Win $20,000. Help build the future of education. Answer the call. Learn more

Federal Information Processing Standards (FIPS): Pitfalls and common misconceptions

In a previous tutorial, I showed how you can achieve Federal Information Processing Standards (FIPS) compliance with your Apache Spark big data processing. This article supplements those concepts by exploring some common misconceptions around FIPS mode enabled environments, as well as some common pitfalls of FIPS.

Common misconceptions around FIPS mode enabled environments

1. A FIPS mode enabled environment ensures that all applications that run on it are also compliant.

This is not always true, as in some cases a software program makes no guarantees about a user application’s compliance. For example, when the IBM SDK is in FIPS mode it tries to switch to FIPS-approved algorithms whenever possible, or it throws an exception when the user executes code that tries to use any crypto algorithm that isn’t in compliance with the FIPS standard. However, this does not guarantee that the user’s code will also be FIPS compliant, therefore it’s the end user’s responsibility to be aware of any applicable FIPS standards and security requirements for the application.

2. An application that’s developed for FIPS-enabled IBM SDK/Oracle JDK will not work on the same version of the JDK/SDK without FIPS enabled.

The application will work just fine. In fact, enabling FIPS limits the available algorithms — that is, the algorithms that are not FIPS approved are disabled for use.

3. Why do we need FIPS in the first place? What does it bring along with it? Is it just a set of rules?

Today, only a few operating systems and libraries have a FIPS mode available. Actually, FIPS is just a compliance standard, so following all the issued guidelines makes your application also compliant. FIPS is definitely not a special cryptographic suite, so it is not available unless you have the FIPS mode enabled on your OS.

FIPS is a well-recognized security standard that’s required by certain government/non-government bodies to secure their computing environments. This protects their computers from being hacked and their users’ personal information and other classified information from being leaked to hackers. Hackers are often quick to exploit any security vulnerabilities, so it is important to regularly update the FIPS standard and to adhere to the latest available guidelines from FIPS.

Common pitfalls of FIPS

Application developers should be aware of FIPS, and the following are some common pitfalls. This list is not exhaustive, so it is important to have a comprehensive understanding of the standard and computer security in general.

1. Use of a non-compliant, unsupported cipher or simply a non-encrypted transport (e.g. HTTP)

Downloading jars or other sub-modules for your application via HTTP can lead to man-in-the-middle attacks, in which an attacker can simply intercept the traffic and see the jars and other source files to learn about your source code. Therefore, FIPS has strict guidance available for approved ciphersuites for transport-level security (e.g. TLS or SSL). Some HTTPS ciphersuites do not comply with the FIPS standard. For example, here is a list of all the ciphersuites that use RSA key exchange supported by OpenSSL:

$> openssl ciphers -v 'kRSA'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
NULL-SHA256             TLSv1.2 Kx=RSA      Au=RSA  Enc=None      Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5

And here are all the ciphersuites that use RSA key exchange, including TLS v1.2, and are allowed in FIPS mode (meaning, they run on OpenSSL, with FIPS enabled, on a Red Hat Enterprise Linux 8.x server in FIPS mode).

$> openssl version
OpenSSL 1.1.1c FIPS  28 May 2019
$> openssl ciphers -v 'kRSA+FIPS'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

The above comparision shows that in FIPS mode, certain ciphersuites are disabled, such as RC4-SHA or NULL-MD5. This means that if an application is using HTTPS, you still need to make sure that it is using the approved ciphersuite for both key exchange and encryption.

Having a FIPS-enabled environment can be helpful here. For example, a Spark job that uses an external service for model scoring of input data can reveal the details of the data to anyone who intercepts the message (i.e. MITM attack) as well as the owner of the model scoring service itself.

2. Using or accessing a public cloud object storage and all the implications

A cloud object storage that’s hosted on a public cloud may store data in encrypted format, but this does not restrict the cloud provider from accessing the data. This can be a matter of concern for some government/non-government bodies around storing user data. To overcome this, you can either encrypt the data with a FIPS-approved algorithm and then store it on a public cloud, never transmitting the keys — or you can have a private cloud instance of the object store and still use the encrypted data.

A cloud object storage that’s fully compliant with the FIPS standard may be used.

3. Example: Accessing Hadoop

Hadoop has both encrypted and non-encrypted modes of operation. In encrypted mode, all network I/O and disk storage can be encrypted with a FIPS-approved ciphersuite. (For more details, see Transparent Encryption in HDFS.)

4. Storing data on a non-encrypted/non-FIPS-compliant NFS

NFS can be made FIPS compliant by turning on the FIPS mode on it. More details are available with the NFS provider (see Red Hat Enterprise Linux documentation for Securing NFS).