Comtech Mobile Datacom Corporation MTM-203 Satellite Mobile Transceiver (Firmware Version: C.3.6.T) FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Document Version 1.1 Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 Phone: (240) 686-3300 Fax: (240) 686-3301 http://www.comtechmobile.com/ © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Revision History Version Modification Date Description of Changes 0.1 2006-04-21 Initial draft. 0.2 2006-07-21 Updated section two and section three. 0.3 2006-07-26 Incorporated Quality Review feedback on the content of the document. 0.4 2006-09-07 Minor updates. 0.5 2006-10-12 Updated the list of cryptographic keys, cryptographic key components, and CSPs. 0.6 2006-12-08 Added PRNG information 0.7 2006-12-20 Added Softload-user and Remote Administrator role descriptions. 0.8 2007-01-10 Added Softload Secret information. 0.9 2007-01-12 Added algorithm certificate numbers. 1.0 2007-08-10 Added description for Key Execute, Read, Write access 1.1 2007-08-30 Added statement that GPC connected to the module must be non-networked. Comtech MTM-203 Satellite Mobile Transceiver Page 2 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Table of Contents 1 INTRODUCTION ...............................................................................................................................................5 1.1 PURPOSE .........................................................................................................................................................5 1.2 REFERENCES ...................................................................................................................................................5 1.3 DOCUMENT ORGANIZATION ...........................................................................................................................5 2 MTM-203 SATELLITE MOBILE TRANSCEIVER.......................................................................................6 2.1 OVERVIEW......................................................................................................................................................6 2.2 MODULE SPECIFICATION ................................................................................................................................6 2.3 MODULE INTERFACES ....................................................................................................................................7 2.4 ROLES AND SERVICES.....................................................................................................................................9 2.4.1 Normal Level User Role ......................................................................................................................10 2.4.2 Super-user Role ...................................................................................................................................11 2.4.3 Crypto-Officer Role .............................................................................................................................11 2.4.4 Softload-user and Remote Administrator Roles...................................................................................12 2.4.5 User Role .............................................................................................................................................14 2.4.6 Authentication Mechanism ..................................................................................................................14 2.5 PHYSICAL SECURITY ....................................................................................................................................15 2.6 OPERATIONAL ENVIRONMENT ......................................................................................................................16 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ..........................................................................................................16 2.8 SELF-TESTS ..................................................................................................................................................20 2.9 DESIGN ASSURANCE.....................................................................................................................................20 2.10 MITIGATION OF OTHER ATTACKS.................................................................................................................20 3 SECURE OPERATION....................................................................................................................................21 3.1 CRYPTO-OFFICER GUIDANCE .......................................................................................................................21 3.1.1 Initial Setup..........................................................................................................................................21 3.1.2 Management ........................................................................................................................................23 