BASICS IP PC104 Security Policy Version: 1.2 Vocality International Ltd. Revision Date: 1 June 2012 Copyright Vocality International Ltd 2011, 2012. May be reproduced only in its original entirety without revision. Vocality International Ltd. Document Version 1.1 Contents 1 Module Overview ............................................................................................................................................ 4 2 Security Level ................................................................................................................................................... 6 3 Modes of Operation ........................................................................................................................................ 7 3.1 FIPS Approved Mode of Operation ......................................................................................................................... 7 3.2 Approved and Allowed Algorithms ......................................................................................................................... 7 4 Ports and Interfaces ........................................................................................................................................ 9 5 Identification and Authentication Policy ....................................................................................................... 10 5.1 Assumption of Roles ............................................................................................................................................. 10 6 Access Control Policy ..................................................................................................................................... 12 6.1 Roles and Services ................................................................................................................................................ 12 6.2 Unauthenticated Services ..................................................................................................................................... 12 6.3 Definition of Critical Security Parameters (CSPs) .................................................................................................. 13 6.4 Definition of Public Keys ....................................................................................................................................... 14 6.5 Definition of CSPs Modes of Access ...................................................................................................................... 14 7 Operational Environment .............................................................................................................................. 15 8 Security Rules ................................................................................................................................................ 16 9 Physical Security Policy .................................................................................................................................. 18 9.1 Physical Security Mechanisms .............................................................................................................................. 18 9.2 Operator Required Actions ................................................................................................................................... 19 10 Mitigation of Other Attacks Policy ................................................................................................................ 20 11 References ..................................................................................................................................................... 21 12 Definitions and Acronyms ............................................................................................................................. 21   BASICS IP PC104 Security Policy Page 2 of 21 Vocality International Ltd. Document Version 1.1 Tables Table 1 ‐ Module Security Level Specification .......................................................................................................... 6  Table 2 ‐ FIPS Approved Algorithms ......................................................................................................................... 7  Table 3 – FIPS Allowed Algorithms ........................................................................................................................... 8  Table 4 ‐ Module FIPS 140‐2 Ports and Interfaces ................................................................................................... 9  Table 5 ‐ Roles and Required Identification and Authentication ........................................................................... 10  Table 6 ‐ Strengths of Authentication Mechanisms ............................................................................................... 