What is the difference between FIPS 140-2 Level 3 and FIPS 140-3?

by
What is the difference between FIPS 140-2 Level 3 and FIPS 140-3

The Federal Information Processing Standard (FIPS) 140 is a U.S. government computer security standard that specifies requirements for cryptography modules. Cryptography is essential for protecting sensitive data, so FIPS 140 provides a benchmark for effective cryptography implementation.

The National Institute of Standards and Technology (NIST) issues the FIPS 140 standards to coordinate cryptographic techniques across government agencies. FIPS 140 validation is required for cryptographic modules to be purchased by U.S. government agencies. The standard is also widely used in financial services and other industries dealing with critical data security.

FIPS 140 helps ensure cryptographic modules contain the necessary security levels, are implemented properly, and are resistant to attacks. Proper implementation is crucial since vulnerabilities in cryptography can expose protected data. FIPS 140 reduces risk for government and commercial organizations by providing rigorous testing and validation of cryptographic modules against standard benchmarks.

Overview of FIPS 140-2

FIPS 140-2 is a U.S. government computer security standard published by the National Institute of Standards and Technology (NIST) in May 2001. It specifies requirements for cryptographic modules used by U.S. federal agencies and organizations working with them to protect sensitive information [1].

FIPS 140-2 defines four levels of increasing security, from Level 1 to Level 4. Each level adds additional requirements around physical security mechanisms, identity-based authentication, and tamper-proofing. The different levels allow flexibility in choosing security solutions appropriate for different data sensitivity levels [2].

Level 3 in FIPS 140-2

FIPS 140-2 Level 3 has stringent requirements for physical security and authentication. For physical security, the cryptographic module must provide features that prevent or detect attempts of undetected entry, such as the use of strong enclosures and tamper detection/response circuitry. The module must immediately zeroize all plaintext secret/private cryptographic keys and CSPs if tampering is detected.

For authentication, operators must be identified and authenticated before any security functions can be accessed. There must be controlled access to module operations based on authority level. Separate authentication is required for critical security parameters and non-critical security parameters. Two-factor authentication is required using mechanisms like password/PIN plus physical token.

For encryption, all keys and CSPs must be encrypted when not in operational areas. Approved encryption algorithms with strength of 112 bits or higher must be used. Key management must follow FIPS approved methods.

Detailed FIPS 140-2 Level 3 requirements can be found in the official standard document (cite: NIST).

Limitations of FIPS 140-2

FIPS 140-2 was initially published in 2001 and aimed to establish cryptographic standards for hardware and software modules. However, over time it became clear that FIPS 140-2 had some key limitations that needed to be addressed (NIST):

  • It lacked flexibility to accommodate new and emerging technologies like the cloud and mobile devices.
  • The validation process was slow and burdensome.
  • It was limited in scope to cryptographic modules and did not address full system-level security.
  • Standards for key management, authenticity, and identity management were inadequate.
  • There was insufficient guidance for crypto-agility and dealing with algorithms that become insecure over time.

Essentially, FIPS 140-2 was not designed for the rapid pace of change in IT systems and cryptographic algorithms. An updated standard was needed to meet modern security demands and address vulnerabilities that FIPS 140-2 could not handle.

Introduction of FIPS 140-3

The latest version of the cryptography standard, FIPS 140-3, was released by the National Institute of Standards and Technology (NIST) on March 22, 2019. It supersedes the previous FIPS 140-2 standard that was introduced in 2001.

According to the NIST website, FIPS 140-3 includes a number of major improvements over the FIPS 140-2 standard (NIST). Some of the key enhancements include:

  • Support for modern cryptographic algorithms like AES, SHA-3, and quantum cryptography.
  • Aligning the validation requirements with international standards for cryptography.
  • Adding testing requirements for cryptographic modules securing 5G infrastructure.
  • Mandating the use of approved integrity techniques for firmware and software.

By updating the cryptography approval process and requirements, FIPS 140-3 aims to address the latest threats and technology changes that have emerged since the previous version was published nearly 20 years ago.

Key Differences in FIPS 140-3

The newest version of the cryptography standard FIPS 140 introduces several key differences compared to the previous FIPS 140-2 standard. Some of the most significant changes in FIPS 140-3 are related to new cryptography requirements, security levels, and features.

One major change is that FIPS 140-3 requires the use of modern cryptographic algorithms and deprecates older, weaker algorithms that were previously allowed in FIPS 140-2. For example, FIPS 140-3 requires the use of AES or Triple DES for encryption rather than allowing single DES, which is now considered insecure. It also removes support for weak hash algorithms like MD5 and SHA-1 (https://sambaxp.org/fileadmin/user_upload/sambaxp2023-Slides/Bokovoy_sXP23_FIPS_140_3.pdf).

