canmove, Confirmed users
937
edits
Security Policy: Difference between revisions
no edit summary
mNo edit summary |
No edit summary |
||
| Line 178: | Line 178: | ||
== Identity-based Authentication == | == Identity-based Authentication == | ||
This section is not applicable to NSS since it is only applicable to products attempting to be certified to security level three or four. | This section is not applicable to NSS since it is only applicable to products attempting to be certified to security level three or four. | ||
== Mitigation of Other Attacks == | |||
The NSS software cryptographic module is designed to mitigate the following | |||
attacks: | |||
*timing attacks against RSA; | |||
*cache attacks against the modular exponentiation operation used in RSA and DSA. | |||
The NSS software cryptographic module implements the following security | |||
mechanisms to mitigate those attacks: | |||
*RSA blinding: many papers, such as Boneh and Brumley[1], have shown that RSA blinding is an effective defense against timing attacks against RSA. | |||
*Cache invariant modular exponentiation: this is a variant of Colin Percival's defense[2] against cache attacks against the modular exponentiation operation. | |||
== Results of FIPS 140-2 Level 2 Maintenance Validation of NSS 3.11.5 == | == Results of FIPS 140-2 Level 2 Maintenance Validation of NSS 3.11.5 == | ||
| Line 184: | Line 195: | ||
== Platform List == | == Platform List == | ||
== References == | |||
[1] D. Boneh and D. Brumley, "Remote Timing Attacks are Practical," http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html. | |||
[2] C. Percival, "Cache Missing for Fun and Profit," http://www.daemonology.net/papers/htt.pdf. | |||