10  Table 7 ‐ Authenticated Services ............................................................................................................................ 12  Table 8 ‐ Unauthenticated Services ....................................................................................................................... 12  Table 9 ‐ Private Keys and CSPs .............................................................................................................................. 13  Table 10 ‐ Public Keys ............................................................................................................................................. 14  Table 11 ‐ CSP Access Rights within Roles & Services ............................................................................................ 15  Table 12 ‐ Inspection/Testing of Physical Security Mechanisms  ........................................................................... 19  . Figures Figure 1 – Image of the Cryptographic Module ....................................................................................................... 4  Figure 2 ‐ Logical Block Diagram .............................................................................................................................. 5  Figure 3 ‐ Label placement (Top)  ........................................................................................................................... 18  . Figure 4 ‐ Label placement (Bottom, Rear, and Left) ............................................................................................. 18  Figure 5 ‐ Label placement (Top and Rear) ............................................................................................................ 19  BASICS IP PC104 Security Policy Page 3 of 21 Vocality International Ltd. Document Version 1.1 1 Module Overview The Vocality BASICS IP PC104 (hereafter referred to as the module) is a multi-chip embedded cryptographic module to be used as a router appliance. BASICS is the essential toolbox, offering a simplified approach to the deployment of networking and IP solutions. The module provides a number of ports for connection to an IP WAN such as a satellite modem. Designed for applications where efficiency is critical – power, space, or bandwidth – BASICS provides specific applications for every day challenges in system deployment. The boundary of the module is defined as the outer perimeter of the module’s metal enclosure. This module only functions within another enclosure. Figure 1 – Image of the Cryptographic Module The configuration of hardware and firmware for this validation is: Hardware: 68551-01-1/68551C6 Firmware: Version 08_42.05 BASICS IP PC104 Security Policy Page 4 of 21 Vocality International Ltd. Document Version 1.1 Figure 2 depicts the logical block diagram for the BASICS IP PC104 with the cryptographic boundary shown in red. Figure 2 - Logical Block Diagram Module services are described in Section 6 below. The following non-security relevant component types have been excluded from the requirements of FIPS 140-2: • Resistors (Qty. 24) • Capacitors (Qty. 11) BASICS IP PC104 Security Policy Page 5 of 21 Vocality International Ltd. Document Version 1.1 2 Security Level The cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 3 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A BASICS IP PC104 Security Policy Page 6 of 21 Vocality International Ltd. Document Version 1.1 3 Modes of Operation 3.1 FIPS Approved Mode of Operation The module provides both a FIPS Approved mode of operation and a non-Approved mode of operation, comprising all services described in Section 6 below. The module will enter FIPS Approved mode following successful power up initialization and configuration per the rules specified in Section 8 below. If a security rule is violated, the module will output an alarm indicating that the module is no longer operating in the Approved mode of operation.. The alarms can be viewed by looking at the “current alarms” page to see if the FIPS L2 MODE alarm is raised. The diagnostics configuration log contains details of which parameters are not configured in a FIPS Approved mode. 3.2 Approved and Allowed Algorithms The cryptographic module supports the following FIPS Approved algorithms. Table 2 - FIPS Approved Algorithms FIPS Approved Algorithm CAVP Cert. # AES Encrypt/Decrypt 128, 192, 256 (ECB, CBC, CTR modes) 1734 AES CCM (128, 192, 256 bits) 1734 AES CMAC 1734 AES GCM 1734 3-key Triple DES Encrypt/Decrypt 1123 DSA 1024 PQG Gen/Ver, Sig Gen/Ver, Key Gen. 540 ECDSA key generation, PKV, signature generation and verification 226 (Curves P: 192, 224, 256, 384, 512) RSA key generation (1024, 1536, 2048, 3072 and 4096), signature 857 generation and verification (1024, 1536, 2048) FIPS 186-2 RNG 923 