Hydra PC Locksmith Security Policy Revision Document No. 1.1 December 17, 2009 SPYRUS, Inc. info@spyrus.com> SPYRUS Document No. 550-074001-01 Copyright © 2009 SPYRUS, Inc. All rights reserved. Copyright © 2009 SPYRUS, Inc. All rights reserved. SPYRUS Document No. 550-074001-02 This document is provided only for informational purposes and is accurate as of the date of publication. This document may be copied subject to the following conditions: • All text must be copied without modification and all pages must be included. • All copies must contain the SPYRUS copyright notices and any other notices provided herein. Trademarks SPYRUS, the SPYRUS logos, Hydra Privacy Card, Hydra PC and Hydra PC Locksmith are either registered trademarks or trademarks of SPYRUS, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Contents 1 INTRODUCTION........................................................................................................... 1 1.1 Hydra PC Locksmith Overview ..................................................................................... 1 1.2 Hydra PC Locksmith Implementation ........................................................................... 2 1.3 Hydra PC Locksmith Cryptographic Boundary ............................................................. 2 1.4 Approved Mode of Operations ...................................................................................... 2 2 FIPS 140-2 SECURITY LEVELS .................................................................................. 3 3 SECURITY RULES........................................................................................................ 4 3.1 FIPS 140-2 Imposed Security Rules .............................................................................. 4 3.2 SPRYUS Imposed Security Rules ................................................................................. 7 3.3 Identification and Authentication Policy ....................................................................... 8 4 HYDRA PC LOCKSMITH ROLES AND SERVICES ........................................................ 8 4.1 Roles .............................................................................................................................. 8 4.2 Services .......................................................................................................................... 9 5 IDENTIFICATION AND AUTHENTICATION ................................................................ 12 5.1 Initialization Overview ................................................................................................ 12 5.2 Operator Authentication............................................................................................... 12 5.3 Generation of Random Numbers ................................................................................. 12 5.4 Strength of Authentication ........................................................................................... 12 6 ACCESS CONTROL .................................................................................................... 14 6.1 Critical Security Parameters (CSPs) and Public Keys ................................................. 14 6.2 CSP Access Modes ...................................................................................................... 15 6.3 Access Matrix .............................................................................................................. 15 7 SELF-TESTS .............................................................................................................. 17 8 MITIGATION OF OTHER ATTACKS........................................................................... 17 9 ACRONYMS ............................................................................................................... 18 REFERENCES..................................................................................................................... 19 Copyright © 2009 SPYRUS, Inc. All rights reserved. i Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 1 Introduction This Security Policy specifies the security rules under which the Hydra PC Locksmith operates. Included in these rules are those derived from the security requirements of FIPS 140-2 and additionally, those imposed by SPYRUS, Inc. These rules, in total, define the interrelationship between: 1. Operators, 2. Services, and 3. Critical Security Parameters (CSPs). Figure 1 Hydra PC Locksmith (Topside) 1.1 Hydra PC Locksmith Overview The Hydra PC Locksmith enables security critical capabilities such as operator authentication and secure storage in rugged, tamper-evident hardware. The Hydra PC Locksmith communicates with a host computer via the USB interface. The Hydra PC Locksmith is the strongest encryption solution commercially available. Hydra PC Locksmith protects data for government, large enterprises, small organizations, and home users. Key features: • Encryption technology uses Suite B algorithms approved by the U.S. government for protecting both Unclassified and Classified data • Encrypted file storage on non-removable flash card Copyright © 2009 SPYRUS, Inc. All rights reserved. 