NIST releases revised FIPS crypto standard for review
- By William Jackson
- Jul 13, 2007
The latest version of the Federal Information Processing Standard for cryptographic modules, FIPS 140-3, has been released for comment by the National Institute of Standards and Technology.
Comments on the draft, available online at http://csrc.nist.gov/publications/drafts.html#fips140-3, are due to NIST by Oct. 11.
The current standard, FIPS 140-2, grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. FIPS 140-1 was issued in 1994 with a requirement that it be reviewed every five years. The review and revision process can take several years, and FIPS 140-2 was approved in 2001.
Preparations for reviewing that version began at NIST in September 2004, by which time advances in technology were making it obsolete. A request for comments on FIPS 140-2 was published in January 2005, and the original timeline, which had slipped somewhat, called for FIPS 140-3 to be approved by May 2006 and for FIPS 140-2 to be retired in May 2007, although products validated under that standard still could be used.
The third iteration of the standard contains the usual sorts of updates and clarifications that every maturing standard undergoes, but it also tackles a novel problem of growing concern ' protecting smart cards from power analysis attacks. In those attacks, a hacker reads the power fluctuations in a working cryptographic module to crack its code.
Power analysis was a relatively new technique for cracking codes in single-chip processors when the most recent version, FIPS 140-2, was approved in 2001, said Stan Kladko, director of the FIPS validation lab at BKP Security Labs. 'At that time, there was not enough time to include it' in the standard.
Today, though, 'this is one of the bread-and-butter attacks,' said Paul Kocher, president of Cryptography Research.
Simple and differential power analysis get a mention in the current FIPS 140-2 under 'other attacks,' but protection against them is not required.
'We looked at this back when 140-2 was developed, and at that time it was fairly new,' said Ray Snouffer, manager of NIST's security testing and metrics group. 'We understand it a little better now.'
Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr. Allen Roginsky, 100 Bureau Drive'Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may also be sent to: [email protected]
Comments will be published electronically at http://csrc.nist.gov/cryptval/140-3htm.
William Jackson is a Maryland-based freelance writer.