St tanley Wi-Q Po ortal Gaateway y Crypto ograph Mod hic dule FI 140 Sec IPS 0-2 curity P Policy Prepared for: d UL/CMMVP Prepared by: d Engineerring This do ocument is n non-proprieta ary Documen Number: 99092 nt Revision 6 n: Release Date: 06/11/2013 D Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 Revision History n Version Releasee Descrip ption of Cha ange Date 1 05/07/201 12 Initial Release R 2 05/24/201 12 Added Table 4 Acc Rights cess Added PG firmwar version to Introduction section. re n 3 07/27/201 12 Modific cations to se everal section following UL final re ns g eview comme ents. Added OpenSSL Algorithm Ce #s A ert 4 02/20/201 13 Added hardware ve ersion tested d. Removed logical bo oundary from Figure 1. Block diagra m am. Added figure 2. Phy ysical bounddary configu uration picturres. Removed firmware load test as it is not app e s plicable whe only one en version of firmware is approved with the in n e d nitial release e. 5 05/09/201 13 Rename supported algorithms ed d s. Modifie self-test descriptions. ed d . 6 06/11/201 13 Added additional in nformation t CSPs to Clarifie KATs per ed rformed P Page i Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 Table of Content e ts Section Page 1  Intr roduction ........................................... .................... .................... .................... .................... 1 ...... 2  Cryyptographic Module Spe ecification .... .................... .................... .................... .................... 1 ...... 2.1  Desscription of Approved Mode ............ A M .................... .................... .................... .................... 2 ...... 2.2  Suppported Algo orithms ........................... .................... .................... .................... .................... 2 ...... 2.3  Desscription of Cryptograph Boundary.................. C hic y .................... .................... .................... 3 ...... 2.4  Blo Diagram ...................................... ock m .................... .................... .................... .................... 3 ...... 2.5  Phyysical Bound ................................ dary .................... .................... .................... .................... 4 ...... 3  Cryyptographic Module Port and Interf ts faces ............ .................... .................... .................... 5 ...... 4  Rol and Services ................................ les .................... .................... .................... .................... 5 ...... 4.1  Rol ..................................................... les .................... .................... .................... .................... 5 ...... 4.2  Serrvices ................................................. .................... .................... .................... .................... 6 ...... 4.3  Serrvice Inputs and Outputs ................... a .................... .................... .................... .................... 6 ...... 5  Cryyptographic Keys and Cr ritical Securi Paramete ............... ity ers .................... .................... 7 ...... 5.1  AE Keypad & Credential Key ............ ES .................... .................... .................... .................... 7 ...... 5.2  SSL Certificate .................................... L es .................... .................... .................... .................... 7 ...... 6  Phyysical Securi ................................... ity .................... .................... .................... .................... 7 ...... 7  Self – Tests ............................................ .................... .................... .................... .................... 8 ...... 7.1  Powwer-Up Test ..................................... ts .................... .................... .................... .................... 8 ...... 7.2  Connditional Tests .................................. .................... .................... .................... .................... 8 ...... 7.3  Firmmware Files ...................................... .................... .................... .................... .................... 8 ...... 7.4  Critical Functio Tests ........................ ons .................... .................... .................... .................... 8 ...... 7.5  Key Zeroization .................................... y n .................... .................... .................... .................... 8 ...... 8  Mit tigation of Other Attacks .................. O s .................... .................... .................... .................... 