Non-Proprietary Security Policy for the FIPS 140-2 Level 2 Validated Fortress Mesh Points Hardware: ES210: Tactical Mesh Point ES2440: High Capacity Mesh Point ES440: Infrastructure Mesh Point ES520 (V1 & V2): Deployable Mesh Point ES820: Vehicle Mesh Point Firmware: 5.4.1 December, 2012 This security policy of Fortress Technologies, Inc., for the FIPS 140-2 validated Fortress Mesh Points (FMP), defines general rules, regulations, and practices under which the FMP was designed and developed and for its correct operation. These rules and regulations have been and must be followed in all phases of security projects, including the design, development, manufacture service, delivery and distribution, and operation of products. Page 1 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points REVISION HISTORY Rev Date Author Description 1.0 June, 2011 Tony Margalis Initial Draft 1.1 Nov, 2011 Michael Chapman Updated for 5.4.1 1.2 Dec, 2011 Michael Chapman Minor Changes 1.3 July, 2012 Michael Chapman Updated based on lab questions 1.4 Oct, 2012 J.Pacheco Updated based upon lab interactions 1.5 Dec, 2012 J.Pacheco Included ECDSA cert and KAT 1.6 Dec, 2012 J.Pacheco Updated conditional test list 1.7 Jan, 2013 J.Pacheco Updated based upon lab comments 1.8 Jan, 2013 J.Pacheco More updates 1.9 Jan, 2013 J.Pacheco Small correction 1.10 Jan, 2013 J.Pacheco Further corrections 1.11 Feb, 2013 J.Pacheco Adjustment Page 2 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge Contents LIST OF FIGURES AND TABLES ............................................................................................ 4  1.0  IDENTIFICATION AND AUTHENTICATION POLICY............................................ 5  1.1  ROLE-BASED AUTHENTICATION ....................................................................................... 5  1.2  SERVICES........................................................................................................................... 6  1.3  AUTHENTICATION AND AUTHENTICATION DATA ............................................................. 6  1.3.1  Authentication Methods ............................................................................................. 6  1.3.2  Authentication Server Methods.................................................................................. 7  1.3.3  Authentication Strength ............................................................................................. 8  1.3.4  Administrative Accounts ............................................................................................ 9  1.4  CRYPTOGRAPHIC KEYS AND CSP ..................................................................................... 9  1.5  FOR MSP ........................................................................................................................... 9  1.6  FOR RSN ......................................................................................................................... 10  1.7  FOR IPSEC ....................................................................................................................... 11  1.8  FOR SSL AND SSH .......................................................................................................... 12  1.9  OTHER CRITICAL SECURITY PARAMETERS ..................................................................... 13  1.10  KNOWN ANSWER AND CONDITIONAL TESTS .................................................................. 14  1.10.1  Known Answer Tests ................................................................................................ 14  1.10.2  Conditional Tests ..................................................................................................... 15  1.11  ALGORITHM CERTIFICATIONS......................................................................................... 16  1.12  NON-APPROVED BUT ALLOWED ALGORITHMS .............................................................. 18  2.0  ACCESS CONTROL POLICY ....................................................................................... 19  2.1  ROLES EACH SERVICE IS AUTHORIZED TO PERFORM ...................................................... 19  2.2  ROLES, SERVICES AND ACCESS TO KEYS OR CSPS ........................................................ 19  2.3  ZEROIZATION .................................................................................................................. 21  2.4  UPGRADES ....................................................................................................................... 21  2.4.1  Introduction ............................................................................................................. 21  2.4.2  Selecting Software Image ........................................................................................ 21  3.0  PHYSICAL SECURITY POLICY ................................................................................. 22  3.1  HARDWARE ..................................................................................................................... 22  3.2  TAMPER EVIDENCE APPLICATION .................................................................................. 22  3.3  TAMPER EVIDENCE INSPECTIONS ................................................................................... 