S 4.87 Physical security of crypto modules

Initiation responsibility: IT Security Management

Implementation responsibility: IT Security Management

As described in S 2.165 Selection of a suitable cryptographic product, crypto modules can be implemented in software, firmware or hardware. Firmware or hardware products tend to be chosen especially in cases where the crypto module is supposed to be especially resistant to manipulation.

With this in mind, the design of the crypto module should incorporate physical safeguards or corresponding material properties that provide effective prevention of unauthorised physical access to the contents of the module. This is intended to guard against the possibility of technical manipulation or other encroachments during ongoing operation. Depending on the security level of the crypto module, the techniques to be considered could include the use of passivation materials, appropriate anti-tamper measures or mechanical locks, for example. An automatic emergency deletion function, which can bring about the active deletion or destruction of all sensitive key data and key parameters stored in plain text within the crypto module after an attempted attack is identified, can also be included in this category of safeguards.

Various sensors and monitoring devices can be employed to ensure that the crypto module is always operated in its intended field of use - with regard to the power supply, timing, temperature, mechanical stress, electromagnetic interference etc.

In order to maintain its envisaged level of functionality, the crypto module should be able to initiate and perform self-tests. These tests may cover the following areas: algorithm tests, software and firmware tests, functional tests, random statistical tests, consistency tests, condition tests, and key generation and loading tests. If the result of any test is negative, an error message pointing this out must be issued to the user of the crypto module and the module should enter a corresponding error state. It should not be possible to release the module from the error state until after the cause of the error has been remedied.

When software products are used, the physical security of the crypto module must be provided by the respective IT system or its application environment. The security requirements to be met by such IT systems are described in the system-specific sections.

A software solution should be able to perform self-tests so as to be able to detect modifications made by Trojan horses or computer viruses.