Curtiss-Wright Controls Defense Solutions 3U VPX-1TB FSM Flash Storage Module Hardware Part Number: RHFS-3UR1024-F, RHFS-3UJ1024-F, Firmware Version: 1.11 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 1.2 Prepared for: Prepared by: Curtiss-Wright Controls Defense Solutions Corsec Security, Inc. 2600 Paramount Place, Suite 200 13135 Lee Jackson Memorial Highway, Suite 220 Fairborn, OH 45324 Fairfax, Virginia 22033 United States of America United States of America Phone: +1 (937) 252-5601 Phone: +1 (703) 267-6050 http://www.cwcdefense.com http://www.corsec.com Security Policy, Version 1.2 January 29, 2013 Table of Contents 1 INTRODUCTION ................................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 VPX3-FSM ................................................................................................................................ 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.1.1 3U VPX-1TB FSM Flash Storage Module ......................................................................................................4 2.2 MODULE SPECIFICATION ..................................................................................................................................... 6 2.3 MODULE INTERFACES .......................................................................................................................................... 6 2.4 ROLES AND SERVICES ........................................................................................................................................... 8 2.4.1 Authentication ....................................................................................................................................................... 10 2.5 PHYSICAL SECURITY ...........................................................................................................................................11 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................11 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................11 2.8 SELF-TESTS ..........................................................................................................................................................13 2.8.1 Power-Up Self-Tests ............................................................................................................................................ 13 2.8.2 Conditional Self-Tests ......................................................................................................................................... 13 2.9 MITIGATION OF OTHER ATTACKS ..................................................................................................................13 3 SECURE OPERATION ......................................................................................................... 14 3.1 MULTIPLE APPROVED MODES ...........................................................................................................................14 3.2 INITIAL SET-UP ....................................................................................................................................................14 3.2.1 CO and User Account Setup............................................................................................................................ 14 3.3 SECURE MANAGEMENT .....................................................................................................................................14 3.3.1 Initialization ........................................................................................................................................................... 15 3.3.2 Zeroization ............................................................................................................................................................ 16 3.4 CO AND USER GUIDANCE ...............................................................................................................................16 4 ACRONYMS .......................................................................................................................... 17 Table of Figures FIGURE 1 – 3U VPX-1TB FSM FLASH STORAGE MODULE .................................................................................................5 FIGURE 2 – VPX3-FSM FRONT PANEL PORT INTERFACES ..................................................................................................8 FIGURE 3 – VPX3-FSM VPX PORT LOCATION....................................................................................................................8 FIGURE 4 – VPX3-FSM TAMPER-EVIDENT SEAL PLACEMENT (TOP) .............................................................................. 15 FIGURE 5 – VPX3-FSM TAMPER-EVIDENT SEAL PLACEMENT (BOTTOM) ...................................................................... 16 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .........................................................................................................5 TABLE 2 – MAPPING OF VPX3-FSM PHYSICAL INTERFACES TO FIPS 140-2 LOGICAL INTERFACES .............................6 TABLE 3 – MAPPING OF SERVICES TO ROLES, INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...................................9 TABLE 4 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS .......................................................................................... 11 TABLE 5 – VPX3-FSM KEYS, KEY COMPONENTS, AND CSPS......................................................................................... 12 TABLE 6 – ACRONYMS .......................................................................................................................................................... 17 Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 2 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the 3U VPX-1TB FSM Flash Storage Module from Curtiss-Wright Controls Defense Solutions. This Security Policy describes how the 3U VPX- 1TB FSM Flash Storage Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S.and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the modules. The 3U VPX-1TB FSM Flash Storage Module, which includes both hardware versions, is referred to in this document as VPX3- FSM or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Curtiss-Wright website (http://www.curtisswright.com) contains information on the full line of products from Curtiss-Wright. The website (http://www.cwcdefense.com) contains information on the full line of products from Curtiss-Wright Controls Defense Solutions. • The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package provided to the test laboratory. In addition to this document, the Submission Package contains: • Vendor Evidence Document • Finite State Model • Validation Submission Summary • Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Curtiss-Wright. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Curtiss-Wright and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact Curtiss-Wright. Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 3 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 2 VPX3-FSM This section describes the 3U VPX-1TB FSM Flash Storage Module from Curtiss-Wright Controls Defense Solutions. 2.1 Overview Curtiss-Wright Controls Defense Solutions is the Motion Control business segment of Curtiss-Wright Corporation. It manufactures sophisticated, high-performance mechanical actuation and drive systems, specialized sensors, motors, and electronic controller units, and mission-critical embedded computing components and control systems. With manufacturing facilities that span the globe, Curtiss-Wright Controls delivers cost-effective and innovative products and services to its diverse customer base, including the aerospace, defense, and industrial markets. Their proven technical expertise and industry-leading capabilities provide complex motion control subsystems that operate at maximum performance and efficiency levels. The Defense Solutions business unit of Curtiss-Wright Controls, which produces the 3U VPX-1TB FSM Flash Storage Module, creates and integrates state-of-the-art rugged electronics for aerospace and defense applications. 2.1.1 3U VPX-1TB FSM Flash Storage Module The VPX3-FSM is a rugged, compact, and efficient one TB1 data storage device that complies with the VITA2 46/48 standards. It is a VPX-REDI3 Type 2 module that can be plugged into any VPX4 chassis that accommodates conduction-cooled modules with a 3U5 form factor and only requires 5-volts from the VPX backplane. The VPX3-FSM is available in two hardware configurations, supporting either a single SATA6 lane (RAID70) (Hardware Version: RHFS-3UR1024-F) or four independent SATA lanes (JBOD8) (Hardware Version: RHFS-3UJ1024-F). The VPX3-FSM unit can augment or replace an existing rotating data storage device in a VPX chassis and provide greater reliability due to its solid-state storage and conduction-cooled structure. Figure 1 represents the 3U VPX-1TB FSM Flash Storage Module in both configurations. A label with the VPX3-FSM hardware version number is placed on the upper-left corner of up the bottom cover for quick identification of the module. 