1 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 • Strong protection against intruder attacks Access protection is as important as encryption strength. Data encrypted with Hydra PC Locksmith cannot be decrypted until the authorized user gains access to the device. 1.2 Hydra PC Locksmith Implementation The Hydra PC Locksmith is implemented as a multi-chip standalone module as defined by FIPS 140-2. The FIPS 140-2 module identification data for the Hydra PC Locksmith is shown in the table below: Table 1-1 Hydra PC Locksmith Part Number FW Version HW Version 880074001F 03.00.04 02.00.01 The Hydra PC Locksmith is available with a USB interface compliant to the Universal Serial Bus Specification, Revision 2.0, dated 23 September 1998. All Interfaces have been tested for compliance with FIPS 140-2. 1.3 Hydra PC Locksmith Cryptographic Boundary The Cryptographic Boundary is defined to be the outer perimeter of the hard, opaque, epoxy potting. Please see Figure 1. No hardware, firmware, or software components that comprise the Hydra PC Locksmith are excluded from the requirements of FIPS 140-2. 1.4 Approved Mode of Operations The Hydra PC Locksmith operates only in a FIPS Approved mode. The indicator that shows the operator that the module is in the Approved mode is the “GetCapabilities” command, which shows the module’s firmware and hardware versions as well as the product indicator. The Hydra PC Locksmith supports the FIPS 140-2 approved algorithms in Table 1-2 below and the following allowed algorithm: • EC-Diffie-Hellman (ECDH) for key transport / key agreement as allowed by FIPS 140-2 Implementation Guidance D.2 (key agreement; key establishment methodology provides 80 bits of encryption strength). Copyright © 2009 SPYRUS, Inc. All rights reserved. 2 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Table 1-2 Approved Algorithms supported by Hydra PC Locksmith Encryption & Decryption AES-128/192/256 (Certs. #1016 and #1104) Digital Signatures ECDSA, key sizes: 256, 384, 521 (Cert. #129) Hash SHA-224, SHA-256, SHA-384, SHA-512 (Certs. #973, #974 and #1027) Random Number Generator HASH_DRBG (SP 800-90) (Cert. #14) RNG for Seeding FIPS 186-2 (Cert. #582) Key Transport / Key Agreement KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) 2 FIPS 140-2 Security Levels The Hydra PC Locksmith cryptographic module complies with the requirements for FIPS 140-2 validation to the levels defined in Table 2.1. The FIPS 140-2 overall rating of the Hydra PC Locksmith is Level 2 Table 2-1 FIPS 140-2 Certification Levels FIPS 140-2 Category Level 1. Cryptographic Module Specification 3 2. Cryptographic Module Ports and Interfaces 2 3. Roles, Services, and Authentication 3 4. Finite State Model 2 5. Physical Security 2 6. Operational Environment N/A 7. Cryptographic Key Management 2 8. EMI/EMC 3 9. Self-tests 2 10. Design Assurance 3 11. Mitigation of Other Attacks N/A Copyright © 2009 SPYRUS, Inc. All rights reserved. 3 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 3 Security Rules The Hydra PC Locksmith enforces the following security rules. These rules are separated into two categories: 1) rules imposed by FIPS 140-2; and 2) rules imposed by SPYRUS. 3.1 FIPS 140-2 Imposed Security Rules Table 3-1 FIPS 140-2 Policies and Rule Statements Policy Rule Statement The Hydra PC Locksmith shall obscure feedback Authentication Feedback of authentication data to an operator during authentication (e.g., no visible display of characters result when entering a password). The Hydra PC Locksmith shall enforce Identity- Authentication Mechanism Based authentication. The Hydra PC Locksmith shall ensure that Authentication Strength (1) feedback provided to an operator during an attempted authentication shall not weaken the strength of the authentication mechanism. The Hydra PC Locksmith shall satisfy the Authentication Strength (2) requirement for a single–attempt false acceptance rate of no more than one in 1,000,000 authentications. The Hydra PC Locksmith shall satisfy the Authentication Strength (3) requirement for a false acceptance rate of no more than one in 100,000 for multiple authentication attempts during a one minute interval. The Hydra PC Locksmith shall be under a Configuration Management configuration management system and each configuration item shall be assigned a unique identification number. The Hydra PC Locksmith shall protect all CSPs CSP Protection from unauthorized disclosure, modification, and substitution. Copyright © 2009 SPYRUS, Inc. All rights reserved. 