Datacryptor® SONET/SDH OC-3/12/48/192C FIPS 140-2 Level 3 Security Policy Firmware Version v4.2 Hardware Versions OC-3/12C/48C 1600X435 OC-192C 1600X427 Thales e-Security, Inc 2200 North Commerce Parkway, Suite 200, Weston, FL 33326, USA TEL: + 1-888-744-4976 FAX: + 1-954-888-6211 http://www.thalesesec.com THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY CONTENTS 1. INTRODUCTION....................................................................................................................... 4 2. IDENTIFICATION AND AUTHENTICATION POLICY ............................................................ 10 2.1 Crypto-Officer Role .......................................................................................................... 10 2.2 User Role ......................................................................................................................... 11 2.3 Authentication .................................................................................................................. 11 3. ACCESS CONTROL POLICY................................................................................................. 13 3.1 Roles and Services .......................................................................................................... 13 3.2 Cryptographic Keys, CSPs and Access Rights................................................................ 15 3.3 Other Security-Relevant Information................................................................................ 17 4. PHYSICAL SECURITY POLICY ............................................................................................. 18 4.1 Inspection/Testing of Physical Security Mechanisms ...................................................... 18 5. MITIGATION OF OTHER ATTACKS POLICY........................................................................ 22 ACRONYMS AND ABBREVIATIONS ............................................................................................ 23 REFERENCES............................................................................................................................... 24 Tables Table 1-1 Physical Ports and Status Indicators................................................................................ 6 Table 1-2 Physical Port to Logical Port Mapping ............................................................................. 6 Table 1-3 Power-Up Tests ............................................................................................................... 8 Table 1-4 Conditional Tests ............................................................................................................. 9 Table 2-1 Roles and Required Identification and Authentication .................................................. 11 Table 2-2 Strengths of Authentication Mechanisms...................................................................... 12 Table 3-1 Services Authorized for Crypto Officer........................................................................... 13 Table 3-2 Services Authorized for User ......................................................................................... 14 Table 3-3 Cryptographic Keys and CSPs...................................................................................... 15 ASEC0685 002C PAGE 2 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Figures Figure 1-1 Datacryptor® SONET/SDH Crypto Module Example Network Configuration................. 5 Figure 4-1 1600X435 Front ............................................................................................................ 19 Figure 4-2 1600X435 Rear............................................................................................................. 19 Figure 4-3 1600X427 Front ............................................................................................................ 19 Figure 4-4 1600X427 Rear............................................................................................................. 19 Figure 4-5 1600x435 Top ............................................................................................................... 20 Figure 4-6 1600x427 Top ............................................................................................................... 