atsec US Corporate Vice President and Lab Director, Yi Mao, presented “Crypto Testing Leading to Better Security” at InnoTech Austin 2019.
Through many examples, Dr. Mao showed the audience that cryptography is the hard core providing data confidentiality, integrity and authenticity. Cryptographic algorithms are used to encrypt sensitive data (e.g. password files), to authenticate users for physical or network access, and to digitally sign financial transactions. While the Internet of Things (IoT) gets integrated into our daily lives in an alarmingly influential way (e.g. remotely controlling home appliances) and gazillions of bytes of data are stored out of our control (e.g. cloud platforms), using cryptography for data protection is inevitable. It’s fair to say that information security can hardly exist without cryptography, but getting cryptography right is a very challenging task.
This presentation introduces the Cryptographic Algorithms Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP). The CAVP and CMVP play an important role in ensuring that cryptographic algorithms are correctly implemented and their keys are well protected within cryptographic modules through a rigorous validation process. Dr. Mao explains the U.S. NIST and ISO/IEC standards for approved cryptographic algorithms and modules to be tested against as well as the processes for getting CAVP and CMVP certificates.
We’re currently at an exciting turning point where the CAVP will switch to an automated testing system and the CMVP will transition to ISO/IEC 19790 as the successor to FIPS 140-2—the standard used for cryptographic module validation since 2001. The presentation was concluded with a bright picture that the improvement made in the CAVP and CMVP will boost cryptographic testing, which in turn will lead to better security.