Lifting the Lid: FIPS 140-2 Certification

FIPS 140-2 (which we’ll refer to here as FIPS) is a stringent US cryptography standard that’s a critical component of cybersecurity solutions in both the private and public sectors. Allied Telesis has gained FIPS certification on several key products, which demonstrates that our robust security and quality claims are backed up by our processes and results.

But what exactly is FIPS? Why is certification important, and how does a business get it? We talked to Theuns Verwoerd from Allied Telesis to find out.

Tell us a bit about yourself, Theuns, and your role.

I'm a senior software engineer, working as part of the Security Team. Our tasks include monitoring and advising on security-related aspects during product development, addressing security needs as they emerge, and managing security-related certifications. Over the last two years, FIPS certification has been a major component of that.

In a nutshell, what is FIPS?

FIPS is short for Federal Information Processing Standard, where FIPS 140-2 is FIPS number 140, version 2. FIPS includes a range of cryptography standards created by the U.S. government to protect its sensitive data—certification is expected for any product used by the federal government. Essentially, FIPS 140-2 is a series of checks to ensure that a cryptographic module has been independently assessed to meet a security standard set by the US Government.

It’s not just US government agencies that are using this standard now—why has FIPS become so important for so many global companies?

Cryptography is hard, and prone to failing in non-obvious ways. It’s also critical to the reliability and integrity of communications across an untrusted network, like the Internet. Checking whether a vendor's cryptographic implementation is good quality requires a lot of deep inspection, far more than any user can reasonably do. Gaining FIPS certification proves that this inspection has been done by expert, objective testers who are external to the vendor. It proves that when a vendor claims to have built their solution with high quality and best practices, they really did.

So, getting FIPS certification speaks for the quality and security of our products?

It does. Regarding our AlliedWare Plus operating system code, FIPS evaluation includes detailed inspection of both the design and implementation of the cryptographic module—there’s a comprehensive and detailed source code inspection. FIPS requires an open book: when a vendor claims security and quality, the source code has to back that up.

At a hardware level, products certified at FIPS level 2 require physical tamper evidence, including a complete chain of trust from factory to user. (Allied Telesis has C-TPAT certification that recognizes its secure supply chain.) Supply chain attacks, including physical interception, have become a real concern in recent years. FIPS certification requires proof that the hardware hasn’t been subverted, so it’s trustworthy to the end user.

As well as proving code and hardware safety, FIPS also provides the end user with a high level of trust in a vendor’s processes—the software and development practices used to generate the operating system firmware that drives the hardware. FIPS proves that you have strong source control and versioning, and robust firmware signatures. Users can verify that their device firmware is exactly the same as what was checked, tested, and certified.

What was your experience of working on the Allied Telesis FIPS project?

Cryptography is hard. Being challenged to not only have implemented cryptographic features, but to justify and document every aspect, requires a pedantic level of attention to detail, and exhaustive checking that goes well beyond the norm.

Fortunately, our design approaches and development processes here at Allied Telesis were already heavily focused on quality, which meant that very little rework to our AlliedWare Plus software was required. The bulk of the work boiled down to documenting, in excruciating detail, every aspect of our development process and of the cryptographic module itself.

Any challenges?

Security is by nature pedantic—cryptography is even more so. Add to that US government standards, extensive documentation requirements, and an external examiner that has total access to the inner workings of your solution, and the slightest uncertainty about a detail becomes intolerable.

Even starting from a solid implementation, everything had to be checked, rechecked, documented, rechecked, tested, and checked again.

And the best bit?

Software is intangible: you always try to build the best possible solution and test it in every way possible (and impossible), but ultimately, it's a matter of faith. A certification as rigorous and exacting as FIPS 140-2 provides validation that all the work we put into building the best possible solution has paid off.