Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #2671

Historical - The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.

Details

Module Name

Duo Security Cryptographic Module

Standard

FIPS 140-2

Status

Historical

Historical Reason

186-2 transition

Overall Level

Caveat

When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.

Security Level Exceptions

Physical Security: N/A
Design Assurance: Level 3
Mitigation of Other Attacks: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

The Duo Security Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to Duo Security's Two-Factor Authentication mobile application.

Tested Configuration(s)

Android 4.0 running on a Galaxy Nexus

Approved Algorithms

AES	Cert. #2125
CVL	Cert. #28
DRBG	Cert. #233
DSA	Cert. #666
ECDSA	Cert. #319
HMAC	Cert. #1296
RSA	Cert. #1094
SHS	Cert. #1849
Triple-DES	Cert. #1351

Other Algorithms

RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Software Versions

1.0

Vendor

Duo Security, Inc.
123 North Ashley Street
Suite 200
Ann Arbor, MI 48104
USA

Duo Mobile Security
mobilesec@duosecurity.com

Related Files

Security Policy
Consolidated Certificate

Validation History

Date	Type	Lab
7/7/2016	Initial	ACUMEN SECURITY, LLC