WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.

Similar documents
McAfee Firewall Enterprise 8.2.1

McAfee Firewall Enterprise 8.3.1

FIPS SECURITY POLICY FOR

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

Secure Network Communications FIPS Non Proprietary Security Policy

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Using etoken for SSL Web Authentication. SSL V3.0 Overview

An Introduction to Cryptography as Applied to the Smart Grid

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

2014 IBM Corporation

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Alliance Key Manager Solution Brief

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

Complying with PCI Data Security

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

Security Policy for Oracle Advanced Security Option Cryptographic Module

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Implementing SSL Security on a PowerExchange Network

WebSphere DataPower SOA Appliances

Applying Cryptography as a Service to Mobile Applications

Network Management Card Security Implementation

MOTOROLA ACCOMPLI 009 PERSONAL COMMUNICATOR MODULE OVERVIEW SCOPE OF DOCUMENT. Security Policy REV 1.2, 10/2002

Certification Report

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

HIPAA: Briefing for Healthcare IT Security Personnel. Market Overview: HIPAA: Privacy Security and Electronic Transaction Standards

Global Telehealth Conference 2012

Network Security Essentials Chapter 5

National Security Agency Perspective on Key Management

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

FIPS Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

FIPS Security Policy LogRhythm Log Manager

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

ASA 8.x: Renew and Install the SSL Certificate with ASDM

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Pulse Secure, LLC. January 9, 2015

Cryptography and Network Security Chapter 15

VPN SECURITY POLICIES

Secure web transactions system

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

Savitribai Phule Pune University

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

Installing your Digital Certificate & Using on MS Out Look 2007.

Chapter 6 Electronic Mail Security

BlackBerry Enterprise Solution

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

SECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Policy for FIPS Validation

Enabling SSL and Client Certificates on the SAP J2EE Engine

Certification Report

Contact: Denise McQuillin Checked: Filename: _b2.doc

Chapter 7 Transport-Level Security

Executive Summary and Purpose

SecureDoc Disk Encryption Cryptographic Engine

Authentication requirement Authentication function MAC Hash function Security of

Microsoft IIS Integration Guide

Auditing Encryption in Oracle Databases

EAC Decision on Request for Interpretation (Operating System Configuration)

Innovations in Digital Signature. Rethinking Digital Signatures

PRIME IDENTITY MANAGEMENT CORE

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Configuring Security Solutions

IBM Client Security Solutions. Client Security User's Guide

Chapter 8. Network Security

Network Security Essentials Chapter 7

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

An Oracle White Paper November Oracle Key Manager Version 2.x Security and Authentication White Paper

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

DRAFT Standard Statement Encryption

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

PGP from: Cryptography and Network Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Overview. SSL Cryptography Overview CHAPTER 1

ERserver. iseries. Secure Sockets Layer (SSL)

Integrated Services Router with the "AIM-VPN/SSL" Module

Web Security Considerations

Cryptographic Hash Functions Message Authentication Digital Signatures

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

How To Encrypt Data With Encryption

Strong Authentication for Future Web Applications

Transcription:

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17

This presentation discusses three new security features in the WebSphere DataPower Release 6.0.1 firmware. The first of the new features is support for FIPS 140-2 Level 1 mode. The second of the new features is support for NIST SP800-131a within the cryptobin action and our PRNG. The third of the new features is support for disabling the crypto hardware inside of the appliance. 601DataPower_Security_NIST.ppt Page 2 of 17

There is a standard called FIPS 140-2 that is used to validate cryptographic implementations according to various rules set by an organization called NIST. Many government customers are required to use cryptographic implementations that are validated to this standard. The 6.0.1 firmware introduces the concept of an appliance-wide cryptographic mode. It defaults to the Permissive mode which behaves exactly like previous versions of the firmware. We now also support a FIPS 140-2 Level 1 mode which causes all cryptographic operations in the firmware's main task to be performed inside of a FIPS 140-2 Level 1 validated cryptographic module. Previous firmware versions supported the use of an optional HSM card but the HSM support does not perform all of the main task's crypto operations inside of the HSM boundary, so this new mode is more thorough in that regard. Also, customers using the Virtual platform cannot use an HSM so this mode is especially useful for those customers. It is important to note that neither the DataPower appliance as a whole nor its firmware have been FIPS 140-2 validated by NIST. Only the internal cryptographic module used in FIPS mode (and the optional HSM card) have been validated by NIST. 601DataPower_Security_NIST.ppt Page 3 of 17