1 TB – Terabyte 2 VITA – VME International Trade Association 3 VPX-REDI – Versatile Performance Switching-Ruggedized Enhanced Design Implementation 4 VPX – Versatile Performance Switching 5 U – Rack Unit 6 SATA – Serial Advanced Technology Attachment 7 RAID – Redundant Array of Independent Disks 8 JBOD – Just a Bunch Of Drives Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 4 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Figure 1 – 3U VPX-1TB FSM Flash Storage Module The VPX3-FSM provides an effective capacity after flash over-provisioning of 800 GB9 of solid-state memory utilizing SLC10 NAND11 flash components. The design includes over-provisioning for faster write operations and improved reliability. It also supports dynamic and static data wear-leveling for even distribution of erase/write cycles. This prevents excessive writes to the same locations extending the life cycle of the flash. The VPX3-FSM supports key generation, user authentication and authorization, and full disk encryption using Advanced Encryption Standard (AES). Key management can be handled internally on VPX3-FSM or externally by a host system. An on-board microcontroller monitors temperature, power, and error conditions. The internal structure is designed to dissipate component heat, provide rigidity, and move heat to the outer enclosure. This closed conduction-cooled structure makes the VPX3-FSM less susceptible to problems due to adverse environments and provides silent vibration-free operation. The 3U VPX-1TB FSM Flash Storage Module is validated at the following FIPS 140-2 Section levels: Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 3 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 9 GB – Gigabyte 10 SLC – Single-Level Cell 11 NAND – Not AND Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 5 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Section Section Title Level 7 Cryptographic Key Management 2 EMI/EMC12 8 2 9 Self-tests 2 10 Design Assurance 3 11 Mitigation of Other Attacks N/A 2.2 Module Specification The 3U VPX-1TB FSM Flash Storage Module is a hardware module with a multi-chip embedded embodiment. The overall security level of the module is 2. The module supports two FIPS-Approved modes of operation. The first Approved mode of operation is defined as Security Mode 1 and generates an AES Data Encryption Key (DEK) internally. The second Approved mode of operation is defined as Security Mode 2. Security Mode 2 does not generate an AES DEK internally; instead it accepts externally generated DEKs. Instructions on how to invoke these two modes are provided in Section 3.2. The cryptographic boundary of the 3U VPX-1TB FSM Flash Storage Module is defined by the anodized aluminum covers that enclose the module and surround all the hardware and software components. Please note that references to the module in this document refer to both the RAID0 and JBOD versions of the module. 2.3 Module Interfaces The VPX3-FSM supports the four logical interfaces defined in FIPS 140-2: Data Input, Data Output, Control Input, and Status Output. In addition, the module supports a Power Input interface. Table 2 explains the mapping of the module’s physical ports to the FIPS interfaces and Figure 2 and Figure 3 depict the physical ports of the VPX3-FSM. Table 2 – Mapping of VPX3-FSM Physical Interfaces to FIPS 140-2 Logical Interfaces Physical Port VPX Port Description FIPS 140-2 Interfaces VPX 5V P0 Connection to VPX chassis for power Power Input supply I2C13 Primary P0 I2C system management Data Input, Data Output, Control Input, Status Output System Reset P0 Reboot signal from host via VPX Control Input backplane +3.3V auxiliary P0 Auxiliary power supply Power Input supply VBAT P1 Battery voltage power supply Power Input SATA Lane 4 P1 SATA transmit and receive Data Input, Data Output SATA Lane 5 P1 SATA transmit and receive Data Input, Data Output 12 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 13 I2C – Inter-Integrated Circuit Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 6 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Physical Port VPX Port Description FIPS 140-2 Interfaces SATA Lane 0 P2 SATA transmit and receive Data Input, Data Output SATA Lane 1 P2 SATA transmit and receive Data Input, Data Output SATA Lane 2 P2 SATA transmit and receive Data Input, Data Output SATA Lane 3 P2 SATA transmit and receive Data Input, Data Output RS232 P2 Serial communications Data Input, Data Output, Control Input, Status Output I2C Secondary P2 I2C system management Data Input, Data Output, Control Input, Status Output Security Trigger P2 External trigger signal from host via VPX Control Input backplane to zeroize keys and user account information RTM CardFail Signal P2 Asserted when: Internal or external error Status Output condition RTM Status Signal P2 Indicates when AES key is loaded into Status Output encryption processor Push Button Switch N/A Front panel button to zeroize keys and Control Input user account information (labeled KEY CLR on front panel) Fault LED14 N/A Asserted when: Internal or external