About IA at NSA
Partners
Rowlett Awards
Award Recipients
Background
Nomination Procedures
Links
IA Client and Partner Support
IA News
IA Events
IA Guidance
Media Destruction Guidance
Security Configuration Guides
Applications
Archived Guides
Cisco Router Guides
Database Servers
Fact Sheets
IPv6
Operating Systems
Apple Mac Operating Systems
Linux
Microsoft Windows
Sun Solaris
Supporting Documents
Switches
VoIP and IP Telephony
Vulnerability Technical Reports
Web Server and Browser Guides
Wireless
Standards Profiles
System Level IA Guidance
TEMPEST Overview
TEMPEST Products: Level I
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Products: Level II
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Company POCs
Certified
Suspended
Terminated
TEMPEST Zoned Equipment
IA Academic Outreach
National Centers of Academic Excellence in IA Education
CAE/IAE Program Criteria
CAE-R Program Criteria
Colloquium
Institutions
SEAL Program
Applying
FAQs
IA Courseware Evaluation Program
Institutions
FAQs
Student Opportunities
IA Business and Research
IA Business Affairs Office
Certified Product Sales and Support
Commercial COMSEC Evaluation Program
Commercial Satellite Protection Program
Independent Research and Development Program
User Partnership Program
National IA Research Laboratory
Partnerships with Industry
NIAP and COTS Product Evaluations
IA Programs
Global Information Grid
High Assurance Platform
Releases
Computing Platform Architecture and Security Criteria
IA Training and Rating Program
Inline Media Encryptor
Suite B Cryptography
IA Careers
Contact Information
|
NSA Suite B Cryptography Background
|
SUITE B includes: | |
---|---|
Encryption: |
Advanced Encryption Standard (AES) - FIPS 197 |
Digital Signature: |
Elliptic Curve Digital Signature Algorithm - FIPS 186-2 |
Key Exchange: |
Elliptic Curve Diffie-Hellman |
Hashing: |
Secure Hash Algorithm - FIPS 180-2 |
CNSSP-15 states that AES with either 128- or 256-bit keys is sufficient to protect classified information up to the SECRET level. Protecting TOP SECRET information would require the use of 256-bit AES keys1 as well as numerous other controls on manufacture, handling, and keying. These same key sizes are suitable for protecting both national security and non-national security related information throughout the USG.
Consistent with CNSSP-15, Elliptic Curve Public Key Cryptography using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 and SHA-256 is appropriate for protecting classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve and SHA-384 are necessary for the protection of TOP SECRET information.
All implementations of Suite B must, at a minimum, include AES with 256-bit keys, the 384-bit prime modulus elliptic curve, and SHA-384 as a common mode for widespread interoperability.
Standards
The Suite B Base Certificate and CRL Profile are provided as part of the overarching Cryptographic Interoperability Strategy:
Suite B Base Certificate and CRL Profile
Testing, Evaluation and Certification of "Suite B" Products
Creating secure cryptographic equipment involves much more than simply implementing a specific suite of cryptographic algorithms. Within the USG there are various ways to have cryptographic equipment tested or evaluated and certified. These methods include:
- The Cryptographic Module Verification Program (CMVP) - this program, managed by the National Institute for Standards and Technology (NIST), tests cryptographic implementations at commercial laboratories both in the U.S. and abroad. The testing process is derived from FIPS-140-2. Suite B products containing only cryptographic security functions may be evaluated and certified under this program. Certified products may be used to protect unclassified information throughout the USG, except national security systems. For further information on this program visit: http://csrc.nist.gov/cryptval/
- The Common Criteria Evaluation and Validation Scheme (CCEVS) - this program, managed by NSA and NIST, tests information assurance (IA) products in accord with The Common Criteria for Information Technology Security Evaluation (CC), ISO/IEC 15408. Suite B Products that contain non-cryptographic IA functionality (i.e. firewalls, smart cards, operating systems etc.) should be evaluated under this scheme as well.2 For further information on this program visit: http://www.niap-ccevs.org/cc-scheme
- Evaluation by the National Security Agency - NSA will evaluate Suite B products for use in protecting classified information throughout the USG. Products accepted for evaluation would normally come into NSA through Traditional Procurements, the Commercial COMSEC Evaluation Program (CCEP) or User Partnership Agreements (UPA). Through these programs, NSA will not only evaluate a vendor's product but also provide extensive design guidance on how to make a product suitable for protecting classified information. Implementing Suite B is only one step in a complex process. For further information visit: /ia/industry/ccep.cfm
For protecting unclassified national security information or systems, a Suite B product must be evaluated under the CMVP. If the product contains non-cryptographic information assurance functionality the product must also be evaluated under the CCEVS as well using an NSA approved protection profile.
For protecting classified information, a product must be reviewed and certified by NSA.
Intellectual Property
A key aspect of Suite B is its use of elliptic curve technology instead of classic public key technology. NSA has determined that beyond the 1024-bit public key cryptography in common use today, rather than increase key sizes beyond 1024-bits, a switch to elliptic curve technology is warranted. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom Inc. covering a variety of elliptic curve technology. Under the license, NSA has a right to sublicense vendors building equipment or components in support of U.S. national security interests. Any vendor building products for national security use is eligible to receive a license from the National Security Agency.
For further information on Elliptic Curve Intellectual Property Licensing please contact the IA Business Affairs Office.
Key Management
For key exchange, Suite B calls for the use of Elliptic Curve Diffie-Hellman Key Exchange (ECDH). ECDH is appropriate for incorporation of Suite B into many existing Internet protocols such as the Internet Key Exchange (IKE), Transport Layer Security (TLS), and Secure MIME (S/MIME).
We will encourage the development of commercial services to provide for Public Key Infrastructure support to the vast array of Suite B compliant products used in both government and commercially. Commercial standards will be used for the interface between devices and a commercial public key infrastructure. NSA will maintain an equivalent public key infrastructure to support Suite B products applications that need to receive key from a USG source.
1. CNSSP-15 correctly states that 192-bit AES keys are sufficient for protecting even TOP SECRET information. However, Suite B uses only 256-bit keys to enhance interoperability.
2. NSA will be involved in all CCEVS evaluations above EAL Level 4.
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009