3.2 USER GUIDANCE ..........................................................................................................................................23 4 ACRONYMS......................................................................................................................................................24 Table of Figures FIGURE 1 ­ MTM-203 MOBILE SATELLITE TRANSCEIVER BLOCK DIAGRAM ................................................................6 FIGURE 2 - MTM-203 MOBILE SATELLITE TRANSCEIVER INTERFACES .........................................................................8 FIGURE 3 ­ MTM-203 SATELLITE TRANSCEIVER MECHANICAL VIEW ........................................................................16 FIGURE 4 - LEFT LABEL TOP VIEW ..............................................................................................................................21 FIGURE 5 - LEFT LABEL BOTTOM VIEW .......................................................................................................................22 FIGURE 6 - RIGHT LABEL TOP VIEW ............................................................................................................................22 FIGURE 7 - RIGHT LABEL BOTTOM VIEW .....................................................................................................................22 Table of Tables TABLE 1 ­ SECURITY LEVEL PER FIPS 140-2 SECTION ..................................................................................................7 TABLE 2 ­ ANTENNA CONNECTOR PIN-OUT ...................................................................................................................8 TABLE 3 ­ FIPS 140-2 LOGICAL INTERFACES................................................................................................................9 TABLE 4 - LIST OF ROLES ...............................................................................................................................................9 TABLE 5 ­ MAPPING OF NORMAL LEVEL USER SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...........10 TABLE 6 ­ MAPPING OF SUPER-USER'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS .......................11 Comtech MTM-203 Satellite Mobile Transceiver Page 3 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 TABLE 7 ­ MAPPING OF CRYPTO OFFICER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS .....11 TABLE 8 - MAPPING OF SOFTLOAD AND REMOTE ADMINISTRATOR'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ..................................................................................................................................................13 TABLE 9 ­ MAPPING OF USER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ........................14 TABLE 10 ­ AUTHENTICATION MECHANISMS ..............................................................................................................15 TABLE 11 ­ LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS ..................................18 TABLE 12 ­ ACRONYMS ...............................................................................................................................................24 Comtech MTM-203 Satellite Mobile Transceiver Page 4 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the MTM-203 Satellite Mobile Transceiver from Comtech Mobile Datacom Corporation. This Security Policy describes how the MTM-203 Satellite Mobile Transceiver meets the security requirements of Federal Information Processing Standards (FIPS) 140-2 and describes how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 ­ Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at: http://csrc.nist.gov/cryptval/ The MTM-203 Satellite Mobile Transceiver is referred to in this document as: the MTM-203 transceiver, the transceiver, the cryptographic module or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The Comtech website (http://www.comtechmobile.com) contains information on the full line of products from Comtech. · The CMVP website (http://csrc.nist.gov/cryptval) contains contact information for answers to technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: · Vendor Evidence document · Finite State Machine document · Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Comtech and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Comtech. Comtech MTM-203 Satellite Mobile Transceiver Page 5 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 2 MTM-203 Satellite Mobile Transceiver 2.1 Overview Comtech Mobile Datacom offers secure, real-time packet data messaging and position reporting services using L- Band satellite networks. Comtech's technology allows government agencies to communicate accurately, securely, and in a timely manner with vehicles through mobile satellite communications. This end-to-end satellite-based solution includes earth stations located strategically around the world, leased satellite capacity, mobile terminals, and tailored software solutions that meet and support Comtech's clients' critical needs. Comtech Mobile Datacom has developed miniature L-band transceivers for streamlined messaging and real-time tracking systems. The miniature transceivers open doors to many new applications, such as covert devices and handheld units for the dismounted soldier - applications where weight and size limits are very important. The MTM-203 transceiver module represents a new generation in small-size, low power consumption transceivers for use in weight-restrictive environments. