- Introduction
- Terminology
- How InfiniBox uses CSPs
- Operational implications of FIPS mode
- Self tests
- Frequently Asked Questions
- Is there a performance penalty when running in FIPS mode?
- Can administrators enable FIPS by themselves?
- How can an administrator know the transition was successful?
- Once a system is in FIPS mode, how does it prevent a non-FIPS node entering the cluster?
- Does InfiniBox comply with NIST Special Publication SP-800-xx ?
- What ciphers are supported in FIPS mode?
- What about future versions and future hardware models?
Introduction
InfiniBox offers two security-modes of operation:
- STANDARD - backwards compatible to previous versions
- FIPS1 - complies with all FIPS 140-2 level 1 requirements
An InfiniBox system that operates in FIPS mode uses the Infinidat Cryptographic Module (CM) to achieve compliance with all FIPS 140-2 level 1 requirements. Systems can transition between the 2 modes non-disruptively
The CM is the service that provides all the cryptographic functions and self-tests required to comply with FIPS requirements.
The module is isolated and has clearly defined APIs to minimize and control the amount of changes that go into it to minimize the risk of introducing new vulnerabilities.
Terminology
CSP | Critical Security Parameter |
CSR | Certificate Sign Request |
Entropy | Random numeric values that are collected for use in cryptography and other random data-based usages. |
DRBG / DRNG | Deterministic Random Bit / Number Generator |
PRF | Pseudo Random Function |
KDF | Key Derivation Function |
CM | Cryptographic Module |
Key | A high-entropy string of bits used for authentication / encryption or any other cryptographic use case. |
Salt | A random number added to the KDF to add entropy to the resulting key. |
Seed | A random number used as an input for a KDF to generate (seed) its initial entropy level. |
Nonce | A number only used once. |
DEK | Data Encryption Key |
AK | Authentication Key |
SED | Self Encrypting Drives
|
KEK | Key Encryption Key |
TPM | Trusted Platform Module |
How InfiniBox uses CSPs
Below is the list of CSPs used by the system in each use case:
Use case | Details | CSP use |
---|---|---|
Dirty Data (Write cache) | Data written to RAM and not yet destaged to persistent media. | DEK |
SSD Drives | SED Authentication | AK |
Enclosure Drives | SED Authentication | AK |
API / web server | TLS is used to secure the communication channel. | DEK |
Cryptographic key generation
The CSPs that are used by the CM are 256 bit long. The CSP are used by a FIPS-approved algorithm whether in FIPS mode or in STANDARD mode.
InfiniBox leverages a single seed and an approved key-based KDF (KBKDF) to generate all the keys required. This increases the protection of the keys as they are never stored. Instead only the seed needs to be stored in a protected mode.
Persistent CSP storage
When in FIPS mode, InfiniBox uses the TPM in each of the nodes to securely store the seed (3 separate copies).
Each TPM generates its own KEK to protect the keys, and is password protected.
For each node (globally) the TPM will have a different KEK and different credentials
In memory key storage
In-memory, the seed is only stored within the process that uses it and is not accessible by other processes.
Protecting CSPs from side-channel attack vectors
InfiniBox does not allow running 3rd party code inside the controllers to further protect CSPs.
Key Zeroization
All the in-memory keys are zeroed upon shutting down the node / system.
Persistent keys are zeroed by resetting the TPM to its factory defaults.
Key characteristics
All CSPs used for storing data are 256bit long, and HTTPS certificates generated by InfiniBox (during a Certificate Sign Request) are 2048bit by default. External certificates can be uploaded with other characteristics as long as:
- They are uploaded in pem format
- In FIPS1 mode, the certificate must use a cypher supported in FIPS mode (see the security policy for details of supported cyphers)
All keys are generated using an approved algorithm and using an approved entropy source.
Each CSP is used for only one purpose (either a salt, a seed, a Nonce or a key) and only for one use case (e.g. for SEDs, each drive gets a unique key).
Operational implications of FIPS mode
Node activation
When an InfiniBox node is activated, it inherits the entire security configuration from the active nodes in the cluster over a secure channel.
Upon node activation, the CM undergoes a series of power-on self tests. Only once these tests are successful the CM starts providing cryptographic functionality.
If a CM fails these self-tests in the activated node, it will not provide cryptographic functions on this node (as required by the FIPS standard), and the cluster manager will try to automatically restart a few times to resolve this issue without user intervention. If several restarts fail to solve the issue, the issue will be reported to the user via an alert for user intervention.
Node Deactivation
When a node is deactivated, its keys are shredded by resetting the TPM to its factory settings.
