A FIPS 140-2 evaluation could authorize CC-like tests


In the word of Common Criteria (CC) smart card evaluations, lot of time is spent for the vulnerability analysis. A large amount of attacks, both environmental and intrusive, are performed within the integrated circuit and its embedded software to obtain the CC certificate. The level of security is graduated using Evaluation Assurance Levels (EAL), which correspond to packages of security assurance requirements.

On the other side of the Atlantic Ocean, and more precisely in Canada and U.S, the cryptographic module evaluations are made using the FIPS PUB 140-2 standard. This kind of evaluation is mainly based on the conformity of cryptographic mechanisms to "FIPS Approved" standards. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests which are mainly functional.

A CC evaluation does not supersede or replace a validation to FIPS 140-2.
Some Protection Profiles require that a cryptographic module which belongs to the Target of Evaluation (TOE) already has a FIPS 140-2 certificate: this gives the assurance that the cryptographic module functions as specified through "FIPS Approved" standards.

The Common Criteria (CC) and FIPS 140-2 are different in the abstractness and focus of tests.

Nevertheless, there is an ambiguity in the statement of FIPS 140-2 requirements which should lead to perform CC-like tests. This interpretation could change the initial philosophy of a FIPS 140-2 evaluation.
It also leads to some problems, as the quotation of the attacks with respect to the security level chosen.

Such an interpretation has been tested through a feasibility study sponsored by the DCSSI.
The results of this study have been used as inputs to establish the new ISO/19790 standard.

This presentation depicts the integration of this interpretation in a FIPS 140-2 evaluation process, and gives some propositions to solve identified problems.
Author/Presenter: Jean-Pierre KRIMM/ Axel BONESS