IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks Security Policy USL, Inc. Version 1.2 January 14, 2013 TABLE OF CONTENTS 1. MODULE OVERVIEW.......................................................................................................................................... 3  2. SECURITY LEVEL ................................................................................................................................................ 4  3. MODES OF OPERATION ..................................................................................................................................... 5  4. PORTS AND INTERFACES.................................................................................................................................. 6  5. IDENTIFICATION AND AUTHENTICATION POLICY ................................................................................ 8  6. ACCESS CONTROL POLICY .............................................................................................................................. 9  ROLES AND SERVICES .............................................................................................................................................. 9  UNAUTHENTICATED SERVICES: .............................................................................................................................. 10  DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS) .................................................................................. 10  DEFINITION OF CSPS MODES OF ACCESS ............................................................................................................ 11  7. OPERATIONAL ENVIRONMENT .................................................................................................................... 13  8. SECURITY RULES ............................................................................................................................................. 13  9. PHYSICAL SECURITY POLICY....................................................................................................................... 14  PHYSICAL SECURITY MECHANISMS ....................................................................................................................... 14  OPERATOR REQUIRED ACTIONS ............................................................................................................................ 15  10. MITIGATION OF OTHER ATTACKS POLICY ........................................................................................... 16  11. DEFINITIONS AND ACRONYMS ................................................................................................................... 17  Page 2 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. 1. Module Overview The IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks (Firmware Version: 08162012; Hardware Version: Rev. 11 and 12), hereafter referred to as the cryptographic modules or modules, are Security Processor Blocks designed in accordance with FIPS 140-2 and the Digital Cinema Initiatives (DCI) Digital Cinema System Specification. For FIPS 140-2 purposes, the Secure Media Blocks are defined as multi-chip embedded cryptographic modules encased in metallic enclosures. The images below depict the cryptographic modules (See Figures 1 and 2). The boundary is defined as the perimeter of the module’s PCB with all components not contained within the metallic enclosure explicitly excluded from the requirements of FIPS 140-2 as they are non-security relevant and have no impact on the overall security of the modules. Page 3 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. Figure 1 – IMB-1000 HFR (Top and Bottom) Figure 2 – IMB-1200 HFR (Top and Bottoms) 2. Security Level The cryptographic modules meet the overall requirements applicable to FIPS 140-2 Level 2. Table 1 - Module Security Level Specification Page 4 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 2 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A 3. Modes of Operation Approved mode of operation The modules only support an Approved mode of operation, which is specified during power-on with a message to the log, “Operating in FIPS compliant mode”. The modules support the following Approved algorithms: • HW AES 128CBC (Cert. #1460) • FPGA AES 128CBC: Video Decryption (Cert. #1964) • HW HMAC SHA-1 (Cert. #857) • HW SHA-1 (Cert. #1321) • AES-128 (Cert. #1459) • HMAC-SHA-1, HMAC-SHA-256 (Cert. #856) • SHA-1, SHA-256 (Cert. #1320) • RNG ANSI X9.31 (Cert. #798) • FIPS 186-2 RSA Sign/Verify PKCS1v1.5, SHA256, 2048-bit keys (Cert. #712) • SP800-135 KDF (Vendor affirmed) Page 5 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. The modules support the following non-Approved and allowed algorithms: • RSA (key wrapping, key