Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Junos OS in FIPS Mode Overview

FIPS 140-3 defines security levels for the hardware and software that perform cryptographic functions. Enable FIPS mode from the Junos OS CLI to operate your devices in a FIPS 140-3 Level 1 environment.

The Security Administrator enables FIPS mode in Junos OS and sets up keys and passwords for the system and other FIPS users.

Cryptographic Boundary on Your Device

The cryptographic boundary is a clearly defined physical or logical perimeter that encompasses all components that are necessary for the secure operation of the cryptographic module. The components within a cryptographic boundary include processors, memory, interfaces, and any other hardware or software that contributes to the module's cryptographic functions.

FIPS 140-3 compliance requires a defined cryptographic boundary around each cryptographic module on a device. Junos OS in FIPS mode prevents the cryptographic module from running any software that is not a part of the FIPS-certified distribution. It allows only FIPS-approved cryptographic algorithms. No CSPs, such as passwords and keys, can cross the cryptographic boundary of the module in unencrypted format.

CAUTION:

FIPS mode does not support Virtual Chassis features. Avoid configuring Virtual Chassis in FIPS mode.

How FIPS Mode Differs from Non-FIPS Mode

Table 1 summarizes how Junos OS in FIPS mode differs from Junos OS in non-FIPS mode:

Table 1: FIPS Mode and Non-FIPS Mode Comparison
Features FIPS Mode Non-FIPS Mode
Self-tests of all cryptographic algorithms at startup Yes No
Self-tests of random number and key generation perform continuously Yes No
Weak cryptographic algorithms such as Data Encryption Standard (DES) and MD5 Not allowed Allowed
Weak, remote, or unencrypted management connections Not allowed Allowed

Local and unencrypted console access across all modes of operation

 Allowed Allowed
One-way algorithm used for password hashing Yes Yes
Administrator passwords with less than 10 characters length Not allowed Allowed
You must encrypt cryptographic keys before transmission Yes Not necessary

FIPS Terminology

Understand the FIPS-related terms and supported algorithms to perform tasks with Junos OS in FIPS mode.

Table 2: FIPS Terminology
Terminology Description
CSP

Critical security parameter (CSP) is security-related information. For example, secret and private cryptographic keys and authentication data such as passwords and personal identification numbers (PINs). The disclosure or modification of this information can compromise the security of a cryptographic module or the information that the module protects. For details, see Critical Security Parameters in FIPS Mode.
Cryptographic module

The set of hardware, software, and firmware that implements approved security functions (including cryptographic algorithms and key generation) is contained within within a defined boundary. Cryptographic module is validated to meet specific security requirements.
FIPS

Federal Information Processing Standard (FIPS) 140-3 specifies the requirements for security and cryptographic modules. Junos OS in FIPS mode complies with FIPS 140-3 Level 1.
Hashing

A message authentication method that applies a cryptographic technique iteratively to a message of arbitrary length and produces a hash message digest or signature of a fixed length that is then appended to the sent message.
KAT

Known answer test (KAT) is the system self-tests that validate the output of cryptographic algorithms approved for FIPS and verify the integrity of some Junos OS modules. For details, see Known Answer Test (KAT).
NDcPP Collaborative Protection Profile for Network Devices (NDcPP) is a set of security requirements and guidelines designed to ensure the security and robustness of network devices. These devices include routers, switches, firewalls, and other hardware that manage network traffic.
Security Administrator A user with appropriate permissions who is responsible for securely enabling, configuring, monitoring, and maintaining Junos OS in FIPS mode of operation on a device. For details, see FIPS Mode Roles and Services for Junos OS.
SSH Secure Shell (SSH) is a protocol that uses strong authentication and encryption for remote access across a non-secure network. SSH provides remote login, remote program execution, file copy, and other functions. The protocol is intended as a secure replacement for rlogin, rsh, and rcp in a UNIX environment. To secure the information sent over administrative connections, use SSHv2 for CLI configuration. By default, Junos OS enables SSHv2 and disables SSHv1 because of security concerns.
Zeroization

Zeroizing a device erase all CSPs and other user-created data on the device before its operation as a FIPS cryptographic module or in preparation for repurposing the devices for non-FIPS operation. See Zeroize the System to Clear System Data for FIPS Mode.

Cryptographic Algorithms and Protocols Supported in FIPS Mode

Table 3 lists the cryptographic algorithms and protocols supported on your device in FIPS mode.

Table 3: Cryptographic Algorithms and Protocols Supported in FIPS Mode

Protocol

Key Exchange

Authentication

Cipher

Integrity

SSHv2

  • ECDH-sha2-nistp256

  • ECDH-sha2-nistp384

  • ECDH-sha2-nistp521

Host (module):

  • ECDSA P-256

  • SSH-RSA

Client (user):

  • ECDSA P-256

  • ECDSA P-384

  • ECDSA P-521

  • SSH-RSA

  • RSA-SHA2-256
  • RSA-SHA2-512

  • AES CTR 128

  • AES CTR 256

  • AES CBC 128

  • AES CBC 256

  • HMAC-SHA-1

  • HMAC-SHA-256

  • HMAC-SHA-512

Table 4 summarizes the details of supported cryptographic algorithms in FIPS mode. Symmetric methods use the same key for encryption and decryption, whereas asymmetric methods use different keys for encryption and decryption.

Table 4: Supported Cryptographic Algorithms

Cryptographic Algorithms

Description

AES

Advanced Encryption Standard (AES) algorithm is defined in FIPS PUB 197. The AES algorithm uses keys of 128 or 256 bits to encrypt and decrypt data in blocks of 128 bits.

ECDH

Elliptic Curve Diffie-Hellman (ECDH) is a variant of the Diffie-Hellman key exchange algorithm that uses cryptography based on the algebraic structure of elliptic curves over finite fields. ECDH enables two parties, both possessing an elliptic curve public-private keypair, to create a shared secret over an insecure channel. You can use the shared secret as a key or to derive another key for encrypting subsequent communications using a symmetric key cipher.

ECDSA

Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) that uses cryptography based on the algebraic structure of elliptic curves over finite fields. The bit size of the elliptic curve determines the difficulty of decrypting the key. The public key believed to be needed for ECDSA is about twice the size of the security level, in bits. You can configure ECDSA using the P-256, P-384, and P-521 curves under OpenSSH.

HMAC

Hash-based Message Authentication Code (HMAC) defined as “Keyed-Hashing for Message Authentication” in RFC 2104. HMAC combines hashing algorithms with cryptographic keys for message authentication. For Junos OS in FIPS mode, HMAC uses the iterated cryptographic hash functions SHA-1, SHA-256, and SHA-512 along with a secret key.

SHA-256 and SHA-512

Secure hash algorithm (SHA) belonging to the SHA-2 standard defined in FIPS PUB 180-2. Developed by National Institute of Standards and Technology (NIST), SHA-256 produces a 256-bit hash digest and SHA-512 produces a 512-bit hash digest.