Re: [Fed-Talk] Galaxy II FIPS compliant.
Re: [Fed-Talk] Galaxy II FIPS compliant.
- Subject: Re: [Fed-Talk] Galaxy II FIPS compliant.
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 18 Jan 2012 13:02:17 +0000
- Thread-topic: [Fed-Talk] Galaxy II FIPS compliant.
There are no "Linux encryption algorithms." There is no Linux kernel
cryptomodule. Samsung's certification is for their own module in their
own software baseline, and the certification doesn't transfer to any other
handset (including Samsung's own handsets).
What it does mean is a specific software baseline with a specific (and
managed) configuration can meet at least one Federal acquisition
requirement. Whoopee. :)
-- T
On 1/17/12 3:58 PM, "Link, Peter R." <email@hidden> wrote:
>One more thing. This doesn't surprise me because Samsung is simply using
>Android's Linux software. Linux encryption algorithms have already been
>approved so the test labs probably didn't have to do much to test these.
>Apple's iOS encryption is brand new, so the labs don't have a previous
>product to base anything on.
>
>
>On Jan 17, 2012, at 1:46 PM, Link, Peter R. wrote:
>
>
>http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2011.htm
>#1648, approved 12/14/2011, from what I can see, the it uses a lot of
>already FIPS-approved encryption algorithms. Of course, FIPS compliance
>requires everything to be working together within a product. I can't find
>anything in their documentation that states when the process started.
>
>The Consolidated Validation Certificate hasn't been posted yet for this
>certificate.
>
>Overall Level: 1
>-EMI/EMC: Level 3
>-Design Assurance: Level 3
>-Operational Environment: Tested as meeting Level 1 with Android
>Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1); Android Honeycomb
>w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)
>
>-FIPS-approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs.
>#1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120
>and #1121); HMAC (Certs. #1008 and #1009)
>
>-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR,
>non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)
>
>Multi-chip standalone
>
>"Provides general purpose cryptographic services to services in the Linux
>kernel and user-space applications, intended to protect data in transit
>and at rest."
>
>
>On Jan 17, 2012, at 1:08 PM, Simon, Gary wrote:
>
>
>I wonder how Samsung got the Galaxy through FIPS compliance so quickly?
>
>
>http://www.androidcentral.com/samsung-galaxy-s-ii-and-galaxy-tab-101-recei
>ve-fips-security-certification
>
>
>
>http://www.engadget.com/2012/01/16/samsung-galaxy-s-ii-and-galaxy-tab-get-
>security-nod-certified-f/
>
>
>
>Gary
>
>
>
>
>
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
>
>
>
>
>Peter Link
>Cyber Security Analyst
>Cyber Security Program
>Lawrence Livermore National Laboratory
>PO Box 808, L-315
>Livermore, CA 94550
>email@hidden
>
>
>
>
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
>
>
>
>
>Peter Link
>Cyber Security Analyst
>Cyber Security Program
>Lawrence Livermore National Laboratory
>PO Box 808, L-315
>Livermore, CA 94550
>email@hidden
>
>
>
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden