Data at Rest Protection for Corporate Security and Why FIPS 140-2/-3 Validation Matters

With more employees working from home, laptops are now a bigger concern than ever for IT professionals. Centralizing data on company or cloud servers coupled with zero-trust infrastructure can work in some cases, but there are also drawbacks to the cloud: some tasks are very slow, and employees need access to the Internet. This can be difficult when traveling or working at a customer site.

Another factor to consider is the caching behavior of all the applications used by employees. There are many valid cases to cache data locally. One example is to improve the user experience so that the user can continue working while data is being written to the cloud. The data may start in RAM, but then get swapped to disk.

Instead of trying to lock down every aspect of software behavior, a simpler solution is to ensure the SSD is built like a vault. If you have the access code, you can get in. If you don’t have the code, then the data on the drive is unreadable. This is where a FIPS 140-2 or FIPS 140-3 certified SSD can help. These drives are so secure, that an attacker can’t read the data on the drive even if they have the skill to physically remove the NAND memory chips and access the data directly. On a FIPS 140-2/-3 SSD, that data at rest is encrypted and will always look like random data.

Read: Securing SSDs with Code Signing and Digital Signatures

What is data at rest?

In the world of data security, data is set to exist in one of two states: in motion and at rest. Data in motion refers to information that flows over private or public (untrusted) networks. The cloud is enabled by the Internet, which is the global network that connects all of us. Technologies like Virtual Private Networks (VPN) protect data in motion.

Data at rest refers to data that is on non-volatile storage like an SSD. This is where FIPS 140-2/-3 certified SSD comes in. On most SSD’s it is implemented using TCG Opal standard, but certification requires compliance with very strict cryptographic requirements and a third-party audit of the design. The process usually takes 18-24 months and requires a very deep dive into the hardware and software design of the SSD.

How does data at rest protection work?

There are two aspects to this kind of protection: Access Control and Encryption. The first involves ensuring that only a trusted individual can access the data. The drive remains locked until a user proves their identity by supplying the correct password.

To protect against physical attacks (i.e.: de-soldering the NAND memory chips), the data is encrypted using an algorithm like AES-XTS-256. An encryption algorithm takes the original clear-text data and randomizes it in an unpredictable way using a 256-bit input that we call a key. The randomization process can only be reversed using that key. Trying to guess a key of that length would require trillions upon trillions of years, even with the fastest super computers [1].

Best practices require that each SSD maintains its own data encryption keys. The SSD protects these Data Encryption Keys (DEK) by encrypting it with a dedicated key encryption Key Encryption Key (KEK) the derived from the access control password. By design, the SSD never retains a copy of the user passwords. This means that if you steal a laptop with this kind of protection, then all you get is the hardware. The corporate secrets are still safe behind the encryption.

Read: Secure Erase of Data Stored on SSD

Why antivirus software and firewalls alone may not be enough

It is common for people to think that have enough protection with antivirus and firewall software. Unfortunately, that’s not the case, because these tools only protect against some types of remote attacks. They do not protect against someone stealing your laptop, removing 14 screws and pulling out the SSD. This is where a TCG Opal or FIPS 140-2/-3 certified SSD come into play. Studies have shown that 7% of corporate laptops are lost or stolen before the end of their useful life (typically 3 years) [2].

What is FIPS 140-2/-3 and why is it important for corporate security

Federal Information Processing Standard (FIPS) 140-2/-3 is a security standard mandated in the United States, Canada and many other countries. Products with this certification meet the stringent requirements defined by the National Institute of Standards and Technology(NSIT) for a cryptographic module to protect sensitive but unclassified information.
The goal is to ensure that the features the product offers conform to the FIPS 140-2/-3 standard.

FIPS 140-2/-3 defines four security levels numbered 1 through 4 that have increasingly difficult requirements for each of the 11 requirement areas shown below [3].

1. Cryptographic Module Specification
2. Cryptographic Module Ports and Interfaces
3. Roles, Services, and Authentication
4. Finite State Model (FIPS 140-2) / Software/Firmware Security (FIPS 140-3)
5. Physical Security
6. Operational Environment
7. Cryptographic Key Management (FIPS 140-2) / Sensitive Security Parameter Management (FIPS 140-3)
8. EMI/EMC (FIPS 140-2) / Non-Invasive Security (FIPS 140-3)
9. Self-Tests
10. Design Assurance (FIPS 140-2) / Life-Cycle Assurance (FIPS 140-3)
11. Mitigation of Other Attacks

Read: Phison Now Offering Industry-Best Secure SSD Solutions With FIPS 140-2 Certification

Which is better FIPS 140-2 or FIPS 140-3?

FIPS 140-3 supersedes FIPS 140-2 and became effective September 22, 2019 with validation starting September 22, 2020. It means that FIPS 140-2 testing officially ends September 21, 2021 and NIST will only accept FIPS 140-3 submissions from Sep 22th, 2021. The 140-2 standard did not have any known vulnerabilities, but requirements were updated to reflect new developments in the state-of-the-art of the security world. A device certification lasts for five years [4], at which point it either must be re-certified or replaced with a new model that has been FIPS 140-3 certified. This means that all 140-2 certified devices will naturally age out of the market or move to historical list by September 2026.

How to get FIPS 140-2/-3 certified

Getting a FIPS 140-2/-3 certificate involves conformance testing by accredited laboratories and verification and approval by specific governmental agencies.

Cryptographic Module Validation Program (CMVP)

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with FIPS 140-2/-3 standard. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada.

The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules [5].

Products validated as conforming to this standard are accepted by the Federal agencies of both countries for the protection of Sensitive Information (United States) or Designated Information (Canada) [5].

Cryptographic Algorithm Validation Program (CAVP)

Cryptographic Algorithm Validation Program (CAVP) validates whether the product actually implements the algorithms that NIST officially defines. Also, it is a prerequisite of cryptographic module validation [6].

Module verification

NIST and CSE verify the application submission from an accredited lab. In order to get certified, the module needs to pass rigorous testing conducted by the lab. After the lab checks the product meets the specified requirements, it will submit the official test report to NIST and CSE.

If there are no concerns, NIST and CSE will issue an official certificate and the module will be listed on the CMVP website as a validated module. For further information, please visit the NIST website.

CMVP review status: Cryptographic Module Validation Program | CSRC (nist.gov)

List of validated modules: Cryptographic Module Validation Program | CSRC (nist.gov)

FIPS 140-2/-3 with Phison

“Protecting our customer’s data is one of the most important engineering design principles at Phison. We are pleased to offer FIPS 140-2 security in Phison SSD solutions to mitigate against modern threats,” said K.S. Pua, CEO of Phison [7].

Phison’s TCG OPAL SSC SSD Series for E12/S12 controller have already passed FIPS 140-2 level 2 validation. These are high-performance self-encrypting solid state drives with the support of PCIe and SATA interface. User data is protected by AES-256-XTS on-the-fly hardware encryption/decryption without compromising transfer rates.

This SSD series implements various FIPS-approved cryptographic algorithms and services are provided through compliance with the industry-standard TCG Opal SSC protocol. The CMVP certificate number is 3758 and can be found in the link below.

Phison CMVP certificate:  Cryptographic Module Validation Program | CSRC (nist.gov)

Data protection is a joint effort of all players in this ecosystem, Phison is just a part of it. But we strive for demonstrating leadership in technology, dedication to go above and beyond for customers and end users, preparedness to meet future requirements, and dedication to contribute to safety and security.

References used in this article:

1. Assuming half of the 256-bit keyspace is searched with a 500 petaFLOPS supercomputer.
2. Ponemon Institute (Sept 2010)
3. NIST (May 2019)
4. NIST (May 2019)
5. NIST (May 2001)
6. NIST (March 2021)
7. Phison Electronics Corp (Jan 2021)

Read: Securing SSD Data with Encryption