Additionally, FIPS 140-3 makes changes to the definitions of security levels. Level 1 now requires features for tamper evidence and identity-based authentication. Level 2 adds side channel attack resistance requirements. And Level 3 enhances physical security mechanisms compared to the previous standard (https://www.ibm.com/docs/en/sdk-java-technology/8?topic=guide-fips-140-3-evaluation-technology).

Lastly, FIPS 140-3 adds new security assurance requirements in areas like supply chain risk management, software integrity verification, and vulnerability analysis. The standard also incorporates guidance on cryptographic key management best practices.

Level 3 in FIPS 140-3

FIPS 140-3 Level 3 has stricter physical security requirements compared to Level 3 in FIPS 140-2. According to the NIST standard, Level 3 cryptographic modules must include features that prevent any physical access to critical security parameters (CSPs), such as encryption keys. Some specific physical security requirements in FIPS 140-3 Level 3 include:

Tamper-evident coatings and seals on removable covers and doors that would reveal any physical access attempts (FedTech Magazine). Stronger requirements for picking and probing resistance. Requirement for enclosure penetration protection around interfaces and cables.

In terms of encryption algorithms, FIPS 140-3 Level 3 requires support for AES encryption with keys sizes of 192 bits and 256 bits, compared to FIPS 140-2 which only required AES 128-bit keys at Level 3. FIPS 140-3 also specifies the use of stronger SHA-3 and HMAC hash algorithms compared to SHA-1 previously allowed in FIPS 140-2.

Overall, the physical security and encryption requirements in FIPS 140-3 Level 3 aim to provide robust protection against physical tampering and access to encrypted data and keys. These stronger protections reduce the risk of compromise for high-value cryptographic modules used by government agencies and enterprises.

Implementation Timeline

The transition from FIPS 140-2 to FIPS 140-3 has key deadlines for organizations to meet. The U.S. government set specific timeframes for when cryptographic modules must meet the updated 140-3 standard.

According to the NIST website FIPS 140-3 Transition Effort, FIPS 140-2 validations will end on September 21, 2026. After this date, all cryptographic modules must comply with 140-3. Validations under 140-2 can continue until the 2026 deadline.

However, the ability to validate new cryptographic modules under 140-3 begins earlier. The NIST states validation bodies must have lab accreditation for FIPS 140-3 testing by September 2020. So organizations should aim to have 140-3 compliant modules tested and validated prior to the 2026 deadline.

The NIST recommends organizations focus on transitioning high security modules first, such as those using Level 3 or Level 4 protections. The timeline gives a window of over 5 years to transition, but planning ahead for more complex modules can help avoid bottlenecks closer to the deadline.

Cost Considerations

Upgrading cryptographic modules to comply with FIPS 140-3 will have budget impacts that organizations need to plan for. According to the NIST CMVP fee schedule, validation fees for FIPS 140-3 are higher than for FIPS 140-2 across all security levels. For example, at Security Level 3, the base validation fee increases from $10,000 for FIPS 140-2 to $15,500 for FIPS 140-3.

In addition to the validation fees, organizations will incur costs related to the technical work required to upgrade their cryptographic modules and have them validated against the new standard. These costs will vary depending on the specific modules and how extensive the required changes are.

Some key cost factors to consider include:

  • Engineering effort to modify cryptographic modules to comply with new requirements in FIPS 140-3
  • Testing and quality assurance activities
  • Preparing documentation for the validation process
  • Acquiring any new hardware/software required to meet FIPS 140-3 requirements

Organizations looking to budget and plan for FIPS 140-3 upgrade costs can refer to NIST’s draft management manual for estimated timelines and expenses here.

Conclusion

FIPS 140-2 Level 3 and FIPS 140-3 Level 3 both aim to provide robust security for cryptographic modules. The key differences lie in the enhanced cryptography requirements, vulnerability assessments, and physical security mechanisms in FIPS 140-3.

FIPS 140-3 mandates stronger cryptographic algorithms like AES and SHA-2 which weren’t required in FIPS 140-2. It also requires vulnerability assessments for all validation levels and adds side-channel attack testing for Level 3. Physical security is also stepped up in FIPS 140-3 Level 3 through requirements like identity-based authentication for maintenance access.

For organizations using cryptographic modules, transitioning from a FIPS 140-2 Level 3 validated module to a FIPS 140-3 Level 3 validated one will require effort and cost. However, it provides long-term future-proofing against evolving cyberthreats and demonstrates a high commitment to security. To start the migration process, review validated FIPS 140-3 modules that meet your requirements.

Leave a Comment