Version 3 Revision 5 -i- IBM LTO Generation 4 Encrypting Tape Drive Security Policy Version 3 Revision 5 ii Version 3 Revision 5 1 Document History .................................................................................................................................................. 1 2 Introduction ............................................................................................................................................................ 2 2.1 References............................................................................................................................................... 3 2.2 Document Organization ........................................................................................................................ 3 3 LTO Generation 4 Encrypting Tape Drive Cryptographic Module Description .................................................... 4 3.1 Overview ................................................................................................................................................. 4 3.2 Secure Configuration............................................................................................................................. 6 3.3 Ports and Interfaces ............................................................................................................................... 9 3.4 Roles and Services................................................................................................................................ 11 3.5 Physical Security .................................................................................................................................. 17 3.6 Cryptographic Algorithms and Key Management............................................................................ 18 3.7 Design Assurance ................................................................................................................................. 21 3.8 Mitigation of other attacks .................................................................................................................. 21 Version 3 Revision 5 -1- 1 Document History Date Author Change 08/20/2007 Christine Knibloe Initial Creation 12/10/2007 Christine Knibloe V1.1 Corrected External Key Manager Correct bypass information BAB port clarification 06/13/2008 Christine Knibloe V2.0 Incorporate feedback 09/17/2008 Christine Knibloe V3.0 Incorporate all host interfaces Incorporate panel feedback Added GCM information Added standalone module Modified security parameter table 11/11/2008 Christine Knibloe V3.1 Update tables and diagrams 11/17/2008 Christine Knibloe V3.2 Update Security Parameters table 12/01/2008 Christine Knibloe V3.3 Update Self-Test table 04/10/2009 Christine Knibloe V3.4 Incorporate CMVP comments. Inserted tables. 6/1/2009 Christine Knibloe V3.5 Incorporate CMVP comments. 2 Version 3 Revision 5 2 Introduction This non-proprietary security policy describes the IBM LTO Generation 4 Encrypting Tape Drive cryptographic module and the approved mode of operation for FIPS 140-2, security level 1 requirements. This policy was prepared as part of FIPS 140-2 validation of the LTO Gen4. The LTO Gen4 Encrypting Tape Drive is referred to in this document as the LTO Gen4, the IBM LTO Gen4, and the encrypting tape drive. FIPS 140-2 (Federal Information Processing Standards Publication 140-2--Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/index.html The security policy document is organized in the following sections. Introduction · References · Document Organization LTO Gen4 Encrypting Tape Drive Cryptographic Module Description · Cryptographic Module Overview · Secure Configuration · Cryptographic Module Ports and Interfaces · Roles and Services · Physical Security · Cryptographic Key Management · Self-Tests · Design Assurance · Mitigation of Other Attacks 3 Version 3 Revision 5 2.1 References This document describes only the cryptographic operations and capabilities of the LTO Gen4 Encrypting Tape Drive. More information is available on the general function of the LTO Gen4 Encrypting Tape Drive at the IBM web site: http://www.ibm.com/storage/tape/ The tape drive meets the T10 SCSI-3 Stream Commands (SSC) standard for the behavior of sequential access devices. The LTO Gen4 Encryption Tape Drive supports 3 host interface types: Ultra320 Small Computer System Interface (SCSI), fibre channel (FC), and serial-attached SCSI (SAS). The physical and protocol behavior of these ports conforms to their respective specifications. These specifications are available at the INCITS T10 standards web site: http://www.T10.org / A Redbook describing tape encryption and user configuration of the LTO Gen4 drive in various environments can be found at: http://www.redbooks.ibm.com/abstracts/sg247320.html?Open The LTO Gen4 drive format on the tape media is designed to conform to the IEEE P1619.1 committee draft proposal for recommendations for protecting data at rest on tape media. Details on P1619.1 may be found at: http://ieee-p1619.wetpaint.com/ 2.2 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the submission package contains: Vendor Evidence Document Other supporting documentation and additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to IBM and is releasable only under appropriate non-disclosure agreements. For access to these documents, contact IBM. 4 Version 3 Revision 5 3 LTO Generation 4 Encrypting Tape Drive Cryptographic Module Description 3.1 Overview The LTO Gen4 Encrypting Tape Drive is a set of hardware, firmware, and interfaces allowing the optional storage and retrieval of encrypted data to magnetic tape cartridges. The entire "brick" unit of the LTO Gen4 tape drive is FIPS 140-2 validated as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library. Block diagrams of the LTO Gen4 Encrypting Tape Drive are shown below: Cryptographic Module Block Diagram BAB Port (J11) Protect SDRAM Write SDRAM (J4) (U52,U54) (U19,U20,U21,U22) SCSI SCSI Port (J1,SW2,D1,D13) FAS695 Front Panel (J20) (U58) ID Yuri (U24) Power Flash (U69) Other Cartridge Mem RS- RS- Feature Threader Card 422 232 Switches (J8) (J38) Functions Deck (J10) (U14,U9,U13, SH7780 U8,U46,U48) (U16) (S4) Head Tape (J6) (J30) Port SDRAM (U10,U11) Main Card Drive Figure 1a: LTO Gen4 Ultra320 SCSI Drive Block Diagram 5 Version 3 Revision 5 Cryptographic Module Block Diagram BAB Port (J11) Protect SDRAM Write SDRAM (J4) (U52,U54) (U19,U20,U21,U22) Port 0 Port 1 Loop Link 422 232 Switches Port (J28) FC FC (J1,SW2,D1,D13) Front Panel FAS600 (J32) (U71) Yuri (U24) (J39) (J40) FC FC RS- RS- Feature Threader Flash (U69) Other Cartridge Mem Card (J8) (J38) Functions Deck (J10) (U14,U9,U13, SH7780 U8,U46,U48) (U16) (S4) Head Tape (J6) (J30) SDRAM (U10,U11) Main Card Power (J37) Drive Figure 2b: LTO Gen4 Fibre Channel Drive Block Diagram Cryptographic Module Block Diagram BAB Port (J11) Protect SDRAM Write SDRAM (J4) (U52,U54) (U19,U20,U21,U22) Port 0 Port 1 SAS SAS (J1,SW2,D1,D13) (J28) Front Panel FAS762 (U49) Yuri (U24) Flash (U69) Other Cartridge Mem RS- RS- Feature Threader Card 422 232 Switches (J8) (J38) Functions Deck (J10) (U14,U9,U13, SH7780 U8,U46,U48) (U16) (S4) Head Tape (J6) (J30) Port SDRAM (U10,U11) Main Card Power (J32) Drive Figure 3c: LTO Gen4 SAS Drive Block Diagram 6 Version 3 Revision 5 The LTO Gen4 Encrypting Tape Drive has two major cryptographic functions: Data Block Cipher Facility: The tape drive provides functions which provide the ability for standard tape data blocks as received during SCSI-type write commands to be encrypted before being recorded to media using AES-GCM block cipher using a provided key, and decrypted during reads from tape using a provided key. o Note the AES-GCM block cipher operation is performed after compression of the host data therefore not impacting capacity and data rate performance of the compression function o The LTO Gen4 drive automatically performs a complete and separate decryption and decompression check of host data blocks after the compression/encryption process to validate there were no errors in the encoding process Secure Key Interface Facility: The tape drive provides functions which allow authentication of the tape drive to an external IBM key manager, such as the IBM Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and allow transfer of protected key material between the key manager and the tape drive. 