CMVP Overview

Zynq UltraScale+ MPSoC: A FIPS 140-3 Primer (WP543)

Document ID
WP543
Release Date
2024-08-28
Revision
1.0.1 English

The participants in a FIPS 140-3 certification process are the semiconductor vendor, the CST, the CMVP/CAVP authority, and the OEM. Most of the tasks in CMVP/CAVP certification are performed by the vendor (or OEM) and the CST.

  • The OEM produces the end product, which typically integrates multiple cryptographic modules in an enclosure.
  • The vendors are companies such as AMD, QNX, Green Hills, and Wind River.
  • There are twelve CST labs in the U.S. and twenty-one worldwide.

FIPS 140-3 certification requires extensive documentation. Certification starts with the OEM selecting a CST laboratory and providing the documentation described in the standard. Because the Zynq UltraScale+ MPSoC has a very large number of users, most of the documentation is available. The availability of cost-optimized Zynq UltraScale+ MPSoC evaluation boards allows almost immediate testing of hardware and software relative to a large cryptographic boundary. The testing can be done at the CST facility or by the vendor.

FIPS 140-3 specifies a wide spectrum of requirements a cryptographic module must meet to address a diversity of application environments. The requirements are categorized into eleven distinct requirement areas/sections, and for each section, the standard defines four security levels that gradually enhance the security mechanisms of the module. Most of the security requirements can be tested to a specified security level. The principle drivers defining the different security levels are the operating system and the anti-tamper (AT) requirements. The overall FIPS 140-3 certification level is the lowest level attained in all of the security requirements. Most FIPS 140-3 certifications are to security levels 1 and 2, which are described below.

Compared to FIPS 140-2, FIPS 140-3 defines the same sections of security requirements as its predecessor with the following exceptions:

  • The Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) section in FIPS 140-2 has been removed from FIPS 140-3.
  • The Finite State Model section of FIPS 140-2 becomes a subsection and part of the Life-cycle Assurance section of FIPS 140-3.
  • FIPS 140-3 introduces two sections to the standard, the Software/Firmware Security and Non-invasive Security sections, by grouping related requirements already existing in FIPS 140-2 and specifying new ones.
  • The FIPS 140-2 Cryptographic Key Management and Design Assurance sections have been renamed in FIPS 140-3 as Sensitive Security Parameter Management and Life-cycle Assurance, respectively.

Another important change in FIPS 140-3 is the removal of all references to the Common Criteria for Information Technology Security Evaluation (CC). CC is an international standard (ISO/IEC 15408) for computer security certification and identifies and documents security requirements based on consumers' needs. CC defines seven Evaluation Assurance Levels (EALs) and unlike FIPS 140-2, which includes EAL requirements in Security Levels 2 to 4, in FIPS 140-3 all the references to EALs have been removed.

The four security levels of FIPS 140-3 are summarized as follows.

Security Level 1 (SL1)
Is the lowest FIPS 140-3 level defined and specifies the basic security requirements for a cryptographic module. There are no requirements for authentication nor for physical security in SL1 and, consequently, it is appropriate for modules that are to be deployed in an environment that already provides these security features.
Security Level 2 (SL2)
Adds on to SL1 by including requirements for minimum role-based authentication and protection against tamper attacks. This allows cryptographic modules to be deployed in modifiable environments capable of supporting role-based access. Tamper protection involves the use of tamper-evident coatings or seals or pick-resistant locks on removable covers or doors.
Security Level 3 (SL3)
Enhances further the mechanisms SL2 specifies for protection against unauthorized access and includes additional requirements for non-invasive mitigation methods and life-cycle assurances. It requires the use of strong enclosures and tamper detection/response circuitry (e.g., zeroization of all the sensitive security parameters (SSPs)). SL3 also takes authentication up a level, by requiring identity-based authentication. Furthermore, at SL3, all cryptographic modules should include features for environmental failure protection (EFP) or undergo rigorous environmental failure testing (EFT).
Security Level 4 (SL4)
Is the highest FIPS 140-3 level and includes all the security features the lower levels specify, as well as extended features. Indicatively, SL4 introduces multi-factor identity-based authentication for all services that use trusted channels. Furthermore, SL4-certified cryptographic modules with SSPs should be able to detect and respond to all unauthorized attempts at physical access. Also, at SL4, the modules are required to include EFP and special environmental protection features to ensure that security is not compromised when they are forced to operate outside of their normal operating range. SL4 is appropriate for modules that are to be deployed in physically unprotected environments.