The United States National Institute of Science and Technology (NIST) has responsibility for issuing Federal Information Processing Standards (FIPS Publications) and other support for Information Technology. The Computer Security Division provides resources and services related to Cryptographic Technology and the assurance and testing of cryptographic modules and algorithms.
NIST cryptographic resources are relied upon by international standards and specialized specifications, such as those for XML Encryption. They are also employed in the development of cryptographic procedures employed in nfoWorks document-security analysis, implementations, and forensic tools.
This folio compiles available NIST resources having application in development of nfoWorks deliverables.
- Essential NIST Computer Security Resources
- nfoWorks Usage of NIST Resources
- Folio Catalog
The following resources are the backbone of the cryptography-related computer security resources from NIST. These NIST.gov pages are the routes to detailed NIST materials relied upon for cryptographic developments under nfoWorks:
- 1.1 NIST Computer Security Resource Center (CSRC) (cache)
This web page explains and links to the different categories of NIST publication on computer security, including materials of the Cryptographic Toolkit and the Cryptographic Module Verification Program (CMVP). Use the current on-line version of this page to find the latest resources including updates on those relied upon here.
- 1.2 Security-Related Federal Information Processing Standards (FIPS) Publications (cache)
There are a variety of Federal Information Processing Standards applicable to computer system security in U.S. Federal Government operations. Some apply to specific cryptographic methods and other security practices including FIPS 140-2, its extensions, and companion standards. The NIST CSRC provides a list of all applicable FIPS publications.
- 1.3 Security-Related NIST Special Publications (SP800 Series) (cache)
The SP800 Series of NIST Special Publications provide technical and procedural information for a variety of computer security and cryptography topics. There is technical content beyond the level of detail of the FIPS publications to which they relate. The latest version of this compilation should be consulted for the current status of these documents.
- 1.4 NIST Cryptographic Toolkit (cache)
This page provides a menu to the different cryptographic modules for which NIST provides standards and guidance. Additional information on the testing and verification of modules, and the standards applicable to the qualification of cryptographic modules is found under the Cryptographic Module Verification Program (CMVP).
- 1.5 NIST Cryptographic Module Verification Program (CMVP) (cache)
This source explains the CMVP and the available standards and procedures that are applicable in the verification of cryptographic modules.
- 1.6 NIST CMVP Standards (cache)
The FIPS 140-2 (effective 2001-11-15), FIPS 140-1 (2002-05-25 ending of transition) and relevant International Standards are described along with supporting guidance, supplemntal specifications, and verification information. This provides the structure against which nfoWorks cryptographic artifacts are oriented, whether or not submitted for formal verification.
- 1.7 FIPS 140-1 Security Requirements for Cryptographic Modules (1994-01-11, cache)
This specification was superseded by FIPS 140-2 on May 25, 2001. Certification under FIPS 140-2 was required for new certifications after that date. Modules certified under FIPS 140-1 prior to that time retain their certification. The document is available from the CSRC FIPS Publications catalog (1.2).
This document is referenced in publications on older, stable cryptographic modules that continue in use. It is preserved here for consultation in conjunction with other specifications that depend on it.
- 1.8 NIST SP-800-29 Comparison of Security Requirements in FIPS 140-1 and FIPS 140-2 (June 2001, cache)
This document provides comparison between the original FIPS 140-1 and improvements made in its successor, FIPS 140-2. Although FIPS 140-1 has been retired, previous verifications of cryptographic modules conducted under FIPS 140-1 remain in effect. The comparison document is available from the CMVP Standards page (1.6).
- 1.9 FIPS 140-2 Security Requirements for Cryptographic Modules (2010-05-25, updates through 2002-12-03, cache)
This is the current (January 2013) specification of security requirements. Its sections and separately-published annexes are relevant to many cryptographic primitives of current interest. Annexes are referenced where they apply to nfoWorks security-related functions. The document is available from the CSRC FIPS P:ublications catalog (1.2).
A proposed FIPS 140-3 draft dated 2009-12-11 was issued for public comments. The draft has not been revised nor advanced to a FIPS standard at this time.
- 1.10 CMVP-CAVP Cryptographic Algorithm Verification Program (2013-01-08, cache)
The CAVP program provides for verification of NIST approved and recommended cryptographic algorithms. These are prerequisites to Cryptographic Module Verification. For each algorithm type, the applicable specifications are identified, followed by the applicable verification tests. Although applying these tests independently does not qualify for certification, it is valuable to self-administer comparable verifications as part of private demonstration that a new implementation of one of the cryptographic algorithms is qualified. That is the intended usage for nfoWorks security-related functions.
These are the (January 2013) currently-approved algorithms covered by the verification program:
Symmetric Ciphers: AES, Triple-DES, Skipjack
XTS-AES: AES Mode for stored data encryption (profile of IEEE Std 1619-2007)
Asymmetric-Key Ciphers and Digital Signatures: DSA, RSA, and ECDSA
Secure Hash Standards: SHA1, SHA256, SHA512 and variations
Random Number Generators
Deterministic Random Bit Generators (i.e., pseudo-random generators)
Key Establishment Schemes
Message Authentication Codes (MAC): CMAC, CCM, GCM, GMAC, HMAC
Key Derivation: KBKDF
Some algorithm component (primitive) tests
Retired Validation Tests
This section will be expanded as chunks of NIST resources are applied to nfoWorks functions.
- n170401: SCE: Stream Cipher Equivocation
an analysis of stream-cipher resistance to cryptanalysis based on equivocation considerations
- Hamilton, Dennis E.
- NIST Cryptography Resources. nfoWorks nfoNote folio n130101 0.0.2, April 22, 2017. Accessed at <http://nfoWorks.org/notes/2013/01/n130101.htm>.
created 2012-05-03-15:57 -0700 (pdt) by