Dolphin Board FIPS 140-2 Level 3 Validation Security Policy Version 1.3 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC Table of Contents 1 INTRODUCTION ......................................................................................................................3 1.1 PURPOSE ...........................................................................................................................3 1.2 REFERENCES ......................................................................................................................3 2 DOLPHIN BOARD OVERVIEW...............................................................................................4 3 FIPS 140-2 MODE OF OPERATION .......................................................................................5 3.1 APPROVED ALGORITHMS .....................................................................................................5 3.2 NON-APPROVED ALGORITHMS .............................................................................................5 4 SECURITY LEVELS.................................................................................................................6 5 MODULE INTERFACES ..........................................................................................................7 6 CRITICAL SECURITY PARAMETERS ...................................................................................8 6.1 SECRET AND PRIVATE KEYS AND OTHER CSPS ...................................................................8 6.2 PUBLIC KEYS ......................................................................................................................8 7 ROLES AND SERVICES .........................................................................................................9 7.1 CRYPTO-OFFICER SPECIFIC SERVICES ................................................................................9 7.2 CRYPTO-OFFICER AND USER COMMON SERVICES ............................................................. 10 7.3 UNAUTHENTICATED SERVICES .......................................................................................... 13 7.4 AUTHENTICATION STRENGTH ............................................................................................ 14 8 PHYSICAL SECURITY ......................................................................................................... 15 9 OPERATIONAL ENVIRONMENT......................................................................................... 15 10 SELF-TESTS..................................................................................................................... 15 11 MITIGATION OF OTHER ATTACKS................................................................................ 16 12 SECURITY RULES ........................................................................................................... 16 13 ACRONYMS...................................................................................................................... 18 14 DOCUMENT REVISION HISTORY................................................................................... 19 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 2 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 1 Introduction 1.1 Purpose This document is a non-proprietary Cryptographic Module Security Policy for the Doremi Cinema LLC Dolphin board. It describes how this module meets all the requirements specified in the FIPS 140-2 for security Level 3. This Policy forms a part of the submission package provided to the testing lab. FIPS 140-2 (Federal Information Processing Standards Publication 140-2) specifies the security requirements for a cryptographic module protecting sensitive information. Based on four security levels for cryptographic modules this standard identifies requirements in eleven sections. For more information about the standard, visit: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. 1.2 References This Security Policy describes how this module complies with the eleven sections of the standard. · For more information on the FIPS 140-2 standard and validation program, please refer to the NIST website at http://csrc.nist.gov/cryptval/. · For more information about Doremi Cinema LLC solutions, please visit the following website: http://www.doremicinema.com/ 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 3 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 2 Dolphin Board Overview The Dolphin board is a PCI-card that provides a standard-definition/high-definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin board utilizes a dual-link encrypted serial digital interface for output of DCI- compliant resolutions up to 2048x1080p24 (2K-film). It can also operate single-link for lower resolution material (i.e. trailers, advertisements, etc.). Figure 1: Dolphin Board The Dolphin board has been designed for compliance with FIPS 140-2, Level 3 requirements. