FIPS 140-3 is a U.S. government standard specifying security requirements for cryptographic modules, including hardware and software components. These security requirements are designed to ensure that cryptographic modules provide a minimum level of security for protecting sensitive information and transactions.
Some of the key security requirements specified in FIPS 140-3 include the following
Cryptographic module specification
A detailed specification of the cryptographic module, including its physical and logical boundaries, interfaces, and security functions.
Roles and services
A definition of the roles and services provided by the cryptographic module, including key management, encryption, and authentication.
A list of approved cryptographic algorithms that can be used by the cryptographic module, along with specific requirements for key length, block size, and other parameters.
Requirements for generating, storing, and protecting cryptographic keys, including key lifecycle management and destruction.
Requirements for physical security measures to protect the cryptographic module from unauthorized access, tampering, and theft.
Requirements for logical security measures to protect the cryptographic module from attacks such as malware, side-channel attacks, and unauthorized access.
Security testing and validation
Requirements for testing and validating the security of the cryptographic module, including vulnerability testing, penetration testing, and compliance testing.
General requirements for each level of FIPS 140-3
The below table explains the general requirements for each level of FIPS 140-3
The cryptographic module must use an approved algorithm and implement the algorithm correctly.
The module must have physical security mechanisms to prevent unauthorized access.
The module must have a power-on self-test to verify that the module is functioning correctly.
All the requirements for Level 1, plus:
The module must have additional physical security mechanisms to detect and respond to unauthorized access
The module must have a role-based authentication system to restrict access to authorized users only.
The module must have a tamper-evident mechanism to detect if it has been tampered with.
All the requirements for Level 2, plus:
The module must have physical security mechanisms to prevent unauthorized modification of the module’s firmware or software.
The module must have a trusted path for sensitive data to ensure authorized components only process data.
The module must have a mechanism for detecting and responding to environmental attacks, such as temperature or voltage variations.
All the requirements for Level 3, plus:
The module must have physical security mechanisms to protect against the most sophisticated attacks, including invasive and non-invasive attacks.
The module must have a highly secure design and implementation with no known vulnerabilities.
The module must be resistant to side-channel attacks, which are attacks that exploit information leaked by the module during its normal operation.
Table 1: General requirements of FIPS 140-3 for each level
These are the general requirements for each level of FIPS 140-3. However, there are many specific requirements for each level, and the requirements for each level are quite detailed. The purpose of the standard is to provide a framework for evaluating and certifying the security of cryptographic modules. The specific requirements for each level are designed to ensure that the module provides a certain level of protection against various attacks.
FIPS 140-3 Security requirements for each level
FIPS 140-3 is a security standard defining the requirements for cryptographic modules that protect sensitive data.
FIPS 140-3 Level 1
Level 1 of FIPS 140-3 provides the lowest level of security and is intended for use in low-risk applications. The security requirements for level 1 are as follows
Cryptographic module specification
The module must have a concise specification describing its cryptographic functions, interfaces, and protocols.
Roles, services, and authentication
The module must define the roles, services, and authentication mechanisms required for secure operation.
The module must have physical safeguards to protect against unauthorized access, theft, or tampering
The module must have undergone a comprehensive design process, including security analysis and testing.
Mitigation of attacks
The module must have measures to prevent or mitigate attacks, such as software or hardware countermeasures
The module must perform self-tests to ensure it is functioning correctly and detect tampering attempts
The module must be designed to operate in various environmental conditions, including temperature, humidity, and electromagnetic interference.
Cryptographic key management
The module must have secure key management processes to ensure that cryptographic keys are generated, stored, and used securely.
FIPS 140-3 Level 2
Level 2 of the FIPS 140-3 standard outlines the security requirements for a cryptographic module that provides moderate security assurance. The following are the specific security requirements for a cryptographic module to achieve FIPS 140-3 level 2
The module must be physically protected against unauthorized access, tampering, and theft. It should be designed to withstand environmental hazards like fire, water, and electromagnetic interference.
Cryptographic key management
The module must have strong key management mechanisms that ensure cryptographic keys’ confidentiality, integrity, and availability. The module should protect keys against unauthorized access, modification, and destruction
Authentication and access control
The module must authenticate users and restrict access to authorized users only. It should have strong password policies and mechanisms to prevent brute-force attacks.
Audit logging and reporting
The module must log all security-related events and provide reports to authorized users. The module should also have mechanisms to protect audit logs against tampering or destruction.
The module must be designed with secure software practices that minimize the risk of security vulnerabilities. The software should be tested for security flaws and vulnerabilities and undergo regular security updates and patches.
The module must use secure communication protocols and encryption to protect data in transit. The module should also have mechanisms to prevent unauthorized access to data transmitted over networks.
The module must use approved cryptographic algorithms and standards that NIST has validated. The module should also have mechanisms to prevent using weak or outdated cryptographic algorithms.
FIPS 140-3 Level 3
Level 3 of the FIPS 140-3 standard protects against unauthorized cryptographic module access and sensitive information. It is also the third-highest level of FIPS 140-3. The following are the security requirements for level 3
The cryptographic module must be physically protected against unauthorized access, tampering, theft, and damage. The module must also be designed to resist physical attacks, such as drilling, cutting, and probing. The module must be in a secure facility with access controls, video surveillance, and intrusion detection systems.
