If you receive errors when attempting to view this white paper, please install the latest version of
AAdobe Reader.
"The National Institute of Standards and Technology (NIST) defines the standard for AES encryption, and provides a rigorous testing process for software vendors. The certification process is carried out by independent testing labs who report the results to NIST for validation. The AES certification process tests every aspect of encryption and involves millions of encryption and decryption operations. Only the most dedicated security vendors are able to pass the tests and achieve NIST certification. Patrick Townsend Security Solutions has achieved AES Validation for all key sizes and modes of operation, on every major Enterprise platform."
Source: Patrick Townsend Security Solutions
NIST Certification for AES Encryption
Encryption Solutions is also known as :
Aes Encryption,
Advanced Encryption Standard,
Encryption Software,
Des Encryption,
Key Sizes for Encryption,
Encryption Reliability Tests,
Data Encryption Standard,
Cryptography,
Des,
File Encryption,
Encryption Key, Encryption Security, Encryption Algorithm, Encryption White Papers, Cryptographic Module Validation Program, CMVP, 128 Bit Encryption, Encrypt Data, Encryption Program, Encryption System, Comprehensive Encryption, Encryption Example, Encryption Tools, Encryption Technology, 256 Bit Encryption, Encryption Software Vendor, Authentication Encryption, Encryption Methods, Encryption Types.
NIST Certification - The Gold Standard
The National Institute of Standards and Technology (NIST) defines the standard for AES encryption, and provides a rigorous testing process for software vendors. The certification process is carried out by independent testing labs who report the results to NIST for validation. The AES certification process tests every aspect of encryption and involves millions of encryption and decryption operations. Only the most dedicated security vendors are able to pass the tests and achieve NIST certification. Patrick Townsend Security Solutions has achieved AES Validation for all key sizes and modes of operation, on every major Enterprise platform.
Has it been done right? You can be sure ...
In an early study of the certification program, NIST learned that almost 50 percent of software vendors had errors in their encryption solutions. It isn't easy to get encryption right. A certificate of validation from NIST is your assurance that AES encryption has been done right.
Was NIST Important to Staples?
"Staples wouldn't even consider a vendor solution that didn't have NIST certification. The fact that Townsend has NIST certified solutions on every major Enterprise server platforms was a big plus."
- Steve Tenore
Staples Senior System i Consultant
Introduction
The National Institute of Standards and Technology (NIST) is a US government agency that is a part of the Department of Commerce. The NIST sets non-military government standards for a wide variety of technologies including data encryption. Because the NIST uses an open and professional process to establish standards, the private sector usually adopts NIST standards for commercial use. The NIST is one of the most trusted sources for technology standards.
The Advanced Encryption Standard (AES) is the standard for data encryption adopted by the NIST in 2001. This encryption standard replaced the earlier Data Encryption Standard (DES). The DES encryption standard became weaker due to the advancing power of computer systems. The NIST began a process in the late 1990's to find a replacement for DES. After a lengthy examination of several alternatives, the AES standard for encryption was adopted and codified as FIPS-197. AES encryption is now the de-facto standard for strong data encryption.
What is AES Validation testing?
The NIST sets the standard for AES encryption testing, and charters independent labs to administer and oversee the testing process. Through the National Voluntary Laboratory Accreditation Program (NVLAP) the NIST certifies independent testing labs for the Cryptographic Module Validation Program (CMVP). Data security software vendors administer the tests, validate the results, and submit the results to the NIST for acceptance. Software vendors always work with an independent certification laboratory and not with the NIST directly.
The NIST established five methods, or modes, of encryption that can be used with AES. These are Electronic Code Book (ECB), Cipher Block Chaining (CBC), Counter (CTR), Output Feed Back (OFB), and Cipher Feed Back (CFB) modes. There are separate tests for each mode. A software vendor can choose to validate on only one mode, a subset of the five modes, or all modes of encryption. In addition, the NIST defines three key sizes for encryption: 128-bit, 192-bit, and 256-bit keys. A software vendor can choose from one to three key sizes to certify.
Most software vendors choose to certify just one or two modes of encryption, and on one key size. The Alliance AES Encryption products are certified on ALL five modes of encryption, and all three key sizes.
How does the AES Validation testing work?
A data security software vendor contracts with an independent CMVP test laboratory to certify their AES encryption products. The test lab provides a wide range of tests the vendor must execute on each computing platform to be certified. The tests are designed to certify that the encryption software performs correctly under a variety of conditions. These include proper implementation of different key sizes, proper handling of small and large blocks of data, proper handling of large numbers of encryptions, and other encryption reliability tests. The tests are designed to insure that the software vendor cannot fudge the results, and the testing lab validates all results submitted by the software vendor.
Each mode of encryption and key size tested involves hundreds of tests and millions of encryptions. Every single test must be passed to achieve certified status.
The Alliance AES encryption solutions passed every certification test for every mode of encryption and every key size, on all nine Enterprise server platforms. The certification involves thousands of tests and hundreds of millions of encryptions. As of June, 2007, only three other data security vendors had certified all modes of encryption. Only one vendor had certified on all nine Enterprise server platforms: Patrick Townsend Security Solutions.
Certification means strong encryption
NIST certification is your assurance that a vendor's AES encryption solution implements data encryption the right way. There are many ways to use encryption and a wide variety of modes of encryption. Improperly implemented solutions may work for one type of task, but fail under different application requirements. All software vendors claim they implement strong encryption. Can they prove it? Ask them for their NIST certification.
Certification means compatibility
One of the biggest challenges facing Enterprise customers is encrypting and decrypting data on a variety of platforms. Data may be encrypted in an Oracle database, then transferred to Microsoft SQL Server, then to an IBM System i (AS/400) platform. Computer vendors use different methods of encryption, and different modes of encryption. How can you be sure that your encryption solution will be able to handle all of your requirements?
NIST certification provides the assurance you need that your software is up to the task. Certified software must work the same way for all of the NIST defined encryption tasks.
The Alliance AES solutions from Patrick Townsend Security Solutions provide even more assurance of compatibility - Alliance solutions are certified on all key sizes and all modes of encryption. No other data security vendor provides this level of certified support for AES encryption.
Certification means reliability
The NIST testing process is designed to exercise a vendor's encryption solution under stress conditions. Large numbers of repeated encryptions are performed with the output of one encryption used as input for the next encryption. Failures in memory management or reliability will be exposed in the testing process. Encryption software may work without errors for 100 or 1,000 encryptions, but will it work on 1 million encryptions? How about 100 million encryptions?
No one wants the unpleasant experience of a system failure due to unreliable software. NIST certification helps provide some assurance of a reliable implementation.
Alliance AES encryption on every Enterprise platform
The modern Enterprise uses a wide variety of server platforms from a number of different vendors. In addition, data is exchanged with customers, vendors, and service provides outside the organization. To meet these challenges the Alliance AES Encryption products are certified and available on all Enterprise platforms including:
- Microsoft Windows (2000/XP/2003/2008) and SharePoint
- Linux (SUSE and Red Hat, on Intel and POWER)
- UNIX (AIX, Solaris)
- IBM System i (AS/400, iSeries)
- IBM System z (z/OS, mainframe)
All of the certified Alliance AES encryption solutions work the same way on every platform.
Patrick Townsend Security Solutions
Patrick Townsend Security Solutions provides data encryption, key management, and compliance logging solutions to Enterprise customers on a variety of server platforms including Windows, Linux, UNIX, IBM System i, and IBM System z. The company can be reached on the web at
http://www.patownsend.com/, or by phone at (800) 357-1019.