4 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Policy Rule Statement The Hydra PC Locksmith shall conform to the Emissions Security EMI/EMC requirements specified in FCC Part 15, Subpart B, Class B. The Hydra PC Locksmith shall inhibit all data Error State (1) output via the data output interface whenever an error state exists and during self-tests. The Hydra PC Locksmith shall not perform any Error State (2) cryptographic functions while in an Error State. The Hydra PC Locksmith documentation shall Guidance Documentation provide Administrator and User Guidance per FIPS 140-2, Section 4.10.4. The Hydra PC Locksmith shall contain Hardware Quality production quality ICs with standard passivation. The Hydra PC Locksmith interfaces shall be Interfaces (1) logically distinct from each other. The Hydra PC Locksmith shall support the Interfaces (2) following five (5) interfaces: • data input • data output • control input • status output • power interface The Hydra PC Locksmith shall provide that: a Key Association key entered into, stored within, or output from the Hydra PC Locksmith is associated with the correct entity to which the key is assigned. The Hydra PC Locksmith shall logically Logical Separation disconnect the output data path from the circuitry and processes performing the following key functions: • key generation, • key zeroization The Hydra PC Locksmith services shall indicate Mode of Operation that the module is in an approved mode of operation with a standard success return code Copyright © 2009 SPYRUS, Inc. All rights reserved. 5 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Policy Rule Statement and the output of the “GetCapabilities” command. The Hydra PC Locksmith implements an Physical Security opaque, tamper-evident epoxy. In order to maintain the security of the module, the operator can inspect the epoxy for any chips, scratches, or other evidence of tamper. The Hydra PC Locksmith shall protect public Public Key Protection keys against unauthorized modification and substitution. The Hydra PC Locksmith shall re-authenticate Re-authentication an identity when it is powered-up after being powered-off. The Hydra PC Locksmith shall use a ‘seed input’ RNG Strength into the deterministic random bit generator of sufficient length that ensures at least the same amount of operations are required to determine the value of the generated key. The Hydra PC Locksmith source code shall be Secure Development (1) annotated. The Hydra PC Locksmith software shall be Secure Development (2) implemented using a high-level language except that limited use of a low-level language is used to enhance the performance of the module. The Hydra PC Locksmith documentation shall Secure Distribution include procedures for maintaining security while distributing and delivering the module. The power-up tests shall not require operator Self-tests (1) intervention in order to run. The Hydra PC Locksmith shall perform the self- Self-tests (2) tests identified in Section 7. The Hydra PC Locksmith shall enter an Error Self-tests (3) State and output an error indicator via the status interface whenever self-test is failed. The Hydra PC Locksmith shall provide the Services Copyright © 2009 SPYRUS, Inc. All rights reserved. 6 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Policy Rule Statement following services: (see Reference Table 4.2). The Hydra PC Locksmith shall apply a SHA-384 Software Integrity hash to check the integrity of all firmware components The Hydra PC Locksmith shall provide an Status Output indication via the “GetUserState” command if all of the power-up tests are passed successfully. The Hydra PC Locksmith shall use a key Strength of Key establishment methodology that ensures at least Establishment the same amount of operations are required to determine the value of the transported/agreed upon key. The Hydra PC Locksmith shall protect the Unauthorized Disclosure following keys from unauthorized disclosure, modification and substitution: • secret keys • private keys. The Hydra PC Locksmith shall provide a Zeroization (1) zeroization mechanism that can be performed either procedurally by the operator or automatically by the Hydra PC Locksmith interface software on the connected host platform. The Hydra PC Locksmith shall provide the Zeroization (2) capability to zeroize all plaintext cryptographic keys and other unprotected critical security parameters within the Hydra PC Locksmith (HPC140-F). 3.2 SPRYUS Imposed Security Rules Table 3-2 SPYRUS Imposed Policies and Rule Statements Policy Rule Statement The Hydra PC Locksmith shall not support Single User Session Copyright © 2009 SPYRUS, Inc. All rights reserved. 