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-air communications. Low power consumption and efficient satellite communications technology make for a long- battery-life product under field conditions. This device allows dismounted users to maintain situational awareness and messaging connectivity worldwide with other mobile and terrestrial connected users. The miniature module operates over MSAT, INMARSAT, Thuraya, Artemis, ACeS, and OPTUS L-band satellite systems without reconfiguration. 2.2 Module Specification The transceiver is a hardware module with hard metal covers, which compromise the cryptographic boundary. A block diagram of the internal components of the cryptographic module is given in Figure 1 below, and the cryptographic boundary is depicted in this diagram. Modulator (D/A HPA Antenna Connector and up-converter) Connector Pin-out Baseband LNA and RF I/O (FPGA, FLASH, Synthesizer MUX and CPU) Connector Pin-out Down Conversion Power Supply and A/D Cryptographic Boundary Figure 1 ­ MTM-203 Mobile Satellite Transceiver Block Diagram The module contains a single Printed Circuit Board (PCB) with metal covers. The following is a list of the key circuit components for the PCB: 1. High Power Amplifier (HPA) ­ HPA amplifies Radio Frequency (RF) signals for output traffic. It is active only when the module is transmitting data. Comtech MTM-203 Satellite Mobile Transceiver Page 6 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 2. Modulator: Modulator receives outgoing data from Baseband and converts it into a RF signal during data transmission. 3. Baseband: Baseband contains the FLASH memory and the Central Processing Unit (CPU) of the module. This component of the PCB controls the module and performs transceiver functionalities. 4. Synthesizer: Synthesizer controls signal frequency of Down Conversion or Modulator for incoming or outgoing RF signals, respectively. This component communicates with Baseband to decide on frequency. 5. Low Noise Amplifier (LNA) and RF I/O Multiplexer (MUX): Receives RF signal from the Antenna Connector. 6. Down Conversion and Analog-to-Digital (A/D) Converter: Down conversion and A/D converts RF signal to Baseband signal. The MTM-203 Satellite Mobile Transceiver is a multi-chip standalone module that meets overall level 2 FIPS 140-2 requirements. The module is validated at the following FIPS 140-2 Section levels: Table 1 ­ Security Level per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 Electromagnetic Interference (EMI)/ 2 Electromagnetic Compatibility (EMC) 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 2.3 Module Interfaces The MTM-203 Transceiver module provides a single serial interface at Transistor-Transistor Logic (TTL) levels. Application Programming Interface (API) commands can be provided to the module using the serial interface or the antenna interfaces. The antenna interface consists of three coaxial connectors, o Left Hand circularly polarized (LHCP) antenna o Right Hand circularly polarized (RHCP) antenna o Global Positioning System (GPS) connection Two of these connectors deliver the received signal from either a left hand (LH) or right hand (RH) circularly polarized antenna to the corresponding LNA circuitry. All three interfaces only operate in half duplex mode and use the High Power Amplifier (HPA) to send the signal to the antenna. Only the transmit or the receive signal is present on this interface at any given time. The third connector is used to connect to the on-board Global Positioning Comtech MTM-203 Satellite Mobile Transceiver Page 7 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 System (GPS) device. The transceiver may be configured to automatically switch from LH to RH (or vice versa) by issuing the appropriate API command. Figure 2 - MTM-203 Mobile Satellite Transceiver Interfaces The module's physical interfaces are composed of Connector pins, Antenna Connectors, and Light Emitting Diodes (LEDs). Some of the Connector pins are used to provide serial data/control input and data/status output. The remaining active Connector pins are used to interface with an external power source. Functions of all active Connector pins are listed in Table 2. Antenna connectors are also used for data/control input or data/status output. There are three LEDs that are present on the module that provide status concerning transmit or receive mode. Table 2 ­Connector Pin Functionality Pin Pin Description 1 GND 2 Voltage from Battery (VBATT) 6.5 ­ 15 V 3 Ground (GND) 4 VBATT (6.5 ­ 15 V) 5 LED C 6 LED A 7 LED