SUSE® Linux Enterprise 12 Security CertificationsCommon Criteria, EAL, FIPS, PCI DSS, ... What's All This About?

Matthias G. EckermannSenior Product Manager

SUSE Linux Enterprise

mge@suse.com

2

Agenda

• Evaluation – Validation – Certification

• Details on Certifications and Validations‒ Common Criteria Certification‒ FIPS 140-2‒ NIST SP 800-131A‒ DISA STIG‒ BSI IT Grundschutz‒ Other Certifications and Validations

• SUSE Linux Enterprise 12

Evaluation – Validation – Certification

4

Evaluation – Validation – Certification

Certification

Evaluation

Examine claims made about a target. “Claims” do not need to be based on standards.

Compare behavior of the software / module against an existing standard or expected behaviour.

Validation

Details on Certifications and Validations

6

Common Criteria

“How can I be sure to get the security I need?”

• “Common”‒ Accepted by 26 countries all over the world‒ The certification is following a worldwide standard, thus e.g.

certifications of certification body B (e.g. BSI) are accepted by certification body N (NIAP/NIST)→ Common Criteria Recognition Arrangement (CCRA)

• Evaluation Assurance Level 4+‒ Standardized set of test cases‒ Tested at level 4, '+' is an augmentation

(e.g. FLR = Flaw Remediation)‒ The highest level for a “commercial” O/S

7

Common Criteria (2)

• Important abbreviations in this context‒ Security Functional Requirement (SFR)‒ Security Assurance Requirement (SAR)‒ Protection Profile (PP)‒ Security Target (ST)‒ Target of Evaluation (TOE)

• More informationhttps://www.niap-ccevs.org/Documents_and_Guidance/cc_docs.cfm

8

FIPS 140-2

• (US) Federal Information Processing Standard‒ Usage: US FedGov, FISMA, Financial Industry‒ Certificate is issued by NIST and CSEC

• FIPS 140-2 ensures that‒ Crypto algorithms/modes follow the corresponding standard‒ No obvious crypto weakness exists‒ No out dated algorithms are used‒ Key length is sufficient

• Vital‒ Definition of “cryptographic module” (CM),

the functional description of the validation target‒ Self test with each invocation of CM‒ Integrity check‒ Checks performed even if module is not in FIPS-140-2 mode!

• Successor FIPS 140-4 in preparation

9

NIST SP 800-131A

Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

• Hashing‒ No MD5, no SHA-1 hashing algorithms anymore‒ Use SHA-224, SHA-256, SHA-384, SHA-512‒ See also: FIPS 180-4 Secure Hash Standard (SHS)

• Other cryptography‒ HMAC: key length >= 112bits‒ Signing: DSA or RSA, key length >= 2048bits‒ Symmetric encryption: 3DES, AES‒ Public key encryption: RSA, key length >= 2048 bits‒ See also: FIPS 186-4 Digital Signature Standard (DSS)

10

DISA STIG

Defense Information Systems Agency (DISA)definesSecurity Technical Implementation Guide (STIG)

Configuration standard → “Hardening” or “Lockdown”

• Purpose‒ Secure Installation‒ Secure Maintenance

• Builds upon other certifications and documentation(e.g. Hardening Guide)

11

BSI IT Grundschutz (ITGS, Germany)

• Certification of customers' environment and processes

• Covers more than the Operating System→ an Operating System cannot be ITGS “certified”

• PreconditionCommon Criteria (CC) Certification andCC documentation

• SUSE Linux Enterprise Security and Hardening Guide• More information

https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.html

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-3_e_pdf.html

12

PCI DSS (Payment Card Industry)

• Conformance Certification for a customers environment

• Covers more than the Operating System→ an Operating System cannot be PCI DSS “certified”

• SUSE Status:‒ Does not require changes on SUSE Linux Enterprise Server

itself‒ Builds upon parameters and capabilities of SUSE Linux

Enterprise‒ Main source for the certification of customers' and partners'

environments according to PCI DSS:SUSE Linux Enterprise Security and Hardening Guide

13

FSTEC (Russia)

• Achieved for SUSE Linux Enterprise Server 10, SUSE Linux Enterprise Server 10 SP3, SUSE Linux Enterprise Server 11 SP1

• Might need refresh according to market needs• More information:

http://www.globalsecurity.org/military/world/russia/fstec.htmhttp://www.fstec.ru/

• List of certified systems:http://www.fstec.ru/_doc/reestr_sszi/_reestr_sszi.xls

14

Dependencies of Certifications

Common Criteria

(Security)

FIPS 140-2

(Crypto)

ARCH¹RNG²

FSTEC

RUS-Gov

STIG DISA

US-Mil

PCI DSS

Finance

BSI ITGrundschutz

DE-Gov

¹ ARCH = Security Architecture Document² RNG = Random Number Generator

SUSE Linux Enterprise 12

16

Common Criteria Certification

Formal Details

• Certification Body: BSI• Evaluation Lab: atsec information security• Product (TOE, Target of Evaluation)

SUSE Linux Enterprise Server 12• Protection Profile: OSPP-BSI at EAL4 with

augmentation (Flaw Remediation). • Sponsor: SUSE LLC

• Project Lead: Thomas Biege, CSSLP,Team Leader MaintenanceSecurity at SUSE

17

Common Criteria Certification (2)

TOE Configuration

• Architectures‒ x86-64‒ s390x‒ other architectures might follow

• Virtualization (x86-64)‒ KVM and Xen guest ‒ KVM host configuration

• Installation via AutoYaST

18

FIPS 140-2

Architectures‒ x86-64‒ other architectures might follow

Modules1. Kernel2. libgcrypt3. Disk encryption4. OpenSSL5. OpenSSH Client6. OpenSSH Server7. NSS8. StrongSWAN (IPSec)

19

Dependencies of FIPS CSMs

openssllibgcrypt NSS

CC EAL4+

A depends on B

kernelCrypto

API

FIPS 140-2 Level 2 requires an OS with CC EAL2, at least

opensshserver

opensshclient

strongswan

IKE v1/v2

EDC

dm_cryptcryptsetup

PBKDF

PBKDFcryptoalgos

initializeIPSec

initialize block ciphers

in SUSE Linux Enterprise 12

Thank you.

20

Your Questions!?

Corporate HeadquartersMaxfeldstrasse 590409 NurembergGermany

+49 911 740 53 0 (Worldwide)www.suse.com

Join us on:www.opensuse.org

21

Unpublished Work of SUSE LLC. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.