Defined by the National Institute of Standards and Technology (NIST) as ‘the set of hardware, software and/or firmware that implements approved security functions’, cryptographic modules play a pivotal role in securing sensitive data or communications. These modules can provide everything from hash functions for optimal data integrity to both symmetric and asymmetric encryption capabilities.

Yet despite being a key component of device security, cryptographic modules can be susceptible to cybercriminals. Invasive and side-channel attacks can quickly compromise components. If a successful attack is levelled against modules used by government and federal agencies, then extremely sensitive data can be exploited and critical infrastructure can be put at risk.

Securing federal devices

It’s for this reason that – over the last 50 years – the U.S government has continued to create and update standards relating to the processing and security of sensitive information by federal organizations. In 1977, this was demonstrated through the launch of the ‘Federal Information Processing Standard’, created to protect agencies and institutions actively using computers.

NIST issued the first iteration of the ‘140 Publication Series’ (known as FIPS 140) in 1991 to better coordinate the standards and requirements necessary to evaluate the health of cryptographic models. This was revised and reworked to become FIPS 140-1 the same year.

FIPS 140-1 introduced four levels that are evaluated during a device’s validation process. These include ‘Level 1’, which ensures “production-grade” components, and ‘Level 2’ which covers requirements relating to physical tamper detection and responsiveness for security systems. ‘Level 3’ focuses on the use of identity-based authentication systems and a degree of separation for cryptographic key interfaces to ensure sensitive information within the module cannot be compromized, while ‘Level 4’ is concerned with physical security requirements for the module, building resiliency against accidents or disasters.

In 2002, FIPS 140-2 was created to reflect the evolution of technology throughout the world. The updated standards were to strengthen the requirements of FIPS 140-1, rather than make sweeping changes. This included a tightening of secure authentication and physical security requirements to mitigate new attack types not around when the first iteration was released. It also added greater coverage of the ports and interfaces required for secure design and implementation of cryptographic modules.

A new era of security

However, changes within the computing landscape has led FIPS 140-2 requiring an update. Originally written for hardware modules specifically, coverage is now required for software and firmware specific modules. The growth of hybrid models means these need to be addressed in all four levels of evaluation, yet FIPS 140-2 only covers these in ‘Level 1’. Furthermore, as we approach the era of Post-Quantum Cryptography (PQC), government agencies need standards that can certify the latest algorithms such as Kyber and Dilithium.

It’s for this reason NIST has launched FIPS 140-3, which introduces several changes from previous iterations. These include greater integrity tests and security requirements being put in place at every stage of a cryptographic model’s development, with the scope of the standard expanded to cover the hardware, software, firmware, and hybrid elements of a module.

Steps have also been taken to overcome vulnerabilities within the previous standards, removing weak algorithms and exchanging these for more suitable alternatives. FIPS 140-3 also introduces new measures designed to enhance the security of modules, including multi-factor authentication in ‘Level 4’, a new service to output the module’s identifier and version, and key zeroization for all unprotected Sensitive Security Parameters (SSPs) at all levels.

First becoming effective in September 2019, the introduction of FIPS 140-3 has led to a period of transition – even up to September 2021, FIPS 140-2 devices continued to be validated by the Cryptographic Module Validation Program (CVMP). However, there is a cut off date, and FIPS 140-2 certified devices can now only remain active either up to five years after validation, or until September 21, 2026 when these validations are moved to the CVMP’s ‘historical list’. Though the organization encourages the purchase and use of these modules even while retired, the race is now on for devices to become FIPS 140-3 complaint ahead of the deadline.

How TCG are helping

Thankfully, the TCG recently published new guidance to accelerate the availability of FIPS 140-3 certified cryptographic solutions. Through the ‘TCG FIPS 140-3 guidance for TPM 2.0’ document, published by the Security Evaluation Work Group, vendors are better positioned to ensure their TPM-enabled devices gain the necessary certification for use by government and federal agencies.

The document provides implementation recommendations and extensions for the TPM 2.0 necessary for successful FIPS 140-3 evaluation. It also concerns itself with the new requirements for the basic ‘Level 1’, including basic encryption and key management capabilities. By making it easier to attain certification, government bodies – as well as those operating in critical private sectors like healthcare – will have a significant number of FIPS-certified solutions available to them to best address a growing threat landscape.