Programmable Logic DesignLine Blog
Draft of FIPS 140-3 released
Dylan McGrath
12/16/2009 2:39 PM EST
Like Loring, I recently spoke with Benjamin Jun, vice president of Cryptography Research Inc., which provides tools, technology and services to help customers secure their chips. Jun explained that he and his company are on a mission to educate users of FPGAs and other devices about the dangers associated with simple power analysis (SPA) and differential power analysis (DPA) attacks, particularly since the next revision of FIPS 140 will require resistance to these attacks.
 |
| Benjamin Jun Cryptography Research |
Jun tipped me off that last week NIST released the second public draft of the FIPS 140-3 security requirements for tamper resistant devices, which will eventually supersede FIPS 140-2. Jun said the new draft requires SPA and DPA resistance at levels 3 and 4 of the specification. Under the FIPS 140-2 standard, last updated in 2002, SPA and DPA resistance was optional, but not required, Jun said. He said all other relevant standards worldwide have already added SPA and DPA resistance.
Jun said the publication of the second draft of FIPS 140-3 would be advantageous for companies making secure devices, providing them insight into the requirements and definitions to help them define their product roadmaps. The proposed standard will make the U.S. more up-to-date with other security standards worldwide, he said.
"I think Christmas came early for the U.S. security industry," Jun said.
According to NIST, the second draft of FIPS 140-3 contains several material differences from the previous draft. NIST is asking for public comments to the revised draft. Comments are due by March 11, 2010.
|
|
|
|
|
