Vidyo, Inc. Cryptographic Security Kernel Software Version: 2 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.4 Prepared for: Prepared by: Vidyo, Inc. Corsec Security, Inc. 433 Hackensack Ave., 6th Floor 13135 Lee Jackson Memorial Hwy., Suite 220 Hackensack, NJ 07601 Fairfax, VA 22033 United States of America Unites States of America Phone: +1 866 998 4396 Phone: +1 703 267 6050 Email: info@vidyo.com Email: info@corsec.com http://www.vidyo.com http://www.corsec.com Security Policy, Version 1.4 March 24, 2014 Table of Contents 1 INTRODUCTION ................................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 CRYPTOGRAPHIC SECURITY KERNEL ............................................................................. 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.2 MODULE SPECIFICATION..................................................................................................................................... 5 2.2.1 Physical Cryptographic Boundary ...................................................................................................................... 5 2.2.2 Logical Cryptographic Boundary ........................................................................................................................ 7 2.3 MODULE INTERFACES .......................................................................................................................................... 8 2.4 ROLES AND SERVICES ........................................................................................................................................... 9 2.4.1 Crypto Officer and User Services ................................................................................................................... 10 2.5 PHYSICAL SECURITY ...........................................................................................................................................12 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................12 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................14 2.8 SELF-TESTS ..........................................................................................................................................................15 2.8.1 Power-Up Self-Tests ............................................................................................................................................ 15 2.8.2 Conditional Self-Tests ......................................................................................................................................... 15 2.8.3 Critical Function Tests ........................................................................................................................................ 15 2.9 MITIGATION OF OTHER ATTACKS ..................................................................................................................16 3 SECURE OPERATION ......................................................................................................... 17 3.1 INITIAL SETUP......................................................................................................................................................17 3.2 CRYPTO OFFICER GUIDANCE ..........................................................................................................................17 3.2.1 Installation.............................................................................................................................................................. 17 3.2.2 Management ........................................................................................................................................................ 17 3.3 USER GUIDANCE ................................................................................................................................................17 4 ACRONYMS .......................................................................................................................... 18 Table of Figures FIGURE 1 – VIDYO PRODUCT DEPLOYMENT.........................................................................................................................4 FIGURE 2 – VIDYO CRYPTOGRAPHIC SECURITY MODULE HARDWARE PLATFORM PHYSICAL BLOCK DIAGRAM – CONFIGURATION #1 ......................................................................................................................................................6 FIGURE 3 – VIDYO CRYPTOGRAPHIC SECURITY MODULE HARDWARE PLATFORM PHYSICAL BLOCK DIAGRAM – CONFIGURATION #2 ......................................................................................................................................................7 FIGURE 4 – VIDYO CSK LOGICAL CRYPTOGRAPHIC BOUNDARY .....................................................................................8 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .........................................................................................................5 TABLE 2 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS (GPC) .........................................................................................8 TABLE 3 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS (MOBILE COMPUTING DEVICE) ...............................................9 TABLE 4 – CRYPTO OFFICER AND USER SERVICES ............................................................................................................ 