The First International Cryptographic Module Conference...
Transcript of The First International Cryptographic Module Conference...
The First International Cryptographic Module Conference2013. 9. 25
The Attached Institute of ETRIYongdae KimYongdae Kim
(kimyd@ensec.re.kr)1
Agenda Introduction KCMVP Introduction – KCMVP
Transitioning cryptographic algorithms and key sizes Transitioning cryptographic algorithms and key sizes
New validation system New validation system
C i ith JCMVP Comparison with JCMVP
C l i & di i Conclusion & discussion
2
Introduction - KCMVP KCMVP(Korea Cryptographic Module Validation Program) KCMVP(Korea Cryptographic Module Validation Program)
Any vendors who seek to have their products certified for use by the Korea governmentuse by the Korea government
Cryptographic module test & validation guideline (2004. 12) Initiated from 2005 Initiated from 2005 Cost : FREE!!FREE!!
Standard for KCMVP Security Requirements : KS X ISO/IEC 19790y Test Requirements : KS X ISO/IEC 24759 Test Requirements for S/W (2011)
3
Test Requirements for S/W
q ( )
Introduction - KCMVP Testing Laboratory
The Attached Institute of ETRI Tel : 042-870-2273,4748 E-mail : [email protected]
Certification Bodyy National Cyber Security Center http://www.kecs.go.krttp // ecs go
4National Cyber Security Center
Introduction - KCMVP Validation Process Validation Process
(4) Test result review request(6) Validation result
announce
(1) Module test request
(2) Module test contract
(5) Review result
CertificationBody
request
(3) Report testing result
(7) Publish module validation list
Testing Lab
result validation list
(6) Validation result announce
5
Validation List Validated Cryptographic Modules Validated Cryptographic Modules
(http://www.kecs.go.kr) Module name validation number vendor module type Module name, validation number, vendor, module type,
security level, validation date, security policy
6
Transitioning Cryptographic Algorithms History & Background History & Background
Analysis on approved cryptographic algorithmsI it t th Improve security strength
2005 2006 2007 2008 2009 2010 2011
Security Strength : 80 bits
IncludingEC-KCDSA
Working on transitioning (security strength :
(pending otheralgorithms , e.g. KDF)
112 bits)
Collision Attack on SHA-1 (By X. Wang, Feb. 2005)
RSA 768 i f t d
US 112 Security
RSA 640 i f t d
7
RSA-768 is factored(T. Kleinjung, Dec. 2009)
strength is adapted
RSA-640 is factored(T. Kleinjung Nov. 2005)
Approved Cryptographic Algorithms & Key Size
Category Before After (From 2012)
Security strength 80 bits 112 bits
C A A S A A SBlock Cipher ARIA, SEED ARIA, SEED
Operation Mode ECB, CBC, CFB, OFB, CTRECB, CBC, CFB, OFB, CTR, CCM,
GCM
MAC HMAC HMAC, CMAC, GMAC
Hash function SHA-1/256/384/512, HAS-160 SHA-224/256/384/512
Random Number Generator
DSA_PRNG_XXXX, KCDSA_PRNG,ECDSA_PRNG_XXXX
HASH_DRBG, HMAC_DRBG,CTR_DRBG
Public Cipher RSAES-OAEP v2.0, v2.1 RSAES
Digital SignatureRSA-PKCS-v1.5, RSASSA-PSS,
KCDSA, ECDSA, EC-KCDSARSASSA-PSS, KCDSA,
ECDSA, EC-KCDSA
Key Exchange - DH ECDH
8
Key Exchange DH, ECDH
Approved Cryptographic Algorithms & Key SizeC B f Af (F 2012)Category Before After (From 2012)
Key Size(RSA)
1024, 2048 2048, 3072
Key Size(KCDSA, DH)
(pubic key, private key) = (1024, 160), (2048, 256)
(pubic key, private key) = (2048, 224), (2048, 256)
C T(WTLS) WTLS-C-165
(FIPS) B 233 B 283Curve Type : (ECSDA, EC-ECDSA,
ECDH)
( )(FIPS) B-163, B-283(FIPS) K-163, K-283(FIPS) P-192, P-256
(FIPS) B-233, B-283(FIPS) K-233, K-283(FIPS) P-224, P-256
SHA-1, HAS-160RSA PKCS 1 5
CCM/GCM/CMAC/GMACC
Approved Cryptographic
Exclude Include
9
RSA-PKCS-v1.5 DH, ECDH yp g p
Algorithms
Cryptographic Algorithm Validation System We published validation system V 2 0 with data CDWe published validation system V.2.0 with data CD
Cryptographic algorithm test methods Sample Request/Response/Fax files in a CD Sample Request/Response/Fax files in a CD Specify Cryptographic Algorithm Standards
10201220072005
Cryptographic Algorithm Validation System For example (digital signature) For example (digital signature)
RSA-PSS, KCDSA, ECDSA, EC-KCDSAAlgorithms
RSA-PSS key size: 2048, 3072 KCDSA (Pub. key size, Priv. key size): (2048, 224), (2048,
256)256) ECDSA, EC-KCDSA parameters
B-233, B-283, K-233, K-283, P-224, P-256
Digital Signature Test DescriptionTest Method
Key Generation Test Key Generation Test Signature Generation Test Signature Verification Test
11
Conclusion & Discussion KCMVP initiated from 2005 KCMVP initiated from 2005
82 validated cryptographic modulesT iti f t hi l ith d k i Transition of cryptographic algorithms and key sizes Increasing security strength
f Initiated from 2012 Share evaluation metrics
S/W testing know-how Security evaluation metrics for H/W modules
Power analysis attack, fault attack, etc Management of testing labs.
12
Thank you for listeningThank you for listening
13