What Is FIPS 140-2?
by Brett Daniel, on Apr 22, 2021 4:20:12 PM
Graphic: The official name for FIPS 140-2 is "Security Requirements for Cryptographic Modules."
Table of Contents
- What is FIPS 140-2?
- What does it mean to be compliant with FIPS 140-2?
- How do FIPS 140-2 levels work?
- How do you become compliant with FIPS 140-2?
- What algorithms are compliant with FIPS 140-2?
- What's the difference between FIPS 140-2 and FIPS 197?
- Is FIPS 140-2 approved by the NSA?
- Conclusion: Trenton Systems' FIPS 140-2 Drives & FIPS 140-3
In the high-performance computing industry, all roads lead back to security, especially these days. Whether we're discussing system hardening, AES encryption, self-encrypting drives, the Cybersecurity Maturity Model Certification (CMMC), TAA compliance, or the importance of securing hardware, firmware, and software holistically, it's a fact: security is central.
FIPS 140-2 yet another security-related piece of the puzzle. It ensures that sensitive government information stored on cryptographic modules is well-protected from independent and state-sponsored hackers. Keeping the government's sensitive information out of these individuals' hands is one of the main reasons why the National Institute of Standards and Technology (NIST) developed the publication in the first place.
But what is FIPS 140-2, how does it protect the government's sensitive information, and how does one achieve FIPS 140-2 validation or compliance?
We'll answer these questions in more in this blog post, and stay tuned for our next blog post on FIPS 140-3 and how it compares to FIPS 140-2.
A brief note for vendors: Although no validations against the standard have been issued as of yet, FIPS 140-3 has superseded FIPS 140-2, but FIPS 140-2 is still valid and accepted as of April 2021, and validation testing against FIPS 140-2 remains available until Sept. 21, 2021. FIPS 140-2 validations will still be granted after that date. FIPS 140-3 testing is also currently available, but after Sept. 21, the NIST will retire FIPS 140-2 testing entirely and begin testing against FIPS 140-3 only.
Graphic: FIPS 140-2 is a publication about securing sensitive information on cryptographic modules.
What is FIPS 140-2?
Federal Information Processing Standard (FIPS) 140-2 is a NIST publication that lists security requirements for cryptographic modules protecting sensitive but unclassified information in computer and telecommunications systems. The NIST issued the standard on May 25, 2001, as a successor to FIPS 140-1, which also covers security requirements for cryptographic modules.
FIPS 140-2 compliance applies to all federal agencies using cryptographic security measures to protect sensitive but unclassified information. It applies to not only cryptographic hardware components and modules but software and firmware programs and modules as well. FIPS 140-2 defines a cryptographic module as “the set of hardware, software, and/or firmware that implements approved security functions and is contained within the cryptographic boundary.”
If a cryptographic module is compliant with FIPS 140-2, that just means it’s FIPS-approved, recommended by the National Institute of Standards and Technology (NIST), that it satisfies certain cryptographic security features outlined in the standard. In the specific case of FIPS 140-2 hard disk drives (HDDs) and solid-state drives (SSDs), a FIPS-140-2-compliant drive is often referred to simply as a “FIPS drive” or “FIPS-approved drive.”
FIPS 140-2 cryptographic modules protecting sensitive but unclassified information are most often found in government and military applications and environments, from the high-powered desktop workstation in the safety and comfort of an air-conditioned government office, to the edge server deployed at the severe and unforgiving frontlines of a battlefield.
FIPS 140-2 validation is mandated by the Federal Information Security Modernization Act (FISMA). As a result, vendors whose cryptographic modules do not satisfy FIPS 140-2 validation requirements cannot sell their solutions to the government.
Graphic: The FIPS 140-2 validation process is handled via Cryptographic Module Validation Program (CVMP).
What does it mean to be compliant with FIPS 140-2?
If a cryptographic module is compliant with FIPS 140-2, that means it complies with one of the four security levels described in FIPS 140-2: Level 1, Level 2, Level 3, or Level 4.
In addition, if a specific module is being used by the federal government, then it has undergone a testing and validation process via the Cryptographic Module Validation Program (CMVP), a joint effort between the NIST and Communications Security Establishment (CSE) of the Government of Canada.
This goal of the CMVP is to validate manufacturers’ cryptographic modules to FIPS 140-2 and ensure that federal agencies are procuring equipment containing these validated modules. The CMVP is basically a security barrier to entry for cryptographic module vendors looking to sell their products to federal agencies that must comply with FIPS 140-2 requirements.
If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 or FIPS 140-3 is applicable. In essence, if cryptography is required, then it must be validated.