7 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Policy Rule Statement multiple concurrent operators. The Hydra PC Locksmith shall not provide a No Maintenance Interface maintenance role/interface. The Hydra PC Locksmith shall not support a No Bypass Mode bypass mode. 3.3 Identification and Authentication Policy The table below describes the type of authentication and the authentication data to be used by operators, by role. For a description of the roles, see section 4.2. Table 3-3 Identification and Authentication Roles and Data Role Type of Authentication Data Authentication Identity-based Service and ECDSA Administrator (CO) Signature (384-bits) Identity-based Service and PIN User (minimum 7 to 262 characters) 4 Hydra PC Locksmith Roles and Services 4.1 Roles The Hydra PC Locksmith supports two roles, Administrator (Crypto-Officer) and User, and enforces the separation of these roles by restricting the services available to each one. Each role is associated with a single user identity, namely the service that has been requested and is associated with the role. Table 4-1 Roles and Responsibilities Copyright © 2009 SPYRUS, Inc. All rights reserved. 8 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Role Responsibilities The Administrator is responsible for performing Firmware Administrator Updates and setting configuration of the Hydra PC Locksmith (HPC140-F). The Hydra PC Locksmith validates the Administrator identity by way of a signature before accepting any FirmwareUpdate or SetConfiguration commands. The User role is available after the Hydra PC Locksmith has User been initialized. The user can load, generate and use secret keys for encryption services. The Hydra PC Locksmith validates the User identity by password before access is granted. 4.2 Services The following table describes the services provided by the Hydra PC Locksmith (HPC140-F). Table 4.2 Hydra PC Locksmith Services Service CO User Unauthenticated Description X Changes User ChangePassword Password X Formats the Format mounted CDROM X Returns the GetCapabilities current capabilities of the system including: global Information, media storage size and the product name. This service provides a response that indicates the approved mode of operation Copyright © 2009 SPYRUS, Inc. All rights reserved. 9 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Service CO User Unauthenticated Description (see Section 3.1). X Returns the GetConfig card configuration structure X Returns the GetUserState state and the Logon attempts remaining. X Generates a Initialize new encryption key and changes the PIN. Secure channel is required. Formats the media. X Log Off; Return LogOff to unauthenticated state. X Log on with the LogOn user PIN if system is initialized. X Allows the MountCDROM CDROM drive to be mounted as the read/write drive. This permits the CDROM software to be updated by a user application. X Read user ReadMedia media from SCSI drive. X Get a block of ReadUserArea data from a specified user area. Copyright © 2009 SPYRUS, Inc. All rights reserved. 10 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Service CO User Unauthenticated Description X Pass/Fail Test SelfTest of HYDRA PC LOCKSMITH. Will run the Power On Self Tests again. X Writes the card SetConfig configuration structure if the signature on the structure is valid X Initializes SetupBasicSecureChannel secure channel. X Writes signed UpdateFirmware blocks to the firmware area of the HYDRA PC LOCKSMITH. X Writes user WriteMedia media to SCSI drive. X Write a block of WriteUserArea data to a specified user area. All areas will require the token to be logged on for writes and updates X Clears the Zeroize encryption keys. Requires the Initialize command to be run again. Copyright © 2009 SPYRUS, Inc. All rights reserved. 11 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 5 Identification and Authentication 5.1 Initialization Overview The Hydra PC Locksmith modules are initialized at the factory to be in the zeroized state. Before an operator can access or operate a HYDRA PC Locksmith, the User must first initialize the module with a User ID and PIN. 5.2 Operator Authentication Operator Authentication is accomplished by PIN entry by the User or valid ECDSA signature by the CO. Once valid authentication information has been accepted, the Hydra PC Locksmith is ready for operation. The Hydra PC Locksmith stores the number of User logon attempts in non- volatile memory. The count is reset after every successful entry of a User PIN. If an incorrect PIN is entered during the authentication process, the count of unsuccessful logon attempts is incremented by one. If the User fails to log on to the Hydra PC Locksmith in 10 consecutive attempts, the Hydra PC Locksmith will block the user’s access to the module, by transitioning to the blocked state. To restore operation to the Hydra PC Locksmith (HPC140-F), the User will have to zeroize the token and reload the User PIN and optional details. When the Hydra PC Locksmith is inserted after zeroization, it will power up and transition to the Zeroized State, where it can be initialized. 