10 TABLE 5 – TESTED DESKTOP PLATFORMS ........................................................................................................................... 12 TABLE 6 – TESTED MOBILE PLATFORMS .............................................................................................................................. 13 TABLE 7 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS .......................................................................................... 14 TABLE 8 – CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS............................................... 14 TABLE 9 – ACRONYMS .......................................................................................................................................................... 18 Vidyo Cryptographic Security Kernel Page 2 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Cryptographic Security Kernel (Software Version: 2) from Vidyo, Inc. This Security Policy describes how the Cryptographic Security Kernel meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The Cryptographic Security Kernel is referred to in this document as Vidyo CSK, crypto-module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The Vidyo website (http://www.vidyo.com) contains information on the full line of products from Vidyo.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Vidyo. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Vidyo and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Vidyo. Vidyo Cryptographic Security Kernel Page 3 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 2 Cryptographic Security Kernel 2.1 Overview Vidyo, Inc. was founded in 2005 to create superior IP1 video conferencing technology and products. Vidyo’s patented VidyoRouter™ architecture introduces Adaptive Video Layering, which dynamically optimizes the video for each endpoint by leveraging H.264 Scalable Video Coding (SVC)-based compression technology and Vidyo’s Intellectual Property. The VidyoRouter™ architecture delivers low latency, High Definition video conferencing over general data networks and the Internet, using off-the-shelf devices. Vidyo’s architecture dynamically optimizes video quality to the network and to the capabilities of individual endpoint devices in order to deliver telepresence-quality experiences for each participant. Vidyo has been able to pack all of this technology into one, easily deployable Software Development Kit (SDK). The SDK, which exists in all of Vidyo’s applications and products, consists of multiple libraries that assist Vidyo’s proprietary technology. One important library, centrally located within the SDK, is the Cryptographic Security Kernel, or CSK. The Vidyo CSK offers a secure random number generator conforming to NIST SP 800-90 regulations, message authentication, and secure encryption and decryption. The CSK can be deployed in both server-side and client-side applications. The primary use of the CSK is to provide cryptographic functionality to the SDK. The SDK takes advantage of the Vidyo CSK library to create master keys, which can then be used to create a secure session key. The SDK is available to any third-party vendors that are interested in integrating Vidyo’s AVLA technology into their own products. Figure 1 shows a sample deployment of Vidyo’s products, each executing the Cryptographic Security Kernel to provide secure video and data transmission. Figure 1 – Vidyo Product Deployment The Cryptographic Security Kernel is validated at Level 1 FIPS 140-2 Section levels, show in Table 1 below. 1 IP – Internet Protocol Vidyo Cryptographic Security Kernel Page 4 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 EMI/EMC2 8 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 2.2 Module Specification The Vidyo Cryptographic Security Kernel (CSK) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. The module is designed to operate on a General Purpose Computer (GPC) hardware platform, as well as a variety of mobile computing devices. The complete list of platforms on which the module was tested and validated can be found in section 2.6 below. The Vidyo CSK can run on processors with or without AES-NI3 and SSSE34,5 capabilities. However, it will only use AES-NI and SSSE3 instructions when running on an AES-NI and SSSE3 enabled processor. The module is defined as a software cryptographic module and therefore has a logical boundary in addition to a physical boundary. The physical and logical boundaries are outlined in sections 2.2.1 and 2.2.2 respectively. 