[SSC-3] NIST changed the FIPS 140-2 Implementation Guidance to require AES Key Wrap for Symmetric Key Establishment

Matt Ball matt.ball at IEEE.org
Tue Mar 11 11:51:07 PDT 2008


Formatted message: <A HREF="r0803112_f.htm">HTML-formatted message</A>

Hi Tape Folks,
It looks like NIST recently changed their FIPS 140-2 Implementation Guidance
last January to require 'AES Key Wrap' as the only approved symmetric
encryption algorithm for key establishment or entry.  Previously, we
believed that using ESP was adequate for encrypting keys for entry into a
tape drive device.
To see NIST's latest guidance, look at <
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf&gt;
Also, see FIPS 140-2 Annex D "Key Establishment Techniques": <
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexd.pdf&gt;.
Essentially, NIST is no longer allowing differentiating between the
requirements for 'Key Entry' vs. 'Key Establishment'.  It was previously
possible to argue with FIPS certification labs that this process was covered
under 'Key Entry', and the encryption of the key could use any Approved Mode
of Operation (like as used in ESP-SCSI).  For 'Key Establishment' AES Key
Wrap (not CBC, CCM, or GCM) is the only approved symmetric wrapping
algorithm.
This has an impact on SSC-3 (or SSC-4 if deferred), and will likely affect
existing tape drive products that were expecting to get FIPS 140-2 approval
by supporting IKEv2-SCSI with ESP for establishing encryption keys.
Double-check with your validation lab (your mileage may vary).
There are several ways to approach this problem.  One method will be
described in T10/08-155r0.  Another approach is to lobby NIST to change
their guidance so that existing symmetric encryption modes are sufficient
for key transport.  Yet another approach is to use the existing RSA and ECC
encryption algorithms for Key Entry, if you want to pay for an expense
asymmetric key operation each time you enter a key.
If you have received different guidance from your FIPS lab, I would be
interested in hearing different angles...
-- 
Thanks!
Matt Ball, IEEE P1619.x SISWG Chair
M.V. Ball Technical Consulting, Inc.
Phone: 303-469-2469, Cell: 303-717-2717
http://www.mvballtech.com
http://www.linkedin.com/in/matthewvball



More information about the T10 mailing list