21 ASEC0685 002C PAGE 3 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 1. INTRODUCTION Thales e-Security is a global leader in the network security market with over 60,000 network security devices in operation, being one of the first companies to introduce a link encryption product to the market in the early 1980s. The Datacryptor® family represents Thales' next generation of network security devices for a wide variety of communications environments. It is the culmination of 20 years experience of protecting wide-area network communications for governments, financial institutions and information-critical industries worldwide. This document is the Security Policy 1 for the Thales e-Security Datacryptor® SONET/SDH OC- 3/12/48/192C, conforming to the FIPS140-2 Security Policy Requirements [1]. Further information on the Datacryptor® family and the functionality provided by the Datacryptor® SONET/SDH OC-3/12/48/192C is available from the Thales web site: http://iss.thalesgroup.com Overview The Datacryptor® SONET/SDH OC-3/12/48/192C is a multi-chip standalone cryptographic module which facilitates secure data transmission across SONET networks using OC-3C, OC-12C, OC- 48C or OC-192C. This Security Policy defines the Datacryptor® SONET/SDH OC-3/12/48/192C cryptographic module for two hardware versions, 1600X435 (low speed module) which supports data transmission using OC-3C, OC-12C or OC-48C, and 1600X427 (high speed module) which supports data transmission using OC-192C. These variants utilize a different hardware platform but are functionally identical therefore all references to Datacryptor® SONET/SDH OC- 3/12/48/192C or module refer to both variants unless explicitly stated otherwise. Figure 1-1 shows a typical Datacryptor® SONET/SDH OC-3/12/48/192C configuration where 2 LANs are securely linked across a public domain SONET network. Modes of Operation The Datacryptor® SONET/SDH OC-3/12/48/192C can only operate in an FIPS 140-2 Approved mode (this includes cryptographic services and bypass services). The modes of operation are detailed below: Standby Mode The module transmits/receives no data via either its Host or Network interfaces on that channel. This mode is automatically entered if the module detects an error state or at start-up. This mode is indicated by the Encrypt LED being flashing green. Plain Text Mode 2 All data received through the Host interface on that channel is transmitted through the Network interface as plain text. Similarly, all data received through the Network interface on that channel is transmitted through the Host interface with no decryption applied. This mode should only be used for diagnostic purposes, or if there is no security risk to the data if it is transferred unencrypted. This mode 1 This document is non-proprietary and may be reproduced freely in its entirety but not modified or used for purposes other than that intended. 2 This is the bypass mode. ASEC0685 002C PAGE 4 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY is indicated by the Plain LED being solid red. The module does not support an alternating plaintext mode. Encrypt Mode All data received through the Host interface on that channel is encrypted using the transmit Data Encryption Key (DEK) and then the encrypted data is transmitted through the Network interface. Similarly, all data received through the Network interface on that channel is decrypted using the receive DEK and then the decrypted data is transmitted through the Host interface. This mode is indicated by the Encrypt LED being solid green. The mode of operation is selectable by the Crypto Officer using the Secure Remote Management facility and the current mode of operation is displayed using either the Front Panel LEDs or the Secure Remote Management (Element Manager PC) facility. Refer to the User Manual [3] for further details. Figure 1-1 Datacryptor® SONET/SDH Crypto Module Example Network Configuration 1 2 3 4 5 6 7 8 9 * 8 # 1 2 3 4 5 6 7 8 9 * 8 # Physical Ports Both variants of the Datacryptor® SONET/SDH OC-3/12/48/192C provide the same set of physical ports with the exception of the host and network line interfaces, which use Small Form Factor Pluggable (SFP) for low speed modules and 10 Gigabit Small Form Factor Pluggable (XFP) for high speed modules The physical ports are described below in Table 1-1 Physical Ports and Status Indicators: ASEC0685 002C PAGE 5 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Table 1-1 Physical Ports and Status Indicators Port Description Network Connects to the public network for send and receiving encrypted user data and inter-module key exchange data. This is an optical port. Host Connects to the private network for send and receiving plaintext user data. This is an optical port. RS-232 Connects to a local terminal for initialization of the module and also allows remote management from the Element Manager application utilizing the Point-to-Point (PPP) protocol. Ethernet Allows the remote management of a unit using the Element Manager application and status report using an SNMP management application. Front Panel LEDs Indicates the operational state of the unit, including Alarm state, Error state, Plain or Encrypt mode and Host and Network line status. Line Interface LEDs Indicates module present and laser input detected. PSU LEDs Indicates the status of the PSUs (powered/unpowered) Power Dual redundant power interface supporting customer options of AC or DC and international power cord standards. The physical