CAT862 Dolby ® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 June 30, 2010 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Dolby Laboratories Licensing Corporation Corporate Headquarters Dolby Laboratories, Inc. Dolby Laboratories Licensing Corporation 100 Potrero Avenue San Francisco, CA 941034813 USA Telephone 4155580200 Fax 4158631373 www.dolby.com European Licensing Liaison Office Dolby Laboratories, Inc. Wootton Bassett Wiltshire SN4 8QJ England Telephone (44) 1793842100 Fax (44) 1793842101 Asia Dolby Laboratories International Services, Inc. Japan Branch NBF HigashiGinza Square 3F 13­14 Tsukiji 1Chome, Chuoku Tokyo 1040045 Japan Telephone (81) 335247300 Fax (81) 335247389 www.dolby.co.jp Dolby Laboratories International Services, Inc. Hong Kong Branch RM5407 Central Plaza 18 Harbour Road Wanchai, Hong Kong Telephone (852) 25190888 Fax (852) 25198988 Dolby Laboratories International Services Co., Ltd. 03­07a, Floor 18 The Center 989 ChangLe Road Shanghai 200031 China Telephone (86) 2161133456 Fax (86) 2161133400 www.dolby.com.cn Dolby and the doubleD symbol are registered trademarks of Dolby Laboratories. S10/22048/22963 All other trademarks remain the property of their respective owners. Version 3 2010 Dolby Laboratories. All rights reserved. May be reproduced only in its original entirety (without revision). ii Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Contents 1 Module Overview.............................................................................................1 2 Acronyms and Definitions..............................................................................2 3 Security Level ..................................................................................................2 4 Modes of Operation.........................................................................................3 5 Ports and Interfaces........................................................................................3 6 Identification and Authentication Policy .......................................................4 7 Access Control Policy ....................................................................................5 8 Operational Environment ...............................................................................9 9 Security Rules .................................................................................................9 10 Physical Security Policy ...............................................................................11 11 Mitigation of Other Attacks Policy ...............................................................11 iii Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 iv Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 1 Module Overview The CAT862 Dolby® JPEG 2000/MPEG2 Media Block IDC is a multichip embedded cryptographic module partially encased in a hard opaque commercial grade metal case. The primary purpose of the module is to decrypt, decode, and encode audio/video data for a digital cinema player. The cryptographic boundary is defined as being the perimeter of the printed circuit board. The components and areas of the printed circuit board not covered by the metallic case are excluded from the requirements of FIPS 1402, because they are nonsecurity relevant. This document refers specifically to the CAT862 Dolby JPEG 2000/MPEG2 Media Block IDC hardware P/N CAT862Z revision FIPS_1.0, FIPS_1.1, and FIPS_1.2 running firmware version 4.1.4_FIPS. Figure 1 Image of the Cryptographic Module 1 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 2 Acronyms and Definitions Table 1 shows acronyms used in this document and their definitions. Table 1 Acronyms and Definitions Acronym Definition CPL Composition Play List High Definition Serial Digital Interface, as HDSDI defined by the SMPTE 292M standard JPEG Joint Photographic Experts Group KDM Key Delivery Message LED LightEmitting Diode LTC Linear Time Code MPEG Moving Picture Experts Group Society of Motion Picture and Television SMPTE Engineers TMS Theatre Management System 3 Security Level The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 1402. Table 2 shows the specific requirements sections and associated security level. Table 2 Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 SelfTests 3 Design Assurance 3 Mitigation of Other Attacks N/A 2 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 4 Modes of Operation The cryptographic module only supports an Approved mode of operation. The Approved mode of operation can