FIPS 140-2 Level 2 Security Policy For SAMSUNG SSD PM810 SED FIPS 140 Module Document Version 0.6 This document may be freely distributed in its entirety without modification 2 Acronyms........................................................................................................................3 1 Module Description......................................................................................................4 2 Cryptographic Boundary ..............................................................................................4 3 Ports and Interfaces ......................................................................................................5 4 Roles, Services and Authentication...............................................................................5 5 Security Functions........................................................................................................7 6 Key Management .........................................................................................................7 7 Self Tests......................................................................................................................7 8 Physical Security..........................................................................................................8 9 Secure Operation ..........................................................................................................9 This document may be freely distributed in its entirety without modification 3 Acronyms ATA Advanced Technology Attachment ISV Independent Software Vendor SATA Serial Advanced Technology Attachment SSC Security Subsystem Class SSD Solid-State Drive TCG Trusted Computing Group This document may be freely distributed in its entirety without modification 4 1 Module Description The SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES- 256 cryptographic encryption and decryption of the data stored in NAND Flash via the SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to a non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and near-instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal. Module Name and Hardware Version Firmware Drive Capacity versions SAMSUNG SSD PM810 SED FIPS 140 Module AXM96D1Q 128GB MZ5PA128HMCD-010D9 SAMSUNG SSD PM810 SED FIPS 140 Module AXM96D1Q 256GB MZ5PA256HMDR-010D9 2 Cryptographic Boundary The Module consists of hardware and firmware components that are all enclosed in two plastic cases, which serve as the cryptographic boundary of the Module. The top and bottom cases are assembled by screws and the tamper-evident labels are applied for the detection of any opening of the cases. No internal component can be seen within the visible spectrum through the opaque enclosure. This document may be freely distributed in its entirety without modification 5 3 Ports and Interfaces The Module includes the following physical ports and logical interfaces. Port Name Count Interface(s) (Data Input, Data Output, Control Input, Status Output) SATA Port Data Input, Data Output, Control 1 Input, Status Output Power Connector Power Input 1 4 Roles, Services and Authentication Role Authentication Mechanism User Password (Min: 6bytes, Max:32bytes). The user authenticates using passwords of at least 6 bytes length. The probability of false acceptance is therefore significantly less than one in 1,000,000. Reboot is performed after five unsuccessful authentication attempts. The reboot time is at least 3 seconds; therefore, the user can only make 100 or less consecutive attempts in a minute. Therefore, the probability of randomly guessing authentication data in 60 seconds is less than 1 in 100,000. Crypto Officer Password (Min: 6bytes, Max:32bytes). The Crypto Officer authenticates using passwords of at least 6 bytes length. The probability of false acceptance is therefore significantly less than one in 1,000,000. Reboot is performed after five unsuccessful authentication attempts. The reboot time is at least 3 seconds; therefore, the Crypto Officer can only make 100 or less consecutive attempts in a minute. Therefore, the probability of randomly guessing authentication data in 60 seconds is less than 1 in 100,000. This document may be freely distributed in its entirety without modification 6 The Module provides the following services to the operators: Service Role Access to Cryptographic Keys and CSPs R- read; W – write or generate; E-execute Take Ownership Crypto Officer PIN(W/E), KEK(R/W) Unlock the user data Crypto Officer PIN(R/E), MEK(R), KEK(R/E) User Set PIN Crypto Officer PIN(W/E), KEK(R/W) User Crypto Erase Crypto Officer PIN(R/W/E), MEK(W), KEK(W) Disable Locking Crypto Officer PIN(R/W/E), KEK(R/W) Change Data Access Role Crypto Officer PIN(R/E), KEK(R/W) Enable Locking Crypto Officer PIN(R/E), KEK(R/W) User Data Read/Write Crypto Officer MEK(E) User Installation of the Module Crypto Officer PIN(W), KEK (R,W) Run self-test Crypto Officer N/A User Show status Crypto Officer N/A User Reboot Crypto Officer N/A User Update firmware Crypto Officer HMAC Key (R,E) Zeroize Crypto Officer All (W) Disable ATA Security Crypto Officer N/A User Enable ATA Security Crypto Officer N/A User Level 0 Discovery Crypto Officer N/A User Get MSID Crypto Officer N/A User This document may be freely distributed in its entirety without modification 7 5 Security Functions The table below lists approved cryptographic algorithms employed by the Module. Algorithm Certificate Number SHS 1442 HMAC 963 AES 1637 ANSI X9.31 PRNG 878 6 Key Management The following cryptographic keys and CSPs are supported by the Module. Name and type Usage NV Storage Volatile Storage Master/User/SID/Admin1- Authentication of Flash Memory N/A 4/User1-4 Passwords each role (Hashed by (PINs) SHA256) KEK(AES Key) Enc/Dec of MEK Flash Memory SRAM in Controller (Plaintext) MEK(AES Key) Enc/Dec of User Flash Memory SRAM in Data Controller (Plaintext) HMAC Key(HMAC Key) FW Image Flash Memory SRAM in Authentication Controller (Plaintext) RNG Seed Key(X9.31 RNG Flash Memory SRAM in Seed Key) Controller (Plaintext) RNG Seed(X9.31 Seed) RNG Flash Memory SRAM in Controller (Plaintext) 7 Self Tests The Module runs a set of self-tests on power-up. If one of the self-tests fails, the Module transitions into an error state where all data output and cryptographic operations are disabled. The Module runs power-up self-tests for the following algorithms: This document may be freely distributed in its entirety without modification 8 Algorithm Test Firmware integrity HMAC-SHA256 of the firmware image AES KAT for AES HMAC KAT for HMAC-SHA256 SHA KAT for SHA256 ANSI X9.31 PRNG X9.31 using AES During the Module operation the following conditional self-tests are performed: Condition Test Random number generation Continuous PRNG Test Firmware Update Firmware update test using HMAC-SHA256 8 Physical Security The Module consists of production-grade components enclosed in a hard plastic enclosure, which is opaque within the visible spectrum. The top panel of the enclosure can be removed by unscrewing screws. However, the Module is sealed with tamper- evident labels in accordance with FIPS 140-2 Level 2 Physical Security requirements so that tampering is easily detected when the top panel is removed. The tamper-evident labels are applied over both top and bottom panels of the Module at the factory. The tamper-evident labels are not removed and reapplied without tamper evidence. An image of the Module with tamper-evident labels applied is provided below: An image of the Module with tamper-evident labels detached is provided below: This document may be freely distributed in its entirety without modification 9 9 Secure Operation The Module operates in the Approved Mode of Operation until zeroization is performed. Upon completion of zeroization the module must be returned to the factory for further use. The Module documentation provides detailed guidance for the Module users and administrators. The Module and the tamper-evident labels must be inspected periodically. If evidence of tampering is detected, the Module must be disabled immediately and returned to the factory. All authentication data shall be kept confidential and the Module shall not be assessed by unauthorized persons. The Module is installed as follows: ATA Interface initialization: - Set the Master Password by using SET PASSWORD command - Set the User Password by using SET PASSWORD command Opal Interface initialization: - Open a session to the Admin SP as the Anybody authority - Get the MSID’s PIN value from Admin SP for taking ownership of the Module - Open a session to the Admin SP as the SID authority - Set a new password value in the SID’s credential PIN column - Activate the Locking SP by using the Activate method - Open a session to the Locking SP as the admin1 authority - Set the Locking Table to be locked This document may be freely distributed in its entirety without modification