ports are mapped to four logical ports defined by FIPS 140-2 as described below in Table 1-2 Physical Port to Logical Port Mapping: Table 1-2 Physical Port to Logical Port Mapping Logical Interface Description and Mapping to Physical Port Data Input Host Line Interface Network Line Interface Data Output Host Line Interface Network Line Interface Control RS-232 Interface Ethernet Interface Status RS-232 Interface Ethernet Interface Front Panel LEDs Line Interface LEDs PSU LEDs ASEC0685 002C PAGE 6 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY User Data Security The communications channel between two Datacryptor® SONET/SDH OC-3/12/48/192Cs is assumed to be vulnerable and therefore the Datacryptor® SONET/SDH OC-3/12/48/192C encrypts the entire user data stream 3 . The Datacryptor® SONET/SDH OC-3/12/48/192C uses public key cryptography for authentication and key agreement 4 and symmetric key cryptographic for data confidentiality. The authentication mechanism employs signed X.509 v3.0 certificates using the Digital Signature Algorithm (DSA) for signature verification. The Diffie-Hellman protocol is used to establish a Key Encryption Key (KEK) between modules. Data Encryption Keys (DEKs), used for encrypting and decrypting data traffic, are derived from the KEK. Random Number Generation This consists of a hardware random number source which provides a seed key to a FIPS 186-2 Appendix 3.1 [2] Approved pseudo random number generator. Establishment of the module's generated private and secret keys (Diffie-Hellman static/ephemeral and Data Encryption Keys) uses the above random number generation mechanism. Algorithm Support The Datacryptor® SONET/SDH OC-3/12/48/192C contains the following algorithms: AES-256 for data encryption DSA for signature verification SHA-1 hashing algorithm Diffie-Hellman for key agreement Physical Security The multi-chip standalone embodiment of the circuitry within the Datacryptor® SONET/SDH OC- 3/12/48/192C is contained within a strong metal production-grade enclosure that is opaque within the visible spectrum to meet FIPS 140-2 Level 3. The enclosure completely covers the module to restrict unauthorized physical access to the module. The physical security includes measures to provide both tamper evidence and tamper detection and response. In the case of tamper response all sensitive information stored within the module will be zeroized. The Datacryptor® SONET/SDH OC-3/12/48/192C's cryptographic boundary (FIPS 140-2 [1], section 2.1) is the physical extent of its enclosure but excludes the dual redundant power supplies which are external to this boundary and may be hot-swapped by a customer and does not require a "return to factory" operation. Secure Remote Management The Datacryptor® SONET/SDH OC-3/12/48/192C may be remotely and securely managed using the Element Manager. The Datacryptor® SONET/SDH OC-3/12/48/192C can also be managed (for status only) using an SNMP v3.0 management application. Only one management session is permitted at a time with a Datacryptor® SONET/SDH OC-3/12/48/192C. 3 Providing the module is configured to operate in Encrypt mode. 4 This key agreement method provides 80-bits of encryption strength. ASEC0685 002C PAGE 7 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Diagnostics A variety of diagnostics are available to maintain secure operation. These diagnostics include cryptographic mechanisms, critical functions and environmental monitoring. In addition the module supports a local loop back mode to aid in diagnosing network connectivity. Log files are maintained in the Datacryptor® SONET/SDH OC-3/12/48/192C and can be viewed or printed. If the Datacryptor® SONET/SDH OC-3/12/48/192C is faulty, as indicated by the failure of a self- test diagnostic, it will render itself inoperable until the fault is rectified. Power-Up Tests On power-up known answer tests (KAT) are performed on all cryptographic algorithms and the pseudo-random number generator. In addition the integrity of all firmware is checked. Table 1-3 Power-Up Tests Function Checked Description CA Algorithm (DSA) KAT Test KEK Algorithm (AES-256) KAT Test DEK Algorithm (AES-256) KAT Test SHA-1 KAT Test SHA-1 RNG KAT Test Firmware Integrity 16 bit Error Detection Code (EDC) Checksum Conditional Tests The output of both the hardware random number generator and the pseudo-random number generator are checked when ever random data is requested by the module. Subsequent random numbers are compared against the last generated value to verify that these values are not the same. The module also performs a bypass test before entering an encrypted channel mode. When switching from a plain to an encrypted channel mode the module issues an encrypted challenge to its peer using the Data Encryption Key (DEK). The challenge is then decrypted by the peer using its DEK, and if verified, an encrypted response is returned to the