چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Designing to FIPS-140: A Guide for Engineers and Programmers

David Johnston, Richard Fant

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

ناشر
Apress L. P.
سال انتشار
۲۰۲۴
فرمت
EPUB
زبان
انگلیسی
حجم فایل
۳٫۰ مگابایت
شابک
9798868801242، 9798868801259

دربارهٔ کتاب

This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs. There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract toget the certification. Although this was once a fairly niche topic, it is no longer so. Other industries—banking, military, healthcare, air travel, and more—have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products. What You Will Learn What is FIPS-140? What is the SP800 standard? What is certification? What does it look like? What is it suitable for? What is NIST? What does it do? What do accredited certification labs do? What do certification consultants do? Where and when is certification required? What do FIPS-140 modules look like? What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them? What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS? What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)? How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)? How do you get CAVP certificates (cert houses, ACVTs)? How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)? Who This Book Is For Hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality, including silicon vendors, library vendors, OS vendors, and system integrators Table of Contents About the Authors Acknowledgments Introduction Chapter 1: Introduction to FIPS and CMVP 1.1 What Is FIPS 140-3? 1.2 The Major Tasks in FIPS Design 1.2.1 FIPS Module Definitions 1.2.2 Hardware Module 1.2.3 Software Module 1.2.4 Firmware Module 1.2.5 Software-Hardware Hybrid Module 1.2.6 Firmware-Hardware Hybrid Module 1.2.7 Firmware vs. Software 1.2.8 Security-Level Definitions 1.3 FIPS Pitfalls to Avoid 1.3.1 Documentation 1.4 Most Common Pitfalls 1.5 Glossary/Abbreviations Chapter 2: Core Concepts 2.1 FIPS 140 Module 2.2 FIPS/Cryptographic Boundary 2.3 SSPs 2.4 Security Policy 2.5 Self-Tests 2.6 Zeroization 2.7 Life Cycle Assurance 2.8 Finite State Model Chapter 3: Finite State Models 3.1 Mandatory States 3.1.1 Power On/Off State 3.1.2 General Initialization State 3.1.3 Crypto Officer State 3.1.4 CSP Entry State 3.1.5 User State 3.1.6 Approved State 3.1.7 Self-Test State 3.1.8 Error State 3.1.9 Optional States 3.2 Other States You Are Going to Need Chapter 4: Approved Algorithms 4.1 Block Ciphers 4.1.1 AES 4.1.2 Two-Key TDEA 4.1.3 TDEA/3DES 4.2 Block Cipher Modes of Operation 4.2.1 Block Cipher Privacy Modes 4.2.2 Block Cipher Authentication Modes 4.2.3 Block Cipher Authenticated Encryption Modes (AEAD Modes) 4.3 Hash Functions 4.3.1 The SHA-1 Hash Function 4.3.2 SHA224 and SHA256 Hash Functions 4.3.3 SHA384, SHA512, SHA512/224, SHA512/256 Hash Functions 4.3.4 SHA3 Hash Function 4.3.5 SHAKE128 and SHAKE256 4.3.6 SHA3 Derived Functions 4.3.7 TupleHash 4.3.8 ParallelHash 4.4 Limitations of Hash Use in SP800-90A 4.4.1 Permitted Hashes in SP800-90A DRBGs 4.4.2 Disallowed Hashes in SP800-90A DRBGs 4.5 Message Authentication Codes 4.5.1 CBC-MAC Cipher Block Chaining Message Authentication Code 4.5.2 CMAC (Cipher-Based Message Authentication Code) 4.5.3 HMAC Keyed-Hash Message Authentication Code 4.5.4 KMAC 4.6 Key Derivation Functions 4.6.1 KDF in Counter Mode 4.6.2 KDF in Feedback Mode 4.6.3 KDF in Double Pipeline Iteration Mode 4.6.4 Password-Based Key Derivation 4.6.5 FIPS 198-1 Hash-Based Key Derivation Function 4.7 Deterministic Random Bit Generators Chapter 5: Counter Security Features of NIST-Approved Cryptographic Algorithms 5.1 General Principles of Poor Cryptographic Design 5.1.1 Overly Flexible Compliant Implementation Choices 5.1.2 Excessively Repetitive Use of Security-Critical Data 5.1.3 Focusing on Algorithm Transition over Data Encoding Transition 5.1.4 Unjustified Use of Overcomplicated Cryptographic Algorithms 5.1.5 KDF Double Pipeline Iteration Mode 5.1.6 SP800-90A Block Cipher DF 5.1.7 SP800-90A HMAC and HASH DRBGs 5.1.8 CTR-DRBG 5.1.9 AES Chapter 6: CAVP Lab 6.1 CAVP Tool Overview 6.1.1 CAVS Tool 6.1.2 Automated Cryptographic Validation Test System 6.2 First-Party CAVP Lab 6.2.1 First-Party Lab vs. Third-Party Lab Lab Type Cipher Options Cost of Test Vectors Time Savings CVP Tester Accreditation 6.2.2 Setting Up a First-Party CAVP Lab Chapter 7: ACVTS Testing 7.1 Vendor Information and Implementation Document 7.2 Demo Vectors 7.2.1 AES-ECB Test Vector Request JSON 7.2.2 Demo Vector Expected and Response JSON 7.2.3 Reading ACVTS Request Files 7.2.4 Comparing ACVTS Expected and Response JSON Files 7.3 Other JSON Schema for ACVP 7.4 Example of a Real ACVP Certificate Chapter 8: Entropy Assessment 8.1 What Is Entropy? 