3e Technologies International, Inc. FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation 3e-523-F2 Secure Multi-function Wireless Data Point Version 2.1 September 2007 Copyright ©2007 by 3e Technologies International. This document may freely be reproduced and distributed in its entirety. Version 2.1 FIPS 140-2 Non-Proprietary Security Policy GLOSSARY OF TERMS................................................................................................. 3 1. INTRODUCTION..................................................................................................... 4 1.1. PURPOSE .............................................................................................................. 4 1.2. DEFINITION .......................................................................................................... 4 1.3. SCOPE .................................................................................................................. 6 2. ROLES, SERVICES, AND AUTHENTICATION ................................................ 7 2.1.1. Roles & Services ......................................................................................... 7 2.1.2. Authentication Mechanisms and Strength ................................................ 12 3. SECURE OPERATION AND SECURITY RULES ........................................... 14 3.1. SECURITY RULES ............................................................................................... 14 3.2. PHYSICAL SECURITY RULES .............................................................................. 14 3.3. SECURE OPERATION INITIALIZATION ................................................................. 16 4. SECURITY RELEVANT DATA ITEMS ............................................................ 17 4.1. CRYPTOGRAPHIC ALGORITHMS ......................................................................... 17 4.2 SELF-TESTS ........................................................................................................ 17 4.3 CRYPTOGRAPHIC KEYS AND SRDIS................................................................... 18 4.4 ACCESS CONTROL POLICY ................................................................................. 21 Version 2.1 2 FIPS 140-2 Non-Proprietary Security Policy Glossary of terms AP Access Point CO Cryptographic Officer DH Diffie Hellman DHCP Dynamic Host Configuration Protocol DMZ De-Militarized Zone IP Internet Protocol EAP Extensible Authentication Protocol FIPS Federal Information Processing Standard HTTPS Secure Hyper Text Transport Protocol LAN Local Area Network MAC Medium Access Control NAT Network Address Translation PRNG Pseudo Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm SRDI Security Relevant Data Item SSID Service Set Identifier TLS Transport Layer Security WAN Wide Area Network WLAN Wireless Local Area Network Version 2.1 3 FIPS 140-2 Non-Proprietary Security Policy 1. Introduction 1.1. Purpose This document describes the non-proprietary cryptographic module security policy for 3e Technologies International`s wireless universal product, the 3e-523-F2 Secure Multi- function Wireless Data Point (3e-523-F2) (Hardware Versions: HW V1.0, V1.1; Firmware Version 4.1.7.2). This policy was created to satisfy the requirements of FIPS 140-2 Level 2. This document defines 3eTI's security policy and explains how the 3e- 523-F2 meets the FIPS 140-2 security requirements. The figure below shows the 3e-523-F2. Figure 1 ­ 3e-523-F2 The cryptographic module security policy consists of a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard. Please refer to FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules available on the NIST website at http://csrc.nist.gov/cryptval/. 