module (using the DEK). The response is decrypted by the module (using the DEK) and verified. If successful the channel is established as being in an encrypted state with matching DEKs in each module. In the case of a firmware upgrade, this is digitally signed by a CA using DSA allowing the module to verify the image so preventing unauthorized firmware upgrades. The firmware upgrade is currently a factory only service. After loading firmware onto this module it will no longer be a FIPS 140-2 validated module unless the firmware has been FIPS 140-2 validated. This feature is used as an upgrade path for future FIPS 140-2 approved modules. ASEC0685 002C PAGE 8 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Table 1-4 Conditional Tests Function Checked Description Hardware RNG CRNG SHA-1 RNG CRNG Bypass Bypass Test Firmware Upgrade Authentication Verify (DSA) ASEC0685 002C PAGE 9 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 2. IDENTIFICATION AND AUTHENTICATION POLICY The two roles associated with the Datacryptor® SONET/SDH OC-3/12/48/192C are: Crypto-Officer Commissioning and configuration of the Datacryptor® SONET/SDH OC- 3/12/48/192C. User This role occurs when two Datacryptor® SONET/SDH OC-3/12/48/192Cs are communicating with each other. The Datacryptor® SONET/SDH OC-3/12/48/192C does not support multiple concurrent roles. 2.1 Crypto-Officer Role The Datacryptor® SONET/SDH OC-3/12/48/192C can be managed by the Crypto-Officer using either of the following two methods: Element Manager - This PC-based software application enables a Crypto-Officer to commission and administer the module. SNMP Management Station - This is limited to requesting and obtaining status information from the Datacryptor® SONET/SDH OC-3/12/48/192C. The Crypto-Officer role utilizes the Element Manager to commission and configure the module via the dedicated ethernet or serial management port. Commissioning a module installs a X.509 certificate (containing the CA public key, certificate name, unit serial number and certificate life time) and the required Diffie Hellman parameters (base and modulus) to allow the Datacryptor® SONET/SDH OC-3/12/48/192C to generate a corresponding Diffie Hellman key set. This information is digital signed allowing the unit to authenticate the certificate's signature using the issuing CA Public key held within the module. The module must be commissioned before it may be administered. When administering the module the Element Manager establishes a secure connection (connection authentication and data confidentiality) to the module. This connection is established and protected in the same manner as a module to module connection. To establish the secure connection the Crypto-Officer uses a removable media key-material set containing the Crypto- Officer's name and access rights, Diffie-Hellman key set and own certificate. To access the key- material set the Crypto-Officer must login to the Element Manager by presenting the key-material set and the Crypto-Officer's own password of at least 8 ASCII printable characters. This allows the Element Manager to verify the identity of a Crypto-Officer before establishing a secure connection using the key material set. ASEC0685 002C PAGE 10 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 2.2 User Role The Crypto-Officer can download one or more signed X.509 User Certificates to the Datacryptor® SONET/SDH OC-3/12/48/192C. Each User Certificate gives a Datacryptor® SONET/SDH OC- 3/12/48/192C an identity. Identity-based authentication is implemented between two communicating Datacryptor® SONET/SDH OC-3/12/48/192C. The modules are then operating in the User role. This identity can be authenticated to another module which verifies the User Certificate's signature using the issuing CA Public key held within the module. If the issuing CA Public key is not held within the authenticating module then verification cannot be undertaken. Therefore no communications channel can be established between the two Datacryptor® SONET/SDH OC-3/12/48/192Cs. 2.3 Authentication The types and strengths of authentication for each Role identified for the Datacryptor® SONET/SDH OC-3/12/48/192C are given in Table 2-1 and Table 2-2 below. Table 2-1 Roles and Required Identification and Authentication Role Type of Authentication Authentication Data Crypto-Officer Identity based Signed X.509 Digital Certificate User Identity based Signed X.509 Digital Certificate The identity of each entity performing a role that requires authentication is held within the X.509 Digital Certificate allowing the identity and authorization of the operator to be validated by checking the signature (DSA) of the certificate. ASEC0685 002C PAGE 11 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Table 2-2 Strengths of Authentication Mechanisms Authentication Strength of Mechanism Mechanism Signed X.509 The strength depends upon