Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2 3 4 5 Security Policy 6 7 8 For 9 10 11 CLE-HSSI Link Encryptor 12 13 14 ES-16347-4 15 Rev A 16 17 18 19 20 21 February 27, 2001 22 23 24 25 26 27 28 Prepared by 29 30 31 CYLINK CORPORATION 32 ES-16347-4 Rev A Page 1 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2 1 SCOPE OF DOCUMENT ...............................................................................................................................2 3 2 APPLICABLE DOCUMENTS .......................................................................................................................2 4 3 SECURITY LEVEL.........................................................................................................................................3 5 4 SECURITY RULES .........................................................................................................................................3 6 4.1 CRYPTOGRAPHIC MODULE .............................................................................................................................4 7 4.2 ROLES AND SERVICES.....................................................................................................................................4 8 4.2.1 User Role .............................................................................................................................................4 9 4.2.2 Crypto Officer Role..............................................................................................................................5 10 4.3 PHYSICAL SECURITY ......................................................................................................................................6 11 4.4 OPERATING SYSTEM SECURITY ......................................................................................................................7 12 4.5 KEY MANAGEMENT .......................................................................................................................................7 13 4.6 CRYPTO ALGORITHMS ....................................................................................................................................8 14 4.7 SELF TEST ......................................................................................................................................................8 15 5 DEFINITION OF SECURITY RELEVANT DATA ITEMS (SRDIS)........................................................9 16 6 DEFINITIONS OF SRDI MODES OF ACCESS........................................................................................10 17 18 1 Scope of Document 19 20 This document contains the security policy requirements for the Cylink CLE-HSSI Link 21 Encryptor system module. The CLE-HSSI Link Encryptor System shall be referred to as the 22 CLE (Cylink Link Encryptor) in this document. 23 24 2 Applicable Documents 25 26 · FIPS 140-1 Security Requirements for Cryptographic Modules 27 · DTR Derived Test Requirements for FIPS 140-1, Security Requirements 28 for Cryptographic Modules (DTR) 29 · FIPS 46-2 Data Encryption Standard (DES) 30 · FIPS 81 DES Modes of Operation 31 · FIPS 180-1 Secure Hash Standard (SHA-1) 32 · FIPS 186 Digital Signature Standard (DSS) 33 ES-16347-4 Rev A Page 2 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2 3 Security Level 3 4 The CLE meets the overall requirements applicable to Level 2 security of FIPS 140-1, and 5 meets Physical Security applicable to Level 3. 6 Security Requirements Section Level Cryptographic Module 2 Module Interfaces 2 Roles and Services 2 Finite State Machine 2 Physical Security 3 EFP/EFT N/A Software Security 3 Operating System Security N/A Key Management 2 Cryptographic Algorithms 2 EMI/EMC 2 Self Test 2 7 8 9 10 4 Security Rules 11 12 This section documents the security rules enforced by the CLE to implement the security 13 requirements of FIPS 140-1 overall Level 2 module, with Level 3 Software and Physical 14 Security. 15 ES-16347-4 Rev A Page 3 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2 4.1 Cryptographic Module 3 4 The CLE shall be implemented as a "Multiple-Chip Standalone Cryptographic Module" as 5 defined in FIPS 140-1. 6 7 4.2 Roles and Services 8 9 The CLE shall employ role based authentication of the operator. The module supports two 10 roles as required by FIPS 140-1. The roles are the User Role and the Crypto Officer Role. 11 From the CLE's perspective, a user is authenticated into both roles simultaneously. Access to 12 these roles is restricted at the front panel by the use of a Medeco lock, and at the Network 13 Management (ethernet) port by the verification (by the CLE and the network application, Privacy 14 Manager) of mutually authenticated Cylink manufacturing certificates. 