IntelliCom WAN 1720 SP2.0 IntelliCom WAN® 1720 Wireless Mesh Nodes Security Policy Version: 2.0 S&C, Inc. Revision Date: Feb 15th , 2012 This document may be reproduced only in its original entirety [without revision]. S&C IntelliCom1720SP2.0 CHANGE RECORD Revision Date Author Description of Change Pramod 0.1 11/15/2011 Initial Release Akkarachittor Pramod 2.0 2/15/2012 Incorporated comments from InfoGard Akkarachittor IntelliCom® 1720 Security Policy Page 2 of 25 S&C IntelliCom1720SP2.0 Contents 1  Module Overview ............................................................................................................................................ 5  1.1  Information flow among various hardware elements in IntelliCom WAN 1720 Mesh nodes ..................................... 7  2  Security Level ................................................................................................................................................... 9  3  Modes of Operation ...................................................................................................................................... 10  3.1  FIPS Approved Mode of Operation ............................................................................................................................ 10  3.2  Approved and Allowed Algorithms  ........................................................................................................................... 11  . 4  Ports and Interfaces ...................................................................................................................................... 12  5  Identification and Authentication Policy ....................................................................................................... 13  5.1  Assumption of Roles .................................................................................................................................................. 13  6  Access Control Policy ..................................................................................................................................... 15  6.1  Roles and Services ..................................................................................................................................................... 15  6.2  Unauthenticated Services  ......................................................................................................................................... 15  . 6.3  Roles & Services ......................................................................................................................................................... 16  6.4  Definition of Critical Security Parameters (CSPs) ...................................................................................................... 16  6.5  Definition of Public Keys ............................................................................................................................................ 17  6.6  Definition of CSPs Modes of Access ........................................................................................................................... 17  7  Operational Environment .............................................................................................................................. 19  8  Security Rules ................................................................................................................................................ 20  8.1  Module Rules ............................................................................................................................................................. 20  8.2  Vendor Imposed Security Rules ................................................................................................................................. 21  9  Physical Security Policy .................................................................................................................................. 22  9.1  Physical Security Mechanisms ................................................................................................................................... 22  10  Mitigation of Other Attacks Policy ................................................................................................................ 25  11  References ..................................................................................................................................................... 25  12  Definitions and Acronyms ............................................................................................................................. 