NSA Suite B Cryptography - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Information Assurance Menus

Information Assurance Menu

Information Assurance About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information	Skip Search Box Searchbox NSA Suite B Cryptography The secure sharing of information especially to the tactical user motivates the need for widespread cryptographic interoperability and for NSA-approved information assurance products that meet appropriate security standards to protect classified information at the SECRET level. These needs will only be satisfied with widely available and affordable NSA-approved information assurance solutions. NSA has initiated three efforts to address these needs: The Cryptographic Interoperability Strategy Expanding the use of GOTS products that meet a revised set of security standards to protect information up to the SECRET level; and Layered use of COTS products that meet a more robust set of security standards to protect information up to the SECRET level. A Cryptographic Interoperability Strategy (CIS) was developed to find ways to increase assured rapid sharing of information both within the U.S. and between the U.S. and her partners through the use of a common suite of public standards, protocols, algorithms and modes referred to as the “Secure Sharing Suite” or S.3 The implementation of CIS will facilitate the development of a broader range of secure cryptographic products which will be available to a wide customer base. Some operational examples include enabling the US Government to securely share intelligence information with State and local First Responders and for war fighters to securely share information on the battlefield with non-traditional coalition partners. To achieve the Strategy, NSA is working to influence International standards groups as well as national policies for securing National Security Systems. The use of selected public cryptographic standards and protocols and Suite B is the core of CIS. A process, known as GOTS for Secret, is being developed. This process will allow vendors who have NSA-certified Type 1 cryptographic products to develop a version of this product that uses Suite B cryptography and meets a revised set of NSA’s security standards which are appropriate for protecting information up to the SECRET level. Also, depending on our clients’ needs, it will allow vendors to develop cryptographic products that only meet the set of NSA’s security standards that are appropriate for protecting information up to the SECRET level. When these products do not contain any classified algorithms or technology, the handling and accountability requirements will be less stringent than for a Controlled COMSEC Item (CCI). The Commercial Solutions Partnership Program (CSPP) is being developed to enable the use of a combination of COTS information assurance products composed to form a particular application solution to protect information up to the SECRET level. A streamlined National Information Assurance Partnership (NIAP) with new Standard Protection Profiles and relying on NIST’s Cryptographic Module Validation Program for products with embedded cryptography will form the basis of the CSPP. Visit the National Information Assurance Partnership (NIAP)/ Common Criteria Evaluation and Validation Scheme (CCEVS) site for more information. Standards The initial focus will be to leverage Federal and internet standards, protocols and algorithms. Several Internet Engineering Task Force (IETF) protocol standards have been identified as having potential widespread use. IETF RFCs have been established to allow the use of Suite B Cryptography with these protocols. Suite B cryptography has been selected from cryptography that has been approved by NIST for use by the U.S. Government and specified in NIST standards or recommendations. The next two sections identify the current IETF and NIST standards that relate to Suite B cryptography. In addition to the IETF standards, an implementer must consult the relevant NIST standards and the Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program in order to understand NIST’s validation requirements. Protocols The following documents provide guidance for using Suite B cryptography with internet protocols: IPsec using the Internet Key Exchange (IKE) or IKEv2: "Suite B Cryptography for IPsec," RFC 4869 TLS: "Suite B Cipher Suites for TLS," RFC 5430 "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)" S/MIME: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)," RFC 5008 SSH: "AES Galois Counter Mode for the Secure Shell Transport Layer Protocol," draft-igoe-secsh-aes-gcm-02.txt Protocol profiles will be developed to aid in the selection of options to promote interoperability. NIST has developed an IPsec profile, NIST Special Publication 500-267, "A Profile for IPv6 in the U.S. Government – Version 1.0,". Algorithms In 2005, NSA announced Suite B Cryptography which built on the National Policy on the use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information (CNSSP-15). In addition to the AES, Suite B includes cryptographic algorithms for key