Designing to Fips-140: A Guide for Engineers and Programmers (設計FIPS-140:工程師與程式設計師指南)

Johnston, David, Fant, Richard

  • 出版商: Apress
  • 出版日期: 2024-04-26
  • 售價: $2,130
  • 貴賓價: 9.5$2,024
  • 語言: 英文
  • 頁數: 213
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 9798868801242
  • ISBN-13: 9798868801242
  • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs.

There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification.

Although this was once a fairly niche topic, it is no longer so. Other industries--banking, military, healthcare, air travel, and more--have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.

 

What You Will Learn

 

  • What is FIPS-140? What is the SP800 standard?
  • What is certification? What does it look like? What is it suitable for?
  • What is NIST? What does it do?
  • What do accredited certification labs do?
  • What do certification consultants do?
  • Where and when is certification required?
  • What do FIPS-140 modules look like?
  • What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?
  • What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?
  • What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?
  • How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?
  • How do you get CAVP certificates (cert houses, ACVTs)?
  • How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Who This Book Is For

Hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality, including silicon vendors, library vendors, OS vendors, and system integrators

商品描述(中文翻譯)

本書提供了詳細且實用的資訊,讓從業人員了解為何應該選擇認證。它涵蓋了優點和缺點,並展示了如何設計以符合規範(如FIPS-140、SP800文件以及相關的國際規範,如AIS31、GM/T-0005-2021等)。它還介紹了如何進行合規性測試。通過閱讀本書,您將了解如何與獲得認證的實驗室以及相關的行業論壇(如CMUF、ICMC)互動。簡而言之,本書涵蓋了您需要了解的一切,以進行合理的設計。

FIPS-140(聯邦資訊處理標準)認證是針對銷售給美國政府的加密產品的一個認證過程。其他國家也有類似的認證,導致了一個非常複雜的過程。有許多公司專門幫助其他公司應對FIPS-140認證過程。此外,您必須與獲得認證的實驗室簽訂合約才能獲得認證。

儘管這曾經是一個相對小眾的話題,但現在已經不再如此。其他行業,如銀行、軍事、醫療、航空等,都採用了FIPS認證的加密產品。對這些服務的需求呈指數級增長。然而,可用的技能人才儲備並未增長。許多人在開發產品時缺乏可用的信息,不知道如何滿足這些標準並獲得認證,甚至不知道這些認證是否適用於他們的產品。

您將學到以下內容:
- 什麼是FIPS-140?什麼是SP800標準?
- 什麼是認證?它是什麼樣子?適用於什麼?
- 什麼是NIST?它的作用是什麼?
- 認證實驗室是做什麼的?
- 認證顧問是做什麼的?
- 何時何地需要認證?
- FIPS-140模塊是什麼樣子?
- FIPS-140模塊的子組件有哪些(RNGs、PUFs、加密功能)?如何對它們進行認證?
- 物理原件有哪些(RNGs、PUFs、密鑰存儲)?如何處理在FIPS下對它們進行認證時的額外複雜性?
- 合規性算法有哪些(AES、SP800-90算法、SHA、ECDSA、密鑰協議等)?
- 如何為認證進行設計(BIST、啟動測試、安全邊界、測試訪問、清零等)?
- 如何獲得CAVP證書(證書機構、ACVT)?
- 如何獲得CMVP認證(證書機構、所需文件、設計信息、安全策略等)?

本書適合硬體和軟體工程師,以及包含任何形式的加密功能的工程項目的管理者,包括矽片供應商、庫供應商、操作系統供應商和系統集成商。

作者簡介

David Johnston is an engineer at Intel working on cryptographic hardware used in Intel CPUs and other silicon products. He has been directly involved in the development of the SP800-90 and FIPS140 standard revisions and is active in FIPS-related industry forums--he has several FIPS and CAVP certifications. David spent 30 years in various hardware and software roles and is the author of Random Number Generators, Principles and Practices.

 

Richard Fant performs security assessments for Intel products and platforms by evaluating the FIPS 140-3 compliance and design strategy for the FPGA Business Unit (Programmable Solution Group). He also helps lead the Intel FIPS CoE (Center of Excellence) across other Intel business units. Richard has two bachelor's degrees from the University of Texas: (Computer Science and Mathematics) as well as a master's degree in Cybersecurity from Syracuse University. He has worked in the semiconductor industry for 20+ years for companies such as Motorola, AMD, and Intel. He also worked at Atsec Information Security performing FIPS evaluations for various semiconductor manufacturers.

In his free time, Richard likes to engage in his other passions: half-marathons and travel. To date, he has run a half-marathon on every continent except Antarctica. While visiting those faraway places, he frequently enjoys testing the laws of entropy at the casinos located there. He has lived in Austin, Texas his entire life and yet has racked up over 2 million frequent flyer miles from traveling about the world for work and fun.

作者簡介(中文翻譯)

David Johnston 是 Intel 的工程師,負責開發用於 Intel CPU 和其他硅產品的加密硬體。他直接參與了 SP800-90 和 FIPS140 標準的修訂工作,並在 FIPS 相關的行業論壇中活躍,擁有多個 FIPS 和 CAVP 認證。David 在各種硬體和軟體角色中擁有 30 年的經驗,並著有《隨機數生成器:原理與實踐》一書。

Richard Fant 負責評估 FPGA 事業部(可程式解決方案群組)的 FIPS 140-3 合規性和設計策略,為 Intel 產品和平台進行安全評估。他還協助領導 Intel FIPS CoE(卓越中心),跨其他 Intel 事業部進行工作。Richard 擁有德克薩斯大學的兩個學士學位(計算機科學和數學),以及雪城大學的網絡安全碩士學位。他在半導體行業工作了 20 多年,曾在 Motorola、AMD 和 Intel 等公司工作。他還在 Atsec Information Security 公司為各種半導體製造商進行 FIPS 評估。

在空閒時間,Richard 喜歡參加半程馬拉松比賽和旅行。到目前為止,他已經在除了南極洲以外的每個大陸上跑過半程馬拉松。在訪問這些遙遠的地方時,他經常喜歡在那裡的賭場測試熵的法則。他一直住在德克薩斯州奧斯汀,但因為工作和娛樂而在世界各地旅行,累積了超過 200 萬里程的常客飛行哩程。