- Excerpt from the Cryptographic Module Validation Program (CVMP) project overview
Vendors’ modules are independently tested at accredited laboratories, called Cryptographic and Security Testing (CST) laboratories, to ensure compliance with FIPS 140-2.
The FIPS 140-2 validation process can take up to a year to complete, can cost as much as $100,000, and there are no guarantees that the product will cut the mustard.
One of the main goals of FIPS 140-2 compliance, according to the standard, is to prevent hackers, organized crime groups, and economic competitors from mounting attacks on the federal government’s sensitive information.
Graphic: FIPS 140-2 has four security levels, with the higher levels offering more protective features.
How do FIPS 140-2 levels work?
FIPS 140-2 security levels are increasing, meaning higher levels compound and provide more robust protection features than lower levels. They’re also designed to be cost-effective, with lower-level protections generally being more affordable to implement.
FIPS 140-2 Security Level 1
FIPS 140-2 Security Level 1 provides the lowest degree of security and lists basic security requirements, such as the use of a FIPS-approved algorithm. Extensive physical security protections, such as tamper-resistant enclosures and pick-resistant locks, as well as role-based or identity-based authentication, are not required at this level. Modules at this level can even be used in an unevaluated operating system environment.
FIPS 140-2 Security Level 2
FIPS 140-2 Security Level 2 strengthens the physical security of a module by using tamper-evident technology, or technology that makes unauthorized physical access to a module more difficult but also easy to detect. To meet the requirements of Security Level 2, a module must have some combination of tamper-evident coatings, seals, and pick-resistant locks. In addition, role-based authentication must be established, meaning the module must verify that an operator is authorized to assume a specific role to control specific functions of and perform specific tasks on the module. An evaluated operating system must also be used with Security Level 2 modules.
FIPS 140-2 Security Level 3
FIPS 140-2 Security Level 3 further strengthens the physical security of a module by using strong module enclosures and zeroization circuitry that erases all plaintext and critical security parameters once the module’s removable covers or doors are opened. Identity-based authentication and execution on an evaluated operating system are also required at Security Level 3, as is the physical separation of ports or logical separation of interfaces, which protects plaintext CSPs and software and firmware components from unauthorized executables.
FIPS 140-2 Security Level 4
FIPS 140-2 Security Level 4 provides the highest degree of protection. According to FIPS 140-2, the physical security mechanisms at Security Level 4 provide a complete envelope of protection intended to detect and respond to all unauthorized physical attacks. Detection of and response to these attacks have a high probability of success at this level, with immediate zeroization of all module contents taking place in the event of unauthorized access. As with Security Level 2 and Security Level 3, the use of a trusted operating system environment is also required at Security Level 4. Environmental failure protection (EFP) features or environmental failure testing (EFT) is also required at this level, since attackers may take a module and expose it to environmental conditions outside its normal operating ranges to disable its protections. Security Level 4 modules are safe for operation in harsh environments.
Graphic: The FIPS 140-2 compliance process ensures that a cryptographic module is using FIPS-approved algorithms, key management, and authentication.
How do you become compliant with FIPS 140-2?
To comply with FIPS 140-2, a cryptographic module must employ FIPS-140-2-compliant algorithms, cryptographic key management techniques, and authentication techniques. These three key areas encompass a wide range of design and implementation security requirements, including, but not limited to, those associated with:
- Cryptographic module ports and interfaces
- Roles, services, and authentication
- Physical security and environmental failure protection and testing
- Cryptographic key management
- Electromagnetic interference (EMI) and electromagnetic compatibility (EMC)
- Configuration management
For example, under Cryptographic Module Ports and Interfaces, the standard states that a cryptographic module must have four logical interfaces: the data input interface, the data output interface, the control input interface, and the status output interface. These account for incoming data, outgoing data, module operation controls, and output signals and status indicators, respectively.
Under Roles, Services, and Authentication, FIPS 140-2 states that a cryptographic module must support a user role and a crypto officer role, a service output that shows the status of a module, and either role-based authentication or identity-based authentication mechanisms, depending on the security level.
Under Physical Security, FIPS 140-2 lists requirements for single-chip modules, multiple-chip embedded modules, and multiple-chip standalone modules. Each requires a different type of physical protection depending on the security level, and the levels are increasing, meaning the higher levels offer a boost in security over the lower levels.
For example, a single-chip cryptographic module conforming to Security Level 2 requires an opaque tamper-evident coating on the chip or enclosure. That same module embodiment requires a hard opaque tamper-evident coating on the chip or a strong removal-resistant or penetration-resistant enclosure to conform to Security Level 3.
