Version 1 Revision 17 i IBM System Storage TS1140 Tape Drive – Machine Type 3592, Model E07 Security Policy Document Version 1 Revision 17 Version 1 Revision 17 ii Table of Contents 1 Document History .................................................................................................................................................. 1 2 Introduction ............................................................................................................................................................ 2 2.1 References ............................................................................................................................................... 4 2.2 Document Organization ........................................................................................................................ 4 3 TS1140 Encrypting Tape Drive Cryptographic Module Description ..................................................................... 5 3.1 Overview ................................................................................................................................................. 5 3.2 Secure Configuration ............................................................................................................................. 6 3.3 Ports and Interfaces ............................................................................................................................... 9 3.4 Roles and Services ................................................................................................................................ 10 3.5 Physical Security .................................................................................................................................. 16 3.6 Cryptographic Algorithms and Key Management............................................................................ 17 3.7 Design Assurance ................................................................................................................................. 22 3.8 Mitigation of other attacks .................................................................................................................. 22 Version 1 Revision 17 1 1 Document History Date Author Change 05/06/2011 Said Ahmad V0.0 Initial Creation 07/27/2012 Said Ahmad V1.0 Remove old cert numbers and replace PRNG with DRBG 08/06/2012 Said Ahmad V1.1 Remove references to 1024-bit RSA key 9/27/2012 Said Ahmad V1.2 Replace RNG with DRBG 02/05/2013 Christine Knibloe V1.3 Update DRBG information. Add SHA-512 information. 04/17/2013 Christine Knibloe V1.4 Updates from onsite test results. Update algorithm certificates. 04/22/2013 Christine Knibloe V1.5 DRBG algorithm certificate 04/29/2013 Christine Knibloe V1.6 Add details for RSA and AES 05/10/2013 Christine Knibloe V1.7 Incorporate SAIC feedback 05/13/2013 Christine Knibloe V1.8 Update DRBG information 05/31/2013 Christine Knibloe V1.9 Incorporate additional feedback 05/31/2013 Christine Knibloe V1.10 Incorporate additional feedback 02/04/2014 Said Ahmad V1.11 Incorporate additional feedback 03/06/2014 Said Ahmad V1.12 Incorporate additional feedback 04/02/2014 Said Ahmad V1.13 Incorporate additional feedback 05/27/2014 Said Ahmad V1.14 Add key wrapping to AES usage 06/16/2014 Said Ahmad V1.15 Restate the secure configuration statement 06/19/2014 Said Ahmad V1.16 Add HMAC entry to table 6 06/19/2014 Said Ahmad V1.17 Remove references to unused HMAC Version 1 Revision 17 2 2 Introduction The security policy document is organized in the following sections:  Introduction  References  Document Organization This non-proprietary security policy describes the IBM System Storage TS1140 Encrypting Tape Drive - Machine Type 3592, Model E07 cryptographic module and the approved mode of operation for FIPS 140-2, security level 1 requirements. This policy was prepared as part of FIPS 140-2 validation of the TS1140. The IBM System Storage TS1140 Tape Drive - Machine Type 3592, Model E07 is referred to in this document as the “TS1140 Encrypting Tape Drive,” the “TS1140,” and the encrypting Tape Drive. Table 1: Security Section Security Section Level 1 Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance N/A Mitigation of Other Attacks 1 Overall FIPS 140-2 (Federal Information