TrustCrypt Security Policy TRUSTCRYPT SECURITY POLICY G-P6021-TM003 (ISSUE A) Copyright ©2010 of ST Electronics (Info-Security) Pte Ltd. This material may be reproduced only in its original entirety [without revision]. Trademarks DigiSAFE logo and FaxCrypt are registered trademarks of ST Electronics (Info-Security) Pte Ltd in Singapore, DigiSAFE logo is also registered in U.S. Patent and Trademark Office. Other trademarks are the property of their respective owners. ST Electronics (Info-Security) Pte Ltd ST Electronics Jurong East Building 100 Jurong East Street 21 Singapore 609602 Tel: (65) 6568 7118 Fax: (65) 6568 7226 Email: info@digisafe.com URL: www.digisafe.com G-P6021-TM003 ST Electronics (Info-Security) ISSUE A DIGISAFE TRUSTCRYPT SECURITY POLICY Contents CONTENTS...............................................................................................................................I 1. MODULE OVERVIEW ...................................................................................................... 1 2. SECURITY LEVEL............................................................................................................. 1 3. MODES OF OPERATION ................................................................................................. 2 3.1 Approved Mode of Operation ................................................................................................. 2 4. PHYSICAL SECURITY...................................................................................................... 3 4.1 Dimensions.............................................................................................................................. 3 4.2 Cryptographic Module Boundary............................................................................................ 3 4.3 Physical Security Mechanisms ................................................................................................ 3 4.4 Tamper Evidence Inspection ................................................................................................... 3 4.5 Ports and Interfaces ................................................................................................................. 3 5. IDENTIFICATION AND AUTHENTICATION POLICY ............................................. 6 5.1 Assumption of Roles ............................................................................................................... 6 6. ACCESS CONTROL POLICY .......................................................................................... 6 6.1 Crypto-Officer Role ................................................................................................................ 6 6.2 User Role................................................................................................................................. 9 6.3 Unauthenticated Services ...................................................................................................... 10 7. CRYPTOGRAPHIC KEYS AND CSPS.......................................................................... 11 8. OPERATIONAL ENVIRONMENT ................................................................................ 14 9. SECURITY RULES........................................................................................................... 14 10. MITIGATION OF OTHER ATTACKS POLICY ....................................................... 15 11. DEFINITIONS AND ACRONYMS ............................................................................... 16 DigiSAFE TrustCrypt Security Policy I G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 1. Module Overview The ST Electronics DigiSAFE TrustCrypt Module version 1.0.0 (the "module") is a FIPS multi-chip embedded cryptographic module encased within a secure hard opaque commercial grade epoxy. The primary purpose for this module is to provide cryptographic services to users including ciphers such as AES 256, RSA 1024, RSA 2048, SHA-256, and SHA-512. Additionally the module contains a secure bootstrap which authenticates both customized application loading & bootloading. The module is comprised of the following HW/FW components: · Module HW P/N 9910-8000-0624 · Glue Code executed in the module's CPLD ­ FW version 1.0.0 · Crypto Libraries executed in the module's Marvell XSCALE PXA300 processor ­ FW version 1.0.0 · Kernel Operating System executed in the module's Marvell XSCALE PXA300 processor ­ FW ARM-Linux 2.6.21 · Bootstrap Application executed in the module's Marvell XSCALE PXA300 processor ­ FW version 1.0.0 2. Security Level