22  4.0  SECURITY POLICY FOR MITIGATION OF OTHER ATTACKS POLICY ........ 28  5.0  FIPS MODE ...................................................................................................................... 28  6.0  CUSTOMER SECURITY POLICY ISSUES ................................................................ 29  Page 3 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points List of Figures and Tables Figure 1: ES210 Tamper Evidence................................................................................................ 23  Figure 2: ES210 Block Diagram ................................................................................................... 23  Figure 5: ES2440 Tamper Evidence.............................................................................................. 24  Figure 6: ES2440 Block Diagram ................................................................................................. 24  Figure 7: ES440 Tamper Evidence................................................................................................ 25  Figure 8: ES440 Block Diagram ................................................................................................... 25  Figure 9: ES520 Version 1 Tamper Evidence ............................................................................... 25  Figure 10: Block Diagram ES520 Version 1 ................................................................................. 25  Figure 11: ES520 Version 2 Tamper Evidence ............................................................................. 26  Figure 12: Block Diagram ES520 Version 2 ................................................................................. 26  Figure 13: ES820 Tamper Evidence.............................................................................................. 26  Figure 14: ES820 Block Diagram ................................................................................................. 26  Table 1: Authentication Data........................................................................................................... 7  Table 2: Probability of guessing the authentication data ................................................................. 8  Table 3: MSP Keys.......................................................................................................................... 9  Table 4: RSN Keys ........................................................................................................................ 10  Table 5: IPsec Keys ....................................................................................................................... 11  Table 6: SSL and SSH Crypto Keys.............................................................................................. 12  Table 7: Other Keys and Critical Security Parameters .................................................................. 13  Table 8: Known Answer Tests ...................................................................................................... 14  Table 9 Certifications .................................................................................................................... 16  Table 10: Roles each Service is authorized to perform ................................................................. 19  Table 11: Roles who has Access to Keys or CSPs ........................................................................ 20  Table 12: Defaults and Zeroization ............................................................................................... 21  Table 13: Recommended Physical Security Activities.................................................................. 23  Page 4 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge 1.0 Identification and Authentication Policy The TOE supports up to 8 total roles that can be defined. 1.1 Role-based Authentication There are five Crypto Officer Roles. Please note that the configuration model supports assigning the roles below to users defined below. In this case, the role is a property of a defined user. When creating a Crypto Officer, one of the roles described below must be selected along with a unique username and password. Although each operator has a unique username and password, since selecting a role is also required, therefore this system should be considered as having role-based authentication. • Crypto Officer Roles Advanced and Simple Views: Log Viewer: account users can view only high-level system health o indicators and only those log messages unrelated to configuration changes. Maintenance1: account users can view complete system and configuration o information and perform a few administrative functions but cannot make configuration changes. Administrator: the main manager/administrator of the FMP. o Legacy Views: Operator: account users can view complete system and configuration o information and perform a few administrative functions but cannot make configuration changes. csscaisi: the main manager/administrator of the FMP. o There are three non-Crypto Officer roles. Please note that the configuration model supports assigning the roles below to users defined below. In this case, the role is a property of a defined user. When creating