Global Relief Technologies, LLC. Rapid Data Management Software (RDMS) (Software Version: 2.3.0) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Document Version 0.3 Prepared for: Prepared by: Global Relief Technologies, LLC. Corsec Security, Inc. 40 Congress Street, Suite 300 10340 Democracy Lane, Suite 201 Portsmouth, NH 03801 USA Fairfax, VA 22030 Phone: (603) 422-7333 Phone: (703) 267-6050 Fax: (603) 422-7331 Fax: (703) 267-6810 http://www.globalrelieftech.com http://www.corsec.com © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 Revision History Version Modification Date Modified By Description of Changes 0.1 2/24/2006 Cas Stulberger Initial draft 0.2 7/20/2006 Cas Stulberger Updated according to initial lab questions 0.3 10/21/2006 Cas Stulberger Updated User Roles Table 4 per lab guidance 1.0 12/22/2006 Cas Stulberger Specifed key establishment strength and minor fixes GRT Rapid Data Management Software Page 2 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 Table of Contents 0 INTRODUCTION ...............................................................................................................................................5 0.1 PURPOSE .........................................................................................................................................................5 0.2 REFERENCES...................................................................................................................................................5 0.3 DOCUMENT ORGANIZATION ...........................................................................................................................5 1 RAPID DATA MANAGEMENT SOFTWARE (RDMS) ................................................................................6 1.1 OVERVIEW......................................................................................................................................................6 1.2 MODULE INTERFACES.....................................................................................................................................6 1.3 ROLES AND SERVICES ...................................................................................................................................10 1.3.1 Crypto Officer Role..............................................................................................................................10 1.3.2 User Role .............................................................................................................................................10 1.3.3 Physical Security .................................................................................................................................11 1.3.4 Operational Environment ....................................................................................................................11 1.3.5 Cryptographic Key Management.........................................................................................................12 1.3.6 Self-Tests..............................................................................................................................................14 1.3.7 Design Assurance ................................................................................................................................14 1.3.8 Mitigation of Other Attacks .................................................................................................................14 2 SECURE OPERATION....................................................................................................................................15 2.1 INITIAL SETUP ..............................................................................................................................................15 2.2 CRYPTO-OFFICER GUIDANCE .......................................................................................................................15 2.2.1 Initialization.........................................................................................................................................15 2.2.2 Management ........................................................................................................................................15 2.2.3 Zeroization...........................................................................................................................................15 2.3 USER GUIDANCE ..........................................................................................................................................15 3 ACRONYMS......................................................................................................................................................16 Table of Figures FIGURE 1 - STANDARD POCKET PC PHYSICAL BLOCK DIAGRAM ...................................................................................7 FIGURE 2 - AC/DC POWER ADAPTER .............................................................................................................................7 FIGURE 3 - SERIAL PORT ................................................................................................................................................8 FIGURE 4 - USB PORT ....................................................................................................................................................8 FIGURE 5 - TOUCH PAD AND BUTTONS ...........................................................................................................................9 FIGURE 6 - BACK OF PDA ..............................................................................................................................................9 Table of Tables TABLE 1 - SECURITY LEVEL PER FIPS 140-2 SECTION ...................................................................................................6 TABLE 2 - FIPS 140-2 LOGICAL INTERFACES .................................................................................................................9 TABLE 3 ­ MAPPING OF CRYPTO OFFICER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ......10 TABLE 4 ­ MAPPING OF USER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS .........................11 TABLE 5 - LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS .....................................13 TABLE 6 - ACRONYMS ..................................................................................................................................................16 GRT Rapid Data Management Software Page 3 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 GRT Rapid Data Management Software Page 4 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 0 Introduction 0.