The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140- 2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks N/A DigiSAFE TrustCrypt Security Policy 1 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 3. Modes of Operation 3.1 Approved Mode of Operation The DigiSAFE TrustCrypt Module only supports an Approved mode of operation - FIPS mode. The module supports Approved mode of operation indicators. Upon power up the module sends a system information packet containing the module version number, release date, and other module information out its console port. Additionally after the module performs its FIPS power-on self-tests it sends a self-test state packet to the console port containing 1 byte for pass/fail of each power-on self- test. Please see the module's operator guidance documentation for the technical details on how to obtain the module's Approved mode of operation indicators. It is important to note that only the above mentioned Glue Code, Crypto Libraries, Kernel Operating System, and Bootstrap Application FW were tested and validated to FIPS 140-2. Once the module loads a customized application (Load Customized Application service allocated to the module's Crypto-Officer role) the module transitions into a state that is outside the scope of this validation. Also note that customized applications must always be signed by an ST Electronics Application Publishing Authority and the module verifies the signature when performing its Load Customized Application service. Writers of Customized Applications must undergo a separate FIPS 140-2 validation if they want the combined entity [DigiSAFE TrustCrypt + Customized Application] to be certified as a FIPS module. The cryptographic module implements FIPS Approved algorithms as follows: 1. AES-128 ECB Mode Encrypt/Decrypt (Cert. #932) 2. AES-128 CBC Mode Encrypt/Decrypt (Cert. #932) 3. AES-128 CFB Mode Encrypt/Decrypt (Cert. #932) 4. AES-128 OFB Mode Encrypt/Decrypt (Cert. #932) 5. AES-192 ECB Mode Encrypt/Decrypt (Cert. #932) 6. AES-192 CBC Mode Encrypt/Decrypt (Cert. #932) 7. AES-192 CFB Mode Encrypt/Decrypt (Cert. #932) 8. AES-192 OFB Mode Encrypt/Decrypt (Cert. #932) 9. AES-256 ECB Mode Encrypt/Decrypt (Cert. #932) 10. AES-256 CBC Mode Encrypt/Decrypt (Cert. #932) 11. AES-256 CFB Mode Encrypt/Decrypt (Cert. #932) 12. AES-256 OFB Mode Encrypt/Decrypt (Cert. #932) 13. SHA-256 Hashing (Cert. #915) 14. SHA-512 Hashing (Cert. #915) 15. RSA-1024 PKCS1.5 Signature Verification and Generation (Cert. #451) 16. RSA-2048 PKCS1.5 Signature Verification and Generation (Cert. #451) 17. DRNG ANSI X9.31 Appendix 2.4 (output of random numbers­ no key generation) (Cert. #533) The cryptographic module implements FIPS allowed algorithms as follows: 1. AES Key Wrapping performed in compliance with the AES Key Wrap Specification (Draft), published by the National Institute of Standards and Technology on 16 November 2001. This is an allowed key transport mechanism as per FIPS 140-2 Implementation Guidance 7.1. (AES Cert. #932, key wrapping; key establishment methodology provides 256 bits of encryption strength) 2. Hardware NDRNG (FIPS 140-2 Annex C: "There are no FIPS Approved nondeterministic random number generators"). The module implements the NDRNG for outputting random numbers and seeding the DRNG. DigiSAFE TrustCrypt Security Policy 2 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 4. Physical Security 4.1 Dimensions The DigiSAFE TrustCrypt Module has the following physical dimensions: · Size: - Width 90mm - Height 10mm - Depth 60mm · Maximum Weight: 100g 4.2 Cryptographic Module Boundary For FIPS 140-2 Level 3 validation the DigiSAFE TrustCrypt Module has been validated as a multi- chip embedded cryptographic module. Epoxy physically encloses the module HW/FW components and represents the cryptographic boundary of the module (see Figures 1a and 1b below). The epoxy has been tested to FIPS Level 3 Physical Security requirements including opacity and `hardness'. 4.3 Physical Security Mechanisms The multi-chip embedded cryptographic module includes the following physical security mechanisms: · Production-grade components and production-grade opaque epoxy enclosure. · Hard potting material encapsulation of multiple chip circuitry enclosure with removal/penetration attempts causing serious damage. 4.4 Tamper Evidence Inspection The operator of the module shall periodically inspect all surfaces of the module for signs of tampering. The operator shall look out for scratches, drilling and cracks on all the surfaces. The recommended interval for such inspection is at least once every 6 months. 