3.2 Secure Configuration This section describes the approved mode of operation for the LTO Gen4 drive to maintain FIPS 140-2 validation. There are two configurations for the LTO Gen4 in the approved mode of operation. They are: System-Managed Encryption (SME) Library-Managed Encryption (LME) There are two different methods an operator may use to select one of the configurations. The first is configuring the drive's VPD via the library interface. The second method is issuing a SCSI Mode Select command to set values in Mode Page X'25'. In order to be in the approved mode of operation, one of the aforementioned configurations (SME or LME) must be enabled and the values of the fields Key Path (manager Type) (from VPD), In-band Key Path (Manager Type) Override, Indirect Key Mode Default, Key Scope, and Encryption Method must be set according to the table below. More details can be found in the LTO Ultrium Tape Drive SCSI Reference. Table 1: Settings for Approved Configurations Required Fields System-Managed Library-Managed Encryption (SME) Encryption (LME) Key Path (Manager Type) (from VPD) X'1' X'6' Mode Page X'25', byte 21, bits 7-5 In-band Key Path (Manager Type) Override X'0' or X'1' X'0' Mode Page X'25', byte 21, bits 4-2 Indirect Key Mode Default B'0' B'0' Mode Page X'25', byte 22, bit 4 Key Scope X'0' or X'1' X'0' or X'1' Mode Page X'25', byte 23, bits 2-0 Encryption Method X'10' or X'1F' X'60' Mode Page X'25', byte 27 A user can determine if the LTO Gen4 is in the approved mode of operation by issuing a SCSI Mode Sense command to Mode Page X'25' and evaluating the values returned. 7 Version 3 Revision 5 Certain commands are prohibited while in the approved mode of operation. The commands vary based on which configuration is used in the approved mode. In the LME configuration, all Mode Select commands to subpages of Mode Page X'25' are prohibited. In the SME configuration, Mode Select commands to the following subpages of Mode Page X'25' are prohibited. Table 2: Mode Select Eligibility of Mode Page X'25' Subpages Mode Page X'25' Subpages System-Managed Encryption Library-Managed Encryption (SME) (LME) X'C0' ­ Control/Status Allowed Prohibited X'D0' ­ Generate dAK/dAK' Pair Prohibited Prohibited X'D1' ­ Query dAK Prohibited Prohibited X'D2' ­ Update dAK/dAK' Pair Prohibited Prohibited X'D3' ­ Remove dAK/dAK' Pair Prohibited Prohibited X'D5' ­ Drive Challenge/Response Allowed Prohibited X'D6' ­ Query Drive Certificate Allowed Prohibited X'D7' ­ Query/Setup HMAC Prohibited Prohibited X'D8' ­ Install eAK Prohibited Prohibited X'D9' ­ Query eAK Prohibited Prohibited X'DA' ­ Update eAK Prohibited Prohibited X'DB' ­ Remove eAK Prohibited Prohibited X'DF' ­ Query dSK Allowed Prohibited X'E0' ­ Setup SEDK Allowed Prohibited X'E1' ­ Alter DKi Allowed Prohibited X'E2' ­ Query DKi (Active) Allowed Prohibited X'E3' ­ Query DKi (Needed) Allowed Prohibited X'E4' ­ Query DKi (Entire) Allowed Prohibited X'E5' ­ Query DKi (Pending) Allowed Prohibited X'EE' ­ Request DKi (Translate) Allowed Prohibited X'EF' ­ Request DKi (Generate) Allowed Prohibited X'FE' ­ Drive Error Notify Allowed Prohibited Loading a FIPS-validated drive microcode level and configuring the drive for SME or LME operation initializes the LTO Gen4 into the approved mode of operation. The LTO Gen4 supports multi-initiator environments, but only one initiator may access cryptographic functions at any given time. Therefore the LTO Gen4 does not support multiple concurrent operators. The LTO Gen4 implements a non-modifiable operational environment which consists of a firmware image stored in FLASH. The firmware image is copied to, and executed from, RAM. The firmware image can only be updated via FIPS-approved methods that verify the validity of the image. The LTO Gen4 drive brick operates as a stand-alone tape drive and has no direct dependency on any specific operating system or platform for FIPS approved operating mode, but does have requirements for: · Key Manager/Key Store attachment · Drive Configuration 8 Version 3 Revision 5 The following criteria apply to the usage environment: Key Manager and Key Store Attachment o In both SME and LME configurations, an IBM key manager, such as the Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and a supported key store must be used in a manner which supports secure import and export of keys with the LTO Gen4 drive : · Keys must be securely passed into the LTO Gen4 drive. The key manager must support encryption of the Data Key to form a Session Encrypted Data Key (SEDK) for transfer to the LTO Gen4. The SEDK is created by encrypting the Data Key using the public Session Key to perform 2048-bit RSA encryption. · The key manager/key store must be able to use the Data Key index (DKi) it supplies the drive to determine the Data Key. Drive Configuration requirements o The LTO Gen4 drive must be configured for SME or LME operation. o The LTO Gen4 drive must have the FIPS 140-2 validated drive firmware level loaded and operational. o Drive must be configured in the approved mode of operation. o In LME configuration, the LTO Gen4 drive must be operated in an automation device which operates to the LDI or ADI interface specifications provided. 