FIPS 140‐2 Security Policy for: Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive TOSHIBA CORPORATION Rev 1.4.0 Dec 12, 2014 1 TOSHIBA TCG ENTERPRISE SSC SELF-ENCRYPTING HARD DISK DRIVE ..................................... 1 OVERVIEW ................................................................................................................................................ 3 ACRONYMS ............................................................................................................................................... 3 SECTION 1 – MODULE SPECIFICATION............................................................................................... 4 SECTION 1.1 – PRODUCT VERSION ...................................................................................................... 4 SECTION 2 – ROLES SERVICES AND AUTHENTICATION .................................................................. 4 SECTION 2.1 – SERVICES ....................................................................................................................... 4 SECTION 3 – PHYSICAL SECURITY ...................................................................................................... 5 SECTION 4 – OPERATIONAL ENVIRONMENT ..................................................................................... 7 SECTION 5 – KEY MANAGEMENT ......................................................................................................... 7 SECTION 6 – SELF TESTS ....................................................................................................................... 7 SECTION 7 – DESIGN ASSURANCE ....................................................................................................... 8 SECTION 8 – MITIGATION OF OTHER ATTACKS................................................................................. 8 Dec 12, 2014 2 Overview The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (AL13SXQ300/450/600NB) is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, and FW download. This CM is a multiple-chip embedded, and the physical boundary of the CM is the entire HDD. The physical interface for power-supply and communication is one SAS connector. The CM is connected with host system by SAS cable. The logical interface is the SAS, TCG SWG, and Enterprise SSC. The CM has the non-volatile storage area for not only user data but also the keys, CSPs, and FW. The latter storage area is called the “system area”, which is not logically accessible / addressable by the host application. Section Level 1. Cryptographic Module Specification 2 2. Cryptographic Module Ports and Interfaces 2 3. Roles, Services, and Authentication 2 4. Finite State Model 2 5. Physical Security 2 6. Operational Environment N/A 7. Cryptographic Key Management 2 8. EMI/EMC 2 9. Self‐Tests 2 10. Design Assurance 2 11. Mitigation of Other Attacks N/A Overall Level 2 Table 1 ‐ Security Level Detail This document is non-proprietary and may be reproduced in its original entirety. Acronyms AES Advanced Encryption Standard CM Cryptographic Module CSP Critical Security Parameter DRBG Deterministic Random Bit Generator EDC Error Detection Code FW Firmware KAT Known Answer Test LBA Logical Block Address MSID Manufactured SID NRBG Non-deterministic random bit generator PCB Printed Circuit Board POST Power on Self-Test PSID Printed SID Dec 12, 2014 3 SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID Section 1 – Module Specification The CM has one FIPS 140 approved mode of operation and CM is always in approved mode of operation. The CM provides services defined in Section 2.1 and other non-security related services. Section 1.1 – Product Version The Toshiba Enterprise SSC Self-Encrypting Hard Disk Drive has been validated: - Hardware version: A0 with AL13SXQ300NB(2.5-inch, SAS Interface, 300GB), AL13SXQ450NB(2.5-inch, SAS Interface, 450GB), or AL13SXQ600NB(2.5-inch, SAS Interface, 600GB) - Firmware version: 0101 Section 2 – Roles Services and Authentication This section describes roles, authentication method, and strength of authentication. Role Name Role Type Type of Authentication Authentication Multi Attempt strength Authentication Strength EraseMaster Crypto Officer Role PIN 1/248 < 1/1,000,000 15,000 / 248 < 1 / 100,000 SID Crypto Officer Role PIN 1/248 < 1/1,000,000 15,000 / 248 < 1 / 100,000 BandMaster0 User Role PIN 1/248 < 1/1,000,000 15,000 / 248 < 1 / 100,000 BandMaster1 User Role PIN 1/248 < 1/1,000,000 15,000 / 248 < 1 / 100,000 … … … … … … BandMaster8 User Role PIN 1/248 < 1/1,000,000 15,000 / 248 < 1 / 100,000 Table 2 Identification and Authentication Policy Per the security policy rules, the minimum PIN length is 6 bytes. Therefore the probability that a random attempt will succeed is 1/248 < 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 5msec when authentication attempt fails, so the maximum number of authentication attempts is 12,000 times in 1 min. Therefore the probability