Printer-friendly version

Browse the glossary using this index

Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL

F

Picture of Yee Wei Law

Federal Information Processing Standards (FIPS) : An Introduction

by Yee Wei Law - Friday, 21 June 2024, 1:23 PM
 

The Federal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce in the US [NIS19].

These standards and guidelines were developed when there were no acceptable industry standards or solutions for a particular government requirement.

Although FIPS are developed for use by US government, many in the private sector and even other governments such as Australia voluntarily use these standards.

FIPS 180-4 [NIS15] specifies secure hash algorithms SHA-1 and SHA-2. SHA-2 is the family of algorithms consisting of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256. A hash function produces a condensed representation of a message called a message digest.

Since any change to the message results, with an overwhelmingly high probability, in a different message digest, hash functions enable the determination of a message’s integrity. This property is further useful in the generation and verification of digital signatures and message authentication codes, and in the generation of random bits or numbers.

For example, software of large sizes such as Linux distributions are typically distributed along with a SHA-256 digest. Available here is an example of how we can verify the integrity of an ISO file. Linux platforms come with the utility sha256sum, whereas contemporary Windows platforms come with the PowerShell cmdlet Get-FileHash. On Windows PowerShell, try running:

Get-FileHash c:\windows\system32\cmd.exe -Algorithm SHA256

FIPS 186-4 [NIS13] specifies three digital signature schemes, namely Digital Signature Algorithm (DSA), RSA digital signature algorithm and Elliptic Curve Digital Signature Algorithm (ECDSA).

FIPS 197 [NIS01] specifies the block cipher Advanced Encryption Standard (AES).

FIPS 198 [NIS08] specifies the Keyed-Hash Message Authentication Code (HMAC).

References

[NIS01] NIST, Specification for the Advanced Encryption Standard (AES), FIPS PUB 197, November 2001. Available at https://doi.org/10.6028/NIST.FIPS.197.
[NIS08] NIST, The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB 198-1, July 2008. Available at https://doi.org/10.6028/NIST.FIPS.198-1.
[NIS13] NIST, Digital Signature Standard (DSS), FIPS PUB 186-4, July 2013. Available at http://dx.doi.org/10.6028/NIST.FIPS.186-4.
[NIS15] NIST, Secure Hash Standard (SHS), FIPS PUB 180-4, August 2015. Available at http://dx.doi.org/10.6028/NIST.FIPS.180-4.
[NIS19] NIST, Compliance FAQs: Federal Information Processing Standards (FIPS), Standards Information Center, November 2019. Available at https://www.nist.gov/standardsgov/compliance-faqs-federal-informationprocessing-standards-fips.
Picture of Yee Wei Law

Flow

by Yee Wei Law - Tuesday, 27 June 2023, 4:24 PM
 

A flow is a set of ordered tuples delineated by a start time and an end time, and having the same 1️⃣ session ID, 2️⃣ protocol type, 3️⃣ source and destination IP addresses, as well as 4️⃣ source and destination ports.

References

[] .