15 16 The Privacy Manager is a separate product, and contains its own methods for establishing and 17 validating roles, which may be restricted to subset of those supported by the CLE. Additionally, 18 PrivaCy Manager can initiate network/voice authentication, initiate a software download 19 operation, display the CLE MAC address, and display the date and time of the last key 20 exchange. 21 22 An operator is authenticated to the User and Crypto Officer roles at the front panel through 23 possession of the key that will turn the Medeco lock to the Enable position. Concurrent 24 operator access/operation is prevented by disallowing SNMP access when the Medeco lock is 25 set to enable the front panel. 26 27 Physical Maintenance shall be performed at the factory, as there are no services that require 28 the cover to be removed in the field, and there are no logical maintenance services performed 29 in the field. The CLE module should be zeriozed by a Crypto Officer before the module is 30 returned to the factory, either by command or by removing the cover. 31 32 33 4.2.1 User Role 34 35 The User Role provides the operator with the ability to control the operational mode of the CLE 36 and thus configure the network security policy. The services available to an operator while in 37 the User Role are as follows: 38 39 1. Set Operational Mode: This service allows the operator to select the current operational 40 mode. The operator shall be permitted to command the CLE into the following modes: 41 42 a) Clear Mode 43 b) Standby Mode 44 c) Secure Mode ES-16347-4 Rev A Page 4 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2 2. Additional Services available via external network interface (Privacy Manager) 3 a) Change Password and Login Properties for logged on user 4 b) View Trap information 5 c) Locate Module by IP or Name 6 d) View Operational Mode 7 e) View Event Browser 8 f) View Audit Logs 9 g) Clear Alarms 10 h) Print Security Policy Report 11 i) Print Inventory Report 12 13 4.2.2 Crypto Officer Role 14 15 The Crypto Officer Role provides the operator the ability to perform all of the services listed 16 below. 17 18 1. Alarm/Event Services 19 a) Display Event Log: This service allows the operator to scroll through and view the 20 contents of the CLE's event log. 21 b) Clear Event Log: This service allows the operator to completely clear the contents of 22 the event log. 23 3. Time/Date: This service allows the operator to set the real time clock to the current date 24 and time. 25 4. Key Management 26 a) Set Auto Key Change Attributes 27 b) Days Interval 28 c) End to End Delay 29 d) Clear Modes Allowed/Disallowed 30 e) Mode NET CERT, MANUAL (authentication) KEY, UNAUTH DH 31 f) Zeroize Keys: This service allows the operator to erase critical security parameters. 32 When this service is activated the following information shall be actively erased: 33 (i) CLE Network Certificate 34 (ii) CLE DSS secret key (X) 35 (iii) PrivaCy Manager DSS public key 36 (iv) PrivaCy Manger/CLE (SNMP) encryption key 37 (v) PrivaCy Manger/CLE SNMP message counter 38 (vi) CLE/CLE encryption key 39 (vii) Manually Entered Authentication Key 40 (viii) Far End CLE serial number ES-16347-4 Rev A Page 5 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 (ix) Last key change timestamp 2 (x) Event Log 3 g) Set Manual Authentication Key 4 h) Adapt Algorithm Allowed/Disallowed 5 5. Network Management 6 a) Display/Set Unit IP Address 7 b) Display/Set Gateway IP Address 8 c) Display/Set Subnet Mask Address 9 d) Display/Set Trap1/Trap2 IP Address 10 6. System Test: This service allows the operator to set a Network Encryptor Loopback, or 11 a DTE Encryptor Loopback, or clear a loopback that has been previously set. CLEs 12 with a T1 or E1 interface also allow setting or clearing a Network Line Loopback or a 13 DTE Line Loopback 14 7. Display Manufacturing Info: This service allows the operator to display the following 15 information: 16 a) Firmware Revision 17 b) Firmware Date 18 c) Hardware List 19 d) Hardware Issue 20 e) Manufacturing Date 21 f) Unit Serial Number 22 g) Line Interface Unit (LIU) Type 23 h) End to End (Link) Key Size, and Encryption Mode and Algorithm 24 i) SNMP Key Size, and Encryption Mode and Algorithm 25 8. Set Default Configuration 26 9. Firmware Update 27 28 4.3 Physical Security 29 30 1. Tamper evident tape spans the interface between the removable cover assembly and 31 the chassis rear. It is not possible to remove the enclosure cover without destroying the 32 tamper evident tape. Operation of the front panel user interface of the CLE-HSSI is 33 restricted by the use of a Medeco lock. The purpose of this lock is not to prevent 34 opening the unit. ES-16347-4 Rev A Page 6 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 2. The CLE includes tamper response and zeroization circuitry. Upon the removal of the 2 enclosure's cover, all plaintext cryptographic key and unprotected critical security 3 parameters are immediately zeroized. This capability is operational whether or not 4 power is applied to the module. 