9 Version 3 Revision 5 3.3 Ports and Interfaces The cryptographic boundary of the LTO Gen4 drive cryptographic module is the drive "brick" boundary and therefore supports all the interfaces of a standard tape drive. Tape data blocks to be encrypted (write operations) or decrypted data blocks to be returned to the host (read operation) are transferred on the host interface ports using SCSI commands, while protected key material may be received on the host interface ports or the library port. The physical ports are separated into FIPS-140-2 logical ports as described below. Table 3: Ports Common to All Host Interface Types LTO Gen4 Drive FIPS-140-2 Crypto Interface Functionality Physical Ports Logical Interface Services BAB Port Disabled by FIPS Disabled by FIPS approved firmware levels. approved None firmware levels. RS-422 Port Data Input Inputs data Data Output Yes Crypto: Inputs protected keys from the key Control Input manager in LME configuration. Status Output Outputs data Outputs encrypted key components Inputs LDI and LMI protocol commands. Outputs LDI and LMI protocol status. RS-232 Port Disabled by FIPS Disabled by FIPS approved firmware levels. approved None firmware levels. Threader Power Power Supplies power to threader unit internal to tape Port None drive brick. Input Power Port Power Inputs power to the LTO Gen4 drive None Write Protect Control Input Inputs write protect state of the cartridge Switch None Front Panel Single- Status Output Displays status Character Display None (SCD) Front Panel Amber Status Output Displays status LED None Front Panel Green Status Output Displays status LED None Front Panel Unload Control Input Inputs unload command Button None Places the drive in manual diagnostic mode Scrolls through manual diagnostics Exits manual diagnostic mode Forces drive dump Resets the drive Read/Write Head Data Input Inputs data from tape cartridges Data Output None Outputs data to tape cartridges Inputs command to load firmware from special FMR cartridges Encrypted data is recorded to media or read back from media on this interface 10 Version 3 Revision 5 Table 4a: Ultra320 SCSI-Specific Host Interface Ports LTO Gen4 FIPS-140-2 Crypto Interface Functionality Ultra320 SCSI Logical Interface Services Drive Physical Ports SCSI Port Data Input Yes Inputs data Data Output Crypto: Inputs protected keys from the key Control Input manager in SME configuration. Status Output Outputs data Outputs encrypted key components Inputs SSC-3 SCSI protocol commands Outputs SSC-3 SCSI protocol status SCSI ID Port Control Input None Inputs SCSI ID control parameters Feature Switches Control Input None Inputs RS-422 interface control parameters Inputs SCSI interface control parameters Inputs read/write head cleaner brush control parameters Table 4b: Fibre Channel-Specific Host Interfaces Ports LTO Gen4 FC FIPS-140-2 Crypto Interface Functionality Drive Logical Interface Services Physical Ports Fibre Channel Port Data Input Inputs data 0 Data Output Yes Crypto: Inputs protected keys from the key Fibre Channel Port Control Input manager in SME configuration. 1 Status Output Outputs data Outputs encrypted key components Inputs SSC-3 SCSI protocol commands Outputs SSC-3 SCSI protocol status Fibre Channel Control Input Inputs fibre channel interface control parameters Loop ID Port Status Output None Outputs fibre channel interface status Fibre Channel Link Control Input Inputs fibre channel interface control parameters Characteristics Port None Feature Switches Control Input Inputs RS-422 interface control parameters None Inputs fibre channel interface control parameters Inputs read/write head cleaner brush control parameters Table 4c: SAS-Specific Host Interfaces Ports LTO Gen4 SAS drive FIPS-140-2 Separation of Physical Ports Logical Interface Logical Interfaces SAS Connector Data Input Physical separation: Data Output Pins P1-P15 are power input Control Input Pins S1-S7 are SAS Port 0 Status Output Pins S8-S14 are SAS Port 1 Power Logical Separation (SAS Ports): T10 SAS Standards