ZE d'CryptorTM ZE Cryptographic Module Security Policy ZE Version: 4.1 Document Number : DC/ZE-0003/FIPS Document Version : 2.13 17 October 2006 © D'Crypt Private Limited 2000-2006 All rights reserved D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Configuration Control Document details File Name: ZE Security Policy.doc Document Title: d'Cryptor ZE Cryptographic Module - Security Policy Document Number: DC/ZE-0003/FIPS Document Revision No.: 2.13 Author: Quek Gim Chye Approved By: Antony Ng Number of pages: 23 Revision Date: 17 October 2006 Remarks Updated after reviewer's comments Revision History Revision Date Author Comments on Revision Inserted certificate numbers for Approved algorithms 1.0 19 Aug 2005 QGC Corrected a typo in Section 6. 1.1 12 Sep 2005 QGC Revised after reviewer's comments 2.0 21 Nov 2005 QGC Updated to include ZE v4.0 Amended tables 1 and 2, figures 1 and 5. 2.1 9 Dec 2005 QGC Added figure 2. Updated for ZE v4.1. List DES as non-compliant. Added indicator of non-Approved mode of operation. 2.2 30 Dec 2005 QGC Removed information on ZE v3.0. Update version numbers for kernel and LFM. 2.3 9 Jan 2006 QGC Updated after comments from reviewer 2.4 13 Jan 2006 QGC Modified Tables 6, 8 and 11 2.5 2 Feb 2006 QGC Updated after further comments from reviewer 2.6 9 Feb 2006 QGC Updated Section 4.4 and Table 8. 2.7 15 Feb 2006 QGC Updated Table 10 2.8 17 Feb 2006 QGC Amended Figure 1 and the words above it 2.9 21 Feb 2006 QGC Updated Figure 1 Added more info on non-Approved mode of operation, 2.10 11 July 2006 QGC and updated Table 11. 2.11 31 July 2006 QGC Updated following further comments from reviewer 2.12 11 Sep 2006 QGC Rephrased CSP entry/output policy 2.13 17 Oct 2006 QGC Paraphrased CSP entry/output policy DC/ZE-0003/FIPS 2 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Contents 1 Scope ................................................................................................................ 4 2 Introduction ....................................................................................................... 4 3 Security Level.................................................................................................... 4 4 The d'Cryptor ZE............................................................................................... 5 5 Approved Mode of Operation............................................................................ 8 6 Roles, Identities and Authentication.................................................................. 9 7 Services .......................................................................................................... 11 8 Access Control Policy ..................................................................................... 15 9 Self-Tests ........................................................................................................ 18 10 Zeroization of CSPs/Cryptographic Keys ....................................................... 19 11 Physical Security Policy .................................................................................. 19 12 Mitigation of Other Attacks Policy ................................................................... 20 13 Secure Operation of ZE .................................................................................. 20 14 Applicable Documents .................................................................................... 21 15 Glossary .......................................................................................................... 22 DC/ZE-0003/FIPS 3 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 1 Scope This document contains the specifications for the non-proprietary security policy for the TM d'Cryptor ZE cryptographic module. This information is required in order to satisfy in part the requirements for the validation of the d'Cryptor ZE at level 3 of the FIPS 140-2 standard. This document applies to version 4.1 of d'Cryptor ZE. 2 Introduction The d'Cryptor ZE cryptographic module ("ZE") is a multi-chip embedded hardware security module designed for high security assurance applications. It accepts the field loading of up to two external firmware modules and executes loaded modules in succession after it has completed its bootstrap and other system initialization processes. Like its predecessor the d'Cryptor QE, the ZE is central to the second generation d'Cryptor line of products where it serves as a secure cryptographic coprocessor, providing a secure operational environment and high-performance cryptographic support. The ZE supports a multitude of interfaces, including several UARTs, synchronous serial port, infrared port, smart card interface, numerous GPIOs as well as an audible buzzer driver. The terms "ZE", "d'Cryptor ZE" and "the module" are used synonymously in this document. 3 Security Level The d'Cryptor ZE meets the overall requirements applicable to Level 3 security of FIPS 140- 2. Table 1 below shows the individual security level requirement achieved by the module: Table 1. Security Levels Security Requirement Area Level Achieved Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N.A. Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks N.A. DC/ZE-0003/FIPS 4 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 4 The d'Cryptor ZE The d'Cryptor ZE is made up of the following components: Table 2. Version Numbers of ZE Components Component Version Number Base hardware 4.1 4.5 d'Cryptor ZE Cryptographic Kernel [Builds 1135849518 and 1135849523] Library Firmware Module (FIPS-LFM) 2.1 Application Firmware Module (FIPS-AFM) 2.0 Two hardware configurations for the ZE are available: Table 3. Part Numbers of ZE Model Part Number Description ZE-N4 DC-ZEN4-41 4 MB Flash ZE-N2 DC-ZEN2-41 2 MB Flash The principal hardware components of the ZE are an ARM-based processor, 80KB static RAM, NVRAM and a flash memory. It operates at a clock speed of 96 MHz. The Kernel contains the base firmware of the ZE, and performs the entire boot-up and initialization processes in the ZE before handing control over to the Library Firmware Module ("LFM"). Upon exit from the LFM, control is passed to the Application Firmware Module ("AFM") and thereafter to the Kernel upon exit from the AFM. The ZE also provides a variety of cryptographic services through an internal library and an application programmer's interface (API) that resides within the Kernel. These services are made available to the LFM, and can be made available to the AFM if necessary. The ZE comes with a pre-installed LFM and an AFM that provides access to all the services that are available from the internal library of the ZE. The ZE allows these modules to be replaced in the field (i.e. outside the factory). An authenticated operator who is authorized to load firmware modules will be able to load a custom-built LFM and AFM into the ZE as long as the modules to be loaded had been cryptographically signed with the correct RSA private signing key. However, the ZE would then need to be re-validated. DC/ZE-0003/FIPS 5 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 4.1 Cryptographic Module Diagram Figure 1 shows views of the d'Cryptor ZE and its cryptographic boundary. Both are indicated by the contiguous dotted red line. Figure 1. Views of d'Cryptor ZE (dotted red line) 4.2 ZE Interfaces The ZE, as presented for this validation effort, uses only the UART3 port for all the communications with the outside world that it performs via service calls. The rest of the interfaces are not used in any way by the ZE, but are intended to be used by future applications that may be loaded into the module. The UART3 interface is also called the diagnostic port, as it outputs diagnostic status messages and accepts control commands for activation of services. The FIPS interfaces of the ZE is made up of all the physical traces leaving the cryptographic boundary. These physical traces on the ZE PCB are presented as physical access points in the form of a 45-pin main connector and a 11-pin alternate connector located on the topmost side of the ZE at opposite sides of the cryptographic boundary as well as other access points on the PCB baseboard (see Figure 1). Table 4 show the standard logical interfaces (as mandated in FIPS 140-2) and their mappings to the actual physical access points on the ZE. Pins on the main connector are numbered from 1 to 45, while pins on the alternate connector are labelled by alphabets from `A' to `L' (Note that `I' is omitted). Signals that goes to the other access points are indicated with a "-". DC/ZE-0003/FIPS 6 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Table 4. Mapping of Logical Interfaces to Physical Ports (ZE v4.1) Logical Interface Physical Port Mapped UART1 (-), UART2 (14), UART3 (A) Data Input Interface All GPIOs (2, 3, 11, 14, 15, 18 to 32, 34 to 36, 38 to 43, J, K, L, -) IRDA (E), SSP (-), Smart Card (8, -) UART1 (45), UART2 (11), UART3 (B) Data Output Interface All GPIOs (2, 3, 11, 14, 15, 18 to 32, 34 to 36, 38 to 43, J, K, L, -) IRDA (D), SSP (F, H, -), Smart Card (5, 6, 8, 12) UART3 (A) Control Input STADDCLK (G), CSC_CLK (-) Interface ST32KIN (-), STPLLIN (-), ST32KOUT (-), STPLLOUT (-) RTC_X1 (-), RTC_X2 (-) Status Output UART3 (B) Interface Buzzer (17) Power supply (10) Power Interface Battery supply (13) Grounds (16, C) 4.3 Approved Algorithms The ZE employs six Approved algorithms and one non-Approved algorithm, as shown in Table 5 and Table 6. Table 5. List of Approved Algorithms Certificate Security Function Remarks Number TDEA 396 2-key and 3-key AES 332 128, 192 and 256 bit keys SHA-1 407 HMAC-SHA-1 136 HMAC with SHA-1 RSA 113 1024, 1536, 2048 bits ANSI X9.31-1998 [ANSI X9.31] ANSI X9.31 DRNG 153 Using AES with 128 bit key Table 6. List of non-Approved Algorithms Security Function Remarks Used only in a FIPS non-approved DES (Non-Compliant) mode of operation DC/ZE-0003/FIPS 7 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 4.4 Overview of Security Features The ZE exists in one of two states, operating or non-operating, based on presence of the main power supply. In non-operating mode, the processor is not powered. All cryptographically sensitive parameters (keys) are stored in encrypted form in Flash memory. Encryption is done with AES-CBC and using a Key Encryption Key (KEK). The KEK is in turn stored in the NVRAM. The NVRAM is backed up via a backup supply that originates in a battery. The source of the backup supply is external to the ZE and would be configuration specific. After power up and completion of self-tests, the KEK is extracted from the NVRAM and used to decrypt and validate all encrypted keys in the Flash memory. The decrypted and validated keys are then stored in the on-chip SRAM for quick access by applications. When the module is powered off, the contents of the SRAM are lost. All operational cryptographic keys remain safely encrypted in the Flash memory. The ZE ensures that only trusted external firmware