5 3. The CLE employs ventilation holes and related internal baffles that are designed to 6 prevent physical probing inside the enclosure. 7 4. The CLE-HSSI is made of commercially available, production grade components. 8 5. The CLE-HSSI's integrated circuit chips have standard passivation applied to them. 9 10 11 4.4 Operating System Security 12 13 The FIPS 140-1 operating system requirements (FIPS PUB 140-1 section 4.7) do not apply to 14 the CLE because it is not a general purpose computer and thus it cannot run untrusted user- 15 supplied software. However, the CLE's firmware can be field updated using a download 16 process. The following rules apply to the downloading of new CLE firmware. 17 The CLE shall verify the signature of the binary image. If this verification fails, the module shall 18 continue operation using the pervious version of firmware, the downloaded binary image shall 19 be marked as non-executable, and an SNMP-readable MIB status shall be set reporting the 20 failure. 21 22 4.5 Key Management 23 24 1. The PRNG seed (referred to as the XKEY in FIPS 186 Appendix 3.1) shall be installed 25 into the CLE using the Cylink Manufacturing Configurator (CMC) process. 26 2. PrivaCy Manager/CLE encryption keys shall be re-negotiated each time a new CLE 27 Network Certificate is loaded. 28 3. PrivaCy Manager/CLE encryption keys shall be established using the Diffie-Hellman 29 Key Agreement process. 30 4. Messages exchanged between the PrivaCy Manager and the CLE systems that contain 31 the Diffie-Hellman public components used to establish the PrivaCy Manager/CLE 32 encryption key shall be signed using the DSA associated with each entities 33 Manufacturing Certificate. 34 5. Prior to accepting the PrivaCy Manager/CLE encryption key the CLE shall perform 35 various message and certificate signature verification tests. 36 If any of the tests fail the PrivaCy Manager/CLE encryption key and the newly loaded 37 Network Certificate are rejected and the CLE shall report the failure at the end of the 38 protocol. 39 6. A new CLE/CLE encryption key shall be negotiated each time the CLE transitions from 40 a non-secure state to a secure state. ES-16347-4 Rev A Page 7 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 7. While in the secure mode the CLE/CLE encryption key shall be periodically re- 2 negotiated. 3 8. CLE/CLE encryption keys shall be established using the Diffie-Hellman Key Agreement 4 process. 5 9. When establishing a new CLE/CLE encryption key, the messages containing the Diffie- 6 Hellman public component shall be signed. 7 10. Prior to accepting the CLE/CLE encryption key each CLE shall: 8 a) Verify the compatibility of the two units' session settings: 9 b) Verify the validity of the Network Certificate's signature. 10 If any of the above tests fail the CLE/CLE encryption key shall be rejected. 11 11. If the Leased Line link encryption key generation process fails, the CLE shall generate 12 an alarm. 13 12. If a successful Leased Line CLE/CLE key exchange does not occur within the Days 14 Interval setting of the previous key exchange, the CLE shall produce an alarm due to 15 the resulting Local Secure mode. 16 13. The CLE shall have the ability to generate a pseudo-random authentication key, and 17 use it to authenticate the end-to-end communication protocol, in situations where 18 PrivaCy Manger and Network Certificates are not available. The plaintext 24-byte 19 authentication key shall be generated randomly as per FIPS Pub 186, shall not be 20 displayed after user acceptance, and shall be zeroized by operator command or by a 21 tamper situation. 22 14. The CLE shall have the ability to accept and utilize a manually entered end-to-end 23 authentication key. The plaintext 24-byte authentication key shall not be displayed after 24 user entry, and shall be zeroized by operator command or by a tamper situation. 25 15. All persistent keys shall be stored in tamper-protected non-volatile memory in clear text. 26 27 4.6 Crypto Algorithms 28 29 1. The CLE shall use the Data Encryption Standard (DES) algorithm or Triple DES to 30 protect the user line data. Sensitive PrivaCy Manager/CLE data shall be protected 31 using the Triple DES algorithm. 32 2. The CLE shall use the Digital Signature Standard as described in FIPS 186 for the 33 authentication of all security related information. 34 3. As specified in FIPS 186, the module will also support the Secure Hash Standard 35 (SHA-1) as described in FIPS 180-1. 36 37 4.7 Self Test 38 ES-16347-4 Rev A Page 8 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 1. The following Power-Up Self Tests shall be performed when power is first applied to the 2 system. 