B 8 AUX_PWR CNTL 9 IGN_SENSE 10 MAIN CNTL (ON/OFF) ­ Must be pulled high (3.3V) for the module to turn on. 11 User Defined: 0­3 V, 8 mA, max, 3 V logic, 12 User Defined: 0­3 V, 8 mA, max, 3 V logic, 13 User Defined: 0­3 V, 8 mA, max, 3 V logic, 14 User Defined: 0­3 V, 8 mA, max, 3 V logic, Comtech MTM-203 Satellite Mobile Transceiver Page 8 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Pin Pin Description 17 SER DAT IN 18 SER DAT OUT 20 Internal LED 21 Power for GPS ­ 1.95-3.6V (40 µA max. at 3.3 V) The Antenna interfaces on the MTM-203 Transceiver consists of three coaxial connectors: two connectors for external CP antennas (J2 and J3 in Figure 2), and a third connector (J1 in Figure 2) for an external GPS antenna. · Antenna-LHCP (J3): Connector J3 feeds the LHCP LNA circuitry when in receive mode, and connects to the LHCP HPA circuitry when the unit is in transmit mode. · Antenna-RHCP (J2): Connector J2 feeds the RHCP LNA circuitry in the receive mode, and connects to the RHCP HPA circuitry when the module is in transmit mode. The RHCP LNA also feeds the internal GPS module as well as the J1 connector. · The third coaxial connector, J1, feeds the GPS signal to an external GPS module. The signal output from this connector is only available when the unit is in the receive mode. All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: Table 3 ­ FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface MTM-203 Satellite Mobile Transceiver Port/Interface Data Input Pin 17, J2, J3 Data Output Pin18, J1, J2, J3 Control Input Pin 9, pin 10, pin11, pin 12, pin13, pin14, pin 17, J2, J3 Status Output Pin 8, pin11, pin 12, pin13, pin14, pin 18, LEDs Power Pin 1, pin 2, pin 3, pin 4, pin 21 2.4 Roles and Services The module supports role-based authentication. There are six roles that operators of the module may assume. Each is described in the following table. Any role, except Softload user, can 'Execute' the Traffic and Identity keys to encrypt and decrypt messages, but only the Crypto-Officer can 'Read' the keys at the transceiver API. The Cyrpto- Officer, Softload user and Remote Administrator can 'Write' keys into the transceiver. 'Execute' means that the role can use a key to encrypt or decrypt a message, but the ability to 'Execute' does not provide access to the raw key material. 'Read' means that the role can view the raw key material. 'Write' means that the role can add, or replace, the raw key material. Table 4 - List of Roles Role Interface Authentication Normal Level User serial port not authenticated. Super-User serial port super user password. Crypto-Officer serial port crypto officer password. User satellite connection possession of correct identity and traffic TDES keys. Remote Administrator satellite connection possession of identity and traffic keys. Solftload User satellite connection possession of correct "softload secret" (9 bytes of random value used to derive a 192-bit TDES softload user key) Comtech MTM-203 Satellite Mobile Transceiver Page 9 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 2.4.1 Normal Level User Role The Normal level user is an unauthorized role which has access to the following non-security relevant services: Table 5 ­ Mapping of Normal Level user Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access API Modes Controls display of Command Status output -- command provided to the module over serial port General Shows module status Command Status output -- Information Identities and Shows identity list and Command and Status output -- Nodes associated data identity name Viewing Monitors message Command Status output -- Messages transaction Formatting a Formats payload data Command Status output -- Message Payload Message Formats Formats incoming or Command and data Status output -- outgoing messages Sending a Transmits a message Command and data Status output -- Message DSP Configures and monitors Command DSP configured and -- DSP setting status output Host Processor Configures and monitors Command Status output -- Host configuration to the EEPROM. GPS Configures and monitors Command DSP configured and -- GPS setting status output Digital I/O Sets up antenna Command Antenna configured -- configuration and status output Power Sets up auxiliary power and Command and power Status output -- `powersave' mode Emergency Sets emergency mode Command Status output -- Mode LED Tests LEDs Command Status output -- Provisioning Provisions the module Command Module ready for --- service Diagnostics Diagnostic operations on the Command Status output -- module Comtech MTM-203 Satellite Mobile Transceiver Page 10 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Service Description Input Output CSP and Type of Access Send message Sends a message Command and user Network packet data Identity Key ­ data transmitted Execute Traffic Key ­ Execute Receive message Receives a message Packet with user data Data received Identity Key ­ Execute Traffic Key ­ Execute 2.4.2 Super-user Role The Super-user is an authorized role with following