IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.85 Design of suitable interfaces for crypto
modules
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management
The design and configuration options of a crypto module should allow the
entire flow of information to and from the module or even direct physical
access to the data stock in the module to be controlled or restricted as
necessary. Depending on the application or protection requirements, it may be
advisable to use physically separate input and output ports. Whatever the case,
the module interfaces should be set up such that the individual data channels
are logically separated from each other, even though they may possibly share
a common input or output port. In connection with the key management
functions for the crypto module it must be guaranteed that the output channels
are separated (at least logically) from internal key generation and the input
port for manual key entry. In many cases there will be separate interfaces
available for the connection of an external supply voltage or an external
supply pulse and for exclusive use by repair or maintenance tasks. From the
standpoint of the crypto module, therefore, it makes sense to divide these up
and use them as follows:
- Data input interface, which carries all the input data for the crypto module
that is to be processed or edited in the module (e.g. cryptographic keys,
authentication information, status information from other crypto modules,
plaintext data etc.).
- Data output interface, which carries all of the data from the crypto module
that is to be passed from the module to its environment (e.g. encrypted
data, authentication information, control information for other crypto
modules, etc.).
- Control input interface, which carries all control commands, control signals
and control data for executive sequencing and setting the module’s mode
of operation.
- Status output interface, which outputs all signals, indications and data to
the environment in order to indicate the internal security status of the
crypto module.
And finally:
- Maintenance interface, which is used exclusively for maintenance and/or
repair purposes.
The documentation for a crypto component should contain a description of all
components (hardware, firmware and/or software).
Furthermore, the documentation should contain the complete specification of
the module interfaces as well as the physical or logical ports, manual or
logical control units, physical or logical indicating elements and their physical,
logical or electrical properties. If a crypto component contains a maintenance
interface, the documentation should also provide a full specification of the
maintenance processes that have to be performed. All physical and logical
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000