home products company partners clients news careers contact us
helion fips 140

FIPS Compliance

What is FIPS?

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States government for use by all non-military government agencies and by government contractors. Due to their importance within the security industry, they are often adopted for non-US applications, and form an important baseline for many security requirements.

What is FIPS compliance?

FIPS 140 (Federal Information Processing Standards Publication 140) is generally what is being referred to when FIPS compliance is mentioned. This is a United States federal standard that specifies security requirements for cryptography modules. The current version of this standard is FIPS 140-2, and covers areas like the cryptographic module specification, its interfaces, its physical security (covering tamper evidence and resistance), cryptographic key management (generation, storage and destruction of keys), EMI and EMC, self-tests (what must be tested and when, and what must be done if a test fails), and design assurance (documentation to prove that the module has been well designed and implemented).

The Cryptographic Module Validation Program (CMVP) encompasses validation testing for cryptographic modules. This testing is handled by third-party laboratories that are accredited as Cryptographic Module Testing (CMT) laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP).

Much of what is covered by FIPS-140 concerns the physical hardware implementation of the product being tested, and its system design. However, part of the basic requirement is that the cryptographic algorithm implementations are correct and provably compliant to their respective standards. This is where your choice of cryptographic IP vendor can become crucial.

Until recently, it was not permitted to prove algorithm compliance by simulation, so validation had to take place in real hardware. Now these rules have been relaxed to allow some level of simulation, but only in circumstances where access to the algorithms is impossible. This is still the least favoured approach to proving compliance, yet some IP vendors are now claiming FIPS compliance based only on simulation. Obviously Helion IP is rigorously proven in simulation, and always has been, using FIPS sourced test vectors to demonstrate fully compliant operation. However, customers need to be aware that this is no shortcut to gaining FIPS compliance for their own products, and is no substitute to checking operation in the final physical platform.

How can Helion help?

All of Helion's crypto IP cores have at some time been FIPS approved as part of our customer's end products, and for our AES cores in particular, this has been the case many times over. Indeed, having been supplying AES IP cores for longer than anyone else in the industry, we now probably have more of our cores FIPS certified than anyone else, and can certainly bring a wealth of specialised experience on board to assist our customer's validation testing.

We are always pleased to work with customers and the various FIPS CMT labs around the world to ensure a smooth validation process, and as far as our cores have been concerned, to date we have had absolutely no problems of any kind gaining approval for any of our algorithm implementations.

In addition to the above, many of our security IP cores have been more carefully checked and tested as part of a deeper test of due diligence. Our cores have been used in high grade military and government products worldwide, and customers working in these areas need to be extremely careful about the IP they use. This being the case, our cores have been subjected to extended testing in both simulation and real hardware, plus in some cases even line-by-line code reviews, to be sure of both compliance and guaranteed security.

So even when it is not necessary to go to these levels of assurance, you can be certain that the IP we supply has been checked way beyond what is actually required. At Helion this is our normal way of working, because we take compliance very seriously indeed.

In summary, if FIPS compliance is important to you, Helion can claim the longest list of previously certified products based on our IP, plus we are able to offer many years of experience in assisting our customers in gaining full approval for their own end products.

Contact

For more detailed information on this or any of our other products and services, please feel free to email us at helioncores@heliontech.com and we will be pleased to discuss how we can assist with your individual requirements.


Copyright © Helion Technology Limited, 1998-2014. All rights reserved. Privacy and Cookies
Web Site Developed by Goldstag Limited