1.2. Definition The 3e-523-F2 is a device, which consists of electronic hardware, embedded software and strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. The Version 2.1 4 FIPS 140-2 Non-Proprietary Security Policy cryptographic boundary of the 3e-523-F2 is defined to be the entire enclosure of the Product. The 3e-523-F2 is physically bound by the mechanical enclosure, which is protected by tamper evident tape. 3eTI software provides the following major services in FIPS mode: - Wireless 802.11a/b/g Access Point functionality - Wireless 802.11a/b/g Client functionality - Wireless 802.11a/b/g Bridge functionality (bridging from the wired uplink LAN to the wireless LAN). - Wireless 802.11a/b/g functionality (auto-forming, self-healing wireless capability) - DHCP service to the local LAN (allows a wired local LAN to exist over the local LAN interface). - SNMP - USB compatibility - Subnet Roaming - Virtual LAN - 802.11i - 2Mbits Boot FLASH, 16 MB FLASH, 64 MB SDRAM When the 3e-523-F2 is in Client mode, a Configuration Utility provides an intuitive user interface to configure, manage and use various features. The administrator can configure up to 10 separate profiles. Each profile consists of various wireless configuration parameters like: Security Mode (FIPS or non-FIPS mode) SSID Card type (802.11a/b/g) Wireless authentication type Encryption (AES, Triple-DES, DKE, AES-CCMP) and related keys or certificate. Power level Transmit rate. Although SNMP traffic is transmitted encrypted (using DES or AES), for FIPS purposes, it is considered to be plaintext. The reason being, encryption keys are derived from a pass-phrase, which is not allowed in FIPS mode. Version 2.1 5 FIPS 140-2 Non-Proprietary Security Policy 1.3. Scope This document will cover the secure operation of the 3e-523-F2 including the initialization, roles and responsibilities of operating the product in a secure, FIPS- compliant manner, and describe the Security Relevant Data Items (SRDIs). The 3e-523-F2 has six modes of operations, which are listed in the table below: Mode FIPS Mode Gateway Mode (Mode 1) No Gateway Mode (Mode 2) Yes AP / Bridging Mode (Mode 1) No AP / Bridging Mode (Mode 2) Yes Client Mode (Mode 1) No Client Mode (Mode 2) Yes Version 2.1 6 FIPS 140-2 Non-Proprietary Security Policy 2. Roles, Services, and Authentication The 3e-523-F2 supports four separate roles. The set of services available to each role is defined in this section. The 3e-523-F2 authenticates an operator's role by verifying his PIN or access to a shared secret. 2.1.1. Roles & Services The 3e-525A-3 supports the following authorized roles for operators: Crypto Officer Role: The Crypto officer role performs all security functions provided by the 3e-523-F2. This role performs cryptographic initialization and management functions (e.g., module initialization, input/output of cryptographic keys and SRDIs, audit functions and user management). The Crypto officer is also responsible for managing the Administrator users. The Crypto officer must operate within the Security Rules and Physical Security Rules specified in Sections 3.1 and 3.2. The Crypto officer uses a secure web-based HTTPS connection to configure the 3e-523-F2. Up to ten Crypto Officers may be defined in the 3e-523-F2. The Crypto Officer authenticates to the 3e- 523-F2 using a username and password. Administrator Role: This role performs general 3e-523-F2 configuration such as defining the WLAN, LAN and DHCP settings, performing self-tests and viewing system log messages for auditing purposes. No CO security functions are available to the Administrator. The Administrator can also reboot the 3e-523-F2, if deemed necessary. The Administrator must operate within the Security Rules a specified in Section 3.1 and always uses a secure web-based HTTPS connection to configure the 3e-523-F2. The Administrator authenticates to the 3e-523-F2 using a username and password. Up to 5 operators who can assume the Administrator role can be defined. All Administrators are identical; i.e., they have the same set of services available. The Crypto Officer is responsible for managing (creating, deleting) Administrator