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 4 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 3 FIPS 140-2 Mode of Operation The module only provides a FIPS approved mode of operation. This mode of operation makes use of approved algorithms and also supports non-approved algorithms that are allowed in a FIPS approved mode of operation. In order to verify that the module is in a FIPS approved mode of operation the operator shall ensure that the FW and HW are the FIPS approved versions. The versions should match those listed on the validation certificate or found on the cryptographic module validation list webpage (http://csrc.nist.gov/cryptval/140-1/140val-all.htm). The operator shall also ensure that all self tests pass and that the module transitions into operational mode. 3.1 Approved Algorithms The Dolphin board supports the following algorithms approved for use in a FIPS mode of operation: · AES (FPGA implementation) with 128 bit keys for encryption in ECB mode and decryption in CBC mode ­ see Certificate #532 · AES with 128 bit keys for encryption and decryption in ECB mode ­ see Certificate #521 · HMAC-SHA1 ­ see Certificate #271 · SHA-1, used by other algorithms (like HMAC-SHA1 or FIPS 186-2 RNG) ­ see Certificate #593 · NIST-Recommended RNG based on ANSI X9.31, Appendix A.2.4 ­ see Certificate #326 · FIPS 186-2 RNG with change notice ­ see Certificate #297 3.2 Non-Approved Algorithms The Dolphin board also supports the following non-approved algorithms that are allowed for use in a FIPS mode of operation: · RSA Decryption (modulus 2048) ­ used for key unwrapping only, key establishment methodology provides 112 bits of strength · TRNG (RNG Hardware based) ­ used to seed the approved RNG based on ANSI X9.31 presented in paragraph 3.1. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 5 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 4 Security Levels The Dolphin board design, development, tests and production has satisfied the requirements to ensure a secure product. It is especially adapted to Digital Cinema security requirements. The Dolphin board, Hardware Model DOLPHIN-DCI-F, firmware versions 22.00-0 and 22.00-1, is tested to meet the FIPS security requirements for the levels shown in the following table. The overall module is tested FIPS 140-2 Security Level 3. Table 1 ­ FIPS 140-2 Security Level FIPS 140-2 Security Requirements Section Level 1. Cryptographic Module Specification 3 2. Module Ports and Interfaces 3 3. Roles, Services and Authentication 3 4. Finite State Model 3 5. Physical Security 3 6. Operational Environment N/A 7. Cryptographic Key Management 3 8. EMI/EMC 3 9. Self Tests 3 10. Design Assurance 3 11. Mitigation of Other Attacks N/A FIPS Overall Level 3 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 6 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 5 Module Interfaces The following table lists the logical interfaces of the module and how they map to physical interfaces: Table 2 ­ FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface Module Physical Interface Data Input Interface PCI interface, GPIO connector, SDI dual HD input Data Output Interface PCI interface, SDI dual HD output, GPIO connector, Audio connector, LTC (time code) output connector, Host Reset connector Control Input Interface PCI interface, Reset connector, Video sync. input Status Output Interface PCI interface, Serial Port, Video sync. output Power Interface PCI interface, Battery No maintenance access interface is present. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 7 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 6 Critical Security Parameters 6.1 Secret and Private Keys and Other CSPs The secret and private keys that exists within the cryptographic module are identified below: 1. Device Private Key ­ Private RSA Key used for key transport. 2. External Private Key ­ Private RSA Key unused by the module, stored in the module for convenience only. 3. Content Encryption Keys ­ AES Keys that protect content. 4. Cinelink Keys ­ AES Keys used by the AES FPGA algorithm (see Certificate #532) during the Cinelink processing. 5. Seed Values ­ Used to seed the FIPS approved RNGs. 6. AES Shared Knowledge Key ­ AES Key used to secure import/export of Critical Security Parameters. 7. Doremi HMAC Key - HMAC Key used for Firmware Load Test. 8. Content Integrity Keys ­ HMAC keys used to verify the integrity of encrypted content. 9. Authentication Secrets - The Authentication Secrets used by the module are identified below: - Crypto-Officer authentication secret ­ 8 characters. - User authentication secret ­ 8 characters. 6.2 Public Keys Public keys are not considered as Critical Security Parameters because of their public status. The public keys contained in the module are listed below for consistency: 1. Device Public Key ­ Public RSA key unused by the module, stored in the module for key storage purposes only. 2. External Public Key ­ Public RSA key unused by the module, stored in the module for key storage purposes only. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 8 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 7 Roles and Services The cryptographic module supports two distinct operator roles: Cryptographic Officer (Crypto-Officer) and User. No maintenance role is supported. The Crypto-Officer has access to all services while the User has only access to a subset of these services as identified in the paragraph 7.2. 7.1 Crypto-Officer Specific Services Table 3 below summarizes specific services available to the Crypto-Officer only. The Crypto-Officer also has access to all the services available to the User ­ see section 7.2. Table 3: Crypto-Officer Specific Services Service Description Input Output CSP Types of Access to CSP Set Device Imports the Device Public Key Device - - N/A. Public Key into module ­ service allowed Public key only if no Device Public Key already exits in the module Set Device Imports the Device Private Key Encrypted - Device Private Write Private Key into module ­ service only Device Key allowed if no Device Private Private Key Key already exits in the module AES Shared Read Knowledge Key Set Serial Imports the Serial Number - Serial - - N/A. Number Service only allowed if no Number Serial Number is present Set External Imports the External Public Key External - - N/A. Public Key into the module ­ service only Public Key allowed if no External Public Key already exits in the module Set External Imports the External Private Encrypted - External Private Write Private Key Key into the module - service External Key only allowed if no External Private Key Private Key already exits in the AES Shared Read module Knowledge Key Reset Destroys the following - - All Private Keys, Write Identity parameters: Content - Private/Public keys Encryption - Content Encryption Keys Keys, Content - Content Integrity Keys Integrity Keys, - Cinelink Keys Cinelink Keys - Seeds and Seeds - Serial Number - Time value Zeroization Zeroizes CSPs and Public Keys. - - All CSPs Write 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 9 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 7.2 Crypto-Officer and User Common Services Table 4 below presents all the services available to both the Crypto-Officer and the User. Table 4: Crypto-Officer and User Common Services Service Description Input Output CSP Types of Access to CSP Get GPI Data Exports GPI data through - GPI data - N/A. PCI interface Load GPO Data Imports GPO data through GPO data - - N/A. PCI interface in order it can be exported through the GPIO connector Get GPO Data Exports GPO data through - GPO data - N/A. PCI interface Get Update Provides status - Update - N/A. Status information concerning Status update process RSA KDM Block Imports and decrypts an KDM Cipher Decrypted Device Private Read Decryption RSA KDM cipher block. Block data without Key Then, exports decrypted the Content data without the Content Encryption Content Write Encryption Key itself Key itself Encryption Key Generate Generates and exports Number of Encrypted Cinelink Keys Write Cinelink Data Cinelink data Cinelink Keys to Cinelink data generate AES Shared Read Knowledge Key Watermark Data Imports Watermarking Encrypted - AES Shared Read Import data into the module and Watermarking Knowledge Key decrypts them Data Get MCore Provides status related to - MCore Status - N/A. Status Micro-controller command Configure Audio Sets the audio Audio - - N/A. configuration parameters configuration of the module parameters Get Audio Exports the current audio - Audio - N/A. Configuration configuration parameters configuration parameters Set DMA Sets the transfer DMA Transfer DMA - Doremi HMAC N/A. Configuration configuration parameters data Key in case of and/or executes a transfer firmware upload DMA Get DMA Exports the transfer DMA - DMA - N/A. Configuration configuration parameters configuration parameters 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 10 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC Service Description Input Output CSP Types of Access to CSP Get DMA Exports DMA interrupt - DMA - N/A. Interrupt Status status Interrupt Status Configure Video Sets video configuration Video - - N/A. parameters configuration parameters Get Video Provides video - Video - N/A. Configuration configuration parameters configuration parameters Set Video Enable or disable video Video interrupt - - N/A. Interrupt interrupt configuration Get Video Exports status of video - Video - N/A. Interrupt status interrupt interrupt status Configure ADV Sets ADVs configuration ADVs - - N/A. parameters configuration parameters Get ADV Exports ADVs - ADVs - N/A. Configuration configuration parameters configuration parameters Configure OSD Sets OSD configuration OSD - - N/A. parameters configuration parameters Get OSD Exports OSD configuration - OSD - N/A. Configuration parameters configuration parameters Configure AES Sets AES algorithm AES - - N/A. configuration parameters configuration parameters Get AES Exports AES algorithm - AES - N/A. Configuration configuration parameters configuration parameters Get