How can you select the cryptographic mechanism best suited to your needs and size it correctly so that it meets your security objectives?
That is precisely the purpose of two guides published by ANSSI for designers, software vendors, integrators, and security managers. In practical terms, they help you:
- identify which mechanisms to use depending on the intended purpose
- understand and apply the minimum robustness requirements expected
- avoid weak or already outdated technical choices
For SPAC Alliance, these resources provide a useful reference framework for many aspects of physical security, including the high-security SSCP communication protocol.
Rules and Recommendations for the Selection and Sizing of Cryptographic Mechanisms
The guide Rules and Recommendations for the Selection and Sizing of Cryptographic Mechanisms (V3 – March 2026, in french only) is intended for a fairly technical audience. It serves several purposes:
- to explain the rules and recommendations applicable to the main cryptographic mechanisms
- to properly size the required robustness level of those mechanisms
- to apply the minimum requirements and recommendations needed to remain aligned with the state of the art
This latest version also takes post-quantum threats into account and provides practical guidance on key sizes, message integrity protection, long-term security horizons, and the target security level depending on the intended use.
Guide to Selecting Cryptographic Algorithms
This Guide to Selecting Cryptographic Algorithms (V1 – March 2021, in french only) helps users choose the right mechanism depending on the intended security objective.
It explains the different strategies involved (symmetric and asymmetric), hash functions, as well as random generation mechanisms used in keys. It also highlights several essential best practices.
For a non-specialist reader, this first guide serves as a useful compass. It helps clarify the purpose of each family of mechanisms and supports sound decision-making.
Cryptography and Physical Security – The SSCP Communication Protocol
Not all access control systems offer the same level of security. The level of data protection depends largely on the cryptographic mechanisms in place:
- At the credential level: obsolete technologies (125 kHz, 3DES) versus 13.56 MHz credentials certified under ISO/IEC 14443
- At the reader level: storage in a certified secure element – or not
- At the communication protocol level: no encryption with Wiegand versus a high-security protocol such as SSCP, promoted by SPAC Alliance
A modern access control system must ensure the confidentiality, integrity, and authenticity of communications. It must also rely on robust mechanisms, rigorous key management, and a communication protocol aligned with the threat level. The recommendations set out in these ANSSI guides (a founding member of SPAC Alliance) are fully reflected in the development of the SSCP communication protocol:
- Confidentiality: AES-128 encryption
- Integrity and authenticity: HMAC-SHA-256