25    IntelliCom® 1720 Security Policy Page 3 of 25 S&C IntelliCom1720SP2.0 Tables  Table 1 – Cryptographic Module Security Level Specification ................................................................................. 9  Table 2 – FIPS Approved Algorithms Used in Current Module .............................................................................. 11  Table 3 – non‐FIPS Approved Algorithms Used in Current Module ....................................................................... 11  Table 4 – IntelliCom WAN® 1720 Wireless Mesh Nodes Pins and FIPS 140‐2 Ports and Interfaces ...................... 12  Table 5 – Roles and Required Identification and Authentication .......................................................................... 13  Table 6 – Strengths of Authentication Mechanisms .............................................................................................. 13  Table 7 – Authenticated Services ........................................................................................................................... 15  Table 8 – Unauthenticated Services ....................................................................................................................... 15  Table 9 – Specification of Service Inputs & Outputs .............................................................................................. 15  Figures Figure 1 – Image of the Cryptographic Modules: IntelliCom WAN 1720 ................................................................. 5  Figure 2 – IntelliCom WAN® 1720 Wireless Mesh Nodes Block Diagram .............................................................. 7  Figure 3‐ IntelliComView FIPS mode icon .............................................................................................................. 10  Figure 4 – IntelliComView FIPS failure or Node down icon .................................................................................... 10  Figure 5 – Location of Tamper Evident Labels (2 Total) for the IntelliCom WAN 1720 ......................................... 22  Figure 6 – Location of Bottom Side Tamper Evident Label on the IntelliCom WAN 1720  .................................. 23  . Figure 7 – Location of Top Side Tamper Evident Label on the IntelliCom WAN 1720 ......................................... 24  IntelliCom® 1720 Security Policy Page 4 of 25 S&C IntelliCom1720SP2.0 1 Module Overview The S&C IntelliCom WAN® 1720-Series Wireless Mesh Node: IntelliCom WAN 1720 (HW P/N IntelliCom WAN 1720, Version 1.0; FW Version 1.1.0.0) (hereafter referred to as the cryptographic module) is a multi-chip standalone module. The boundary of the cryptographic module is the outer enclosure. Note: The antennas are not a part of the cryptographic boundary. Figure 1 – Image of the Cryptographic Modules: IntelliCom WAN 1720 IntelliCom® 1720 Security Policy Page 5 of 25 S&C IntelliCom1720SP2.0 Figure-2 (below) depicts a block diagram of the cryptographic module’s hardware components, with the cryptographic boundary shown in red. The major blocks of the cryptographic module’s hardware are:  Memory: RAM, Flash and EEPROM  CPU  Network: Ethernet, Wireless  Serial Port: Not accessible  USB: Not used  LEDs This cryptographic module comes in one model, the IntelliCom WAN 1720 which is meant for outdoor operations. Upon power up, this cryptographic module comes up in FIPS operational mode upon verifying all the security functions of the cryptographic module. This cryptographic module allows user management and control data to flow thorough ethernet and wireless interfaces. It is necessary to configure the end to end AES key prior to data flow to have the data encrypted. All unencrypted user data traffic entering through the ethernet is encrypted by CPU hardware by the user configured AES key. Only encrypted user data is sent or received over the wireless interface. The wireless interface is never used to terminate user traffic. Management traffic entering and leaving the ethernet and wireless interfaces are always encrypted by TLS. Control traffic may or may not be encrypted. IntelliCom® 1720 Security Policy Page 6 of 25 S&C IntelliCom1720SP2.0 Figure 2 – IntelliCom WAN® 1720 Wireless Mesh Nodes Block Diagram 1.1 Information flow among various hardware elements in IntelliCom WAN 1720 Mesh nodes The cryptographic module allows to be powered through A/C or D/C power. EEPROM stores node information like the type of the node, serial number and network devices’ (ethernet and wireless) mac addresses. CPU can read and write (program & reprogram) the information on the EEPROM. Flash stores the loader, firmware and configuration of the node. CPU can read and write (program & reprogram) the storage on the flash. USB port is currently disabled