8 ...... Pa ii age Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 1 Intr roductio on This docuument defines the securi policies of the Stanle Wi-Q Port Gateway Cryptograp ity o ey rtal y phic Module, referred to as the PG for simplicity. The PG is a wireless ga a r ateway device that communicates via wi ired network to the CSC (Stanley Wi-Q Comm k CM munications Server Cryptogrraphic Modu and com ule) mmunicates via proprietar 802.15.4 protocol to a wireless ac v ry ccess controller device. FIPS140-2 Stanley WiQ Portal Gateway firm W G mware versio tested: 3. on .017.156 FIPS140-2 Stanley WiQ Portal Gateway hard W G dware versio tested: 12 on 2562C 2 Cry yptograp phic Mo odule Sp pecificat tion The PG is a hardware device that provides se i e t ecure key ret trieval and k transfer f key functions wiithin the Stanley Wi-Q Wi ireless Access Control System. The incoming co S ommands / innterrupts fro the om CSCM ar handled in the same process, the PG commun re n p P nication proccess. The inc coming com mmands / interrup from the Controllers are handled in the same process, the PG radio pr pts a e rocess. Ther refore, there is no other proc can inte n cess errupt the cry yptographic m module duri execution ing n. Security  Security Com S mponent  Level  Cryptog graphic Modu ule Specificati on  1  Cryptographic Module P Ports and Inteerfaces  1  Roles, S Services, and Authenticatio on  1  Finite State Model  1  Physical Security  1  Op perational Env vironment  1  Cry yptographic KKeys and Critic cal Security P Parameters  1  EMI/EMMC  1  Self‐Tes sts  1  Design Assu urance  1  Mittigation of Other Attacks  N/A  Table 1. Mo odule Securi Levels ity Page 1 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 2.1 De escription of Appr n roved Mo ode The PG only runs in Approved Mode of FIPS operation w o M S when firmw version 3.017.156 is ware s loaded on the module The modu will start in FIPS mod and comp n e. ule de plete its pow wer-on self-te ests. Once the module has successfully completed its power-o self-tests, it is in the A e s y d on Approved mo ode, which is indicated by the followi status me y ing essages with the system hin m:  PG St tatus Webpage –Portal Gateway firm G mware versio 3.017.156 indicated. on 6 2.2 Su upported Algorithm ms The follo owing algorit thms are sup pported by th PG he  AES - Stanle Wi-Q Adv A ey vanced Encr ryption (AES Cert. # 180 S 02)  SHA256 – St tanley Wi-Q Advanced Encryption ( E (SHS Cert. # 1583)  SHA1, 224, 256, 384, 512 - Stanley Wi-Q Advan 2 2 W nced Encrypttion (SSL-SH (SHS C HS) Cert. #1845)  Triple-DES - Stanley Wi- Advanced Encryption (SSL-TDE (TDES C T -Q n ES) Cert. #1356) )  RSA - Stanley Wi-Q Adv R y vanced Encryyption (SSL L-RSA) (RSA Cert. #109 A 96) Page 2 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 2.3 De escription of Cryp n ptographi Bounda ic dary The Stan PG is co nley onsidered a multiple-chip embedded module for the purposes of FIPS 14 m p 40-2 validation The PG is an electron hardware appliance. The cryptog n. i nic e graphic bounndary of the e module includes all software and hardware where the ph s d w hysical embo odiment is th outer perim he meter of the ma circuit bo ain oard, protect by the en ted nclosure of th PG. The hardware in he ncludes the c central processin unit, Flash and Ram memory, net ng h m twork interfa circuits, excluding th radio boar ace he rds. 2.4 Bl lock Diag gram Figure 1. Block Dia agram Page 3 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 2.5 Physical Boundary h Figure 2. Cryptog e graphic Phy ysical Boun ndary Page 4 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 3 Cry yptograp phic Mo odule Po orts and Interfac ces The PG provides the following ports and inte p p erfaces: Po ortal Gateway Mo odule         PG G Ports and Interf faces        In nterface  Logical  Physical Data Input  Data rece eived via Secure T TCP from an extern nal communication n service (via Secu ure TCP/IP )  Ethernet Port    Data rece eived via Secure A AES encrypted from m external controlller  RF Antenna Port (P1, P4)  Data Output  Data sen nt via Secure TCP to o an external commmunication servic ce (via Secure TCP/ /IP )  Ethernet Port  Data tran nsmitted to extern nal controller via secure wireless pro otocol    QSPI com mmunication to MC1392  RF Antenna Port (P1, P4)  Co ontrol Input   Data rec ceived via Secure T TCP from an external communicatio on service (via Secu ure TCP/IP )  Ethernet Port      Reset Sig gnal  On Board d Reset Switch     St tatus Output         Status data written to HTT TP Status Page  Ethernet Port     Data sen nt via secure TCP to o external Commu unication Service  Ethernet Port  Network LED Lights     Data sen nt via secure TCP to o external Commu unication Service  (D1,D2,D3,D4,D5)  Power Ind dicator Light    Power Applied Indicator  (D10)  Heartbea at LEDs    Proper operation indicator r  (D11,D12 2)  Po ower Input  NA  Power Su upply  Table 2. Ports and Int P terfaces 4 Ro oles and Service es The mod runs in FIPS Mode only. Switch dule F o hing to a Non n-Approved mode is not supported b the t by module. 4.1 Ro oles The PG supports two distinct role Cryptogr s o es: raphic Office (CO) and User. The C is the er CO individuaal(s) respons sible for load ding certifica to the PG and mana ates G aging cryptoggraphic keys used s by the PG The User Role perfor the gene security services inc G. r rms eral cluding crypt tographic operation and other approved se ns ecurity functtions. Assumpt tion of roles is accomplisshed by selection of servvices. Roles are implicit assumed by the s tly selection of the services. The PG communication proces only allow one client PC connect n G ss ws t tion at a time. Page 5 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 4.2 Se ervices  Cryptographi key manag C ic gement - Enc cryption and decryption and distribu d ution of critical se ecurity parammeters  Firmware Ma anagement – Firmware SHA-256 val S lidation and programmin process. ng  Secure data trransmission – SSL and AES encrypt A tion and decryption and transmission of n data  Show status – PG webpag showing the current s ge t status of the PG and