users. Version 2.1 7 FIPS 140-2 Non-Proprietary Security Policy The following table outlines the functionalities that are provided by the "operator" roles (Crypto Officer and Administrator): Categories Features Operator Roles CryptoOfficer Administrator Default Reset12 Default Reset6 Zeroize11 Zeroize5 Delete10 Delete4 Show1 Show7 Add3 Add9 Set2 Set8 System Configuration · General Hostname X X X X X X Domain name X X X X X X Date/Time X X X X X X · WAN DHCP client X X X X X X Static IP address X X X X X X 10/100 MBps half/full X X X X X X duplex/auto · LAN IP address X X X X X X Subnet mask X X X X X X · Operating Gateway ­ FIPS X X X X X X Mode Gateway ­ Non-FIPS X X X X X X AP / Bridging Mode ­ X X X X X X FIPS X X X X X X AP / Bridging Mode ­ X X X X X X Non-FIPS X X X X X X AP / Bridging Mode ­ FIPS / IPv6 AP / Bridging Mode ­ Non-FIPS / IPv6 Wireless Access Point · General SSID X X X X X X Wireless Mode X X X X X X Channel Number X X X X X X · Enable / Disable X X X X X X 1 The operator can view this setting 2 The operator can change this setting 3 The operator can add a required input. For example: Adding an entry to the MAC address filtering table 4 The operator can delete a particular entry. For example: Deleting an entry from the MAC address filtering table 5 The operator can zeroize these keys. 6 The operator can reset this setting to its factory default value. This is done by performing a zeroize 7 The operator can view this setting 8 The operator can change this setting 9 The operator can add a required input. For example: Adding an entry to the MAC address filtering table 10 The operator can delete a particular entry. For example: Deleting an entry from the MAC address filtering table 11 The operator can zeroize these keys. 12 The operator can reset this setting to its factory default value. This is done by performing a zeroize Version 2.1 8 FIPS 140-2 Non-Proprietary Security Policy Categories Features Operator Roles CryptoOfficer Administrator Default Reset12 Default Reset6 Zeroize11 Zeroize5 Delete10 Delete4 Show1 Show7 Add3 Add9 Set2 Set8 Auto Selection X X X X X X · Auto selection X X X X X X button X X X X X X Transmit Power Mode X X X X X X Fixed Power Level X X X X X X Beacon Interval X X X X X X RTS Threshold X X X X X X DTIM X X X X X X Basic Rates X X X X X X Preamble Enable / Disable Broadcast SSID · Security No Encryption X X X X Dynamic Key X X X X Management X X X X X Triple-DES X X X X X AES (128-/192-256-bit) X X X X FIPS 802.11i · Wireless Enable/Disable X X X X VLAN VLAN X X X X X X X · MAC Address Enable/Disable X X X X X Filtering Add/Delete entry X X Allow/Disallow Filter X X X X X · Rogue AP Enable/Disable X X X X X X Detection Known AP MAC X X address X X X X X X Email / Display rogue AP · Advanced Load Balancing X X X X X X Layer 2 Isolation X X X X X X Wireless Bridge · General Manual/Auto Bridge X X X X X X SSID X X X X X X Max Auto Bridge X X X X X X Bridge Priority X X X X X X Signal Strength X X X X X X Threshold X X X X X X Broadcast SSID X X X X X X enable/disable X X X X X X Signal Strength LED X X X X X X X X MAC STP enable/disable Remote BSSID · Radio Wireless Mode X X X X X X Tx Rate X X X X X X Channel No X X X X X X Version 2.1 9 FIPS 140-2 Non-Proprietary Security Policy Categories Features Operator Roles CryptoOfficer Administrator Default Reset12 Default Reset6 Zeroize11 Zeroize5 Delete10 Delete4 Show1 Show7 Add3 Add9 Set2 Set8 Tx Pwr Mode X X X X X X Propagation Distance X X X X X X RTS Threshold X X X X X X Remote BSSID X X · Encryption No Encryption X X X X Triple-DES X X X X X X AES (128-/192-256-bit) X X X X X X Service Settings · DHCP Server Enable / Disable X X X X X X Starting / Ending IP X X X X X X address · Subnet Enable / Disable X X X X X X Roaming Coordinator Address X X X X X X X X · SNMP agent Enable/ Disable X X X X X X Community settings X X X X X X Secure User X X X X X X Configuration X X X X X X