Feature Switches Control Input N/A 11 Version 3 Revision 5 3.4 Roles and Services The LTO Gen4 drive supports both a Crypto Officer role and a User role, and uses basic cryptographic functions to provide higher level services. For example, the LTO Gen4 drive uses the cryptographic functions as part of its data reading and writing operations in order to perform the encryption/decryption of data stored on a tape. The Crypto Officer role is implicitly assumed when an operator performs key zeroization. The User role is implicitly assumed for all other services. The two main services the LTO Gen4 drive provides are: · Encryption or decryption of tape data blocks using the Data Block Cipher Facility. · Establishment and use of a secure key channel for key material passing by the Secure Key Interface Facility. It is important to note that the Secure Key Interface Facility may be an automatically invoked service when a user issues Write or Read commands with encryption enabled that require key acquisition by the LTO Gen4 drive. Under these circumstances the LTO Gen4 drive automatically establishes a secure communication channel with a key manager and performs secure key transfer before the underlying write or read command may be processed. 3.4.1 User Guidance The services table describes what services are available to the User and Crypto Officer roles. There is no authentication required for accessing the User Role There is no authentication required for accessing the Crypto Officer Role Single Operator requirements: The LTO Gen4 drive enforces a requirement that only one host interface initiator may have access to cryptographic services at any given time. 12 Version 3 Revision 5 3.4.2 Provided Services Available services are also documented in the specified references. They are summarized here: Table 5: Provided Services Service Interface(s) Description Inputs Outputs Role General SCSI - Host As documented in the Formatted Formatted User commands LTO Ultrium Tape Drive Operational Operational SCSI Reference Codes and Codes and Messages Messages General Library - Library As documented in the Formatted Formatted User Interface commands Drive Library LDI and Operational Operational LMI Interface Codes and Codes and Specifications Messages Messages Unload via Button - Front Panel Unload via unload button Button press Green LED User Unload flashes Button while unload is in progress. Places the drive in - Front Panel Place in manual Button press SCD User manual diagnostic Unload diagnostic mode via the displays 0. mode Button unload button Amber LED becomes solid. Scrolls through - Front Panel Scroll through manual Button press SCD User manual diagnostic Unload diagnostic functions via changes to functions Button the unload button indicate scrolling. Exits manual - Front Panel Exit manual diagnostic Button press SCD User diagnostic mode Unload mode via the unload becomes Button button blank. Green LED becomes solid. Forces drive dump - Front Panel Force a drive dump via Button press SCD shows User Unload the unload button 0, then Button becomes blank. Resets the drive - Front Panel Power-cycle the device Button press Reboot User Unload via Unload Button occurs. Button LED status display - Front Panel Display Power-On status From LTO On or off User Unload via LED Gen4 drive Button operating system Single-Character - Front Panel Display status via Single- From LTO Single- User Display (SCD) Unload Character Display Gen4 drive character Button operating status system messages 13 Version 3 Revision 5 Service Interface(s) Description Inputs Outputs Role Encrypting Write- - Host The Secure Key Interface - Plaintext - Encrypted User type Command Facility automatically data data on tape requests a key, provides - SEDK - DKi on authentication data, - DKi tape securely transfers and verifies the key material. The Data Block Cipher Facility encrypts the data block with the received Data Key using AES- GCM block cipher for recording to media. A received DKi is automatically written to media using the Cartridge memory and the RW Head Interface. The decryption-on-the- fly check performs AES- GCM decryption of the encrypted data block and verifies the correctness of the encryption process Decrypting Read- - Host The Secure Key Interface SEDK - Plaintext User type Command Facility automatically data to host requests a key, provides authentication data and DKi information if available, securely transfers and verifies the key material. The received Data Key is used by the Data Block Cipher Facility to decrypt the data block with using AES-GCM decryption and returning plaintext data blocks to the host; Optionally in Raw mode the encrypted data block may be returned to the host in encrypted form (not supported in approved configuration) Set Encryption - Host Performed via Mode Requested None User Control Parameters - Library Select to Mode Page Mode Page (including Bypass x'25' and Encryption and Subpage Mode) Subpage X'C0' Query Encryption - Host Performed via Mode Requested Mode Data User Control Parameters - Library Sense to Mode Page Mode Page (including Bypass x'25' and Encryption and Subpage Mode) Subpage X'C0' "Show Status" 14 Version 3 Revision 5 Service Interface(s) Description Inputs Outputs Role Show Status - Front Panel Visual indicators that an From LTO Visual User (Visual Indicators ) LEDs and encryption operation is Gen4 drive indicators Single- currently in progress may operating on front Character be monitored on the front system panel Display panel Drive - Host Allows programming Requested Mode Data User Challenge/Response - Library challenge data and Mode Page reading an optionally) and Subpage encrypted, signed response; not used in default configuration. Performed via mode select and mode sense to Mode Page x'25' and Encryption Subpage x'D5'; not used in default configuration Query Drive - Host Allows reading of the Requested Mode Data User Certificate - Library Drive Certificate public Mode Page key. Performed via mode and Subpage sense to Mode Page x'25' and Encryption Subpage x'D6'; the provided certificate is signed by the IBM Tape Root CA. Query dSK - Host Allows reading of the Requested Mode Data User - Library Drive Session (Public) Mode Page Key Performed via and Subpage mode sense to Mode Page x'25' and Encryption Subpage X'DF' . Setup SEDK - Host This is the means to Requested Mode Data User structure (a - Library import a protected private Mode Page protected key key to the LTO Gen4 and Subpage structure) drive for use in writing and encrypted tape or in order to read a previously encrypted tape. Performed via mode select to Mode Page x'25' and Encryption Subpage x'E0'. In this service, the module generates a drive session key pair. The module then sends the dSK to the key manager where it is used to create an SEDK. Then, the key manager sends the SEDK back to the module. 15 Version 3 Revision 5 Service Interface(s) Description Inputs Outputs Role Query DKi(s) ­ - Host Allows the reading from Requested Mode Data User active, needed, - Library the drive of DKi Mode Page pending , entire (all) structures in different and Subpage categories for the medium currently mounted. Performed by Mode Select commands to Mode Page x25' and various subpages. Request DKi(s) - Host This status command is Requested Mode Data User Translate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it has read DKi structures from a mounted, encrypted tape and needs them translated to an SEDK and returned for the drive to read the tape. The key manager issues this command to read DKi structures which the drive requires to be translated by the Key Manager and subsequently returned to the drive as an SEDK structure to enable reading of the currently active encrypted area of tape. Performed via mode sense to Mode Page x'25' and Encryption Subpage X'EE'. Request DKi(s) - Host This status command is Requested Mode Data User Generate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it requires new SEDK and DKi structures to process a request to write an encrypted tape. This page provides information about the type of key the drive is requesting. Performed via mode sense to Mode Page x'25' and Encryption Subpage X'EF'. 