In order to create more secure systems, standards such as Federal Information Processing Standard 140-2 (FIPS-140) are being more widely used. The FIPS standard provides for limits on which cryptographic protocols can be used, along with limits on the way that those protocols can be used. The standard also provides a process for validating and certifying software implementations.
As FreeRADIUS uses cryptographic protocols (e.g. TLS), a natural question is then “Is FreeRADIUS FIPS-140 compliant?” The answer is:
FreeRADIUS can be used on a FIPS compliant system.
That answer is not necessarily what people like to hear, but it is the most truthful one. To see why, we have to go into some technical background.
Understanding FIPS mode and RADIUS protocol compatibility
The RADIUS protocol was first defined in RFC 2058 in 1997. However, earlier implementations of RADIUS go back to 1993. Given that history, it is safe to assume that the base RADIUS protocol does not use modern cryptographic methods. But what does that mean?
The RADIUS protocol is secured using the MD5 message-digest algorithm. The process used to secure the packets is essentially hashing the packet followed by a secret, and then placing that hash into the packet. Anyone receiving the packet can use the packet and secret to calculate their own version of the hash. If that hash matches what is in the packet, then the packet is considered to be authentic. If the hashes do not match, then the packet is considered to be forged, and it is discarded.
Why FIPS standards matter for authentication protocols
The National Institute of Standards and Technology (NIST) developed FIPS standards to ensure robust security in information technology used by federal agencies. These standards are particularly important for authentication protocols that handle sensitive data transmission between client and server components.
The danger with RADIUS' approach is that MD5 was first broken in 2005. Since then, many other attacks on MD5 have been published. The result of these attacks is that FIPS has long deprecated MD5 and has forbidden its use.
Unfortunately, forbidding the use of MD5 makes it impossible to use RADIUS. This limitation has nothing to do with FreeRADIUS, but it is instead “baked in” to the base RADIUS protocol. We should also point out that despite MD5 being “broken,” there has not yet been a successful attack on RADIUS. So RADIUS is still secure.
The challenge: MD5 use in RADIUS protocol vs. FIPS compliance
Government agencies and organizations that handle sensitive information must comply with FIPS standards for cryptographic algorithms. This creates a significant challenge when using the RADIUS protocol, which relies heavily on MD5 for validating shared secrets and securing communications between clients and servers.
We should also highlight the fact that FreeRADIUS does not implement any cryptographic methods itself (we know our limits). Instead, FreeRADIUS uses OpenSSL to implement all of its cryptographic operations. OpenSSL in turn provides for a FIPS module, which is used in multiple Linux distributions. So FreeRADIUS has some sort of relationship with FIPS mode.
Solutions for running FreeRADIUS on FIPS compliant systems
The obvious question, then, is “How can RADIUS be used in a FIPS compliant system if MD5 is deprecated?” The answer is simple: FreeRADIUS just passes a special flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to the OpenSSL APIs! OpenSSL will see the flag and allow FreeRADIUS to use the “non-FIPS” compliant message digest algorithm, MD5.
This approach allows organizations to maintain FIPS mode on their operating systems while still using the RADIUS protocol for network authentication. The solution effectively isolates the non-compliant cryptographic algorithm to just the essential RADIUS communications while ensuring other cryptographic operations remain FIPS compliant.
FIPS mode benefits for government agencies and enterprise networks
That summary is very high level and is focused on FreeRADIUS. For a more comprehensive evaluation of FIPS, we recommend an article from Microsoft on the limitations of FIPS. That article discusses a number of caveats and concerns with using FIPS.
So, then, why use FIPS? The simple answer is that FIPS mode can help prevent the use of insecure cryptographic methods in protocols such as EAP-TLS or PEAP. When FIPS mode is enabled for systems running FreeRADIUS, it is impossible for EAP-TLS or PEAP to negotiate insecure cryptographic methods with FreeRADIUS.
Best practices for FIPS compliance with legacy authentication protocols
For organizations that must maintain compliance with federal information processing standards while using legacy authentication protocols like RADIUS, careful implementation is essential. While usernames and passwords authentication via RADIUS may use MD5, other aspects of your network security can remain fully FIPS compliant.
To close out this article, we should ask again “Can FreeRADIUS work with FIPS mode?” As we have seen here, the answer to that question is not a simple “yes” or “no.” Instead, we can say that FreeRADIUS is as secure as possible, given the limitations of RADIUS, OpenSSL, and the underlying system. And that FreeRADIUS can be used on a FIPS compliant system.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue, including implementing FIPS mode with legacy authentication systems. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Making RADIUS More Secure
As we’ve previously discussed, there are several insecure elements in RADIUS. We are currently working in the IETF (Internet Engineering Task Force) to close those gaps and improve security for everyone. This article outlines some of the current shortcomings of RADIUS, best practices for mitigating against them, and a roadmap for how these vulnerabilities will be addressed within the RADIUS standard.
Announcing SRADIUS
RADIUS has used MD5 for security for almost thirty years. It is time to use a modern alternative: SRADIUS!
We just released an Internet-Draft which defines “Secure RADIUS”, or “SRADIUS”. We also have preliminary code available. It’s only a small change from RADIUS, but (we hope) a big leap forward in RADIUS security.