Processing Standards Publication 140-2—Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/ Version 1 Revision 17 3 TS1140 Encrypting Tape Drive Cryptographic Module Description  Cryptographic Module Overview  Secure Configuration  Cryptographic Module Ports and Interfaces  Roles and Services  Physical Security  Cryptographic Key Management  Self-Tests  Design Assurance  Mitigation of Other Attacks Version 1 Revision 17 4 2.1 References This document describes only the cryptographic operations and capabilities of the TS1140 Encrypting Tape Drive. More information is available on the general function of the TS1140 Encrypting Tape Drive at the IBM web site: http://www.ibm.com/storage/tape/ The tape drive meets the T10 SCSI-3 Stream Commands (SSC) standard for the behavior of sequential access devices. In addition, the tape drive primary host interfaces are physical fibre channel ports. The physical and protocol behavior of these ports conforms to Fibre Channel Protocol (FCP) specification. These specifications are available at the INCITS T10 standards web site: http://www.T10.org / A Redbook describing tape encryption and user configuration of the TS1140 drive in various environments can be found at: http://www.redbooks.ibm.com/abstracts/sg247320.html?Open The TS1140 drive format on the tape media is designed to conform to the IEEE P1619.1 committee draft proposal for recommendations for protecting data at rest on tape media. Details on P1619.1 may be found at: http://ieeexplore.ieee.org/servlet/opac?punumber=4413113 2.2 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the submission package contains:  Vendor Evidence Document  Other supporting documentation and additional references This document may be freely reproduced and distributed whole and intact including the Copyright Notice. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to IBM and is releasable only under appropriate non-disclosure agreements. For access to these documents, contact IBM. Version 1 Revision 17 5 3 TS1140 Encrypting Tape Drive Cryptographic Module Description 3.1 Overview The TS1140 Encrypting Tape Drive is a set of hardware, firmware, and interfaces allowing the optional storage and retrieval of encrypted data to magnetic tape cartridges. The entire “brick” unit of the TS1140 tape drive is FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the “brick” unit is embedded in a canister package and may be used in conjunction with a computer system or tape library. Some components of the TS1140 tape drive, such as mechanical components used for tape loading/unloading and actuating the tape cartridge, labels, cables, connectors, terminals and sensor components, do not have an effect on the security of the cryptographic module, and thus are excluded from the module boundary. The hardware and firmware versions are controlled as specified in section 3.7, with the FIPS certified Hardware EC Level being 00V6759 EC Level M11776 and the Firmware EC Level being 35P2401 EC Level M11776. A block diagram of the TS1140 Encrypting Tape Drive is shown below: Cryptographic Module Block Diagram Power (J37) Message Display SDRAM SDRAM (U20,U21,U22, (U51) U78,U61,U79) Port 0 Port 1 422 Panel (J14) FC Flash (U16) FAS 88SC9210 (J49) FC Tsubaki (U49) Master RS- Service (U24) Cartridge Mem (J32) Other Card (J10) Functions I2C Deck (U8,U43,U46, (J42) RS- 232 U48,U58,U73, U74,U75, U76,U77,U93) Tsubaki Ether- Ether- RS- BAB net (J4) Slave (J6,J45,J46) (U13) Head Tape (J40) net 232 Port (J55) (J54) SDRAM (U12,U80) Main Card Drive Figure 1: TS1140 Block Diagram Version 1 Revision 17 6 The TS1140 Encrypting Tape Drive has two major cryptographic functions:  Data Block Cipher Facility: The tape drive provides functions which provide the ability for standard tape data blocks as received during SCSI-type write commands to be encrypted before being recorded to media using AES-GCM block cipher using a provided key, and decrypted during reads from tape using a provided key. Note the AES-GCM block cipher operation is performed after compression of the o host data therefore not impacting capacity and data rate performance of the compression function The TS1140 drive automatically performs a complete and separate decryption and o decompression check of host data blocks after the compression/encryption process to validate there were no errors in the encoding process  Secure Key Interface Facility: The tape drive provides functions which allow authentication of the tape drive to an external IBM key manager, such as the IBM Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and allow transfer of protected key material between the key manager and the tape drive. 