the size of the private key space. The Digital Certificate Datacryptor® SONET/SDH OC-3/12/48/192C uses DSA, which is a FIPS Approved algorithm. Therefore the probability of successfully guessing the private key (160 bits), and hence correctly signing an X.509 certificate, is significantly less than one in 1,000,000 (2160). Multiple attempts to use the authentication mechanism during a one-minute period do not constitute a threat for secure operation of the Datacryptor® SONET/SDH OC-3/12/48/192C. This is because each attempt requires the Datacryptor® SONET/SDH OC-3/12/48/192C to check the signature on the certificate that is to be loaded. Therefore the total number of attempts that can be made in a one-minute period will be limited by the Datacryptor® SONET/SDH OC-3/12/48/192C signature verification and response operation, which takes on average approximately 30 seconds. The majority of this time is accounted for by the communications overheads since the signature checking operation within the module is relatively fast. Given the very large size (160 bits) of the private key space used by the FIPS Approved signature algorithm (DSA) loaded in the Datacryptor® SONET/SDH OC-3/12/48/192C it follows that the probability that an intruder will be able to guess the private key, and thereby gain authentication, by making multiple attempts is significantly less than one in 100,000 (2160 / 2). There is no feedback of authentication data to the Crypto-Officer or User that might serve to weaken the authentication mechanism. ASEC0685 002C PAGE 12 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 3. ACCESS CONTROL POLICY 3.1 Roles and Services Table 3-1 Services Authorized for Crypto Officer lists the authorized services available for each role within the Datacryptor® SONET/SDH OC-3/12/48/192C. All services require authentication to the module. For further details of each operation refer to the Datacryptor® SONET/SDH OC-3/12/48/192C User Guide [3]. Table 3-1 Services Authorized for Crypto Officer Service Description Input Output Access Access module Login/logout of the password, crypto Command Peer Module Certificate - read module officer public response key, crypto officer certificate Manage Key Material Loads module's key module public Command CA Public Key ­ read/write, material, deletes key, module response Module Certificate ­ read/write module's key material certificate General Configuration Display/edit module's Commands and Command None name, description, time parameters response and interface settings. Diagnostics Reboot or erase key Commands and Command None material. Configure parameters response loopback mode IP Management Display/edit module's Commands and Command None ports, ethernet and parameters response serial, configuration. SNMP Display/edit general Commands and Command None information, SNMP parameters response version, SNMP communities and SNMP traps. IP Routes Display/edit IP routing Commands and Command None information parameters response Security Display/edit key Commands and Command Key Encryption Key ­ write lifetimes, and general parameters response; (delete), Data Encryption Key ­ key exchange key write (delete) parameters exchange if forced. RIP Display/edit RIP version Commands and Command None and RIP password parameters response Communications Display/edit SONET Commands and Command None path mode, SONET line parameters response mode, laser mode and interface mode Path Display/edit current Commands and Command None setting of the parameters response connection ­ one of standby, plain or ASEC0685 002C PAGE 13 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Service Description Input Output Access encrypt. Line Display current Commands and Command None connection mode - one parameters response, of standby, plain or ping packet encrypt and ping the to connected unit. connected peer. Environment Display fan speed, Commands and Command None module temperature parameters response and unit power status. License Display/edit currently License file Command None loaded license file for Response the Datacryptor OC- 3/12/48C module. Show Status View status of the None Front Panel None module. LEDs Status Indicators Commands and Status parameters information over Element Manager or SNMP Traps Operator Callable Self- Module performs self- Reboot Module Front Panel None Test test LEDs Status Indicators Plaintext Enable module to Commands and Bypass test None perform bypass. parameters. pass or fail indicated by Front Panel Status LEDs. Table 3-2 Services Authorized for User Service Description Input Output Accessed Encrypt Encrypt data received User traffic User traffic DEK ­ read from the Host interface (plain) (encrypted) and transmit on the Network interface. Decrypt Decrypt data received User traffic User traffic DEK - read from the Network (encrypted) (plain) interface and transmit on the Host interface. ASEC0685 