HMAC-SHA-1, 224, 256, 384, 512 1010 SHA-1, 224, 256, 384, 512 1518 BASICS IP PC104 Security Policy Page 7 of 21 Vocality International Ltd. Document Version 1.1 The cryptographic module supports the following non-FIPS Approved algorithms which are allowed for use in FIPS mode. Table 3 – FIPS Allowed Algorithms FIPS Allowed Algorithm Diffie-Hellman (for key agreement; provides 80 or 112 bits of encryption strength) RSA Key Wrapping (provides between 80 and 112 bits of encryption strength) ECDH (for key agreement; provides between 80 and 256 bits of encryption strength) NDRNG BASICS IP PC104 Security Policy Page 8 of 21 Vocality International Ltd. Document Version 1.1 4 Ports and Interfaces The BASICS IP PC104 is a multi-chip embedded cryptographic module with ports and interfaces as shown below. Table 4 - Module FIPS 140-2 Ports and Interfaces Port FIPS 140-2 Designation Name and Description DC Power Power Power port Power over Power Power over Ethernet Ethernet Monitor Control input, Status 10 pin connector to support RS232 and Status LED’s and output Control Ethernet Data input, Data output 10 pin connector used to support an Ethernet interface (Uplink) Ethernet Data input, Data output 10 pin connector used to support an Ethernet interface (Downlink ) Ethernet Data input, Data output 34 pin connector used to support 4 Ethernet interfaces Reset Control input Restores the module to factory defaults Button BASICS IP PC104 Security Policy Page 9 of 21 Vocality International Ltd. Document Version 1.1 5 Identification and Authentication Policy 5.1 Assumption of Roles The module supports three distinct operator roles, Administrator (CO), Read Only User and Read/Write User. The cryptographic module enforces the separation of roles using identity-based authentication via a unique username and password. Table 5 - Roles and Required Identification and Authentication Role Description Authentication Type Authentication Data Administrator This role has read/write Identity-based Username and (CO) privileges to the module operator Password including the configuration of authentication User accounts and cryptographic keys. Read Only This role has read only Identity-based Username and User privileges to the module except operator Password for the cryptographic keys authentication which are not accessible. Read/Write This role has read/write Identity-based Username and User privileges to the module except operator Password for configuration of User authentication accounts and cryptographic keys. Table 6 - Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Username/Password The username is between 1 and 16 characters in length chosen from a set of 92 possible characters. The password is between 6 and 32 characters in length chosen from a set of 92 possible characters (alphanumeric, including special characters). Therefore the minimum username/password combined length is 7 characters and the probability that a single random attempt will succeed or a false acceptance will occur is 1/(92^7) which is less than 1/1,000,000. Authentication attempts may be made over the console port or via SSH. The console port operates at 9600bps. A minimum of 9 BASICS IP PC104 Security Policy Page 10 of 21 Vocality International Ltd. Document Version 1.1 characters (72bits) must be entered for each authentication attempt (1 for username, 6 for password and 2 carriage returns). The most authentication attempts theoretically possible in one minute over the console port is (60*(9600/72)) 8000. Therefore the probability of successfully authenticating to the module within one minute is 8000/(92^7), which is less than 1 in 100,000. The fastest link speed that the SSH sessions can operate over is 100Mbps Ethernet, which allow a maximum packet per second rate of 148800. A minimum of 2 packets is required for each authentication attempt (one for the username and one for the password – in practice there are many more packets involved in establishing the SSH session). This allows a theoretical maximum of 74400 authentication attempts per second. Therefore the probability of successfully authenticating to the module within one minute is (60*74400)/(92^7), which is less than 1 in 100,000 BASICS IP PC104 Security Policy Page 11 of 21 Vocality International Ltd. Document Version 1.1 6 Access Control Policy 6.1 Roles and Services Table 7 - Authenticated Services Role(s) Service Description Administrator Add/Delete/Manage Adds or removes Read Only and Read/Write Users and Users all parameters associated with User accounts Administrator Configure SSH, Enter Keys, Select Algorithms to be used with SSH, SNMP, and IPSec SNMP, IPSec. Configure security associations to be used with IPSec. Administrator, Configuration Dump Output configuration data, including keys and Read/Write User authentication data in