What is FIPS?
Federal Information Processing Standards (FIPS) are publicly announced standards
developed by the United States government for use by all non-military government
agencies and by government contractors. Due to their importance within the
security industry, they are often adopted for non-US applications, and form an
important baseline for many security requirements.
What is FIPS compliance?
FIPS 140 (Federal Information Processing Standards Publication 140) is generally what
is being referred to when FIPS compliance is mentioned. This is a United States federal
standard that specifies security requirements for cryptography modules. The current
version of this standard is FIPS 140-2, and covers areas like the cryptographic module
specification, its interfaces, its physical security (covering tamper evidence and
resistance), cryptographic key management (generation, storage and destruction of keys),
EMI and EMC, self-tests (what must be tested and when, and what must be done if a
test fails), and design assurance (documentation to prove that the module has been
well designed and implemented).
The Cryptographic Module Validation Program (CMVP) encompasses validation testing for
cryptographic modules. This testing is handled by third-party laboratories that are
accredited as Cryptographic Module Testing (CMT) laboratories by the National Voluntary
Laboratory Accreditation Program (NVLAP).
Much of what is covered by FIPS-140 concerns the physical hardware implementation
of the product being tested, and its system design. However, part of the basic
requirement is that the cryptographic algorithm implementations are correct and
provably compliant to their respective standards. This is where your choice of
cryptographic IP vendor can become crucial.
Until recently, it was not permitted to prove algorithm compliance by simulation,
so validation had to take place in real hardware. Now these rules have been relaxed
to allow some level of simulation, but only in circumstances where access to the
algorithms is impossible. This is still the least favoured approach to proving
compliance, yet some IP vendors are now claiming FIPS compliance based only on
simulation. Obviously Helion IP is rigorously proven in simulation, and always
has been, using FIPS sourced test vectors to demonstrate fully compliant operation.
However, customers need to be aware that this is no shortcut to gaining FIPS
compliance for their own products, and is no substitute to checking operation in
the final physical platform.
How can Helion help?
All of Helion's crypto IP cores have at some time been FIPS approved as part of
our customer's end products, and for our AES cores in particular, this has been
the case many times over. Indeed, having been supplying AES IP cores for longer than
anyone else in the industry, we now probably have more of our cores FIPS certified
than anyone else, and can certainly bring a wealth of specialised experience
on board to assist our customer's validation testing.
We are always pleased to work with customers and the various FIPS CMT labs around the
world to ensure a smooth validation process, and as far as our cores have been concerned,
to date we have had absolutely no problems of any kind gaining approval for any of our
algorithm implementations.
In addition to the above, many of our security IP cores have been more carefully
checked and tested as part of a deeper test of due diligence. Our cores have
been used in high grade military and government products worldwide, and customers
working in these areas need to be extremely careful about the IP they use.
This being the case, our cores have been subjected to extended testing in both
simulation and real hardware, plus in some cases even line-by-line code reviews,
to be sure of both compliance and guaranteed security.
So even when it is not necessary to go to these levels of assurance, you can
be certain that the IP we supply has been checked way beyond what is actually
required. At Helion this is our normal way of working, because we take compliance
very seriously indeed.
In summary, if FIPS compliance is important to you, Helion can claim the longest
list of previously certified products based on our IP, plus we are able to offer many
years of experience in assisting our customers in gaining full approval for their
own end products.
Contact
For more detailed information on this or any of our other products and services,
please feel free to email us at
helioncores@heliontech.com and we will be pleased to discuss how we can assist
with your individual requirements.
|