Firmware Provides the version of the - Firmware - N/A. Version current firmware version Get Firmware Provides capabilities of the - Firmware - N/A. Capabilities firmware capabilities Get Device Exports the Device Public - Device Public - N/A. Public Key Key present in the module Key Get Serial Exports the Serial Number - Serial - N/A. Number of the module Number Get External Exports the External - External - N/A. Public Key Public Key Public key 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 11 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC Service Description Input Output CSP Types of Access to CSP Get External Exports the External - Encrypted External Private Read Private Key Private Key encrypted in External key AES Private key AES Shared Read Knowledge Key Find Content Provides the Content Key Id Offset - N/A. Encryption Key Encryption Key offset in the module's memory Add Content Writes into memory the Key Id Offset Content Write Encryption Key Content Encryption Key Encryption key and associated Key Id resulting from a KDM cipher block decryption Copy Content Provides the required Content - Content Read Encryption Key Content Encryption Key to Encryption Key Encryption Key Write the FPGA Offset Copy Cinelink Provides the required Cinelink Key - Cinelink Key Read Key Cinelink Key to the FPGA Offset Write Purge Key Delete a specific Content Offset - Content Write Encryption Key Encryption Key Get Content Exports Content - Content - N/A. Encryption Keys Encryption Keys status: Encryption Status number of Content Keys status Encryption Keys used and maximum allowed number of such Keys. Check Content Check if the Content Key Id - - N/A. Encryption Key Encryption Key is already present Get Content Generates, encrypts and Content Encrypted Content Read Integrity Key exports a Content Integrity Encryption Key Content Encryption Key Key corresponding to a offset Integrity Key specific Content Encryption Content Write Key Integrity Key AES Shared Read Knowledge Key Set Time Sets time if not present or Time value - - N/A. Adjusts Time if the amount of already adjusted time per year is less than the DCI maximum allowed Get Time Exports the time value - Time value - N/A. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 12 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC Service Description Input Output CSP Types of Access to CSP Configure Configures the Watchdog Watchdog - - N/A. Watchdog configuration parameters Get Watchdog Exports the current - Watchdog - N/A. status Watchdog configuration configuration 7.3 Unauthenticated Services The cryptographic module supports the following unauthenticated services: Table 5: Unauthenticated Services Service Description Input Output CSP Types of Access to CSP Get Session Id Exports the current - Session Id - N/A. Session Id of the module Authentication Imports authentication data AES encrypted - Authentication Read to perform user authentication Secrets authentication ­ or a user data switch if already logged as (authentication AES Shared Read an authorized user secret and Knowledge current Session Key Id) Show Status This "service" corresponds - Status - N/A. to the status information exported automatically through the Serial Port GPI Data Import Gets GPI data from the GPI data - - N/A. GPIO connector GPO Data Export Exports GPO data through - GPO data - N/A. the GPIO connector Video Import Imports video from the HD- Video Video - N/A. SDI input and exports it through the HD-SDI output "as-is" and only if allowed by the video configuration parameters ­ otherwise, no video import is possible. Note that no processing is applied to the video before being exported in this service. Host Reset Resets the host - - - N/A. Reset Resets the module from - - - N/A. the host 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 13 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC The power recycling of the Dolphin board allows executing the suite of power-up tests required by FIPS 140-2. No other defined service allows executing these power-up tests. It has to be considered as an unauthenticated service as it only requires the Dolphin board to be powered-off and powered-on again. Note: GPIO data are just data routed through the Dolphin board for external usages, but no processing is applied on them and they are not in relation with other Dolphin board information. 7.4 Authentication Strength The cryptographic module enforces the separation of roles using identity-based operator authentication. The Crypto-Officer role is authenticated through the use of "Crypto- Officer authentication secret" ­ known by Doremi Cinema LLC only ­ associated with the current Session Id while the User role is authenticated through the use of the "User authentication secret" associated with the current Session Id. Note that data to be compared to authentication secrets are imported encrypted in the module. Table 6: Roles and Required Identification and Authentication Role Type of Authentication Authentication Data User Identity-based operator authentication Authentication Secret Crypto-Officer Identity-based operator authentication Authentication Secret Table 7: Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Authentication Secret Verification With 256 possible characters and 8-character Authentication Secret, the probability that a random attempt will succeed or a false acceptance will occur is 5.42 x 10¯(20) that is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute with a replay delays of 200 ms is 1.63 x 10¯(17) that is less than 1/100,000. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 14 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 8 Physical Security The Dolphin board is classified as a multiple-chip embedded module for FIPS purposes. The physical security mechanism employed by the module is a hard, opaque and tamper-evident epoxy material. The tamper evident epoxy coverage shall be periodically inspected to ensure that physical security is maintained. Components excluded from the cryptographic boundary are not security relevant. 9 Operational Environment This Dolphin board supports a limited operational environment that only allows the loading of trusted, validated, and hashed firmware images through authenticated service. Doremi Cinema LLC maintains sole possession of the corresponding HMAC key needed to validate the uploaded firmware into the Dolphin board (the firmware load test is based on HMAC-SHA1). 10 Self-Tests The module performs the following self-tests: · Power Up Self-tests o Firmware Integrity Test o AES encryption/decryption known answer tests o HMAC-SHA1 known answer test o RSA Decryption known answer test o ANSI X9.31 RNG known answer test (NIST-Recommended RNG Based on ANSI X9.31 Annex A.2.4) o FIPS 186-2 RNG known answer test · Conditional Tests o Continuous ANSI X9.31 RNG Test (NIST-Recommended RNG Based on ANSI X9.31 Annex A.2.4) o Continuous FIPS 186-2 RNG Test o Continuous TRNG Test (Hardware RNG Test) o Firmware Load Test 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 15 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 11 Mitigation of Other Attacks The Dolphin board does not mitigate any specific attacks beyond the scope of FIPS 140- 2 requirements. 12 Security Rules The cryptographic module's design corresponds to the module's security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 3 module. 1. The cryptographic module shall provide two distinct operator roles. These are the User role and the Cryptographic-Officer role. 2. The cryptographic module shall provide identity-based authentication. 3. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 4. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 5. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 6. The module shall not support a bypass capability or a maintenance interface. 7. The cryptographic module performs the following tests: · Power Up Self-tests o Firmware Integrity Test o AES encryption/decryption known answer tests o HMAC-SHA1 known answer test o RSA Decryption known answer test o ANSI X9.31 RNG known answer test (NIST-Recommended RNG Based on ANSI X9.31 Annex A.2.4) o FIPS 186-2 RNG known answer test · Conditional Tests o Continuous ANSI X9.31 RNG Test (NIST-Recommended RNG Based on ANSI X9.31 Annex A.2.4) o Continuous FIPS 186-2 RNG Test o Continuous TRNG Test (Hardware RNG Test) o Firmware Load Test (HMAC verification) 8. At any time the operator is capable of commanding the module to perform the power-up self-test. 9. Prior to each use, the ANSI X9.31 DRNG, FIPS 186-2 and the hardware based NDRNG is tested using the conditional test specified in FIPS 140-2 §4.9.2. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 16 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 10. Data output is inhibited during key generation, self-tests, zeroization, and error states. 11. The module does not support concurrent operators. 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 17 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 13 Acronyms Term Definition AES Advanced Encryption Standard CSP Critical Security Parameter DCI Digital Cinema Initiative EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GPI General Purpose Input GPIO General Purpose Input/Output GPO General Purpose Output HMAC Hash Message Authentication Code KAT Known Answer Test N/A Not Applicable NIST National Institute of Standards and Technology OSD On Screen Display PCI Peripheral Component Interconnect RNG Random Number Generator RSA Rivest, Shamir and Adleman SHA Secure Hash Algorithm TRNG True Random Number Generator 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 18 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC 14 Document Revision History Date Version Description 05/10/2007 1.0 First version 05/11/2007 1.1 Minor editorial changes 06/15/2007 1.2 All sections revised 09/18/2007 1.3 Updated to reflect comments from NIST 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 19 of 19 Version 1.3 DOL.TD.000193.DRM Doremi Cinema LLC