2.2.1 Physical Cryptographic Boundary As a software cryptographic module, there are no physical protection mechanisms implemented. Therefore, the module must rely on the physical characteristics of the host system. The physical boundary of the cryptographic module is defined by the hard enclosure around the host system on which it runs. The hardware platform can exist in one of two configurations:  The hardware platform consists of a motherboard, a Central Processing Unit (CPU), random access memory (RAM), read-only memory (ROM), hard disk(s), hardware case, power supply, and fans. Other devices may be attached to the hardware appliance such as a monitor, keyboard, mouse, floppy drive, DVD drive, fixed disk drive, printer, video adapter, audio adapter, or network adapter. In the validated configuration, the processor is an Intel-based processor. 2 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 3 AES-NI – Advanced Encryption Standard – New Instructions (an extension to the x86 instruction set architecture comprising instructions for accelerating various sub-steps of the AES algorithm.) 4 SSSE3 – Supplemental Streaming SIMD Extensions 3 (an extension of the x86 instruction set architecture comprising instructions for increasing the performance of SHA-1 software implementations ) 5 SIMD – Single Instruction, Multiple Data Vidyo Cryptographic Security Kernel Page 5 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014  The hardware platform consists of a motherboard, a CPU, RAM, ROM, flash memory, mobile device case, battery, and heatsink. In the validated configuration, the processor is one of the mobile Android and iOS platforms and CPUs identified in section 2.6 below. Please see Figure 2 and Figure 3 for the two hardware platform configurations. Physical Cryptographic Boundary DVD Hardware RAM Network Management HDD Clock Generator SCSI/SATA Controller North Bridge Serial CPU(s) Audio South Bridge Cache PCI/PCIe Slots USB PCI/PCIe Power Graphics Slots Interface BIOS Controller External Power Supply KEY: BIOS – Basic Input/Output System PCIe – PCI express CPU – Central Processing Unit HDD – Hard Disk Drive SATA – Serial Advanced Technology Attachment DVD – Digital Video Disc SCSI – Small Computer System Interface USB – Universal Serial Bus PCI – Peripheral Component Interconnect RAM – Random Access Memory Figure 2 – Vidyo Cryptographic Security Module Hardware Platform Physical Block Diagram – Configuration #1 Vidyo Cryptographic Security Kernel Page 6 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 LCD Keyboard/ (Touch-Screen Keypad Optional) RAM Graphics Central Stylus/ System Clock Driver/ Audio Processing Unit Keyboard Controller Generator (Mic/Speaker) (CPU) Controller Data Bus Cache Flash Memory BIOS (ROM) Cellular Universal Serial Battery Antenna Bus (USB) Data Input Status Output Crypto Boundary Control Input Data Output Power Input Legend Figure 3 – Vidyo Cryptographic Security Module Hardware Platform Physical Block Diagram – Configuration #2 2.2.2 Logical Cryptographic Boundary The logical cryptographic boundary of the Vidyo CSK consists of a compiled version of the Cryptographic Security Kernel. Figure 4 shows a logical block diagram of the module executing in memory and its interactions with surrounding software components, as well as the module’s logical cryptographic boundary. The module’s services are designed to be called by Vidyo’s SDK. Vidyo Cryptographic Security Kernel Page 7 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 Software Cryptographic Security Kernel Development Kit Vidyo Conferencing Application Operating System User Kernel CPU Storage Memory System Calls Data Input Data Output Control Input Status Output Logical Cryptographic Boundary Figure 4 – Vidyo CSK Logical Cryptographic Boundary6 2.3 Module Interfaces The module’s logical interfaces exist at a low level in the software as an Application Programming Interface (API). Both the API and physical interfaces can be categorized into following interfaces defined by FIPS 140-2: Data Input, Data Output, Control Input, and Status Output. A mapping of the FIPS 140-2 logical interfaces, the GPC host physical interfaces, and the module interfaces can be found in Table 2 below. For a mapping of logical interfaces to mobile device physical interfaces, refer to Table 3. Table 2 – FIPS 140-2 Logical Interface Mappings (GPC) FIPS Interface Physical Interface Module Interface (API) USB7 ports (keyboard, mouse, data), network Data Input The API calls that accept input data ports, serial ports, SCSI8/SATA9 ports, DVD10 for processing through their drive arguments. 6 Depending on the evaluated platform, the OS may vary. However, all calls made to the CSK from the SDK and to the Video Conferencing Application are identical. 7 USB – Universal Serial Port 8 SCSI – Small Computer System Interface 9 SATA – Serial Advanced Technology Attachment 10 DVD – Digital Video Disc Vidyo Cryptographic Security Kernel Page 8 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 FIPS Interface Physical Interface Module Interface (API) Data Output Monitor, USB ports, network ports, serial The API calls that return by means of ports, SCSI/SATA ports, audio ports, DVD their return codes or arguments drive generated or processed data back to the caller. Control Input USB ports (keyboard, mouse), network ports, The API calls that are used to serial ports, power switch initialize and control the operation of the module. Status Output Monitor, network ports, serial ports Return values for API calls. Table 3 – FIPS 140-2 Logical Interface Mappings (Mobile Computing Device) FIPS Interface Physical Interface Logical Interface (API) 11 Data Input USB port, Cellular Antenna The API calls that accept input data for processing through their arguments. Data Output USB port, Cellular Antenna The API calls that return by means of their return codes or arguments generated or processed data back to the caller. USB port, LCD12 screen, Keyboard/Keypad Control Input The API calls that are used to initialize and control the operation of the module. Status Output USB port, LCD screen Return values for API calls. Power Input USB port Initialization 2.4 Roles and Services The Cryptographic Security Kernel supports the following two roles for operators, as required by FIPS 140-2: Crypto Officer (CO) role and User role. Both roles are implicitly assumed, and operators may assume both roles simultaneously. Note 1: Table 4 uses the following definitions for “CSP13 and Type of Access”. R – Read: The plaintext CSP is read by the service. W – Write: The CSP is established, generated, modified, or zeroized by the service. X – Execute: The CSP is used within an Approved (or allowed) security function or authentication mechanism. Note 2: Input parameters of an API call that are not specifically a signature, hash, message, plaintext, ciphertext, or a key are NOT itemized in the “Input” column, since it is assumed that most API calls will have such parameters. Note 3: The “Input” and “Output” columns are with respect to the module’s logical boundary. 11 USB – Universal Serial Bus 12 LCD – Liquid-Crystal Display 13 CSP – Critical Security Parameter Vidyo Cryptographic Security Kernel Page 9 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 2.4.1 Crypto Officer and User Services The Crypto Officer and User both have access to the same cryptographic operations and other approved security functions such as asymmetric encryption or decryption, hashing, random number generation, and message authentication functions. Table 4 lists the services available to both the CO and the User. Table 4 – Crypto Officer and User Services CSP and Type Service Description Input Output of Access LmiAesEncKeySchedConstruct Construct an AES Key, API Call Data, Status AES Key – R encryption key Parameters Message schedule from a key LmiAesEncKeySchedDestruct Destruct an AES Data, API Call None AES Key – W encryption key Parameters schedule, zeroing its associated memory LmiAesEncKeySchedEncryptCtr Use an AES Plaintext or Ciphertext AES Key – X encryption key Ciphertext, or schedule to Counter Plaintext, perform counter- Value, Data, Status mode encryption API Message on a block of Parameters memory LmiHmacSha1CtxConstruct Construct an Key, API Call Data, Status HMAC Key – RX HMAC SHA-1 Parameters Message context with a specified key LmiHmacSha1CtxDestruct Destruct an Data, API Call None HMAC Key – W HMAC SHA-1 Parameters context, erasing its associated memory LmiHmacSha1CtxFinal Finalize an HMAC Data, API Call Data, Hash, HMAC Key – X SHA-1 context Parameters Status and retrieve its Message authentication tag LmiHmacSha1CtxInit Reinitialize an Data, API Call Data, Status HMAC Key – X HMAC SHA-1 Parameters Message context to its state as it was immediately after being constructed LmiHmacSha1CtxUpdate Update an HMAC Message, Data, Status HMAC Key – X SHA-1 context Data, API Call Message with additional Parameters message data LmiSecureRandomGeneratorConstruct Construct API Call Data, Status DRBG “V” Value – (instantiate) a Parameters Message W DRBG DRBG “Key” Value –W Vidyo Cryptographic Security Kernel Page 10 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 CSP