8.2 Measuring Entropy of Finite Binary Sequences 8.3 Entropy of Non-full Entropy and Non-IID Binary Sequences 8.4 MCV Entropy Analysis 8.5 Actual Min-Entropy vs. Lower Bound Min-Entropy 8.6 IID vs. Non-IID 8.6.1 Permutation Testing 8.7 H Numbers and Assessed Entropy 8.7.1 Horiginal 8.7.2 Hbitstring 8.7.3 Hinitial 8.7.4 Hr, Hc 8.7.5 Assessed Entropy 8.7.6 Choosing H Numbers and Setting Test Thresholds 8.8 Collecting Noise Source Data 8.9 File Formats for Noise Source Data 8.10 Skipping Initial Data 8.11 Software Tools for Processing Noise Source Data 8.11.1 hexbinhex 8.11.2 hex2bin 8.11.3 bin2hex 8.11.4 bin2nistoddball 8.11.5 nistoddball2bin 8.11.6 Restart_slicer 8.11.7 NIST ea_non_iid, ea_iid, restart 8.11.8 ea_conditioning 8.11.9 ea_iid 8.11.10 ea_non_iid 8.11.11 ea_restart 8.11.12 ea_transpose 8.11.13 djent 8.11.14 djenrandom 8.12 Entropy Assessment Summary Chapter 9: Entropy Source Validation Certification 9.1 CST Labs and Prerequisites 9.2 ESV Certification Activities 9.3 Noise Source Characterization 9.4 Physical vs. Nonphysical Noise Sources 9.5 IID vs. Non-IID Sources 9.6 Entropy Rate Claims and Non-IID Testing 9.7 Symbol Size Reduction 9.8 Restart Testing 9.9 Skipping Initial Symbols 9.10 Conditioning Chain Analysis 9.11 Entropy Calculations for a Vetted Conditioning Component 9.12 Entropy Calculations for a Non-vetted Conditioning Component 9.13 Choosing a Conditioner 9.14 SP800-90B Compliance Report 9.15 Public Use Document 9.16 Parameter Summary Table 9.17 Continuous Health Tests 9.18 Developer-Defined Continuous Health Tests 9.19 Example ESV Certificates 9.20 Multiple Operating Environments Untitled Chapter 10: FIPS and Documentation 10.1 FIPS 140-3 PUB 10.2 Implementation Guidance (IG) 10.3 Management Manual (MM) 10.4 CAVP Documents 10.4.1 Block Ciphers and Modes 10.4.2 Digital Signatures 10.4.3 Key Derivation Functions 10.4.4 Key Management 10.4.5 Message Authentication 10.4.6 Random Number Generation 10.4.7 Secure Hashing 10.5 Security Policy 10.6 Entropy Source Validation Public Use Document (ESV PUD) 10.7 Entropy Assessment Report (EAR) 10.8 Post-Quantum Computing (PQC) Standards Chapter 11: Engaging with a CST Lab 11.1 What Is a Cryptographic Security Testing Lab (CST Lab)? 11.2 What CST Lab Services Are Typically Offered? 11.2.1 FIPS 140-3 Consultation and Training 11.2.2 Generation of CAVP and ESV Certificates 11.2.3 Request for Guidance 11.2.4 Submission Type for Cryptographic Module Certification 11.3 FIPS Module Life Cycle Timeline 11.3.1 “In Review” and “Coordination” 11.4 When Should a CST Lab Get Involved? 11.5 Strategy for Picking a CST Lab 11.6 CMVP, ICMC, and CMUF Index This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs. There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification.Although this was once a fairly niche topic, it is no longer so. Other industriesbanking, military, healthcare, air travel, and morehave adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products. What You Will Learn What is FIPS-140? What is the SP800 standard?What is certification? What does it look like? What is it suitable for?What is NIST? What does it do?What do accredited certification labs do?What do certification consultants do?Where and when is certification required?What do FIPS-140 modules look like?What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?How do you get CAVP certificates (cert houses, ACVTs)?How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)? Who This Book Is For Hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality, including silicon vendors, library vendors, OS vendors, and system integrators

قیمت نهایی

۴۴٬۰۰۰ تومان