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Rapid Data Management Software (RDMS) from Global Relief Technologies, LLC (GRT). This Security Policy describes how the Rapid Data Management Software meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 ­ Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at: http://csrc.nist.gov/cryptval/ The Rapid Data Management Software is referred to in this document as RDMS, the RDMS application, or the module. 0.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The GRT website (http://www.globalrelieftech.com) contains information on the full line of products from GRT. · The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module. 0.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: · Vendor Evidence document · Finite State Machine · Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to GRT. With the exception of this Non-Proprietary Security Policy and the user manual, the FIPS 140-2 Validation Documentation is proprietary to GRT and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact GRT. GRT Rapid Data Management Software Page 5 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 1 Rapid Data Management Software 1.1 Overview The Rapid Data Management Software (RDMS) is a software application developed by Global Relief Technologies (GRT) designed for installation on a Personal Digital Assistant (PDA) and cellular communications devices. The device is used during humanitarian and relief efforts in order to gather data and information quickly about the surrounding area to better decide where to allocate resources and what resources are needed. The user of the device fills out a survey by answering a series of questions. When the survey is completed, it is saved to be edited or uploaded to the server later. The survey can be uploaded to the server when the device running RDMS is connected to an internet connection via a computer or a satellite uplink. The completed surveys are uploaded using Transport Layer Security (TLS) to the server in Portsmouth, New Hampshire. The server is part of the Virtual Network Operations Center (VNOC), which stores the uploaded surveys. A user accesses the VNOC via an https connection and can view all the uploaded surveys in order to help coordinate resources with humanitarian and relief efforts. RDMS software is customized to meet a client's specific requirements for collecting data and uploading it to the server. The RDMS application runs on the Windows © Mobile 5.0 Operating System. RDMS includes mapping software and satellite imagery for navigational and data upload viewing purposes, which is stored on a Flash Card on the PDA and is accessed and manipulated using the MAPX software. RDMS uses this mapping software to provide GPS services, mapping and basic GIS functionality. RDMS also builds in industry-standard FIPS-approved cryptographic algorithms used to securely connect to the VNOC server using TLS. The Rapid Data Management Software is validated at the following FIPS 140-2 Section levels: Table 1 - Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 8 EMI/EMC 3 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 1.2 Module Interfaces The Rapid Data Management Software is a Software module that meets overall level 1 FIPS 140-2 requirements. The cryptographic boundary of the Rapid Data Management Software is defined by the hard, opaque metal and plastic enclosure of the PDA. The logical cryptographic boundary of the module is composed of the RDMS software running on the Pocket PC Operating System. A Physical block diagram of the Pocket PC is shown in Figure 1. GRT Rapid Data Management Software Page 6 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 The external connections of the PDA consist of the Alternating Current/Direct Current (AC/DC) Power Adapter, the Serial Port, and the Universal Serial Bus (USB) Port. The Serial and USB ports are used to connect the PDA to either a computer or a satellite uplink, which is then able to access the Internet in order to upload reports from the PDA to the server or download questionnaire updates from the server to the PDA. The touch screen and the buttons receive inputs from the user. The GPS Card and the 2 Gigabyte (GB) compact flash card are connected at the top of the PDA. Figure 1 - Standard Pocket PC Physical Block Diagram The touch screen is at the cryptographic module boundary and there is also a serial port within the boundary. The AC/DC Power Adapter is shown below in Figure 2 - AC/DC Power Adapter. The AC/DC Power Adapter is used to charge the battery pack or deliver power to the PDA while the PDA is in use. Figure 2 - AC/DC Power Adapter GRT Rapid Data Management Software Page 7 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 The Serial Port connection is shown below in Figure 3 - Serial Port. The Serial Port is used to connect to the Internet in order to upload reports to the server or download questionnaire updates from the server. Figure 3 - Serial Port The USB Port connection is shown below in Figure 4 - USB Port. The USB Port is used to connect to the Internet in order to upload reports to the server or download questionnaire updates from the server. Figure 4 - USB Port GRT Rapid Data Management Software Page 8 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 The Touch Pad and Buttons are shown below in Figure 1 - Standard Pocket PC Physical Block Diagram. The Touch Pad and Buttons are used to input information to the PDA, select what menu to go to, initiate transmission of data to the server, etc. Figure 5 - Touch Pad and Buttons The back of the PDA is shown below in Figure 6 - Back of PDA. Figure 6 - Back of PDA All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: Table 2 - FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface Rapid Data Management Software (RDMS) Port/Interface Data Input Touch Screen, Buttons, GPS Card, Serial Port, and USB Port Data Output Speakers, Display, Serial Port, and USB Port Control Input Touch Screen and Buttons GRT Rapid Data Management Software Page 9 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 FIPS 140-2 Logical Interface Rapid Data Management Software (RDMS) Port/Interface Status Output Display and Speakers Power Power Plug/Adapter 1.3 Roles and Services There are two roles in the module (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and a User role. The operator of the module assumes either of the roles based on the operations performed without any authentication. Both of the roles and their responsibilities are described below. 1.3.1 Crypto Officer Role The Crypto Officer role has the ability to install and configure the module. Descriptions of the services available to the Crypto Officer role are provided in the table below. Table 3 ­ Mapping of Crypto Officer Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP Type of Access to CSP Install Installs RDMS and GRT Password, Product installed Enters default Write associated PRNG Seed, GRT password, applications on the HMAC SHA-1 and PRNG seed PDA Integrity Check Key Uninstall Uninstalls the Uninstall Program Product The RSA key is Write software from the Command uninstalled zeroized and PDA removed from the module. Deleting InstallID.xml is part of the uninstall procedure and doing so zeroizes the GRT password, and PRNG seed Set Preferences Sets up the Device Preferences Menu New Preferences None None ID, GPS Com Port, Screen GPS Baud, Post URL, and Refresh URL 1.3.2 User Role The User role has the ability to Add Reports, Edit Reports, View Map, create Evacuation reports, and Transmit data to the server. Descriptions of the services available to the User role are provided in the table below. GRT Rapid Data Management Software Page 10 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 Table 4 ­ Mapping of User Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP Type of Access to CSP Add Report Create and save a Click on the Add New report None None report Report Button on created the RDMS Main Menu Edit Report Edit a saved report Click on the Edit Report Changed None None Report Button on the RDMS Main Menu View Map View the maps Click on the Globe Map of current None None stored in the 2GB in the task bar at location displayed memory card the bottom right of on the screen the screen Create Evacuation Create an Click on the Evacuation report None None Report Evacuation report Contact Button created Transmit Data Connect to the Click on the Successful TLS Symmetric Read server Transmit Data transmission of Session Keys button on the reports or error RDMS Main Menu connecting to server Send Evacuation Transmit Click the Send Successful TLS Symmetric Read Report completed reports button on the transmission of Session Keys or Evacuation Report Summary Evacuation report reports screen which can or error be accessed from connecting to the the Contact button server Download Download updated Select Refresh Questions loaded None None Questions and new questions Data from Server onto the PDA added by users to from the the PDA Preferences Menu on the RDMS Main Menu Screen 1.3.3 Physical Security Rapid Data Management Software is a multi-chip standalone cryptographic module. The physical security requirements do not apply to this module, since it is a software module and does not implement any physical security mechanisms. Although the module consists entirely of software, the FIPS 140-2 test platform is a standard Pocket PC which has been tested for and meets applicable Federal Communications Commission (FCC) Electromagnetic Interference (EMI) and Electromagnetic Compatibility (EMC) requirements for home use. 1.3.4 Operational Environment The module is to be tested on a PDA running Windows Mobile 5.0. The PDA is a single-user operating system and only a single operator can use the device at a time. The PDA shall not be configured to add additional networking services that would allow multi-operator capabilities, and GRT does not configure the device in this manner. Thus, the PDA is delivered as a single-user system, consistent with NIST guidance. GRT Rapid Data Management Software Page 11 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 Refer to the CMVP document, Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program Section 6.1 Single Operator Mode and Concurrent Operators page 36, for resolution on the issue of "Multi user" modes. This document is located at: http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf. 1.3.5 Cryptographic Key Management The RDMS Application implements the following FIPS-approved algorithms: · Deterministic Random Number Generator (RNG) ­ Appendix A.2.4 of ANSI X9.31 (certificate #205) · HMAC SHA-1 ­ FIPS 198 (certificate #184) · SHA-1 ­ FIPS 180-2 (certificate #478) · Triple-DES CBC encrypt/decrypt ­ FIPS 46-3 (certificate #444) Additionally, the module utilizes the following non-FIPS-approved algorithm implementation: · RSA ­ 1024 bit encrypt (key wrapping; key establishment methodology provides 80 bits of encryption strength) · OpenSSL non-approved RNG GRT Rapid Data Management Software Page 12 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 The module supports the following critical security parameters: Table 5 - List of Cryptographic Keys, Cryptographic Key Components, and CSPs CSP or Public Key Key Type Generation / Input Output Storage Deletion Use TLS Symmetric 3DES CBC Generated internally Exits electronically in Stored in RAM for Deleted after session Encrypting data Session Keys encrypted form during duration of the is over transferred during TLS session session TLS with the server negotiation VNOC Server Public 1024 RSA public key Input Electronically Never output Stored in RAM