and Type Service Description Input Output of Access LmiSecureRandomGeneratorDestruct Destruct Data, API Call None DRBG “V” Value – (uninstantiate) a Parameters W DRBG DRBG “Key” Value –W LmiSecureRandomGeneratorGenerate Generate random Data, API Call Data, DRBG “V” Value – bytes Parameters Random XW Number, DRBG “Key” Value Status – XW Message DRBG Seed – X LmiSecureRandomGeneratorGenerateEx Generate random Data, Seed, Data, DRBG “V” Value – bytes API Call Random XW Parameters Number, DRBG “Key” Value Status – XW Message DRBG Seed – X LmiSecureRandomGeneratorHadCatastrophicError Query whether a Data, API Call Status None secure random Parameters Message generator has experienced a catastrophic error LmiSecureRandomGeneratorReseed Reseed the Data, API Call Keys, Status DRBG “V” Value – module’s approved Parameters Message W DRBG DRBG “Key” Value –W DRBG Seed – X LmiSecurityCalculateFingerprint Calculate and CSK image, Status HMAC Key – R return the API Call Message fingerprint (HMAC Parameters SHA-1 value) of the Vidyo SDK security kernel in an application LmiSecurityDoSelfTest Perform a self-test API Call Status All – RX of the security- Parameters Message related components of the Vidyo SDK on- demand LmiSecurityInitialize Initialize all API Call Status All –RWX security-related Parameters Message components of the Vidyo SDK LmiSecurityIsInitialized Query whether API Call Status None the security- Parameters Message related components of the Vidyo SDK are currently initialized LmiSecurityUninitialize Uninitialize all API Call None All –W security-related Parameters components of the Vidyo SDK Vidyo Cryptographic Security Kernel Page 11 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 CSP and Type Service Description Input Output of Access LmiSha1CtxAssign Assign a SHA-1 Data, API Call Data, Status None context as a copy Parameters Message of an existing one. All states previously associated with the target context is overwritten LmiSha1CtxConstruct Construct and API Call Data, Status None initialize a SHA-1 Parameters Message context LmiSha1CtxConstructCopy Construct a SHA- Data, API Call Data, Status None 1 context as a Parameters Message copy of an existing one LmiSha1CtxDestruct Destruct a SHA-1 Data, API Call None None context, Parameters completely erasing its internal state LmiSha1CtxFinal Finalize a SHA-1 Data, API Call Data, Hash, None context and Parameters Status retrieve its digest Message data LmiSha1CtxUpdate Update a SHA-1 Data, Data, Status None context with Message, API Message message data to Call be hashed Parameters 2.5 Physical Security The Vidyo Cryptographic Security Kernel is a software module and does not include physical security mechanisms. Thus, the FIPS 140-2 requirements for physical security are not applicable. 2.6 Operational Environment The module was tested and found to be compliant with FIPS 140-2 requirements on the following desktop platforms: Table 5 – Tested Desktop Platforms With No Platform CPU Operating System AES-NI AES-NI HP ProLiant GL380 G5 Xeon 50xx X Linux Ubuntu 10.04 (32-bit) HP ProLiant GL380 G5 Xeon 50xx X Linux Ubuntu 10.04 (64-bit) Dell PowerEdge R210 II Xeon E3-1280 X Linux Ubuntu 10.04 (32-bit) Dell PowerEdge R210 II Xeon E3-1280 X Linux Ubuntu 10.04 (64-bit) Macbook Pro Core i5-520M X OS/X 10.6.8 (32-bit) Macbook Pro Core i5-520M X OS/X 10.6.8 (64-bit) Vidyo Cryptographic Security Kernel Page 12 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 With No Platform CPU Operating System AES-NI AES-NI Macbook Air Core i5-2557M X OS/X 10.7.3 (32-bit) Macbook Air Core i5-2557M X OS/X 10.7.3 (64-bit) Macbook Air Core i5-2557M X Windows 7 (64-bit) Vidyo HD50 Room System Core i5-650 X Windows XP (32-bit) Vidyo HD50 Room System Core i5-650 X Windows 7 (32-bit) Dell Precision M4300 Core 2 Duo T9300 X Windows 7 (64-bit) IBM Thinkpad T60 Core Duo T2400 X Windows XP (32-bit) Mac Mini Core Duo T2300 X Windows 7 (32-bit) Mac Mini Core 2 Duo P8800 X OS/X 10.7.3 (32-bit) Macbook Air Core 2 Duo SL9400 X OS/X 10.7.3 (64-bit) Mac Mini Intel Core Duo X OS/X 10.6.8 (32-bit) T2300 Macbook Pro Core 2 Duo T9300 X OS/X 10.6.8 (64-bit) The module was tested and found to be compliant with FIPS 140-2 requirements on the following mobile platforms: Table 6 – Tested Mobile Platforms Platform CPU Operating System Apple iPad 4 Apple A6x iOS 6.1 Apple iPhone 5 Apple A6 iOS 6.1 Samsung Galaxy Tab 2 10.1 Nvidia Tegra 2 Android 4.1.1 ASUS Transformer Prime Nvidia Tegra 3 Android 4.1.1 Samsung Galaxy Nexus S ARM Cortex A8 Android 4.1.2 Google Nexus 7 ARM Cortex A9 Android 4.2.2 Samsung Galaxy SII ARM Cortex A9 Android 4.0.4 Samsung Galaxy SIII ARM Cortex A9 Android 4.1.2 Amazon Kindle Fire HD 8.9 Texas Instruments OMAP 4470 Kindle Fire OS 8.4.3 Vidyo affirms that the module also executes in its