1. INFINIDAT Support
  2. InfiniBox
  3. Authentication and security
FIPS Cryptography module

Follow

Introduction

InfiniBox offers two security-modes of operation:

  • STANDARD - backwards compatible to previous versions
  • FIPS1 - complies with all FIPS 140-2 level 1 requirements

An InfiniBox system that operates in FIPS mode uses the Infinidat Cryptographic Module (CM) to achieve compliance with all FIPS 140-2 level 1 requirements. Systems can transition between the 2 modes non-disruptively
The CM is the service that provides all the cryptographic functions and self-tests required to comply with FIPS requirements.
The module is isolated and has clearly defined APIs to minimize and control the amount of changes that go into it to minimize the risk of introducing new vulnerabilities.

Terminology


CSP

Critical Security Parameter
The data that is used in the encryption process: cryptographic keys, passwords, security codes and Personal Identification Numbers (PIN) etc.

CSR

Certificate Sign Request
A secure process of generating a certificate where the private keys never leave the target server.

Entropy

Random numeric values that are collected for use in cryptography and other random data-based usages.
Entropy sources can come from hardware (usually higher level of entropy) or software (lower entropy, pseudo-random).
InfiniBox relies on a HW source of entropy provided by the Intel CPU.

DRBG / DRNG

Deterministic Random Bit / Number Generator
A deterministic process of taking entropy data and generating random numbers for use in CSPs.

PRF

Pseudo Random Function
A mathematical function that converts a seed (random number) and additional inputs into a new random number with a high level of entropy.

KDF

Key Derivation Function
An approved mathematical means that generates new key based on the existing key (seed) and additional information using PRF.

CM

Cryptographic Module
The FIPS 140-2 certified module that provides the cryptographic functions of InfiniBox.

Key

A high-entropy string of bits used for authentication / encryption or any other cryptographic use case.
Each key is only used for one purpose as required by the FIPS standard.

Salt

A random number added to the KDF to add entropy to the resulting key.

Seed

A random number used as an input for a KDF to generate (seed) its initial entropy level.

Nonce

A number only used once.
The Nonce is used by KDF when generating a new Key, making sure the same input parameters will not generate the same key each time.

DEK

Data Encryption Key
A key that is used for encrypting user data.

AK

Authentication Key
A set of credentials used to authenticate in the context of this document, refers to the authentication credentials required to access Self Encrypting Drives (SEDs).

SED

Self Encrypting Drives
Drives that comply with the TCG SED standard and provide separation of DEK and AK.
Benefits:

  • The AK can be changed periodically without having to re-encrypt the entire dataset
  • Purging all the data on the drive can be achieved instantly using Cryptographic Erase (CE). a process that shreds the DEK and renders all the data on the drive unreadable (Gibberish)

KEK

Key Encryption Key
A key that is used to encrypt and protect another key (so the key is never stored in cleartext).

TPM

Trusted Platform Module
A Hardware module that complies with the TCG TPM standard for secure storage of CSPs.

How InfiniBox uses CSPs

Below is the list of CSPs used by the system in each use case:

Use case

Details

CSP use

Dirty Data (Write cache)

Data written to RAM and not yet destaged to persistent media.

DEK

SSD Drives

SED Authentication

AK

Enclosure Drives

SED Authentication

AK

API / web server

TLS is used to secure the communication channel.

DEK


Cryptographic key generation

The CSPs that are used by the CM are 256 bit long. The CSP are used by a FIPS-approved algorithm whether in FIPS mode or in STANDARD mode.
InfiniBox leverages a single seed and an approved key-based KDF (KBKDF) to generate all the keys required. This increases the protection of the keys as they are never stored. Instead only the seed needs to be stored in a protected mode.

Persistent CSP storage

When in FIPS mode, InfiniBox uses the TPM in each of the nodes to securely store the seed (3 separate copies). 
Each TPM generates its own KEK to protect the keys, and is password protected.
For each node (globally) the TPM will have a different KEK and different credentials

In memory key storage

In-memory, the seed is only stored within the process that uses it and is not accessible by other processes.

Protecting CSPs from side-channel attack vectors

InfiniBox does not allow running 3rd party code inside the controllers to further protect CSPs.

Key Zeroization 

All the in-memory keys are zeroed upon shutting down the node / system.
Persistent keys are zeroed by resetting the TPM to its factory defaults.

Key characteristics

All CSPs used for storing data are 256bit long, and HTTPS certificates generated by InfiniBox (during a Certificate Sign Request) are 2048bit by default. External certificates can be uploaded with other characteristics as long as:

  • They are uploaded in pem format
  • In FIPS1 mode, the certificate must use a cypher supported in FIPS mode (see the security policy for details of supported cyphers)

All keys are generated using an approved algorithm and using an approved entropy source.
Each CSP is used for only one purpose (either a salt, a seed, a Nonce or a key) and only for one use case (e.g. for SEDs, each drive gets a unique key).

