Information Assurance Menu

.
Skip Search Box

Suite B Cryptography

Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting National Security Systems (NSS). Suite B includes cryptographic algorithms for encryption, key exchange, digital signature, and hashing.

Algorithm Function Specification Parameters
Advanced Encryption Standard (AES) Encryption FIPS Pub 197

128 bit keys for SECRET

256 bit keys for TOP SECRET

Elliptic Curve Diffie-Hellman (ECDH) Key Exchange NIST SP 800-56A

Curve P-256 for SECRET

Curve P-384 for TOP SECRET

Elliptic Curve Digital Signature Algorithm (ECDSA) Digital Signature FIPS Pub 186-4

Curve P-256 for SECRET

Curve P-384 for TOP SECRET

Secure Hash Algorithm (SHA) Hashing FIPS Pub 180-4

SHA-256 for SECRET

SHA-384 for TOP SECRET

PER CNSSP-15 (SEC.8), THE QUALITY OF THE CRYPTOGRAPHIC IMPLEMENTATION IS EQUALLY IMPORTANT, AND ALL CRYPTOGRAPHIC PRODUCTS USED TO PROTECT NSS AND INFORMATION THEREIN MUST BE EVALUATED OR VALIDATED IN ACCORDANCE WITH CNSSP-11.

CNSSP-15, National Information Assurance Policy on the Use of Public Standards for Secure Sharing of Information Among National Security Systems

CNSSP-15 policy states:

  • IA and IA-enabled IT products with integrated cryptography acquired to protect NSS and information therein shall adhere to the following:
    • After 1 October 2015, the appropriate Suite B cryptographic algorithms or a commensurate suite of NSA-approved cryptographic algorithms shall be included;
    • Prior to 1 October 2015, the appropriate Suite B cryptographic algorithms and/or the appropriate legacy cryptographic algorithms, or a commensurate suite of NSA-approved cryptographic algorithms shall be included;
    • Be compliant with NSA-approved public key and key management infrastructures as appropriate ; and
    • Successfully complete security protocol interoperability testing by an NSA-approved security protocol interoperability testing service.
  • IA and IA-enabled products acquired to protect NSS and the information that resides there in shall be evaluated and validated in accordance with NSTISSP-11. [NSTISSP-11 has been replaced by CNSSP-11]

In the event that mission requirements preclude meeting these CNSSP-15 requirements, permission to use NSA-approved mission-specific security protocols and cryptographic algorithms may be granted by NSA. For a copy of CNSSP-15, please visit the CNSS website.

Export Control

Certain commercial IA and IA-enabled IT products that contain cryptography and the technical data regarding them are subject to Federal Government export controls. Export of products that implement NIST standards that define Suite B or associated technical data must comply with Federal Government regulations and be licensed by the Bureau of Export Administration of the U.S. Department of Commerce. Information about export regulations is available at: http://www.bis.doc.gov/index.php/regulations. Suite B parameters together with associated technical documentation concerning how to configure IT products to use these parameters are general scientific principles documented in the public domain. As such, a product deemed eligible for use in a CSfC layered solution may also be used in commercial, non-government applications.

Standards and Protocols

The following documents provide guidance for using Suite B cryptography with internet protocols:

IPsec using the Internet Key Exchange Version 2 (IKEv2): "Suite B Profile for Internet Protocol Security (IPsec)," RFC 6380

SSH: "Suite B Cryptographic Suites for Secure Shell (SSH),” RFC 6239

TLS: "Suite B Profile for Transport Layer Security (TLS)," RFC 6460

Enrollment over Secure Transport," RFC 7030

S/MIME: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)," RFC 6318

NIST has developed an IPsec profile, NIST Special Publication 500-267, "A Profile for IPv6 in the U.S. Government – Version 1.0"

Modes of Operation

The Galois/Counter Mode (GCM) is the preferred AES mode. NIST Special Publication 800-38D, Recommendations for Block Cipher Modes of Operation: Galois/Counter Mode, contains an application independent description of GCM. RFC 4106 and RFC 6379 describe the use of GCM in IPsec Encapsulating Security Payload (ESP). RFC 5288 describes the use of GCM in Transport Layer Security (TLS).