a non-Crypto Officer, one of the roles described below must be selected along with a unique username and password. Although each operator has a unique username and password, since selecting a role is also required, therefore this system should be considered as having role-based authentication. • Non-Crypto Officer Roles 1 The Maintenance User is a CO and is not the same as a maintenance user as defined in FIPS 140-2. Page 5 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points MSP End User: This role will utilize either a MSP secure client loaded on o a workstation or a MSP secure controller like the FMP to establish a secure connection over an untrusted network. RSN End User: This role will utilize either a RSN (802.11i) secure client o loaded on a workstation or a RSN (802.11i) secure controller like a VPN to establish a secure connection over an untrusted network. IPSec End User: This role will utilize either an IPSec/L2PT client loaded o on a workstation or an IPSec/L2PT controller like a VPN to establish a secure connection. 1.2 Services The following list summarizes the services that are provided by the FMP: • Encryption: use the encryption services of the FMP; Roles Allowed: All o • Show Status: observe status parameters of the FMP; Roles Allowed: Only Crypto Officer Roles o • View Log: view log messages; Roles Allowed: Only Crypto Officer Roles o • Write Configuration: change parameters in the FMP including changing the FIPS Mode, Bypass Setting, Zeroization and setting passwords; Roles Allowed: Administrator and csscaisi o • Read Configuration: read parameters in the FMP; Roles Allowed: Administrator, csscaisi, maintenance, and operator o • Diagnostic: execute some network diagnostic and self tests services of the FMP; Roles Allowed: Administrator, csscaisi, maintenance, and operator o • Upgrade: Upgrade the unit with a new release of firmware. Roles Allowed: Administrator, csscaisi o 1.3 Authentication and Authentication Data All roles must be authenticated before they can use module services. The module uses role based authentication. This can be processed either internally by the module or externally using an EAP authentication server. 1.3.1 Authentication Methods All roles must be authenticated if they use FMP services. For Crypto Officer authentication, a username and password must be presented. The module forces the Crypto Officer to change the default password at first login. The FMP Page 6 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge will not accept new passwords that do not meet specified requirements. A Crypto Officer can utilize four secure communication methods to access the FMP. They are: • Secure SSL connection • Directly connected terminal • Secure SSH (SSH-2.0-OpenSSH_5.8) connection • SNMP SNMP is authenticated since it’s enabled and configured within an already authenticated secure SSL, direct connect or secure SSH connection. A Crypto Officer can apply up to nine rules for administrative passwords that allow stronger passwords. These can be reviewed in the user guide. Both modules having the same AccessID authenticate the MSP user. The RSN end user will use either a shared secret or will be authenticated by the use of an external EAP Server (i.e. RADIUS). The authentication data for each of these roles are shown in following table: Table 1: Authentication Data Operator Type of Connect Using Authentication Data Authentication Log Viewer Password HTTP over TLS The possible character space is 91 characters and the password (HTTPS) length is between 8 and 32 characters with the default being 15 characters. Maintenance Password HTTP over TLS The possible character space is 91 characters and the password (HTTPS) length is between 8 and 32 characters with the default being 15 characters. Administrator Password HTTP over TLS The possible character space is 91 characters and the password (HTTPS) length is between 8 and 32 characters with the default being 15 characters. Direct Connect Secure SSH SNMP operator Password HTTP over TLS The possible character space is 91 characters and the password (HTTPS) length is between 8 and 32 characters with the default being 15 characters. csscaisi Password HTTP over TLS The possible character space is 91 characters and the password (HTTPS) length is between 8 and 32 characters with the default being 15 characters. MSP End User Access ID MSP 16-byte Access ID when in FIPS Mode. (In non-FIPS mode, users may select 8-bytes. RSN End User Master Key or RSN 16 bytes Secret IPSec/L2TP Secret IPSec/L2TP 16-32 bytes 1.3.2 Authentication Server Methods The Crypto Officer can also be authenticated by using an authentication server. The Page 7 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points authentication server can be the one built into the FMP, one on another FMP or it can be an external authentication server. The service(s) available are determined by the FMP’s configuration for authentication services as determined by the settings in Authentication Servers and/or Local Authentication. To use an external server (RADIUS) for administrator authentication, it must be configured to use Fortress’s Vendor-Specific Attributes (see the user guide for more information). 