The first step in putting the appliance firmware into FIPS mode involves changing the password on existing user accounts. Previous firmware versions used an algorithm called md5crypt to hash user account passwords and this algorithm can never be used while in FIPS mode, so it is necessary to changes user account passwords after enabling the new support for sha256crypt passwords under RBM settings as shown here. 601DataPower_Security_NIST.ppt Page 4 of 17

The second step in putting the appliance firmware into FIPS mode is to use the Set Crypto Mode action to select FIPS 140-2 Level 1 mode and then reload the firmware. After the reload the appliance should be in FIPS mode. 601DataPower_Security_NIST.ppt Page 5 of 17

For B2B, if a banned algorithm is used in Request MDN Signing Algorithm property of B2B Partner Profile Destination, DataPower will discard the algorithm when generating an outbound AS messages. However, if there is no other applicable digest algorithm, the B2B Partner Profile will be opstate down. For the inbound flow, it is possible that a partner requests DataPower to return a signed MDN using a banned digest algorithm. The requested digest algorithm is specified in the signed-receipt-micalg parameter of AS Disposition-Notification-Option header. In this case, the banned digest algorithm will be ignored and the next applicable digest algorithm from the algorithm list will be used. 601DataPower_Security_NIST.ppt Page 6 of 17

FIPS mode has some limitations. The first one is that various existing product features will not work in FIPS mode since they require algorithms (like MD5 or RC2) that are banned by the FIPS 140-2 standard. Examples include the RADIUS protocol (hard-codes the use of MD5), version 3.0 of the SSL protocol (hard-codes the use of MD5), and most encrypted private key files (most of them use MD5 and/or RC2). This is not a DataPower-specific limitation; it is inherent in any FIPS 140-2 validated module. Additionally the RSA acceleration functionality of any non-fips crypto cards will be automatically disabled (again, to comply with the FIPS standard). The firmware must be reloaded to get into or out of FIPS mode (the change does not take effect immediately). Only the main firmware task respects the crypto mode setting (not the WTX or SSH tasks). In FIPS mode, Kerberos and SNMPv3 become more disabled than is required by the FIPS 140-2 standard (this is a DataPower-specific limitation). Errors getting into FIPS mode will be visible in the Crypto Mode status provider and in the system logs. Operations that fail at config time or run time due to things banned in FIPS mode will also put messages in the system logs (look for messages involving banned algorithms or too small keys). 601DataPower_Security_NIST.ppt Page 7 of 17

The Crypto Mode status providers shows three things. The Target mode is the mode that the user asked for previously for this run of the firmware. The Current mode is the mode that the firmware is currently running in (usually the same as the Target unless some error occurs). The Pending Target mode will become the Target mode the next time that the firmware is reloaded. Here they are all the same which shows that the user previously asked for FIPS mode, the box is currently in FIPS mode (it entered it successfully), and that the next firmware restart will also attempt to use FIPS mode. 601DataPower_Security_NIST.ppt Page 8 of 17

There is another NIST standard called SP800-131a which mandates the use of specific strong cryptographic algorithms, bans the use of weak cryptographic algorithms, and bans the use of key sizes that are too small. IBM SWG has mandated that all of our software products provide support for the use of SP800-131a compliant algorithms in any cryptographic functionality, so in the 6.0.1 release we added that support in the few places that were previously missing it: the cryptobin sign and verify actions, our pseudo-random number generator, and our B2B protocols. This talk does not cover the changes to the B2B protocols. The other parts of the firmware (the SSL stack, the XML crypto actions, and so forth) already had this support in previous firmware releases. Many federal customers are required to comply with SP800-131a so it is important that our firmware support the algorithms required for them to do so. 601DataPower_Security_NIST.ppt Page 9 of 17

