Security Policy: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 13: Line 13:




== Mitigation of Other Attacks ==
The NSS cryptographic module is designed to mitigate the following
attacks.
{| border="1" cellpadding="2"
|+
|-
!
Other Attacks
!
Mitigation Mechanism
!
Specific Limitations
|-
| Timing attacks on RSA
|| '''RSA blinding'''


Timing attack on RSA was first demonstrated by Paul Kocher in 1996[1], who contributed the mitigation code to our module. Most recently Boneh and Brumley[2] showed that RSA blinding is an effective defense against timing attacks on RSA.
|| None.
|-
| Cache-timing attacks on the modular exponentiation operation used in RSA and DSA
|| '''Cache invariant modular exponentiation'''
This is a variant of a modular exponentiation implementation that Colin Percival[3] showed to defend against cache-timing attacks.
|| This mechanism requires intimate knowledge of the cache line sizes of the processor. The mechanism may be ineffective when the module is running on a processor whose cache line sizes are unknown.
|-
| Arithmetical errors in RSA signatures
|| '''Double-checking RSA signatures'''
Arithmetical errors in RSA signatures might leak the private key. Ferguson and Schneier[4] recommend that every RSA signature generation should verify the signature just generated.
|| None.
|-
|}


== Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5 ==
== Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5 ==

Revision as of 20:53, 23 March 2007

This is a draft document.

Security Policy


Authentication Policy

Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5

FIPS 140-2
Section
 Description
 Validation
Level
Obtained
1.0
 Cryptographic Module Specification
 2
2.0
 Cryptographic Module Ports and Interfaces
 2
3.0
 Roles, Services, and Authentication
 2
4.0
 Finite State Model
 2
5.0
 Physical Security
 2
6.0
 Operational Enviroment
 2
7.0
 Cryptographic Key Management
 2
8.0
 EMI/EMC
 2
9.0
 Self-Tests
 2
10.0
 Design Assurance
 2
11.0
 Mitigation of Other Attacks
 2
C
 Cryptographic Module Security Policy
 2

Platform List

  • Level 1
    • Red Hat Enterprise Linux 4 x86
    • Windows XP Service Pack 2
    • 64-bit Solaris 10 AMD64
    • HP-UX B.11.11 PA-RISC
    • Mac OS X 10.4
  • Level 2
    • Red Hat Enterprise Linux 4 x86_86
    • 64-bit Trusted Solaris 8 SPARC

References

[1] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO '96, Lecture Notes In Computer Science, Vol. 1109, pp. 104-113, Springer-Verlag, 1996. (http://www.cryptography.com/timingattack/)

[2] D. Boneh and D. Brumley, "Remote Timing Attacks are Practical," http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html.

[3] C. Percival, "Cache Missing for Fun and Profit," http://www.daemonology.net/papers/htt.pdf.

[4] N. Ferguson and B. Schneier, Practical Cryptography, Sec. 16.1.4 "Checking RSA Signatures", p. 286, Wiley Publishing, Inc., 2003.

Retrieved from "https://wiki.mozilla.org/index.php?title=Security_Policy&oldid=52834"