modules can be loaded by requiring all loadable modules to be digitally signed using a 2048-bit ANSI X9.31 digital signature scheme. Upon each power-up, the ZE verifies the digital signature(s) of all installed firmware modules and executes them in succession only upon successful verification. The factory Certificate Authority generates the private and public key pairs that are used to sign and verify the external firmware modules. The public key certificates are loaded into the ZE as part of the final stage in manufacturing whereas the private keys are maintained outside the ZE and held securely by the assigned individuals (entities) who are responsible for generating and signing the external firmware modules. The ZE provides a host of cryptographic support through an internal library and an API. All keys and cryptographic processing are isolated within this internal library and the d'Crypt Secure Micro O/S running in the ZE ensures that this region is accessible by the LFM/AFM only through the API and never directly. The services from the ZE's internal library are always available to the LFM, but not always available to the AFM. The Kernel controls, through the LFM, the list of services that can be called by the AFM. This allows separate entities to develop codes for the LFM and for the AFM. The LFM developer may choose to expose all the internal library services to the AFM, or expose only some or even none of the services to the AFM, together with other APIs that are coded within the LFM itself. Usually, the LFM would be used for implementing software drivers for accessing ZE interfaces, and other intermediate library APIs that are needed by an end application in the AFM. For physical security, the ZE implements a hard, opaque epoxy potting to protect the hardware and firmware components as well as CSPs and other cryptographic keys. 5 Approved Mode of Operation When the ZE operates in a FIPS 140-2 Approved mode of operation, this is indicated by the message "Operating mode = FIPS" that is displayed via the diagnostic port after powering up (Figure 2): DC/ZE-0003/FIPS 8 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy ... Operating mode = FIPS ... Figure 2. Indication of the Approved Mode of Operation The ZE operates in a non-Approved mode of operation when non-Approved cryptographic services are called (see Table 9). This mode is indicated by the display "Operating mode = non-Approved" (Figure 3). The ZE reverts to the Approved mode of operation upon exiting these services, whereupon the message "Operating mode = FIPS" is displayed again. ... Operating mode = non-Approved ... Figure 3. Indication of a non-Approved Mode of Operation The ZE, with the pre-installed LFM and AFM, has been FIPS validated. If the ZE contains a firmware module that has not been FIPS validated, the ZE loses its FIPS 140-2 validation. The ZE checks for an internal flag contained in the firmware set by the application provider, which indicates the validation status of the module. If the flag is not set, the ZE outputs the following: ... Operating mode = non-FIPS ... Figure 4. Indication of a Non-FIPS Validated Module 6 Roles, Identities and Authentication The ZE provides identity-based authentication to ensure that only authenticated individuals are allowed to operate the ZE and access its cryptographic services. It does not support concurrent operators or any maintenance role. 6.1 Identities The ZE supports the following seven distinct identities: The Crypto-Officer represents the entity who is responsible for managing the security configuration of the module. This entity always assumes the crypto-officer role. The user identities User1 to User6 represent the entities who will assume the user role in order to operate the module. 6.2 Roles The ZE provides two distinct roles - a crypto-officer role (CO) and a user role. The crypto-officer corresponds to the Crypto Officer role as defined in FIPS 140-2. This is a special role that typically has overall authority over the ZE. This authority is manifested in the permissions accorded to this role that grants it the right to modify all keys and write all non-system keys in the key-bank when the ZE is first booted up after DC/ZE-0003/FIPS 9 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 1 delivery from the factory. The crypto-officer role is assumed when performing key management-related functions such as changing keys and their attributes. The user role corresponds to the User role as defined in FIPS 140-2 and represents that of a operator of the ZE. In particular, a user role should not be permitted to carry out critical key management services. 6.3 Transition of Roles The ZE always boots up in a "Unauthenticated role" state. In this state, no security relevant services can be performed. However, non-security relevant services are available for execution. The ZE remains in this state until one of three things happen: The Crypto-Officer logs in successfully via the ZE's authentication services. The ZE then transits to the crypto-officer role and can now perform services that are available to the crypto-officer. The User logs in successfully via the ZE's authentication services. The ZE then transits to the user role and can now perform services that are available to that user role. The ZE powers down or goes to sleep (via the Module Shutdown service). 