This is the first article in a two-article series regarding FIPS 140 and Ubuntu. The first part of this series, this article, covers running FIPS 140 applications on Ubuntu while the second part, is covering the development of FIPS applications on Ubuntu.
What is FIPS and why do I need it?
Even though cryptography is used by almost every application today, the implementation of it is usually delegated to specialized cryptographic libraries. There are multiple reasons for that, including that implementing cryptography is not easy, and in fact it is easy to get wrong. Small mistakes–such as reusing a nonce–may render the data encrypted by an application recognizable. At the same time, the security landscape changes so fast that secure software of 10 years ago can no longer withstand attacks that exploit newly discovered vulnerabilities. For instance, algorithms like RC4 that were dominant in the early days of Internet commerce are today considered broken.
How can we be assured that these cryptographic applications and libraries implement cryptography correctly and follow best practices such as not using legacy cryptography? As cryptography is sensitive to governments around the world, there is no universally accepted answer yet. To address this problem in the U.S., NIST developed FIPS 140, a data protection standard that is our focus in this article.
FIPS 140 defines security requirements related to the design and implementation of a cryptographic module, or in software terms, for an application or library implementing cryptography. The standard has multiple levels of security, from levels 1 to 4, with level 1 applying to software implementations, while level 2 and further applying to specialized hardware alongside its software. On level 1, the standard requires the use of known, secure cryptographic algorithms and modes for data protection and requires their logical separation from the application. It further includes a certification process that ensures that the claims are tested and attested by an accredited lab by NIST.
In essence the FIPS 140 standard ensures that cryptography is implemented using well known secure designs, follows certain best practices, does not involve obscure algorithms, and that there is a due process in attestation.
What about FIPS 140-3?
The FIPS 140 standard is now transitioning from the existing FIPS 140-2 version to the new FIPS 140-3 revision. FIPS 140-3 aligns the general security requirements with ISO/IEC 19790 – an international standard- and after September 2021, it is expected to be the only active cryptographic certification mechanism by NIST. For the purposes of this article, we will refer to FIPS 140-2 as it is presently the most widely used version, and we will use the shorthand FIPS to refer to the standard.
What does it mean to comply with FIPS?
There is a lot of terminology around compliance with FIPS and it can sometimes be confusing. To make things simple, when we talk about an application complying with FIPS, we mean that the application uses a FIPS-validated cryptographic module, e.g., a library and uses it in accordance with the module’s security policy. The security policy is a document that accompanies every FIPS-validated module and includes guidance on certain aspects of cryptography. For example, the Ubuntu 18.04 OpenSSL module guidance states that the cryptographic algorithm AES-XTS can only be used for encrypting storage devices.
Who can benefit from FIPS?
In the process of procuring software for an average organization, it is not reasonable to expect a detailed cryptographic analysis of the software. To a non-expert, it is intimidating to read about a cryptographic algorithm’s features, modes of operation, and key sizes. While open source applications make the source code auditable and potentially everyone can verify the choices within, in practice the qualified persons to perform such an audit are a small set of individuals. A validation program such as FIPS 140 ensures that packages that include cryptography do not make questionable choices, such as using unapproved cryptography or implementing their own.
Hence, the procuring organization is assured that the validated applications and libraries are following certain good design principles and do not include custom or unapproved cryptography.
To whom do FIPS 140-2 requirements apply?
U.S. Federal agencies and anyone deploying systems and cloud services for Federal government agency use, whether directly or through contractors and vendors, are required to use FIPS 140-2 compliant systems. FIPS 140-2 has also been adopted outside of the public sector in industries where data security is heavily regulated, such as financial services, healthcare (HIPAA), and in international certifications such as Common Criteria.
FIPS on Ubuntu
The approach Ubuntu takes in FIPS certifications
By default, Ubuntu comes with cryptographic packages based on the upstream sources and is not configured to adhere to any national standard. The Ubuntu Advantage (ua) tool makes it possible to set up the system to adhere to the FIPS standard, by a process that we describe as “enabling FIPS” (see below for more details).
Although there is a global system “switch” for FIPS, the FIPS 140 certification covers specific binary packages. In Ubuntu we select a set of cryptographic packages from the main repository that form our cryptographic core set. This set of packages is tested and validated for the FIPS 140-2 requirements on each Ubuntu LTS release. The FIPS validated packages are installed during the FIPS enablement.
fips-updates vs fips
Each FIPS 140 certificate for a package can take several months to complete and is valid for 5 years. However, as vulnerabilities happen security-critical fixes may need to be included faster than a certification cycle. For that, we provide two ways to consume validated packages: a stream called ‘fips’, where the exact packages validated by NIST are present; and another stream called ‘fips-updates’ where the validated packages are present, but are updated with security fixes. The ‘fips-updates’ stream also allows access to the packages during the validation phase, enabling early application development and testing. Both streams are revalidated periodically during Ubuntu standard support phase.