cipher text, into a config. file Administrator, Unit Configuration Configure all other parameters not related to SSH, SNMP, Read/Write User IPSec key management (eg. Configure IP address, IP routing, alarm management, service management, etc.) Administrator FW Update Updates the module’s firmware Read Only User View Configuration Views configuration details not related to SSH, SNMP, details IPSec key management Administrator, Get Status View Statistics and status of module operations Read/Write User, Read Only User 6.2 Unauthenticated Services The cryptographic module supports the following unauthenticated services: Table 8 - Unauthenticated Services Service Description Self-Tests Performed by power cycling the module Configuration Returns the module to factory defaults Reset BASICS IP PC104 Security Policy Page 12 of 21 Vocality International Ltd. Document Version 1.1 6.3 Definition of Critical Security Parameters (CSPs) The module contains the following CSPs: Table 9 - Private Keys and CSPs Key Name Type Description IPSec Encryption Key AES, TDES Used by IPSec for data encryption IPSec Integrity Key HMAC-SHA-1 Used by IPSec for data integrity IKE Pre-shared Key AES, TDES Used during the IKE protocol to establish cryptographic keys to be used by IKE. IKE Encryption Key AES, TDES Used for peer-to-peer message encryption IKE Integrity Key HMAC-SHA-1 Used by IKE for data integrity IKE Private Key RSA, DSA, Used in IKE identity authentication ECDSA SSH Host Private Key RSA, DSA, Used to create digital signatures ECDSA SSH Encryption Key AES, TDES Used to encrypt SSH traffic SSH Integrity Key HMAC-SHA-1 Used by SSH for data integrity Diffie Hellman Private Key DH Used during DH Key agreement protocol Components Seed and Seed Key N/A Used to initialize the Approved RNG Administrator (CO) Password Used to authenticate the Administrator Password (CO) Read/Write User Password Password Used to authenticate the Read/Write User Read Only User Password Password Used to authenticate the Read Only User Configuration Encryption AES Used to encrypt all other CSPs in stored Key and outputted configurations BASICS IP PC104 Security Policy Page 13 of 21 Vocality International Ltd. Document Version 1.1 6.4 Definition of Public Keys The module contains the following public keys: Table 10 - Public Keys Key Name Type Description FW Upgrade Public Key RSA Used to verify RSA signatures over firmware images SSH Host Public Key RSA, DSA, Used by SSH Client to verify digital ECDSA signatures SSH Client Public Key RSA, DSA, Used by the device to verify digital ECDSA signatures Diffie Hellman Public Key DH Used by the DH Key Agreement protocol Components 6.5 Definition of CSPs Modes of Access Table 11 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: • G = Generate: The module generates the CSP. • R = Read: The module reads the CSP. The read access is typically performed before the module uses the CSP. • W = Write: The module writes the CSP. The write access is typically performed after a CSP is imported into the module, or the module generates a CSP, or the module overwrites an existing CSP. • Z = Zeroize: The module zeroizes the CSP. BASICS IP PC104 Security Policy Page 14 of 21 Vocality International Ltd. Document Version 1.1 Table 11 - CSP Access Rights within Roles & Services Role Authorized Service Mode Cryptographic Key or CSP Administrator Add/Delete/Manage Users W, Z Administrator (CO) Password W, Z Read/Write User Password W, Z Read Only User Password Administrator Configure SSH, SNMP, and IPSec W, Z IPSec Encryption Key W, Z IPSec Integrity Key W, Z IKE Pre-shared Key G, Z SSH Host Private Key R, Z SSH Host Public Key R, W, Z SSH Client Public Key W, Z Configuration Encryption Key Administrator, Configuration Dump N/A N/A Read/Write User Administrator, Configure Unit N/A N/A Read/Write User Administrator FW Update R FW Upgrade Public Key Read Only View Configuration details N/A N/A User Administrator, Get Status N/A N/A Read/Write User, Read Only User N/A Self-Tests N/A N/A N/A Configuration Reset Z All Keys and CSPs 7 Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. BASICS IP PC104 Security Policy Page 15 of 21 Vocality International Ltd. Document Version 1.1 8 Security Rules The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1. The cryptographic module shall provide three distinct operator roles. These are the Administrator (CO) role, the Read/Write User role, and the Read Only User role. 2. The cryptographic module shall provide identity-based authentication. 3. The cryptographic module shall clear previous authentications on power cycle. 4. Until the time that successful authentication has taken place and an operator has been placed in a valid role, the module shall not grant access to any cryptographic services. 