Recently, Rambus blogged about a large number of our DPARC and Crypto Accelerator Hardware Cores receiving FIPS-140-2 CAVP certification by NIST. As we wrote, these certifications provide our customers with assurance of the robustness, quality and applicability of our cryptographic solutions. But, as nefarious parties continue to uncover new ways to hack devices, Rambus and others must continually improve their cryptography technologies.
The standards body that regulates the FIPS 140 standard recognizes that as well. Earlier this year, the US Secretary of Commerce approved the Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirements for Cryptographic Modules. The new FIPS 140-3 standard is effective on September 22, 2019, with testing on the new standard beginning exactly one year later. While not official, it is suspected that current modules validated to FIPS 140-2 (like ours) will remain on the active validation list until the 140-2 sunset date. This is typically five years after date of validation, which implies that FIPS 140-2 would remain valid until at least September 22, 2026. So, the takeaway here would be that our work in getting 140-2 certification will continue to benefit our customers for at least the next half decade.
For us, the most interesting thing in the new FIPS 140-3 specification is the inclusion of language around non-invasive attacks. The 140-2 specification listed non-invasive attacks only as a definition item, with no specific requirement. The 140-3 specification specifically calls out a heightened importance of mitigations against non-invasive attacks.
For those new to non-invasive (i.e. side channel) attacks: a side-channel attack is a method for an adversary to gain access to information about the internal activity of a chip by capturing and analyzing “unintentional” data, for example power consumption, EM emissions, behavior during voltage spikes, and others. These low-cost, non-invasive methods enable attackers to stealthily extract secret cryptographic keys used during normal device operations. Once the keys have been extracted, attackers can easily gain unauthorized access to a device, decrypt or forge messages, steal identities, clone devices, create unauthorized signatures and perform additional unauthorized transactions. Essentially, a side channel attack is a way to steal all a device’s secrets without having to physically hack a device. If you’re interested in learning more about DPA and how to test resistance, join us at our next DPA Workstation Training, happening in late August in Atlanta.
Rambus sees resistance against side channel attacks as a critical item for securing devices, both now and in the future. Rambus pioneered DPA back in the mid-1990s, and we continue fundamental research into, and development of, products based on side channel attacks. We’ve long spoken of the importance of not only testing devices to understand their resistance to side channel attacks (using our DPA Workstation), but also building protections against these attacks into devices via our DPA-resistant software libraries, DPA-resistant hardware cores, and our more recently released combo DPARC and fault Injection-resistant hardware cores.
The formal recognition of the risk of side channel attacks via its inclusion in the FIPS 140-3 standard validates our assertion that side channel attacks are no longer the domain of state actors, but a real, everyday threat to devices. We hope that the new standard will continue to drive awareness beyond government and military applications, and we stand ready to address our customer’s needs to make their devices as secure as possible.