System Information · Misc Service Print Server: Enable/ X X X X X X Disable User Management · List All Users X X X X X X · Add New User X · User Password Enable/Disable X X X X Policy Policy setting X X X X Monitoring/Repor ts · System Status Security Mode X X Current Encryption X X Mode X X Bridging encryption X X mode X X System Uptime X X Total Usable memory X X Free Memory X X Current Processes X X Other Information Network interface status · Bridging Status of Layer 2 bridge X X Status devices · Wireless MAC Address (manfr's X X Clients name) X X Received Signal X X Strength TX rate Version 2.1 10 FIPS 140-2 Non-Proprietary Security Policy Categories Features Operator Roles CryptoOfficer Administrator Default Reset12 Default Reset6 Zeroize11 Zeroize5 Delete10 Delete4 Show1 Show7 Add3 Add9 Set2 Set8 · Adjacent AP AP MAC address X X List SSID X X Channel X X Signal X X Noise X X Type X X Age X X WEP X X · DHCP Client Client Hostname X X X X List IP Address X X X X MAC Address (manfr's X X X X name) · System Log Date/Time/Message X X X X · Web Access X X X X Log · Network X X X X Activities Auditing · Log X X X X · Report Query X X · Configuration Enable/Disable X X X X Selectable items X X X X System Administration · System Firmware Upgrade X X X X Upgrade Local Configuration X X X X Upgrade X X X X Remote Configuration Upgrade · Factory X Defaults · Remote Enable/Disable X X X X X X Logging Settings X X X X X X · Reboot X X · Utilities Ping X X Traceroute X X Client Role: The Client Role is the User Role. This role is assumed by the wireless client workstation that uses static or dynamic key AES or Triple-DES encryption to communicate wirelessly with the 3e-523-F2 when the 3e-523-F2 is in AP mode. Authentication is implicitly selected by the correct knowledge of the static key, or for dynamic key encryption, EAP-TLS authentication is performed and the client uses its Version 2.1 11 FIPS 140-2 Non-Proprietary Security Policy public key certificate to authenticate itself. The static key (TDES or AES key) is configured on the 3e-523-F2 by the Crypto officer. The static key must be pre-shared between the 3e-523-F2 and the client. The 3e-523-F2 supports 128 clients / client workstations, if MAC address filtering is disabled. If MAC address filtering is enabled, only 60 clients are allowed. The Client role has the ability to send data to and through the 3e-523-F2. All data is sent in the form of 802.11 wireless packets. All wireless communication is encrypted using either Triple-DES or AES encryption (based upon the 3e-523-F2 configuration). In bypass mode, plaintext packets can also be sent to the 3e-523-F2. The Client role also employs 802.11i authentication schemes including 802.1X, EAP-TLS, and preshared key modes. Also, a Wireless Access Point (WAP) may act in the Client role by communicating with the 3e-523-F2 in bridging mode. A slight variant of the Client role is when the 3e-523-F2 is in Client mode and is associating to an external wireless access point. Security Server Role: This role is assumed by the authentication server, which is a self- contained workstation connected to the 3e-523-F2 over the Ethernet Uplink WAN port. The security server is employed for authentication of wireless clients and key management activities. The Security Server is used only during dynamic key exchange. The Security Server authenticates using a shared secret which is used as an HMAC- SHA1 key to sign messages sent to the 3e-523-F2 during dynamic key exchange. The Security Server IP address and password are configured on the 3e-523-F2 by the Crypto Officer. Only one Security Server is supported. The Security Server performs following services: · EAP-TLS authentication · Process dynamic key exchange after a successful authentication · Perform a DH key exchange with the 3e-523-F2 to negotiate an AES key · Send Unicast key to the Gateway encrypted with the AES key negotiated using a DH key exchange 