exchange, digital signatures, and hashing; specifically: Encryption: Advanced Encryption Standard (AES) - FIPS PUB 197 (with keys sizes of 128 and 256 bits) See FIPS PUB 197 at the National Institute of Standards and Technology, FIPS Publications listing. Key Exchange: The Ephemeral Unified Model and the One-Pass Diffie Hellman (referred to as ECDH) - NIST Special Publication 800-56A (using the curves with 256 and 384- bit prime moduli) Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) – FIPS PUB 186-3 (using the curves with 256 and 384-bit prime moduli) Hashing: Secure Hash Algorithm (SHA) - FIPS PUB 180-3 (using SHA-256 and SHA-384) AES with 128-bit keys provides adequate protection for classified information up to the SECRET level. Similarly, ECDH and ECDSA using the 256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-256 provide adequate protection for classified information up to the SECRET level. During the transition to the use of elliptic curve cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level. AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384 are required to protect classified information at the TOP SECRET level. Since some products approved to protect classified information up to the TOP SECRET level will only contain algorithms with these parameters, algorithm interoperability between various products can only be guaranteed by having these parameters as options. Another suite of NSA cryptography, Suite A, contains some classified algorithms that will not be released. Suite A will be used for the protection of some categories of especially sensitive information. Infrastructure NSA is developing an infrastructure to support products that contain Suite B Cryptography. Thus far, the Suite B Base Certificate and CRL Profile has been developed and will be proposed as an IETF standard. Evaluation and Validation Creating secure cryptographic components, products and solutions involves much more than simply implementing a specific cryptographic protocol or suite of cryptographic algorithms. Information Assurance (IA) and IA-enabled products to be used on systems entering, processing, storing, displaying, or transmitting national security information must be validate or certified in accordance with NSTISSP No. 11, Revised Fact Sheet National Information Assurance Acquisition Policy. Intellectual Property A key aspect of Suite B Cryptography is its use of elliptic curve technology instead of classic public key technology. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom, Inc. covering a variety of elliptic curve technology. Under the license, NSA has the right to grant a sublicense to vendors building certain types of products or components that can be used for protecting national security information. Click here to view a sample license. Click for more information www.nsa.gov/ia/contacts/index.shtml Implementation Guides Suite B Implementers' Guide to FIPS 186-3 (ECDSA) NSA's Cryptographic Research Organization announces the publication of the Suite B Implementers' Guide to FIPS 186-3 (ECDSA).The Suite B strategy, also known as the Cryptographic Interoperability Strategy (CIS), aims to provide industry with a set of cryptographic algorithms that they can use to promote cryptographic protocol and algorithm interoperability and to create products meeting a range of U.S. Government needs. The Suite B Implementers' Guide to FIPS 186-3 (ECDSA) specifies the Elliptic Curve Digital Signature Algorithm (ECDSA) from the Digital Signature Standard, FIPS 186-3, that will be used in future and existing cryptographic protocols for Suite B products. It also includes the Suite B elliptic curve domain parameters, along with example data for the ECDSA signature algorithm and auxiliary functions that are necessary for ECDSA implementations to be in compliance with FIPS 186-3 and Suite B. Suite B Implementers' Guide to FIPS 186-3 (ECDSA) - February 2010 Suite B Implementers' Guide to NIST SP 800-56A The Suite B Implementers' Guide to NIST SP 800-56A is a publication of NSA's Cryptographic Research Organization. The Suite B strategy, also known as the Cryptographic Interoperability Strategy (CIS), aims to provide industry with a set of cryptographic algorithms that they can use to promote cryptographic protocol and algorithm interoperability and to create products meeting a range of U.S. Government needs. The Suite B Implementers' Guide to NIST SP 800-56A further details the specific Elliptic Curve Diffie-Hellman (ECDH) key-agreement schemes from NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography that will be used in future and existing cryptographic protocols for Suite B products. Also included are the elliptic curves and domain parameters, key generation methods, the ECDH primitives, key derivation functions, and other auxiliary functions that are necessary for ECDH scheme implementations to be in compliance with NIST SP 800-56A and Suite B. Suite B Implementers' Guide to NIST SP 800-56A Companion document Mathematical Routines for NIST Prime Elliptic Curves
	Date Posted: Jan 15, 2009 \| Last Modified: Mar 11, 2010 \| Last Reviewed: Mar 11, 2010

bottom