Cryptography standards are related to the following:
- Encryption
- Hashing
- Digital signatures
- Public key infrastructure
- Wireless
- Federal standards
We've covered different cryptographic standards pertaining to encryption, hashing, digital signatures, and public key infrastructure in the previous sections. In this section, we'll cover the wireless standards and the Federal standard FIPS-140 for cryptographic modules.
Wireless protocols and services are predominantly governed by IEEE 802.11 standards. These standards are basically for Wireless Local Area Networking (WLAN) for computer communications.
The following are some of the cryptographic standards that are used in WLAN:
Wired Equivalent Privacy (WEP) is an algorithm that uses the stream cipher RC4 encryption standard for confidentiality protection and CRC-32 for integrity assurance. This algorithm is now deprecated as it was breached easily.
Wi-Fi Protected Access (WPA) is a security protocol developed by the Wi-Fi alliance that replaces WEP. This protocol implements majority of the advanced requirements in IEEE802.11i standard released in 2004. WPA is backward compatible with WEP.
WPA2 is an advanced protocol certified by the Wi-Fi alliance. This protocol fulfills the mandatory requirements of IEE 822.11i standard, and it uses the AES algorithm for encryption.
Wi-Fi implementations are based on IEEE standards, an international organization known as, Wi-Fi alliance promotes Wi-Fi standards.
Note
Wi-Fi alliance is a non-profit organization that supports IEEE wireless standards. Here is the information about the Wi-Fi alliance as published on their website.
The Wi-Fi Alliance is a global, non-profit industry association of more than 300 member companies devoted to promoting the growth of Wireless Local Area Networks (WLANs). With the aim of enhancing the user experience for wireless portable, mobile, and home entertainment devices, the Wi-Fi Alliance's testing and certification programs help ensure the interoperability of WLAN products based on the IEEE 802.11 specification.
Bluetooth is a wireless protocol for short-range communications of fixed or portable computers and mobile devices. It uses 2.4GHz short-range radio frequency bandwidth for communication between mobile devices, computers, printers, GPS and more. Bluetooth uses custom block ciphers for confidentiality and authentication.
We'll cover one of the most important federal standards, titled Security Requirements for Cryptographic Modules, FIPS-140 series, in the this section.
Note
As per the published information, the Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines, adopted and promulgated under the provisions of Section 111(d) of the Federal Property and Administrative Services Act of 1949, as amended by the Computer Security Act of 1987, Public Law 100-235. These mandates have given the Secretary of Commerce and NIST important responsibilities for improving the utilization and management of computer and related telecommunications systems in the Federal Government. NIST, through its Computer Systems Laboratory, provides leadership, technical guidance, and coordination of government efforts in the development of standards and guidelines in these areas.
The core structure of FIPS140 recommends four security levels for cryptographic modules that protect sensitive information in federal systems, such as computer and telecommunication systems that include voice systems as well. These levels are qualitative in increasing order-level 1 being the lowest and level 4 the highest.
The following are brief descriptions of the FIPS140 levels:
- FIPS140 Security Level 1: This is a basic or the lowest level of security that prescribes basic security requirements for a cryptographic module, such as using at least one approved cryptographic algorithm. This level does not emphasize physical security.
- FIPS140 Security Level 2: Tamper evidence mechanisms is the requirement in this level. This enhances the physical security of the device. Tamper-evident seals or coatings should be used to physically protect the device or storage that contains the cryptographic module. This level also emphasizes the implementation of role-based authentication as a minimum requirement.
- FIPS140 Security Level 3: The primary requirement is preventing an intruder from gaining access to the cryptographic modules and the Critical Security Parameters (CSP) contained within. This level prescribes high probability of detection and response mechanisms for physical attacks. This level emphasizes identity-based authentication.
- FIPS140 Security Level 4: This is the highest level and physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. This level requires a two-factor authentication. This level also requires the control of environmental conditions, such as preventing damage to cryptographic modules due to temperature, heat, and voltage.