TransAct Overview

1
Mind the Gap Updating FIPS 140
Steve Weingart Futurex 864 Old Boerne
Rd. Bulverde, TX 78163 weingart_at_futurex.com Steve
R. White IBM Thomas J. Watson Research
Center P.O. Box 704 Yorktown Heights, NY
10598 srwhite_at_watson.ibm.com
2
Outline

• History
• FED Standard 1027
• FIPS 140 1
• Levels
• Changes in Technology
• Changes in Standards and the Environment
• Proposal Level 3.5
• Discussion/Questions

3
History

• Federal Standard 1027 was primarily a hardware
  standard for line encryption devices using single
  DES
• NIST developed FIPS 140 as a replacement
• It is more generalized.
• It accepts both hardware and software
  implementations
• It has the 11 criteria that cover the complete
  design
• During the development of FIPS 140 a level based
  system was proposed and accepted
• FIPS 140-1 was made official in 1994
• It became widely accepted
• FIPS 140-2, the first update, was made official
  in 2001

4
History (cont)

• Things have changed
• Both attack and defense technologies have
  improved
• Industry needs requirements have changed
• The standard, and its applicability, evolves

5
Original proposed six level system
6
FIPS 140, 4 level system
7
Changes

• Attack Technologies have developed
• The Internet has become a forum for development
• Script Kiddies can obtain and try many software
  attacks beyond their skill level
• Expensive tools that were difficult to obtain are
  now available
• SEM
• FIB
• NC Machining
• Defense technologies have held up, mostly
• Not a great deal of new development
• That is mostly OK, since the higher levels have
  held

8
Changes (cont)

• The customer population has become larger and
  more sophisticated
• Banking and Financial
• USPS
• In General FIPS 140 has become accepted Due
  Diligence for commercial cryptographic devices
• This has spotlighted some need for change in the
  standard

9
The Gap

• FIPS 140 has 4 levels
• These 4 levels correspond roughly to levels 1, 2,
  3 6 from the originally proposed system
• So, there is a large gap between level 3 and
  level 4
• A typical level 3 device can cracked in a few
  hours by anyone with reasonable skills
• No level 4 device has been cracked publicly
• But, the level 4 requirements are so difficult
  that there are almost no level 4 devices

10
The Gap
11
The Gap

• There are 179 level 1 validations, 247 level 2
  validations, 120 level 3 validations 11 level 4
  validations (557 total)
• Of the level 4 devices, about half are unique,
  the rest are delta/re-validations.
• Level 4 is too difficult develop, and too
  expensive to manufacture for most vendors
• But industry requirements need more than level 3
  
• USPS and ANSI both require tamper detection, UPSP
  requires EFT/EFP
• We need something new

12
The Proposal

• Level 3.5
• Essentially level 3 plus
• Tamper detection required
• 1 1.25 mm max undetected hole
• Same as level 4 for single chip
• EFT/EFP
• Informal modeling

13
The Advantages

• Meet new emerging requirements for security
  that is stronger than level 3
• Avoid the most difficult requirements of level 4
• Formal modeling
• Any/All tamper detection envelope
• This level of security is reasonable to develop
  and manufacture

14
Questions?
15
Thank You!
Steve Weingart weingart_at_futurex.com
Steve R. White srwhite_at_watson.ibm.com