5.3 Generation of Random Numbers The Random Number Generators are not invoked directly by the user. The Random Number output is generated by the HASH-DRBG algorithm specified in SP 800-90 in the case of static private keys and associated key wrapping keys, ephemeral keys and symmetric keys. 5.4 Strength of Authentication The strength of the authentication mechanism is stated in Table 5-1 below. Copyright © 2009 SPYRUS, Inc. All rights reserved. 12 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Table 5-1 Strength of Authentication Authentication Mechanism Strength of Mechanism User Single PIN-entry attempt / False The probability that a random PIN-entry Acceptance Rate attempt will succeed or a false acceptance will occur is 1.66 x10-14. The requirement for a single–attempt / false acceptance rate of no more than 1 in 1,000,000 (i.e., less than a probability of 10-6) is therefore met. User Multiple PIN-entry attempt in one Hydra PC Locksmith authentication minute mechanism has a feature that doubles the time of authentication with each successive failed attempt. There is also a maximum bound of 10 successive failed authentication attempts before zeroization occurs. The probability of a successful attack of multiple attempts in a one minute period is 1.66 x10-13 due to the time doubling mechanism. This is less than one in 100,000 (i.e., 1× 10−5 ), as required. Crypto Officer Single attempt / False The probability that a random ECDSA Acceptance Rate signature verification authentication attempt will succeed or a false acceptance will occur is 1/2^192. The requirement for a single–attempt / false acceptance rate of no more than 1 in 1,000,000 (i.e., less than a probability of 10-6) is therefore met. Crypto Officer Multiple PIN-entry attempt in The probability of a successful attack of one minute multiple ECDSA signature authentication attempts in a one minute period is 1/2^192. The computational power needed to process this is outside of the ability of the module. This is less than one in 100,000 (i.e., 1× 10−5 ), as required. Copyright © 2009 SPYRUS, Inc. All rights reserved. 13 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 6 Access Control 6.1 Critical Security Parameters (CSPs) and Public Keys Table 6-1 Hydra PC Locksmith CSPs CSP Designation Algorithm(s) / Symbolic Description Standards Form de,U SP 800-56A ECDH ephemeral private key used to Disk Ephemeral Private generate shared secret. DKEK AES 256 AES key used to unwrap the Disk Disk Key Encryption Encryption Key (DEK). Key (DKEK) DEK AES 512 A pair of AES 256 keys. The Drive Encryption Key concatenated value is used to encrypt (DEK) and decrypt the User’s encrypted drive. S SP 800-90 FIPS 186-2-generated seed used to Hash-DRBG Seed seed the Hash-DRBG RNG. sHDRBG SP 800-90 Hash_DRBG state value Hash-DRBG State MEK AES 256 AES 256 wraps / unwraps user’s static Master Encryption Key private keys in storage. (MEK) de,SCHP SP 800-56A ECDH Ephemeral Transport Private Secure Channel HYDRA Private kSCSK SP 800-56A ECDH / AES key used to encrypt and Secure Channel decrypt commands and responses to Session Key and from the card. PIN The user’s 7 character PIN for User PIN authentication to the module dECDSA,s,U X9.62 ECDSA Static Signature private key User’s Static Signature Private ds,U SP 800-56A ECDH Static Transport private key User’s Static Transport Private Seed Hardware RNG Seed value generated for use with the FIPS 186-2 RNG Seed RNGs Table 6-2 HYDRA PC Locksmith Public Keys Key Description/Usage Algorithm(s) Standards ANSI X9.62 The ECDSA P-384 public Key is used to Configuration Update Key verify the signature of the CO before the settings are changed ANSI X9.62 The ECDSA P-384 public Key is used to Card Firmware Update Key verify the signature of the CO before loading firmware. Copyright © 2009 SPYRUS, Inc. All rights reserved. 14 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Key Description/Usage Algorithm(s) Standards SP 800-56A ECDH Ephemeral Transport Public P384. Disk Ephemeral Public The key is used to generate a shared secret using ECDH with the User’s Static Transport Private key. SP 800-56A ECDH Ephemeral Transport Public P256 Secure Channel Host Public SP 800-56A ECDH Ephemeral Transport Public P256. Secure Channel HYDRA Public The key is used to generate a shared secret between the host and the card. SP 800-56A ECDH Static Signature Public P384. The User’s Static Signature Public key for ECDSA. SP 800-56A ECDH Static Transport Public P384. The User’s Static Transport Public key for ECDH. 6.2 CSP Access Modes Table 6-3 Hydra PC Locksmith Access Modes Access Type Description Generate (G) “Generate” is defined as the creation of a CSP Delete (D) “Delete” is defined as the zeroization of a CSP Use (U) “Use” is defined as the process in which a CSP is employed. This can be in the form of loading, encryption, decryption, signature verification, or key wrapping. 