The Federal Information Processing Standard (FIPS) Publication 140-2 and 140-3 are information security standards published by the National Institute of Standards and Technology (NIST) to specify security requirements for cryptography modules. Cryptography modules are hardware, software, or firmware components that perform cryptographic functions like encryption, decryption, authentication, and key generation.
FIPS 140-2 was introduced in 2001 to replace the original FIPS 140-1 standard published in 1994. It defines four security levels for cryptographic modules to protect sensitive information, with Security Level 1 being the lowest and Security Level 4 being the highest. FIPS 140-3 was drafted in 2019 to supersede FIPS 140-2, adding new requirements to reflect modern technologies and threats.
One of the most significant differences between the two standards is in Security Level 3 regarding physical security mechanisms. FIPS 140-2 Level 3 requires features like tamper-evident coatings or seals and identity-based authentication, while FIPS 140-3 Level 3 introduces more advanced requirements like conformal coatings and anti-probing defenses.
This article provides an in-depth comparison of the physical security mechanisms mandated by FIPS 140-2 Level 3 versus FIPS 140-3 Level 3. It analyzes the capabilities required to safeguard cryptographic modules from physical attacks and explains how the updated standard aims to counter sophisticated manipulation and penetration techniques.
Overview of FIPS 140-2 Security Levels
FIPS 140-2 specifies increasing qualitative requirements for cryptographic modules across four security levels. Each level contains general areas that correspond to specific sections, as summarized below:
FIPS 140-2 Security Level 1
– Cryptographic Module Specification – Requires a complete specification of the module and its interfaces
– Cryptographic Module Ports and Interfaces – Basic port and interface requirements
– Roles, Services and Authentication – Only one mandatory role (User), one service (Approved security function), and authentication not required
– Finite State Model – Basic operational states specified
– Physical Security – Production-grade equipment
– Cryptographic Key Management – Basic key management required
– EMI/EMC – Encryption/decryption must be performed correctly without error
– Self-Tests – Basic power-up self-tests required
– Design Assurance – Vendor asserts the module meets requirements
FIPS 140-2 Security Level 2
Builds on Level 1 requirements by adding:
– Roles, Services and Authentication – Adds Crypto Officer role and authentication
– Physical Security – Provides tamper-evident seals/coatings
– Cryptographic Key Management – Requires key establishment and pair-wise consistency tests
– EMI/EMC – Adds operating ranges for temperature and voltage
– Self-Tests – Adds conditional self-tests
– Design Assurance – Uses informal correspondence analysis
FIPS 140-2 Security Level 3
Enhances Level 2 by requiring:
– Physical Security – Introduces identity-based authentication and tamper response/detection
– Cryptographic Key Management – Specifies threshold schemes for secret sharing
– Self-Tests – Cryptographic algorithm tests required
– Design Assurance – Adds complete design and formal analysis
FIPS 140-2 Security Level 4
Highest level, building on Level 3:
– Physical Security – Detects physical penetration of module and zeroizes critical cryptography security parameters
– EMI/EMC – Protections against more sophisticated monitoring techniques
– Self-Tests – Complete suite of self-tests required
– Design Assurance – Adds covert channel analysis
This shows how FIPS 140-2 defines increasing standards across the same set of categories to meet different levels of security needs. Next, we’ll do a detailed comparison of FIPS 140-2 Level 3 vs. FIPS 140-3 Level 3 physical security requirements.
Physical Security in FIPS 140-2 Level 3
FIPS 140-2 Level 3 introduces physical security mechanisms to counter basic intrusion risks. The physical security requirements aim to protect a cryptographic module from threats like unauthorized opening, extraction, and replacement.
Some high-level FIPS 140-2 Level 3 physical security requirements are:
The cryptographic module must provide features that leave physical evidence if tampering is attempted. This could include:
– Tamper-evident coatings like baked-on enamels that crack if the module is opened
– Tamper-evident seals like adhesive-backed paper seals that get destroyed if removed
– Pick-resistant locks that prevent accessing internal components with lock picking tools
In addition to leaving physical evidence of tampering, FIPS 140-2 Level 3 requires features to actively detect if tampering occurs, like:
– Micro switches that sense if covers are opened or panels are dislodged
– Motion detectors that trigger if attempts are made to access the module
– Light detectors that can identify photonic emissions during penetration
The module must authenticate an operator accessing physical ports, interfaces, or services. This could involve:
– Personal identification number (PIN) entry
– Cryptographic authentication using digital signatures or challenge/response
– Biometric authentication like fingerprints or iris scans
All surfaces of the module must be covered with opaque materials to block visual access to critical security parameters.
Upon detecting tampering, the module must respond by taking actions such as:
– Zeroizing cryptographic keys and critical security parameters
– Outputting error states to block operations
– Requesting re-authentication to resume functioning
This enforces rapid erasure of sensitive data if unauthorized physical access is detected.