be confirmed by verifying that the firmware version matches the Approved, tested version. The firmware version number can be retrieved using the Get Status service. When the cryptographic module is installed in a Dolby Digital Cinema system, the Dolby TMS software "Decoder FIPS 1402 Validated Mode" device property indicates true when the module is in the Approved mode of operation. If the "Decoder FIPS 1402 Validated Mode" device property indicates false, the module is not in the Approved mode and will not function. This device property can be found within the TMS software interface under the system mode on the theatre devices tab. The following Approved algorithms are supported: AES 128bit ­ certificates #519, #520, #1067 AES 256bit ­ certificate #520 SHA1 ­ certificates #592, #1086 SHA256 ­ certificate #592 RSA 2048 Key Gen and Sign/Verify ­ certificate #233 HMACSHA1 ­ certificates #270, #676 HMACSHA256 ­ certificate #270 FIPS 186 GP RNG ­ certificate #650 ANSI X9.31 RNG ­ certificate #296 The cryptographic module supports TLS v1.0 with AES, as well as the following non FIPSapproved algorithms: MD5 within TLS RSA 2048 Encrypt/Decrypt for Key Transport (key wrapping; key establishment methodology provides 112 bits of encryption strength) 5 Ports and Interfaces The cryptographic module provides the following physical ports and logical interfaces: Table 3 Module Port and Interface Specification Port Interface Data Input, Data Output, Control Input, Status 1000BASET Ethernet port Output USB port Data Input, Control Input, Status Output HDSDI ports (Qty: 2) Data Output Audio port Data Output LTC port Status Output Vref port Status Output, Control Input 3 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Port Interface Status LEDs (Qty: 4) Status Output RS232 ports (Qty: 2) Status Output ATX 2x2 port Power Input Reset ports (Qty: 3) Control Input 6 Identification and Authentication Policy Assumption of Roles The cryptographic module shall support two distinct operator roles: User and Cryptographic Officer. The Cryptographic Officer is assumed by Dolby Laboratories and the User is assumed by the Show Store. The cryptographic module shall enforce the separation of roles using identitybased operator authentication by means of digital signatures. Table 4 Roles and Required Identification and Authentication Role Type of Authentication Authentication Data Digital Signature Verification Identitybased operator User using Show Store Root Public authentication Key Digital Signature Verification Identitybased operator Cryptographic Officer using Dolby Maintenance authentication Public Key Table 5 Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism The probability that a random attempt will succeed or a false acceptance will occur is 1/2112 which is less than 1/1,000,000. The probability of successfully authenticating RSA 2048bit Digital Signature verification to the module within one minute through random attempts is 200/2112 (due to timing limitations in the module) which is less than 1/100,000. 4 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 7 Access Control Policy Roles and Services Table 6 Services Authorized for Roles Role Authorized Services Execute Key Delivery Message (KDM): Execute KDM, which includes the loading of an RSA wrapped Content Key. Start Suite: Initializes the playback suite. Prep Suite: Prepares the playback suite for playback of content Stop Suite: Terminates the playback suite. Purge Suite: Purges the playback suite and begins projector log extraction. CPL Validate: Validates a content play list. Playback: Control the playback of content (e.g., Play, Stop, Clear, Mute, Repeat, Step, etc.). Set Time: Sets or adjusts the current time of the cryptographic module with restrictions. User: Assumed by the Show Get Time Status: Retrieves the current time and adjustment Store settings. Check License: Verifies the playback license exists and is valid. Clear Licenses: Clears all licenses. Delete License: Deletes a single license. Get Usage Rights: Retrieves usage rights. Get All Content IDs: Retrieves all content IDs. Get Number of Keys: Retrieves the total number of keys present in a KDM. Get Audit Logs: Retrieves audit logs. ASM Send: Sends an Auditorium Security Message (ASM) to the projector. Decrypt Subtitle: Decrypts a subtitle file using a Content Key obtained from a KDM. Cryptographic Officer: Firmware Upgrade: Updates the firmware of the module. Assumed by Dolby Zeroize: This service actively destroys all plaintext critical Laboratories security parameters. 