FIPS-Approved manner on other operating systems that are binary-compatible to those on which the module was tested. All cryptographic keys and CSPs are under the control of the operating system, which protects the CSPs against unauthorized disclosure, modification, and substitution. The module only allows access to CSPs through its well-defined API. Vidyo Cryptographic Security Kernel Page 13 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms listed in Table 7 below. Table 7 – FIPS-Approved Algorithm Implementations Certificate Numbers Desktop platforms; Desktop platforms; Mobile platforms Algorithm Software Hardware-assisted Implementation Implementation AES in ECB14, CTR15 mode with 2027 2028 2576 128-, 192-, and 256-bit keys SHA-1 1776 1777 2175 HMAC16 SHA-1 1229 1230 1599 17 18 NIST SP 800-90 194 195 389 CTR_DRBG19 The module supports the critical security parameters (CSPs) listed below in Table 8. Note: The “Input” and “Output” columns in Table 8 are in reference to the module’s logical boundary. Table 8 – Cryptographic Keys, Cryptographic Key Components, and CSPs Generation / Key/CSP Key Type Output Storage Zeroization Use Input AES Key AES 128-, Generated API Call Plaintext in API call or Encryption and 192-, 256-bit internally volatile power cycle decryption of key memory data HMAC Key HMAC Key Generated API Call Plaintext in API call or Message internally volatile power cycle authentication memory DRBG “V” Internal Generated Never Plaintext in API call or Used for SP Value CTR DRBG Externally and volatile power cycle 800-90 state value Input in memory CTR_DRBG Plaintext DRBG “Key” Internal Generated Never Plaintext in API call or Used for SP Value CTR DRBG Externally and volatile power cycle 800-90 key value Input in memory CTR_DRBG Plaintext ECB – Electronic Code Book 14 15 CTR - Counter HMAC – (Keyed-) Hashed Message Authentication Code 16 NIST – National Institute of Standards and Technology 17 SP – Special Publication 18 CTR_DRBG – CTR Deterministic Random Bit Generator 19 Vidyo Cryptographic Security Kernel Page 14 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 Generation / Key/CSP Key Type Output Storage Zeroization Use Input DRBG Seed Random bit Generated Never Plaintext in API call or Seed input to value Externally and volatile power cycle SP 800-90 Input in memory CTR_DRBG Plaintext Note: The module generates cryptographic keys whose strengths are modified by the available entropy. Since the entropy is loaded into the module from an unknown source within the module’s physical boundary but outside of the module’s logical boundary, there is no assurance of the minimum strength of generated keys. 2.8 Self-Tests 2.8.1 Power-Up Self-Tests The Vidyo Cryptographic Security Kernel runs power-up self tests when the module has been loaded into the host GPC or mobile device memory for execution and when they are called on-demand by the operator. If all power-up self-tests pass, the module will continue to function. If a self-test fails, the module will incur an error and will have to be restarted to in order to bring the module back to functionality. The Cryptographic Security Kernel performs the following self-tests at power-up:  Software integrity check using a Message Authentication Code (HMAC SHA-1)  Test for AES-NI Instruction Set (See Section 2.8.3)  Test for SSSE3 Instruction Set (See Section 2.8.3)  Known Answer Tests (KATs) o AES KAT (Encrypt / Decrypt) o SHA-1 KAT o HMAC SHA-1 KAT o SP 800-90 CTR_DRBG KAT A self-test failure causes the module to enter an error state. The module is capable of checking status and performing an integrity test in this state. Unloading the module effectively inhibits all data output and prevents the use of any of its cryptographic functionality until the error state is cleared by reloading the module. 2.8.2 Conditional Self-Tests The Cryptographic Security Kernel performs a Continuous RNG Test whenever a random number is generated. This ensures that the DRBG will output random numbers without being repeated. Failure of this self-test causes the module to enter an error state and will be unloaded. Unloading the module effectively inhibits all data output and prevents the use of any of its cryptographic functionality until the error state is cleared by reloading the module. 