and doesn’t participate in any activity on the nodes. Serial port gives console access to the cryptographic module. Serial port is not accessible on FIPS nodes. LEDs consist of status and ethernet activity LEDs. CPU controls status LEDs to show status about the Power, System, and wireless interface. Ethernet hardware updates ethernet activity LEDs. IntelliCom® 1720 Security Policy Page 7 of 25 S&C IntelliCom1720SP2.0 RAM is used to load and run the firmware and store and forward data to and from ethernet and wireless interfaces. RAM can be accessed by the CPU for program execution and data storage and retrieval. RAM is accessed by ethernet to store packets received from the ethernet ports and for retrieval of packets that will be sent out on those ports. RAM is accessed by wireless interfaces to store packets received from the ethernet ports and for retrieval of packets that will be sent out on those interfaces. Management, control, and user data traffic enter and leave through ethernet and wireless interfaces. CPU performs required authentication, encryption, and decryption on the traffic as necessary. Reset button allows for power cycle and factory default functions. Cryptographic module services are described in Section 6 below. IntelliCom® 1720 Security Policy Page 8 of 25 S&C IntelliCom1720SP2.0 2 Security Level The cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 – Cryptographic Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks N/A IntelliCom® 1720 Security Policy Page 9 of 25 S&C IntelliCom1720SP2.0 3 Modes of Operation 3.1 FIPS Approved Mode of Operation The cryptographic module only provides a FIPS Approved mode of operation, comprising all services described in Section 6 below. The cryptographic module will enter FIPS Approved mode following successful power up initialization. The cryptographic module will automatically indicate the FIPS Approved mode of operation by the ‘status’ LED turning solid green; FIPS mode can be confirmed by the solid green ‘status’ LED or through IntelliComView (NMS) management software showing “FIPS” on the cryptographic module icon as shown in Figure 3. Figure 3- IntelliComView FIPS mode icon This cryptographic module doesn’t operate in Non-FIPS mode. Should FIPS mode fail, this cryptographic module sits in an error state shown by flashing ‘status’ LED. IntelliComView (NMS) will not be able to login into the module and status would be represented as shown in Figure 4. Figure 4 – IntelliComView FIPS failure or Node down icon IntelliCom® 1720 Security Policy Page 10 of 25 S&C IntelliCom1720SP2.0 3.2 Approved and Allowed Algorithms The cryptographic module supports the following FIPS Approved algorithms. Table 2 – FIPS Approved Algorithms Used in Current Module FIPS Approved Algorithm CAVP Cert. # AES: CBC, ECB; 128, 192, and 256 1114 Used for encrypting & decrypting End to End Raw Data entering and leaving through ethernet interface. Referred to as ‘End to End PSK’ AES: CBC 128 1235 Used by TLS for encrypting management traffic RSA: 1024 592 Used by TLS during connection establishment and to verify externally loaded software. SHA-1 1133 Used by TLS as the digest for management traffic encrypted with AES CBC 128 SHA-512 1133 Used by TLS along with RSA key pair during connection establishment HMAC-SHA-1 720 Used by TLS session for data integrity check ANSI X9.31 RNG 618 Used by TLS to get random used during session establishment The cryptographic module supports the following non-FIPS Approved algorithms which are allowed for use in FIPS mode. Table 3 – non-FIPS Approved Algorithms Used in Current Module FIPS Allowed Algorithm AES (non-compliant)128, 192, and 256 for WPA-2 on wireless interfaces The usage of this algorithm is not FIPS tested and has no FIPS validation RSA Encrypt/Decrypt (key wrapping; key establishment methodology provides 80 bits of encryption strength) NDRNG (used to seed the Approved RNG) IntelliCom® 1720 Security Policy Page 11 of 25 S&C IntelliCom1720SP2.0 4 Ports and Interfaces The cryptographic module is a Multi-chip Standalone module with ports and interfaces as shown below. Table 4 – IntelliCom WAN® 1720 Wireless Mesh Nodes Pins and FIPS 140-2 Ports and Interfaces Port FIPS 140-2 Designation Name and Description RJ45 Data input, Data output, Ethernet data traffic, control traffic, direct management Status output, Control traffic, TLS management and POE power input for input, Power input/output IntelliCom WAN 1720 output for outdoor ports. IntelliCom WAN 1720 module contains 3 RJ45 ports. Wireless Data input, Data output, Wireless transmission interface, via TLS connection, traffic Status output, Control exchanged with peer nodes. input Reset Reset or factory