5 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Unauthenticated Services The cryptographic module supports the following unauthenticated services: Selftests: This service executes the suite of selftests required by FIPS 1402 and is invoked by power cycling or resetting the device. Get Status: This service provides module status via LEDs, the RS232 port, USB port, and the Ethernet port. Get Time: Retrieves the current time from the cryptographic module. Get Public Key Hash: Retrieves the precomputed hash of the System Public Key. Set Configuration: This service sets audio and video parameters (e.g., video format, output enable, AV mute, 3D coefficients, etc.). Definition of Critical Security Parameters (CSPs) The following are CSPs contained in the module: System Private Key: Used to perform TLS authentication, the key transport of Content Keys, and to sign audit logs. Key Encryption Key: Used to AES encrypt the System Private Key, Data Encryption Key, HMAC Key, and Content Keys that are stored locally. The Key Encryption Key is used automatically at system boot time to decrypt the System Private Key, Data Encryption Key and HMAC Key. Data Encryption Key: Used to AES encrypt RNG State and firmware images that are to be stored locally. HMAC Key: Used as an HMAC key for authenticating storage of certificates, time adjustment parameters, and the file system. Content Keys: Used to AES decrypt content received from the Show Store. Content Integrity Keys: Used as an HMAC key for verifying content integrity. CineLinkTM Keys: AES keys used in the CineLink processor. RNG State: The current ANSI X9.31 DRNG state. FIPS 1862 RNG State: The current FIPS 1862 GP DRNG state. TLS Session Parameters Used in Support of TLS Session Establishment: TLS Random Number TLS PreMaster Secret TLS Master Secret TLS Encryption Keys: TLS AES session keys used during TLS sessions. TLS HMAC Keys ­ TLS HMAC keys used during initial TLS handshake. Firmware Image Decryption Key ­ Used to AES decrypt firmware images during firmware upgrade. Definition of Public Keys The following are the public keys contained in the module: System public Key: Used to perform the key transport of Content Keys. 6 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Show Store Public Key: Used to support TLS operations. Show Store Root Public Key: Used to verify Show Store certificates. Root Public Key: Used to verify a certificate chain of trust. Dolby Maintenance Public Key: Used to verify the digital signature over the firmware image to be loaded. X.509 Certificates ­ Used when verifying a chain of trust. Definition of CSPs Modes of Access Table 7 defines the relationship between access to CSPs and the different module services. The modes of access shown in the tables are defined as follows: Generate: The CSP is generated. Use: The CSP is used. Import: The CSP is entered into the module. Export: The CSP is output from the module. Wrap: The CSP is RSA wrapped. Unwrap: The CS is RSA unwrapped. Destroy: The CSP is actively destroyed within the module. Table 7 CSP Access Rights within Roles and Services Role Service Cryptographic Keys and CSPs Access Operation C.O. User Import & Unwrap Content Key. Use System Private Key, Key Encryption Key, Data Encryption Key, HMAC Key, TLS Keys (i.e., TLS Session X Execute KDM Parameters, TLS Encryption Key, TLS HMAC Key), RNG State. Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State. X Start Suite Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Generate CineLink Key. Use HMAC Key, TLS Keys, Data Encryption Key, RNG State. X Prep Suite Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Output CineLink Key. Use TLS Keys, Data Encryption Key, RNG State. X Stop suite Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State. X Purge Suite Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. 