FIPS 140-1 & 140-2



General Information

Aspect Labs is a NVLAP accredited laboratory which performs testing against the FIPS 140-2 standard, Security Requirements for Cryptographic Modules. We also perform preliminary consulting on the upcoming FIPS 140-3 standard, which is soon to be adopted by NIST. Information on our team and clients is provided here.

100% of the products tested by our lab have achieved FIPS 140-2 validation.

Our NVLAP accredited testing services include:

  • FIPS 140-2 testing of cryptographic modules at Security Levels 1 to 4.
  • CAVP (Cryptographic Algorithm Validation Program) testing of algorithm implementations.
  • PIV testing of SmartCard modules.

Our consulting and engineering services include:

  • Design of FIPS 140-2 and FIPS 140-3 Submission Package.
  • FIPS 140-2 and 140-3 Product Design and Engineering
  • PIV Product Design and Engineering
  • FIPS 140-2, 140-3 and PIV training
  • Testing and Countermeasure Design for Side Channel Attacks, Differential Power Analysis, Electromagnetic Analysis

We offer fixed price quotes for all our services.

Our testing style differs significantly from other labs. We usually spend a lot of time working face-to-face with the engineers on the customer site, something that other labs rarely do. Many of our customers are located in San Francisco Bay area, within a short drive from our Santa Clara office.

FIPS 140-2 validation process is a complex and time-consuming task. The FIPS 140-2 standard is a publication that specifies security requirements in generic terms. Application and interpretation of the FIPS 140-2 standard to a particular product includes a process of interpretations and negotiations. This process includes the vendor, the lab, and the CMVP validation team. When the test report is submitted to the CMVP it is almost never accepted from the first submission. Normally, the CMVP will generate a list of deficiencies. It is then up to the vendor and the lab to fix the deficiencies, as well as successfully negotiate with the CMVP intepretations of the FIPS 140-2 standard as applied to the product. The speed and the overall success of this process hugely depends on the proficiency and experience of the lab. In some way the validation process is similar to filing a patent application. If you want to get your patent approved within a reasonable amount of time you need to find a good patent attorney. One of the roles that the lab plays is being your representative in negotiations and discussions with the CMVP. Therefore, it is critically important for you to find a good lab that understands your product and has enough experience and will to successfully and timely complete the FIPS 140-2 testing process.

Training

We offer the following FIPS 140-2 training services

  • One-hour "Introduction to FIPS 140-2" presentation performed on your company site or remotely. The presentation includes a non-technical introduction to FIPS 140-2 requirements and the certification process flow
  • Two-day "FIPS 140-2 Design and Documentation" course is a detailed technical course covering design of a FIPS 140-2 compliant product and preparation of FIPS 140-2 submission documentation. This course is administered either on the client site in the US or in our Santa Clara office.
  • Two-day "FIPS 140-3 Design and Documentation" course is a detailed technical course covering design of a FIPS 140-3 compliant product and preparation of FIPS 140-3 submission documentation. This course is for customers planning to validate against the upcoming FIPS 140-3 standard.

To schedule FIPS training call us at 1-888-3477-140 or send an e-mail to info@bkpsecurity.com

Algoritm Testing

Aspect Labs is accredited to perform FIPS algorithm testing for the following cryptographic algorithms:

  • AES
  • Triple-DES
  • RSA
  • DSA
  • ECDSA
  • SHS
  • HMAC
  • CMAC
  • GCM
  • CCM
  • ANSI X9.31 Random Number Generator
  • ANSI X9.62 Random Number Generator
  • FIPS 186-2 Random Number Generator
  • SP 800-90 Random Number Generator

FIPS 140-2 Validation Process

The general flow of the FIPS 140-2 validation process is described below

  • The vendor prepares the documentation required for FIPS 140-2 conformance testing.
  • The vendor submits the module and the documentation to Aspect Labs.
  • Aspect Labs performs conformance testing of the module and resolves any deficiencies with the vendor, contacting NIST for guidance and clarifications as needed.
  • When all deficiencies are resolved and the testing is complete, Aspect Labs submits the validation report to NIST.
  • NIST reviews the test report. If additional questions arise at this point, they are resolved by NIST, Aspect Labs, and the vendor.
  • Once the validation report is approved, NIST issues a validation certificate via the lab to the vendor.

FIPS 140-2 Design

Aspect Labs offers custom engineering services covering the following requirements of FIPS 140-2:

  • Approved Mode of Operation
  • Approved Algorithm Implementations
  • Self Tests
  • Key Management
  • Roles and Authentication

Aspect Labs offers documentation design services in the following areas:

  • FIPS 140-2 Vendor Evidence Submission Package
  • FIPS 140-2 Security Policy
  • FIPS 140-2 Finite State Model

Aspect Labs staff members have deep computer security expertise ranging from Java security to OS-level security and secure hardware. If the vendor contracts Aspect Labs to perform design services, then another testing laboratory will be chosen to perform the actual conformance testing.

FIPS 140-2 Howto

These documents will help you to get started with FIPS 140-2:

Have more questions on FIPS 140-2? Call us at 1-888-347-7140.

Differential Power Analysis And Side Channel Attacks

Aspect Labs physical security lab offers the following services for single and multiple chip devices and smartcards:

  • Differential and Simple Power Analysis Testing
  • Electromagnetic Analysis Testing
  • Side Channel Attacks Testing
  • Security Evaluations
  • Design of DPA/SPA/EMA/Side Channel countermeasures