AW140 Hardware Version AW140 r1.1; Firmware 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation November 2010 © 2010 AvaLAN Wireless. All rights reserved. www.avalanwireless.com This document may be freely reproduced and distributed whole and intact including this copyright notice. Table Of Contents 1.1 Purpose ..................................................................................................................... 3 1.2 References ................................................................................................................ 3 1.3 Document History ...................................................................................................... 3 2 PRODUCT DESCRIPTION .......................................................................................... 4 3 MODULE PORTS AND INTERFACES ........................................................................ 6 4 ROLES, SERVICES AND AUTHENTICATION ............................................................ 6 4.1 Identification and Authentication................................................................................ 6 4.2 Roles and Services ................................................................................................... 7 5 PHYSICAL SECURITY ................................................................................................ 8 6 CRYPTOGRAPHIC KEY MANAGEMENT ................................................................... 8 7 SELF-TEST .................................................................................................................. 8 8 Crypto-Officer and User Guidance ............................................................................... 9 8.1 Secure Setup and Initialization .................................................................................. 9 8.2 Module Security Policy Rules .................................................................................. 10 9 Mitigation of Other Attacks ......................................................................................... 10 Non-Proprietary Security Policy 2 AvaLAN Wireless”AW140” 1 INTRODUCTION 1.1 Purpose This is a non-proprietary FIPS 140-2 Security Policy for the AvaLAN Wireless “AW140” cryptographic module. It describes how this module meets all the requirements as specified in the FIPS 140-2 Level 2 requirements. This Policy forms a part of the submission package to the testing lab. FIPS 140-2 (Federal Information Processing Standards Publication 140-2) specifies the security requirements for a cryptographic module protecting sensitive information. Based on four security levels for cryptographic modules this standard identifies requirements in eleven sections. For more information about the standard visit www.nist.gov/cmvp Section Level 1.2 References This Security Policy describes how this module complies with the eleven sections of the Standard:  For more information on the FIPS 140-2 standard and validation program please refer to the NIST website at www.nist.gov/cmvp. 1.3 Document History Authors Date Version Comment Jason Hennig 10/22/2009 1.0 First Draft Jason Hennig 02/10/2010 1.1 Updated Terminal Interface Description Jason Hennig 03/18/2010 1.2 Updates based on test lab feedback. Jason Hennig 04/06/2010 1.3 Updates based on test lab feedback. Jason Hennig 04/16/2010 1.4 Minor Corrections and add Logo Jason Hennig 11/01/2010 1.5 Minor Corrections Non-Proprietary Security Policy 3 AvaLAN Wireless”AW140” 2 PRODUCT DESCRIPTION The AvaLAN Wireless “AW140” is a cryptographic add-on module. The AW140 is defined as a multi-chip embedded module as defined by FIPS PUB 140-2. It supports AES encryption/decryption. The cryptographic boundary is defined as the epoxy covered circuit board and all of its components. There are no exclusions from the module. The block diagram for the module is as shown below with all the inter- connections between the components of the module. The AW140 module implements, AES-128, AES-192, and AES-256 algorithms in the approved mode. The intended use of the module is an encryption/decryption add-on module to a communications device. The product meets the overall requirements applicable to Level 2 security for FIPS 140-2. Security Requirements Section Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles and Services and Authentication 2 Finite State Machine Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks N/A Cryptographic Module Security Policy 2 Overall Level of Validation 2 Table 1 Module Compliance Table Non-Proprietary Security Policy 4 AvaLAN Wireless”AW140” Hardware block Diagram Non-Proprietary Security Policy 5 AvaLAN Wireless”AW140” 3 MODULE PORTS AND INTERFACES The module is considered to be a multi chip embedded module designed to meet FIPS 140-2 Level 2 requirements. The