4.5 Ports and Interfaces The DigiSAFE TrustCrypt's physical interfaces consist of several pins that support data input, data output, control input, and status output. The module has a total of 80 pins that cross its physical boundary. Ten of these pins are active and are considered the ports into and out of the cryptographic module. The inactive pins that cross the physical boundary of the module are provided for latent functionality and can only be used by a customized application, which is out of scope of this validation. Pins that are reserved for future use are disabled and inactivated by the module and are made to float so that no signals can be input or output from them. Note that the active UART2 Tx pin (below) is disabled during error or alarm states in the same fashion to prevent any sensitive data from being output during those states. DigiSAFE TrustCrypt Security Policy 3 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A · UART 2 Rx 1 pin (control input, data input) · UART 2 Tx 1 pin (status output, data output) · GPIO 3 pins (1 control input, 2 status output): · Config Type Pin ­ On Power up, this pin is used to check whether it is in Field Config Mode, Factory Config Mode or Operational Mode. · Field Config Pin - On power up when this pin is shorted with the Config Type Pin: - When the module's Key Encryption Key (KEK) is found inside the module but the CO & Users Passwords are not found inside the module, the module will enter the Initialize Password state. Note that password entry into the module is protected by the Key Encryption Key. - When the module's Key Encryption Key (KEK) and all Passwords are found inside the module, the module will enter the Crypto Officer Log In state. Note that Crypto Officer Login password entry is protected by the Key Encryption Key. · Factory Config Pin ­ On power up when this pin is shorted with the Config Type Pin, the module will enter the Key Encryption Key download state. This operation is performed in the manufacturing environment and is protected by the Key Encryption Key Publishing Authority private key which only the ST Electronics factory knows. · GPIO External Tamper 1 pin (Control in - controls zeroization of SRAM) · Vin 1 pin (Power in ­ 5.0V main power source) · VBatt 1 pin (Power in - external 3.0V backup battery source to maintain the SRAM contents, RTC, and anti-tamper circuit when the main power is off) · VRtc 1 pin (Power out ­ 3.3/3.0V derived from Vin and Vbatt, whichever is present) · GND 1 pin (Power in/out ­ Electrical Ground) DigiSAFE TrustCrypt Security Policy 4 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A Figure 1a ­ Image of the bottom of the Cryptographic Module Figure 1b ­ Image of the top of the Cryptographic Module DigiSAFE TrustCrypt Security Policy 5 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 5. Identification and Authentication Policy 5.1 Assumption of Roles The cryptographic module shall support two distinct operator roles (User and Crypto-Officer). The cryptographic module shall enforce the separation of roles using identity-based operator authentication. An operator must enter an ID and its Password to log in. The ID is an alphanumeric string of exactly eight characters. The password is an alphanumeric string of exactly eight characters chosen from the 62 printable and human-readable characters. Authentications are cleared when power cycling the module, and operators must reauthenticate when power is reapplied. Table 2 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data User Identity-based operator authentication ID and Password Crypto-Officer (CO) Identity-based operator authentication ID and Password Table 3 ­ Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism ID and Password The probability that a random attempt will succeed or a false acceptance will occur is 1/628 which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 12/628 which is less than 1/100,000. After every failed authentication attempt the module waits 5 seconds before it allows the next authentication attempt ­ therefore only a maximum of 12 authentication attempts can be made in one minute. 