The FIPS validated cryptographic packages
The cryptographic core of Ubuntu 20.04 consists of the following packages:
|Package||Description||FIPS 140-2 certificate|
|linux-image-fips||The Linux Kernel Crypto API.||#3928|
|libssl1.1||The OpenSSL cryptographic backend. This includes the necessary cryptography for OpenSSH as well.||#3966|
|libgcrypt20||The libgcrypt cryptographic library.||#3902|
|strongswan||StrongSwan, the IPSec VPN implementation.||Under validation|
This set of packages is validated on x86-64 and IBM z/15. In the past, the table included both the OpenSSH server and client, but since 20.04 they no longer include cryptography for the purposes of FIPS 140-2 certification and use it from the OpenSSL package.
Note that the Linux kernel is itself a validated cryptographic module in the sense of FIPS, because it contains not only cryptography used by software (e.g., strongswan uses cryptography provided by it for IPSec), but also because it contains the random number generator that feeds all the user space applications and cryptographic libraries. Because of that the validated linux kernel is a dependency of the rest of the validated packages.
How do I enable FIPS on Ubuntu?
You can enable FIPS on an LTS Ubuntu release, such as 18.04 or 20.04 with a subscription. As Ubuntu’s mission is to bring free software to the widest audience, developers and individuals can access FIPS 140 through a Free personal subscription. For developing and running workloads with FIPS on the enterprise, the validated packages are available with Ubuntu Pro or an Ubuntu Advantage subscription.
The following instructions will enable FIPS on Ubuntu LTS.
Step 1: attach your subscription
Obtain your subscription token from ubuntu.com/advantage and attach it to your system. This step is not necessary in Ubuntu Pro.
$ sudo apt update $ sudo apt install ubuntu-advantage-tools $ sudo ua attach <TOKEN>
Step 2: enable FIPS
The following step enables FIPS using the ‘fips-updates’ stream on Ubuntu LTS.
$ sudo ua enable fips-updates
The previous command hides a lot of complexity relating to FIPS enablement. It installs the packages from the FIPS repository, and adds a kernel command line option to enable FIPS system-wide. A reboot is necessary to complete the FIPS enablement. You can verify its status using the command below.
$ sudo ua status
SERVICE ENTITLED STATUS
cc-eal yes n/a
cis-audit no —
esm-infra yes enabled
fips yes n/a
fips-updates yes enabled
livepatch yes disabled
How do I run my application with FIPS enabled?
Once FIPS is enabled, the FIPS 140-2 requirements are enforced in the core cryptographic packages. From that point you can start applications as you would do in an non-FIPS enabled system. However, one thing to keep in mind is that applications that were not designed to comply with FIPS may issue an error, for example when using an unapproved algorithm. Additionally, we recommend that you install and set up applications after FIPS is enabled, to prevent errors caused by old configuration files that may contain non-FIPS compliant options.
How can I run my FIPS-enabled application on the public cloud?
While the instructions above are sufficient to run applications on Ubuntu on the cloud, you can deploy Ubuntu Pro FIPS images without getting into configuration steps shown above. Ubuntu Pro FIPS images are available on the public cloud including on Azure and AWS. The images are pre-configured and generated from the ‘fips’ stream.
How can I run my FIPS-enabled application on an Ubuntu container?
To run FIPS-enabled applications in a container, you need to to generate a container that has the necessary FIPS-validated dependencies for the application, in addition to running your container on an Ubuntu FIPS-enabled host. The reason a FIPS-enabled host is necessary is because there are dependencies between cryptographic packages like OpenSSL and the kernel (for example the random generator), and the FIPS enablement in Ubuntu is signaled by the kernel (via /proc/sys/crypto/fips_enabled).
To generate a container with the FIPS cryptographic packages check the instructions in this article.
Ubuntu enables running and developing applications compliant with the FIPS 140-2 data protection standard. The approach we follow gives a system-wide switch that is transparent for the applications. On enterprise environments you have Ubuntu Pro or Ubuntu Advantage subscriptions available to enable your development and running applications using the Ubuntu FIPS validated packages!