Hikvision FIPS 140-2 Cybersecurity Certification Examined

* **** ***** ***** ********** ****** * law ******* *********,********* ********* ** *** obtained* **** ***-* ************* from *** ** ********** with ********* ******* ** as "******* ********* ********* in *********'* ************* *******."

**** ********** ********: *** the ** ********** ******* its ****? ** *** US ********** ************* ******? Is ********* *** ******** free?

**** *** *** ******** from *** ********:

• *** ************* **** *** cover *** ******* ********* nor ************* ***************.
• ********* ***, ***********, ********* the ****** **** **** source ******* ** '******' for *** *************.
• *** **+ ****-*** ************* is ******, ** ****, required ** ** ********** agencies *** ***** ************.
• ***** *** **** ** a ********* ***, *** Hikvision ** ** ***** well ***** ** **** booster *** *****, ********** with *** ********** *** employees.

******, ** ******* **** of ***** ****** **-*****.

[***************]

Cryptography, *** ***************

**** ***-* ******* ** the "******** ************ *** ************* Modules", ***** **-**** *************, **** updated ** ****, ********.

** **** *** ***** general *********** ******* *** vulnerabilities ** ** *********** generally. ****** *** ***** is ** *** ********* of **** **********, ****** hashing, *** ****** *** cryptography.

*** ** ********** *** a "************* ****** ********** *******", ***** ********* *************** conformant ** **** ***-*. There *** *,***+ ****** certifications (*** *********** ** *******-* ********* Modules).

* ************* ****** *****, starting **** ***** * (Software ****) ** ***** 4, **** *** ***** 3 ****** ******** ********** hardware **********.

Hikvision *************

********* ******** * ***** 1 ******** ************* ** July **** (***:********* **** ***-* ***********), ******* *****:

*********'* ******** ***** ******* said **** ***** '********' were ********* *** ********* subsequently ******* ** ** clarify **** **** *** software ****** ***, *** their ******** (****: ******** can ** ********* *** Hikvision *** *** ****). The ****** ****** *** be ****, *** *** tested, **** ***** ** cameras *** ****.

HikSSL = **** ****** *******

***** ********* ***** '******', it ** * ******* / ******* ** *******. Indeed, *** **** *********** **** * **** version, ** ** ********* (see******* **** ******) *** *** ************* is ********* ******* *** the **** * ***** as **** ******* *** made, ********* *****:

* ****** ** ********* use ******* *** ***** own **************, ****** ***** credit ** *******, ** the ******* ***** ************* *** *************:

*** *******,******* ******************* ** **** **** one ****** ** ******* is ** ******* * different ** ******* / version:

***** *** ******* **** is ** ****** ****** new ********* ******* ** their **** ************, ** rebranded *** ******* ******. We *** ** *** process ** ****** ******* 8.1, ****** * & 7, *** ****** **.** as ****** ************** ** our **** *********** (** cannot *** *** ********* systems ** *** ******** OpenSSL ************ ** **** is *** ** *********). If * *** ****** needs ** *** *** OpenSSL **** ****** ** their ******** **** ******* CentOS *** ******* (*** example), **** ** *** quickly ******* * **** certificate ** **** *******'* name **** ***** ********* systems ****** ** ****** Configurations.

***** ********* ***** ** credit ** ******* ** its ********* *** **********, the *** (*****) ********* the********** ****** ** *********'* FIPS ***-* ***************** *********** *** *** of *******:

*** ********* **** *********** the ************* ** **** any *** ***** ** enhancements **** ** ** recertified **** *** **********, limiting ***********.

Not ** ******** ******** / ******* ******** ********

**** ****** ** *** available ** ********* ******** firmware, ********* ** ********* technical *******. ** *** want ** **** **** FIPS ********, ** ********* you ******* *********.

Rarely ******** ** ***** ************

*******, ***** *** ********** crypotography ** ****** ********* by ***** ************ *************, the ************* ****** ** not. *******, ** ******* because ** *** ***, FIPS ***-* ************* *** been ****** ******* ** government ****** ** ***** surveillance ********.

*******, * ******* **** not **** ** ** certified ******, ** *** own ****, ** **** as **** *** * validated ******. ****** ********:

** ** ********* ** note **** ********** ************ are ****** *** ********************. * ****** *********** ** ******************* * ******* ** application, ** * ***************** *** ** ******.

Bosch ******* **** ***-* ***** *

***** ***** **** **** what **** ****** ** a '******* ******** ******' ** * *****-***** FIPS ***-* ***** * certified **** ******** ** their ** *******. ***** acknowledged, ******, **** ** is **** *** ********** buyers ** ******* **** certification. *******, ***** **** there *** ***** ******** of ****** *** ****, rather **** * ******** module, *** ********* ******* OS / *********** ********.

$50,000+ **** *** *********

** ******** * **** of $**,***+ *** *********, with $**,*** **** ** the ** ********** / NIST, $**,*** ******* ******* to **** *** ***** Lab **** ********** **** to ***** *** *** Hikvision's *** **** / effort ** *** *** validation.

Marketing **** *****

**** ** ********* *** not ****** *** ** government ***, ***** ** is ******, ** ****, required **********, ** ***** unlikely **** **** ** a ********* ****** ** real ***********.

*** * ****** ******* company, ** ***** *** be ***** $**,***+ *** a ***** *******, *** as ******** **********-*** ************, ** ** ***** it. **** ***-* ** such ** ******* **** that *** **** **** the ******* ** **. Plus, ** **** ******* impressive-sounding ********* ***** *** a '**********' ** *** US **********.

**** ********* ***** ** widely ********** (**** *** elsewhere), **** *** ************** trying ** ** ******** they *** ** ******* their *****.

Not ********* ** *** **, ********* ** ***** *** ******

*** *********** ********** ** this ** ****, ** date, ********* *** ********* this ** ***** *** in ****** *** *** the ** (*** ** *** ** press ******* ****, *** *********** *** ******** ****,*** ** ********* *** Twitter). **** ** ******** counterintuitive ***** **** ** a ** *************.