default Allows power cycle or factory default of the cryptographic Button module. USB Not Used This interface is not enabled at this time. LED Status output LED lights demonstrate ethernet transmit and receive, wireless peer availability status, node status, and provides cryptographic module status. A/C Power input A/C power. This is only present for IntelliCom WAN 1720 100/240V module. DC 12V Power input D/C power. IntelliCom® 1720 Security Policy Page 12 of 25 S&C IntelliCom1720SP2.0 5 Identification and Authentication Policy 5.1 Assumption of Roles The cryptographic module supports four (4) distinct roles; NMS Admin (referred to as Crypto-Officer), NMS Guest (referred to as User), CLI kepolo, and Peer. The cryptographic module enforces the separation of roles by using separate sessions per authentication. There is one session created per authentication and no change of role is allowed within the same session. The cryptographic module only allows one session for NMS access either as an ‘admin’ or as a ‘guest’ at a given time. Table 5 – Roles and Required Identification and Authentication Authentication Authentication Role Description Type Data NMS Admin (CO) This role has access to all Role based Username and services offered by the Password cryptographic module. Role based identity NMS Guest This role has limited read access Role based Username and to node configuration and status Password (User) information Role based identity CLI kepolo This role has a limited read only Role based Username and access to services offered by the Password cryptographic module Peer Provides peer to peer (module to Identity based Using S&C node module) connection through TLS certificate RSA for management purposes 1024 Keypair Table 6 – Strengths of Authentication Mechanisms Authenticatio Strength of Mechanism n Mechanism Username and Each character could be from a set of upper & lower case alphabets (26 each), Password – 5 numbers (10), other displayable characters (12+) which totaling 64+. The characters probability that a random attempt will success or a false acceptance will occur is minimum. 1/(64^5) which is 1/(2^30) which is less than 1/1,000,000. If the authentication takes 2 seconds per attempt, less than 30 chances are possible in a minute. The probability of successfully authenticating to the cryptographic module within one minute is 30 * 1/(64^5) which is (2^5) * 1/(2^30) which is less than 1/100,000. RSA 1024 The probability that a random attempt will succeed or a false acceptance will IntelliCom® 1720 Security Policy Page 13 of 25 S&C IntelliCom1720SP2.0 public key occur is approximately ½^80, which is less than 1/1,000,000. authentication If the authentication takes 2 seconds per attempt less than 30 chances are possible in a minute. The probability of successfully authenticating to the cryptographic module within one minute is 30 * 1/(2^80) which is less than 1/1,000,000. IntelliCom® 1720 Security Policy Page 14 of 25 S&C IntelliCom1720SP2.0 6 Access Control Policy 6.1 Roles and Services The cryptographic module supports the following authenticated services: Table 7 – Authenticated Services Service Description Exchange Traffic Control and Management Traffic is exchanged between nodes. Read Status Read status of the cryptographic module and interface statistics. Read Configuration The operator can view the cryptographic module configuration. Change Configuration The operator can modify any cryptographic module configuration. Read End to End PSK The operator can export End to End PSK key into a file over TLS session. (AES Key) Change End to End The operator can program and change End to End PSK key over TLS PSK (AES Key) session. Openssl Services This includes TLS initiation and authentication. AAT (Antenna Used to align the antennas for optimal reception. Alignment Tool). Power on Self-Tests Power on self-tests performed on demand. 6.2 Unauthenticated Services The cryptographic module supports the following unauthenticated services: Table 8 – Unauthenticated Services Service Description Perform Self-Tests Power on self-tests performed on demand via power cycle or reset of the cryptographic module. Read Status LED status can be read without any authentication. Table 9 – Specification of Service Inputs & Outputs Service Control Input Data Input Data Output Status Output Read Configuration X X Change Configuration X X Read End to End PSK X X IntelliCom® 1720 Security Policy Page 15 of 25 S&C IntelliCom1720SP2.0 Change End to End PSK X X Read Status X X Exchange Traffic X X X X AAT (Antenna Alignment X X Tool). Power on Self-Test X X Openssl Services X X X X Remote Services 6.3 Roles & Services Table 10 – Specification of Roles End