Cryptographic Key Management
The cryptographic module must have a strong key management system that ensures the secure generation, storage, distribution, and destruction of cryptographic keys. The key management system must use strong cryptographic algorithms, such as Advanced Encryption Standard (AES), and have key backup, recovery, and destruction mechanisms.
The cryptographic module must perform cryptographic operations securely and reliably. The module must use approved cryptographic algorithms and protocols, such as Transport Layer Security (TLS), Secure Sockets Layer (SSL), and IPsec. The module must also have error detection and correction mechanisms and handle cryptographic exceptions and failures.
Self-Tests and Tamper Evidence
The cryptographic module must have self-tests and tamper-evidence mechanisms that detect and prevent unauthorized modifications, tampering, or substitution of the module’s hardware or software. The self-tests must be run periodically and must include checks for the integrity and authenticity of the module’s firmware, hardware, and software.
The cryptographic module must have a strong design assurance that ensures the module’s security requirements are met throughout the module’s lifecycle. An independent third-party evaluator must review and verify the module’s design. The module must be tested against a set of security requirements defined in the FIPS 140-3 standard. The design assurance also requires using secure coding practices, security testing, and security documentation.
The cryptographic module must have a strong security management system that includes policies, procedures, and controls for managing the module’s security risks. The security management system must include mechanisms for auditing, monitoring, reporting security events, and responding to security incidents and vulnerabilities.
FIPS 140-3 level 3 provides strong protection against physical and logical attacks and requires a high level of key management, cryptographic operations, self-tests, tamper evidence, design assurance, and security management. The security requirements for level 3 are designed to protect sensitive information and maintain the integrity and availability of the cryptographic module.
FIPS 140-3 Level 4
Level 4 is the highest level of security defined in the standard and is intended for applications where the consequences of a security failure are severe. The following are the key security requirements for FIPS 140-3 Level 4
The cryptographic module must be housed in a tamper-evident, ruggedized container designed to resist physical attacks, such as drilling, cutting, or punching. The container must also have sensors to detect unauthorized access and trigger alarms.
Cryptographic Key Management
The module must have a strong, verifiable, and auditable key management system that ensures cryptographic keys’ secure generation, storage, distribution, and destruction. The module must also support key revocation and recovery.
The module must have a robust and secure user authentication mechanism, such as biometric or smart card-based authentication, to ensure only authorized personnel can access the module.
The module must have robust logical security mechanisms to prevent unauthorized access, tampering, or manipulation of the cryptographic module or its data. This includes secure boot, secure firmware updates, and secure communications protocols.
The module must operate in various environmental conditions, such as extreme temperatures, humidity, and electromagnetic interference. The module must also be able to withstand power surges and disruptions.
Life Cycle Support
The module must have a comprehensive life cycle support mechanism that includes regular security updates, vulnerability assessments, and secure disposal procedures
Overall, FIPS 140-3 Level 4 defines the highest level of security for cryptographic modules, and it is intended for applications where the consequences of a security failure are severe. The standard defines strict security requirements in physical security, cryptographic key management, user authentication, logical security, environmental controls, and life cycle support to ensure the highest level of protection for sensitive data and systems.
Requirements of Cryptographic algorithms for each level of FIPS 140-3
The FIPS 140-3 standard outlines four security levels (Level 1-4), each specifying a different set of requirements for cryptographic algorithms
Here are the cryptographic algorithms required for each level
This is the lowest level of security, requiring only basic encryption and key management functions. The cryptographic algorithms required for this level include AES (128-bit), Triple-DES (112-bit), and SHA-1.
This level requires additional physical security features to protect against tampering or unauthorized access to the cryptographic module. The cryptographic algorithms required for this level include AES (128-bit and 192-bit), Triple-DES (168-bit), SHA-2 (256-bit), and HMAC.
This level requires the highest level of physical security to prevent unauthorized access and protect against attacks. The cryptographic algorithms required for this level include AES (256-bit), RSA (2048-bit), ECDSA (224-bit), SHA-2 (384-bit), and HMAC (with keys of at least 128 bits).
This is the highest level of security, requiring the most stringent physical and logical security features to protect against sophisticated attacks. The cryptographic algorithms required for this level include AES (256-bit), RSA (3072-bit), ECDSA (384-bit), SHA-3 (512-bit), and HMAC (with keys of at least 256 bits).
In summary, FIPS 140-3 has been approved and launched as the latest standard for the security evaluation of cryptographic modules. It covers a large spectrum of threats and vulnerabilities as it defines the security requirements starting from the initial design phase leading towards the final operational deployment of a cryptographic module. FIPS 140-3 requirements are primarily based on the two previously existing international standards ISO/IEC 19790:2012 “Security Requirements for Cryptographic Modules” and ISO 24759:2017 “Test Requirements for Cryptographic Modules”.
The FIPS 140-3 standard provides a framework for ensuring the security of cryptographic modules used in sensitive applications such as banking, healthcare, and government.
Parnashree Saha is a data protection senior consultant at Encryption Consulting LLC working with PKI, AWS cryptographic services, GCP cryptographic services, and other data protection solutions such as Vormetric, Voltage etc.