that random attempts in 1min will succeed is 12,000 / 248 < 1 / 100,000. Section 2.1 – Services This section describes services which the CM provides. Service Description Role(s) Keys & Algorithm(CAVP RWX(Read, Method CSPs Certification Write,eXecute ) Number) Block or allow read (decrypt) / BandMaster0 N/A N/A N/A SECURITY Band write (encrypt) of user data in … PROTOCOL IN(TCG Lock/Unlock a band. Locking also requires BandMaster8 Set Method Result) read/write locking to be enabled Dec 12, 2014 4 Erase user data (in EraseMaster MEK(s) W Hash_DRBG(#519) SECURITY Cryptographic cryptographic means) by PROTOCOL IN(TCG RKey X AES256CBC(#2877) Erase changing the data encryption Erase Method Result) key Encryption / decryption of None MEKs X XTS-AES256(#2877) SCSI READ/WRITE Data unlocked user data to/from Commands read/write(decr band ypt/encrypt) Enable / Disable firmware SID PubKey X RSASSA-PKCS-v1_5 SECURITY Firmware download and load a complete (#1515) PROTOCOL IN(TCG Download firmware image, and save it. Set Method Result), If the code passes "Firmware SCSI WRITE load test", the device is reset BUFFER and will run with the new code. Provide a random number None Seed R Hash_DRBG(#519) SECURITY RandomNumbe generated by the CM PROTOCOL IN(TCG r generation Random Method Result) Runs POSTs and delete None N/A N/A N/A Power on reset Reset(run CSPs in RAM POSTs) Set the location and size of BandMaster0 N/A N/A N/A SECURITY Set band the LBA range … PROTOCOL IN(TCG position and BandMaster8 Set Method Result) size Setting PIN (authentication All for their RKey X AES256CBC(#2877) SECURITY Set PIN data) PIN PROTOCOL IN(TCG SHA256(#2418) Set Method Result) Report status of the CM None N/A N/A N/A SCSI REQUEST Show Status SENSE Erase user data in all bands None1 RKey X,W AES256CBC(#2877) SECURITY Zeroization by changing the data PROTOCOL IN(TCG MEKs W Hash_DRBG(#519) encryption key, initialize RevertSP Method PIN W range settings, and reset Result) PINs for TCG Table 3 – FIPS Approved services Section 3 – Physical Security The CM has the following physical security: Production-grade components with standard passivation  Three tamper-evident security seals are applied to the CM in factory  One opaque and tamper-evident security seal (PCB SEAL) is applied to PCB of the CM.  This seal prevents an attacker to remove the PCB and survey electronic design Two tamper-evident security seals (TOP SEAL 1 and TOP SEAL 2) are applied to top cover  of the CM. These seals prevent top cover removal Exterior of the drive is opaque  The tamper-evident security seals cannot be penetrated or removed and reapplied without  tamper-evidence Need to input PSID, which is public drive-unique value used for the TCG RevertSP method. 1 Dec 12, 2014 5 The operator is required to inspect the CM periodically for one or more of the following tamper evidence. If the operator discovers tamper evidence, the CM should be removed. Message “VOID” on security seal or top plate  Text on security seals does not match original  Cutting line on security seal  Security seal cutouts do not match original  Dec 12, 2014 6 Section 4 – Operational Environment Operational Environment requirements are not applicable because the CM operates in a “non-modifiable”, that is the CM cannot be modified and no code can be added or deleted. Section 5 – Key Management The CM uses keys and CSPs in the following table. Key/CSP Length Type Zeroize Method Establishment Output Persistence/Storage BandMaster/Erase 256 PIN Zeroization service Electronic input No SHA digest/System Area Master/SID PINs Encrypted by RKey / MEKs 512 Symmetric Zeroization service DRBG No System Area Output: Host can MSID 256 Public N/A(Public) Manufacturing Plain / System Area retrieve PubKey 2048 Public N/A(Public) Manufacturing No Plain / System Area Obfuscated(Plain in FIPS RKey 256 Symmetric Zeroization service DRBG No means) / System Area Entropy collected Seed 440 DRBG seed Power-Off from NDRNG at No Plain/RAM Power-On Note that there is no security-relevant audit feature and audit data. Section 6 – Self Tests The CM runs self-tests in the following table. Function Self-Test Type Abstract Firmware Integrity Check Power-On EDC 32-bit FW SHA256 Power-On Digest KAT AES(AES CBC) Power-On Encrypt and Decrypt KAT Dec 12, 2014 7 AES(AES XTS) Power-On Encrypt and Decrypt KAT FW Hash_DRBG Power-On DRBG KAT FW RSASSA-PKCS-v1_5 Power-On Signature verification KAT FW Hash_DRBG Conditional Verify newly generated random number not equal to previous one NDRNG Conditional Verify newly generated random number not equal to previous one Firmware load test Conditional Verify signature of downloaded firmware image by RSASSA-PKCS-v1_5 When the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 7 – Design Assurance Refer to the guidance document provided with the CM. Section 8 – Mitigation of Other Attacks The CM does not mitigate other attacks beyond the scope of FIPS 140-2 requirements. Dec 12, 2014 8