5. The cryptographic module shall perform the following tests. A. Power up Self-Tests 1. Cryptographic algorithm tests • AES-ECB, CBC, CCM, CMAC, CTR, GCM Known Answer Test • Triple-DES Known Answer Test • HMAC-SHA-1 Known Answer Test • HMAC-SHA-224 Known Answer Test • HMAC-SHA-256 Known Answer Test • HMAC-SHA-384 Known Answer Test • HMAC-SHA-512 Known Answer Test • SHA-1 Known Answer Test • SHA-224 Known Answer Test • SHA-256 Known Answer Test • SHA-384 Known Answer Test • SHA-512 Known Answer Test • RSA Pairwise Consistency Test • RSA Encrypt/Decrypt Known Answer Test • DSA Pairwise Consistency Test • ECDSA Pairwise Consistency Test • ECDH Pairwise Consistency Test • DH Pairwise Consistency Test • FIPS 186-2 RNG Known Answer Test Firmware Integrity Test – 32-bit CRC B. Critical Functions Tests 1. Memory Check – Walking 1’s test C. Conditional Self-Tests BASICS IP PC104 Security Policy Page 16 of 21 Vocality International Ltd. Document Version 1.1 1. Continuous Random Number Generator (RNG) test – performed on NDRNG and RNG 2. DSA Sign/Verify Pairwise Consistency Test 3. RSA Sign/Verify Pairwise Consistency Test 4. ECDSA Sign/Verify Pairwise Consistency Test 5. Diffie-Hellman Primitive Test 6. Firmware Load Test – RSA signature verification 6. The operator shall be capable of commanding the module to perform the power-up self-test by cycling power or resetting the module. 7. Power-up self tests do not require any operator action. 8. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 9. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 10. The module ensures that the seed and seed key inputs to the Approved RNG are not equal. 11. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 12. The module does not support a maintenance interface or role. 13. The module does not output intermediate key values. The module is not configured to operate in FIPS-mode by default. The following steps must be taken to enable FIPS-mode operation: 1. Alter configuration encryption key from its default value. 2. Configure an Administrator account upon first access to the module. 3. Ensure minimum password length is at least 6 characters. 4. Ensure download of software updates without a digital signature is not allowed. 5. Disable Telnet access or make sure that Telnet is not enabled. 6. Configure the module (IPSEC, SSH v2, IKE v1, v2, SNMP (no security claimed)) to use only the Approved algorithms specified in Section 3 above. 7. Set “Forgotten Password Recovery” to disabled. If any if these steps are omitted then a “FIPS L2 Mode” alarm will be generated. The Crypto-Officer must zeroize all keys when switching from the Approved FIPS mode of operation to the non-FIPS mode and vice versa. BASICS IP PC104 Security Policy Page 17 of 21 Vocality International Ltd. Document Version 1.1 9 Physical Security Policy 9.1 Physical Security Mechanisms The multi-chip embedded module is production quality containing standard passivation. Module components are protected by a metal enclosure protected with tamper evident seals. The module’s enclosure is protected with 5 tamper evident seals. Please refer to Figures 3, 4 and 5 for the correct placement of the tamper evident seals. Note: The tamper evident seals will be applied in manufacturing. If tamper evident seals need to be replaced, the module will have to be returned to the manufacturer. Figure 3 - Label placement (Top) Figure 4 - Label placement (Bottom, Rear, and Left) BASICS IP PC104 Security Policy Page 18 of 21 Vocality International Ltd. Document Version 1.1 Figure 5 - Label placement (Top and Rear)  9.2 Operator Required Actions Table 12 - Inspection/Testing of Physical Security Mechanisms Physical Security Recommended Frequency of Mechanisms Inspection/Test Tamper Evident Seals 6 months BASICS IP PC104 Security Policy Page 19 of 21 Vocality International Ltd. Document Version 1.1 10 Mitigation of Other Attacks Policy The module has not been designed to mitigate against attacks which are outside of the scope of FIPS 140-2. BASICS IP PC104 Security Policy Page 20 of 21 Vocality International Ltd. Document Version 1.1 11 References [FIPS 140-2] FIPS Publication 140-2 Security Requirements for Cryptographic Modules 12 Definitions and Acronyms AES - Advanced Encryption Standard CO - Cryptographic Officer CSP - Critical Security Parameter DES - Data Encryption Standard DH - Diffie-Hellman DSA - Digital Signature Algorithm ECDH - Elliptic Curve Diffie-Hellman ECDSA - Elliptic Curve Digital Signature Algorithm EMC - Electromagnetic Compatibility EMI - Electromagnetic Interference FIPS - Federal Information Processing Standard HMAC - Keyed-Hash Message Authentication Code RAM - Random Access Memory RNG - Random Number Generator RSA - Rivest, Shamir and Adleman Algorithm SHA – Secure Hash Algorithm TDES – Triple-DES BASICS IP PC104 Security Policy Page 21 of 21