module has the following interfaces Data Input interface: The SPI interface is defined as the data input interface through which data is input to the module. Each data category has it’s own command in order to keep data types logically separated. Data Output Interface: As the module is being validated for level 2 requirements, the SPI interface is defined as the data output interface. Control input interface: Control input is on the USB and SPI interfaces and consists of command instructions that must be input for configuration and control of the module. See Users Manual for Command Structure. Status Output: Status output in on the USB and SPI interfaces. See Users Manual for Status Output definitions. The below table describes the relationship between the logical and physical interfaces. FIPS 140-2 Interface Physical Interface Data Input interface 10 pin 0.100 inch Header (SPI Interface) Data Output interface 10 pin 0.100 inch Header (SPI Interface) Control Input interface 10 pin 0.100 inch Header (SPI Interface)/ USB Interface Power Interface In configuration mode, powered by USB, else powered through SPI interface Status Output 10 pin 0.100 inch Header (SPI Interface)/ USB Interface Table 2 – Mapping Physical and Logical Interfaces 4 ROLES, SERVICES AND AUTHENTICATION The AW140 supports a Crypto Officer, a User role, and an Unauthenticated Role. The module implements role based authentication using passwords. Authentication to the module requires a password to be set for the CO and User . The module doesn’t support a maintenance role. 4.1 Identification and Authentication Authentication data is protected within the EEPROM to which there is no logical access. All ASCII characters are valid for authentication passwords. Role Type of Authentication Authentication Strength of Authentication Data User Role Based 8 to 32 Character There are 94 different ASCII characters to ASCII password select from for the authentication password. The minimum password size is 8 characters. Therefore there are a minimum of 94 to the power of 8 different possible passwords. The probability that a random access attempt will succeed is p=1/94 to the 8 = 1.64x10 to the 16. Crypto Role Based 8 to 32 Character There are 94 different ASCII characters to Officer ASCII password select from for the authentication password. The minimum password size is 8 characters. Therefore there are a minimum Non-Proprietary Security Policy 6 AvaLAN Wireless”AW140” Role Type of Authentication Authentication Strength of Authentication Data of 94 to the power of 8 different possible passwords. The probability that a random access attempt will succeed is p=1/94 to the 8 = 1.64x10 to the 16. Table 3 Authentication Type Table 4.2 Roles and Services The AW140 supports the services listed in the following table. The table groups the authorized services by the operator roles. The modes of access are identified per the explanation. R - The item is read or referenced by the service. W -The item is written or updated by the service. E - The item is executed by the service. (The item is used as part of a cryptographic function.) The below table shows the services available to each role: Table 4. Cryptographic Officer – Roles and Services Keys/CSP’s Associated with Service Role Authorized Services Access Type CO Import Key Application Key W CO Show Status None R CO Read Firmware Version Number None R CO Change Password Crypto-Officer Password W CO Self-Tests None E CO AES Encrypt/Decrypt Application Key E Table 5. User – Roles and Services Keys/CSP’s Associated with Service Role Authorized Services Access Type User Show Status None R User Read Firmware Version Number None R User Change Password User Password W User Self-Tests None E Table 6. Unauthenticated – Roles and Services Keys/CSP’s Associated with Service Role Authorized Services Access Type UA Zeroize Application Key and CO and User W Password. Non-Proprietary Security Policy 7 AvaLAN Wireless”AW140” 5 PHYSICAL SECURITY The AW140 is defined as a multi-chip embedded module. The AW140 consists of production grade components which include standard passivation techniques. The entire module is encapsulated in a potting material. The purpose of the potting material is to make the module opaque and provide physical evidence of tampering if an attacker attempts to remove the potting. To physically access the components of the module the potting material must be destroyed. The Crypto Officer must periodically inspect the potting material for evidence of damage or removal. 