6.4 Authentication The ZE employs identity-based authentication. An operator authenticates to the ZE by proving knowledge of the appropriate authentication key through a challenge-response protocol that employs the AES algorithm. A login request to the ZE specifies the ID of the role to be assumed after login. From the ID, the ZE uses the respective key (see Table 7) in the challenge-response protocol to ensure that the operator requesting for login possesses that key. Table 7. Authentication Matrix Role to assume Identity ID Key used for Authentication after login Crypto-Officer crypto-officer CO Crypto-Officer Authentication Key COAK User1 user U1 User 1 Authentication Key U1AK User2 user U2 User 2 Authentication Key U2AK User3 user U3 User 3 Authentication Key U3AK User4 user U4 User 4 Authentication Key U4AK User5 user U5 User 5 Authentication Key U5AK User6 user U6 User 6 Authentication Key U6AK 6.4.1 Strength of Authentication The strength of the authentication mechanism depends on both the lengths of the challenge (128-bit) and the authentication key (256-bit). It can be shown that the probability that a random attempt at authentication will succeed is of the order of 2-128. This is significantly smaller than the "one in 1,000,000" requirement in FIPS 140-2. 1 Note that the crypto-officer can relinquish this right (if the operational security policy calls for it) by changing the permissions of non-system keys to deny itself this right. DC/ZE-0003/FIPS 10 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Empirical tests have demonstrated that at most 18,000 authentication attempts can be performed within a one minute period. It follows that the probability that at least one of multiple attempts over a one-minute period will succeed is very much smaller than "one in 2 100,000" . There is no feedback of any authentication data to the operator during an authentication session. 6.5 Protection of Authentication Data The data (CSPs) that are used in authentication are the components of the challenge- response protocol, namely a random challenge, the computed response and the authentication key. These are all maintained in the ZE's internal SRAM. In addition, a permanent copy of all authentication keys are stored encrypted in the ZE's FLASH. Both SRAM and FLASH are protected by the hard opaque epoxy that covers the entire surface of the ZE, thus offering the requisite protection of the authentication data. In addition, all the authentication keys are endowed with special key permissions (via the key-mask) that allow these keys to be read and modified only by the crypto-officer role. All other user roles have no means of access to these keys. In this way, the ZE achieves protection against unauthorized disclosure or modification of the authentication keys. Furthermore, because none of the roles have write permission, it is not possible for any role (including the crypto-officer role) to modify the permissions to make the keys visible or accessible to any other roles. 6.6 Initialization of Authentication Data During the final stage of manufacturing in the factory, a set of default values of the Crypto- Officer Authentication Key and six User Authentication Keys are installed into the ZE. The values of these keys are given to customers to allow them to perform authentication to these roles for the first time. The customer is expected to change the values of these keys by logging into the crypto-officer role before module deployment. See Section 13.3. 7 Services 7.1 Operator Services There are five categories of services provided by the ZE: Key Management Services Cryptographic Services Operator Management Services System Management Services Utilities Services 2 18000 128 18000 This probability is "1 - Prob(all 18000 attempts fail) = 1 - Prob(an attempt fail) = 1 - (1 - 2- ) 128 35 6 1 - (1 - 18000×2- ) < 6×10- , which is clearly smaller than 10- . DC/ZE-0003/FIPS 11 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 3 These services are available as internal APIs that can be called from the Kernel. For the current ZE undergoing validation and loaded with the respective versions of FIPS-LFM and FIPS-AFM, these services are initiated via the diagnostic port via a series of menus. After the ZE has successfully powered up, the AFM menu is displayed via the diagnostic port (see Figure 5). [AFM] : (K)ey.. (C)rypt.. (O)p Mgnt.. (S)ys.. (U)til.. (I)nstall_App (Q)uit ? Figure 5. The AFM Menu Sending the characters "k", "c", "o", "s" and "u" into the diagnostic port causes the ZE to display respective sub-menus for "Key Management Services", "Cryptographic Services", "Operator Management Services", "System Management Services" and "Utilities Services". The relationship between roles and services and the types of access services have to CSPs/SPs ("keys") is summarized in Table 8. The access types are explained as follows: A ("access") - The key can only be referenced for use with its associated service via its key index. The key-material and key-argument remain opaque to service. R ("read") - The key-material and key-argument of the key can be read out by the service. W ("write") - The service can write a new key to the key-bank and modify any key- component of an existing key. M ("modify") - The service can only modify the key-material and key-argument of an existing key and cannot change any of the other key-attributes. Table 8. Roles vs. Services and Access Types to CSPs/SPs U1 - Access Service Description UR CO CSP/SP U6 Type Key Management Services Key-Type Returns key-type × key-specific A Key-Mask Returns key-mask × key-specific A Key-Size Returns size of key-material × key-specific A Key-Link Returns key-link × key-specific A Key-Perm Returns key-perm (permanence) of key × key-specific A Returns key-type in the form of 4-char Key-Type Mnem × key-specific A mnemonic Key-Bank Size Returns the number of keys that can be - - stored in the key-bank Key Read Reads a key from the key-bank × key-specific R Key Modify Updates the key-material for a key × key-specific M Key Write Writes a key into the key-bank × key-specific W Key Delete Deletes a key from the key-bank × key-specific W Module Zeroize Zeroizes all keys in the key-bank ALL W Zeroizes all keys in the key-bank and all Module Zeroize-all × × ALL+ W default keys in the ZE 3 With the sole exception of Module Zeroize-all and External Firmware Erase which are available only from the Main menu. For more information, refer to DC/ZE-0004/FIPS, "d'Cryptor ZE Cryptographic Module - Module Specifications". DC/ZE-0003/FIPS 12 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy U1 - Access Service Description UR CO CSP/SP U6 Type Cryptographic Services Symmetric Key DRNG key Generates random symmetric key × A Generate DRNG Seed DRNG key RSA Key Pair Generate Generates random RSA key-pair × A DRNG Seed Initializes TDEA context in preparation TDEA Context Init × key-specific A for a TDEA operation Performs TDEA encryption/decryption TDEA Context Execute × key-specific A using a TDEA context TDEA Context Quit Frees a TDEA context × key-specific A Performs TDEA encryption/decryption in TDEA Execute × key-specific A ECB/CBC/CFB/OFB modes Initializes AES context in preparation for AES Context Init × key-specific A a AES operation Performs AES encryption/decryption AES Context Execute × key-specific A using a AES context AES Context Quit Frees a AES context × key-specific A Performs AES encryption/decryption in AES Execute × key-specific A ECB/CBC/CFB/OFB modes Initializes RSA context in preparation for RSA Context Init × key-specific A an RSA operation Performs RSA sign/verify using ANSI RSA Context Execute × key-specific A X9.31 mechanisms and an RSA context RSA Context Quit Frees an RSA context. × key-specific A Performs RSA sign/verify using ANSI RSA Execute × key-specific A X9.31 mechanisms Initializes SHA-1 context in preparation SHA-1 Context Init × - - for a SHA-1 operation SHA-1 Context Execute Performs SHA-1 computation × - - Frees a SHA-1 context and computes SHA-1 Context Quit × - - the final hash SHA-1 Execute Computes SHA-1 hash × Initializes HMAC context in preparation HMAC Context Init × key-specific A for a HMAC operation HMAC Context Execute Performs HMAC computation × key-specific A HMAC Context Quit Frees a HMAC context × key-specific A Computes HMAC SHA-1 hash and HMAC Execute × key-specific A computes the final hash Random Number Generates pseudo-random bytes using Generate × key-specific A the ANSI X9.31 RNG Operator Management Services Request for authentication to a role Role Login - - (request for challenge) COAK, Verifies authentication data (verifies the Role Verify × U1AK to A response) U6AK Role Logout Logs out from current role - - - Current Role Returns the current role of the ZE - - System Management Services Library Firmware Load Loads external library firmware × LLVK A Library Firmware Installs library firmware into FLASH × LLVK A Install DC/ZE-0003/FIPS 13 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy U1 - Access Service Description UR CO CSP/SP U6 Type Application Firmware Loads external application firmware × ALVK A Load Application Firmware Installs application program into FLASH × ALVK A Install Application Firmware Checks whether the application firmware - - Loaded has been loaded External Firmware Installs both the library firmware and LLVK × A Install application into FLASH ALVK External Firmware Erases both the library firmware and - - Erase application firmware Module Shutdown Shuts down the ZE (into standby mode) - - Module Reboot Reboots the ZE (soft reboot) - - Utilities Services Flash Memory Write Writes data to the Flash File System - - Flash Memory Erase Erases data from the Flash File System - - Flash Memory Size Returns size of the Flash File System - - Factory ID Returns the factory ID of the ZE - - Serial Number Returns the serial number of the ZE - - Firmware Version Returns the firmware version of the ZE - - Hardware Version Returns the hardware version of the ZE - - Notes: " " is "allowable" "x" is "unallowable" - "-" is "not applicable" "ALL" is "all keys in the key-bank" "ALL+" is "all keys in the key-bank and all default system keys in the System Firmware" "UR" means "Unauthenticated Role" Table 9 shows a list of non-approved cryptographic services available in the ZE during non- Approved mode of operations (see Section 5). Table 9. Non-Approved Cryptographic Services Service Description UR CO U1 - U6 Initializes DES context in preparation for DES Context Init × a DES operation Performs DES encryption/decryption DES Context Execute × using a DES context DES Context Quit Frees a DES context × Performs DES encryption/decryption in DES Execute × ECB/CBC/CFB/OFB modes DC/ZE-0003/FIPS 14 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 7.2 Mandatory Services This section explains how the services mandated by the FIPS 140-2 requirements are implemented by the ZE. 7.2.1 Show Status The current status of the ZE can be observed via the diagnostic port and can be displayed on a PC's terminal console using any serial communication program. 