FIPS 140-3, Security Requirements for Cryptographic Modules, is effective since September 22, 2019. FIPS is a US government security standard used to approve cryptographic modules that are to be used by US federal agencies for protecting sensitive, but unclassified information. The FIPS standard includes requirements on “non-invasive attacks” such as side channel analysis. This is a big step in recognizing the importance of having counter measures in place for such attacks. Riscure has been specializing in non-invasive attacks since 2002, becoming industry leaders in the area and developing software and hardware tools in order to make this analysis much easier and more efficient.
Especially for FIPS testing Riscure composed a bundle consisting of hardware and software that will allow users to do all side channel tests that are mandatory to certify a device under FIPS 140-3 speciifcations. The bundle includes devices that can be used for power measurements on your device and analysis software to test if information regarding the cryptographic operations in the device is leaking. To get you up-to-speed as fast as possible, the bundle includes a seat for Riscures on-line side channel analysis training that will make sure your employees learn how to operate the devices and execute the nessecary tests.