2.1.2. Authentication Mechanisms and Strength The following table summarizes the four roles and the type of authentication supported for each role: Role Type of Authentication Authentication Data Crypto Officer Role-based Userid and password Administrator Role-based Userid and password Client Role-based Static Key (TDES or AES) Client Role-based CA signature Client Role-based AES CCM pre-shared key Security Server Role-based HMAC SHA1 (Shared secret) Version 2.1 12 FIPS 140-2 Non-Proprietary Security Policy The following table identifies the strength of authentication for each authentication mechanism supported: Authentication Mechanism Strength of Mechanism Userid and password Minimum 8 characters => 94^8 = 6.096E15 Static Key (TDES or AES) TDES (192-bits) or AES (128, 192, or 256-bits) HMAC SHA-1 shared secret Minimum 10 characters => 94^10 = 5.386E19 CA signature Modulus size1024 bits (provides 80 bits of strength) AES CCM pre-shared key Minimum 8 characters => 94^8 = 6.096E15 EAP-TLS CA signature => Modulus size 1024 bits (provides 80 bits of strength) Version 2.1 13 FIPS 140-2 Non-Proprietary Security Policy 3. Secure Operation and Security Rules In order to operate the 3e-523-F2 securely, each operator should be aware of the security rules enforced by the module and should adhere to the physical security rules and secure operation rules detailed in this section. 3.1. Security Rules The following 3e-523-F2 security rules must be followed by the operator in order to ensure secure operation: 1. Every operator (Crypto Officer or Administrator) has a user-id on the 3e-523-F2. No operator will violate trust by sharing his/her password associated with the user-id with any other operator or entity. 2. The Crypto Officer will not share any key, or SRDI used by the 3e-523-F2 with any other operator or entity. 3. The Crypto Officer will not share any MAC address filtering information used by the 3e-523-F2 with any other operator or entity. 4. The operators will explicitly logoff by closing all secure browser sessions established with the 3e-523-F2. 5. The operator will disable browser cookies and password storing mechanisms on the browser used for web configuration of the 3e-523-F2. 6. The Crypto officer is responsible for inspecting the tamper evident seals on a daily basis. A compromised tape reveals message "OPENED" with visible red dots. Other signs of tamper include wrinkles, tears and marks on or around the label. 7. The Crypto Officer should change the default password when configuring the 3e- 523-F2 for the first time. The default password should not be used. 3.2. Physical Security Rules The following section contains detailed instructions to the Crypto Officer concerning where and how to apply the tamper evident seals to the 3e-523-F2 enclosure, in order to provide physical security for FIPS 140-2 level 2 requirements. Tools: Wire Cutters (wire seal removal) Materials: 3e-523-F2­ Quantity: 1 Seal, Tape, Tamper-evident ­ Quantity: 2 Isopropyl Alcohol Swab 3M Adhesive Remover (citrus or petroleum based solvent) Installation ­ Tamper-evident tape Version 2.1 14 FIPS 140-2 Non-Proprietary Security Policy 1. Locate on 3e-523-F2 the placement locations of tamper-evident tape seals. (Locations as shown in Figure 2). 2. Thoroughly clean area where tamper-evident tape seal is to be applied with isopropyl alcohol swab. Area must be clean of all oils and foreign matter (dirt, grime, etc.) 3. Record tracking number from tamper-evident tape seal. 4. Apply seal to locations on the 3e-523-F2 as shown in Figure 2. It is important to ensure that the seal has equal contact area with both top and bottom housings. 5. After application of seals to 3e-523-F2, apply pressure to verify that adequate adhesion has taken place. Removal ­ Tamper-evident tape 1. Locate on 3e-523-F2 locations of tamper-evident tape seals (2 locations as shown in Figure 2). 2. Record tracking numbers from existing tamper-evident tape seal and verify physical condition as not tampered or destroyed after installation. 3. Cut tape along seam of 3e-523-F2 to allow opening of enclosure. 4. Remove nut and washer from antenna connectors. 5. Using 3M adhesive remover or equivalent, remove residual tamper-evident seal tape. (two locations as shown in Figure 2). Version 2.1 15 FIPS 140-2 Non-Proprietary Security Policy The picture below shows the physical interface side of 3e-523-F2 enclosure with tamper- evident seals. Figure 2 3.3. Secure Operation Initialization Refer to the 3e-523-F2 User Manual for details of secure operation initialization and screen shots. 1. The operator will disable browser cookies and password storing mechanisms on the browser used for web configuration of the 3e-523-F2. 2. The CO will change the default CO password that is shipped with the module. 3. The CO will apply tamper evidence labels as described in section 3.2 above. 4. The CO will select the FIPS mode of operation radio button. a. In order to enter FIPS mode, select the FIPS 140-2 Mode box on the Operation Mode page of the management GUI. This will force the 3e- 523-F2 to return to factory defaults and then the unit will reboot into FIPS mode. To leave FIPS mode, un-select the FIPS 140-2 Mode box and apply the changes. Once again, the 3e-523-F2 will restore factory defaults and then reboot into non-FIPS mode. b. On transition between modes, the system is returned to factory defaults. Version 2.1 16 FIPS 140-2 Non-Proprietary Security Policy 4. Security Relevant Data Items This section specifies the 3e-523-F2's Security Relevant Data Items (SRDIs) as well as the access control policy enforced by the 3e-523-F2. 4.1. Cryptographic Algorithms The 3e-523-F2 supports the following FIPS-approved cryptographic algorithms: · TDES (ECB, CBC modes; 192-bit key size) · AES (ECB mode; 128, 192, 256-bit key sizes) · AES CCM (128-bit key size) · SHA-1 · HMAC-SHA1 · FIPS 186-2 (Appendix 3.1 and 3.3) PRNG · RSA Sign/Verify The 3e-523-F2 also supports the following non-FIPS cryptographic algorithms: · Diffie Hellman (1024-bit modulus) allowed in FIPS mode for key agreement. This key establishment method provides 80-bits of security. · RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) · RC4 (used in WEP/WPA) · MD5 hashing (used in MS-CHAP for PPPoE and SNMP agent) · DES CBC (non-compliant) (used in SNMP v3) · AES CFB (non-compliant) (used in SNMP v3) 4.2 Self-tests 4.2.1 Power-up Self-tests Triple-DES ECB - encrypt/decrypt KAT AES ECB - encrypt/decrypt KAT Triple-DES CBC ­ encrypt/decrypt KAT AES CCM KAT SHA-1 KAT HMAC-SHA-1 KAT Version 2.1 17 FIPS 140-2 Non-Proprietary Security Policy FIPS 186-2 (Appendix 3.1, 3.3) RNG KAT SHA-1 Integrity Test for firmware RSA Sign/Verify 4.2.2 Conditional Self-tests CRNGT for Approved PRNG CRNGT for non-Approved PRNG (Open SSL based RNG) Bypass Test Firmware Load Test using HMAC-SHA-1 4.2.3 Critical Functions tests DH pairwise consistency test (power-up) 4.3 Cryptographic Keys and SRDIs The following is a list of all cryptographic keys and key components used by the 3e-523- F2 when in wireless AP, Bridge, or Client mode: Type ID Storage Form Zeroizable Zeroization Function Location Mechanism Plaintext Keys PMK "pairwise RAM Plaintext Y By changing the Master key used to 256 bit master key" (inaccessible) mode to FIPS- derive PTK 11i or static key encryption GMK "group master RAM Plaintext Y By changing the Master key used to 256 bit key" (inaccessible) mode to FIPS- derive GTK 11i or static key encryption AES Dynamic "dynamic RAM Plaintext Y By changing the Client Access Broadcast broadcast AES (inaccessible) mode to FIPS- 128,192, or key" 11i or static key 256 bit encryption Triple-DES "dynamic RAM Plaintext Y By changing the Client Access Dynamic broadcast (inaccessible) mode to FIPS- Broadcast Triple-DES 11i or static key 192 bit key" encryption AES Dynamic "dynamic RAM Plaintext Y By changing the