privileges: Table 6 ­ Mapping of Super-user's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access General Setup Shows module status Command Status output -- Access Levels Changes access level Command and Change in access level Password ­ Read to Crypto-Officer or password Super user level Nodes and Monitors and sets Command and Status output -- Identities identity list and identity name associated data Sending a Message Transmits a message Command and data Status output -- DSP Configures and Command DSP configured and -- monitors DSP setting status output GPS Configures and Command DSP configured and -- monitors GPS setting status output Power Sets up auxiliary Command and power Status output -- power and `powersave' modes Send message Sends a message Command and user Network packet data Identity Key ­ data transmitted Execute Traffic Key ­ Execute Receive message Receives a message Packet with user data Data received Identity Key ­ Execute Traffic Key ­ Execute 2.4.3 Crypto-Officer Role Descriptions of the services available to the Crypto-Officer role are provided in the table below. Table 7 ­ Mapping of Crypto Officer Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access Comtech MTM-203 Satellite Mobile Transceiver Page 11 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Service Description Input Output CSP and Type of Access Node and Identities Monitors and sets Command and Status output -- identity list and identity name associated data Access Levels Changes access level Command and Change in access Password ­ Read to Crypto-Officer or password level Super user level EEPROM Read, write, or erases Command Status output -- configuration EEPROM Enable Internal GPS Configures and Command DSP configured and -- monitors GPS setting status output Process Keyset Enters a Command and Status output Traffic key ­ cryptographic key cryptographic key Read/Write into the transceiver's AB Initialization Key key storage area. ­ Read/Write Process Ab Initializes the DSP Command Status output AB Initialization Key Flash. ­ Execute Monitor Maps Manages and Command Status output -- monitors inbound and outbound network maps. Process CMDC Changes the Command Status output -- transceiver packet display mode. Set Transmit Adjusts the module's Command Status output -- transmit power level and DSP setting. Show CSP Displays specified Command Identity or Traffic Identity Key ­ Read key of a User key Traffic Key ­ Read Test cryptographic Tests TDES Command Status output -- algorithm encryption/decryption algorithm Send message Sends a message Command and user Data transmitted Identity Key ­ data Execute Traffic Key ­ Execute Receive message Receives a message Packet with user data Data received Identity Key ­ Execute Traffic Key ­ Execute 2.4.4 Softload-user and Remote Administrator Roles Softload-users and Remote Administrator users are authorized roles whose privileges are listed in Table 8. These two roles can also access all module management related commands defined for Crypto-Officer and Super user roles. Comtech MTM-203 Satellite Mobile Transceiver Page 12 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Table 8 - Mapping of Softload-user and Remote Administrator's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access NC_ESTABLISH_KEY Adds keyset to the keyset tables Command and Keyset table Traffic key ­ SET key data changes Read/Write AB Initialization Key ­ Read/Write NC_ESTABLISH_ENC Adds the keyset to the keyset tables Command and Keyset table Traffic key ­ RYPTED_KEYSET key data changes Read/Write AB Initialization Key ­ Read/Write NC_ESTABLISH_NOD Builds incoming and outgoing maps in Command and Status output -- E non-volatile memory. node name NC_ADD_IDENTITY Establishes the maps to add a node as Command and Status output -- a destination identity within the data transceiver. NC_SET_DEFAULT_T Sets a node as the active default Command Status output -- O destination node. NC_SET_DEFAULT_F Sets a node as the active default source Command Status output -- ROM node. NC_SET_DEFAULT_T Sets the active source and destination Command Status output -- O_AND_FROM nodes appropriately NC_REMOVE_KEYSE Removes a keyset Command Status output -- T NC_REMOVE_NODE Removes a node from the maps Command Status output -- NC_REMOVE_IDENTI Removes a node from the identities Command Status output -- TY within the transceiver. NC_SET_ALL_RADIO Configures and monitors channel Command DSP -- _PARAMETERS configured and status output NC_SET_OUTPUT_G Sets the transmit gain value to the Command Status output -- AIN_FACTOR value of the included parameter NC_SET_TX_AUTHO Sets the transceiver transmit Command Status output -- RIZATION_MASK authorization mask to the value of the included parameter NC_SET_CURRENT_ Sets the current beam transmit Command Status output -- AUTHORIZATION_M authorization mask to the value of the ASK included parameter NC_USE_CONFIGUR Configures and monitors DSP setting Command DSP -- ATION configured and status output Comtech MTM-203 Satellite Mobile Transceiver