002C PAGE 14 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 3.2 Cryptographic Keys, CSPs and Access Rights The cryptographic keys and CSPs stored in the Datacryptor® SONET/SDH OC-3/12/48/192C module are listed in Table 3-3. All private and secret keys (Diffie-Hellman, KEKs and DEKs) are generated internally in the module and may not be either loaded or read by the Crypto Officer or User. Table 3-3 Cryptographic Keys and CSPs Keys/CSPs Description Key/CSP Generated/ Stored Zeroised Type Established and Size Master Key Encrypts all non-volatile AES At start-up if not FRAM On tamper Keys and CSPs stored on present using the detect or by the module. (256 bits) module's hardware (plaintext) user. random number generator and an approved RNG (cert# 588). CA Public Key The public key of the CA DSA Generated external Non-volatile When the key is key pair use to verify and loaded as part of memory ­ deleted or subsequent key material (1024 bits) the commissioning Compact replace by a loaded into the module. process. Flash subsequent key. (encrypted) Own Module An X.509 certificate Diffie- The Diffie-Hellman Own Module When the Certificate/Diffie- containing the module Hellman static key pair is Certificate certificate is Hellman Static Key name, Diffie-Hellman static generated locally by Non-volatile deleted or Pair public key (the static private (1024 bits) the module, using the memory ­ replaced by a key is stored separately) module's hardware Compact subsequent and associated parameters. random number Flash certificate. generator and an approved RNG (encrypted) The Diffie- (cert#588) from the Hellman static Diffie- private key may parameters supplied Hellman during the deleted by a static private user. commissioning key ­ Non- process. The module volatile name and Diffie- memory ­ Hellman static public FRAM key is then exported to be signed by (encrypted) issuing CA so forming the module certificate. Diffie-Hellman The Diffie-Hellman Diffie- The Diffie-Hellman Volatile Zeroised when a Ephemeral Key ephemeral key pair. Hellman ephemeral key pair is memory - new link is Pair generated locally by SRAM established. (1024 bits) the module, using the module's hardware (encrypted) random number generator and an approved RNG (cert#588) from the parameters supplied during the commissioning process. This key pair is used in conjunction with the static key pair ASEC0685 002C PAGE 15 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Keys/CSPs Description Key/CSP Generated/ Stored Zeroised Type Established and Size to establish the KEK. Peer Module Received during link Diffie- Generated by peer in Non-Volatile Zeroised when a Certificate/Diffie- establishment between two Hellman the same manner as memory ­ new link is Hellman Static modules to allow Own Module Compact established. Public Key authentication of the peer (1024 bits) Certificate. Flash module using signature verification (DSA). (encrypted) Key Encryption Key used to derive data AES Established during Volatile Zeroised when a Key (KEK) encryption keys in link establishment memory ­ new link is conjunction with DEKID (256 bits) with Diffie-Hellman BRAM established or using the static and when a new KEK ephemeral key pairs. (encrypted) is generated at a user defined time interval. Data Encryption Random data used to 256 bits Generated during Not stored. N/A Key Derivation derive data encryption keys DEK derivation using Data (DEKDD) in conjunction with KEK the module's hardware random number generator and an approved RNG (cert# 588). Data Encryption A pair of key (one for AES Generated during link Volatile Zeroised when a Keys (DEKs) transmit and one for establishment using memory ­ new link is receive) used for encryption (256 bits) AES (KEK), DEKDD BRAM established or and decryption of line data. and XOR operations. when a new DEK (encrypted) is generated at a user defined time interval. Seed Key Used by the Approved RNG RNG Seed Generated via internal Not stored. Zeroised when a Key hardware RNG subsequent seed key is generated (256 bits) and the CRNG comparison is successful. 3.3 Zeroisation The Crypto Officer can zeroise keys through the Element Manager application. As indicated in the table above, the Crypto Officer has the choice to directly delete keys, establish a new link with another peer module or force the module to generate new keys. Keys that are not zeroised are encrypted by the master key. The module zeroises the master key when the tamper response and zeroisation circuitry responds to an intrusion of the enclosure which renders all other keys indecipherable. ASEC0685 002C PAGE 16 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Other Security-Relevant Information FIPS Approved Mode of Operation The Datacryptor® SONET/SDH OC-3/12/48/192C only operates in an Approved mode and does not support any unapproved modes of operation. 