16 Version 3 Revision 5 Service Interface(s) Description Inputs Outputs Role Alter DKi(s) - Host This command is used to Requested Mode Data User - Library modify the DKi Mode Page structures stored to tape and Subpage and cartridge memory. The LTO Gen4 drive will write the modified structures out to the tape and cartridge memory as directed. Performed via mode sense to Mode Page x'25' and Encryption Subpage x'E1'. Drive Error Notify - Host These status responses Requested Mode Data User and Drive Error - Library are the means used by the Mode Page Notify Query drive to notify the Key and Subpage Manager that an action is required, such as a Key generation or Translate, to proceed with an encrypted write or read operation. These status responses are read via Mode Sense commands to Mode Page x'25' subpage `EF" and `FF'. Power-Up Self-Tests - Power Performs integrity and None Failure User, - Host cryptographic algorithm required status, if Crypto - Library self-tests, firmware applicable Officer image signature verification Configure Drive - Host Allows controlling of From LTO Vital User Vital Product Data - Library default encryption mode Gen4 drive Product (VPD) settings and other operating operating Data (VPD) parameters system Key Path Check - Host As documented in the Diagnostic Diagnositc User diagnostic LTO Ultrium Tape Drive command command SCSI Reference specifying status the Key Path diagnostic Key Zeroization - Host Zeroes all private Diagnostic Diagnositc Crypto plaintext keys in the LTO command command Officer Gen4 drive via a Send specifying status Diagnostic command the Key with Diagnostic ID Zeroization EFFFh, as documented in the IBM TotalStorage LTO Ultrium Tape Drive SCSI Reference. 17 Version 3 Revision 5 3.5 Physical Security The LTO Gen4 drive cryptographic boundary is the drive "brick" unit. The drive brick unit has industrial grade covers, and all the drive's components are production grade. The LTO Gen4 drive requires no preventative maintenance, and field repair is not performed for the unit. The drive brick covers are not removed in the field in the approved configuration. All failing units must be sent intact to the factory for repair. Figure 2 LTO Gen4 Drive Brick 18 Version 3 Revision 5 3.6 Cryptographic Algorithms and Key Management 3.6.1 Cryptographic Algorithms The LTO Gen4 drive supports the following basic cryptographic functions. These functions are used by the Secure Key Interface Facility or the Data Block Cipher Facility to provide higher level user services. Table 6: Basic Cryptographic Functions Algorithm Type /Usage Specification / Performed by Algorithm Approved / Used by Certificate AES-ECB mode Used as the underlying AES: FIPS-197 ASIC #918 and Encryption / decryption cipher for AES-GCM. #919 (256-bit keys) Not available as a separate service. AES-GCM mode Symmetric Cipher AES: FIPS-197 ASIC AES Certs. encryption / decryption Encrypts data blocks GCM: SP800-38D #918 and (256-bit keys) while performing #919; decrypt-on-the-fly vendor- verification affirmed Decrypts data blocks PRNG IV generation for AES- FIPS 186-2 using Firmware #527 GCM, Drive Session SHA-1 Key generation SHA-1 Hashing Algorithm FIPS 180-2 Firmware #906 Multiple uses SHA-256 Hashing Algorithm FIPS 180-2 Firmware #906 Digest checked on key manager messages, digest appended on messages to key manager PKCS #1 :RSA Key Key Generation Non-approved (but Firmware N/A Generation Session key generation may be used if (1024/2048-bit keys) used only for encryption ) PKCS #1 :RSA Digital signature Approved Firmware #446 Sign/Verify signing and verification Used to sign the session key with dCert' Verifies firmware image signature before use on new firmware image load PKCS #1 RSA Decryption of Non-approved (but Firmware N/A Encryption/Decryption transported key may be used in (1024/2048-bit keys) material FIPS mode for key SEDK decrypt transport) TRNG (Custom) Seeding PRNG Non-Approved ASIC N/A 19 Version 3 Revision 5 3.6.2 Security Parameters The following table provides a summary of both critical security parameters (CSPs) and non-critical security parameters used by the LTO Gen4 drive. Table 7: Security Parameters Security CSP Key Type Input into Output Generation Storage Storage Form Zeroized Parameter Module from Method Location Module Drive No RSA Yes - Yes N/A Drive Non-volatile N/A Certificate 2048-bit at time of Vital Plaintext Public Key PKCS#1 manufacture Product (dCert) Data (VPD) Drive Yes RSA Yes - No N/A Drive Non-volatile Yes Certificate 2048-bit at time of VPD X.509 Private Key PKCS#1 manufacture certificate (dCert') signed with the IBM Tape root CA Drive No RSA No ­ Yes Non-approved, Drive Ephemeral N/A Session 2048-bit Generated allowed in RAM Plaintext Public Key PKCS#1 by module FIPS mode (dSK) Drive Yes RSA No ­ No Non-approved, Drive Ephemeral Yes Session 2048-bit Generated allowed in RAM Plaintext Private PKCS#1 by module FIPS mode Key (dSK') Session No RSA-2048 Yes No N/A Drive Ephemeral Yes Encrypted encrypted RAM Encrypted Data Key with