Client Access Unicast unicast AES (inaccessible) mode to FIPS- 128,192, or key" 11i or static key 256 bit encryption Triple-DES "dynamic RAM Plaintext Y By changing the Client Access Version 2.1 18 FIPS 140-2 Non-Proprietary Security Policy Dynamic unicast Triple- (inaccessible) mode to FIPS- Unicast DES key" 11i or static key 192 bit encryption RNG Seed Key "RNG seed RAM Plaintext Y Zeroized To generate the 160 bit key" (inaccessible) immediately RNG following use (after function is called & returned) AES post- "post - RAM Plaintext Y Zeroized after This key is used to authentication authentication (inaccessible) the unicast key AES encrypt the 256 bit AES key" (encrypted by unicast key used this AES key) is by our legacy decrypted by DKE functionality the module AES-CCM "dynamic RAM Plaintext Y By changing Client Access Dynamic broadcast AES- (inaccessible) encryption Broadcast 128 CCM key use mode to DKE bit for FIPS-11i" or static key (GTK) encryption KCK "key MIC key" RAM Plaintext Y By changing To generate MIC 128 bit (inaccessible) encryption in 802.11i key mode to DKE message or static key encryption KEK "key encryption RAM Plaintext Y By changing To encrypt GTK in 128 bit key" (inaccessible) encryption 802.11i key mode to DKE message or static key encryption AES-CCM "dynamic RAM Plaintext Y By changing Client Access Dynamic unicast AES- (inaccessible) encryption Unicast 128 bit CCM key use mode to DKE (TK) for FIPS-11i" or static key encryption 802.11i pre- "802.11i pre- RAM Plaintext Y By changing the Used to generate shared shared (inaccessible) mode to FIPS- PMK passphrase passphrase" 11i or static key 8 to 63 chars encryption RSA Private "HTTPS/TLS FLASH Plaintext Y Setting the N/A Key RSA private (inaccessible) module to key" factory default HMAC-SHA-1 "firmware FLASH Plaintext Y Zeroized by N/A key (1) integrity check (inaccessible, upgrading key for hard-coded) firmware firmware load test" HMAC-SHA-1 SNMP packet FLASH Plaintext Y Setting the N/A key (3) authentication module to key factory default TLS Session "HTTPS/TLS RAM Plaintext Y When the N/A Key session key" (inaccessible) module is powered down. Diffie-Hellman "diffie-hellman RAM Plaintext Y Zeroized after N/A Private prime" the unicast key Version 2.1 19 FIPS 140-2 Non-Proprietary Security Policy Exponent, (encrypted by 1024-bit the established AES key) is decrypted by the module Web-GUI "CO web-GUI FLASH Hashed using Y Setting the CO logon logon password logon SHA-1 module to credential. for the Crypto password" factory default Officer Web-GUI "Admin web- FLASH Hashed using Y Setting the Admin logon logon password GUI logon SHA-1 module to credential. for the password" factory default Administrator Encrypted Keys: These keys are stored encrypted in the module and as such do not require zeroization. AES Static "static AES FLASH Encrypted N/A N/A Client Access 128,192, or key" AES using 256 bit "system config AES key" AES Static "static AES FLASH Encrypted N/A N/A Wireless Bridging 128,192, or key" AES using 256 bit "system config AES key" Triple-DES "static Triple- FLASH Encrypted N/A N/A Client Access Static DES key" AES using 192 bit "system config AES key" Triple-DES "static Triple- FLASH Encrypted N/A N/A Wireless Bridging Static DES key" AES using 192 bit "system config AES key" HMAC-SHA-1 "backend FLASH Encrypted N/A N/A Used for keyed key (2) HMAC key" AES using authentication "system config between the AES key" Security Server and the 523-F2 when the 523-F2 is acting as an Access Point 802.11i TLS "backed AES FLASH Encrypted Y Setting the To encrypt Key key" AES using module to Transport TLS Encryption "system config factory default Session Key Key AES key" Downloaded "downloaded FLASH Encrypted N/A N/A To protect the configuration config file AES using configuration file file password pwd" "system config AES key" The following is a table of cryptographic keys and key material that are unique to the 