FIPS Standard
• the administrative functions, security events, security parameters (and parameter values, as
appropriate), physical ports, and logical interfaces of the cryptographic module available to the
crypto officer,
• procedures on how to administer the cryptographic module in a secure manner, and
• assumptions regarding user behavior that are relevant to the secure operation of the cryptographic
module.
User guidance shall specify:
the Approved security functions, physical ports, and logical interfaces available to the users of a
cryptographic module, and
•
•
all user responsibilities necessary for the secure operation of a cryptographic module.
4. 11 Mitigation of Other Attacks
Cryptographic modules may be susceptible to other attacks for which testable security requirements were
not available at the time this version of the standard was issued (e.g., power analysis, timing analysis,
and/or fault induction) or the attacks were outside of the scope of the standard (e.g., TEMPEST).
Susceptibility of a cryptographic module to such attacks depends on module type, implementation, and
implementation environment. Such attacks may be of particular concern for cryptographic modules
implemented in hostile environments (e.g., where the attackers may be the authorized operators of the
module). Such types of attacks generally rely on the analysis of information obtained from sources
physically external to the module. In all cases, the attacks attempt to determine some knowledge about the
cryptographic keys and CSPs within the cryptographic module. Brief summaries of currently known
attacks are provided below.
Power Analysis: Attacks based on the analysis of power consumption can be divided into two general
categories, Simple Power Analysis (SPA) and Differential Power Analysis (DPA). SPA involves a
direct (primarily visual) analysis of electrical power consumption patterns and timings derived from the
execution of individual instructions carried out by a cryptographic module during a cryptographic
process. The patterns are obtained through monitoring the variations in electrical power consumption of
a cryptographic module for the purpose of revealing the features and implementations of cryptographic
algorithms and subsequently values of cryptographic keys. DPA has the same goals but utilizes
advanced statistical methods and/or other techniques to analyze the variations of the electrical power
consumption of a cryptographic module. Cryptographic modules that utilize external power (direct
current) sources appear to be at greatest risk. Methods that may reduce the overall risk of Power
Analysis attacks include the use of capacitors to level the power consumption, the use of internal power
sources, and the manipulation of the individual operations of the algorithms or processes to level the rate
of power consumption during cryptographic processing.
Timing Analysis: Timing Analysis attacks rely on precisely measuring the time required by a
cryptographic module to perform specific mathematical operations associated with a cryptographic
algorithm or process. The timing information collected is analyzed to determine the relationship
between the inputs to the module and the cryptographic keys used by the underlying algorithms or
processes. The analysis of the relationship may be used to exploit the timing measurements to reveal the
cryptographic key or CSPs. Timing Analysis attacks assume that the attacker has knowledge of the
design of the cryptographic module. Manipulation of the individual operations of the algorithms or
processes to reduce timing fluctuations during processing is one method to reduce the risk of this attack.
Fault Induction: Fault Induction attacks utilize external forces such as microwaves, temperature
extremes, and voltage manipulation to cause processing errors within the cryptographic module. An
analysis of these errors and their patterns can be used in an attempt to reverse engineer the cryptographic
39