3.2 Secure Configuration This section describes the approved mode of operation for the TS1140 drive to maintain the FIPS 140-2 validation. There is only one FIPS approved mode of operation for the TS1140 which could be configured in two different configurations in the approved mode of operation. They are:  System-Managed Encryption (SME)  Library-Managed Encryption (LME) In order to be in an approved mode of operation, the values of the fields Key Path (manager Type) (from VPD), In-band Key Path (Manager Type) Override, Indirect Key Mode Default, Key Scope, and Encryption Method must be set according to the table below. More details can be found in the TS1140 SCSI Reference. Table 2: Settings for Approved Configurations Required Fields System-Managed Library-Managed Encryption (SME) Encryption (LME) Key Path (Manager Type) (from VPD) 001b 110b Mode Page X’25’, byte 21, bits 7-5 In-band Key Path (Manager Type) Override 000b or 001b 000b Mode Page X’25’, byte 21, bits 4-2 Indirect Key Mode Default 0b 0b Mode Page X’25’, byte 22, bit 4 Key Scope 000b or 001b 000b or 001b Mode Page X’25’, byte 23, bits 2-0 Encryption Method 10h or 1Fh 60h Mode Page X’25’, byte 27 A user can determine if the TS1140 is in the approved mode of operation by issuing a SCSI Mode Sense command to Mode Page X’25’ and evaluating the values returned. Certain commands are prohibited while in the approved mode of operation. The commands vary based on which configuration is used in the approved mode. In the LME configuration, all Mode Select commands to subpages of Mode Page X’25’ and Mode Page X’30’, Subpage X’20’ are prohibited. In the SME configuration, Mode Select commands to the following subpages of Mode Page X’25’ and Mode Page X’30’, Subpage X’20’ are prohibited. Version 1 Revision 17 7 Table 3: Mode Select Eligibility of Mode Page X’25’ Subpages Mode Mode Subpages System-Managed Library-Managed Page Encryption (SME) Encryption (LME) X’25’ X’C0’ – Control/Status Prohibited Allowed X’25’ X’D0’ – Generate dAK/dAK’ Prohibited Prohibited Pair X’25’ X’D1’ – Query dAK Prohibited Prohibited X’25’ X’D2’ – Update dAK/dAK’ Pair Prohibited Prohibited X’25’ X’D3’ – Remove dAK/dAK’ Prohibited Prohibited Pair X’25’ X’D5’ – Drive Prohibited Allowed Challenge/Response X’25’ X’D6’ – Query Drive Certificate Prohibited Allowed X’25’ X’D8’ – Install eAK Prohibited Prohibited X’25’ X’D9’ – Query eAK Prohibited Prohibited X’25’ X’DA’ – Update eAK Prohibited Prohibited X’25’ X’DB’ – Remove eAK Prohibited Prohibited X’25’ X’DF’ – Query dSK Prohibited Allowed X’25’ X’E0’ – Setup SEDK/EEDK(s) Prohibited Allowed X’25’ X’E1’ – Alter EEDK(s) Prohibited Allowed X’25’ X’E2’ – Query EEDKs (Active) Prohibited Allowed X’25’ X’E3’ – Query EEDKs Prohibited Allowed (Needed) X’25’ X’E4’ – Query EEDKs (Entire) Prohibited Allowed X’25’ X’E5’ – Query EEDKs Prohibited Allowed (Pending) X’25’ X’EE’ – Request EEDKs Prohibited Allowed (Translate) X’25’ X’EF’ – Request EEDKs Prohibited Allowed (Generate) X’25’ X’FE’ – Drive Error Notify Prohibited Allowed X’30’ X’20’ – Encryption Mode Prohibited Prohibited Loading a FIPS 140-2 validated drive microcode level and configuring the drive for SME or LME operation initializes the TS1140 into the approved mode of operation. To ensure that the FIPS 140-2 validated drive microcode level occupies both the main and reserved firmware locations, it's suggested that the firmware be loaded twice. The TS1140 supports multi-initiator environments, but only one initiator may access cryptographic functions at any given time. Therefore the TS1140 does not support multiple concurrent operators. The TS1140 implements a non-modifiable operational environment which consists of a firmware image stored in FLASH. The firmware image is copied to, and executed from, RAM. The firmware image can only be updated via FIPS-approved methods that verify the validity