DSD approval for the use of Suite B cryptography for CONFIDENTIAL and above
- Suite B is a set of public domain cryptographic algorithms and associated parameters providing key agreement, digital signature, confidentiality and message digest functionality.
- In the September 2012 edition of the Australian Government Information Security Manual (ISM), DSD explicitly approved and detailed the use of Suite B algorithms to protect information classified CONFIDENTIAL and above.
Approved algorithms and parameters
- The following table details the DSD-endorsed Suite B algorithms and the associated parameters required to protect, CONFIDENTIAL, SECRET and TOP SECRET information.
|Function||Cryptographic algorithm or protocol||Applicable standards||Requirements for information classified up to SECRET||Requirements for information classified TOP SECRET|
|Encryption||Advanced Encryption Standard (AES)||FIPS 197||128-bit key
|Hashing||Secure Hash Algorithm (SHA)||FIPS 180-3||SHA-256
|Digital signature||Elliptic Curve Digital Signature Algorithm (ECDSA)||FIPS 186-3
|Key exchange||Elliptic Curve Diffie-Hellman (ECDH)||SP 800-56A
- In accordance with the ISM, agencies wishing to use a cryptographic product to protect information classified below CONFIDENTIAL may use a Common Criteria-evaluated product, supplemented by a DSD cryptographic evaluation if used at the PROTECTED level. To protect information classified CONFIDENTIAL or above, agencies must use a product that has been endorsed by DSD for that purpose.
- DSD's Evaluated Products List has details of some products suitable for protecting information classified CONFIDENTIAL and above. You can obtain further information by contacting DSD directly.
- Additional guidance can be found in the Australian Government Information Security Manual.
Australian government customers with questions regarding this advice can contact ASD Advice and Assistance.