error Status Output condition Power LED N/A Illuminates GREEN when module is Status Output powered up Status LED N/A Illuminates YELLOW when an AES key Status Output has been successfully loaded for encryption/decryption processing 14 LED – Light Emitting Diode Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 7 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Figure 2 – VPX3-FSM Front Panel Port Interfaces Figure 3 – VPX3-FSM VPX Port Location 2.4 Roles and Services In both FIPS-Approved modes, the module supports identity-based authentication and authorization using a Userid and password. There are two roles in the VPX3-FSM (as required by FIPS 140-2) that operators Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 8 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 may assume: a Crypto Officer (CO) role and a User role. The CO installs the module and can execute all of the module’s services. The User can execute a subset of the module’s services. Both the CO and User manage the device by authenticating to the module via the RS232 or I2C ports and issuing commands through the User Control Interface (UCI). Descriptions of the services available in each Approved mode are provided in Table 3 below. The approved mode that the service is available in is shown in the “Security Mode” column. Please note that the CSPs15 listed in the table indicate the type of access required using the following notation: R – Read: The plaintext CSP is read by the service. W – Write: The CSP is established, generated, modified, or zeroized by the service. X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Table 3 – Mapping of Services to Roles, Inputs, Outputs, CSPs, and Type of Access Security CSP and Service Role Description Input Output Mode Type of Access Push Button CO 1, 2 Zeroize keys, configuration data, and all user Command Status DEK – W KEK16 – W Switch User authentication data via front panel Passwords – W Security Trigger CO 1, 2 Zeroize keys, configuration data, and all user Command Status DEK – W User authentication data via VPX backplane signal KEK – W Passwords – W System Reset CO 1, 2 Reboot the module via VPX backplane signal Command Status None User Sanitize (UCI) CO 1, 2 Zeroize keys, configuration data, and all user Command Status DEK – W User authentication data KEK – W Passwords – W Clear DEK (UCI) CO 1, 2 Zeroize DEK only Command Status DEK – W User Clear Key (UCI) CO 1, 2 Zeroize DEK only, DEK+KEK, or DEK+KEK+Passwords Command Status KEK – W User DEK – W Passwords – W Zeroize keys, including the PSK17, configuration data, and Command Clear all (UCI) CO 1, 2 Status DEK – W User all user authentication data KEK – W PSK – W Passwords – W Setup user CO 1, 2 Display, create, modify, or delete user accounts Command Status Passwords – W accounts (UCI) Set security CO 1, 2 Specify if DEK is entered into module or generated Command Status DEK – W mode (UCI) internally. A security mode change causes zeroization. KEK – W Passwords – W Generate DEK CO 1 Generate and store a new DEK Command Status DEK – RW (UCI) 15 CSP – Critical Security Parameter 16 KEK – Key Encryption Key 17 PSK – Pre-Shared Key Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 9 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Security CSP and Service Role Description Input Output Mode Type of Access Generate KEK CO 1, 2 Generate a new KEK. Encrypts new KEK with old KEK Command Status, KEK - RWX (UCI) and exports it key Store KEK (UCI) CO 1, 2 Stores the latest generated KEK Command Status KEK-R Enter DEK (UCI) CO 2 DEK entry and storage Command, Status DEK – RW key KEK – RWX PSK – RX Set password CO 1, 2 Set/change passwords Password Status Password – RW (UCI) User Select SATA port CO 1, 2 Configure SATA port configuration Command Status None configuration User Select UCI CO 1, 2 Display or configure communication settings Command Status None communication User port (UCI) Set I2C slave CO 1, 2 I2C node address setup Command Status None address (UCI) View SATA CO 1, 2 Display SATA lane configuration Command Status None connection status User (UCI) View CO 1, 2 Display output from temperature sensors Command Status None temperature User status (UCI) View DEK status CO 1, 2 Display DEK load status and storage location Command Status None (UCI) User View KEK status CO 1, 2 Display KEK load status and storage locations Command Status None (UCI) User View FSM ID CO 1, 2 Display the FSM module ID Command Status None (UCI) User View Security CO 1, 2 View the current security mode of the FSM Command Status None Mode (UCI) User Display error conditions (including POST18s and BIST19s) Command View error status CO 1, 2 Status None (UCI) User and log history Clear error CO 1, 2 Clear log history Command Status None