Hardening & FIPS 140
نویسندگان
چکیده
FIPS 140-2 does not presently have security requirements that cover software-hardening techniques. Software hardening is a method of transforming an executable and associated data into a form that does not easily permit reverse engineering or reconstruction, but that has the identical execution properties of the original software. With software hardening it is possible to embed secret data such as keys and other critical security parameters (CSPs) in a hardened executable in such a way that extraction of the data is computationally very difficult or infeasible. This suggests software hardening could potentially be used as a means to ensure the integrity of the cryptographic module and as a protection mechanism for CSPs in a cryptographic module. This paper examines the possibilities of software-hardening as it applies to the ongoing FIPS efforts.
منابع مشابه
Security Hardening for SAS® 9.3 Enterprise BI Web Applications
Web configuration for SAS 9.3 Enterprise BI Web applications need to be secured according to an organization's security policy. This paper examines the Web configuration security enhancement options and the protection of Web applications from security vulnerability attacks. Security enhancements for the configuration include single sign-on, integration with a reverse proxy security server, sett...
متن کاملHardwarové bezpečnostní moduly – API a útoky
Abstrakt: Příspěvek pojednává o vybraných aspektech hardwarových bezpečnostních modulů a zaměřuje se na útoky na a přes aplikační programovací rozhraní (API). Nejdříve se kromě architektury kryptografických modulů seznámíme se základními požadavky na jejich bezpečnost a s americkými normami FIPS 140-1 a FIPS 140-2, jimiž jsou tyto požadavky obvykle specifikovány. Dále se pak budeme věnovat samo...
متن کاملMind the Gap : Updating FIPS 140
In order to be secure, modules that provide cryptographic function must do more than simply implement a secure cryptographic algorithm. They must resist system-level attacks, whether by software or hardware, and whether the attack is intended to produce incorrect results or to expose information that should be protected. The details of these requirements change over time. Both attack and defens...
متن کاملAnalysis of FIPS 140-2 Test and Chaos-Based Pseudorandom Number Generator
Pseudo random numbers are used for various purposes. Pseudo random number generators (PRNGs) are useful tools to provide pseudo random numbers. The FIPS 140-2 test issued by the American National Institute of Standards and Technologyhas been widely used for the verifications the statistical properties of the randomness of the pseudo random numbers generated by PRNGs. First this paper analyzes t...
متن کاملThe cosmic microwave background radiation power spectrum as a random bit generator for symmetric- and asymmetric-key cryptography
In this note, the Cosmic Microwave Background (CMB) Radiation is shown to be capable of functioning as a Random Bit Generator, and constitutes an effectively infinite supply of truly random one-time pad values of arbitrary length. It is further argued that the CMB power spectrum potentially conforms to the FIPS 140-2 standard. Additionally, its applicability to the generation of a (n × n) rando...
متن کامل