1. FIPS 140-2 Approved and Certified SHA-1 (FIPS Certificate #985) DSA (FIPS Certificate #349) FIPS 186-2 RNG (FIPS Certificate #588). AES-256 (FIPS Certificate #1033, 1079 and 1080) 2. Non-Approved Allowed Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) (SP 800-56A; Key Derivation Function: ANSI X9.42) Hardware RNG for generating seed key for Approved RNG ASEC0685 002C PAGE 17 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 4. PHYSICAL SECURITY POLICY The Datacryptor® SONET/SDH OC-3/12/48/192C is a multiple-chip standalone cryptographic module consisting of production-grade components to meet FIPS 140-2 Level 3. The Datacryptor® SONET/SDH OC-3/12/48/192C is protected by a strong metal production-grade enclosure that is opaque within the visible spectrum with tamper evident labels and tamper response mechanisms. Attempts to access the module without removing the cover will cause visible physical damage to the module and/or tamper evident labels. The module's ventilation holes on the sides and back on the enclosure are fitted with baffles to prevent physical probing of the enclosure. The module has a removable top cover which is protected by tamper response circuitry, which zeroizes all plaintext CSPs. Access to the internal components of the module requires that these covers are removed. The module's cryptographic boundary (FIPS 140-2 [1], section 2.1) is the physical extent of its external casing but excludes the field replaceable dual redundant power supply. 4.1 Inspection/Testing of Physical Security Mechanisms The following guidelines should be considered when producing a Security Policy for the network in which the module is deployed. The Datacryptor® SONET/SDH OC-3/12/48/192C should be periodically checked for evidence of tampering, in particular damage to the clear tamper evident labels (highlighted in outline red) as these are part of the security of the unit. In addition the audit logs should be checked for activation of the tamper response mechanism. The frequency of a physical inspection depends on the information being protected and the environment in which the unit is located. At a minimum it would be expected that a physical inspection would be made by the Crypto Officer at least monthly and audit logs daily. The tamper evident labels shall only be applied at the Thales facility. Tamper evident labels are not available for order or replacement from Thales. Two tamper evident labels are required to be visible and undamaged for each module to be operated in a FIPs approved mode of operation. They must be in the positions shown (see Figure 4-5 and Figure 4-6), one on the top front centre (position 1) and one on the top centre rear (position 2). ASEC0685 002C PAGE 18 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Figure 4-1 1600X435 Front Figure 4-2 1600X435 Rear Figure 4-3 1600X427 Front Figure 4-4 1600X427 Rear ASEC0685 002C PAGE 19 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Figure 4-5 1600x435 Top ASEC0685 002C PAGE 20 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY Figure 4-6 1600x427 Top ASEC0685 002C PAGE 21 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY 5. MITIGATION OF OTHER ATTACKS POLICY None. ASEC0685 002C PAGE 22 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY ACRONYMS AND ABBREVIATIONS Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute CA Certification Authority DEK Data Encryption Key DSA Digital Signature Algorithm EDC Error Detection Code FIPS Federal Information Processing Standards ITU International Telecommunications Union KAT Know Answer Test KEK Key Encryption Key LAN Local Area Network NIST National Institute of Standards and Technology PPP Point-to-Point PRNG Pseudo Random Number Generator PSU Power Supply Unit RIP Routing Information Protocol RNG Random Number Generator SDH Synchronous Digital Hierarchy SFP Small Form Factor Pluggable SHA-1 Secure Hash Algorithm SNMP Simple Network Management Protocol SONET Synchronous Optical NETwork XFP 10 Gigabit Small Form Factor Pluggable ASEC0685 002C PAGE 23 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY REFERENCES 1. FIPS 140-2 Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication, 25th May 2001. Including Change Notices 2,3,4: 12/03/2002 Available from the NIST web site: http://csrc.nist.gov/cryptval/ 2. FIPS 186-2 Digital Signature Standard, Federal Information Processing Standards Publication, 27th January 2000. Including Change Notice 1: 5th October 2001. Available from the NIST web site: http://csrc.nist.gov/cryptval/ 3. Datacryptor® SONET/SDH OC-3/12/48/192C User Manual, 1270A427, Issue 8 June 2008. Available from Thales e-Security. ASEC0685 002C PAGE 24 OF 25 18 FEBRUARY 2010 THALES e-SECURITY DATACRYPTOR® SONET/SDH OC-3/12/48/192C SECURITY POLICY ------------------------------------------- END OF DOCUMENT -------------------------------------------------------- ASEC0685 002C PAGE 25 OF 25 18 FEBRUARY 2010