PSK (AES End PSK (AES Configu-ration Configu-ration Change End to Power on Self- AAT (Antenna Read End to Read Status Service -> Alignment Exchance Services Openssl Change Traffic Roles Tool) Read Key) Key) Test NMS Admin (CO) X X X X X X X X Uses TLS With X RSA/SHA512 NMS Guest (User) X X X X X Uses TLS with X RSA/SHA512 CLI kepolo X X X X (kepolo) Peer X X 6.4 Definition of Critical Security Parameters (CSPs) The cryptographic module contains the following CSPs: Table 11 – Private Keys and CSPs Key Name Type Description End to End PSK AES 128/192/256 Used for data encryption Used during TLS connection Node Certificate Private RSA 1024 Private key establishment IntelliCom® 1720 Security Policy Page 16 of 25 S&C IntelliCom1720SP2.0 NMS Admin Password PIN minimum 5 ASCII Used for authenticating NMS Admin role NMS Guest Password PIN minimum 5 ASCII Used for authenticating NMS Guest role PIN minimum 5 ASCII Used for authenticating CLI read only CLI kepolo Password user TLS Confidentiality Keys AES 128 Used for encryption of TLS traffic HMAC Keys HMAC 128 Used for data integrity checks in TLS 6.5 Definition of Public Keys The cryptographic module contains the following public keys: Table 12 – Public Keys Key Name Type Description S&C CA Key RSA 1024 Used to validate node certificate S&C Node Key RSA1024 Used for management traffic encryption S&C Build Key RSA 1024 Used to verify firmware load image 6.6 Definition of CSPs Modes of Access Table 13 defines the relationship between access to CSPs and the different cryptographic module services. The modes of access shown in the table are defined as:  G = Generate: The cryptographic module generates the CSP.  R = Read: The cryptographic module reads the CSP. The read access is typically performed before the cryptographic module uses the CSP.  W = Write: The cryptographic module writes the CSP. The write access is typically performed after a CSP is imported into the cryptographic module, or the cryptographic module generates a CSP, or the cryptographic module overwrites an existing CSP.  Z = Zeroize: The cryptographic module zeroizes the CSP. IntelliCom® 1720 Security Policy Page 17 of 25 S&C IntelliCom1720SP2.0 Table 13 – CSP Access Rights within Roles & Services Role Authorized Service Mode Cryptographic Key or CSP NMS Admin, Openssl Services R S&C CA RSA Public Key NMS Guest, R S&C Node RSA Public Key CLI kepolo NMS Admin Change Configuration W NMS Admin password W NMS Guest password W CLI root password W CLI ftusr password W CLI kepolo Passwords R End to End PSK W End to End PSK Z End to End PSK Z S&C CA RSA Public Key Z S&C Node RSA Key Pair R S&C Build RSA Public Key Z S&C Build RSA Public Key IntelliCom® 1720 Security Policy Page 18 of 25 S&C IntelliCom1720SP2.0 7 Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the cryptographic module does not contain a modifiable operational environment. IntelliCom® 1720 Security Policy Page 19 of 25 S&C IntelliCom1720SP2.0 8 Security Rules The cryptographic module’s design corresponds to the cryptographic module’s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of FIPS 140-2 for a Level 2 cryptographic module. 8.1 Module Rules 1. The cryptographic module shall provide four distinct operator roles. These are NMS Admin, NMS Guest, Peer, and CLI kepolo. 2. The cryptographic module shall provide role-based or identity-based authentication. 3. The cryptographic module shall clear previous authentications on power cycle. 4. The cryptographic module shall provide a separate session per user authentication. 5. The cryptographic module shall clear previous authentications upon the authenticated user leaving the session. 6. The cryptographic module shall not allow changes in role in any session. 7. When the cryptographic module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 8. The cryptographic module shall perform the following tests: A. Power up Self-Tests 1. Cryptographic algorithm tests a. AES Encrypt and Decrypt Known Answer Test, for Cavium hardware b. AES 128 Encrypt and Decrypt Known Answer Test, for OpenSSL (TLS) crypto library c. RSA Sign/Verify Known Answer Test d. SHA-1 Know Answer Test e. SHA-512 Known Answer Test f. HMAC-SHA-1 Known Answer Test g. RNG Known Answer Test 2. Firmware Integrity Test – 32-bit CRC B. Critical Functions Tests 1. Certificate Validity test C. Conditional Self-Tests 1. RNG input test – done during every power up 2. ANSI X9.31 RNG Continuous Test – whenever a RNG value is requested 3. Firmware Signature Verification – 1024-bit RSA signature verification upon load IntelliCom® 1720 Security Policy Page 20 of 25 S&C IntelliCom1720SP2.0 9. The operator shall be capable of commanding the cryptographic module to perform the power up self-test by re-cycling power or rebooting the cryptographic module. 