Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Understanding Common Criteria and FIPS Terminology and Supported Cryptographic Algorithms

 

Use the definitions of Common Criteria and FIPS terms, and supported algorithms to help you understand Junos OS in FIPS mode.

Terminology

Common CriteriaCommon Criteria for information technology is an international agreement signed by several countries that permits the evaluation of security products against a common set of standards.
Security AdministratorFor Common Criteria, user accounts in the TOE have the following attributes: user identity (user name), authentication data (password), and role (privilege). The Security Administrator is associated with the defined login class “security-admin”, which has the necessary permission set to permit the administrator to perform all tasks necessary to manage the Junos OS.
NDcPPCollaborative Protection Profile for Network Devices, version 2.1.
Critical security parameter (CSP)Security-related information—for example, secret and private cryptographic keys and authentication data such as passwords and personal identification numbers (PINs)—whose disclosure or modification can compromise the security of a cryptographic module or the information it protects. For details, see Understanding the Operational Environment for Junos OS in FIPS Mode.
Cryptographic moduleThe set of hardware, software, and firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary. MX104 devices are certified at FIPS 140-2 Level 1.
ESPEncapsulating Security Payload (ESP) protocol. The part of the IPsec protocol that guarantees the confidentiality of packets through encryption. The protocol ensures that if an ESP packet is successfully decrypted, and no other party knows the secret key the peers share, the packet was not wiretapped in transit.
FIPSFederal Information Processing Standards. FIPS 140-2 specifies requirements for security and cryptographic modules. Junos OS in FIPS mode complies with FIPS 140-2 Level 1.
FIPS maintenance roleThe role the Security Administrator assumes to perform physical maintenance or logical maintenance services such as hardware or software diagnostics. For FIPS 140-2 compliance, the Security Administrator zeroizes the Routing Engine on entry to and exit from the FIPS maintenance role to erase all plain-text secret and private keys and unprotected CSPs.
Note

The FIPS maintenance role is not supported on Junos OS in FIPS mode.

IKEThe Internet Key Exchange (IKE) is part of IPsec and provides ways to securely negotiate the shared private keys that the AH and ESP portions of IPsec need to function properly. IKE employs Diffie-Hellman key-exchange methods and is optional in IPsec. (The shared keys can be entered manually at the endpoints.)
KATsKnown answer tests. System self-tests that validate the output of cryptographic algorithms approved for FIPS and test the integrity of Junos OS modules. For details, see Performing Self-Tests on a Device.
SSHA protocol that uses strong authentication and encryption for remote access across a nonsecure network. SSH provides remote login, remote program execution, file copy, and other functions. It is intended as a secure replacement for rlogin, rsh, and rcp in a UNIX environment. To secure the information sent over administrative connections, use SSHv2 for CLI configuration. In Junos OS, SSHv2 is enabled by default, and SSHv1, which is not considered secure, is disabled.
ZeroizationErasure of all CSPs and other user-created data on device before its operation as a FIPS cryptographic module or in preparation for repurposing the device for non-FIPS operation. The Security Administrator can zeroize the system with a CLI operational command.

Supported Cryptographic Algorithms

Table 1 summarizes the high level protocol algorithm support.

Table 1: Protocols Allowed in FIPS Mode

Protocol

Key Exchange

Authentication

Cipher

Integrity

IKEv1/v2

  • Group14(modp2048)

    Group 19 (P-256)

    Group 20 (P-384)

  • RSA 2048

    RSA 4096

    Pre-SharedKey

    ECDSAP-256

    ECDSAP-384

  • AES CBC 128

    AES CBC 192

    AES CBC 256

  • HMAC-SHA-1

    HMAC-SHA-256-128

    HMAC-SHA-384-192

IPsec ESP

IKEv1/v2with optional:

  • Group14(modp2048)

    Group 19 (P-256)

    Group 20 (P-384)

  • IKEv1/v2

  • AES CBC 128

  • AES CBC 192

  • AES CBC 256

  • AES 128 GCM

  • AES 192 GCM

  • AES 256 GCM

  • HMAC-SHA-256-128

SSHv2

  • dh-group14-sha1

  • ECDH-sha2-nistp256

  • ECDH-sha2-nistp384

  • ECDH-sha2-nistp521

Host (module):

  • ECDSA P-256

  • SSH-RSA

Client (user):

  • ECDSA P-256

  • ECDSA P-384

  • ECDSA P-521

  • SSH-RSA

  • AES CTR 128

  • AES CTR 256

  • AES CBC 128

  • AES CBC 256

  • HMAC-SHA-1

  • HMAC-SHA-256

  • HMAC-SHA-512

Each implementation of an algorithm is checked by a series of known answer test (KAT) self-tests. Any self-test failure results in a FIPS error state.

The following cryptographic algorithms are supported in FIPS mode. Symmetric methods use the same key for encryption and decryption, while asymmetric methods use different keys for encryption and decryption.

AESThe Advanced Encryption Standard (AES), defined in FIPS PUB 197. The AES algorithm uses keys of 128 or 256 bits to encrypt and decrypt data in blocks of 128 bits.
ECDHElliptic Curve Diffie-Hellman. A variant of the Diffie-Hellman key exchange algorithm that uses cryptography based on the algebraic structure of elliptic curves over finite fields. ECDH allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. The shared secret can be used either as a key or to derive another key for encrypting subsequent communications using a symmetric key cipher.
ECDSAElliptic Curve Digital Signature Algorithm. A variant of the Digital Signature Algorithm (DSA) that uses cryptography based on the algebraic structure of elliptic curves over finite fields. The bit size of the elliptic curve determines the difficulty of decrypting the key. The public key believed to be needed for ECDSA is about twice the size of the security level, in bits. ECDSA using the P-256, P-384, and P-521 curves can be configured under OpenSSH.
HMACDefined as “Keyed-Hashing for Message Authentication” in RFC 2104, HMAC combines hashing algorithms with cryptographic keys for message authentication. For Junos OS in FIPS mode, HMAC uses the iterated cryptographic hash functions SHA-1, SHA-256, and SHA-512 along with a secret key.
SHA-256 and SHA-512Secure hash algorithms (SHA) belonging to the SHA-2 standard defined in FIPS PUB 180-2. Developed by NIST, SHA-256 produces a 256-bit hash digest, and SHA-512 produces a 512-bit hash digest.