Mind the Gap : Updating FIPS 140

In order to be secure, modules that provide cryptographic function must do more than simply implement a secure cryptographic algorithm. They must resist system-level attacks, whether by software or hardware, and whether the attack is intended to produce incorrect results or to expose information that should be protected. The details of these requirements change over time. Both attack and defensive technologies improve, turning difficult attacks into easy ones, or expensive defenses into inexpensive ones. The current standard for the security of cryptographic systems is FIPS 140, which lays out four levels of security that have increasingly stringent requirements. This paper argues that changing attack technologies and application requirements have led to a gap in FIPS 140, and that a new level is needed. Such a level is proposed, intermediate between the two highest levels of FIPS 140. The new level allows the validation of commercially feasible products that are more secure than the current Level 3, but that do not carry the difficult burden imposed by the current Level 4 validation requirements.