7.2.2 Perform Self-Tests The power-up self-tests can be initiated by one of the following two methods: Power cycle the ZE; Perform the service Module Reboot. The results of the self-tests are sent out via the diagnostic port as they are being executed. 7.2.3 Perform Approved Security Function The ZE employs six Approved security functions as listed in Table 5. These services are activated via the Cryptographic sub-menu under the AFM menu (see Figure 5). 8 Access Control Policy 8.1 Role As described in Sections 6.1 and 6.2, the ZE supports seven identities and two roles. The Crypto-Officer identity always assumes the crypto-officer role after login, and each of the six User identities assumes the user role after login. Authentication of the identity of an operator and the authorization of the operator to assume its assigned role is thus automatically achieved. There are no provisions for an authenticated operator to change roles or to assume a set of roles other than his assigned role as specified by the operator ID. 8.2 Access to Services Access to a cryptographic service in the ZE is controlled by the type of access a role has to the keys that are used by that service. The availability of services to the roles in the ZE has been covered in Section 7. DC/ZE-0003/FIPS 15 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 8.3 List of CSP and SPs The CSPs and SPs in the ZE, together with the modes of access available to roles, are listed in Table 10. These are the 13 cryptographic system keys that are always present in a ZE, the KEK as well as other operational user keys that are loaded into the ZE for the purpose of this validation. Table 10. Modes of Access to CSPs/SPs Modes of CSP/SP Type Access CO U1 to U6 Symmetric key (CSP) COAK A* - Used internally by the ZE to authenticate the Crypto-Officer Symmetric key (CSP) U1AK - A* Used internally by the ZE to authenticate User1 Symmetric key (CSP) U2AK - A* Used internally by the ZE to authenticate User2 Symmetric key (CSP) U3AK - A* Used internally by the ZE to authenticate User3 Symmetric key (CSP) U4AK - A* Used internally by the ZE to authenticate User4 Symmetric key (CSP) U5AK - A* Used internally by the ZE to authenticate User5 Symmetric key (CSP) U6AK - A* Used internally by the ZE to authenticate User6 Public key (SP) ALVK Used internally by the ZE to verify the integrity of an - A application firmware that is loaded into the ZE. Public key (SP) LLVK Used internally by the ZE to verify the integrity of a library - A firmware that is loaded into the ZE. Symmetric key (CSP) Sys DRNG Key - - Used internally by the ZE for RNG initialization Sys DRNG Secret seed (CSP) - - Seed Used internally by the ZE for RNG initialization Symmetric key (CSP) DRNG Key A A Used by the DRNG to generate random numbers Secret seed (CSP). Used by the DRNG to generate random DRNG Seed A A numbers Key-Encryption 256-bit Symmetric key (CSP) - - Key Used internally by the Kernel to encrypt the key-bank Symmetric key (CSP) TDEA-192 key RMW A Used by the TDEA services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) TDEA-128 key RMW A Used by the TDEA services in FIPS-LFM/FIPS-AFM DC/ZE-0003/FIPS 16 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Modes of CSP/SP Type Access CO U1 to U6 Symmetric key (CSP) AES-128 key RMW A Used by the AES services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) AES-192 key RMW A Used by the AES services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) AES-256 key RMW A Used by the AES services in FIPS-LFM/FIPS-AFM Asymmetric key (CSP/SP) RSA-1024 key Used by the RSA sign/verify services in FIPS-LFM/FIPS- RMW A pair AFM Asymmetric key (CSP/SP) RSA-1536 key Used by the RSA sign/verify services in FIPS-LFM/FIPS- RMW A pair AFM Asymmetric key (CSP/SP) RSA-2048 key Used by the RSA sign/verify services in FIPS-LFM/FIPS- RMW A pair AFM Symmetric key (CSP) HMAC-80 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) HMAC-96 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) HMAC-112 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) HMAC-128 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) HMAC-144 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) HMAC-160 key RMW A Used by the HMAC services in FIPS-LFM/FIPS-AFM Symmetric key (CSP) User DRNG key RMW A Used by the DRNG service in FIPS-LFM/FIPS-AFM User DRNG Symmetric key (CSP) RMW A seed Used by the DRNG service in FIPS-LFM/FIPS-AFM Explanatory Notes on Modes of Access: A, R, M, W As used for Table 8. A* Internal access for authentication purposes only - No permissions DC/ZE-0003/FIPS 17 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 9 Self-Tests The ZE performs a series of self-tests during power-up and on-demand to ensure that all the cryptographic operations it provides are functioning properly. Two types of self-tests are implemented: power-up self-tests, which are performed when the ZE is powered up, and conditional self-tests, which are performed whenever a security function is invoked. If any of the self-tests (other than the Memory Test and the Firmware Load Test) fails, the ZE immediately enters a Critical Error state and repeatedly zeroizes all keys in the key- bank, thus leaving the ZE in a zeroized and unusable state and requiring a return of the module to the factory for recovery. 