Operational implications of FIPS mode

Node activation

When an InfiniBox node is activated, it inherits the entire security configuration from the active nodes in the cluster over a secure channel.
Upon node activation, the CM undergoes a series of power-on self tests. Only once these tests are successful the CM starts providing cryptographic functionality.
If a CM fails these self-tests in the activated node, it will not provide cryptographic functions on this node (as required by the FIPS standard), and the cluster manager will try to automatically restart a few times to resolve this issue without user intervention. If several restarts fail to solve the issue, the issue will be reported to the user via an alert for user intervention.

Node Deactivation

When a node is deactivated, its keys are shredded by resetting the TPM to its factory settings. 

FRU operations

Throughout its life cycle, the nodes and each of its components (including local drives and SSD drives, TPM or other components) may need a maintenance operation.
All maintenance operations are implemented in a way that will preserve the integrity of the CM and CSPs:

  • A replaced node will inherit the entire image of the InfiniBox OS and CM configuration from the existing node, preventing any tempering during its delivery from affecting the cluster
  • A replaced component within the same node will inherit the security settings of the node (e.g. a new SSD drive will cause a new key to be generated and applied to the drive)

Feature activation

Systems are shipped by default in STANDARD security mode. Any InfiniBox system running version 5.0.10 can be non-disruptively moved into the FIPS security mode on a per-node basis.
Until all nodes are activated (during the transition) the system will report its security mode as being "IN_TRANSITION" indicating that not all nodes have completed the transition to FIPS mode.
Once all nodes pass their self-tests and are successfully activated, the system will report it is running in FIPS mode.
To enable FIPS mode please contact Infinidat Support.

Feature Deactivation

Deactivating FIPS mode is similar to activating the feature (non-disruptively). To deactivate FIPS mode, please contact Infinidat Support.

Replacing Self Encrypting Drive keys

The seed and all derived keys of Self Encrypting Drives (SEDs) can be changed in the event of:

  • Customer request due to their security policy (please contact Infinidat Support)
  • 1st activation of FIPS mode. Since all CSPs were generated before FIPS mode was activated, they need to be regenerated using the approved algorithm.

Self tests

Types of tests

The CM implements both power up self tests and conditional tests as required by the FIPS standard.

Power up self tests

Occurs during CM initialization. If the tests fail, the CM will not start and will not provide cryptographic functions (State = ERROR).
To avoid this, the InfiniBox OS will retry the power-up self tests several times. The use of a hardware source of entropy reduces this risk substantially.

Conditional self-tests

Occurs when a random number is generated (e.g. when enabling encryption). If these tests fail, enabling encryption will fail with an error message. Using a hardware entropy source reduces this risk substantially.

Reporting on the test results

The test results are visible on the InfiniBox GUI / CLI / API via the Event Log and can also be sent out through SNMP, SMTP or SysLog interfaces.
A failed power-up self test will be retried automatically, and each attempt (successful or failed) will be reported in the Event Log.

FIPS Best Practices

To simplify monitoring the adherence to best practices to secure the system, InfiniBox also offers an automated checklist of all our recommended best practices that immediately show the administrator any gaps between best practices and the current system configuration.
For example, a system configured to allow HTTP administrative access is not following best practices.
To check the best-practices alignment of your system (once FIPS mode is activated) go to the health screen (and look at the FIPS Best Practices menu) or use the CLI command system.fips_best_practice_check 

Frequently Asked Questions

Is there a performance penalty when running in FIPS mode?

None that Infinidat has been able to identify, as encryption is based on SEDs.

Can administrators enable FIPS by themselves?

No: this is a technician operation. For new systems, installed with release 5.0.10 or higher, this will be done during the installation process.

How can an administrator know the transition was successful?

As long as the transition has not completed, the GUI and system.info CLI command will show the security state as being "IN_TRANSITION".
Once the transition is complete a FIPS icon will appear in the dashboard, and the system.info command will show the security state as FIPS1

Once a system is in FIPS mode, how does it prevent a non-FIPS node entering the cluster?

The system handles that automatically: a node will not be allowed to join the system if it is not in the right security mode and has not passed the required self-tests

Does InfiniBox comply with NIST Special Publication SP-800-xx ?

As part of FIPS certification, InfiniBox complies with the following Special publications:

  • SP-800-90A - Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  • SP-800-108 - Recommendation for Key Derivation Using Pseudorandom Functions 
  • SP-800-88 - Guidelines for Media Sanitization  Note: this is guaranteed for enclosure drives and SSDs, as well as dirty data written to the local drives.

This also applies to InfiniGuard running InfiniBox OS version 5.0.10 or above in FIPS mode

What ciphers are supported in FIPS mode?

InfiniBox ciphers are listed in the Security Policy (SP), which is posted on the NIST website.

What about future versions and future hardware models?

Both will inherit the FIPS certification, and re-certification will be performed periodically as needed. 
Infinidat will avoid making changes to the cryptographic module, except when new vulnerabilities require patching.
In this case Infinidat will follow NIST guidelines on how to certify these changes.

Print Friendly and PDF Download PDF
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Last edited: 2020-11-05 10:24:39 UTC

Comments