FIPS 140-2 Security Policy For Wireless Access Point AP-7131N-44040-FGR, AP- 7131N-44040-FWW, AP-7131N-44040-FIL, AP- 7131N-66040-FGR, AP-7131N-66040-FWW and AP-7131N-66040-FIL Document Version 1.6 This document may be freely distributed in its entirety without modification Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 2 Table of Contents 1 Module Description ......................................................................................................... 3 2 Cryptographic Boundary.................................................................................................. 3 3 Ports and Interfaces.......................................................................................................... 4 4 Roles, Services and Authentication ................................................................................. 4 5 Security Functions ........................................................................................................... 7 6 Key Management ............................................................................................................. 8 7 Self Tests.......................................................................................................................... 9 8 Physical Security............................................................................................................ 10 9 Secure Operation............................................................................................................ 10 9.1 Approved Mode of Operation................................................................................. 10 Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 3 1 Module Description The Motorola AP-7131 Access Point is a standalone device that manages inbound and outbound traffic on the wireless network. It provides security, network services, intrusion detection and system management applications. It may be used together with the Motorola RF Switch and Motorola external IDS server. The module is used to provide secure Wireless Local Area Network (WLAN) connectivity to a set of wireless client devices, as well as to provide Wireless Intrusion Detection Functionality. The module protects data exchanged with wireless client devices using IEEE 802.11i wireless security protocol, which provides data protection using the AES-CCM cryptographic algorithm. For the purposes of FIPS 140-2 the module is classified as multi-chip standalone module. FIPS 140-2 conformance testing of the module was performed at Security Level 2, except for Cryptographic Module Specification and Design Assurance sections of the FIPS 140-2 standard, which were tested as Security Level 3. The following configurations were tested: Module Name and Version Firmware versions AP-7131N-44040-FGR Access Point AP7131N v4.0.0.0-035GR AP-7131N-44040-FWW Access Point AP7131N v4.0.0.0-035GR AP-7131N-44040-FIL Access Point AP7131N v4.0.0.0-035GR AP-7131N-66040-FGR Access Point AP7131N v4.0.0.0-035GRN AP-7131N-66040-FWW Access Point AP7131N v4.0.0.0-035GRN AP-7131N-66040-FIL Access Point AP7131N v4.0.0.0-035GRN 2 Cryptographic Boundary The complete set of hardware and firmware components of the module is physically enclosed in a metal enclosure which serves as the cryptographic boundary of the module. The enclosure consists of the following two parts. The top panel can be removed from the bottom panel by unscrewing screws. The switch enclosure is opaque within the visible spectrum. For tamper evidence the module requires tamper-evident labels to allow the detection of the opening of the top panel. Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 4 An image of the module is provided below: Figure 1. An image of the module. 3 Ports and Interfaces The module includes the following physical ports and logical interfaces. Port Name Count Interface(s) Ethernet Port 2 Data Input, Data Output, Control Input, Status Output Serial Console Port 1 Control Input, Status output, Data Output LEDs 6 Status Output Power Port 1 Power Input Power Over Ethernet Port (included in 1 Power Input the Ethernet connector) Reset Button 1 Control Input Antenna Ports 6 Data Input/Output 4 Roles, Services and Authentication The module provides the following roles: a User role, a Crypto Officer role. The Crypto Officers configure the module and manage its cryptographic functionality. Users employ the cryptographic services provided by the module. Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 5 The table below provides information on authentication mechanisms employed by each role. Role Authentication Mechanism User Passwords are used for wireless connection with EAP-PEAP and EAP-TTLS authentication. The module uses passwords of at least 8 characters, therefore for each random authentication attempt the probability of success will be significantly less than one in 1,000,000. When a secure network connection is established, the possibility of randomly guessing a password in 60 seconds is less than 1 in 100,000 due to the password length and authentication process performance limitation. Client Certificates are used for wireless connection with EAP- TLS authentication. The module uses client certificates with at least 1024 bit RSA key, which corresponds to 80 bits of security, therefore for each random authentication attempt the probability of success will be significantly less than one in 1,000,000. The possibility of randomly guessing a password in 60 seconds is less than 1 in 100,000 due to the authentication process performance limitation. Crypto Officer Passwords are used for connections via Command Line Interface (CLI), Web User Interface and SNMP management interface. The module uses passwords of at least 8 characters, therefore for each random authentication attempt the probability of success will be significantly less than one in 1,000,000. Upon a command line interface login attempt failure next username and password prompt is provided after 1 second interval. This ensures that a user can only make 60 or less consecutive attempts in a minute. Therefore the possibility of randomly guessing a password in 60 seconds is less than 1 in 100,000. The module provides the following services to the operators: Service Role Access to Cryptographic Keys and CSPs R- read; W ­ write or generate; E-execute Installation of the Module Crypto Officer Password: W 802.11i pre-shared key: W SSH RSA key pair: W TLS server certificate: W TLS/EAP Certificate: W SSH keys: E ANSI X9.31 seed and key: E Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 6 Service Role Access to Cryptographic Keys and CSPs R- read; W ­ write or generate; E-execute Login Crypto Officer Password: E SNMP secret: E SSH Keys: E TLS Keys: E ANSI X9.31 seed and key: E Run self-test Crypto Officer N/A Show status Crypto Officer N/A Reboot Crypto Officer N/A Update firmware Crypto Officer Firmware load verification HMAC SHA-1 firmware load verification key: E Zeroize/Restore factory Crypto Officer All keys: W settings IPSec/VPN configuration Crypto Officer IPSec/IKE pre-shared key: W SSH Keys: E TLS Keys: E ANSI X9.31 seed and key: E Configure Secure IPSEC Crypto Officer IPSec/IKE pre-shared key: W Connection to the Motorola SSH Keys: E WLAN switch TLS Keys: E ANSI X9.31 seed and key: E Configure Secure IPSEC Crypto Officer IPSec/IKE pre-shared key: W Connection to the External SSH Keys: E Authentication, Time and TLS Keys: E Audit Servers ANSI X9.31 seed and key: E Wireless Security Protocol Crypto Officer 802.11i pre-shared key: W configuration (802.11i , EAP-TTLS, PEAP passwords: W EAP-TLS, EAP-TTLS, EAP-TLS certificates: W EAP-PEAP) SSH Keys: E TLS keys: E ANSI X9.31 seed and key: E View Wireless Intrusion Crypto Officer TLS keys: E Detection Logs SSH Keys: E Password protection Crypto Officer Password: W configuration SNMP secret: W Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 7 Service Role Access to Cryptographic Keys and CSPs R- read; W ­ write or generate; E-execute Establishment of secure User TLS keys: E network connection IPSec/IKE keys: E TLS/EAP Certificate: E 802.11i keys: E ANSI X9.31 seed and key: E 5 Security Functions The table below lists approved cryptographic algorithms employed by the module. Algorithm Certificate Number SHS 1063, 1064 HMAC 652, 653 Triple DES 831, 832 AES 1147, 1148, 1149, 1150 RSA 543 ANSI X9.31 PRNG 635, 636 The table below lists non-Approved cryptographic algorithms employed by the module Algorithm Usage MD5 Used by EAP-TLS, EAP_TTLS and EAP-PEAP protocols Used during TLS handshake Used by the SNMP protocol HMAC-MD5 Used by the SNMP protocol DES Used by the SNMP protocol AES Used by the SNMP protocol SHS Used by the SNMP protocol Diffie-Hellman Used for key establishment in TLS, IPSec/IKE, and SSH1 handshake. Provides 80 bits of encryption strength. RSA encrypt/decrypt Used for key establishment in TLS handshake. Provides 80 bits of encryption strength. 1 SSH version 2 is used. Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 8 6 Key Management The module uses ANSI X9.31 PRNG to generate random data. The module provides a key zeroization command, which zeroizes all private and secret cryptographic keys and CSPs stored in flash memory. The command is followed by a reboot which zeroizes keys and CSPs stored in RAM. The following cryptographic keys and CSPs are supported by the module. Name and type Usage Storage TLS master secret Used to derive TLS data Plaintext in RAM encryption key and TLS HMAC key TLS Triple-DES or AES Used to encrypt data in TLS Plaintext in RAM encryption keys protocol TLS HMAC keys Used to protect integrity of Plaintext in RAM data in TLS protocol TLS/EAP server RSA Used to encrypt the TLS Plaintext in RAM certificate (including the master secret during the Plaintext in flash private key) TLS handshake TLS and IPSec/IKE, and Used for key establishment Plaintext in RAM SSH Diffie-Hellman keys during the handshake EAP-TLS Certification Used to verify client Plaintext in RAM Authority RSA Certificate certificate during the EAP- Plaintext in flash TLS handshake SSH RSA key pair Used to authenticate the Plaintext in RAM module to the SSH client Plaintext in flash during the SSH handshake SSH master secrets Used to derive SSH Plaintext in RAM encryption key and SSH HMAC key SSH Triple-DES or AES Used to encrypt SSH data Plaintext in RAM encryption keys SSH HMAC keys Used to protect integrity of Plaintext in RAM SSH data IPSec/IKE pre-shared key Used to derive IPSec/IKE Plaintext in RAM encryption keys and Plaintext in flash IPSec/IKE HMAC keys IPSec/IKE Triple-DES or Used to encrypt IPSec/IKE Plaintext in RAM AES encryption keys data IPSec/IKE HMAC keys Used to protect integrity of Plaintext in RAM IPSec/IKE data Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 9 Name and type Usage Storage ANSI X9.31 PRNG1 Seed Used to initialize the PRNG Plaintext in RAM and Seed Key to a random state ANSI X9.31 PRNG2 Seed Used to initialize the PRNG Plaintext in RAM and Seed Key to a random state 802.11i AES-CCM Used to secure unicast Plaintext in RAM Temporal Key wireless data 802.11i AES-CCM Group Used to secure multicast Plaintext in RAM Temporal Key wireless data 802.11i pre-shared key Used to derive 802.11i Plaintext in RAM Temporal Key and 802.11i Plaintext in flash Group Temporal Key Firmware load verification Used to verify firmware Plaintext in RAM HMAC SHA-1 Key components Plaintext in flash Passwords Used to authenticate users Plaintext in RAM Plaintext in flash SNMP secret Used to authenticate Crypto Plaintext in RAM Officers accessing SNMP Plaintext in flash management interface IDS Server RSA Public Key Used to establish TLS 1.0 Plaintext in RAM and RSA Client Certificate connection to the external Plaintext in flash IDS server 7 Self Tests The module runs a set of self-tests on power-up. If one of the self-tests fails, the module transitions into an error state where all data output and cryptographic operations are disabled. The module runs power-up self-tests for the following algorithms: Algorithm Test Firmware integrity Firmware integrity test using SHA-1 For each AES implementation Known Answer Test For each TDES implementation Known Answer Test For each SHS implementation Known Answer Test For each HMAC implementation Known Answer Test For each ANSI X9.31 PRNG Known Answer Test implementation RSA Pairwise Consistency Check (Sign/Verify) During the module operation the following conditional self-tests are performed: Condition Test Random Number Generation Continuous PRNG Test Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 10 Condition Test Firmware Load Firmware Load Test RSA Key Pair generation Pairwise Consistency Check (Sign/Verify, Encrypt/Decrypt) Bypass Bypass Test 8 Physical Security The module consists of production-grade components enclosed in a metal enclosure. The enclosure is opaque within the visible spectrum. The top panel of the enclosure can be removed by unscrewing screws. The module is protected by three tamper evident labels in accordance with FIPS 140-2 Level 2 Physical Security requirements. The three tamper evident labels are applied over the panels and sides of the module at the factory to provide evidence of tampering. An image of the module with tamper evident labels applied is provided below: 9 Secure Operation 9.1 Approved Mode of Operation The module always operates in the Approved Mode of Operation and does not support a non-Approved mode of Operation. The following message is output to the command line interface and the Web User Interface: "This Device Is Running In FIPS Mode". Module documentation provides detailed guidance for the module users and Crypto Officers. Non-Proprietary Security Policy for Motorola Wireless Access Point AP-7131N 11 The Crypto Officer periodically inspects the module and the tamper evident labels. If an evidence of tampering is detected, the Crypto Officer shall immediately disable the module and notify the management. Module users and Crypto Officers shall keep all authentication data confidential and shall not allow access to the module to unauthorized persons. When the module is received from the factory, it includes default Crypto Officer username/password. The Crypto Officer shall connect to the module using the serial interface and change the password to the non-default value before letting other users to operate the module.