10. Power up self-tests do not require any operator action. 11. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 12. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the cryptographic module. 13. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 14. The cryptographic module supports concurrent operators and maintains separation between them. 15. The cryptographic module does not support a maintenance interface or role. 16. The cryptographic module does not support manual key entry. 17. The cryptographic module does not have any external input/output devices used for entry/output of data. 18. The cryptographic module does not enter or output plaintext CSPs. 19. The cryptographic module does not output intermediate key values. 20. The cryptographic module does not support generating or regenerating node certificates. 21. The cryptographic module does not allow direct user access to the system through wireless interfaces. 8.2 Vendor Imposed Security Rules This section documents the security rules required by the Vendor to maintain the cryptographic module. 1. CO should change the default ‘NMS Admin’ password before any data operations. 2. CO should set ‘End to End PSK’ before any data operations. 3. Enforce a strong password policy and change them on a regular basis. 4. Inspect the cryptographic module regularly for damage, intrusion, and tampering. 5. Ensure that only authorized personnel access the cryptographic module. 6. Use a trusted host for IntelliComView NMS that manages the cryptographic module. 7. Upgrade the cryptographic module only with approved firmware. Note: To maintain validation, only validated firmware should be loaded. Loading non-validated firmware will invalidate the cryptographic modules validation. IntelliCom® 1720 Security Policy Page 21 of 25 S&C IntelliCom1720SP2.0 9 Physical Security Policy 9.1 Physical Security Mechanisms The multi-chip standalone cryptographic module is production quality containing standard passivation. S&C IntelliCom WAN 1720 is housed in metal enclosures. Both enclosures are opaque within the visible spectrum and have been designed to satisfy FIPS 140-2 Level 2 physical security requirements. Models IntelliCom WAN 1720 requires tamper evident labels to be applied. It is the responsibility of the Crypto-Officer to apply the labels on the S&C equipment prior to deployment and field use. The labels are serialized. The Crypto-Officer should make a record of the S&C serial number and the corresponding label serial numbers used. The application of the labels is described in Figures 5 – 7. Figure 5 – Location of Tamper Evident Labels (2 Total) for the IntelliCom WAN 1720 Prior to applying the labels, the areas at which the label will be applied must be cleaned using isopropyl alcohol (99%) and a lint-free cloth to assure optimum bonding of the label to the surface. It is recommended that the labels be applied at a temperature > 50 oF. IntelliCom® 1720 Security Policy Page 22 of 25 S&C IntelliCom1720SP2.0 For the IntelliCom WAN 1720, apply the two labels at the locations detailed in Figures 6 – 7. Figure 6 – Location of Bottom Side Tamper Evident Label on the IntelliCom WAN 1720 IntelliCom® 1720 Security Policy Page 23 of 25 S&C IntelliCom1720SP2.0 Figure 7 – Location of Top Side Tamper Evident Label on the IntelliCom WAN 1720 The labels on each deployed unit should be periodically (every 3 months) inspected for evidence of tampering and for physical integrity. If the labels appear to have been tampered with, consult with customer support to determine if the cryptographic module should be zeroized and returned to the vendor for replacement. IntelliCom® 1720 Security Policy Page 24 of 25 S&C IntelliCom1720SP2.0 10 Mitigation of Other Attacks Policy The cryptographic module has not been designed to mitigate any attacks outside of the scope of FIPS 140-2. 11 References [FIPS 140-2] FIPS Publication 140-2 Security Requirements for Cryptographic Modules OpenSSL: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org) 12 Definitions and Acronyms AES – Advanced Encryption Standard CBC – Cipher Block Chaining CO – Cryptographic Officer (Crypto-Officer) CPU – Central Processing Unit CSP – Critical Security Parameter ECB – Electronic Codebook EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility FIPS – Federal Information Processing Standards FSM – Finite State Model HMAC – Keyed-Hash Message Authentication Code LED – Light-Emitting Diode KAT – Known Answer Test RNG – Random Number Generator RSA – Rivest Shamir Adelman SHA – Secure Hash Algorithm IntelliCom® 1720 Security Policy Page 25 of 25