The cryptobin sign action is used to create PKCS#7 and S/MIME signatures. It was modified in 6.0.1 to allow the user to select strong signing algorithms such as RSA with SHA-256 (using the configuration property shown here). The cryptobin verify action was also modified to allow signatures involving those same strong signing algorithms. 601DataPower_Security_NIST.ppt Page 10 of 17

NIST SP800-131a mandates the use of one of a couple of specific pseudo-random number generators (no other methods are approved for use as a PRNG). The PRNG used in firmware before 6.0.1 is not compliant with these rules, nor is the PRNG used in the 6.0.1 firmware when in the Permissive crypto mode. The PRNG used in the 6.0.1 firmware when in FIPS 140-2 Level 1 mode does comply with these rules. So to fully comply with the NIST SP800-131a PRNG requirements it is necessary to put the 6.0.1 firmware into FIPS 140-2 Level 1 mode. 601DataPower_Security_NIST.ppt Page 11 of 17

Unlike FIPS 140-2 where the 6.0.1 firmware has a global enforcement mode, we do not have any such global mode for NIST SP800-131a. It is up to the user to configure each cryptographic portion of their services in a compliant way. Mainly this involves choosing modern algorithms (3DES, AES, SHA-2) with adequately large RSA keys. Most of our default values comply with this standard but not all of them do (for backwards compatibility reasons). Note that the only way to get a compliant PRNG is to use FIPS 140-2 Level 1 mode. There is no specific troubleshooting for NIST SP800-131a since it is not a new features in and of itself. It is just a concept of supporting strong algorithms within each of the existing cryptographic product features (SSL, message level cryptography, B2B protocols, and so forth). 601DataPower_Security_NIST.ppt Page 12 of 17

Physical DataPower appliances all contain some kind of crypto card that is used to accelerate RSA operations (the HSM card is also used for key storage). The 6.0.1 firmware gives the user the ability to disable all or part of the functionality of the crypto card inside of the appliance. There is no good reason for a user to do this unless they are advised to do so by IBM support. It was mainly added because this functionality was added internally to support FIPS mode and because it is occasionally useful in some support cases. 601DataPower_Security_NIST.ppt Page 13 of 17

To disable part of the crypto hardware use the action shown here and then reload the firmware. Again, there is no reason to do this unless you are advised to do so by IBM support. 601DataPower_Security_NIST.ppt Page 14 of 17

There are some limitations in the user's ability to disable the crypto hardware. First is that each request to change how much of the hardware is disabled must be followed by a firmware reload (it does not take effect immediately). Second is that when in FIPS mode a non-fips card will have its RSA functionality disabled automatically in a way that cannot be overridden by the user. Whether or not some part of the crypto harwdare is disabled can be seen in two status providers shown on the next slide. 601DataPower_Security_NIST.ppt Page 15 of 17

The Crypto Hardware Disablement status providers shows three things. The Target value is what the user asked for previously for this run of the firmware. The Current value is the current state of the crypto hardware (usually the same as the Target unless you are in FIPS mode with a non- HSM card). The Pending Target value will become the Target value the next time that the firmware is reloaded. Here the appliance is in FIPS mode with a non-hsm crypto card so even though the client has requested (Target) that no part of the card be disabled the RSA part of the card got disabled anyway (Current) due to FIPS mode. Also, the existing Crypto Engine status provider has been augmented to show the Current field from the Crypto Hardware Disablement status provider. It will also consider this state as part of the overall status value ( fully operational may be replaced with partially disabled or fully disabled to indicate that not all parts of the card are operating). 601DataPower_Security_NIST.ppt Page 16 of 17

601DataPower_Security_NIST.ppt Page 17 of 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information