SYSTEMATIC DEVELOPMENT GROUP FIPS 140-2 SECURITY POLICY V.12 For LOK-IT™ 10 KEY (Series SDG003FM) & LOK-IT™ 5 KEY (Series SDG004FP) © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. SYSTEMATIC DEVELOPMENT GROUP © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. SYSTEMATIC DEVELOPMENT GROUP TABLE CONTENTS OF MODULE OVERVIEW ...................................................................................................1 LOK-IT™ 10 Key (Series SDG003FM)....................................................................1 LOK-IT™ 5 Key (Series SDG004FP) ......................................................................1 SECURITY LEVEL ........................................................................................................2 MODES OF OPERATION...............................................................................................3 Approved Modes of Operation ..............................................................................3 Non-Approved Modes of Operation .......................................................................3 Approved Algorithms ..........................................................................................3 Non-Approved Algorithms ...................................................................................3 Encryption Keys .................................................................................................3 PORTS AND INTERFACES ............................................................................................4 INDENTIFICATION AND AUTHENTICATION POLICY .........................................................7 User Authentication ............................................................................................7 CO Authentication ..............................................................................................7 Customer Delivery..............................................................................................7 Authentication Strength ......................................................................................8 ACCESS CONTROL POLICY ..........................................................................................9 Roles and Services .............................................................................................9 Initialization ......................................................................................................9 Definition of Critical Security Parameters (CSPs) ....................................................9 CSP Access Mode Definitions.............................................................................. 10 OPERATIONAL ENVIRONMENT....................................................................................11 SECURITY RULES .....................................................................................................12 PHYSICAL SECURITY POLICY .....................................................................................13 MITIGATION OF OTHER ATTACKS...............................................................................14 REFERENCES ...........................................................................................................15 DEFINITIONS AND ACRONYMS...................................................................................16 © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. SYSTEMATIC DEVELOPMENT GROUP © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. SYSTEMATIC DEVELOPMENT GROUP MODULE OVERVIEW LOK-IT™ 10 Key (Series SDG003FM) Hardware revision: 100-SDG003-33LF REV:1 USB controller firmware revision: V01.12A09-F01 Security controller firmware revision: SDG003FM-008 LOK-IT™ 5 Key (Series SDG004FP) Hardware revision: 100-SDG004-00LF REV:1 USB controller firmware revision: V01.12A09-F01 Security controller firmware revision: SDG004FP-008 SDG provides FIPS 140-2 approved security functionality to the LOK-IT™USB flash drive1. The LOK-IT™ module employs validated Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on internal LOK-IT™ flash memory. The module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16F688 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. Figure 1 Component Side of PCB 1 Based upon DataLock™, licensed technology from ClevX, LLC – Patents Pending © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 1 of 16 SYSTEMATIC DEVELOPMENT GROUP SECURITY LEVEL The cryptographic module meets the overall requirements applicable to Level 3 Security of FIPS 140-2. Table 1 Module Security Level Specification © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 2 of 16 SYSTEMATIC DEVELOPMENT GROUP MODES OF OPERATION Approved Modes of Operation The LOK-IT™ module supports a FIPS approved mode of operation. The module is locked and is inaccessible to a connected host computer until the user enters a valid PIN that authenticates to a particular role. Drives are configured in manufacturing with a single private partition. The partition is not accessible until the user has set a valid PIN. Non-Approved Modes of Operation LOK-IT™ does not support any non-approved modes of operation. Approved Algorithms AES 256 bit (CBC), NIST certification #1514 Non-Approved Algorithms There are no non-approved algorithms. Encryption Keys LOK-IT™ is pre-programmed with a unique set of encryption keys created during the manufacturing process. A list of 6 AES keys is supplied by a random number generator (RNG) executing on the manufacturer's computer. The RNG complies with ANSI X9.31 Appendix 2.4 specification for the generation of random numbers. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 3 of 16 SYSTEMATIC DEVELOPMENT GROUP PORTS AND INTERFACES The cryptographic module provides the following physical ports and logical interfaces: Table 2 Physical Ports and Logical Interfaces *Meets level 3 requirements by allowing a plain-text CSP (PIN) to be entered directly into the security controller on a physically separate port than that used for data I/O, see Figure #2. Figure 2 LOK-IT™ Architecture © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 4 of 16 SYSTEMATIC DEVELOPMENT GROUP Figure 3 depicts two (2) blinking modes used to convey status as referenced in Table 3. Figure 3 Single vs. Double Blink Table 3 Status Output © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 5 of 16 SYSTEMATIC DEVELOPMENT GROUP © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 6 of 16 SYSTEMATIC DEVELOPMENT GROUP INDENTIFICATION AND AUTHENTICATION POLICY LOK-IT™ supports level 3 identity based authentication. Table 4 Roles and Required Identification and Authentication User Authentication a) Press KEY - Single blinking red and green indicators b) Enter PIN - Red and green indicators blinking concurrently c) Press KEY - Single blinking green means user authenticated, red blink means user denied CO Authentication a) Double Press KEY – Double blinking red and green indicators b) Enter PIN - Red and green indicators blinking concurrently c) Press KEY - Single blinking green means CO authenticated, red blink means user denied Customer Delivery On customer delivery, user and CO PIN’s can be set in either order: user before CO or CO before user. In addition, it is possible to use the drive with a user PIN defined and no CO PIN defined. To account for these features, the following rules apply to when setting / changing a PIN is allowed. Table 5 PIN Set/Change Conditions © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 7 of 16 SYSTEMATIC DEVELOPMENT GROUP Authentication Strength Table 6 Authentication Strengths The probability that a random authentication attempt will succeed within a one-minute period is 10/1,000,000 and 10/1,193,125 respectively. As can be seen by the pictures on page 3, the 10 key LOK-IT™ drive has 10 numeric buttons whereas the 5 key LOK-IT™ has 5 numeric buttons. The buttons are labeled 0/1, 2/3, 4/5, 6/7, 8/9. This is why the minimum PIN length is set to 9 digits instead of 7. Since 2 numerals share the same button, the PIN 1-1-1-1-1-5-5-5-5 is electrically equivalent to 0-0-0-0-0-4-4-4-4. Hence, the need for a longer PIN. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 8 of 16 SYSTEMATIC DEVELOPMENT GROUP ACCESS CONTROL POLICY Roles and Services The LOK-IT™ supports 2 distinct and separate roles: user and cryptographic officer. The role is explicitly selected during authentication: User – press KEY button, enter valid PIN, press KEY  CO – double press KEY to identify CO, enter valid PIN, press KEY  Table 7 Services Authorized for Each Role Initialization The module is shipped with no authentication CSPs to access the private partition. In this state, the user or CO must first establish a valid PIN in order to open LOK-IT™. Definition of Critical Security Parameters (CSPs) The following CSPs are contained within the module: Table 8 Internal CSPs Each LOK-IT™ module is manufactured with 6 AES encryption keys. Only 1 of these keys is used to encrypt / decrypt data. The remaining 5 keys have no relationship to stored data. When zeroization occurs, the AES encryption key at the top of the list is erased; the next key becomes the key used to encrypt the private partition. Given enough zeroizations, all keys will be consumed and the drive becomes inoperable. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 9 of 16 SYSTEMATIC DEVELOPMENT GROUP CSP Access Mode Definitions A CSP is used for authentication  D CSP is used for decrypting data  E CSP is used for encrypting data  I CSP is input using the keypad  Z CSP is zeroized  Table 9 Services to CSP mapping (1) When CO opens private partition, the user PIN is zeroized. This provides a means of recovering use of the drive in the event the user forgot their PIN. (2) If 10 consecutive attempts to open the private partition fail, all CSPs are zeroized and drive reverts back to the factory default state. Drive content is no longer accessible. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 10 of 16 SYSTEMATIC DEVELOPMENT GROUP OPERATIONAL ENVIRONMENT The FIPS 140-2 area 6 operational environment requirements are not applicable because the module has a limited operational environment. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 11 of 16 SYSTEMATIC DEVELOPMENT GROUP SECURITY RULES This section documents the security rules enforced by the cryptographic module to implement the security requirements of FIPS 140-2 level 3: 1. The cryptographic module shall provide two distinct operator roles: user and cryptographic officer. 2. The cryptographic module shall provide identity-based authentication. 3. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic service. 4. The cryptographic module performs the following tests: a) AES known answer test b) Firmware integrity test (16 bit cyclic redundancy check) 5. The operator shall be capable of commanding the module to perform the power-up self-test at any time by waking the module from sleep mode. 6. Data output is inhibited during self-tests, zeroization, and authentication. 7. No CSPs are ever output in any form from the module. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 12 of 16 SYSTEMATIC DEVELOPMENT GROUP PHYSICAL SECURITY POLICY The multi-chip standalone cryptographic module includes the following physical security mechanisms: Production grade components  Hard, opaque epoxy covering the cryptographic boundary  EEPROM memory protect fuse is set in the security controller  The operator should, on a periodic basis, visually inspect the module to determine if it has been compromised. To do this, remove the module enclosure and visually inspect the epoxy and PCB for any evidence of tampering. Note: The module epoxy hardness testing was only performed at ambient temperature; no assurance is provided for level 3 hardness conformance at any other temperature. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 13 of 16 SYSTEMATIC DEVELOPMENT GROUP MITIGATION OF OTHER ATTACKS The module has not been designed to mitigate attacks not addressed by the security requirements of FIPS 140-2. © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 14 of 16 SYSTEMATIC DEVELOPMENT GROUP REFERENCES Table 10 List of References © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 15 of 16 SYSTEMATIC DEVELOPMENT GROUP DEFINITIONS AND ACRONYMS AES – Advanced Encryption Standard CRC – Cyclic Redundancy Check CSP – Critical Security Parameter CBC – Cipher Block Chaining FIPS – Federal Information Processing Protocol RNG – Random Number Generator © Prepared by ClevX, LLC on behalf of Systematic Development Group, LLC. May be reproduced only in its original entirety [without revision]. Page 16 of 16