VE 11: Difference between revisions
| Line 5: | Line 5: | ||
mitigate the attack(s).</FONT></FONT></FONT></P> | mitigate the attack(s).</FONT></FONT></FONT></P> | ||
<P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P> | <P ALIGN=LEFT STYLE="margin-top: 0.03in; margin-bottom: 0in"><FONT COLOR="#000080"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><I><B>Assessment:</B></I></FONT></FONT></FONT></P> | ||
==VE.11.01.01== | ==VE.11.01.01== | ||
Revision as of 22:58, 12 April 2006
SECTION 11: MITIGATION OF OTHER ATTACKS
AS.11.01 If the cryptographic module is designed to mitigate one or more specific attacks, then the module's security policy shall specify the security mechanisms employed by the module to mitigate the attack(s).
Assessment:
VE.11.01.01
VE.11.01.01 The vendor provided nonproprietary security policy shall specify whether the cryptographic module is designed to mitigate specific attacks. The vendor shall specify in the nonproprietary security policy the security mechanism(s) implemented by the cryptographic module to mitigate the attack(s).
Assessment:
The NSS software cryptographic module is designed to mitigate the following attacks:
- timing attacks against RSA;
- cache attacks against the modular exponentiation operation used in RSA and DSA.
The NSS software cryptographic module implements the following security mechanisms to mitigate those attacks:
- RSA blinding to mitigate timing attacks against RSA;
- cache invariant modular exponentiation to mitigate cache attacks against the modular exponentiation operation used in RSA and DSA.
VE.11.01.02
VE.11.01.02 The vendor provided nonproprietary security policy shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s).
Assessment:
Not Applicable