6.3 Access Matrix The following table shows the services (see section 4.2) of the Hydra PC Locksmith (HPC140-F), the roles (see section 4.1) capable of performing the service, the CSPs (see section 6.1) that are accessed by the service and the mode of access (see section 6.3) required for each CSP. The following convention is used: if the role column has an ‘X’, then that role may execute the command. Copyright © 2009 SPYRUS, Inc. All rights reserved. 15 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Table 6-4 Hydra PC Locksmith Access Matrix Service Name Roles Access to Critical Security Parameters CSPs Access Mode Admin User ChangePassword kSCSK X U ds,U U dECDSA,s,U U de,U, U DKEK G, U, D DEK U PIN D,G Format de,U X G, U, D DKEK, G,U,D DEK G,U GetCapabilities X X GetConfiguration X X GetUserState X X kSCSK Initialize X U ds,U G dECDSA,s,U G de,U, G, U, D DKEK G, U, D DEK G MEK U Seed G, U, D LogOff X kSCSK LogOn X U ds,U U DKEK G,U,D DEK U PIN U DEK MountCDROM X U DEK ReadMedia X U ReadUserArea X X s, sHDRBG, SelfTest X X G ds,U SetConfiguration X D dECDSA,s,U D DEK D de,SCHP SetupBasicSecureChannel X G,D kSCSK G,D ds,U UpdateFirmware X D dECDSA,s,U D DEK D DEK WriteMedia X U WriteUserArea X Copyright © 2009 SPYRUS, Inc. All rights reserved. 16 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 Service Name Roles Access to Critical Security Parameters CSPs Access Mode Admin User ds,U Zeroize X X D dECDSA,s,U D DEK D 7 Self-Tests The module performs both power-on and conditional self-tests. The module performs the following power on self-tests: • Cryptographic Algorithm Tests: - AES-128, 192, 256 KATs - ECDSA-256, 384, 521 KATs - EC-Diffie-Hellman-256, 384, 521 KATs - SHA-224 KAT - SHA-256 KAT - SHA-384 KAT - SHA-512 KAT - HASH-DRBG KAT - FIPS 186-2 RNG KAT • Firmware Test - SHA-384 Hash The module performs the following Conditional Tests: • Firmware Load Test - ECDSA P-384 signed SHA-384 hash verification • Pairwise Consistency Test - ECDSA key pair generation - EC-Diffie-Hellman key pair generation • Continuous Random Number Generator Test - HASH-DRBG SP800-90 - FIPS 186-2 8 Mitigation of Other Attacks No claims of mitigation of other attacks listed in Section 4.11 of FIPS 140-2 by the HYDRA PC Locksmith are made or implied in this document. Copyright © 2009 SPYRUS, Inc. All rights reserved. 17 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 9 Acronyms Advanced Encryption Standard AES Cipher Block Chaining CBC Critical Security Parameter CSP Differential Power Analysis DPA Digital Random Bit Generator DRBG Digital Signature Algorithm DSA Electronic Code Book ECB Elliptic Curve Diffie Hellman ECDH Elliptic Curve Digital Signature Algorithm ECDSA Elliptic Curve Menezes-Qu-Vanstone ECMQV Electromagnetic Compatibility EMC Electromagnetic Interface EMI File Encryption Key FEK Federal Information Processing Standard FIPS Host Authentication Code HAC Master Key Encryption Key MKEK Non-deterministic Random Number Generator NDRNG Personal Computer PC Printed Circuit Board PCB Personal Identification Number PIN Random Number Generator RNG Rivest, Shamir and Adleman Algorithm RSA Secure Digital (flash memory card) SD Secure Digital High-capacity SDHC Secure Hash Algorithm SHA Simple Power Analysis SPA Solid-state Drive SSD Universal Serial Bus USB Copyright © 2009 SPYRUS, Inc. All rights reserved. 18 Hydra PC Locksmith Security Policy SPYRUS Document No. 550-074001-01 Revision Document No. 1.0 December 17, 2009 References FIPS PUB 140-2, Change Notice, FIPS 140-2 Federal Information Processing Standards Publication (Supersedes FIPS PUB 140-1, 1994 January 11) Security Requirements For Cryptographic Modules, Information Technology Laboratory, National Institute of Standards and Technology (NIST), Gaithersburg, MD, Issued May 25, 2001. FIPS PUB 186-2, (+ Change Notice), FIPS 186-2 Federal Information Processing Standards Publication DIGITAL SIGNATURE STANDARD (DSS), National Institute of Standards and Technology (NIST), Gaithersburg, MD, Issued 2000 January 27 NIST Special Publication 800-56A SP 800-56A Recommendation for Pairwise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Barker, E., Johnson, D., Smid, M., Computer Security Division, NIST, March 2007. NIST Special Publication 800-90 SP 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Barker, E., Kelsey, J., Computer Security Division, Information Technology Laboratory, NIST, June 2006. American National Standards Institute (ANSI) X9.62 Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005. Copyright © 2009 SPYRUS, Inc. All rights reserved. 19