Page 13 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Service Description Input Output CSP and Type of Access NC_REMOVE_AB_INI Removes Ab Initio keys, maps and Command AB AB TIO identities from memory. Initialization Initialization Key removed Key ­Write NC_READ_DSP_FLAS Displays the content of 256-bytes of Command Data output -- H flash memory at the appropriate location on the serial port NC_WRITE_DSP_FLA Writes the data to the appropriate Command and Status output -- SH location in Flash memory data NC_MT2011_COMPA Sets the compatibility flags to the Command Status output -- TIBILITY value Send message (Remote Sends a message Command with Network Identity Key ­ Administrator only) user data Packet data Execute transmitted Traffic Key ­ Execute Software/Firmware Issues a series of erase flash/read flash Command and Status output as a remote Upload commands to load a new version of data administrator: the Host code or FPGA firmware into Identity Key ­ a flash holding area, and then issues a Execute, `set reflash on' or `set reflash auto' Traffic Key ­ command to initiate copying of the Execute new firmware from the holding area to the active area for the relevant as a softload 'processor' user: Softload Secret - Execute 2.4.5 User Role The User role has the ability to utilize the module's data transmitting functionalities via Antenna interface only. Descriptions of the services available to the Users are provided in the table below. Table 9 ­ Mapping of User Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access Send message Sends a message Network packet with Data transmitted Identity Key ­ Read data Traffic Key ­ Read Receive message Receives a message Network packet with Data received Identity Key ­ Read data Traffic Key ­ Read 2.4.6 Authentication Mechanism The Crypto-Officers, Super-users, and Softload-users are able to access the module through directly connected console port. Users and Remote Administrators access the module only via the Antenna interface network and authenticate themselves with Traffic keys (TDES keys). Crypto-Officer and Super-user authenticate themselves using passwords. Softload-user authenticate with a 192-bit TDES key derived from Softload Secret. Softload Secret is a 9 byte random value. Comtech MTM-203 Satellite Mobile Transceiver Page 14 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Table 10 ­ Authentication Mechanisms Authentication Strength Strength Within One Minute Type Passwords The minimum length of the password is six alphanumeric Because of the serial interface speed, characters with any printable symbols. Assuming only 94 the module can accept only 69,120 characters with repetition, the chance of a random attempt password attempts in a minute. So the falsely succeeding is 1 in (946 =) 689,869,781,056. chance of random success is 1 in (946/69,120) or 1 in about 9,980,754. TDES Keys The Traffic key and Softload-user authentication key are The processor speed means the module 192 bit TDES keys with 112 bits of security. The chance can go through 4.5*109 cycles per of a random attempt falsely succeeding is 1 in (2112 =) minute. If each authentication attempt 5.192296858 x1033. took only one cycle, the chance of random success would be 1 in (2112/4.5*109) or 1 in 1.15 * 10^24. Softload Secret Softload Secret is a 9 byte random value, the chance of a Again, due to processor speed, the random attempt falsely succeeding is 1 in (272 =) chance of random success in a minute 4,722,366,482,869,645,213,696. would be 1 in (272/4.5*109) or 1.04*1012. 2.5 Physical Security The MTM-203 Satellite Mobile Transceiver is a multi-chip standalone cryptographic module. The module is contained by two hard metal clamshells. The module's cover is resistant to probing and is opaque within the visible spectrum. The design of the module satisfies level 2 physical security requirements. Tamper-evident seals are placed on the cryptographic module so that the seal must be broken to attain physical access. The cryptographic boundary is defined as encompassing the "top," "front," "left," "right," "rear," and "bottom" surfaces of two clamshell metal housing that are firmly held together with twelve screws. The metal housing exposes interfaces for the Control Connector, Antenna Connectors, and LEDs at front side. Comtech MTM-203 Satellite Mobile Transceiver Page 15 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Figure 3 ­ MTM-203 Satellite Transceiver Mechanical View The metal covers do not have any openings or ventilation holes. This module employs tamper-evident labels to detect the opening of the covers. The tamper-evident labels are applied by Comtech before providing the module to the Crypto-Officer and the description of where these labels are located is described in the "Secure Operation" section of this document. The module conforms to the Electromagnetic Interference/ Electromagnetic Compatibility (EMI/EMC) requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, and Class A (for business use). 