2.8.3 Critical Function Tests The Cryptographic Security Kernel runs critical function tests whenever the random bit generator is instantiated and whenever it is reseeded. This ensures the random bit generator algorithm cannot be predicted. These tests are run simultaneously with the random bit generator conditional self-test. Should any of these tests fail, the module will enter an error state and will be unloaded. Unloading the module effectively inhibits all data output and prevents the use of any of its cryptographic functionality until the error state is cleared by reloading the module. Vidyo Cryptographic Security Kernel Page 15 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 The Vidyo Cryptographic Security Kernel also performs critical function tests to check for a AES-NI and SSSE3 enabled processor. This will determine which versions of AES and SHA-1 the module will implement. The Cryptographic Security Kernel performs the following critical functions tests:  SP 800-90 DRBG Instantiate Test  SP 800-90 DRBG Reseed Test  Test for AES-NI Instruction Set  Test for SSSE3 Instruction Set 2.9 Mitigation of Other Attacks This section is not applicable. The modules do not claim to mitigate any attacks beyond the FIPS 140-2 Level 1 requirements for this validation. Vidyo Cryptographic Security Kernel Page 16 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 3 Secure Operation The Vidyo Cryptographic Security Kernel meets Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Initial Setup The Vidyo Cryptographic Security Kernel module is installed as part of the installation of a Vidyo software application or software development kit. For the CSK, the CO should follow the installation procedures of the Vidyo software application to insure proper installation and operation of the Vidyo CSK. The Vidyo CSK does not input, output, or persistently store CSPs within its logical boundary. However, the module may store CSPs within the physical boundary of the host system on which it runs. Operators are responsible for providing persistent storage of the cryptographic keys and CSPs, and to ensure that keys are transmitted outside the physical cryptographic boundary in the appropriate manner. 3.2 Crypto Officer Guidance The module is a software embodiment, therefore the calling application that utilizes the Vidyo CSK is considered the single operator of the module. The module does not support multiple concurrent operators. 3.2.1 Installation The module will be provided as a binary to the Crypto Officer by Vidyo. The module is installed during the process of installing the host application or software development kit. With the delivered software, the Crypto Officer also receives detailed documentation on installing, uninstalling, configuring, managing and upgrading the host application. For installation on mobile devices, the binary will be provided through an online App Store as a component of a host application. The Crypto Officer will not receive additional documentation regarding the module and should follow the standard procedures for the mobile device regarding installing, uninstalling, configuring, managing and upgrading the host application. 3.2.2 Management The module itself requires no set-up or management, as it only executes in a FIPS-Approved mode of operation. When the module is powered up, it performs the required power-on self-tests automatically. If the power-up self-tests are passed, the module is deemed to be operating in FIPS mode. 3.3 User Guidance The User does not have any ability to install or configure the module. Operators in the User role are able to use the services available to the User role listed in Table 4. However, they should report to the Crypto Officer if any irregular activity is noticed. Vidyo Cryptographic Security Kernel Page 17 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 4 Acronyms This section defines the acronyms used in this document. Table 9 – Acronyms Acronym Definition AES Advanced Encryption Standard API Application Programming Interface AVLA Advanced Video Layering Architecture CMVP Cryptographic Module Validation Program CO Crypto Officer CPU Central Processing Unit CSEC Communications Security Establishment Canada CSK Cryptographic Security Kernel CSP Critical Security Parameter CTR Counter CTR_DRBG CTR Deterministic Random Bit Generator DVD Digital Video Disc ECB Electronic Code Book EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard HMAC Hashed Message Authentication Code IP Internet Protocol KAT Known Answer Test NIST National Institute of Standards and Technology NVLAP National Voluntary Laboratory Accreditation Program RAM Random Access Memory SATA Serial Advanced Technology Attachment SCSI Small Computer System Interface SDK Software Development Kit SHA Secure Hash Algorithm SIMD Single Instruction, Multiple Data SP Special Publication SSSE3 Supplemental Streaming SIMD Extensions 3 SVC Scalable Video Coding Vidyo Cryptographic Security Kernel Page 18 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 24, 2014 Acronym Definition USB Universal Serial Bus Vidyo Cryptographic Security Kernel Page 19 of 20 © 2014 Vidyo, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Highway Suite 220 Fairfax, VA 22033 Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com