1.3.3 Authentication Strength The probability of guessing the authentication data is shown in following table: Table 2: Probability of guessing the authentication data Role Probability of guessing the Probability of guessing the authentication data with authentication data multiple attempts Log Viewer The FMP requires that all variants of the Crypto Officer manually enter the password. Manual entry limits the number of attempts to eight per minute. There are 91 distinct Maintenance characters allowed in the password, and the password may be between 8 and 32 characters, the total number of distinct Administrator ∑ 91 , or . passwords is Therefore, the operator probability of a randomly chosen password between 8 and 32 csscaisi characters being the authentication data is The maximum number of login attempts can be set between 1 and 9 and lockout duration between 0 and 60 minutes. 90 MSP End User User authentication attempts are limited by FLASH read/write speed to less than 16.7 MB/sec. For a 16 Byte Access ID this 91 91 1 represents 120x10^6 password attempts per minute. 90 In which N is 120x10^6 91 91 1 In which N is 120x10^6 90 RSN End User Shared Secret: User authentication attempts are limited by FLASH read/write speed to less than 16.7 MB/sec. For a 16 91 91 1 Byte Shared Secret this represents 120x10^6 attempts per minute. In which N is 120x10^6 90 91 91 1 In which N is 120x10^6 Using EAP: User authentication attempts are limited by accessing a EAP based authentication. The best this could be is no better than the shared secret thus the same rational applies. 90 IPsec End User Shared Secret: User authentication attempts are limited by FLASH read/write speed to less than 16.7 MB/sec. For a 16 91 91 1 Byte Shared Secret this represents 120x10^6 attempts per Page 8 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge In which N is 120x10^6 minute. 1.3.4 Administrative Accounts The FMP uses role based authentication. These are configured by adding administrative accounts configured through the GUI. For instance the product can have multiple administrative accounts each having a unique Username and Password and each being assigned to a particular role (i.e., Log Viewer, Maintenance or Administrator). When a user is logged into the FMP he will have all the rights of the Role he has been assigned. 1.4 Cryptographic Keys and CSP 1.5 For MSP The FMP contains a number of cryptographic keys and Critical Security Parameters (CSP) for MSP as shown in the following table. All keys are generated using FIPS approved algorithms and methods as defined in SP800-56. All keys are kept in RAM and never stored to disk. Table 3: MSP Keys Key Key Type Generation Use Module Secret Key AES: 128, 192, or Uses manually entered AccessID Used to mask static Diffie-Hellman 256 bit. as material which is a shared public key requests and responses over (Hardkey) secret. Not a valid FIPS key. the wire. Automatically generated using the Static Private Key Diffie-Hellman: 160 Along with received Diffie-Hellman DRBG 800-90. or 224 bits Static Public Key from partner is used to generate the Static Secret Encryption ECDH: 384 bits Key Static Public Key Diffie-Hellman: 1024 Automatically generated using Sent to communicating module in a or 2048 bits Diffie-Hellman or ECDH. packet masked with the Module Secret Key. ECDH: 384 bits Static Secret AES: 128, 192, or Automatically generated using Used to encrypt dynamic public key Encryption Key 256 bit. Diffie Hellman or ECDH. requests and responses over the wire. Dynamic Private Diffie-Hellman: 160 Automatically generated using the Along with received Dynamic Public Key or 224 bits DRBG 800-90. Key from partner is used to generate the Dynamic Secret Encryption Key ECDH: 384 bits Dynamic Public Key Diffie-Hellman: Automatically generated using Sent to communicating module in a 1024 or 2048 bits Diffie-Hellman or ECDH. packet encrypted with the Static Secret Encryption Key ECDH: 384 bits Dynamic Secret AES: 128, 192, or Automatically generated using Used to encrypt all packets between Encryption Key 256 bit. Diffie Hellman or ECDH. two communicating modules over the (DKey) wire Page 9 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points Static Group Key AES: 128, 192, or See Below for Full Text. Used to encrypt user-data frames until (SGK) 256 bit. the unicast Dynamic Secret Encryption Key is computed. The static group key (SGK) computation must be deterministic. That is, each node joining the network specified by the AccessID must be able to compute the same static group key without communicating with other nodes on the network. This means that the SGK must be determined solely based on the AccessID for the network. Note that the static group key (SGK) is generated by using the AccessID and a constant to seed an instance of an approved X9.31 RNG. The X9.31 RNG is then used to produce 128, 192, or 256 bits which are then used as the SGK. In FIPS mode, the initial AccessID is generated by using an approved DRBG. When joining an established network, the AccessID is manually entered by the Crypto Officer. 