3e-523-F2 when it is operating in wireless Client mode: Type ID Storage Location Form Zeroizable AES CCM Passphrase "AES CCM Encrypted AES using "system RAM Y 8 to 63 bytes Passphrase" config AES key" AES Static 128 bit "system config Hard coded in source Plaintext, used to encrypt the Y Version 2.1 20 FIPS 140-2 Non-Proprietary Security Policy Type ID Storage Location Form Zeroizable AES key" real static Aes/Triple-DES keys (inaccessible, hard-coded) and passwords "EAP/TLS RSA Plaintext RSA Public Key FLASH Y certificate" (inaccessible) Certificate Authority (CA) public key "CA public key" FLASH Plaintext N certificate EAP-TLS Pre-Master "dynamic RAM Plaintext (inaccessible) Y Key 48-byte session pre- master key" 4.4 Access Control Policy The 3e-523-F2 maintains and enforces the access control policy for each SRDI stored within the module. These access control policies cannot be changed or modified by any role within the module. The permissions are categorized as a set of three separate permissions: read ( R ), write ( W ), and execute ( E ). If no permission is listed, then the operator cannot access the SRDI. The following table defines the access that an operator has to each SRDI and through which services, used by the 3e-523-F2 when in wireless AP, Bridge, or Client mode: 3e-523-F2 CO ­ Monitoring / Reporting CO ­ Wireless Configuration AD ­ Monitoring / Reporting AD ­ Wireless Configuration CO ­ System Administration SRDI AD ­ System Administration CO ­ System Configuration AD ­ System Configuration User Role ­ Sending Data CO ­ User Management AD ­ User Management Roles & CO ­ Service Settings AD ­ Service Settings AS Role ­ Provides Services Authentication Access Policy (AP, Bridge, Client modes) PMK 256 bit GMK 256 bit AES Dynamic E Broadcast 128,192, or 256 bit Triple-DES E Dynamic Broadcast 192 bit AES Dynamic E Unicast 128,192, or 256 bit Triple-DES E Dynamic Unicast Version 2.1 21 FIPS 140-2 Non-Proprietary Security Policy 192 bit RNG Seed Key 160 bit AES post- W authentication 128 bit AES-CCM E Dynamic Broadcast 128 bit (GTK) KCK E 128 bit KEK E 128 bit AES-CCM E Dynamic Unicast 128 bit (TK) 802.11i pre- W W shared passphrase 8 to 63 chars RSA Private E E E E E E E E E E E E Key HMAC-SHA-1 E key (1) HMAC-SHA-1 E key (3) TLS Session E E E E E E E E E E E E Key Diffie-Hellman Private Exponent, 1024-bit Web-GUI logon W password for the Crypto Officer Web-GUI logon W W password for the Administrator AES Static W E 128,192, or 256 bit AES Static W E 128,192, or 256 bit Triple-DES W E Static 192 bit Triple-DES W E Static 192 bit Version 2.1 22 FIPS 140-2 Non-Proprietary Security Policy HMAC-SHA-1 key (2) 802.11i TLS W E Key Encryption Key Downloaded W configuration file password The following table defines the access that an operator has to each SRDI and through which services, used by the 3e-523-F2 when in wireless Client mode: 3e-523-F2 CO ­ Monitoring / Reporting CO ­ Wireless Configuration AD ­ Monitoring / Reporting AD ­ Wireless Configuration CO ­ System Administration SRDI AD ­ System Administration CO ­ System Configuration AD ­ System Configuration User Role ­ Sending Data CO ­ User Management AD ­ User Management Roles & CO ­ Service Settings AD ­ Service Settings AS Role ­ Provides Services Authentication Access Policy (Client mode) AES CCM W Passphrase 8 to 63 bytes AES Static 128, W 192, or 256 bit Triple-DES W Static 192 bit AES Dynamic E Broadcast 128,192, or 256 bit Triple-DES E Dynamic Broadcast 192 bit AES Dynamic E Unicast 128,192, or 256 bit Triple-DES E Dynamic Unicast 192 bit AES Static 128 W bit Version 2.1 23 FIPS 140-2 Non-Proprietary Security Policy HMAC SHA-1 W E Key RSA Public W Key RSA Private E E E E E E E E E E E E W Key CryptoOfficer W Password Admin W Password Certificate E Authority (CA) public key certificate AES-CCM E Dynamic Groupcast 128 bit AES-CCM E Unicast 128 bit AES Static 128 E bit EAP-TLS Pre- E Master Key 48 byte Version 2.1 24