Lexmark PrintCryptionTM (Firmware Versions 1.3.2a and 1.3.2i) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.15 May, 2010 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents INTRODUCTION......................................................................................................................... 3 PURPOSE ....................................................................................................................................... 3 REFERENCES ................................................................................................................................. 3 DOCUMENT ORGANIZATION ......................................................................................................... 3 LEXMARK PRINTCRYPTIONTM............................................................................................. 4 OVERVIEW .................................................................................................................................... 4 MODULE SPECIFICATION .............................................................................................................. 4 MODULE INTERFACES ................................................................................................................... 7 ROLES AND SERVICES ................................................................................................................... 9 Crypto Officer Role .................................................................................................................. 9 User Role................................................................................................................................ 10 PHYSICAL SECURITY .................................................................................................................. 10 OPERATIONAL ENVIRONMENT .................................................................................................... 10 CRYPTOGRAPHIC KEY MANAGEMENT ........................................................................................ 11 Access Control Policy ............................................................................................................ 12 Key Generation ...................................................................................................................... 12 Key Storage ............................................................................................................................ 12 Key Entry and Output............................................................................................................. 12 Key Zerorization..................................................................................................................... 12 SELF-TESTS ................................................................................................................................ 12 DESIGN ASSURANCE ................................................................................................................... 14 MITIGATION OF OTHER ATTACKS ............................................................................................... 14 OPERATION IN FIPS MODE.................................................................................................. 15 INITIAL SETUP ............................................................................................................................ 15 CRYPTO OFFICER GUIDANCE ...................................................................................................... 16 USER GUIDANCE......................................................................................................................... 16 ACRONYMS ............................................................................................................................... 20 Page 2 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Introduction Purpose This is a non-proprietary Cryptographic Module Security Policy for the Lexmark PrintCryptionTM from Lexmark International Inc. This Security Policy describes how the Lexmark PrintCryptionTM meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/cryptval/. The Lexmark PrintCryptionTM is referred to in this document as PrintCryption, PrintCryption module, cryptographic module, firmware module, or module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The Lexmark International website (http://www.lexmark.com) contains information on the full line of products from Lexmark International. · The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module. Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Lexmark and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Lexmark International. Page 3 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. LEXMARK PRINTCRYPTIONTM Overview The Lexmark PrintCryptionTM is an option for the Lexmark printers that enable the transfer and printing of encrypted print jobs. This new Lexmark technology offers a level of security that is the first of its kind in the printing industry. With the PrintCryption module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryptionTM analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed. This new level of printing security is ideal for industries that commonly handle sensitive or personal information, such as financial institutions, government agencies, and healthcare organizations. Module Specification The version 1.3.2i PrintCryptionTM module is a firmware module composed of three binaries (aessd, dkmd & libcl.so) on the IBM750CL processor platform. The version 1.3.2a PrintCryptionTM module is composed of two binaries (aessd & dkmd) on the ARM9 processor platform. The module is enabled in Lexmark printers using a Downloaded Emulator Card (DLE), a PCI interface PCB board that plugs into the printer which contains an activation code. The DLE card is shown in Figure 1. Figure 1 - Optional Firmware Card Per FIPS PUB 140-2, PrintCryptionTM is classified as multi-chip standalone cryptographic module. The module meets overall level 1 FIPS 140-2 requirements, as