7 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Role Service Cryptographic Keys and CSPs Access Operation C.O. User Use HMAC Key, TLS Keys, Data Encryption Key, RNG State. X CPL Validate Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Generate Content Integrity Key. Use Content Key, Key Encryption Key, HMAC Key, X Playback Content Integrity Key, CineLink Key, FIPS 1862 RNG State. Output CineLink Key. Use TLS Keys, Data Encryption Key, RNG State, HMAC Key. X Set time Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use HMAC Key, TLS Keys, Data Encryption Key, RNG State. X Get Time Status Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State, HMAC Key. X Check License Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use HMAC Key, TLS Keys, Data Encryption Key, RNG State. X Clear Licenses Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use HMAC Key, TLS Keys, Data Encryption Key, RNG State. X Delete License Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State, HMAC Get Usage Key. X Rights Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State. Get All Content X Use Root Public Key, Show Store Public Key, Show Store IDs Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State. Get Number of X Use Root Public Key, Show Store Public Key, Show Store Keys Root Public Key, X.509 Certificates. Use System Private Key, TLS Keys, Data Encryption Key, RNG State. X Get Audit Logs Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. Use TLS Keys, Data Encryption Key, RNG State. X ASM Send Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. 8 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Role Service Cryptographic Keys and CSPs Access Operation C.O. User Use Content Key, Key Encryption Key, TLS Keys, Data Encryption Key, RNG State. X Decrypt Subtitle Use Root Public Key, Show Store Public Key, Show Store Root Public Key, X.509 Certificates. X Import & Unwrap Firmware Image Decryption Key. Use Key Encryption Key, Firmware Image Decryption Firmware Key, Data Encryption Key. Upgrade Use Root Public Key, Dolby Maintenance Public Key, X.509 Certificates. X Import & Unwrap Firmware Image Decryption Key. Use Firmware Image Decryption Key. Zeroize Use Root Public Key, Dolby Maintenance Public Key, X.509 Certificates. Destroy all plaintext CSPs. Selftests None Get Status None Get Time None Get Public Key None Hash Set None Configuration 8 Operational Environment The FIPS 1402 Area 6 Operational Environment requirements are not applicable because the module supports a limited operational environment; only validated and trusted software can be loaded by means of a 2048bit RSA digital signature. 9 Security Rules The cryptographic module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 1402 Level 3 module. The cryptographic module shall provide two distinct operator roles. These are the User role and the CryptographicOfficer role. The cryptographic module shall provide identitybased authentication. The cryptographic module shall not support a maintenance interface. The cryptographic module shall perform the following tests for each implemented cryptographic algorithm: 9 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 Powerup Self Tests 1) Cryptographic algorithm tests: a. AES 128bit Encrypt/Decrypt KAT, 3 implementations ­ certificates #519, #520, #1067 b. AES 256bit Encrypt/Decrypt KAT ­ certificate #520 c. RSA 2048bit Sign/Verify KAT ­ certificate #233 d. RSA 2048bit Encrypt/Decrypt KAT e. HMAC SHA1 KAT, 2 implementations ­ certificates #270, #676 f. HMAC SHA256 KAT ­ certificate #270 g. SHA1 KAT (Tested as a part of HMAC), 2 implementations ­ certificates #592, #1086 h. SHA256 KAT (Tested as a part of HMAC) ­ certificate #592 i. RNG KATs ­ certificates #296, #650 2) Firmware Integrity Test (CRC32) 3) Critical Functions Tests a. RAM Write/Read Test Conditional SelfTests 1) Continuous Random Number Generator (RNG) test performed on ANSI X9.31 RNG and FIPS 1862 GP RNG 2) Firmware Load Test (RSA Digital Signature Verification) The operator shall be capable of invoking powerup selftests by power cycling or resetting the module. Data output shall be inhibited during selftests, zeroization, and error states. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. The module shall not support multiple concurrent operators. When the cryptographic module is powered off and subsequently powered on, the results of previous authentications shall not be retained and the module shall require the operator to be reauthenticated. 10 Dolby Laboratories CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 10 Physical Security Policy Physical Security Mechanisms The CAT862 Dolby JPEG 2000/MPEG2 Media Block IDC includes the following physical security mechanisms: Productiongrade components and productiongrade opaque metal enclosure. Metal enclosure with automatic zeroization when enclosure is opened via tamper detection and zeroization circuitry. Enclosure cover screws are protected with tamperevident expansion plugs. 11 Mitigation of Other Attacks Policy The module has not been designed to mitigate specific attacks beyond the scope of FIPS 1402 requirements. 11