6. Access Control Policy 6.1 Crypto-Officer Role This role represents the Crypto-Officer who authenticates via an ID/Password combination through UART2 (Tx Pin and Rx Pin). Table 4 lists all the services available to the Crypto-Officer, the service inputs & outputs, and the CSPs & Public keys accessed by each service. DigiSAFE TrustCrypt Security Policy 6 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A Table 4 ­ Crypto-Officer Services and Key/CSP Modes of Access Service Description Input Output CSP & Public Key Access Operator Allows operator to enter Crypto- N/A Read Crypto-Officer Password. Authentication the ID and password to Officer ID, Read KEK. login. The module checks Crypto- these entered values Officer against stored values. If Password the comparison is (both AES successful, then the Key appropriate role (CO) is Wrapped assumed. with KEK) Load App PA Allows the CO to load the App PA N/A Write App PA Public Key. Public Key Application Publishing Public Key Authority Public Key (AES Key (App PA Public Key). Wrapped with KEK) Zeroize Zeroizes all plaintext N/A N/A Zeroize: CSPs in the module. · Key Encryption Key (KEK). Zeroizes plaintext Public · User Data Secret Key Keys in the module. (immediately after use). · User Data Private Key Zeroizes the customized (immediately after use). application (if one is · Crypto-Officer Password. currently loaded in · User Password. FLASH). · App PA Public Key. Zeroizes all contents · User Data Public Key stored in SRAM. (immediately after use). The module enters an endless loop after zeroization - all data output is stopped, all data input is ignored, a zeroized status packet is output every minute. After zeroization the module must be sent back to the factory to become operational again. Load Allows the CO to enter a Signed N/A Read App PA Public Key. Customized signed customized customized Application application. application Update Crypto- Allows the CO to update Crypto- N/A Write Crypto-Officer Password. Officer the Crypto-Officer Officer ID, Password Password. Crypto- Officer Password (both AES Key Wrapped with KEK) DigiSAFE TrustCrypt Security Policy 7 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A Service Description Input Output CSP & Public Key Access Update User Allows the CO to update User ID, N/A Write User Password. Password the User Password. User Password (both AES Key Wrapped with KEK) DigiSAFE TrustCrypt Security Policy 8 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 6.2 User Role This role represents the User who authenticates via an ID/Password combination through UART2 (Tx Pin and Rx Pin). Table 5 lists all the services available to the User, the service inputs & outputs, and the CSPs & Public keys accessed by each service. Table 5 ­ User Services and Key/CSP Modes of Access Service Description Input Output CSP Access Operator Allows operator to enter User ID, User Password N/A Read User Authentication the ID and password to (both AES Key Password. login. The module Wrapped with KEK). Read KEK. checks these entered values against stored values. If the comparison is successful, then the appropriate role (User) is assumed. Encrypt Data Allows the User to Payload to be Encrypted Read User Data encrypt a payload. Refer encrypted. Payload. Secret Key. to Table 7 for available User Data Secret Key ciphers. Read KEK. (AES Key Wrapped with KEK). Zeroize User Data Secret Key. Decrypt Data Allows the User to Payload to be Decrypted Read User Data decrypt a payload. Refer decrypted. Payload. Secret Key. to Table 7 for available User Data Secret Key ciphers. Read KEK. (AES Key Wrapped Zeroize User Data with KEK). Secret Key. Sign Data Allows the User to sign a Payload to be signed. Signature for Read User Data payload. Refer to Table payload. Private Key. User Data Private Key 7 for available ciphers. (AES Key Wrapped Read KEK. with KEK). Zeroize User Data Private Key. Hash Data Allows the User to hash Payload to be hashed. Hash of N/A a payload. Refer to Table payload. 7 for available ciphers. Verify Signature Allows the User to verify Signed Payload. Boolean: `yes' Read User Data a signature. Refer to if signature Public Key. User Data Public Key Table 7 for available matches, (AES Key Wrapped ciphers. otherwise `no' Read KEK. with KEK). Zeroize User Data Public Key. Get Deterministic Allows the User to Random number length. Random N/A Random Number retrieve a random number. number from the module's approved DRNG. Get Non- Allows the User to Random number length. Random N/A Deterministic retrieve a random number. Random Number number from the Hardware RNG. Update User Allows the User to User ID, User Password N/A Write User Password update the User (both AES Key Password. Password Wrapped with KEK). Read KEK. DigiSAFE TrustCrypt Security Policy 9 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 6.3 Unauthenticated Services The following services do not require authentication prior to invocation, they are available through UART2 (Tx Pin and Rx Pin). Table 6 ­ Services Available without Assuming a Role Service Description Input