Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Understanding FIPS Mode Terminology and Supported Cryptographic Algorithms

 

Use the definitions of FIPS terms and supported algorithms to help you understand Junos OS in FIPS mode.

FIPS Terminology

Critical security parameter (CSP)Security-related information—for example, secret and private cryptographic keys and authentication data such as passwords and personal identification numbers (PINs)—whose disclosure or modification can compromise the security of a cryptographic module or the information it protects. For details, see Understanding the Operational Environment for Junos OS in FIPS Mode.
Cryptographic moduleThe set of hardware, software, and firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary. EX Series switches are certified at FIPS 140-2 Level 1. For fixed-configuration switches, the cryptographic module is the switch case. For modular switches, the cryptographic module is the Routing Engine.
Crypto OfficerPerson with appropriate permissions who is responsible for securely enabling, configuring, monitoring, and maintaining Junos OS in FIPS mode on a switch. For details, see Understanding Roles and Services for Junos OS in FIPS Mode.
ESPEncapsulating Security Payload (ESP) protocol. The part of the IPsec protocol that guarantees the confidentiality of packets through encryption. The protocol ensures that if an ESP packet is successfully decrypted, and no other party knows the secret key the peers share, the packet was not wiretapped in transit.
FIPSFederal Information Processing Standards. FIPS 140-2 specifies requirements for security and cryptographic modules. Junos OS in FIPS mode complies with FIPS 140-2 Level 1.
FIPS maintenance roleThe role the Crypto Officer assumes to perform physical maintenance or logical maintenance services such as hardware or software diagnostics. For FIPS 140-2 compliance, the Crypto Officer zeroizes the Routing Engine on entry to and exit from the FIPS maintenance role to erase all plain-text secret and private keys and unprotected CSPs.
Note

The FIPS maintenance role is not supported on Junos OS in FIPS mode.

HashingA message authentication method that applies a cryptographic technique iteratively to a message of arbitrary length and produces a hash “message digest” or “signature” of fixed length that is appended to the message when sent.
IKEThe Internet Key Exchange (IKE) is part of IPsec and provides ways to securely negotiate the shared private keys that the AH and ESP portions of IPsec need to function properly. IKE employs Diffie-Hellman key-exchange methods and is optional in IPsec. (The shared keys can be entered manually at the endpoints.)
IPsecThe IP Security (IPsec) protocol. A standard way to add security to Internet communications. IPsec security association (SA) is required on the switch to enable internal communication between the Routing Engine and PFE.

An IPsec SA is required for fixed-configuration switches running Junos OS in FIPS mode because the Routing Engine communicates with system processes through logical connections; therefore, the switch requires an internal, manual IPsec SA to protect those logical communications when the switch is running in FIPS mode. By default design, the switch has some innate characteristics of a master switch in a Virtual Chassis, and this use of logical communications is one such characteristic. In a multimember Virtual Chassis, the master switch’s Routing Engine would send control messages to the Routing Engines of the other member switches by using those built-in logical communications. Do not configure a Virtual Chassis in FIPS mode. Note, however, that the IPsec SA is required on your single switch to protect the built-in logical connections.

Note

Virtual Chassis features are not supported in FIPS mode—they have not been tested by Juniper Networks. Do not configure a Virtual Chassis in FIPS mode.

KATsKnown answer tests. System self-tests that validate the output of cryptographic algorithms approved for FIPS and test the integrity of some Junos OS modules. For details, see Understanding FIPS Self-Tests.
SASecurity association (SA). A connection between hosts that allows them to communicate securely by defining, for example, how they exchange private keys. As Crypto Officer, you must manually configure an internal SA on switches running Junos OS in FIPS mode. All values, including the keys, must be statically specified in the configuration. On switches with more than one Routing Engine, the configuration must match on both ends of the connection between the Routing Engines. For communication to take place, each Routing Engine must have the same configured options, which need no negotiation and do not expire. .
SPISecurity parameter index (SPI). A numeric identifier used with the destination address and security protocol in IPsec to identify an SA. Because you manually configure the SA for Junos OS in FIPS mode, the SPI must be entered as a parameter rather than derived randomly.
SSHA protocol that uses strong authentication and encryption for remote access across a nonsecure network. SSH provides remote login, remote program execution, file copy, and other functions. It is intended as a secure replacement for rlogin, rsh, and rcp in a UNIX environment. To secure the information sent over administrative connections, use SSHv2 for CLI configuration. In Junos OS, SSHv2 is enabled by default, and SSHv1, which is not considered secure, is disabled.
ZeroizationErasure of all CSPs and other user-created data on a switch before its operation as a FIPS cryptographic module—or in preparation for repurposing the switch for non-FIPS operation. The Crypto Officer can zeroize the system with a CLI operational command. For details, see Understanding Zeroization to Clear System Data for FIPS Mode.

Supported Cryptographic Algorithms

Each implementation of an algorithm is checked by a series of known answer test (KAT) self-tests. Any self-test failure results in a FIPS error state.

Best Practice

For FIPS 140-2 compliance, use only FIPS-approved cryptographic algorithms In Junos OS in FIPS mode.

The following cryptographic algorithms are supported in FIPS mode. Symmetric methods use the same key for encryption and decryption, while asymmetric methods (preferred) use different keys for encryption and decryption.

AESThe Advanced Encryption Standard (AES), defined in FIPS PUB 197. The AES algorithm uses keys of 128, 192, or 256 bits to encrypt and decrypt data in blocks of 128 bits.
Diffie-HellmanA method of key exchange across a nonsecure environment (such as the Internet). The Diffie-Hellman algorithm negotiates a session key without sending the key itself across the network by allowing each party to pick a partial key independently and send part of that key to the other. Each side then calculates a common key value. This is a symmetrical method—keys are typically used only for a short time, discarded, and regenerated.
ECDHElliptic Curve Diffie-Hellman. A variant of the Diffie-Hellman key exchange algorithm that uses cryptography based on the algebraic structure of elliptic curves over finite fields. ECDH allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. The shared secret can be used either as a key or to derive another key for encrypting subsequent communications using a symmetric key cipher.
ECDSAElliptic Curve Digital Signature Algorithm. A variant of the Digital Signature Algorithm (DSA) that uses cryptography based on the algebraic structure of elliptic curves over finite fields. The bit size of the elliptic curve determines the difficulty of decrypting the key. The public key believed to be needed for ECDSA is about twice the size of the security level, in bits. ECDSA using the P-256 curve can be configured under OpenSSH.
HMACDefined as “Keyed-Hashing for Message Authentication” in RFC 2104, HMAC combines hashing algorithms with cryptographic keys for message authentication. For Junos OS in FIPS mode, HMAC uses the iterated cryptographic hash functions SHA-1, SHA-256, and SHA-512 along with a secret key.
SHA-256 and SHA-512Secure hash algorithms (SHA) belonging to the SHA-2 standard defined in FIPS PUB 180-2. Developed by NIST, SHA-256 produces a 256-bit hash digest, and SHA-512 produces a 512-bit hash digest.
3DES (3des-cbc)Encryption standard based on the original Data Encryption Standard (DES) from the 1970s that used a 56-bit key and was cracked in 1997. The more secure 3DES is DES enhanced with three multiple stages and effective key lengths of about 112 bits. For Junos OS in FIPS mode, 3DES is implemented with cipher block chaining (CBC).

Related Documentation