Crypto standard up for review

Federal Information Processing Standard 140-3 is open for review

The latest version of the Federal Information Processing Standard for cryptographic modules ' intended, among other things, to add protection for smart cards ' has been released for comment by the National Institute of Standards and Technology.

Comments on the FIPS 140-3 draft (GCN.com/812) are due by Oct. 11.

The current standard, FIPS 140-2, grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. FIPS 140-1 was issued in 1994 with a requirement that it be reviewed every five years. The review and revision process can take several years, and FIPS 140-2 was approved in 2001.

The third iteration contains the updates and clarifications that every maturing standard undergoes, but it also tackles a problem of growing concern: power analysis attacks, in which a hacker reads the power fluctuations in a working smart-card cryptographic module to crack its code.

Power analysis was a relatively new technique for cracking codes in single-chip processors when FIPS 140-2 was approved, said Stan Kladko, director of the FIPS validation lab at BKP Security Labs.

Today, though, 'this is one of the bread-and-butter attacks,' said Paul Kocher, president at Cryptography Research.

'We looked at this back when 140-2 was developed,' said Ray Snouffer, manager of NIST's security testing and metrics group. 'We understand it a little better now.'
Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr. Allen Roginsky, 100 Bureau Drive - Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may be sent to: [email protected]

Comments will be published at http://csrc.nist.gov/cryptval/ 140-3htm.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected