NSM Application Cryptographic Module Security Policy Version: 1.3 Revision Date: April 1, 2010 This document may be reproduced and distributed whole and unmodified without explicit permission from McAfee, Inc. McAfee, Inc. CHANGE RECORD Revision Date Author Description of Change 1.0 11/13/2009 James Reardon Initial version 1.1 11/23/2009 James Reardon Added Algorithm Cert #'s 1.2 12/9/2009 James Reardon Updated TBDs 1.3 4/01/2010 James Reardon Updated Table 3 NSM Application Crypto Module Security Policy Page 2 of 16 McAfee, Inc. Contents 1 Module Overview ............................................................................................................................................ 5 Security Level ........................................................................................................................................................... 6 2 Modes of Operation ........................................................................................................................................ 7 2.1 FIPS Approved Mode of Operation ......................................................................................................................... 7 2.1.1 Approved and Allowed Algorithms.................................................................................................................... 7 2.2 NonApproved Mode of Operation......................................................................................................................... 7 2.2.1 NonApproved Algorithms................................................................................................................................. 7 3 Ports and Interfaces ........................................................................................................................................ 8 4 Identification and Authentication Policy ......................................................................................................... 9 4.1 Assumption of Roles ............................................................................................................................................... 9 5 Access Control Policy..................................................................................................................................... 11 5.1 Roles and Services ................................................................................................................................................ 11 5.2 Unauthenticated Services..................................................................................................................................... 11 5.3 Definition of Critical Security Parameters (CSPs).................................................................................................. 12 5.4 Definition of Public Keys ....................................................................................................................................... 12 5.5 Definition of CSPs Modes of Access ...................................................................................................................... 13 6 Operational Environment.............................................................................................................................. 14 7 Security Rules ................................................................................................................................................ 15 8 Physical Security Policy.................................................................................................................................. 16 8.1 Physical Security Mechanisms .............................................................................................................................. 16 9 Mitigation of Other Attacks Policy ................................................................................................................ 16 10 References..................................................................................................................................................... 16 NSM Application Crypto Module Security Policy Page 3 of 16 McAfee, Inc. Tables Table 1 Module Security Level Specification.......................................................................................................... 6 Table 2 FIPS Approved Algorithms Used in Current Module ................................................................................. 7 Table 3 NonFIPS Approved Algorithms Allowed in FIPS Mode............................................................................. 7 Table 4 NonApproved, NonAllowed Algorithms ................................................................................................. 8 Table 5 FIPS 1402 Ports and Interfaces................................................................................................................. 8 Table 6 Roles and Required Identification and Authentication ............................................................................. 9 Table 7 ­ Authenticated Services ........................................................................................................................... 11 Table 8 Private Keys and CSPs.............................................................................................................................. 12 Table 9 Public Keys............................................................................................................................................... 12 Table 10 CSP Access Rights within Roles & Services ............................................................................................ 13 Figures Figure 1 ­Cryptographic Module Diagram ............................................................................................................... 5 NSM Application Crypto Module Security Policy Page 4 of 16 McAfee, Inc. 1 Module Overview McAfee Network Security Platform is a network-class IPS appliance that protects every network- connected device by blocking attacks in real time before they can cause damage. It combines IPS, application control, and behavioral detection to block encrypted attacks, botnets, SYN flood, DDoS, and Trojans and enable regulatory compliance. It protects business, systems, and networks with one proven solution that goes beyond IPS. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application. The McAfee NSM Application Cryptographic Module is a software module designed to operate in compliance with FIPS 140-2 Level 2 security requirements. External devices (Client GPC, Host Keyboard, Monitor, etc...) GPC Hardware (CPU, Ports, Hard Drive, System memory, etc...) Operating System: Windows 2003 Server (Kernel, Device drivers, etc...) Application Cryptographic Module NSM Secure UI Data Base Boundary: Crypto Module NSM Application Crypto Module Figure 1 ­Cryptographic Module Diagram The boundary of the module is defined by the configuration of hardware and software for this validation is: Software: NSM Application Cryptographic Module Software Version: 1.0 Available in the following: McAfee NSM 5.1 Cryptographic Module Package, Version 5.1.15.10 The module was operational tested on the following Common Criteria evaluated platform: · Dell PowerEdge SC1420 running Windows Server 2003 Standard (SP 2) CC EAL 4 CCEVS Validation Report available at: http://www.niap-ccevs.org/st/st_vid10184-vr.pdf The system patches and updates configured as described in the OS Security Target (http://www.niap- ccevs.org/cc-scheme/st/st_vid10184-st.pdf) NSM Application Crypto Module Security Policy Page 5 of 16 McAfee, Inc. Security Level The cryptographic module meets the overall requirements applicable to FIPS 140-2 Level 2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security N/A Operational Environment 2 Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A NSM Application Crypto Module Security Policy Page 6 of 16 McAfee, Inc. 2 Modes of Operation 2.1 FIPS Approved Mode of Operation The module operates in the Approved mode of operation following successful power up initialization, configuration and adherence to security policy rules and requirements. Rules and requirements for operation in the approved mode of operation are defined in section 6. 2.1.1 Approved and Allowed Algorithms The cryptographic module supports the following FIPS Approved algorithms. Table 2 - FIPS Approved Algorithms Used in Current Module FIPS Approved Algorithm CAVP Cert. # BSafe TLSv1: AES ­ 128 bits CBC and CFB 1237 BSafe TLSv1: RSA Verify 1024 bits 593 BSafe TLSv1 and elsewhere: SHA-1 1135 Bsafe TLSv1 and elsewhere: RNG FIPS 186-2 ­SHA-1 G function. 684 BSafe TLSv1 and elsewhere: HMAC SHA-1 721 The cryptographic module supports the following non-FIPS Approved algorithms which are allowed for use in FIPS mode. Table 3 - Non-FIPS Approved Algorithms Allowed in FIPS Mode FIPS Allowed Algorithms BSafe RSA 1024 bit Encryption for key establishment, the key transport method provides 80 bits of security strength. Bsafe TLSv1: MD5 and HMAC-MD5 within the TLS protocol. Not to be used with cipher-suite. BSafe Non-Approved RNG: seeding source 2.2 Non-Approved Mode of Operation The module supports a Non-Approved mode of operation. 2.2.1 Non-Approved Algorithms The cryptographic module supports the following non-Approved algorithms in the non-Approved mode of operation. NSM Application Crypto Module Security Policy Page 7 of 16 McAfee, Inc. Table 4 - Non-Approved, Non-Allowed Algorithms Non-Approved Algorithm Bsafe TLSv1: DES, RC4 Bsafe TLSv1: MD5 and HMAC-MD5 cipher suite 3 Ports and Interfaces The cryptographic module is a multichip standalone consistent with a GPC with ports and interfaces as shown below. Table 5 - FIPS 140-2 Ports and Interfaces Physical FIPS 140-2 Designation Interface Name and Description Port Power Power Input GPC, Power Supply Ethernet Data Input/Data Output, Logical TCP, UDP over IP Control Input, Status Supports HTTP, SNMPv3, v2(read only), v1(read only), Output HTTPS, TLS Serial Control Input GPC, no logical support Mouse Data Input, Control input GPC, control input and data via cut and paste. Keyboard Data Input, Control Input Keyboard signals input Logical data and control entry LED Status Output GPC: no logical support Video Data Output, Status Output of visual display signals for data and status Output NSM Application Crypto Module Security Policy Page 8 of 16 McAfee, Inc. 4 Identification and Authentication Policy 4.1 Assumption of Roles The module supports three distinct operator roles, User, Cryptographic Officer (CO), and Sensor. The cryptographic module enforces the separation of roles using Apache Session IDs. Table 6 - Roles and Required Identification and Authentication Role Description Authentication Type Authentication