establishment methodology provides 112-bits of encryption strength) • HW NDRNG for seeding the RNG • MD5 for use exclusively within TLS • TI S-BOX (Proprietary algorithm used to facilitate the marriage between a Projector and the module – no security claimed) • ECDH for facilitating the marriage between a Projector and the module; no- security claimed • DCI key transform for data integrity – no security claimed 4. Ports and Interfaces The IMB-1000 HFR cryptographic module provides the following physical ports and logical interfaces: • RJ-45 Ethernet Port (Qty. 2 Data Input, Data Output, Control Input, Status Output • AES-Audio (Qty. 1) Data Output • Status LEDs (Qty. 4) Status Output • HD-SDI Input (Qty. 2): Data Input • External Synchronization Input: Data Input • External Synchronization Output: Data Output • High-Speed Accessory Port: Data Input • Accessory Power Port: Power Output • IRQ-12 Reset for PowerPC Control Input (Reset) • PCI-E Card Edge (Qty. 1): Data Input, Data Output, Control Input, Status Output, Power Input • PCI-E Card Connector (Qty. 1): Data Input, Data Output, Control Input, Status Output • Battery (Qty. 1): Power Input The IMB-1200 HFR cryptographic module provides the same ports as the IMB-1000 HFR, but with the addition of a third RJ-45 port and two fiber optic ports as follows: Page 6 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. • RJ-45 Ethernet Port (Qty. 3) Data Input, Data Output, Control Input, Status Output • Fiber Optic Ethernet (Qty. 2) Data Input, Data Output, Control Input, Status Output Page 7 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. 5. Identification and Authentication Policy Assumption of roles The cryptographic modules support two distinct operator roles, which are the User and Cryptographic-Officer roles. Table 2 - Roles and Required Identification and Authentication Authentication Role Type of Authentication Method Cryptographic-Officer Identity-based operator 2048-bit Digital authentication Signature Verification User Identity-based operator 2048-bit Digital authentication Signature Verification Table 3 – Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Digital Signature The strength of a 2048-bit RSA key (with SHA-256) is known to be 112-bits. Therefore, the strength of a 2048-bit digital signature is 1/2^112, which is less than 1/1,000,000. In a worst case scenario, the module can perform 451 signature verifications per second, which does not include network limitations or timing constraints. Therefore, the probability that multiple attacks within a given minute will be successful is 27,060/2^112, which is less than 1/100,000. Page 8 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. 6. Access Control Policy Roles and Services The modules support two distinct roles, a User and Cryptographic Officer. The following table describes the services that are allocated to each role. Table 4 – Services Authorized for Roles Role Authorized Services • Cryptographic-Officer Upgrade Firmware • Zeroize • User End of Transmission • Start Suite • Stop Suite • CPL Validate • KDM Validate • SPL Validate • Decrypt Captions • Validate Ready to Play • Purge CPL • Purge SPL • Purge Suite • Time Adjust • Start Playback • Stop Playback • Pause Playback • Resume Playback Page 9 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. • Audio Delay • Get Position • Set Position • Get Certificate Request • Product Info • Status • Diagnostic Info • Reset Diagnostic • Security Log Request • Close Log Export • Set Time Zone Unauthenticated Services: The cryptographic modules support the following unauthenticated services: • Show Status: Provides the current status of the module (e.g., temperature, tamper status, date, voltages, serial number, certificates). • Self-tests: Invoke the power-on self-tests by power cycling the module. Definition of Critical Security Parameters (CSPs) The modules contain the following CSPs: • Device Private Key • Content Encryption Key • Content Integrity Key • TLS Encryption Keys • TLS Integrity Keys • RNG Seed Keys • RNG Seed Values Page 10 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. Definition of Public Keys: The following are the public keys contained in the modules: • Device Public Key • Trusted Root CA Certificates • USL CA Certificate • Products Certificate • Digital Cinema Certificate • SMS Public Key • Projector Public Key • Content Provider Public Keys • USL Manufacturing Public Key Definition of CSPs Modes of Access Table 5 defines the relationship between access to CSPs and the different modules’ services. The modes of access shown in the table are defined as follows: • Read • Write • Zeroize Please note that all services are sent through an encrypted TLS tunnel and as such, TLS related CSPs are utilized during each service. Table 5 – CSP Access