We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security

DEF CON 19

Presented by: Joey Maresca
Date: Sunday August 07, 2011
Time: 12:00 - 12:50
Location: Penn & Teller Theater
Track: Penn & Teller

Many standards, especially those provided by the government, are often viewed as more trouble the actual help. The goal of this talk is to shed a new light onto onesuch standard (FIPS 140) and show what it is inteded for and how is can sometimes help ensure good design practices for security products. But everything is not roses and there are certain things that these standards cannot help with or may even inhibit. By examining these strengths and potential weakness, the hope is everyone will have a new opinion of this and similar standards and how they are used.

Joey Maresca

Joey Maresca is a security analyst/engineer with a background in computer hardware and software, including a BS in Electrical and Computer Engineering from The Ohio State University. In a past life, he worked at the US Patent Office, while not the most exciting job it was an informative experience. Over the past five years he has worked in the security field with a primary focus on FIPS 140 testing and validations. This has allowed him inside access to dozens of commercial products. Twitter: @l0stkn0wledge


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats