Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Services for Junos OS in FIPS Mode of Operation

All services implemented by the module are listed in the tables that follow.

Understanding Authenticated Services

Table 1 lists the authenticated services on the device running Junos OS.

Table 1: Authenticated services

Authenticated Services

Description

Security Administrator

User (read-only)

User (network)

Configure security

Security relevant configuration

x

Configure

Non-security relevant configuration

x

Secure traffic

IPsec protected routing

x

Status

Display the status

x

x

Zeroize

Destroy all critical security parameters (CSPs)

x

SSH connect

Initiate SSH connection for SSH monitoring and control (CLI)

x

x

IPsec connect

Initiate IPsec connection (IKE)

x

x

Console access

Console monitoring and control (CLI)

x

x

Remote reset

Software-initiated reset

x

Table 2: Unauthenticated traffic

Service

Description

Local reset

Hardware reset or power cycle

Traffic

Traffic requiring no cryptographic services

Critical Security Parameters

Critical security parameters (CSPs) are security-related information such as cryptographic keys and passwords that can compromise the security of the cryptographic module or the security of the information protected by the module if they are disclosed or modified.

Zeroization of the system erases all traces of CSPs in preparation for operating the device as a cryptographic module.

Critical Security Parameters lists the CSP access rights within services.

Table 3: CSP Access Rights Within Services

Service

CSPs

DRBG_Seed

DRBG_State

SSH PHK

SSH DH

SSH-SEK

ESP-SEK

Configure security

E

G, W

Configure

Secure Traffic

E

Status

Zeroize

Z

Z

Z

Z

Z

Z

SSH connect

E

E

G, E

G, E

IPSec connect

E

G

Console access

Remote reset

G, E

G

Z

Z

Z

Local Reset

G, E

G

Z

Z

Z

Traffic

Keys/CSPs

CSPs

DRBG_Seed

DRBG_State

SSH PHK

SSH DH

SSH-SEK

ESP-SEK

Configure security

E

G, W

Configure

Secure Traffic

E

Status

Zeroize

Z

Z

Z

Z

Z

Z

SSH connect

E

E

G, E

G, E

IPSec connect

E

G

Console access

Remote reset

G, E

G

Z

Z

Z

Local Reset

G, E

G

Z

Z

Z

Traffic

Here:

  • G = Generate: The device generates the CSP.

  • E = Execute: The device runs using the CSP.

  • W = Write: The CSP is updated or written to the device.

  • Z = Zeroize: The device zeroizes the CSP.

Table 4: Cryptographic Key Destruction

Service

Purpose

Storage Location

Method of Zeroization

SSH Private Host Key

Generated with the random number generator when the SSH is first set up. Used to identify the host. ecdsa-sha2-nistp256 (ECDSA P‐256, ECDSA P-384, ECDSA P-521) and/or ssh-rsa (RSA 2048)

Plaintext on the virtual disk.

When the TOE is recommissioned, the config files (including CSP files) are removed using the Linux shred command to wipe the persistent storage media.

SSH Private Host Key

Loaded into memory to complete session establishment

Plaintext in volatile memory.

The TOE calls bzero() at session termination. The hypervisor erases the released memory before it is placed in the free pool.

SSH Session Key

Session keys used with SSH, AES 128, 256, hmac-sha-1, hmac-sha2-256 or hmac-sha2-512 key (160, 256 or 512), DH Private Key (2048 or elliptic curve 256/384/521-bits)

Plaintext in volatile memory

The TOE calls bzero() at session termination. The hypervisor erases the released memory before it is placed in the free pool.

RNG state

Internal state and seed key of the RNG

Plaintext in volatile memory

Handled by kernel, overwritten with zeros at reboot.

IKE Private Host Key

Private authentication key used in IKE. RSA 2048, ECDSA P‐256, ECDSA P‐384

Plaintext in virtual disc or in flash memory

Erased by the Administrator issuing clear security IKE security-association command or zeroized at rebooting the TOE.

Private keys stored in flash are not zeroized unless an explicit request system zeroize command is executed

IKE-SKEYID

IKE master secret used to derive IKE and IPsec ESP session keys

Plaintext in volatile memory

Erased by the Administrator issuing clear security IKE security-association command or zeroized at rebooting the TOE.

IKE Session Key

IKE Session keys. AES, HMAC

Plaintext in volatile memory

Erased by the Administrator issuing clear security IKE security-association command or zeroized at rebooting the TOE.

ESP Session Key

ESP Session Keys. AES, HMAC

Plaintext in volatile memory

Erased by the Administrator issuing clear security ipsec security-association command or zeroized at rebooting the TOE.

IKE-DH Private Exponent

Ephemeral DH private exponent used in IKE. DH N = 224 bit, ECDH P‐256, or ECDH P‐384

Plaintext in volatile memory

Erased by the Administrator issuing clear security IKE security-association command or zeroized at rebooting the TOE.

IKE-PSK

Pre-shared authentication key used in IKE

Hashed in virtual disc or flash memory

Erased by Administrator issuing a clear security IKE security-association command or zeroized at rebooting the TOE.

Keys stored in flash are not zeroized unless an Administrator issues a request system zeroize command.

ecdh private keys

Loaded into memory to complete key exchange in session establishment

Plaintext in volatile memory

The TOE calls bzero() at session termination. The hypervisor erases the released memory before it is placed in the free pool.