2.6 Operational Environment The operational environment requirements do not apply to the MTM-203 Satellite Mobile Transceiver, because the module does not provide a general-purpose operating system (OS) to the user. The OS is not externally accessible and only the module's custom written firmware provides a logical interface into the module. The module provides a method to update the firmware in the module with a new version. A HMAC-SHA-1 keyed hash is verified over the firmware update to ensure its integrity. 2.7 Cryptographic Key Management The cryptographic module implements the following FIPS-approved algorithms: Comtech MTM-203 Satellite Mobile Transceiver Page 16 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 · Triple DES ­ CBC; 1 and 2 keying option; encrypt/decrypt (certificate #502) · SHA-1 Byte oriented (certificate #561) · HMAC-SHA-1 ­ (certificate #245) · ANSI X9.31 Appendix A.2.4 PRNG ­ (certificate #271) The cryptographic module implements the following non-FIPS-approved algorithms: · Digital Encryption Standard (DES) · Non-FIPS-approved PRNG used to seed the FIPS approved PRNG Comtech MTM-203 Satellite Mobile Transceiver Page 17 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 The module supports the following critical security parameters: Table 11 ­ List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key Key Type Generation / Input Output Storage Zeroization Use Identity Key TDES 192-bit CBC key Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts and decrypts input encrypted form or plaintext session data in plaintext Traffic Key TDES 192-bit CBC key Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts and decrypts input encrypted form or plaintext session data in plaintext Softload Secret 9 bytes of random data Generated externally; Never output from Hard coded in Erasing flash image Derives key to encrypt (note: communication hardcoded in module application firmware in and decrypt Softload encrypted with the application plaintext session data Softload Key is considered plaintext for FIPS purposes.) Ab Initialization Keys TDES 192-bit CBC key Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts network hardcoded in plaintext or hardcoded traffic for configuration application in application or provisioning Password Crypto-Officer or Generated externally Never output from Stored in Flash in Erasing flash image Authenticates Crypto- Super-user password module plaintext Officer and Super-user Firmware Upgrade key 20 bytes HMAC key Generated externally; Never output from Hard coded in Erasing flash image Perform Integrity check hardcoded in module application firmware in for firmware upgrade application plaintext PRNG seed 8 bytes of seed Generated internally Never output from Resides in volatile Power cycle Seeds the FIPS module memory approved PRNG. 2.7.1.1 Key Generation The module has a non approved PRNG to gather entropy and seed the FIPS approved PRNG. The module does not generate any cryptographic keys internally. 2.7.1.2 Key Storage The Firmware Upgrade Key is held in volatile memory only in plaintext during firmware upgrade. The Identity key, Traffic keys, Ab Initialization keys, Softload Secret, and passwords are stored in flash memory in plaintext. Comtech MTM-203 Satellite Mobile Transceiver Page 18 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 2.7.1.3 Key Entry and Output All keys and CSPs that are entered into the module are electronically entered. Identity Key, Traffic Key, and Ab Initialization Keys exit module in plaintext, no other key or CSPs exit the module. Ab Initialization Keys enter the module in plaintext or can be hardcoded in application. Identity Key and Traffic Keys can enter the module plaintext or in encrypted form. 2.7.1.4 Key Zeroization All keys and CSPs can be zeroized by erasing the flash image. Comtech MTM-203 Satellite Mobile Transceiver Page 19 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 2.8 Self-Tests The MTM-203 Satellite Mobile Transceiver performs the following self-tests at power-up: · Software integrity check using Cyclic Redundancy Check (CRC)-32 checksum · Known Answer Tests (KATs) o Triple-DES KAT o HMAC-SHA-1 KAT o PRNG KAT If any of the above self-tests fail, the module prints a failure indicator message on the serial port. Otherwise, a success indicator message is posted on the serial port. The MTM-203 Satellite Mobile Transceiver performs the following conditional self-tests: · Software update test using HMAC-SHA-1 · Continuous RNG Test for FIPS approved PRNG and non-approved PRNG Upon failing conditional self-tests, the module posts a message on the serial port. 2.9 Design Assurance The source code is primarily written in C. Some portions are written in assembler for performance reasons. Comtech uses Code Co-op version 4.6e to perform source code versioning and management and stores release notes within for versions of the firmware. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to provide configuration management for the MTM-203 Satellite Mobile Transceiver's FIPS documentation. This software provides access control, versioning, and logging. 