1.6 For RSN An RSN or 802.11i wireless secure LAN can use either a Preshared Secret Key (PSK) or an EAP generated master key. If a PSK is used, each peer must configure the correct hex value. This PSK becomes the Master Key. If the EAP method is used, the Master Key is generate through the EAP process and it’s correctly given to both the Client and FMP. RSN are FIPS capable portions of the IEEE 802.11 specification for wireless LAN networks. The keys for RSN are shown in the following table. AES-CCMP uses AES-CCM (allowed) in the 802.11i protocols (allowed). The P stands for protocol. IEEE802.11i protocols are allowed in FIPS mode. Please see IG 7.2 All keys are kept in RAM and never stored on disk. Table 4: RSN Keys Key Key Type Generation Use Pairwise Master 256 bit key. Using the key generation procedure as defined in the Used to derive Key (PMK) IEEE 802.11 specification. pairwise transient key Pre-shared key: Manual entry of PMK (64-hex digits). (PTK). EAP Method: PMK is created using key material generated during authentication, which is then transferred to FMP using RADIUS protocol. Pairwise For AES-CCM, 384 bit Using the key generation procedure as defined in the Used to protect 2 Transient Key key comprised of three IEEE 802.11 specification. link between (PTK) 128 bit keys: Data end user Encryption/Integrity station and key, EAPOL-Key FMP. Encryption key, and EAPOL-Key Integrity 2 Using the Pseudo Random Function defined in IEEE 802.11i (8.5.1.1), HMAC-SHA1 Page 10 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge key. Group Master 256 bit key. Using the key generation procedure as defined in the Used to derive Key (GMK) IEEE 802.11 specification. group transient key (GTK). Group For RSN/TKIP and Using the key generation procedure as defined in the Used to protect Transient Key WPA, 256 bit key IEEE 802.11 specification. multicast and (GTK) comprised of two 128 broadcast bit keys: Group (group) Encryption key and messages sent Group Integrity key. from FMP to associated end For AES-CCM, 128 bit user station. . key comprised of Group Encryption/Integrity key. Pseudo HMAC 128-bit DRBG 800-90 IEEE802.11i Random Key HMAC SHA-1 PRF function (PRK) 1.7 For IPsec An IPSec tunnel is created over an established AES encrypted RSN/802.11i wireless secure link. If the connection is over the external Ethernet port then the IPSec tunnel is established over the current networking environment. IPSec uses a Preshared Secret Key (PSK) for key generation. All keys are kept in RAM and never stored on disk. Table 5: IPsec Keys Key Key Type Generation Use DH Private Key Diffie-Hellman:160 or Seed is automatically pulled from DRBG 800-90 Used to calculate the 224 bits PRNG DH Key DH Public Key Diffie-Hellman: 1024 or The DH Private Key is fed to the Diffie-Hellman Used for digital 2048 bits function to automatically generate this key signature to authenticate the peer ECDSA Private ECDSA: 256 or 384 Seed is automatically pulled from DRBG 800-90 Used to calculate the Key bits PRNG ECDSA Key ECDSA Public ECDSA Key The ECDSA Private Key is fed to the ECDSA Used for digital Key function to automatically generate this key signature to authenticate the peer Page 11 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points 1.8 For SSL and SSH The SSL protocol (TLS 1.0) is used to establish a FIPS secured connection from a management workstation running a standard Internet Browser to either the FMP GUI or the CLI. The SSH (SSH-2.0-OpenSSH_5.8) protocol uses the cryptographic algorithms of the OpenSSH protocol. The cryptographic keys for SSL and SSH are shown in the following table. All keys are kept in RAM and never stored on disk. Table 6: SSL and SSH Crypto Keys Key Key Type Generation Use RSA Private Key RSA Key Automatically Generated The RSA private key is used to generate signatures. SSL 2048 bit RSA Public Key RSA Key Automatically Generated The RSA public key is used to verify signatures. SSL 2048 bits (1024 for signature verification) DH Private Key Diffie-Hellman: 160 or Seed is automatically Used along to calculate the Pre- 224 bits pulled from DRBG 800- Master Secret from DH SSL & SSH 90 PRNG. DH Public Key Diffie-Hellman: 1024 or The DH Private Key is Used along to calculate the Pre- 2048 bits fed to the Diffie-Hellman Master Secret from DH SSL & SSH function to automatically generate this key Key Block Generic Key Automatically generated The Key Block is the keying Information by SSL Protocol material that is generated for the SSL & SSH AES encryption key. 1 Secret Encryption AES: 128, 192, 256 bit The Secret Encryption Encrypt data packets Key (SSH and SSL Key derivation functions Session Key) use non-approved but allowed algorithms (see section 1.12). Page 12 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge 1.9 Other Critical Security Parameters There are other critical security parameters that present in the FMP as shown in the following table. The Pre-Master secret from the client and DH and the Master Secret for DH are kept in RAM, and all other critical security parameters are in Non-Volatile Storage. Table 7: Other Keys and Critical Security Parameters CSP Type Generation Use Access ID 32 Hex Seed Generated by the approved RNG when MSK, SGK & privD-H Group key Digits in FIPS Mode component and used for authentication Pre-Master Secret (S) Secret A 48 byte secret is generated from the Used to develop the Master Secret from client client, which is wrapped with a 2048-bit RSA key, resulting in 112 bits of encryption strength Pre-Master