Suite B Cryptography
Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting National Security Systems (NSS). Suite B includes cryptographic algorithms for encryption, key exchange, digital signature, and hashing.
CNSSP-15, National Information Assurance Policy on the Use of Public Standards for Secure Sharing of Information Among National Security Systems
CNSSP-15 policy states:
In the event that mission requirements preclude meeting these CNSSP-15 requirements, permission to use NSA-approved mission-specific security protocols and cryptographic algorithms may be granted by NSA. For a copy of CNSSP-15, please visit the CNSS website.
Certain commercial IA and IA-enabled IT products that contain cryptography and the technical data regarding them are subject to Federal Government export controls. Export of products that implement NIST standards that define Suite B or associated technical data must comply with Federal Government regulations and be licensed by the Bureau of Export Administration of the U.S. Department of Commerce. Information about export regulations is available at: http://www.bis.doc.gov/index.php/regulations. Suite B parameters together with associated technical documentation concerning how to configure IT products to use these parameters are general scientific principles documented in the public domain. As such, a product deemed eligible for use in a CSfC layered solution may also be used in commercial, non-government applications.
Standards and Protocols
The following documents provide guidance for using Suite B cryptography with internet protocols:
Modes of Operation
The Galois/Counter Mode (GCM) is the preferred AES mode. NIST Special Publication 800-38D, Recommendations for Block Cipher Modes of Operation: Galois/Counter Mode, contains an application independent description of GCM. RFC 4106 and RFC 6379 describe the use of GCM in IPsec Encapsulating Security Payload (ESP). RFC 5288 describes the use of GCM in Transport Layer Security (TLS).
Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) mode and Galois/Counter Mode Protocol (GCMP) are both approved for use in Wireless LAN Access Systems implementing the IEEE 802.11ac standard. The older IEEE 802.11i wireless standard includes CCMP mode using 128-bit AES keys.
NSA is developing key management guidance to support products that contain Suite B Cryptography. A base set of certificate and CRL formats to support interoperability among Suite B solutions may be found in Suite B Base Certificate and Certificate Revocation List (CRL) Profile, RFC 5759 and companion document Suite B Certificate and CRL Examples.
A key aspect of Suite B Cryptography is its use of elliptic curve technology instead of classic public key technology. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom, Inc. covering a variety of elliptic curve technology. Under the license, NSA has the right to grant a sublicense to vendors building certain types of products or components that can be used for protecting national security information. Click here to view a sample license.
Click for more information www.nsa.gov/ia/contacts/index.shtml
RFC 6090, Fundamental Elliptic Curve Cryptography Algorithms, addresses the existence of prior art with some of the elliptic curve technology.
The following guides are provided to assist sponsor and/or vendors in developing and integrating Suite B into their products:
Suite B Implementers' Guide to FIPS 186-3 (ECDSA)
Note that FIPS 186-3 has been updated by FIPS 186-4.
Suite B Implementers' Guide to NIST SP 800-56A
The Suite B Implementers' Guide to NIST SP 800-56A further details the specific Elliptic Curve Diffie-Hellman (ECDH) key-agreement schemes from NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography that will be used in future and existing cryptographic protocols for Suite B products. Also included are the elliptic curves and domain parameters, key generation methods, the ECDH primitives, key derivation functions, and other auxiliary functions that are necessary for ECDH scheme implementations to be in compliance with NIST SP 800-56A and Suite B.
Handling Requirements of Suite B Cryptography
Because it does not contain any classified algorithms or technology, users may be able to handle these cryptographic products as non-Controlled COMSEC Items (non-CCI). Users will have to account for these cryptographic products as cryptographic high valued products (CHVPs) once keyed. As a result, customers using Suite B cryptographic products may be able to save time, costs, and manpower.
The NSA Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate using a layered commercial solution based on Suite B cryptography and secure protocol standards. Visit the Commercial Solutions for Classified Program site for more information including the current CSfC Components List.
Point of Contact
Questions about Suite B Cryptography, Cryptographic Interoperability Strategy (CIS), or the NSA Cryptographic Interoperability Testing (NCIT) requirements and process should contact the National Cryptographic Solutions Management Office (NCSMO) at (410) 854-8577.
Date Posted: Jan 15, 2009 | Last Modified: Jun 26, 2014 | Last Reviewed: Jun 26, 2014