detailed in Table 2. Page 4 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Printer Model Processor Part Number E460 ARM9 P/N 34S0700 T650 IBM 750CL P/N 30G0100 T652 IBM 750CL P/N 30G0210 T654 IBM 750CL P/N 30G0310 C734 IBM 750CL P/N 25C0350 C736 IBM 750CL P/N 25A0450 W850 IBM 750CL P/N 19Z0300 X463 ARM9 P/N 13C1100 X464 ARM9 P/N 13C1101 X466 ARM9 P/N 13C1102 X651 IBM 750CL P/N 16M1255 X652 IBM 750CL P/N 16M1260 X654 IBM 750CL P/N 16M1265 X656 IBM 750CL P/N 16M1797 X658 IBM 750CL P/N 16M1301 X734 IBM 750CL P/N MS00300 X736 IBM 750CL P/N MS00301 X738 IBM 750CL P/N MS00321 X860 IBM 750CL P/N 19Z0100 X862 IBM 750CL P/N 19Z0101 X864 IBM 750CL P/N 19Z0102 Table 1 ­ Printers that Maintain the PrintCryption FIPS 140-2 Validation (Option P/N 30G0829): Figure 2 - X463 with PrintCryption 1.3.2a Figure 3 - X651 with PrintCryption 1.3.2i Page 5 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Operating System: Lexmark proprietary ver. 2.6 based on the Linux operating system. Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N/A 7 Cryptographic Key Management 1 8 EMI/EMC 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A Table 2 ­ Security Level per FIPS 140-2 Section Logically, the cryptographic boundary is composed of three binaries and is evaluated for use on Lexmark printers that are running Linux operating system. Once the PrintCryption firmware is activated in the printer, the printer must use this firmware. The cryptographic module cannot be bypassed. Functionality is then controlled by the PrintCryption firmware. Internal Data Applications OS Plaintext Cryptographic Boundary PrintCryption Firmware Ciphertext Figure 4 - Logical Cryptographic Boundary The PrintCryption module is evaluated for running on number of Lexmark printers including mono-color printers (E460, T650, T652, T654 and W850), Color printers (C734 and C736), mono-color MFP printers (X463, X464, X466, X651, X652, X654, X656, X658, X860, X862 and X864) and color MFP printers (X734, X736 and X738). The module's physical cryptographic boundary is the metal and plastic enclosure of the printer. Page 6 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Within the physical cryptographic boundary are the following components: · A CPU which executes the module binaries · FLASH memory storage which stores the module binaries · Volatile memory consisting of RAM · A custom ASIC which contains support circuitry including: RAM controller, PCI buss interface, IO port interfaces and print engine interface circuits. · An option slot containing the PrintCryption DLE card connected to the PCI bus · The print engine consisting of various electronics and mechanisms that constitute the print device, sensors, and operator panel Print Engine PCI BUS Option Slot Custom I/O Port ASIC FLASH Volatile System BUS Memory CPU Cryptographic Boundary Figure 5 - Physical Cryptographic Boundary Module Interfaces The cryptographic module's physical ports are composed of the physical ports provided by the hardware platforms listed above. These printer ports include the network port, optional parallel port, USB port, paper exit port, multipurpose feeder, LED, and LCD display. Page 7 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Since all of the module's services are server processes, the logical interfaces of the module are network port and API calls, which provide the only means of accessing the module's services. Data inputs are service requests on the TCP ports. Control inputs are also data at TCP/IP port, however they are logically distinct from Data input and controls how the function is executed. The data output from the module includes X.509 certificate and deciphered data, which exit through the network port and an internal API, respectively. The status outputs of the module are sent via network and stored in log file. All of these physical ports are separated into logical interfaces defined by FIPS 140-2, as described in the following table. Page 8 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Logical Interface of the Module Module Physical Port FIPS 140-2 Logical Interface Network Port Network (Ethernet 10/100) Port Data Input Interface USB Port Parallel Port (optional) Network Port Network (Ethernet 10/100) Port Data Output Interface Internal API Paper Exit Port Network Port Operator Panel Control Input Interface Network (Ethernet 10/100) Port USB Port Parallel Port (optional) Multipurpose/envelope Feeder Power Switch Network Port LED Status Output Interface Log File LCD Display Network (Ethernet 10/100) Port USB Port Parallel Port (Optional) Paper Exit Port Not Applicable Power Plug Power Interface Power Connector Table 3 ­ FIPS 140-2 Logical Interfaces Roles and Services The module supports two roles, a Crypto Officer role and a User role, and an operator on the module implicitly assumes one of the roles. Descriptions and responsibilities for the two roles are described below. Crypto Officer Role The Crypto Officer activates and deactivates the PrintCryption module by installing and removing the DLE card. The Crypto Officer is also responsible for Run Self Tests and Show Status services Service Description Input Output CSP Type of Access to CSP Activate Assemble the printer Command Result of None -- and insert the DLE activation card to activate the PrintCryption module; Install printer driver on host PC Deactivate Remove the DLE card Command Deactivated None -- to deactivate the module PrintCryption module Run Self- Perform the self-test Command Status output Integrity Check Read Test on demand Key Show Status Call a show status Command Status output None -- from the printer status Page 9 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Service Description Input Output CSP Type of Access to CSP menu (HTTP) which has an LPC log page Table 4 ­ Crypto Officer Services, Descriptions, CSPs User Role Users utilize the cryptographic functionalities of the PrintCryption, and they communicate with the module via network port only. Service descriptions and inputs/outputs are listed in the following table: Service Description