FIPS: Important update on algorithm testing
07 Nov 2019
Automated Cryptographic Validation Protocol (ACVP)
Algorithms are the heart and soul of a Cryptographic Module (CM) validation. They need to be correctly implemented in order to obtain the assurance that the CM is working correctly. Currently, and in the past, algorithms were verified by the Cryptographic Algorithm Validation System, or CAVS, tool. This is a tool supplied by the Cryptographic Algorithm Validation Program (CAVP) to accredited laboratories in order to test algorithms and submit the results to the CAVP for validation of each algorithm claimed by a CM. Until the algorithms that are implemented by a CM have been validated through the CAVP, that CM cannot be validated through the Cryptographic Module Validation Program (CMVP).
The CMVP is using the GitHub repository during the development of the ACVP project. It will be a cloud-based testing system, so there will be an interface between the NIST server and a client server hosted at an accredited laboratory site, using the newly-developed ACVP.
- Test vectors are generated by the NIST server and sent to the lab server (steps 1 to 3).
- The lab provides the test vectors to the client and they are processed through the Implementation Under Test (steps 4 and 5).
- The algorithm test results are provided to the lab (steps 6 and 7) and are then submitted to the NIST server for validation (steps 8 and 9).
Currently, the CAVP is supporting the testing of algorithms using both the ACVP interface and the CAVS tool. ACVP and CAVP testing can both be performed until June 30, 2020; after that time, all algorithms will be tested using only the ACVP interface. For now, vendors will have a choice to validate their algorithms through either CAVS or ACVP, but ACVP will eventually replace CAVS testing.
The ACVP will test all the algorithms that are tested now using the CAVS tool, however there will eventually be more algorithms available for testing that did not previously have a CAVS test available. The final decision for the inclusion of each new algorithm test is left to the CAVP.
NIST has been rolling out initial attempts at ACVP testing, and they have also been running pilot projects in preparation for this deadline. All FIPS labs will be testing algorithms using the ACVP interface as of the end of June 2020. If you need assistance with this transformation, we are poised to help. Learn more about our cybersecurity experts at Intertek EWA-Canada.
Richard Adams,
Cryptographic and Security Testing Lab Manager
Richard Adams began work for Intertek EWA-Canada in 2009 as a Security Content Automation Protocol (SCAP) Tester and quickly moved into the role of Lead Tester. He trained and assisted in various other areas within the company, such as Cryptographic Module Validation (FIPS 140-2) testing; Common Criteria (CC) testing; Personal Identification Verification (PIV) testing; Visa Ready Program for Mobile Point of Sale (Visa mPOS) testing; and Certificate Authority (CA) Activities during this time. He was later promoted to the role of CST Lab Manager.
Dawn Adams,
Senior IT Security Specialist
Dawn Adams has been with Intertek EWA-Canada for more than 13 years. She has been involved with the FIPS program for 21 years; she was a Lab Manager for 9 years. She has worked in and was a Manager in the Common Criteria, PCI, PIV and SCAP workspaces as well. She is currently an IT Security Specialist working mainly in Common Criteria and auditing.