status (UCI) Logoff (UCI) CO 1, 2 Logoff Command None None User 2.4.1 Authentication The 3U VPX-1TB FSM Flash Storage Module supports identity-based authentication to control all of the services it provides. To access the services on the module for each approved mode, the operator must 18 POST – Power-On Self-Test 19 BIST – Built-In Self-Test Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 10 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 provide the correct Userid and password combination to the module in order to gain access to the module. Each username is a unique identity to each operator of the module. The Userid provides access to either CO or User services depending on the role that it was assigned. CO and User account setup is covered in Section 3.2.1. 2.4.1.1 Authentication Data Protection The VPX3-FSM does not allow the disclosure, modification, or substitution of authentication data to unauthorized operators. Authentication data can only be modified by the operator who has assumed the CO role. 2.4.1.2 Authentication Mechanism Strength Passwords created for the CO and User shall be between 8 and 15 characters long and may consist of upper- and lower-case letters and numbers, for a total character space of 62 characters. There are, at minimum, 628 (2.18x1014) possible password combinations. This means there is a 1 in 2.18x1014 chance that a random access attempt will succeed, surpassing the 1 in 1,000,000 requirement. User accounts will be locked out after 10 contiguously failed login attempts. After an account is locked out, the CO must log in and reset the password for that Userid. Because user accounts are locked out after only 10 attempts, the probability of guessing the password to a Userid in a one minute period is less than 1 in 100,000. 2.5 Physical Security The 3U VPX-1TB FSM Flash Storage Module is a multi-chip embedded cryptographic module. The module consists of production-grade components that include standard passivation techniques. The VPX3- FSM enclosure is constructed of two custom-machined 6061-T6 anodized aluminum covers. The top and bottom covers enclose this assembly and fasten together to form a rugged conduction-cooled VPX U3, 1” pitch data storage device. The case is sealed using tamper-evident warranty labels in order to prevent the covers from being removed without signs of tampering. 2.6 Operational Environment The operational environment requirements do not apply to the 3U VPX-1TB FSM Flash Storage Module. 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms listed in Table 4 below in both FIPS-Approved modes of operation. Table 4 – FIPS-Approved Algorithm Implementations Algorithm Certificate Number Symmetric Key Algorithm AES-CBC, 128-, 192-, and 256-bit key sizes #250 (hardware implementation) AES-ECB 256-bit key sizes (software #1978 implementation) Secure Hashing Algorithm (SHA) SHA-256 #1732 Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 11 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Algorithm Certificate Number Message Authentication Code (MAC) Function HMAC-SHA-256 #1191 Deterministic Random Bit Generator (DRBG) SP 800-90 HMAC_DRBG #180 The module also implements the following non-Approved algorithm which is allowed in the FIPS- Approved mode of operation: • TRNG (True Random Number Generator; as the entropy source for SP800-90 HMAC_DRBG) The cryptographic keys and other CSPs used by the module in both FIPS-Approved modes are shown in Table 5 below: Table 5 – VPX3-FSM Keys, Key Components, and CSPs CSP/Key Type Input Output Storage Zeroization Use PSK (Pre- AES 256-bit Pre-installed Never Plaintext in See Section Encrypt the RAM20 or shared key) key at factory 3.3.2 KEK EEPROM21 KEK (Key AES 256-bit Generated Encrypted Plaintext in See Section Decrypt the encryption key) key internally with PSK RAM, 3.3.2 DEK SRAM22, or or KEK EEPROM DEK (Data AES 256-bit Encrypted Never Plaintext in See Section Encrypt and encryption key) key with KEK or RAM, SRAM, 3.3.2 decrypt the data generated or EEPROM on SATA flash internally HMAC key HMAC SHA- Generated Never Plaintext in See Section Message 256 key internally RAM 3.3.2 Authentication with SHS23 CO/User Password Plaintext Never Plaintext in See Section Login to the password RAM, SRAM, 3.3.2 UCI for module or EEPROM management DRBG seed Random Generated Never Plaintext in See Section Seed input to value internally RAM 3.3.2 SP 800-90 HMAC_DRBG 20 RAM – Random Access Memory 21 EEPROM – Electrically Erasable Programmable Read-Only Memory 22 SRAM – Static Random Access Memory 23 SHS – Secure Hash Standard Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 12 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 2.8 Self-Tests 2.8.1 Power-Up Self-Tests In both FIPS-Approved modes, the 3U VPX-1TB FSM Flash Storage Module performs the following self- tests at power-up: • Firmware integrity check (16-bit CRC24) • Known Answer Tests (KATs) AES encryption and decryption o SHA-256 o HMAC-SHA-256 o HMAC_DRBG o If an error occurs during a power-up self-test, the module will enter a critical error state. Data output from the module will be inhibited. The module will log the error into an error log and the Fault LED will illuminate. To correct the error, the CO must restart the module. 