Eric,
The Definitions and Abbreviations section of 800-63-1 defines "Approved" as "Federal Information Processing Standard (FIPS) approved or NIST recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation. " I hadn't been aware of a definitive list, but Annex A does look like a reasonable list. The link where I found everything for 140-2, including Annex A, is:
http://csrc.nist.gov/groups/STM/cmvp/standards.html
One correction to your summary: My reading of 800-63-1 is that LoA 1 doesn't stipulate the use of an Approved Algorithm to mitigate the risks of tampering and disclosure of stored credentials, only LoA 2 does. The LoA 1 requirement for credential storage is:
"Credential storage – Files of shared secrets used by Verifiers at Level 1 authentication shall be protected by access controls that limit access to administrators and only to those applications that require access. Such shared secret files shall not contain the plaintext passwords; typically they contain a one-way hash or “inversion” of the password. In addition, any method allowed for the protection of long-term shared secrets at Level 2 or above may be used at Level 1."
Someone with more knowledge of AD than I would need to confirm this, but I suspect AD doesn't have any problem with credential storage at Level 1.
David
On Tue, 2013-03-05 at 20:04 +0000, Eric Goodman wrote:
Thanks for calling out that linkage, David.
Despite Jeff’s clear summary of when he was referring to FIPS 140-2 security levels vs. NIST 800-63 LoA levels, my brain was spinning trying to hook it all together. J (That’s a comment on the linkages in the source documents, not on Jeff’s summary!)
So if you are saying that all we need for InCommon/NIST 800-63 LoAs 1 and 2 are “Approved Algorithms”, and not the full FIPS profile, then that means the relevant link is actually “Annex A” of the FIPS document, correct?
The “Annex A” document itself seems very hard to find… FIPS 140-2 refers to
http://csrc.nist.gov/groups/STM/cmvp/index.html
for the Annex, but I don’t see links to either “Annex A” or “Approved Algorithms” there. I did find the following draft version of Annex A in a more general Google search, last updated in mid 2012:
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
is that the document we’re looking for?
--- Eric
From: [mailto:] On Behalf Of David Walker
Sent: Monday, March 04, 2013 10:43 AM
To:
Subject: Re: [AD-Assurance] RE: Various links of interest
Hmmm... I see that the draft I barely started in Friday actually got sent...
Anyway, as I started to say, the issue is how to map 800-63's levels of assurance to FIPS 140-2's levels of security for credential storage. That can be found in section "7.3 Token and Credential Management Assurance Levels" of 800-63-1:
- LoA 1: No FIPS 140-2 requirement.
- LoA 2: No FIPS 140-2 requirement, although an Approved algorithm must be used to encrypt the password.
- LoA 3: FIPS 140-2 Level 2 or higher is required.
- LoA 4: FIPS 140-2 Level 2 or higher is required.
Not a lot of help for us here. My quick reading of 140-2, however, tells me that all levels of FIPS 140-2 require an Approved algorithm, so any 140-2 certified password storage method should suffice for LoA-2.
David
On Fri, 2013-03-01 at 17:03 -0800, David Walker wrote:
Thanks, Jeff. You've done a lot of my work for me.
The remaining issue is how we map NIST 800-63's levels of assurance to FIPS 140-2's levels of security.
On Fri, 2013-03-01 at 19:10 +0000, Capehart,Jeffrey D wrote:
There was also a question about which Level of Assurance mapped to which FIPS security level.
My understanding is that all FIPS 140-2 Security Levels use Approved Algorithms so for the purposes of InCommon Silver IAP V1.2 that it does not matter whether the Approved Algorithms you use are Level 1,2,3, or 4. Any should suffice. The Security level is not related to the Assurance level.
Keep on reading if interested…
Refer to Special Publication SP 800-63-1Electronic Authentication Guideline
http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
OMB M-04-04 defines four levels of assurance, Levels 1 to 4, in terms of the consequences of authentication errors and misuse of credentials. Level 1 is the lowest assurance level, and Level 4 is the highest. To avoid confusion, refer to these specifically as ASSURANCE LEVEL(s) 1-4.
Note that in general, BRONZE maps to Assurance Level 1 and SILVER to Assurance Level 2.
FIPS 140-2 says:This standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information (hereafter referred to as sensitive information). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. Note that later they are referred to more specifically as SECURITY LEVEL(s) 1-4. If interested in the differences, refer toTable 1: Summary of security requirementsin FIPS 140-2.
Here’s where assurance levels come in for Active Directory:
You will see by reading the IAP 1.2 Criteria #4.2.3.4 (Silver) Stored Authentication Secrets… there are three choices to select from. The verbiage is quite similar to what you will see for Assurance Level 2 in SP-800-63-1. You are also allowed to use Level 3 or 4. Level 1 also is very similar to the #4.2.3.5 (Bronze) Basic Protection of Authentication Secrets.
At Level 1, the following shall be required: (Compare to BRONZE #4.2.3.5)
• Credential storage– Files of shared secrets used by Verifiers at Level 1 authentication shall be protected by access controls that limit access to administrators and only to those applications that require access. Such shared secret files shall not contain the plaintext passwords; typically they contain a one-way hash or “inversion” of the password. In addition, any method allowed for the protection of long-term shared secrets at Level 2 or above may be used at Level 1.
At Level 2, the following shall be required:(Compare to SILVER #4.2.3.4)
• Credential storage – Files of shared secrets used by CSPs at Level 2 shall be protected by access controls that limit access to administrators and only to those applications that require access. Such shared secret files shall not contain the plaintext passwords or secrets; two alternative methods may be used to protect the shared secret:
1. Passwords may be concatenated to a variable salt (variable across a group of passwords that are stored together) and then hashed with an Approved algorithm so that the computations used to conduct a dictionary or exhaustion attack on a stolen password file are not useful to attack other similar password files. The hashed passwords are then stored in the password file. The variable salt may be composed using a global salt (common to a group of passwords) and the username (unique per password) or some other technique to ensure uniqueness of the salt within the group of passwords.
2. Shared secrets may be encrypted and stored using Approved encryption algorithms and modes, and the needed secret decrypted only when immediately required for authentication. In addition, any method allowed to protect shared secrets at Level 3 or 4 may be used at Level 2.
Jeff
From: [] On Behalf Of Brian Arkills
Sent: Friday, March 01, 2013 1:01 PM
To:
Subject: [AD-Assurance] Various links of interest
Incommon IAP
http://www.incommon.org/docs/assurance/IAP.pdf
AD Silver cookbook
https://spaces.internet2.edu/display/InCAssurance/InCommon+Silver+with+Active+Directory+Domain+Services+Cookbook
FIPS 140-2
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Example of specific Microsoft library that is FIPS approved:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1335
Note: All of these have at the end of the "Operational Environment:" the parenthetical "(single-user mode)".
Enabling FIPS approved mode on Windows:
http://support.microsoft.com/kb/811833
-B
|