Cryptographic Module
A cryptographic module is any combination of hardware, firmware, or software that implements cryptographic functions.
- as defined by FIPS 140
- directly addresses the security of an information systems supply chain with respect to the underlying supply chain of its cryptographic elements
- to earn certification as a cryptographic module,
- vendors must submit their work to the Cryptographic Module Validation Program (CMVP) for testing
- ISO/IEC 15408 standard provides requirements and certification processes for information security products
Advantage of Cryptographic Module over software library
- much harder for malware or software-based attacks to compromise security of cryptographic operation
- isolated security functionality makes it easier to provide assurance of the secure operation of a device
- increased availability of noncryptographic dedicated resources
- contain physical security protections
- e.g., tamper resistance or tamper detection
- some can enforce separation of duties that require the cooperation of two different individuals