9.1 Power-Up Self-Tests The power-up self-tests consists of the following tests, shown in Table 11: Table 11. Power-Up Self-Tests Self-Test Description Memory Test Read/write tests on selected regions of the FLASH and SRAM Known-answer test for all cryptographic algorithms implemented in ZE: Encryption and Decryption : DES (ECB, CBC, CFB64, OFB64) : TDEA (ECB, CBC, CFB64, OFB64) Cryptographic : AES (ECB, CBC, CFB128, OFB128) Algorithm Tests Sign/Verify : RSA (ANSI X9.31-1998) Message digest : SHA-1 Keyed-message digest : HMAC-SHA-1 Random number generator : DRNG Kernel : 16-bit Error Detection Code (EDC) Firmware Library firmware : 2048-bit digital signature (ANSI X9.31-1998) Integrity Test Application firmware : 2048-bit digital signature (ANSI X9.31-1998) Key Validity Test : 16-bit CRC for each key in the key-bank DRNG Test : Test the functionality of the DRNG. This includes: Checks the attributes consistency of the DRNG Key and DRNG Seed. Generates a fixed number of random blocks and Critical Function verifies that no two consecutive blocks are Test identical. Checks that the DRNG Key and DRNG Seed can be read from the key-bank. Checks that the DRNG seed can be updated after each call to the DRNG. DC/ZE-0003/FIPS 18 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 9.2 Conditional Tests The conditional tests consists of the tests shown in Table 12: Table 12. Conditional Tests Conditional Test Description Pair-wise Performed each time a RSA key pair is generated using the Consistency Test RSA Key Pair Generate service. Performed each time an external firmware library or application Firmware Load is loaded by computing a digital signature based on the ANSI Test X9.31-1998 standard Continuous RNG Performed each time the DRNG is called to generate random Test numbers Building DES key Performed each time a DES service is called, to verify that the schedule DES key has odd parity and is not a weak key Building TDEA key Performed each time a TDEA service is called, to verify that the schedule associated DES keys have odd parity and are not weak keys 10 Zeroization of CSPs/Cryptographic Keys The module provides software means to zeroize all CSPs and other cryptographic keys in the key-bank. This is achieved by calling the services Module Zeroize or Module Zeroize-all. The latter service, in addition to zeroizing the key-bank, also erases all default key values in the Kernel. 11 Physical Security Policy 11.1 Physical Embodiment The ZE is a multi-chip embedded cryptographic module. 11.2 Physical Security Mechanisms The ZE uses standard production-quality components that meet typical commercial-grade specifications. Both sides of the PCB are completely covered with a hard opaque tamper- evident epoxy that meets the hardness required of level 3 of FIPS 140-2. The epoxy is also removal-resistant. 11.3 Physical Security Checks The following physical check on the ZE should be carried out periodically to ensure that physical security is maintained: Inspect both exposed surfaces of the module (that is, the epoxy surface) for any signs of physical tamper. Such signs might include deep scratches or any irregularity (discontinuity of smoothness) on the surface of the epoxy. DC/ZE-0003/FIPS 19 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy It should be noted that the interval between inspections would depend on the application that the ZE is used for, as well as the security threat that the ZE is exposed to under its operational environment. It is recommended that the epoxy surface examination be carried out at least once every 6 months. 12 Mitigation of Other Attacks Policy The ZE is not designed to mitigate any specific attacks. 13 Secure Operation of ZE 13.1 Factory Defaults A d'Cryptor ZE is delivered from the factory in an Approved mode of operation, pre-installed with firmware modules FIPS-LFM v2.1 and FIPS-AFM v2.0, and initialised with a set of 13 default (transport) cryptographic system keys and 20 user cryptographic keys. 13.2 Operating the ZE The ZE operates in an Approved mode of operation when it is shipped from the factory. This can be determined by powering up the ZE and observing that the printable output displayed via the diagnostic port appears as in Figure 2. To operate the ZE using the pre-installed firmware modules, an operator has to access the ZE's diagnostic port and enter the corresponding keyboard characters to activate services available through the various menus. Before activating any cryptographic service, the operator would have to authenticate into an authorized role by logging on as either the Crypto-Officer identity or one of the six UserK identities. If an un-validated library firmware or application firmware is loaded into the ZE (thus replacing FIPS-LFM and/or FIPS-AFM), the ZE loses its FIPS 140-2 level 3 validation. For the ZE to continue operating in an Approved mode after loading a new library firmware or application firmware, the new library/application firmware needs to be validated to FIPS 140- 2 Level 3. 