conn nected contrrollers an LED statu output. nd us  Self-tests - KA for AES SHA-1, -2 -256, -3 ATs S, 224, 384, -512, Trriple-DES, a RSA, fir and rmware in ntegrity tests and Pairwi Consisten Tests. s, ise ncy  Zeroize - Clearing copies of critical security para Z s s ameters 4.3 Se ervice Inp puts and Outputs The PG roles are assu r umed by the selection of the followi services: e f ing : Service use er CO dat input ta data output status ou utput Cryptograp Key Mana phic agement - SSLL certificate management x AE encrypted ES none pass/fail Cryptograp Key Mana phic agement - segm key ment manageme ent x SSL encrypted L none pass/fail Firmware Management M x AE encrypted ES none pass/fail show statu us x non ne none module s status self-tests x non ne none pass/fail zeroize x non ne none plaintext t PG Comm munication Proocess wired secu data transm ure mission encryption n/decryption x SSL encrypted L SSL encrypte ed pass/fail PG Radio Process wireless se ecure data trans smission encryptionn/decryption x AE encrypted ES AES encrypte ed pass/fail Table 3. Serv Inputs a Outputs T vice and Page 6 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 5 Cry yptograp phic Key and Critical S ys C Security Param y meters The PG communication process is the only process that c access th CSPs, dur c p can he ring run time. The PG provi ides secure management of the follow m t wing CSPs:  AES Key (H A Hard coded AES key used for storage and import A e ting certifica ate), 128 bit AES key k  Segment Keypad Key (S S Session key used for wir u reless secure communica ation with controllers), 128 bit AES key c S  Segment Cre S edential Key (Session ke used for w y ey wireless secu commun ure nication withh controllers), 128 bit AES key c S  SSL Certific (AES En S cate ncrypted SSL informatio 2048 bit public RSA key L on), t A  RSA Private Key (AES Encrypted keypair assoc R e k ciated with S Certificate), 2048 bit SSL private RSA key p A  Triple-DES Session Key (Session ke used by th PC conne T y ey he ection for sym mmetric encryption), 168 bit Trip e ple-DES key y  SHA256 Firmware Hash (Embedded Hash withi Firmware Files), SHA S h d in e A-256 hash o of firmware bin f nary file CSP C CO Role - Access Rights A User R - Access R Role Rights Hardcoded AE Key H ES read only read onnly Segment Keyp Key S pad read, write, zeroize read, z zeroize Segment Crede S ential Key read, write, zeroize read, z zeroize SSL Certificate S e read, write, zeroize read, z zeroize RSA Private Key R K read, write, zeroize read, z zeroize Triple-DES Se T ession Key read, write, zeroize read, z zeroize SHA256 Firmw Hash S ware read, write read onnly Table 4. Access Ri 4 ights 5.1 AE Keypa & Cred ES ad dential Ke ey The segm keypad key and seg ment gment creden ntial key are sent to the p portal gatew by the client way PC via th establishe connection and are ma he ed n anually enter at the loc controller Once these keys red ck r. have been established in the port gateway and controlle AES encr d tal a er, rypted secur wireless re communication can begin. b 5.2 SS Certifi SL icates The certiificates are generated out g tside of the module usin OpenSSL Library version 1.2.3 m ng implemen on a ge nted eneral purpos PC. The certificates a then trans se c are sferred to the PG from th e he client PC encrypted with the AES hardcoded key. The PG module th AES dec C w S d G hen crypts, stores the s certificat and uses it for all SSL communication with th external c te, i L he client PC. 6 Phy ysical Security S As a leve 1 device th PG physic security is accomplis el he cal shed by prod duction grad componen de nts. Page 7 Stanley Wi-Q Portal Gat S Q teway Crypt tographic Mo odule FIPS 140-2 Security P Policy D Doc# 99092 rev 6 7 Self – Test ts 7.1 Po ower-Up Tests On powe up the PG module perf er forms knownn-answer tes for the fo sts ollowing cryp ptographic functions s:  AES encrypti KAT and decryption KAT A ion d n  SHA-1, -224, -256, -384, -512 KATs ,  Triple-DES encryption KAT and decr T e K ryption KATT  RSA encrypti KAT and decryption KAT R ion d n  Firmware Inteegrity Test Upon succcessful com mpletion of th power-up self-tests th PG status webpage in he p he ndicates firm mware version 3.017.156. 3 If power- self-tests do not com -up s mplete succes ssfully, the m module will flash the pow LED in a wer pattern in ndicating “S-O-S” in mo code (“… - - … - - -“) and all f orse …- further crypto ographic fun nctions will halt. 7.2 Co onditiona Tests al The follo owing condit tional self-te are cond ests ducted:  RSA Pairwise Consistenc Test R e cy 7.3 Fir rmware Files F Firmware loading to a firmware other than version 3.017 e o 7.156 invalid dates the cryp ptographic module. 7.4 Cr ritical Fun nctions Tests T No critical function tests occur in this module beyond the scope of st t n e tartup self te ests. 7.5 Ke Zeroiz ey zation Segment Sign-On keys in the mo odule are hel in RAM a may be z ld and zeroized by a forced rese of et the modu This may also be don by discon ule. y ne nnecting and connecting power. The PG will aga d g e ain retrieve Segment Sig S gn-On keys upon success power-u tests. The PG can also be returned to u sful up e the factor default, th ry herefore eras sing SSL Ce ertificates usi the Porta ing alConfig appplication. 8 Mit tigation of Othe Attack er ks The PG does not mitigate any att d tacks beyond the scope o FIPS 140- d of -2. Page 8