The Cipher Block Chaining (CBC) mode has been approved for use in IKEv2. NIST Special Publication 800-38A, Recommendations for Block Cipher Modes of Operation – Methods and Techniques, contains an application independent description of CBC. The AES-CBC cipher algorithm standard is defined in RFC 3602.

Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) mode and Galois/Counter Mode Protocol (GCMP) are both approved for use in Wireless LAN Access Systems implementing the IEEE 802.11ac standard. The older IEEE 802.11i wireless standard includes CCMP mode using 128-bit AES keys.

Certificate Infrastructure

NSA is developing key management guidance to support products that contain Suite B Cryptography. A base set of certificate and CRL formats to support interoperability among Suite B solutions may be found in Suite B Base Certificate and Certificate Revocation List (CRL) Profile, RFC 5759 and companion document Suite B Certificate and CRL Examples. 

Intellectual Property

A key aspect of Suite B Cryptography is its use of elliptic curve technology instead of classic public key technology. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom, Inc. covering a variety of elliptic curve technology. Under the license, NSA has the right to grant a sublicense to vendors building certain types of products or components that can be used for protecting national security information. Click here to view a sample license.

Click for more information www.nsa.gov/ia/contacts/index.shtml

RFC 6090, Fundamental Elliptic Curve Cryptography Algorithms, addresses the existence of prior art with some of the elliptic curve technology.

Implementation Guides

The following guides are provided to assist sponsor and/or vendors in developing and integrating Suite B into their products:

Suite B Implementers' Guide to FIPS 186-3 (ECDSA)

Note that FIPS 186-3 has been updated by FIPS 186-4.
The Suite B Implementers' Guide to FIPS 186-3 (ECDSA) specifies the Elliptic Curve Digital Signature Algorithm (ECDSA) from the Digital Signature Standard, FIPS 186-3, that will be used in future and existing cryptographic protocols for Suite B products. It also includes the Suite B elliptic curve domain parameters, along with example data for the ECDSA signature algorithm and auxiliary functions that are necessary for ECDSA implementations to be in compliance with FIPS 186-3 and Suite B.
Suite B Implementers' Guide to FIPS 186-3 (ECDSA) - February 2010

Suite B Implementers' Guide to NIST SP 800-56A

The Suite B Implementers' Guide to NIST SP 800-56A further details the specific Elliptic Curve Diffie-Hellman (ECDH) key-agreement schemes from NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography that will be used in future and existing cryptographic protocols for Suite B products. Also included are the elliptic curves and domain parameters, key generation methods, the ECDH primitives, key derivation functions, and other auxiliary functions that are necessary for ECDH scheme implementations to be in compliance with NIST SP 800-56A and Suite B.

Suite B Implementers' Guide to NIST SP 800-56A

Companion document Mathematical Routines for NIST Prime Elliptic Curves

Handling Requirements of Suite B Cryptography

Because it does not contain any classified algorithms or technology, users may be able to handle these cryptographic products as non-Controlled COMSEC Items (non-CCI).  Users will have to account for these cryptographic products as cryptographic high valued products (CHVPs) once keyed.  As a result, customers using Suite B cryptographic products may be able to save time, costs, and manpower. 

The NSA Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate using a layered commercial solution based on Suite B cryptography and secure protocol standards. Visit the Commercial Solutions for Classified Program site for more information including the current CSfC Components List.

Point of Contact

Questions about Suite B Cryptography, Cryptographic Interoperability Strategy (CIS), or the NSA Cryptographic Interoperability Testing (NCIT) requirements and process should contact the National Cryptographic Solutions Management Office (NCSMO) at (410) 854-8577.

 

Date Posted: Jan 15, 2009 | Last Modified: Jun 26, 2014 | Last Reviewed: Jun 26, 2014

 
bottom