[Cryptography Team] NSS Meeting

Ron Teitelbaum Ron at USMedRec.com
Fri Dec 1 20:22:34 UTC 2006 

Hello all,

 

Ok I just finished my NSS Meeting and here is what I learned.  

 

The testing labs are not allowed to work as a consultant.  If you feel that
you need a consultant then you can hire a second lab to help.  But the labs
do a pretty good job of documenting why things fail so if you don't mind the
iterative work and are not looking to save time by having a consultant then
one lab is fine.  You could also hire a NIST consultant that is not
connected with a lab.

 

The best thing to do is run thorough the 140 standard and make your best
guess as to the requirements.  This is especially helpful when you have your
initial meeting with the labs.  Many labs will offer a very long 2 day
meeting where they go over all of the NIST requirements, with you.  This is
a good chance to ask questions for example if you have a solution to a
requirement you could ask at that time whether or not your solution meets
the requirements.  Also this is a good time to identify anything that you
missed.  Sounds like a potential Squeak Cryptography Conference candidate,
we'll have to work out the details when the time comes.

 

Labs usually offer a fixed fee for validation but we should be careful not
to sign with a lab that has a fixed term.  The first phase, the validation
of the algorithms takes about 3 months to complete.  The second phase the
crypt module part takes about 6 months.  The final phase takes 3 months so
any delay at all could easily send you over the 12 month that is offered by
some labs.  NSS first pass was 18months.  This last round was closer but
will probably go over 12 months.  

 

The current NSS module is not validated.  They have passed the lab part but
are waiting on NIST for the final validation.

 

I learned more about the second phase.  The second phase includes about 100
questions that need to be answered.  These answers are shared with the lab
only but it takes a lot of documentation to complete it.  They ask questions
like how do you protect sensitive data, how do you ensure read and write
file protection.

 

I also learned a few answers.  The external crypto library can be secured
using a CC evaluated operating system.  For example if our security document
specified that when the file is installed the operating system sets read and
write attributes to the user then as long as the OS is CC evaluated that
meets NIST validation.

 

Also the requirements at NIST are not as stringent as you might think.
There are a number of areas of real security concern that are not addressed
by NIST.  For example the protection of private keys.  NIST requires wiping
of memory after the key is used but does not mention encrypting the value in
memory or preventing swapping.  

 

NIST can only review the Security policy and the Test report of the lab.  So
the security policy is very important.  If you spend more time on the
security policy, make it easy to use, then NIST will have an easier time and
may be able to turn your validation around faster.  The answers to your
questions and your source code is not available to the NIST during the final
review.

 

If you have any difficulty with the security policy or need answers on how
to solve certain requirements then checking other open source security
policies can definitely help.  Also since there are a number of OS crypto
modules using their test examples, comparing input and output, and structure
of the tests may help you to understand the tests better.  In there
experience if the library is being used the implementation is probably
correct, most errors are actually errors in understanding or implementing
the test.

 

There is an interesting dynamic working with Labs.  It starts off as a
pseudo adversarial relationship.  The lab works against you making you prove
your code.  But once the Lab passes you, that dynamic changes and you become
a team working to get the final validation.

 

The cost for the labs for a full multipurpose validation on 7 OS's ran
around US50k.

 

I'm expecting information about implementing and using the NSS validated
crypto module for Squeak.

 

Comments are welcome,

 

Ron Teitelbaum

President / Principal Software Engineer

US Medical Record Specialists

Ron at USMedRec.com

Squeak Cryptography Team Leader

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20061201/24408a4a/attachment.htm

More information about the Cryptography mailing list