Side Channel Analysis Mandatory for FIPS 140-3? Discover ISO/IEC 17825 Standard

Webinar held on January 26, 2022

The Federation of Information Processing Systems (FIPS) 140-3 is the latest revision and version of the internationally acclaimed FIPS 140-2 standard.

The most important addition to this new version is that of the Non-Invasive Security requirements. Albeit in the 2012 edition (corrigendum 2015) the requirements posed in the standard are unclear as the Annex F of the standard do not indicate any approved non-invasive attack mitigation test metrics. However, in the current revision phase of the international standard ISO/IEC 19790, which forms the basis of the technical requirements of the FIPS 140-3, it is planned to add “ISO/IEC 17825 Testing methods for the mitigation of non-invasive attack classes against cryptographic modules” as the requirement for the non-invasive attack mitigation. The ISO/IEC 17825:2016 provides the test metrics for the non-invasive attack (Side-Channel Analysis) mitigation for determining the conformance to the requirements specified in ISO/IEC 19790 (FIPS 140-3) for the Security Levels 3 and 4.

In this webinar, we offer to overview this major update in the light of FIPS 140-3 and dive deeper into discovering the various side channel analyses such as Simple/Differential Power/Electro-Magnetic Analysis, etc. in the context of ISO/IEC 17825.

The ISO/IEC 17825 being itself undergoing an update, we will we also look at the new changes that might get included in the new version.

We will also closely understand the implications of these revisions, with respect to ISO/IEC 19790 and ISO/IEC 17825, in security evaluation and conformity to FIPS 140-3 for reaching the aforementioned security levels 3 and 4 in the interest of both the developer and the tester/evaluator.

If you have missed our webinar, you can request more information thanks to the form below