Rights within Roles & Services Role Service Cryptographic Keys and CSPs Access Operation C.O. User Upgrade N/A X Firmware Zeroize Zeroize All CSPs X End of N/A X Transmission Page 11 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. Start Suite Read RNG Seed Key and Seed Values X X Stop Suite N/A X CPL Validate N/A Read Device Private Key X KDM Validate Write Content Encryption Keys Write Content Integrity Keys X SPL Validate N/A Decrypt Read Content Encryption Keys X Captions Validate N/A X Ready to Play X Purge CPL N/A X Purge SPL N/A X Purge Suite Zeroize Content Encryption Keys and Content Integrity Keys X Time Adjust N/A Start Read Content Encryption Keys X Playback Read Content Integrity Keys Stop N/A X Playback Pause N/A X Playback Resume N/A X Playback X Audio Delay N/A X Get Position N/A X Set Position N/A Get N/A X Certificate Request X Product Info N/A Page 12 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. X Stats N/A Diagnostic N/A X Info Reset N/A X Diagnostic Security Log Read Device Private Key X Request Close Log N/A X Export Set Time N/A X Zone Show Status N/A X X Self-Tests N/A X X 7. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable; the cryptographic modules support a limited operational environment that restricts the loading of firmware by ensuring all firmware being installed is appropriately signed. 8. Security Rules The cryptographic modules’ designs correspond to the cryptographic modules’ security rules. This section documents the security rules enforced by the cryptographic modules to implement the security requirements of these FIPS 140-2 Level 2 modules. 1. The modules provide identity-based authentication. 2. The modules will only provide access to cryptographic services if a valid role has been assumed. 3. The cryptographic modules shall perform the following tests: A. Power up Self-Tests: 1. Cryptographic algorithm tests: a. HW AES Decrypt KAT b. FPGA AES Decryption KAT c. HW SHA-1 KAT d. HW HMAC SHA-1 KAT Page 13 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. e. RNG ANSI X9.31 KAT f. SHA-1, SHA-256 KAT g. HMAC-SHA-1, HMAC SHA-256 KAT h. AES Encrypt/Decrypt KAT i. RSA Sign/Verify KAT j. RSA Encrypt/Decrypt KAT 2. Firmware Integrity Tests (32-bit CRC, 16-bit CRC) 3. Critical Functions Tests: N/A. B. Conditional Self-Tests: 1. Continuous Random Number Generator (RNG) test – performed on both the NDRNG and RNG 2. Firmware Load Test (2048-bit RSA Signature Verification) 4. Data output shall be inhibited during self-tests and error states. In an error state, the modules will restart and re-attempt self-tests. 5. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the modules. 6. Data output shall be logically disconnected to the processes performing zeroization. 9. Physical Security Policy Physical Security Mechanisms The IMB-1000 HFR, IMB-1200 HFR Secure Media Blocks are multi-chip embedded cryptographic modules, which include the following physical security mechanisms: • Production-grade components. • Tamper-responsive hard, metallic enclosure. • Tamper-evident labels (installed during manufacturing). Page 14 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. Figure 3 – Tamper Label Placement #1 (Bottomside) Figure 4 – Tamper Label Placement #2 (Bottomside) Operator Required Actions Page 15 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. The operator is required to periodically inspect the modules for evidence of tampering. Table 7 – Inspection/Testing of Physical Security Mechanisms Physical Security Recommended Inspection/Test Guidance Mechanisms Frequency of Details Inspection/Test Tamper evidence Annually Ensure the module does not display any characteristics of an attempted breach. 10. Mitigation of Other Attacks Policy The modules have not been designed to mitigate attacks beyond the scope of FIPS 140-2 requirements. Page 16 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. 11. Definitions and Acronyms AES Advanced Encryption Standard AES-Audio Audio Engineering Society Audio ANSI American National Standards Institute CO Cryptographic Officer CSP Critical Security Parameter DCI Digital Cinema Initiative DRNG Deterministic Random Number Generator ECDH Elliptic Curve Diffie-Hellman EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard FPGA Field Programmable Gate Array HMAC Hash Message Authentication Code KAT Known Answer Test KDM Key Delivery Mesage LDB Link Decryptor Block N/A Not Applicable NDRNG Non-Deterministic Random Number Generator PCI-E Peripheral Component Interconnect Express RNG Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm Page 17 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision]. SMS Screen Management System SPL Show Playlist Page 18 Copyright 2013, USL, Inc. May be reproduced only in its original entirety [without revision].