FRU operations
Throughout its life cycle, the nodes and each of its components (including local drives and SSD drives, TPM or other components) may need a maintenance operation.
All maintenance operations are implemented in a way that will preserve the integrity of the CM and CSPs:
- A replaced node will inherit the entire image of the InfiniBox OS and CM configuration from the existing node, preventing any tempering during its delivery from affecting the cluster
- A replaced component within the same node will inherit the security settings of the node (e.g. a new SSD drive will cause a new key to be generated and applied to the drive)
Feature activation
Systems are shipped by default in STANDARD security mode. Any InfiniBox system running version 5.0.10 can be non-disruptively moved into the FIPS security mode on a per-node basis.
Until all nodes are activated (during the transition) the system will report its security mode as being "IN_TRANSITION" indicating that not all nodes have completed the transition to FIPS mode.
Once all nodes pass their self-tests and are successfully activated, the system will report it is running in FIPS mode.
To enable FIPS mode please contact Infinidat Support.
Feature Deactivation
Deactivating FIPS mode is similar to activating the feature (non-disruptively). To deactivate FIPS mode, please contact Infinidat Support.
Replacing Self Encrypting Drive keys
The seed and all derived keys of Self Encrypting Drives (SEDs) can be changed in the event of:
- Customer request due to their security policy (please contact Infinidat Support)
- 1st activation of FIPS mode. Since all CSPs were generated before FIPS mode was activated, they need to be regenerated using the approved algorithm.
Self tests
Types of tests
The CM implements both power up self tests and conditional tests as required by the FIPS standard.
Power up self tests
Occurs during CM initialization. If the tests fail, the CM will not start and will not provide cryptographic functions (State = ERROR).
To avoid this, the InfiniBox OS will retry the power-up self tests several times. The use of a hardware source of entropy reduces this risk substantially.
Conditional self-tests
Occurs when a random number is generated (e.g. when enabling encryption). If these tests fail, enabling encryption will fail with an error message. Using a hardware entropy source reduces this risk substantially.
Reporting on the test results
The test results are visible on the InfiniBox GUI / CLI / API via the Event Log and can also be sent out through SNMP, SMTP or SysLog interfaces.
A failed power-up self test will be retried automatically, and each attempt (successful or failed) will be reported in the Event Log.
FIPS Best Practices
To simplify monitoring the adherence to best practices to secure the system, InfiniBox also offers an automated checklist of all our recommended best practices that immediately show the administrator any gaps between best practices and the current system configuration.
For example, a system configured to allow HTTP administrative access is not following best practices.
To check the best-practices alignment of your system (once FIPS mode is activated) go to the health screen (and look at the FIPS Best Practices menu) or use the CLI command system.fips_best_practice_check
Frequently Asked Questions
Is there a performance penalty when running in FIPS mode?
None that Infinidat has been able to identify, as encryption is based on SEDs.
Can administrators enable FIPS by themselves?
No: this is a technician operation. For new systems, installed with release 5.0.10 or higher, this will be done during the installation process.
How can an administrator know the transition was successful?
As long as the transition has not completed, the GUI and system.info CLI command will show the security state as being "IN_TRANSITION".
Once the transition is complete a FIPS icon will appear in the dashboard, and the system.info command will show the security state as FIPS1
Once a system is in FIPS mode, how does it prevent a non-FIPS node entering the cluster?
The system handles that automatically: a node will not be allowed to join the system if it is not in the right security mode and has not passed the required self-tests
Does InfiniBox comply with NIST Special Publication SP-800-xx ?
As part of FIPS certification, InfiniBox complies with the following Special publications:
- SP-800-90A - Recommendation for Random Number Generation Using Deterministic Random Bit Generators
- SP-800-108 - Recommendation for Key Derivation Using Pseudorandom Functions
- SP-800-88 - Guidelines for Media Sanitization Note: this is guaranteed for enclosure drives and SSDs, as well as dirty data written to the local drives.
This also applies to InfiniGuard running InfiniBox OS version 5.0.10 or above in FIPS mode
What ciphers are supported in FIPS mode?
InfiniBox ciphers are listed in the Security Policy (SP), which is posted on the NIST website.
What about future versions and future hardware models?
Both will inherit the FIPS certification, and re-certification will be performed periodically as needed.
Infinidat will avoid making changes to the cryptographic module, except when new vulnerabilities require patching.
In this case Infinidat will follow NIST guidelines on how to certify these changes.
Last edited: 2021-11-17 17:08:10 UTC
Comments