6 CRYPTOGRAPHIC KEY MANAGEMENT The following table summaries the module’s keys and CSP’s: Key/CSP’s Generation Storage Use Role Application Key Electronically Entered by Stored in AES Application Keys used CO AES 128, 192, CO. EEPROM for data encryption and 256 decryption. Crypto-Officer Created by the Crypto- Stored in Used to authenticate the CO Password Officer EEPROM Crypto-Officer User Password Created by the User Stored in Used to authenticate the User EEPROM User Table 7: Cryptographic Keys and CSPs The keys are entered into the AW140 module by the CO using the configuration interface (USB connection to a PC) and a terminal program such as Hyper Terminal. The keys are stored in plaintext on the module’s EEPROM to which there is no physical or logical access. The AW140 module does not output or archive any keys. The keys and passwords can be zeroized by anyone using the unauthenticated zeroize/init Command that resets the module to a factory default state. The module keys map to the following algorithms certificates: Approved Security Function Certificate Symmetric Key Encryption/Decryption AES 1291  ECB (e/d; 128, 192, 256) Table 8 FIPS Approved Algorithms Table 7 SELF-TEST The module performs the following self tests at power on, which are performed automatically and do not require operator intervention:  AES Known Answer Tests (KATs) ECB mode for Encrypt/Decrypt  Firmware Integrity Test. The integrity of the entire firmware image is checked using a 16 bit checksum. The indication of whether the power-up self-tests were successful, is available using the Show Status option. The module inhibits all data output while self-tests are in process. Non-Proprietary Security Policy 8 AvaLAN Wireless”AW140” The AW140 module does not support the following functions, and thus does not employ any conditional tests:  Bypass Mode  Loading of Firmware  Random Number Generation  Asymmetric Cryptography  Manual Key Entry On Demand Self-Tests The module must be power-cycled in order to run the on-demand self-tests, which include the AES known answer tests and the firmware integrity test. Error State If any power-up self-test fails, then the AW140 module enters an error state in which cryptographic operations and data input/output is disabled. Errors which are considered hard errors, such as failed integrity test or a failed AES known answer test, mean the AW140 module requires service. The module will attempt to clear all other errors on it’s own. 8 Crypto-Officer and User Guidance This section describes the configuration, maintenance, and administration of the AW140 module. 8.1 Secure Setup and Initialization Connect the AW140 module to your PC using a USB A to USB mini B cable. Open a terminal program and set the COM port settings as follows: Data Bits: 8 Baud Rate: 115200 Parity: None Stop Bits: 1 Flow Control: None Once the terminal program is connected press any key to activate the module. The module will prompt for a password of 8 to 32 characters. The module will determine, based on the password entered, if it is the Crypto Officer or User that has logged in. Once logged in a list of available commands will appear on the terminal screen. For first time configuration, the following steps must be taken: Non-Proprietary Security Policy 9 AvaLAN Wireless”AW140”  Once a password has been chosen for each role, one of the following AES key size (AES-128, AES-192, or AES-256) must be chosen or the module will not be able to enter into a cryptographic mode of operation. The Crypto Officer, must now import the desired key into the module. In a non-configured state the SPI Interface is disabled and no cryptographic operations can be processed. 8.2 Module Security Policy Rules After the power on self tests are performed the module detects if there is a USB connection present or not. If the USB connection is present then the AW140 module will enter configuration mode and wait for terminal activation. While the self tests are running data input/output is logically inhibited. Status output can be used to determine if self tests are in process. While in configuration mode the Data interface is disabled and no cryptographic functions can be performed. If an error occurs while the module is in configuration mode then the error will be displayed on the terminal. If a USB connection is not detected after self tests are completed then the module will enter normal operation. The configuration interface will be disabled and only the data interface will operate. Whatever key and algorithm choice was stored in the last configuration setup will be used to encrypt/decrypt all data on the data interface. If the module was not previously configured then it will be in a non-operational state with the error line of the SPI interface asserted. If an error occurs while in normal operation an error line will be held high on the SPI interface and the status register can be read to determine the exact cause of the error. 9 Mitigation of Other Attacks The module does not mitigate against any specific attacks. Non-Proprietary Security Policy 10 AvaLAN Wireless”AW140”