FIPS 140-1 & 140-2



General Information

Aspect Labs is a NVLAP accredited third-party testing laboratory. Information on our team and clients is provided here.

100% of the products tested by our lab have achieved FIPS 140-2 validation.

Our NVLAP accredited testing services include:

  • FIPS 140-2 testing of cryptographic modules at Security Levels 1 to 4.
  • CAVP (Cryptographic Algorithm Validation Program) testing of algorithm implementations.
  • PIV testing of SmartCard modules.

Our consulting and engineering services include:

  • Design of FIPS 140-2 Submission Package.
  • FIPS 140-2 Product Design and Engineering
  • PIV Product Design and Engineering
  • FIPS 140-2 and PIV training
  • Testing and Countermeasure Design for Side Channel Attacks, Differential Power Analysis, Electromagnetic Analysis

We offer fixed price quotes for all our services.

Training

Aspect Labs offers a wide range of FIPS 140-2 related training services, including:

  • One-hour "Introduction to FIPS 140-2" presentation performed on your company site or remotely. The presentation includes a non-technical introduction to FIPS 140-2 requirements and the certification process flow
  • Two-day "FIPS 140-2 Design and Documentation" course is a detailed technical course covering design of a FIPS 140-2 compliant product and preparation of FIPS 140-2 submission documentation. This course is administered either on the client site in the US or in our Santa Clara office.

To schedule FIPS 140-2 training call us at 1-888-3477-140 or send an e-mail to info@bkpsecurity.com

Algoritm Testing

Aspect Labs is accredited to perform FIPS algorithm testing for the following cryptographic algorithms:

  • AES
  • Triple-DES
  • RSA
  • DSA
  • ECDSA
  • SHS
  • HMAC
  • ANSI X9.31 Random Number Generator
  • ANSI X9.62 Random Number Generator
  • FIPS 186-2 Random Number Generator

FIPS 140-2 Validation Process

The general flow of the FIPS 140-2 validation process is described below

  • The vendor prepares the documentation required for FIPS 140-2 conformance testing.
  • The vendor submits the module and the documentation to Aspect Labs.
  • Aspect Labs performs conformance testing of the module and resolves any deficiencies with the vendor, contacting NIST for guidance and clarifications as needed.
  • When all deficiencies are resolved and the testing is complete, Aspect Labs submits the validation report to NIST.
  • NIST reviews the test report. If additional questions arise at this point, they are resolved by NIST, Aspect Labs, and the vendor.
  • Once the validation report is approved, NIST issues a validation certificate via the lab to the vendor.

FIPS 140-2 Design

Aspect Labs offers custom engineering services covering the following requirements of FIPS 140-2:

  • Approved Mode of Operation
  • Approved Algorithm Implementations
  • Self Tests
  • Key Management
  • Roles and Authentication

Aspect Labs offers documentation design services in the following areas:

  • FIPS 140-2 Vendor Evidence Submission Package
  • FIPS 140-2 Security Policy
  • FIPS 140-2 Finite State Model

Aspect Labs staff members have deep computer security expertise ranging from Java security to OS-level security and secure hardware. If the vendor contracts Aspect Labs to perform design services, then another testing laboratory will be chosen to perform the actual conformance testing.

FIPS 140-2 Howto

These documents will help you to get started with FIPS 140-2:

Have more questions on FIPS 140-2? Call us at 1-888-347-7140.

Differential Power Analysis And Side Channel Attacks

Aspect Labs physical security lab offers the following services for single and multiple chip devices and smartcards:

  • Differential and Simple Power Analysis Testing
  • Electromagnetic Analysis Testing
  • Side Channel Attacks Testing
  • Security Evaluations
  • Design of DPA/SPA/EMA/Side Channel countermeasures