Output CSP Access Show Status Alerts the operator of the status of N/A Status of N/A the module. module. On power-up the module will output a Power Up System Information status packet containing the module's version, release date, and bootstrap application & crypto library checksum. After power-up self-tests are run the module will output a Power Up Self Test Results status packet containing pass/fail codes for each of the power-up self-tests. Each time the module enters major FIPS states it will output a state status packet. While in the Fatal Error State the module will output a PKT_STATE _ERROR state packet once every minute. At the conclusion of processing each service request the module returns a status results code. Power Up Self This allows an operator to perform N/A Pass/Fail for N/A Test the power up self tests by power each of the cycling the module. self-tests. Zeroize SRAM This allows the host system to N/A N/A N/A. zeroize all contents stored in the The SRAM is meant module's SRAM. Activated via to store security the module's GPIO External parameters by Tamper pin. customized application DigiSAFE TrustCrypt Security Policy 10 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 7. Cryptographic Keys and CSPs Table 7 ­ Available Ciphers Encryption Decryption Signature Hash Ciphers RNG Ciphers Ciphers Ciphers AES 128 ECB AES 128 ECB RSA 1024 SHA-256 ANSI X9.31 DRNG AES 128 CBC AES 128 CBC RSA 2048 SHA-512 Hardware NDRNG AES 128 CFB AES 128 CFB AES 128 OFB AES 128 OFB AES 192 ECB AES 192 ECB AES 192 CBC AES 192 CBC AES 192 CFB AES 192 CFB AES 192 OFB AES 192 OFB AES 256 ECB AES 256 ECB AES 256 CBC AES 256 CBC AES 256 CFB AES 256 CFB AES 256 OFB AES 256 OFB Table 8 ­ Secret and Private Keys Key Description/Usage Generation Storage Entry/Output Destruction Key This is an AES 256-bit Generated Stored in Entry: The KEK is Zeroized when Encryption key that is used to externally. plaintext entered into the module the zeroize Key decrypt all the in during manufacturing. service is (KEK) following when they FLASH. invoked. are entered into the Output: N/A module: User Data Secret Keys, User Data Private Keys, the App PA Public Key, User Data Public Keys, the CO Officer ID & Password, and the User ID & Password. User Data This is an AES 256- Generated Stored in Entry: The UDSK is Zeroized Secret Key bit, AES 192-bit, or externally. plaintext entered in encrypted immediately (UDSK) AES 128-bit key that in form after use. is used to encrypt or DRAM. (AES Key Wrapped decrypt bulk operator with KEK). supplied data. Output: N/A User Data This is an RSA 1024- Generated Stored in Entry: The UDPK is Zeroized Private bit, or 2048-bit private externally. plaintext entered in encrypted immediately Key key that is used to sign in form after use. (UDPK) bulk operator supplied DRAM. (AES Key Wrapped data. with KEK). Output: N/A DigiSAFE TrustCrypt Security Policy 11 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A Table 9 ­ Public Keys Key Description/Usage Generation Storage Entry/Output KEK PA RSA 2048-bit public key Generated Stored in plaintext Entry: Loaded in Public Key used in manufacturing externally. in FLASH. plaintext during during KEK download to manufacturing. verify the signature over the KEK. Output: N/A App PA RSA 2048-bit public key Generated Stored in plaintext Entry: Entered by Public Key used to authenticate externally. in FLASH. Crypto-Officer in customized applications. encrypted form (AES Key Wrapped with KEK). Output: N/A User Data RSA 1024-bit, or 2048-bit Generated Stored in plaintext Entry: Entered in Public Key public key used to verify externally. in DRAM. encrypted form (AES operator supplied signatures. Key Wrapped with KEK). Output: N/A DigiSAFE TrustCrypt Security Policy 12 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A Table 10 ­ Other CSPs Key Description/Usage Generation Storage Entry/Output Destruction Cryptographic This is the password Generated Stored in Entry: Entered Zeroized when Officer that is used to externally. plaintext via the Operator the zeroize Password authenticate the CO. in FLASH. Authentication service is service and invoked. The password policy is: updated via the Update Crypto- - Exactly 8 characters Officer ID / Password service. - 62 possible alpha / Entered each time numeric character set. the CO authenticates to the module. Whenever this CSP is entered into the module it is encrypted with the KEK (AES256 Key Wrapping). Output: N/A User Password This is the password Generated Stored in Entry: Entered Zeroized when that is used to externally. plaintext via the Operator the zeroize authenticate the User. in FLASH. Authentication service is service and invoked. The password policy updated via the is: Update User ID / - Exactly 8 characters Password service. Entered each time - 62 possible alpha / the User numeric character set. authenticates to the module. Whenever this CSP is entered into the module it is encrypted with the KEK (AES256 Key Wrapping). Output: N/A DigiSAFE TrustCrypt Security Policy 13 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 8. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the cryptographic module does not contain a modifiable operational environment. 9. Security Rules The module's design corresponds to the following security rules. These rules are enforced by the module to implement the security requirements of FIPS 140-2 Level 3 modules. 1. The cryptographic module provides two distinct roles. These are the User role, and the Crypto- Officer role. 2. The cryptographic module provides identity-based authentication. 3. When the module has not been placed in an authenticated role, the operator does not have access to any cryptographic services. 4. The cryptographic module performs the following tests: A. Power up Self-Tests: Cryptographic Algorithm Tests 1. AES-256 ECB Mode KAT 2. SHA-256 KAT 3. SHA-512 KAT 4. RSA-1024 KAT Sig Gen & Sig Verify 5. RSA-2048 KAT Sig Gen & Sig Verify 6. ANSI X9.31 RNG KAT Software/Firmware Integrity Test 1. 16-bit Firmware Integrity Test (EDC) B. Conditional Self-Tests: Continuous RNG Tests 1. RNG Every generation of 128 bits of random data from the RNG will be compared with the previous 128 bits to ensure that they are not equal. 2. NDRNG Every generation of 128 bits of random data from the NDRNG will be compared with the previous 128 bits to ensure that they are not equal. C. Vendor Defined Critical Function Tests: 1. Load Custom Application - Signature Verification Test (RSA 2048-bit Verification) 5. At any time the operator can command the module to perform the power-up self-tests by power cycling the module. 6. Prior to each use, the internal RNGs are tested using the continuous RNG test. 7. Data output is inhibited during self-tests, zeroization, and error states. 8. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 9. The module does not support concurrent operators. DigiSAFE TrustCrypt Security Policy 14 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 10. The module does not support a maintenance interface or a maintenance role. 11. The module does not support Bypass functionality. 12. The module does not support the generation of cryptographic keys. 13. The module does not support the output of CSPs. 14. The seed Key and seed value for the RNG (ANSI X9.31) are read from the onboard NDRNG during power up. They are compared to ensure that they are not equal. This section documents the security rules imposed by the vendor: 1. After every failed authentication attempt the module waits 5 seconds before it allows the next authentication attempt ­ therefore only a maximum of 12 authentication attempts can be made in one minute. 2. After zeroization the module must be returned to the factory to become operational again (download the KEK back into the module). 3. The module supports an external GPIO pin that allows complete zeroization of SRAM. This allows host systems that contain the module to zeroize all contents within SRAM by activating the GPIO pin. 4. Each module will be loaded with a unique, randomly generated KEK during manufacturing. ST Electronics will not monitor or record these KEK values. 10. Mitigation of Other Attacks Policy FIPS 140-2 Area 11 Mitigation Of Other Attacks requirements are not applicable because the module is not designed to mitigate specific attacks beyond the current FIPS 140-2 requirements. DigiSAFE TrustCrypt Security Policy 15 G-P6021-TM003 ST Electronics (Info-Security) ISSUE A 11. Definitions and Acronyms AES Advanced Encryption Standard ANSI American National Standards Institute App PA Application Publishing Authority Public Key CBC Cipher Block Chaining CFB Cipher Feedback CO Crypto-Officer CSP Critical Security Parameter DRAM Dynamic Random Access Memory ECB Electronic Codebook EDC Error Detection Code GPIO General Purpose Input/Output KEK Key Encryption Key KEK PA Key Encryption Key Publishing Authority NDRNG Non-Deterministic Random Number Generator OFB Output Feedback PA Publishing Authority RNG Random Number Generator RSA Rivest Shamir Adelman SHA Secure Hash Algorithm SRAM Static Random Access Memory UART Universal Asynchronous Receiver/Transmitter DigiSAFE TrustCrypt Security Policy 16