HSM for Dummies

4 Certification: A Quality Accolade The security requirements that are detailed and specified in the standard address a total of 11 areas of design and implementation of products in applied cryptography. The standard differentiates between four security levels (from lowest, 1, to highest, 4) depending on the scope of these requirements. FIPS 140 is a key basis for the certification of products with cryptographic functions. Successful certification to FIPS 140-2 entails certification of an overall security level (1 to 4) and also individual test results in different areas. For specific applications, the latter are of far more informational value than the overall result. In the medium term, ISO is planning to integrate the requirements of ISO/IEC 19790 into the systematics of ISO/IEC 15408, with more than one standard continuing to exist for the evaluation of all security products. Common Criteria and HSMs The second widely used certification scheme is the Common Criteria (CC). The CC originated from three different standards, the European Information Technology Security Evaluation Criteria (ITSEC), the American Federal Criteria (FC) and the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). They’re standardized internationally by ISO/IEC JTC 1/SC 27. In addition to a list of predefined functionality, the CC specify requirements for IT security products to be in line with a trustworthiness level. The CC enable the security requirements to be grouped into pre-evaluated protection profiles. Irrespective of HSMs, the Common Criteria differentiate between the functionality of the system under analysis and its trustworthiness. The Common Criteria essentially define the paradigm that the trust in a system is earned through testing its functionality. Trustworthiness is considered in terms of the methods used and the correctness of implementation. Ideally, an independent expert committee carries out a security analysis independent of the finished products, which leads to the creation of a general protection profile. The product company can then develop specific security requirements from this security list for certain products, against which the evaluation is then performed in line with the CC. The required trustworthiness (test scope) is generally specified as per the Evaluation Assurance Level (EAL; see later in this section). Specification of the test scope without underlying functional security requirements would make no sense. 29