2.8.2 Conditional Self-Tests In both FIPS-Approved modes, the 3U VPX-1TB FSM Flash Storage Module performs the following conditional self-tests: • Continuous Random Number Generator (RNG) test for HMAC_DRBG • Continuous RNG test for TRNG If an error occurs during a conditional self-test, the module will enter a critical error state. Data output from the module will be inhibited. The module will log the error into an error log and the Fault LED will illuminate. To correct the error, the CO must restart the module. 2.9 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 2 requirements for this validation. 24 CRC – Cyclic Redundancy Check Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 13 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 3 Secure Operation The 3U VPX-1TB FSM Flash Storage Module meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Multiple Approved Modes The 3U VPX-1TB FSM Flash Storage Module provides two FIPS-Approved modes of operation. The two Approved modes of operation are defined as Security Mode 1 and Security Mode 2.. Section 3.2 provides instructions on how to configure the module in one of the two Approved modes. A description of the two Approved modes is provided in Section 3.3. 3.2 Initial Set-up Sections 3 and 4 of the VPX3-FSM FIPS Flash Storage Module User Guide provide detailed instructions on how to unpack, install, and setup the module for the first time. The steps are summarized below. 1. After unpacking the module, a physical inspection should be conducted to: a. Identify any damage to the assemblage or tamper-evident seals b. Verify the correct seating of all screws and front panel switches. 2. The VPX-FSM is not a freestanding device. Therefore, mount the module into a VPX chassis frame that can accommodate a 3U, 1" pitch bay with wedgelock slots for conduction-cooled modules. Push the wedgelock handles in until each wedgelock expands enough to make contact with the conduction cooled chassis rails and verify the board is locked in place. 3. Establish serial communication to the device using either the RS-232 connection or I2C bus. 4. Configure the module by: a. Establishing CO and User accounts (See Section 3.2.1) b. Selecting the VPX I/O SATA lanes c. Setting the Security Mode (see Section 3.3 below) d. Selecting a storage option for the AES encryption key e. In Security Mode 1, request the module to generate an AES encryption key f. In Security Mode 2, enter an externally generated AES encryption key into the module. 3.2.1 CO and User Account Setup The startup account on the VPX3-FSM unit is “guest” with a default password of “xxxxxxxx”. After logging in as “guest”, another login prompt appears. At this point, the CO will configure the module security mode, the storage device for the DEK, and a CO (Admin) username and password. Passwords shall be between 8 and 15 characters and may consist of upper- and lower-case letters and numbers. The CO will then log on using the newly set Admin credentials. The “FSM>” prompt will appear indicating that initial log on and account establishment has been completed. The CO may then add additional CO or User accounts. The “guest” Userid and default password are deleted after the first successful authentication by the CO. The “guest” Userid and password will be available again after zeroization. 3.3 Secure Management The module operates in FIPS-Approved mode when used as specified within this Security Policy. The “mode” command will report if the module is in the FIPS-Approved mode. The VPX3-FSM FIPS Flash Storage Module User Guide specifies two Security Modes for the VPX3-FSM that both operate in FIPS- Approved mode. Each mode defines how the SATA flash encryption key management is performed. Following each power cycle or key zeroization, the VPX3-FSM software will determine the appropriate Security Mode to run based on configuration settings. The Security Modes are defined as follows: Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 14 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 • Security Mode 1 – AES encryption key for SATA flash storage is to be generated internally. o When operating in Security Mode 2, the CO can issue the “mode 1” command to switch to this Approved mode* • Security Mode 2 – AES encryption key for SATA flash storage is to be generated externally and entered into the module. o When operating in Security Mode 1, the CO can issue the “mode 2” command to switch to this Approved mode* * Switching between security modes will cause the module to reboot and zeroize all stored keying material (See Section 3.3.2). Upon entering the new security mode, the module will perform the power-up self-tests listed in Section 2.8.1. 