Ok I just finished my NSS Meeting and here is what I learned.
The testing labs are not allowed to work as a consultant. If you feel that you need a consultant then you can hire a second lab to help. But the labs do a pretty good job of documenting why things fail so if you don’t mind the iterative work and are not looking to save time by having a consultant then one lab is fine. You could also hire a NIST consultant that is not connected with a lab.
The best thing to do is run thorough the 140 standard and make your best guess as to the requirements. This is especially helpful when you have your initial meeting with the labs. Many labs will offer a very long 2 day meeting where they go over all of the NIST requirements, with you. This is a good chance to ask questions for example if you have a solution to a requirement you could ask at that time whether or not your solution meets the requirements. Also this is a good time to identify anything that you missed. Sounds like a potential Squeak Cryptography Conference candidate, we’ll have to work out the details when the time comes.
Labs usually offer a fixed fee for validation but we should be careful not to sign with a lab that has a fixed term. The first phase, the validation of the algorithms takes about 3 months to complete. The second phase the crypt module part takes about 6 months. The final phase takes 3 months so any delay at all could easily send you over the 12 month that is offered by some labs. NSS first pass was 18months. This last round was closer but will probably go over 12 months.
The current NSS module is not validated. They have passed the lab part but are waiting on NIST for the final validation.
I learned more about the second phase. The second phase includes about 100 questions that need to be answered. These answers are shared with the lab only but it takes a lot of documentation to complete it. They ask questions like how do you protect sensitive data, how do you ensure read and write file protection…
I also learned a few answers. The external crypto library can be secured using a CC evaluated operating system. For example if our security document specified that when the file is installed the operating system sets read and write attributes to the user then as long as the OS is CC evaluated that meets NIST validation.
Also the requirements at NIST are not as stringent as you might think. There are a number of areas of real security concern that are not addressed by NIST. For example the protection of private keys. NIST requires wiping of memory after the key is used but does not mention encrypting the value in memory or preventing swapping.
NIST can only review the Security policy and the Test report of the lab. So the security policy is very important. If you spend more time on the security policy, make it easy to use, then NIST will have an easier time and may be able to turn your validation around faster. The answers to your questions and your source code is not available to the NIST during the final review.
If you have any difficulty with the security policy or need answers on how to solve certain requirements then checking other open source security policies can definitely help. Also since there are a number of OS crypto modules using their test examples, comparing input and output, and structure of the tests may help you to understand the tests better. In there experience if the library is being used the implementation is probably correct, most errors are actually errors in understanding or implementing the test.
There is an interesting dynamic working with Labs. It starts off as a pseudo adversarial relationship. The lab works against you making you prove your code. But once the Lab passes you, that dynamic changes and you become a team working to get the final validation.
The cost for the labs for a full multipurpose validation on 7 OS’s ran around US50k.
I’m expecting information about implementing and using the NSS validated crypto module for Squeak.
Comments are welcome,
President / Principal Software Engineer
US Medical Record Specialists
Squeak Cryptography Team Leader
Cryptography mailing list
|Free forum by Nabble||Edit this page|