A multiple-chip embedded module conforming to Security Level 4 requires a tamper detection or response envelope with tamper response and zeroization circuitry, which is circuitry that facilitates the automatic erasure of sensitive information, such as plaintext data and cryptographic keys, if the module is tampered with or stolen.
Cryptographic modules conforming to Security Level 4 must also employ both environmental failure protection (EFP) features or undergo environmental failure testing (EFT). These requirements are unique to this level and mainly focus on protecting the modules from extreme fluctuations in voltage and temperature.
For a full list of FIPS 140-2 security requirements, consult Section 4 of the standard, which you can download near the introduction of this blog post.
Graphic: Annex A of FIPS 140-2 lists all FIPS-140-2-compliant algorithms.
What algorithms are compliant with FIPS 140-2?
The following algorithms are compliant with FIPS 140-2:
Symmetric Key Encryption & Decryption
- Advanced Encryption Standard (AES)
- Triple-DES Encryption Algorithm (TDEA)
- Digital Signature Standard (DSS), which includes the Digital Signature Algorithm (DSA), Rivest-Shamir-Adleman (RSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA)
- Secure Hash Standard (SHS), which includes Secure Hash Algorithm (SHA) 1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256
- SHA-3 Standard, which includes SHA-3 hash algorithms, SHA-3 extendable output functions (XOF), and SHA-3 derived functions
- Triple-DES Encryption Algorithm (TDEA)
- Advanced Encryption Standard (AES)
- Hash-Based Message Authentication Code (HMAC)
Review Annex A of FIPS 140-2 for more information about these algorithms.
Graphic: FIPS 140-2 and FIPS 197 go hand in hand. The former specifies a wide range of cryptographic module security requirements, and the latter is the FIPS designation for the Advanced Encryption Standard (AES).
What's the difference between FIPS 140-2 and FIPS 197?
FIPS 140-2 is the overarching NIST security standard for cryptographic modules transmitting sensitive but unclassified information. FIPS 197 is the NIST’s publication name for the Advanced Encryption Standard (AES), which specifies a FIPS-approved cryptographic algorithm that’s used to encrypt and decrypt a module’s sensitive information.
AES encryption is compliant with FIPS 140-2. It’s a symmetric encryption algorithm that uses cryptographic key lengths of 128, 192, and 256 bits to encrypt and decrypt a module’s sensitive information. AES algorithms are notoriously difficult to crack, with longer key lengths offering additional protection.
So, to summarize, FIPS 140-2 is focused on securing a cryptographic module holistically, while FIPS 197 focuses on the AES algorithms that can be utilized by the module to protect sensitive information. These algorithms are not the only algorithms that can be used, but they’re some of the most widely used.
For more information on AES encryption and AES algorithms, check out AES Encryption: The Definitive Question-And-Answer Guide.
Graphic: The National Security Agency (NSA) has its own designations and approval processes for cryptographic products.
Is FIPS 140-2 NSA-approved?
The NSA has its own classifications for cryptographic products. For example, a cryptographic device that can protect sensitive but unclassified information is known as a Type 3 product, which may or may not use the NSA-approved Advanced Encryption Standard (AES).
The NSA also specifies a Type 1 and Type 2 product, which are used to protect classified and unclassified government information, respectively.
The NIST’s FIPS publications, including FIPS 140-2, are approved by the U.S. Secretary of Commerce, so whether FIPS 140-2 is approved by the NSA is immaterial because there’s no official NSA approval process for FIPS publications. The NSA does use FIPS-approved algorithms and FIPS-140-2-validated cryptographic modules, however.
Photo: Defense and aerospace customers frequently ask Trenton Systems to incorporate FIPS drives into their Trenton rugged servers and workstations. We have no problem satisfying this requirement for our customers.
Conclusion: Trenton Systems' FIPS 140-2 Drives & FIPS 140-3
Trenton Systems can incorporate the latest and greatest hard disk drives (HDDs) and solid-state drives (SSDs) into its rugged servers and workstations upon request. We acquire the drives from a network of trusted manufacturers that specialize in FIPS 140-2 compliance and self-encrypting drives (SEDs).
Many of our customers are using FIPS-140-2-compliant storage drives in the field right now, and they can rest easy knowing that their sensitive information is well-protected from those who wish it weren't. Our latest rugged computing solution, the 3U BAM Server, designed with aerospace and defense customers at top of mind, can also utilize FIPS drives, among other advanced security measures, to protect customers' sensitive information.
We'd be happy to speak with you about satisfying your FIPS 140-2 requirements and others. In fact, we have an entire compliance team on standby to address your unique needs.
Keep an eye out for our upcoming blog post on FIPS 140-3. We'll dive into all the differences from its predecessor, its current status, and what it means for vendors looking to achieve validation going forward.