the (SEDK) dSK Data Key Yes AES Yes ­ No N/A Before Ephemeral Yes (DK) 256-bit (Received in Use: Plaintext symmetric encrypted Drive key form, RAM encapsulated in the When in Ephemeral SEDK) use: Encrypted Stored In form as SEDK ASIC; (unreadab le register) 186-2 Yes Seed No ­ No TRNG Drive Ephemeral Yes PRNG Generated RAM Plaintext Key by module 186-2 Yes Seed No ­ No TRNG Drive Ephemeral Yes PRNG Seed (20 bytes) Generated RAM Plaintext by module Additional notes on key management: · Secret and Private keys are never output from the LTO Gen4 drive in plaintext form. · Secret and Private keys may only be imported to the LTO Gen4 drive in encrypted form. 20 Version 3 Revision 5 3.6.3 Self-Test The LTO Gen4 drive performs both Power On Self Tests and Conditional Self tests as follows. The operator shall power cycle the device to invoke the Power On Self tests. Table 8: Self-Tests Function Tested Self-Test Type Implementation AES-GCM Power-Up KAT performed for Encrypt and Decrypt (256-bit keys) (256-bit) PRNG Power-Up KAT performed SHA-1 Power-Up KAT performed SHA-256 Power-Up KAT performed RSA PKCS #1 Power-Up KAT performed Sign/Verify Software/Firmware Power-Up RSA PKCS #1 digital signature verification Integrity Check drive of PPC firmware; CRC check of SH vital firmware product data (VPD); CRC check of FPGA image. PRNG Conditional: Ensure the newly generated random number When a random number is does not match the previously generated generated using the approved random number. Also ensure the first PRNG number generated after start up is not used and is stored for the next comparison TRNG (Custom) Conditional: Ensure the newly generated random number When a random number is does not match the previously generated generated using the non- random number. Also ensure the first approved TRNG number generated after start up is not used and is stored for the next comparison Software/Firmware Conditional: RSA PKCS #1 signature verification of new Load Check When new firmware is loaded or firmware image before new image may be current firmware is re-booted loaded Seed and Seed key Conditional: Ensure that the XSeed and XKey values are check When seeding or re-seeding an not equal for FIPS 186-2 generation. approved PRNG; TRNG is used XKey and XSeed are generated from the for this purpose. (See TRNG hardware TRNG, and compared on conditional self-test.) instantiation of the PRNGs. If XKey is equal to XSeed then they are regenerated until not equal. Exclusive Crypto Conditional: Ensure the correct output of data after Bypass Test When switching between switching modes encryption and bypass modes Check to ensure the key is properly loaded Key Path test Conditional: The drive will initiate a key request and key When the Send Diagnostic transfer operation with an attached Key command specifying this Manager; random protected key material is diagnostic number is received imported into the device and checked for from the host fibre or library validity; status is reported back to the Key port; the drive must be unloaded Manager and the invoking Host and idle or the command is rejected 21 Version 3 Revision 5 3.6.4 Bypass States The LTO Gen4 drive supports a single static bypass mode. Bypass entry, exit, and status features are provided to meet approved methods for use of bypass states. Two independent internal actions are required to activate bypass mode. First, the LTO Gen4 drive checks the host interface on which the bypass request was received for transmission errors. Then the LTO Gen4 drive checks the settings in the Encryption Control 1 field of Mode Page X'25' to determine if the bypass capability is enabled. 3.7 Design Assurance LTO Gen4 drive release parts are maintained under the IBM Engineering Control (EC) system. All components are assigned a part number and EC level and may not be changed without re-release of a new part number or EC level. The following table shows the validated configuration for each host interfaces of the LTO Gen4 encrypting tape drive: Table 9: Validated Configurations IBM LTO Generation 4 Hardware Hardware Firmware Image Encrypting Tape Drive Part Number EC Level Ultra320 SCSI Drive 95P4613 H82642B df080911bf_89Bb.SPI.fips.ro Fibre Channel Drive 23R9539 H82590C df080911bf_89Bb.FC.fips.ro SAS Drive 23R9904 H82264 df080911bf_89Bb.SAS.fips.ro 3.8 Mitigation of other attacks The LTO Gen4 drive does not claim to mitigate other attacks.