13.3 Security Rules 13.3.1 Operational Security Policy A proper operational security policy should be in place that requires the COAK to be kept under lock and key, and known only to the Crypto-Officer. The validated module does not allow entry or output of CSPs. Potential LFM/AFM developers shall ensure that all CSPs shall be entered into or output from the ZE in encrypted form. 13.3.2 Authentication Security Rules The roles are each accorded priorities in the following manner: The crypto-officer role has a higher priority than the user role. Authorized logins are subjected to the following rules: DC/ZE-0003/FIPS 20 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy Logging in with a higher-priority role automatically logs out any lower-priority role. A lower-priority role cannot log in while a higher-priority role is logged in. Logging in with an authorized role automatically logs out the present role if the impending role is the same as the present role. It is not possible for the Crypto-Officer to assume any of the user roles. It is not possible for a User to assume the crypto-officer role. 14 Applicable Documents FIPS Documents: Name of Document Date Security Requirements for Cryptographic Modules FIPS 140-2 May 25, 2001 (With Change Notices 1, 2, 3, 4) DTR for Derived Test Requirements for FIPS PUB 140-2, March 24, 2004 FIPS 140-2 Security Requirements for Cryptographic Modules (Draft) Annex D of Annex D: Approved Key Establishment September 12, FIPS 140-2 Techniques for FIPS PUB 140-2 2005 (Draft) IG for FIPS Implementation Guidance for FIPS PUB 140-2 and December 1, 2005 140-2 the Cryptographic Module Validation Program American Bankers Association, Digital Signatures ANSI X9.31 - Using Reversible Public Key Cryptography for the September 9, 1998 1998 Financial Services Industry (rDSA) Internal Documents: Reference Name of Document Version Number d'Cryptor ZE Cryptographic Module - Module DC/ZE-0004/FIPS 2.2 Specifications d'Cryptor ZE Cryptographic Module - DC/ZE-0005/FIPS 1.0 Cryptographic Key Management d'Cryptor ZE Cryptographic Module - Software DC/ZE-0008/FIPS 1.1 Developer Manual Other Documents: Reference Name of Document Version Number - - - DC/ZE-0003/FIPS 21 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 15 Glossary 15.1 Acronyms AFM Application Firmware Module ANSI American National Standard Institute ALSK Application load signing key ALVK Application load verification key COAK Crypto-Officer Authentication Key CSP Critical security parameter(s) DRNG Deterministic Random Number Generator DTR Derived Test Requirements FIPS Federal Information Processing Standards GPIO General-Purpose Input/Output KEK Key-Encryption Key LFM Library Firmware Module LLSK Library load signing key LLVK Library load verification key SP Security Parameter(s) UART Universal Asynchronous Receiver/Transmitter UxAK User x Authentication Key (where "x" is "1" to "6") DC/ZE-0003/FIPS 22 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced. D'CRYPT Personalizing Your Security d'Cryptor ZE Cryptographic Module - Security Policy 15.2 Definitions key or full key A 6-entry tuple consisting of a key-type, a key-mask, a key-size, a key-link, a key-argument and key-material of the given key size key-argument A general-purpose argument that forms one of the key contents associated with a key. key-attribute A key-component of a key that describes a particular characteristic of the key. There are altogether 5 attributes assigned to a key, namely, key-type, key-mask, key-size, key-link and key-perm. key-bank A region of the ZE's memory that is used to store keys. key-index A non-negative integer that identifies a key in the key-bank key-link An attribute of a key that is only valid for RSA public/private keys and for DRNG/SEED keys, since in the ZE, there are the only keys that appear as key-pairs. The key-link of the public (respectively private) key provides the key-index of the corresponding private (respectively public) key of the key-pair. The key-link of the SEED points to the DRNG key which in turn has a zero link. key-mask A user-defined quantity that is associated with a key and is used to identify the role or group of roles that are allowed to access this key; sometimes referred to as key permission mask. key-material Refers to all the bits of a cryptographic key, and is used synonymously with the usual meaning of a cryptography key used in conjunction with a cryptographic algorithm key pair A pair of keys that are related cryptographically. Two types of key pairs are used in the ZE: RSA key pair and DRNG/SEED key pair. A RSA key pair comprises a public key and a private key. A DRNG/SEED key pair comprises an AES key, and a seed for seeding the DRNG. key-perm An attribute of a key that indicates the permanence of the key. A key can be a temporary key (available only as long as the module is powered, and be lost upon reboot), or a permanent key (stored permanently in the key-bank). key-size The number of bits in the key-material of a key key-type Indicates the cryptographic algorithm associated with a key mode of operation The mode in which the ZE is operating. This is either FIPS mode (which is the Approved mode of operation) or non-FIPS mode (any mode which is not an Approved mode of operation). security parameter Security-related information (e.g. public cryptographic keys) whose modification can compromise the security of a cryptographic module. Note the distinction between SP and CSP. The disclosure of a SP does not affect the security of the module. system keys A set of 13 cryptographic keys that are installed by default in the ZE. These keys occupy key-indices 0 to 12. trusted application An application firmware module that has been FIPS 140-2 validated. trusted library A library firmware module that has been FIPS 140-2 validated. DC/ZE-0003/FIPS 23 / 23 D'Crypt Private Limited 2000-2006. All rights reserved. Permission is hereby granted for the reproduction in whole of this document, provided that full acknowledgment is given, the copyright notice above and this notice is reproduced.