Physical Security Mechanisms in FIPS 140-3 Level 3
FIPS 140-3 Level 3 enhances protections against more sophisticated physical attacks that emerged after FIPS 140-2 was published in 2001. New requirements aim to safeguard against techniques like:
– Optical probing – Using lasers or microscopes to observe circuits
– Electrical probing – Applying probes to extract signals from components
– Microprobing – Accessing chip traces and memory contents
– Fault generation – Disrupting operations to glitch secrets
– Side channel analysis – Monitoring power usage and electromagnetic emissions
Some key physical security requirements added in FIPS 140-3 Level 3 include:
All printed circuit boards must be covered with an opaque protective coating like acrylic or urethane resin. This prevents observation or modification of board components and wiring.
Protections against optical probing
Options for mitigating threats from lasers, microscopes, or other optical observation techniques:
– Optical shielding on components and paths carrying sensitive data
– Sensors to detect optical emissions during penetration attempts
– Optical obscuration mechanisms that distort or block visible pathways
Protections against electrical probing
Defenses against attempts to monitor or manipulate electrical signals:
– Encapsulation around components and printed circuit board sections
– Sensors to detect changes in electrical characteristics
– Current flow obfuscation techniques
Protections against microprobing
Barriers to accessing chip-level contents via microprobing:
– Chip coatings like nitride or polymer passivation layers
– Sensors to detect microprobing
– Active anti-probing circuitry
Protections against differential power analysis (DPA)
DPA involves collecting and statistically analyzing power consumption measurements during cryptographic operations. Defenses include:
– Measurement obfuscation, like adding noise or randomness
– Hardware balancing, using complementary circuits to normalize power usage
– Algorithmic masking, splitting secret data across shares
Protections against fault generation
Fault attacks aim to cause malfunctions that leak secrets. Countermeasures include:
– Sensors to detect abnormal electrical activity or temperature
– Current limiting to prevent damage from current injections
– Fault detection circuits to identify glitches or deviations
– Fault tolerance mechanisms to maintain cryptographic integrity
Zeroization of plaintext secret and private cryptographic keys
Stored unencrypted keys must be automatically erased upon tamper detection. This includes keys stored in nonvolatile memory.
Summary of FIPS 140-3 Level 3 Physical Security
FIPS 140-3 Level 3 adapts physical protections to match modern threats that have emerged over the past two decades. While FIPS 140-2 Level 3 limited its scope to basic tamper evidence, detection and response, FIPS 140-3 Level 3 expands requirements to address more technical attacks like:
– Optical and electrical probing
– Fault generation
– Side channel analysis
– Localization of unencrypted secrets in nonvolatile memory
It aims to block the vector, prevent access, protect sensitive data paths, detect events, obfuscate outputs, withstand manipulation attempts, and trigger strong tamper response.
Some example FIPS 140-3 Level 3 physical security features include conformal PCB coatings, optical shields, electrical encapsulation, chip passivation layers, active anti-probing circuitry, power analysis defenses, fault injections sensors, and plaintext secret zeroization.
Comparison of FIPS 140-2 Level 3 and FIPS 140-3 Level 3
|Security Requirement||FIPS 140-2 Level 3||FIPS 140-3 Level 3|
|Tamper Evidence||Tamper-evident seals, coatings, enclosures||Tamper-evident seals, coatings, enclosures|
|Tamper Detection||Basic sensors like microswitches, motion detectors||Advanced sensors plus anti-probing circuitry|
|Tamper Response||Zeroize keys, output errors||Zeroize keys and plaintext secrets, output errors|
|Opaque Coverings||Opaque enclosure||Opaque enclosure and conformal PCB coating|
|Identity Authentication||PINs, biometrics||PINs, biometrics|
|Side Channel Protections||Not specified||Power analysis defenses required|
|Protections Against Optical Probing||Not specified||Optical shielding, obscuration mechanisms|
|Protections Against Electrical Probing||Not specified||Encapsulation, current flow obfuscation|
|Protections Against Microprobing||Not specified||Chip coatings, active anti-probing|
|Protections Against Fault Generation||Not specified||Fault detection sensors and tolerance|
This summarizes how FIPS 140-3 Level 3 expands the physical security requirements specified in FIPS 140-2 Level 3 to defend against more advanced physical attacks.
FIPS 140-3 Level 3 builds on the basic tamper protections introduced in FIPS 140-2 Level 3 and greatly expands requirements to address sophisticated hardware attack techniques. It aims to counter threats like optical and electrical probing, microprobing, fault injection, side channel analysis, and localization of secrets in nonvolatile memory.
While both standards mandate tamper evidence, detection, and response mechanisms, FIPS 140-3 Level 3 specifies more robust defenses like conformal PCB coatings, anti-probing circuitry, power analysis countermeasures, fault detections sensors, and zeroization of unencrypted secrets. This allows modern cryptographic modules to maintain security assurances even when confronted with precisely executed physical attacks.
Organizations that require high-grade hardware protections for keys and critical data should look to implement cryptographic modules validated under the FIPS 140-3 Level 3 standard. As computing technologies and threats continue advancing, standards like FIPS 140-3 will evolve to define updated security criteria for sensitive cryptographic modules across defense, government, financial, and critical infrastructure sectors.