Secret (S) Diffie-Hellman Diffie-Hellman: Both client and server Used to develop the Master Secret from DH Key Master Secret Secret By TLS Protocol This is the key that is used to encrypt the data Log Viewer Password Password 8 to 16 Characters, entered by the To authenticate the Log View Crypto Officer Maintenance or Password 8 to 16 Characters, entered by the To authenticate the operator operator Password Crypto Officer Administrator or Password 8 to 16 Characters, entered by the To authenticate the Maintenance csscaisi Password Crypto Officer SNMPV3 Pass phrase 8 to 64 Characters To authenticate the use of SNMPV3 Authentication Pass phrase D-H Prime Number Intermediate Hard Code Value The D-H Algorithm Crypto Value Upgrade Key RSA Public Key Public RSA key (256 byte) used to Verify the signature that is attached to decrypt the SHA hash value that is the upgrade package attached to the firmware image that has been loaded from an external workstation. Load Key RSA Public Key Public RSA key (256 byte) used to Verify the signature that is attached to decrypt the SHA hash value that is the load package attached to the firmware image that has been loaded from the internal flash drive PRNG ANSI X9.31 Seed TRNG Random Automatically Generated by TRNG for Seed the OpenSSL X9.31 PRNG (OpenSSL) Seeding seeding X9.31 PRNG information PRNG ANSI X9.31 Key Triple-DES Automatically Generated by TRNG Seed key for OpenSSL X9.31 PRNG K1, K2 (OpenSSL) PRNG ANSI X9.31 Seed TRNG Random Automatically Generated by TRNG for Seed the FPGA X9.31 PRNG Page 13 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Mesh Points (FPGA) Seeding seeding X9.31 PRNG information PRNG ANSI X9.31 Key Triple-DES Automatically Generated by TRNG Seed key for FPGA X9.31 PRNG K1, K2 (FPGA) Configuration Data AES Hardcoded Used to obfuscate the Data Base Base Key (Not a CSP) however not a CSP. Pre-Shared Key Component Manual Entry Used to create the PTK and the PMK HMAC Key SSL Generate within the SSL package SSL module integrity HMAC DRBG entropy Seed Automatically Generated by TRNG Entropy used as input to SP 800-90 HMAC DRBG HMAC DRBG V Value Counter Automatically generated by DRBG Internal V value used as part of SP 800-90 HMAC DRBG HMAC DRBG Key Seed Automatically generated by DRBG Key value used for the HMAC of the SP 800-90 HMAC DRBG HMAC DRBG init_seed Seed Automatically generated by TRNG Initial seed value used in SP 800-90 HMAC DRBG 1.10 Known Answer and Conditional Tests 1.10.1 Known Answer Tests This section describes the known answer tests run on the system. The tests are organized by module against which they are run. Table 8: Known Answer Tests Known Answer Tests for CRYPTLIB Algorithm Modes/States/Key sizes/ AES ECB(e/d; 128,192,256); CBC(e/d; 128,192,256) SHS SHA-1 (BYTE-only) SHA-384 (BYTE-only) SHA-256 (BYTE-only) SHA-512 (BYTE-only) HMAC HMAC-SHA1 (Key Sizes Ranges Tested: KS=BS ) SHS HMAC-SHA256 ( Key Size Ranges Tested: KS=BS ) SHS HMAC-SHA384 ( Key Size Ranges Tested: KS=BS ) SHS HMAC-SHA512 ( Key Size Ranges Tested: KS=BS ) SHS DRBG 800-90 Hash Based DRBG [ HMAC_DRBG: SHA-1 , SHA-256 , SHA-384, SHA-512 ] DH ( Key Size Range Tested: 1024 and 2048) ECDH ECDH-secp ( Key Size Range: 384 bits) ECDSA secp256r1 (P-254) and secp384r1(P-384) Known Answer Tests for FPGA Page 14 of 29 Copyright © 2011 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice. Security Policy for the Fortress Secure Bridge Algorithm Modes/States/Key sizes/ AES CBC(e/d; 128,192,256) CCM (KS: 128 ) (Assoc. Data Len Range: 22 - 30 ) (Payload Length Range: 1 - 32 ) ( Nonce Length(s): 13 ) (Tag Length(s): 8) SHS SHA-1 (BYTE-only) SHA-384 (BYTE-only) HMAC HMAC-SHA1 (Key Sizes Ranges Tested: KS Security from the menu on the left. On the Security screen click EDIT. In the Edit Security screen’s Security Settings frame change the o Operating Mode to Normal or FIPS. • To change operating mode on the CLI The operating mode can be determined by whether the command prompt o displays FIPS; Normal operating mode displays only the hostname and single-character command prompt (> or #). FIPS operating mode is the default Bridge mode of FMP: Bridge CLI o operation. The FMP Normal operating mode does not comply with FIPS. Change between operating modes with the set fips command. To turn o FIPS operating mode on: # set fips on • To place the Bridge in Normal operating mode, turn FIPS operating mode off: FIPS# set fips off o • You must be logged on to an administrator-level account to change the operation mode. • You must verify the unit has the proper seals and/or tape as described in the Security Policy. 6.0 Customer Security Policy Issues Fortress Technologies, Inc. expects that after the FMP’s installation, any potential customer (government organization or commercial entity or division) employs its own internal security policy covering all the rules under which the FMP(s) and the customer’s network(s) must operate. In addition, the customer systems are expected to be upgraded as needed to contain appropriate security tools to enforce the internal security policy. Page 29 of 29 Copyright © 2012 Fortress Technologies, Inc., 2 Technology Park Drive, Westford, MA 01886 This document can be reproduced and distributed only whole and intact, including this copyright notice.