3.3.1 Initialization Four tamper-evident labels are applied by the vendor during manufacturing. Upon initialization of the module, the Crypto Officer shall visually inspect the labels to ensure that they are in the proper locations and that they do not show any signs of tampering. Labels will be placed on the two center screws located on the top and bottom of the module. Figure 4 and Figure 5 show the proper seal placement for the module. Figure 4 – VPX3-FSM Tamper-Evident Seal Placement (Top) Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 15 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Figure 5 – VPX3-FSM Tamper-Evident Seal Placement (Bottom) 3.3.2 Zeroization Cryptographic keys are zeroized in memory upon power-up after the module is power-cycled or rebooted. Keys and all other CSPs stored in SRAM or EEPROM can be zeroized by the following methods: • Pressing the Push Button Switch on the front panel (labeled KEY CLR) • Sending a Security Trigger signal from the host device via the VPX backplane • Using the “Sanitize” services as listed in Table 3. • Using the “Clear DEK” service as listed in Table 3. This only zeroizes the DEK used to protect the data stored on flash. • Automatic zeroization of keys and CSPs occurs when changing the security mode, which designates if the AES encryption key will be internally generated or externally entered into the module. • Automatic zeroization of keys and CSPs occurs when battery power is too low. If the Push Button Switch is pressed or the Security Trigger is activated when the module is powered off, then zeroization will occur upon power up. The CO or User must wait until the module has been successfully rebooted in order to verify that zeroization has completed. The VPX3-FSM monitors the zeroization process, and if the process is interrupted, it will begin again upon reboot or power up. 3.4 CO and User Guidance The Crypto Officer is responsible for initialization and security-relevant configuration and management of the module. Both the CO and User shall examine the enclosure regularly and see if there are signs of tamper attempts. If damage to the tamper-evident seals is found, then the device is not considered operating in the Approved mode of operation. The device must be returned to Curtiss-Wright for service before it can operate in the Approved mode of operation again. Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 16 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 4 Acronyms Table 6 describes the acronyms used in this document. Table 6 – Acronyms Acronym Definition AES Advanced Encryption Standard ASCII American Standard Code for Information Interchange BIST Built-In Self-Test CBC Cipher Block Chaining CMVP Cryptographic Module Validation Program CO Crypto Officer CSEC Communications Security Establishment Canada CSP Critical Security Parameter DRBG Deterministic Random Bit Generator DEK Data Encryption Key EEPROM Electrically Erasable Programmable Read-Only Memory EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GB Gigabyte HMAC (Keyed-) Hash Message Authentication Code I2C Inter-Integrated Circuit I/O Input/Output JBOD Just a Bunch Of Drives KAT Known Answer Test KEK Key Encryption Key LED Light Emitting Diode MAC Message Authentication Code NAND Not AND NIST National Institute of Standards and Technology NVLAP National Voluntary Laboratory Accreditation Program POST Power-On Self-Test PSK Pre-Shared Key RAID Redundant Array of Independent Disks RAM Random Access Memory Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 17 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.2 January 29, 2013 Acronym Definition REDI Ruggedized Enhanced Design Implementation RNG Random Number Generator SATA Serial Advanced Technology Attachment SHA Secure Hash Algorithm SHS Secure Hash Standard SLC Single-Level Cell SRAM Static Random Access Memory TB Terabyte TRNG True Random Number Generator U Rack Unit UCI User Control Interface VITA VMEbus International Trade Association VME Versa Module Eurocard VPX Versatile Performance Switching Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module Page 18 of 19 © 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, Virginia 22033 United States of America Phone: +1 (703) 267-6050 Email: info@corsec.com http://www.corsec.com