Understanding the Operational Environment for Junos OS in FIPS Mode
A Juniper Networks device running the Junos operating system (Junos OS) in FIPS mode forms a special type of hardware and software operational environment that is different from the environment of a device in non-FIPS mode:
Hardware Environment for Junos OS in FIPS Mode
Junos OS in FIPS mode establishes a cryptographic boundary in the device that no critical security parameters (CSPs) can cross using plain text. Each hardware component of the device that requires a cryptographic boundary for FIPS 140-3 compliance is a separate cryptographic module.
Cryptographic methods are not a substitute for physical security. The hardware must be located in a secure physical environment. Users of all types must not reveal keys or passwords, or allow written records or notes to be seen by unauthorized personnel.
Software Environment for Junos OS in FIPS Mode
A Juniper Networks device running Junos OS in FIPS mode forms a special type of non-modifiable operational environment. To achieve this environment on the device, the system prevents the execution of any binary file that was not part of the certified Junos OS distribution. When a device is in FIPS mode, it can run only Junos OS.
The Junos OS in FIPS mode software environment is established after the Crypto Officer successfully enables FIPS mode on the device. The Junos OS image that includes FIPS package is available on the Juniper Networks website and can be installed on your device.
For FIPS 140-3 compliance, we recommend that you delete all user-created files and data by (zeroizing) the device before enabling FIPS mode.
Enabling FIPS mode disables many of the usual Junos OS protocols and services. In particular, you cannot configure the following services in Junos OS in FIPS mode:
finger
ftp
rlogin
telnet
tftp
xnm-clear-text
Attempts to configure these services, or load configurations with these services configured, result in a configuration syntax error. You can use only SSHv2 as a remote access service.
All passwords established for users after upgrading to Junos OS in FIPS mode must conform to Junos OS in FIPS mode specifications. Passwords must be between 10 and 20 characters in length and require the use of at least three of the five defined character sets (uppercase and lowercase letters, digits, punctuation marks, and keyboard characters, such as % and &, not included in the other four categories). Attempts to configure passwords that do not conform to these rules result in an error. All passwords and keys used to authenticate peers must be at least 10 characters in length, and in some cases the length must match the digest size.
Do not attach the device to a network until the Crypto Officer completes the configuration from the local console connection.
Critical Security Parameters
Critical security parameters (CSPs) are security-related information such as cryptographic keys and passwords that can compromise the security of the cryptographic module or the security of the information protected by the module if they are disclosed or modified.
Zeroization of the system erases all traces of CSPs in preparation for operating the device or Routing Engine as a cryptographic module.
Table 1 lists CSPs on devices running Junos OS.
|
CSP |
Description |
Zeroization Method |
Use |
|---|---|---|---|
|
SSHv2 private host key |
ECDSA / RSA key used to identify the host, generated the first time SSH is configured. |
Zeroize command. |
Used to identify the host. |
|
SSHv2 session key |
Session key used with SSHv2. and as a Diffie-Hellman private key. Encryption: AES-128, AES-192, and AES-256. MACs: HMAC-SHA-1, HMAC-SHA-2-256, and HMAC-SHA2-512. Key exchange: ECDH-sha2-nistp256, ECDH-sha2-nistp384, and ECDH-sha2-nistp521. |
Power cycle and terminate session. |
Symmetric key used to encrypt data between host and client. |
|
User authentication key |
Hash of the user’s password: SHA-256, SHA-512. |
Zeroize command. |
Used to authenticate a user to the cryptographic module. |
|
Crypto Officer authentication key |
Hash of the Crypto Officer’s password: SHA-256, SHA-512. |
Zeroize command. |
Used to authenticate the Crypto Officer to the cryptographic module. |
|
HMAC DRBG seed |
Seed for deterministic randon bit generator (DRBG). |
Seed is not stored by the cryptographic module. |
Used for seeding DRBG. |
|
HMAC DRBG V value |
The value (V) of output block length (outlen) in bits, which is updated each time another outlen bits of output are produced. |
Power cycle. |
A critical value of the internal state of DRBG. |
|
HMAC DRBG key value |
The current value of the outlen-bit key, which is updated at least once each time that the DRBG mechanism generates pseudorandom bits. |
Power cycle. |
A critical value of the internal state of DRBG. |
|
NDRNG entropy |
The NDRNG provides 448 bits of entropy collected per NIST SP 800-90B. Note:
The NDRNG provides 448 bits of entropy collected per NIST SP 800-90B from the Junos kernel software entropy source to seed the DRBG. The entropy is conditioned using a vetted conditioning component (SHA-512) and reseeds the DRBG whenever an additional 448 bits of entropy have been collected. |
Power cycle. |
A critical value of the internal state of DRBG. |
|
MACsec PSK |
Input into the device via console port or SSH connection. |
Zeroize command. |
Credential used for device to device authentication. |
|
MACsec CAK |
Entered as a Pre-Shared Key. |
Zeroize command. |
A secret key possessed by members of a MACSec connectivity association. |
|
MACsec CKN |
Entered as a Pre-Shared Key. |
Zeroize command. |
Connectivity Key Name: Identifies the CAK. |
|
MACsec SAK |
Derived from the CAK using Sp800-108 KDF. |
Zeroize command. |
Security Association Key. Used for creating SA for encryption / dencryption MACsec traffic. AES GCM (128, 256 bits) |
|
MACsec KEK |
Derived from the CAK using Sp800-108 KDF. |
Zeroize command. |
Used to transmit SAKs to other members of a MACSec connectivity association. |
|
MACsec ICK |
Derived from the CAK using Sp800-108 KDF. |
Zeroize command. |
Used to verify the integrity and authenticity of MPDUs. |
In Junos OS in FIPS mode, all CSPs must enter and leave the cryptographic module in encrypted form. Any CSP encrypted with a non-approved algorithm is considered plain text by FIPS. .
For FIPS compliance, configure the device over SSH connections because they are encrypted connections.
Local passwords are hashed with the SHA-256, or SHA-512 algorithm . Password recovery is not possible in Junos OS in FIPS mode. Junos OS in FIPS mode cannot boot into single-user mode without the correct root password.