2.10 Mitigation of Other Attacks The module does not mitigate other attacks. Comtech MTM-203 Satellite Mobile Transceiver Page 20 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 3 Secure Operation The MTM-203 Satellite Mobile Transceiver meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Crypto-Officer Guidance The module is available directly from Comtech Mobile Datacom Corporation and is shipped via a third party shipping company, such as FedEx or UPS. The module sealed with an anti-static bag is provided in a carton. The Crypto-Officer must inspect the box, packing materials, and module for signs of tamper, including damage to the box, packing materials, or the module itself. The Crypto-Officer (CO) is responsible for initial setup and maintenance to the FIPS mode of operation of the module. 3.1.1 Initial Setup The MTM-203 Satellite Mobile Transceiver comes to the CO in a compact, rugged, solid-state device with no moving parts. The following materials are needed to run the MTM-203 Satellite Mobile Transceiver: 1. Antenna 2. RS-422 serial cable 3. Interface from the Connector pin-outs to serial port 4. External Power Supply (40 µA max, 3.3V) 5. 20AWG wiring gauge Crypto-Officer receives the module with tamper evident labels on. The module requires two (2) a labels to detect any tampering. 1. One label is at the seam covering top and bottom surface of the clamshells at left side. Figure 4 - Left Label Top View Comtech MTM-203 Satellite Mobile Transceiver Page 21 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 Figure 5 - Left Label Bottom View 2. Another label is applied at the seam covering top and bottom surface of the clamshells at right side. Figure 6 - Right Label Top View Figure 7 - Right Label Bottom View Tamper evident labels usually become torn upon an attempt to remove them, and always either break into small pieces or become noticeably warped whenever a successful removal attempt is made. Thus, attempts at removal always show evidence of tampering. After confirming that there is no evidence of label damage that would indicate tampering with the module, the Crypto-Officer should run the power-on test. This procedure requires a terminal or computer running terminal emulation software set for 9600 baud with 8 bits, no parity, 1 stop bit, and no flow Comtech MTM-203 Satellite Mobile Transceiver Page 22 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 control. Initialization messages should appear on console port when an RS-422 serial cable with an RJ-45 male connector is connected to the terminal and with power turned on. Comtech ships the module fully provisioned. Provisioning establishes the profile of configuration commands inherent to the module. 3.1.2 Management The Crypto-Officer must ensure that the module is always operating in a FIPS-approved mode of operation. This can be achieved by ensuring the following: · Passwords must be at least six characters long. · To login over serial port as a Crypto-Officer or Superuser role, `superuser' command needs to be issued followed by a `enter' key, then password needs to be entered. · The module logs must be monitored. If suspicious log entries are noted, the Crypto-Officer should take the module off-line and investigate. · The tamper-evident labels must be regularly examined for signs of tampering (Figure 4, Figure 5, Figure 6, and Figure 7) to detect any opening of the covers. · `softload' should be used only via serial port. · The Crypto-Officer must ensure that only Triple-DES keys are loaded into the module and used for encryption/decryption. DES keys must be explicitly disallowed. · When connecting to the module over the serial port on a General PC, the crypto officer must ensure that the General PC is non-networked. 3.2 User Guidance The end Users do not have the ability to configure sensitive information on the module. The User should be careful not to provide Traffic key information to other parties. Comtech MTM-203 Satellite Mobile Transceiver Page 23 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.1 August 30, 2007 4 Acronyms Table 12 ­ Acronyms Acronym Definition A/D Analog to Digital Converter API Application Programming Interface CMVP Cryptographic Module Validation Program CO Crypto-Officer CPU Central Processing Unit CRC Cyclic Redundancy Check CSP Critical Security Parameter EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GPS Global Positioning System HMAC (Keyed-) Hash Message Authentication Code HPA High Power Amplifier KAT Known Answer Test LED Light Emitting Diode LH Left Hand LHCP Left-Hand Circularly Polarized LNA Low Noise Amplifier MUX Multiplexer NIST National Institute of Standards and Technology OS Operating System PCB Printed Circuit Board RF Radio Frequency RH Right Hand RHCP Right-Hand Circularly Polarized TTL Transistor-Transistor Logic VBATT Voltage from Battery VSS Visual Source Safe Comtech MTM-203 Satellite Mobile Transceiver Page 24 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice.