Crypto standard up for review

Federal Information Processing Standard 140-3 is open for review

The latest version of the Federal Information Processing Standard for cryptographic modules ' intended, among other things, to add protection for smart cards ' has been released for comment by the National Institute of Standards and Technology.

Comments on the FIPS 140-3 draft (GCN.com/812) are due by Oct. 11.

The current standard, FIPS 140-2, grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. FIPS 140-1 was issued in 1994 with a requirement that it be reviewed every five years. The review and revision process can take several years, and FIPS 140-2 was approved in 2001.

The third iteration contains the updates and clarifications that every maturing standard undergoes, but it also tackles a problem of growing concern: power analysis attacks, in which a hacker reads the power fluctuations in a working smart-card cryptographic module to crack its code.

Power analysis was a relatively new technique for cracking codes in single-chip processors when FIPS 140-2 was approved, said Stan Kladko, director of the FIPS validation lab at BKP Security Labs.

Today, though, 'this is one of the bread-and-butter attacks,' said Paul Kocher, president at Cryptography Research.

'We looked at this back when 140-2 was developed,' said Ray Snouffer, manager of NIST's security testing and metrics group. 'We understand it a little better now.'
Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr. Allen Roginsky, 100 Bureau Drive - Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may be sent to: FIPS140-3@nist.gov.

Comments will be published at http://csrc.nist.gov/cryptval/ 140-3htm.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.