NIST reworks crypto rule
NIST reworks crypto rule
BY WILLIAM JACKSON
| GCN STAFF
The National Institute of Standards and Technology is readying Federal Information Processing Standard 140-2 for cryptographic devices'the first major update to the umbrella crypto standard since 1994.
'We're waiting for some political appointments to get the standard signed because it is ready,' said Annabelle Lee, director of the Cryptographic Module Validation Program.Learn and reflect
FIPS 140-2 incorporates lessons learned from the current standard and reflects technological changes. It also strengthens some requirements. Lee spoke at the RSA Conference 2001 in San Francisco this month.
|What FIPS 140-2 will bring to cryptographic devices|
' Allow separation of plain text from other types of input or output through physically and logically separate ports
' Strengthen authentication mechanisms and address minimum probabilities for guessing, false acceptance error rates and restrictions on feedback to users
' Replace the old Trusted Computer System Evaluation Criteria with Common Criteria for Information Technology Security Evaluation
' Add requirements for over-the-air rekeying for radio cryptographic modules
' Require four statistical random-number generator tests during self-testing instead of one, with higher statistical limits for random-number generation
' Cover new types of cryptographic attacks that use power or timing analysis or fault induction
Also at the conference, Ed Roback, chief of NIST's Computer Security Division, outlined the timetable for the government's conversion to the new Advanced Encryption Standard. AES will gradually replace the Data Encryption Standard.
'We anticipate a very lengthy transition from DES,' taking 10 to 15 years, Roback said.
Federal cryptographic products must meet FIPS 140 requirements, which have become a de facto commercial standard.
As of last month, there were 160 crypto products from 41 vendors certified under FIPS 140-1 by five approved labs. Six months after the new standard is signed, labs will begin evaluating products against both versions. Six months later, products can meet only FIPS 140-2 requirements, although government users still can buy 140-1-certified products.
Ray Snouffer, acting manager of NIST's Security Metrics and Testing Group, said vendors are clamoring to be first in line to be evaluated for FIPS 140-2 and for AES. The rush for certification should drive market demand for products following the new standards, he said.
NIST requested proposals for new encryption algorithms in 1997 and selected 15 candidates from 21 submissions.
NIST and the National Security Agency chose the so-called Rijndael algorithm as AES after a rigorous public evaluation of candidates [GCN, Oct. 16, 2000, Page 6
]. The public comment period ends May 29, and formal approval is expected shortly afterward.
The Rijndael algorithm has a 128-bit block size and 128-, 192- or 256-bit key sizes. Adding one bit to an encryption key doubles the number of ways of encrypting a message, so a 128-bit key is astronomically stronger than a 56-bit key.