Input Output CSP Type of Access to CSP Public Key Users request for Public Key X.509 RSA public key Read/Write request printers public key. Request (PKR) certificate RNG seed Read The module generates at network port a key pair if needed 9150. Secure AES encrypted Encrypted Status output AES session key Read/Write Printing printing program; print job at RSA private key Read Decrypts and prints TCP/IP port the print job data 9152. using the supplied AES Session key Table 5 ­ User Services, Descriptions, Inputs and Outputs Physical Security In FIPS terminology, the firmware module is defined as a multi-chip standalone cryptographic module. The module runs on Lexmark printers listed in Module Specification section. The printers are made of all production-grade components and are enclosed in a strong plastic and steel case, which surrounds all of the module's internal components, including all hardware and firmware. The cryptographic module conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use). Operational Environment The operational environment is non-modifiable and thus not applicable for this firmware module. The PrintCryption module runs on the Lexmark Linux v2.6 OS, and configured for single-user mode by default. The operating system is used as an embedded OS within the Lexmark printers, and there is no direct access to the OS provided. Page 10 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Cryptographic Key Management The module implements the following FIPS-Approved algorithms. Algorithm IBM750CL Certificate ARM9 Certificate AES ECB, CBC mode decryption ­ FIPS 197 Certificate #1209 Certificate #1208 Deterministic Random Number Generator (RNG) ­ Appendix Certificate #670 Certificate #669 A.2.4 of ANSI X9.31 HMAC ­ FIPS 198 Certificate #704 Certificate #703 RSA (sign/verify) ­ PKCS#1.5 Certificate #579 Certificate #578 SHS­ FIPS 180-2 Certificate #1112 Certificate #1111 Table 6 ­ FIPS-Approved Algorithms Additionally, the module utilizes the following non-FIPS-Approved algorithm implementation: · RSA Key Wrapping (PKCS #1): Key establishment method uses a 1024- bit key length providing 80-bits of security. The module supports the following critical security parameters: Key or CSP Key type Generation Storage Use AES Session Key 128, 192, 256 Externally generated. Imported in Held in volatile Decrypts input data bits AES key encrypted form (RSA key transport) memory in plaintext. for printing Zeroized after the session is closed. RSA Public Key 1024 bit RSA Internally generated according to FIPS Stored on flash in Key transport public key (80- PUB 186-3 and IG A.6 plaintext. Zeroized by bits of overwriting the flash security) image. RSA Private Key 1024 bit RSA Internally generated according to FIPS Stored on flash in Key transport private key PUB 186-3 and IG A.6 plaintext. Zeroized by (80-bits of overwriting the flash security) image. Integrity Check Keys 168 bit HMAC Externally generated, hard coded in Stored on flash in Firmware Integrity keys the module plaintext. Zeroized by test overwriting the flash image. PRNG Seed 64 bits Internally generated from non- Held in volatile RNG approved RNG memory only in plaintext. Zeroized after the session is closed. PRNG Seed Key 168 bits with Internally generated from non- Held in volatile RNG 128 bits of approved RNG memory only in entropy plaintext. Zeroized after the session is closed. Table 7 - Listing of Key and Critical Security Parameters Page 11 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Access Control Policy User functionalities have read/write access to the AES Session Key and RSA public key. AES Session key is used to decrypt the data for printing. RSA public key is used for AES Session key transport. Integrity Check Keys can be read by Crypto-Officer "Run Self-Test" service. Key Generation The module key is generated internally is 1024 bits RSA key pair using key generation techniques that meet IG A.6 and FIPS Pub 186-3. FIPS-Approved PRNG X9.31 Appendix A.2.4 is used to seed the RSA key generation mechanism. AES Session Key is generated outside of the module and imported via RSA key transport. Key Storage The AES Session Key is held in volatile memory only in plaintext. The RSA public key is stored in flash memory in an X.509 certificate in plaintext, and the RSA private key is stored flash memory in plaintext. Key Entry and Output All keys that are entered into (AES key) or output from (RSA certificate) the module are electronically entered or output. AES Session Key is entered into the module transported (encrypted) by RSA public key. Key Zerorization AES Session key is an ephemeral key which is zeroized after the connection is closed or by rebooting the module. The module provides no service to erase or discard the RSA key pair. The key pair is erased by overwriting the flash image with a new image. Self-Tests The PrintCryption module runs power-up and conditional self-tests to verify that it is functioning properly. Power-up self-tests are performed during startup of the module. Module startup occurs every time a new network connection is established and the dkmd or aessd process starts. Conditional self-tests are executed whenever specific conditions are met. Firmware Integrity Check: The module employs a firmware integrity test in the form of HMAC SHA-1. Cryptographic Algorithm Tests: Known Answer Tests (KATs) are run at power-up for the following algorithms: · AES KAT Page 12 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. · RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency check · SHA-1 KAT · X9.31 RNG KAT The module implements the following Conditional self-tests: · Continuous RNG Test for X9.31 PRNG · Continuous RNG Test for non-approved RNG · RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency check If any of these self-tests fail, the module will output an error indicator and enter an error state. All self-test results are logged in the device's Self-Test Log. The log is available through the device's web interface. The log messages are formatted as follows: LOG: ()