Data CO This role has access to all services offered by the module GPC/OS System Admin Required to configure an 8 character Username and password. Password 96 ascii chars are supported. The probability of guessing this value is 1 in 96^8, which is less than 1 in a 1,000,000. The OS allows 5 attempts per minute. The probability is 5 in 96^8 which is less than 1 in 100,000. NSM Super user RSA 1024-bit signature verification. Digital Signature The authentication mechanism is based Verification on 1024-bit RSA, which has a key strength of 80 bits. 80 bits provides a probability of 1/2^80 that a random attempt will succeed or a false acceptance will occur. This is far less than 1 in 1,000,000. The application allows 60,000 attempts per minute. The probability is 60,000/2^80 which is less than 1 in 100,000. The Shared Secret is 32 bytes in length Shared Secret (256 bits). The probability that a random attempt will succeed or a false acceptance will occur is 1/(2^256), which is less than 1 in a 1,000,000. The application allows 60 authentication attempts per minute. The probability is 60 in 2^256 which is less than 1 in 100,000 NSM Application Crypto Module Security Policy Page 9 of 16 McAfee, Inc. User This role has access to CAC: The probability is 1 in 2^80 Digital Signature all services offered by which is less than 1 in 1,000,000. Verification the module. The application allows 60,000 attempts n.b. The User role may per minute. The probability is 60,000/ have access to all NSM (2^80) which is less than 1 in 100,000. services provided to the The Shared Secret is 32 bytes in length Shared Secret CO. This will be (256 bits). The probability that a determined by the random attempt will succeed or a false privileges assigned by acceptance will occur is 1/(2^256), the CO to the User. which is less than 1 in a 1,000,000. The application allows 60 authentication attempts per minute. The probability is 60 in 2^256 which is less than 1 in 100,000 Sensor Role has the ability to Required to configure an 8 character Password: Used for the provide status to NSM password. Initial authentication to app. 96 ascii chars are supported. The the module prior to probability of guessing this value is 1 in establishment of public 96^8, which is less than 1 in a certs. CHAP mutual. 1,000,000. The application allows 60 attempts per -OR- minute. The probability is 60 in 96^8 TLS- RSA 1024 Static. which is less than 1 in 100,000 Self-signed cert. SHA- Per signature strength. 1 The probability is 1 in 2^80 which is less than 1 in 100,000. FIPS 140-2 sensor Communications v.01 The application allows 60,000 attempts per minute. The probability is 60,000/ (2^80) which is less than 1 in 100,000. NSM Application Crypto Module Security Policy Page 10 of 16 McAfee, Inc. 5 Access Control Policy 5.1 Roles and Services Table 7 ­ Authenticated Services Sensor User* Service Description CO X X GPC/OS System Maintain System and OS Administration services And Ensure FIPS compliant configuration of the Operational environment. Zeroize X X Security Admin Services Configure and operate NSM Application. Super-User ­ UI interface X X UI Logout Logout and terminate UI session. X X Sensor Management Service Push configuration, attack signatures, and firmware updates. Reboot, Pull Status, pull sensor logs, Profiling Information. X X Update server service Obtain attack signatures, firmware updates for sensor modules from Update server X Request Sensor Update Obtain attack signatures and configuration data from NSM. (*) ­ The User's available services are defined by the Cryptographic Officer. The Crypto Officer may allocate all services to all users as indicated here, however this is the discretion of the Cryptographic Officer. 5.2 Unauthenticated Services The cryptographic module provides unauthenticated access to status information, self-test initiation, and zeroization. NSM Application Crypto Module Security Policy Page 11 of 16 McAfee, Inc. 5.3 Definition of Critical Security Parameters (CSPs) The module contains the following CSPs: Table 8 - Private Keys and CSPs Key/CSP Name Description Algorithm Sensor Upload/Download TFTP bulk transfer channel to the sensor. AES 128 CFB Key NSM private key for Authenticates NSM server to sensor. RSA 1024 Sensor communication Sensor INIT Password used to authenticate Sensor an application CHAP-SHA-1 communication Shared Server. Both sides generate a challenge and verify comparison Secret password existence of shared secret. NSM Session Keys - TLS session derived keys for encryption/decryption AES 128 CBC Confidentiality NSM Session Keys - TLS session derived keys for integrity HMAC-SHA-1 Integrity NSM Session Key ­ TLS pre-master secret used to derive session keys TLSv1 KDF Shared Secret BSafe Seed/Seed key RNG State FIPS 186-2 RNG UI Shared Secret Shared secret authentication data for UI Authentication communication CO's OS System Authenticates operator to allow configuration and Authentication Administrator Password. maintenance of System Software and OS. 5.4 Definition of Public Keys The module contains the following public keys: Table 9 - Public Keys Key Name Type Description Sensor Public Key RSA 1024 Wraps and authenticates the Sensor upload/download key Sensor Update Verification RSA 1024 Sensor firmware files, licensing files and attack Public Key signatures verification key for files transferred to server. NSM