FACTOID # 84: 41% world's poor people live in India.
 
 Home   Encyclopedia   Statistics   Countries A-Z   Flags   Maps   Education   Forum   FAQ   About 
 
WHAT'S NEW
RECENT ARTICLES
More Recent Articles »
 

FACTS & STATISTICS    Simple view

  1. Select countries to view: (hold down Control key and click to select several)

     

     

    Compare:

     

     
  1. Select fact or statistic: (* = graphable)

     

     

     

  2. (OPTIONAL) Compare to statistic: (both need to be graphable)

     

     

     

  3. View result as:

     

       
(OR) SEARCH ALL encyclopedia, stats & forums:   

Encyclopedia > FIPS 140
Jump to: navigation, search

FIPS 140 (Federal Information Processing Standards Publication 140) is a United States federal standard that specifies security requirements for cryptography modules. As of March 2005, the current version of the standard is FIPS 140-2, issued on 25 May 2001. Federal Information Processing Standards (FIPS) are publicly announced standards developed by the U.S. Federal government for use by all (non-military) government agencies and by government contractors. ... Cryptography (from Greek kryptós, hidden, and gráphein, to write) is, traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge — the art of encryption. ... 2005 is a common year starting on Saturday of the Gregorian calendar. ... May 25 is the 145th day of the year in the Gregorian calendar (146th in leap years). ... Jump to: navigation, search 2001: A Space Odyssey. ...

Contents


Purpose of FIPS 140-2

To lay down requirements for "cryptographic modules" (meaning both hardware and software components) used by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.


Security levels

FIPS 140-2 defines four levels of security, simply named "Level 1" to "Level 4". It does not specify in detail what level of security is required by any particular application.

  • Level 1, the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

Scope of requirements

FIPS 140 imposes requirements in 11 different areas:

  • Cryptographic module specification (what must be documented)
  • Cryptographic module parts and interfaces (what information flows in and out, and how it must be segregated)
  • Roles, services and authentication (who can do what with the module, and how this is checked)
  • Finite state model (documentation of the high-level states the module can be in, and how transitions occur)
  • Physical security (tamper evidence and resistance, and robustness against extreme environmental conditions)
  • Operational environment (what sort of operating system the module uses and is used by)
  • Cryptographic key management (generation, entry, output, storage and destruction of keys)
  • EMI/EMC
  • Self-tests (what must be tested and when, and what must be done if a test fails)
  • Design assurance (what documentation must be provided to demonstrate that the module has been well designed and implemented)
  • Mitigation of other attacks (if a module is designed to mitigate against, say, TEMPEST attacks then its documentation must say how)

Tamper-evident devices are ones designed to make it easy to see whether they have been altered. ... In the field of computer security, system hardware is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system. ... Jump to: navigation, search In computing, an operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. ... Radio Frequency Interference (RFI) is electromagnetic radiation which is emitted by electrical circuits carrying rapidly changing signals, as a by-product of their normal operation, and which causes unwanted signals (interference or noise) to be induced in other circuits. ... Jump to: navigation, search Electromagnetic Compatibility (EMC) is the branch of electrical sciences which studies the unintentional generation, propagation and reception of electromagnetical energy with reference to the unwanted effects that such an energy may induce. ... A tempest is a violent storm. ...

Brief history

FIPS 140-1, issued on 11 January 1994, was developed by a government and industry working group, composed of vendors and users of cryptographic equipment. The group identified the four "security levels" and eleven "requirement areas" listed above, and specified requirements for each area at each level. January 11 is the 11th day of the year in the Gregorian Calendar. ... Jump to: navigation, search 1994 was a common year starting on Saturday of the Gregorian calendar, and was designated the International year of the Family. ...


FIPS 140-2, issued on 25 May 2001, takes account of changes in available technology and official standards since 1994, and of comments received from the vendor, tester, and user communities. May 25 is the 145th day of the year in the Gregorian calendar (146th in leap years). ... Jump to: navigation, search 2001: A Space Odyssey. ...


FIPS 140-3 is a new version of the standard which is currently under development.


FIPS 140-2 has been the main input document to the forthcoming international standard ISO/IEC 19790 Security requirements for cryptographic modules. Logo of the International Organization for Standardization The International Organization for Standardization (ISO or iso) is an international standard-setting body composed of representatives from national standards bodies. ... The International Electrotechnical Commission (IEC) is an international standards organization dealing with electrical, electronic and related technologies. ...


External links

  • Full text of FIPS 140-2
  • General information about Federal Information Processing Standards; includes pointers to FIPS 140-2 and its annexes
  • List of FIPS 140-2 Testing Labs

 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments
Please enter the 5-letter protection code

Want to know more?
Search encyclopedia, statistics and forums:
 


Lesson Plans | Student Area | Student FAQ | Reviews | Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.