VE 11: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 9: Line 9:


==VE.11.01.01==
==VE.11.01.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE.11.01.01</FONT></B> The vendor provided nonproprietary
 
<FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>
 
<B><FONT SIZE=4>VE.11.01.01</FONT></B> The vendor provided nonproprietary
security policy shall specify whether the cryptographic module is designed to
security policy shall specify whether the cryptographic module is designed to
mitigate specific attacks. The vendor shall specify in the nonproprietary security
mitigate specific attacks. The vendor shall specify in the nonproprietary security
policy the security mechanism(s) implemented by the cryptographic module to
policy the security mechanism(s) implemented by the cryptographic module to
mitigate the attack(s).</FONT></FONT></FONT></P>
mitigate the attack(s).
<P ALIGN=LEFT STYLE="margin-top: 0.17in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P>
 
<P ALIGN=LEFT STYLE="margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3>The NSS software cryptographic module is designed to mitigate timing attacks against RSA and cache attacks against the modular exponentiation operation used in RSA. The NSS software cryptographic module implements RSA blinding to mitigate timing attacks against RSA.  It implements cache invariant modular exponentiation to mitigate cache attacks against the modular exponentiation operation used in RSA and DSA.</FONT></FONT></FONT></P>
<FONT COLOR="#000080"><I><B>Assessment:</B></I></FONT>
 
The NSS software cryptographic module is designed to mitigate the following attacks:
*timing attacks against RSA;
*cache attacks against the modular exponentiation operation used in RSA and DSA.
 
The NSS software cryptographic module implements the following security mechanisms to mitigate those attacks:
*RSA blinding to mitigate timing attacks against RSA;
*cache invariant modular exponentiation to mitigate cache attacks against the modular exponentiation operation used in RSA and DSA.
 
</FONT></FONT></FONT>


==VE.11.01.02==
==VE.11.01.02==

Revision as of 22:30, 12 April 2006

SECTION 11: MITIGATION OF OTHER ATTACKS

AS.11.01 If the cryptographic module is designed to mitigate one or more specific attacks, then the module's security policy shall specify the security mechanisms employed by the module to mitigate the attack(s).

Assessment:

Not Applicable

VE.11.01.01

VE.11.01.01 The vendor provided nonproprietary security policy shall specify whether the cryptographic module is designed to mitigate specific attacks. The vendor shall specify in the nonproprietary security policy the security mechanism(s) implemented by the cryptographic module to mitigate the attack(s).

Assessment:

The NSS software cryptographic module is designed to mitigate the following attacks:

  • timing attacks against RSA;
  • cache attacks against the modular exponentiation operation used in RSA and DSA.

The NSS software cryptographic module implements the following security mechanisms to mitigate those attacks:

  • RSA blinding to mitigate timing attacks against RSA;
  • cache invariant modular exponentiation to mitigate cache attacks against the modular exponentiation operation used in RSA and DSA.

VE.11.01.02

VE.11.01.02 The vendor provided nonproprietary security policy shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s).

Assessment:

Not Applicable

Retrieved from "https://wiki.mozilla.org/index.php?title=VE_11&oldid=23912"