Need for verified cryptographic library
Difficulties of verifying liability of cryptographic library
Cryptographic algorithms are the core of all security applications and are used for various security implementation such as verifying message integrity, encrypting messages, verifying digital signatures, etc. Implementation of Cryptographic algorithm requires calculation of complicated mathematical algorithms and expertise of cybersecurity. Thus, generally customers buy cryptographic library products to implement security features. Even buying the product from the market, there is still a difficulty in verifying the product liability of whether the product’s cryptographic algorithms are applied or are complying with all standards.
Difficulties of Key Management
Security level of a security system using cryptographic algorithms is closely related to the level of cryptographic key management. Cryptographic key management includes a variety of topics, such as whether the entropy noise source collection was done properly, whether there are prevention of unauthorized exposure, and secure key replacement solutions throughout the product's entire life cycle. The key management process also requires expertise in cryptographic algorithms, making it difficult for users to manage keys throughout the product's entire life cycle.
FESCARO’s efforts for Verified Cryptographic Library
FIPS 140-2 Certification to obtain objective liability
FIPS(Federal Information Processing Standard) 140-2 is a US government computer security standard used to approve cryptographic modules. FIPS 140-2, established by NIST, has been designated by the Federal Information Security Management Act (FISMA) as a mandatory for U.S. and Canadian government procurements.
Implementing powerful cryptographic key management mechanism
FAST ™ CLIB implemented an integrity verification-based cryptographic key management protection mechanism to prevent unauthorized disclosure and replacement of cryptographic keys. Cryptographic key management mechanism ensures cryptographic key value to be not exposed even to users, and allows only the integrity verified cryptographic keys to be used for operations for specified purposes. FAST ™ CLIB abstracts the cryptographic key management mechanism strongly and strictly, making it easy and safe for users to use keys without any difficulty.
FAST™ CLIB Advantages
With FAST™ CLIB, FAST implementation ofVerified cryptographic
for mass production is possible.
Fescaro Advanced Security Trust-anchor
through international certification
- Achieved A-SPICE Level 2 Certification
- Achieved FIPS 140-2 Certification (CMVP)
- Provide Sync/Async processing
- Provide International Standards Cryptographic Algorithms
(SHA2, AES, CMAC, HMAC, RSA, DH etc)
Easy and convenient use
through abstracted Service API
- Provide Crypto Service API
- Provide Crypto Service API Specification and User Guide
- AUTOSAR CRYDRV, CRYIF Compatible
- Only required cryptographic algorithms can be selected
- Easy porting on different processers
Minimization of resource
through ECU environment optimization
- Executable in ECU RTOS Environment
- Some of the cryptographic algorithms can improve performance and optimize code size through the use of HW acceleration devices, if it is implemented in HSM processor.
FAST™ CLIB Cryptographic Algorithm
|Hash||FIPS 180-4||N/A||SHA-256, SHA-512|
|AES||FIPS 197||128||ECB, CBC, CTR|
|HMAC||FIPS 198-1||256, 512||SHA-256, SHA-512|
|RSA Signature Generation/Verification||FIPS 186-4||2048||PKCS1.5, PKCSPSS|
|RSA Key Generation||FIPS 186-4||2048||N/A|
|Symmetric Key Generation||SP 800-133||128, 256, 512||N/A|
|Hash DRBG||SP 800-90A||N/A||HASH-SHA-256, HASH-SHA-512|
|HMAC DRBG||SP 800-90A||N/A||HMAC-SHA-256, HMAC-SHA-512|