 1. > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt779.pd > f > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
