In FIPS 140-2, integrity test is a crucial power up self-test required for modules at all levels. As per the FIPS 140-2 standard, software or firmware integrity test can be performed using an error detection code (EDC) or any approved authentication technique (e.g., an Approved message authentication code or digital signature algorithm).

IG 6.4 Approved Integrity Techniques defines an approved integrity technique as “a keyed cryptographic mechanism that uses an approved and validated cryptographic security function”. The module must perform the firmware integrity test on the whole firmware image. This is feasible for many modules but for those modules running a limited operational environment with huge installation firmware image or those which run with low processor speed, it is not feasible. In either of those cases, integrity check over the entire firmware takes a very long time and hence a new IG 9.12 Integrity Test Using Sampling has been released by CMVP which gives modules an option to use sampling method.

The IG 9.12 makes following assumptions:

  1. The firmware image can be viewed as a bit string or a set of files.
  2. The bit string or files consisting of the firmware image can be divided into up to 20 portions, each of which has the total size no less than 100,000 bits.
  3. The probability of any bit taking an erroneous value in the firmware image bit string is very low.

It must be noted that first time an integrity self-test is performed upon the installation or reconfiguration of the module or upon a factory reset, the integrity test shall be performed on the entire firmware image. Then for a firmware integrity test at each subsequent power-on, the integrity test is performed on a portion of the firmware that will be chosen by a sampling method.

The sampling is done either deterministically or randomly.

Deterministic sampling method pre-defines the order in which portion of the firmware for the integrity test will be selected. Once all the portions are exhausted, the entire firmware image will be tested again before another predefined order is generated.

 

 

Random sampling method uses a random number generator to generate sampling portions. It must be noted that though a vendor can choose to use an approved or non-approved random number generator, design of the random number generator must be submitted to a testing lab and CMVP along with a rationale as to why the chosen random number generator is suitable for its purpose and how entropy is generated from the environment especially when invoked from power-up. (Example for random sampling can be found in the IG 9.12)

For more details refer to the IG 9.12 here.