for Deleted after session Encrypts the session Key during TLS duration of the is over key so that only the negotiations in an session server can decrypt it SSL server certificate with its private key Default GRT Password / PIN Electronically entered Never output Stored in InstallD.xml Uninstalling the Accessing the Password in plaintext module or overwriting settings in User Preferences PRNG seed 8 bytes of seed value Internally generated Never output Stored in RAM in Upon restart of the Produce FIPS plaintext RDMS application approved RNG seed GRT Rapid Data Management Software Page 13 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 1.3.6 Self-Tests In order to prevent any plaintext data from being inadvertently released, it is important to test the cryptographic components of a security module to ensure that all components are functioning correctly. The Rapid Data Management Software performs the following self-tests at power-up: · Software Integrity Check - Verifies the integrity of the RDMS application by checking a HMAC SHA-1 computed over it. · Known Answer Tests (KATs) o Triple-DES encrypt/decrypt KAT o RSA pairwise consistency check o HMAC SHA-1 KAT o X9.31 Appendix A.2.4 RNG KAT The Rapid Data Management Software performs the following conditional self-tests: · Continuous Random Number Generator Test for FIPS 140-2 approved ANSI X9.31 Appendix A.2.4 PRNG · Continuous Random Number Generator Test for entropy gathering The Software Integrity Check and the KATs are performed on initialization of the RDMS application. If the Software Integrity Check, the KATs, or the Continuous Random Number Generator Tests for entropy gathering fail, the user is alerted via a pop up message box and the RDMS application stops loading and exits. When the Continuous Random Number Generator Test for the FIPS 140-2 approved ANSI X9.31 Appendix A.2.4 PRNG fails, an error value is returned and an Upload Failed Message is displayed. 1.3.7 Design Assurance Global Relief Technologies, LLC. utilizes Microsoft Visual Source Safe (VSS) version 6.0d to provide configuration management for the Rapid Data Management Software source code. User manuals are customized on a per client basis and are updated with each new version of Rapid Data Management Software. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to provide configuration management for the Rapid Data Management Software's FIPS documentation. This software provides access control, versioning, and logging. 1.3.8 Mitigation of Other Attacks This section is not applicable. The module does not mitigate any attacks beyond the FIPS 140-2 level 1 requirements for this validation. GRT Rapid Data Management Software Page 14 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 2 Secure Operation The Rapid Data Management Software meets Level 1 requirements for FIPS 140-2. The PDA always operates in single user mode since only one person may be using the PDA at a time and since all networking capabilities are disabled by GRT. 2.1 Initial Setup RDMS and the associated programs necessary for the application to function are loaded onto the PDA by GRT. Nothing needs to be configured by the user since the PDA is always operating in FIPS approved mode. 2.2 Crypto Officer Guidance The Crypto Officer is responsible for installing and uninstalling the software on the PDA, setting the preferences in the User Preferences Menu, and installing the PRNG seed and Software Integrity Key and password in InstallID.xml. 2.2.1 Initialization The software module will be provided to the users by Global Relief Technologies, LLC. The software module is installed on the PDA along with the other programs necessary for it to operate. Before installing the module, the operator needs to ensure that the system runs the specified operating system. The module must be installed, configured, and started before operators may utilize its features. 2.2.2 Management The Crypto Officer does not perform any management on the PDA or the RDMS application after installation and configuration. The Crypto Officer however is responsible for uninstalling the RDMS application from the PDA during which the RSA key is zeroized and removed from the module. 2.2.3 Zeroization The Symmetric key and the Server public key are temporary keys and are deleted after the communication session between the PDA and the Server is over. 2.3 User Guidance The User accesses the module's cryptographic functionalities. Although the User does not have any ability to modify the configuration of the module, they should check that the host application is enabled and providing cryptographic protection. GRT Rapid Data Management Software Page 15 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 3 Acronyms Table 6 - Acronyms Acronym Definition 3DES Triple Data Encryption Standard AC/DC Alternating Current / Direct Current ANSI American National Standards Institute CBC Cipher Block Chaining CSP Critical Security Parameter CMVP Cryptographic Module Validation Program DES Data Encryption Standard EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communications Commission FIPS Federal Information Processing Standard GB Gigabyte GIS Global Information System GPS Global Positioning System GRT Global Relief Technologies HMAC (Keyed-) Hash MAC ID Identification KAT Known Answer Test MAC Message Authentication Code NIST National Institute of Standards and Technology PC Personal Computer PDA Personal Digital Assistant PIN Personal Identification Number PRNG Pseudo-Random Number Generator RAM Random Access Memory RDMS Rapid Data Management Software RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SSL Secure Sockets Layer TLS Transport Layer Security URL Uniform Resource Locator USB Universal Serial Bus VNOC Virtual Network Operations Center GRT Rapid Data Management Software Page 16 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.0 December 22, 2006 Acronym Definition VSS Visual Source Safe GRT Rapid Data Management Software Page 17 of 17 © 2006 Global Relief Technologies, LLC. This document may be freely reproduced and distributed whole and intact including this copyright notice.