Expectations that security IP designs meet the highest security standards are growing rapidly. As companies face increased product development costs and time pressure, choosing an IP that has been certified demonstrates not just compliance with a standard, but offers a valuable tool to reducing overall project risk.

The Federal Information Processing Standard (FIPS) 140 is published by NIST, the National Institute of Standards and Technology. The CMVP (Cryptographic Module Validation Program) is a joint effort between the US-based NIST and the Canadian Communications Security Establishment (CSE). It covers these broad areas for systems processing sensitive information: cryptographic module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.

FIPS was originally developed to protect sensitive government data, and FIPS CMVP certification is required for any product used in federal systems that relies on security and cryptography. However, as other industries have evolved and come to recognize the need for increased security, FIPS CMVP-certified products have also been adopted in commercial systems. Examples of this include data centers and cloud-based applications that handle huge amounts of valuable personal data.

So, what exactly does it take for a product to become FIPS CMVP certified? Certification involves a lengthy and rigorous process during which a vendor’s cryptographic implementation is put through a series of tests. These tests are conducted by security experts at independent test labs. Gaining FIPS certification is the proof that a vendor’s solution meets the rigorous security requirements of the NIST CMVP program, and that it meets all the security claims that it makes.

A hardware root of trust-based security implementation is the key to securing sensitive systems and their data. Using a root of trust hardware security core offers security-by-design for government, data center, cloud, as well as general purpose semiconductor applications. It protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.

A root of trust that meets the FIPS CMVP requirements enables customers to quickly and confidently deploy the IP for applications where FIPS compliance and the highest levels of security are required. Rambus is the only merchant supplier of secure FIPS CMVP-certified Root of Trust IP available for licensing.

Rambus has successfully completed the CMVP process for multiple generations of our Root of Trust silicon IP. We have now expanded our portfolio of certified security IP with the Rambus RT-630 Root of Trust having received FIPS 140-2 CMVP certification. You can find information on the certification here. As part of reaching CMVP certification, the crypto accelerators in the RT-630 are also certified to the Cryptographic Algorithm Validation Program (CAVP) and the certified algorithmic capabilities, including AES, HMAC, RSA, can be found here.

With the Rambus FIPS CMVP-certified Root of Trust IP, the benefits go beyond cryptographic and security compliance. When deploying a certified security core in their product, chip and system providers can rely on the existing certificates to better navigate the CMVP certification process and speed up the development of secure solutions for their customers. In addition, Rambus offers its licensees a FIPS certification support package including documentation, scripts, test vectors, and dedicated support to customers and their designated accredited test labs to aid in their FIPS certification process.

Additional information:

Bart Stevens

Bart Stevens

  (all posts)
Bart Stevens is senior director of product management for cryptography at Rambus.

Source: https://semiengineering.com/leveraging-the-benefits-of-a-fips-140-cmvp-certified-root-of-trust-ip/