Public Sensor RSA 1024 Used to Authenticate the Server to the Sensor. Communication Key NSM Application Crypto Module Security Policy Page 12 of 16 McAfee, Inc. 5.5 Definition of CSPs Modes of Access Table 10 defines the relationships between role access to CSPs and the different module services. The modes of access shown in the table are defined as: · G = Generate: The module generates the CSP. · E = Execute: The module uses the CSP. · R = Read: Export of the CSP. · W = Write: Import/Establishment of CSP. · Z = Zeroize: The module zeroizes the CSP. Table 10 - CSP Access Rights within Roles & Services Role Authorized Service Mode Cryptographic Key or CSP User, CO GPC/OS System Administration R, W, Z All CSPs services User, CO Security Admin Services E, W NSM session Key - Confidentiality Super-User ­ UI interface E, W NSM session Key - Integrity E, W NSM session Key ­ Shared secret User, CO UI Logout E, R UI Shared Secret User, CO Sensor Management Service E Sensor Upload/Download Key NSM private key for Sensor E communication Sensor INIT communication Shared E, W Secret password User, CO Update Server Service N/A N/A Sensor Request Sensor Update G Sensor Upload/Download Key NSM Application Crypto Module Security Policy Page 13 of 16 McAfee, Inc. 6 Operational Environment The operational environment requires the following configuration process: 1. The module was operational tested on the following Common Criteria evaluated platform Dell PowerEdge SC1420 running Windows Server 2003 Standard (SP 2); CC EAL 4; CCEVS Validation Report available at: http://www.niap-ccevs.org/st/st_vid10184-vr.pdf. The system patches and updates shall be configured as described in the OS Security Target (http://www.niap- ccevs.org/cc-scheme/st/st_vid10184-st.pdf) 2. Configure the Windows 2003 Server for the following access control settings: a. Set Minimum Password Length = 8 b. Set Account Lockout Threshold = 5 c. Set Account Lockout Duration = 30 minutes d. Enable Audit of following Audit Types: · Information · Warning · Error · Success Audit · Failure Audit 3. Install NSM Package, Configure super user and user access policies per authentication strength requirements. Select install for FIPS mode. 4. Managed Sensors must be running in FIPS mode. NSM Application Crypto Module Security Policy Page 14 of 16 McAfee, Inc. 7 Security Rules 1. The cryptographic module shall provide role-based authentication. 2. The cryptographic module shall clear previous authentications on power cycle. 3. When the module has not been placed in a valid role, the operator shall have limited access to cryptographic security functions. 4. The cryptographic module shall perform the following tests A. Power up Self-Tests 1. Cryptographic algorithm tests a. AES Encrypt and Decrypt Known Answer Test b. SHA-1 Known Answer Test c. HMAC-SHA-1 Known Answer Test d. RNG, FIPS 186-2 ­ SHA-1 Known Answer Test e. RSA Verify Known Answer Test f. RSA Encrypt/Decrypt Known Answer Test g. TLSv1 KDF Known Answer Test 2. Software Integrity Test - HMAC-SHA-1 B. Conditional Self-Tests 1. Continuous Random Number Generator (RNG) test a. Non Approved RNG b. Approved RNG - FIPS 186-2 5. Failure of self-tests will cause all module to transition to a FIPS error state. Logical components will shut-down and no data output will be provided during error states. 6. The operator shall be capable of commanding the module to perform the power-up self-test by cycling power or resetting the module. 7. Power-up self tests do not require any operator action. 8. Data output shall be inhibited during self-tests and error states. 9. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 10. The module ensures that the seed and seed key inputs to the Approved RNG are not equal. 11. There are no restrictions on which keys or CSPs are zeroized. Zeroization shall be performed by the Cryptographic Officer by uninstalling the application, formatting the hard drive and power cycling the device. The cryptographic officer shall directly observe the completion of this process. 12. The module does support concurrent operators. 13. The module does not support a maintenance interface or role. 14. The module does not support manual key entry. NSM Application Crypto Module Security Policy Page 15 of 16 McAfee, Inc. 15. The module does not output intermediate key values. 16. The module shall not be caused to share CSPs between the Approved and Non-Approved mode of operation. 17. The module shall support SNMPv1, v2, v3 for status output to third party network management systems. There is no claim of security strength associated with these protocols and all communications are considered clear-text 18. The module shall support SNMP v3 communication to Sensors. There is no claim of security strength associated with these protocols and all communications are considered clear-text 19. TLSv1 must be negotiated with encryption and integrity. 8 Physical Security Policy 8.1 Physical Security Mechanisms The cryptographic module is a software only module. Physical Security for the GPC is not Applicable to the requirements of FIPS 140-2. 9 Mitigation of Other Attacks Policy The module has not been designed to mitigate attacks which are outside of the scope of FIPS 140-2. 10 References [FIPS 140-2] FIPS Publication 140-2 Security Requirements for Cryptographic Modules NSM Application Crypto Module Security Policy Page 16 of 16