3 a) Field Programmable Gate Array (FPGA) Test 4 b) Program Memory (ROM/FLASH) Integrity Test 5 c) Bypass Test 6 d) General Purpose Memory Test 7 e) Non-Volatile Memory Integrity Test 8 f) Real Time Clock Test 9 g) Cipher Chip Test 10 h) Random Number Generator Test 11 i) General Cryptographic Algorithm Test 12 j) Pair wise Consistency Test 13 14 2. During normal operation, once during each second the battery that backs up the non- 15 volatile RAM shall be tested. 16 3. All keys to be used for symmetric key cryptographic algorithms shall be checked to 17 verify that they are cryptographically suitable for use as an encryption/decryption key. 18 This check shall be performed immediately after the value of the key has been 19 established. 20 For example, a DES key must be checked to verify that it is of the correct parity and is 21 not on the list of known "weak" or "semi-weak" DES keys. 22 5 Definition of Security Relevant Data Items (SRDIs) 23 24 (1) CLE Manufacturing Certificate 25 (2) PrivaCy Manager Manufacturing Certificate 26 (3) PrivaCy Manager/CLE SNMP Encryption Algorithm Flag 27 (4) PrivaCy Manager/CLE SNMP Encryption Mode Flag 28 (5) PrivaCy Manager/CLE SNMP Encryption Key Size Flag 29 (6) CLE to CLE Encryption Algorithm Flag 30 (7) CLE to CLE Encryption Mode Flag 31 (8) CLE to CLE Encryption Key Size Flag 32 (9) Near End Network Certificate 33 (10) Far End Network Certificate 34 (11) Far End Manual Authentication Code ES-16347-4 Rev A Page 9 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 (12) Firmware Binary Image Signature 2 (13) PRNG Running Seed (XKEY) 3 (14) CLE DSS Secret Key (X) 4 (15) CLE DSS Public Key (Y) 5 (16) PrivaCy Manager DSS Public Key 6 (17) PrivaCy Manager/CLE (SNMP) Encryption Key 7 (18) PM/CLE Message Counter Value 8 (19) PrivaCy Manager/CLE Message Counter 9 (20) CLE/CLE Encryption Key 10 (21) Near End CLE Challenge Value 11 (22) Far End CLE Challenge Value 12 (23) Voice Authentication Hash Value 13 (24) Far End CLE Serial Number 14 (25) Far End CLE Serial Number timestamp 15 (26) Last Key Change Timestamp 16 (27) Event Log 17 (28) Key Change Method 18 (29) Begin Time 19 (30) End Time 20 (31) Days Interval 21 (32) Clear Modes 22 (33) Key Management Mode 23 (34) Manual Authentication Key 24 (35) Algorithm Adaptation Flag 25 (36)Exclusion List: For Dial-Up operation 26 27 6 Definitions of SRDI Modes of Access 28 29 The table below defines the relationship between access to SRDIs and the different module 30 services. The modes of access are shown as codes in the table and are defined as follows: 31 32 a) D - The SRDI is set back to the manufacturing default by the service. 33 b) G - This service generates the SRDI internal to the CLE. 34 c) I - The SRDI is input into the CLE by this service. ES-16347-4 Rev A Page 10 Security Policy for CLE-HSSI Link Encryptor Cylink Corporation 1 d) R - The SRDI is read and used by the service. 2 e) U - The SRDI is updated by the service. 3 f) V - The SRDI is verified by the service. 4 g) Z - The SRDI is erased by the service. ES-16347-4 Rev A Page 11 Security Policy for NRZ/T1/E1/HSSI Link Encryptor Cylink Corporation Table 1 Services Versus SRDI Access Security Relevant Data Items (PM=PrivaCy Manager, CLE=Cylink Link Encryptor) Role Near End CLE Network Certificate Firmware Binary Image Signature Voice Authentication Hash Value Far End CLE Network Certificate CLE/CLE Encrypt Key Size Flag Near End CLE Challenge Value PM/CLE Encrypt Key Size Flag Far End CLE Challenge Value CLE Manufacturing Certificate PRNG Running Seed (XKEY) PM Manufacturing Certificate Last Key Change Timestamp CLE/CLE Encrypt Mode Flag Far End CLE Serial Number Clear Modes Allow/Disallow PM/CLE Encrypt Mode Flag CLE/CLE Encrypt Algo Flag Far End Manual Auth Code Manual Authentication Key PM/CLE Message Counter PM/CLE Encrypt Algo Flag Algorithm Adaptation Flag PM/CLE Challenge Value CLE/CLE Encryption Key CLE DSS Secret Key (X) CLE DSS Public Key (Y) PM/CLE Encryption Key Key Management Mode Key Change Method PM DSS Public Key Crypto Officer Role Exlcusion List Days Interval Begin Time Event Log User Role End Time Manufacturing Service and User/Crypto Officer Service Perform Network Authentication V IV GV R R I G V U X Renewal of Network Authentication GV R R I G V X Perform PM/CLE Voice Authentication GV G G I G V U GV X Set Operational Mode - Clear V V G V U U R R R R R X Set Operational Mode - Standby V V G V U U R R R R X Set Operational Mode - Secure R R R R R R V V U G G V U U U R R R R X Display Event Log R X Reset Event Log Z X Set Time/Date X Set Key Change Method RI X Set Begin Time RI X Set End Time RI X Set Days Interval RI X Set End-to-End Delay X Set Clear Modes Allow/Disallow RI X Set Key Management Mode RI X Zeroize Keys Z Z Z Z Z Z Z Z Z Z Z X Set Manual Authenication Key I X Set Algorithm Adaptation RI Set Line Interface Parameters X Set Dial-Up Config X Set CLE IP Address X Set Gateway IP Address X Set Subnet Mask X Set 8 Trap IP Addresses X Display System Info R R R R R R X Set/Clear DTE/NET Loopbacks X Set Default Configuration D D D D D D D D X Trigger Firmware Update R R V X ES-14885-4 Rev C Page 12