of the image. The TS1140 drive operates as a stand-alone tape drive and has no direct dependency on any specific operating system or platform for FIPS approved operating mode, but does have requirements for:  Key Manager/Key Store attachment  Drive Configuration Version 1 Revision 17 8 The following criteria apply to the usage environment:  Key Manager and Key Store Attachment o In both SME and LME configurations, an IBM key manager, such as the Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and a supported key store must be used in a manner which supports secure import and export of keys with the TS1140 drive :  Keys must be securely passed into the TS1140 drive. The key manager must support encryption of the Data Key to form an Session Encrypted Data Key (SEDK) for transfer to the TS1140 drive using the TS1140 drive public Session Key and a 2048-bit RSA encryption method.  The key manager/key store must be able to use the EEDK it supplies the drive to determine the Data Key.  Drive Configuration requirements o The TS1140 drive must be configured in SME or LME configurations. o The TS1140 drive must have the FIPS 140-2 validated drive firmware level loaded and operational. o Drive must be configured in the approved mode of operation. o In LME configuration, the TS1140 drive must be operated in an automation device which operates to the LDI or ADI interface specifications provided. Version 1 Revision 17 9 3.3 Ports and Interfaces The cryptographic boundary of the TS1140 drive cryptographic module is the drive brick. Tape data blocks to be encrypted (write operations) or decrypted data blocks to be returned to the host (read operation) are transferred on the host interface ports using SCSI commands, while protected key material may be received on the host interface ports or the library port. The physical ports are separated into FIPS-140-2 logical ports as described below. Table 4: Ports and Interfaces of the TS1140 TS1140 Drive FIPS-140-2 Crypto Interface Functionality Physical Ports Logical Interface Services  Inputs data Fibre Channel Port Data Input Yes  Crypto: Inputs protected keys from the key 0 Data Output Control Input manager in SME configuration.  Outputs data Status Output Fibre Channel Port  Outputs encrypted key components 1  Inputs SSC-3 SCSI protocol commands  Outputs SSC-3 SCSI protocol status  Crypto: Inputs protected keys from the key RS-422 Port Data Input Yes Data Output manager in LME configuration.  Outputs data Control Input  Outputs encrypted key components Status Output  Inputs LDI and LMI protocol commands.  Outputs LDI and LMI protocol status.  Disabled in the FIPS validated firmware RS-232 Ports Disabled None  Inputs controls and image for firmware load Ethernet Port Control Input None  Outputs status Status Output Data Input  Disabled by FIPS approved firmware levels. BAB Port Disabled None  Inputs VPD data I2C Interface Data Input None  Outputs VPD data Data Output  Inputs controls from service panel Service Panel Control Input Yes  Crypto: Inputs controls for key zeroization Interface Status Output  Crypto: Inputs controls for VPD configuration  Outputs status  Crypto: Outputs indicator for the encrypting state  Inputs unload button selection Front Panel Control Input Yes  Inputs reset button selection Interface Status Output  Outputs status on 8 character display - 8 Character  Crypto: Outputs indicator for the encrypting state Display - Unload Button - Reset Button  Input Power Port Power None Inputs power to the TS1140 drive  Cartridge Memory Data Input Yes Inputs parameters.  RFID Port Data Output Crypto: Inputs external key structures  Outputs parameters.  Crypto: Outputs external key structures  Read/Write Head Data Input None Inputs data from tape cartridges (decrypted reads)  Data Output Outputs data to tape cartridges (encrypted writes)  Control Input Inputs command to load firmware from special FMR cartridges Version 1 Revision 17 10 3.4 Roles and Services The TS1140 drive supports both a Crypto Officer role and a User role, and uses basic cryptographic functions to provide higher level services. For example, the TS1140 drive uses the cryptographic functions as part of its data reading and writing operations in order to perform the encryption/decryption of data stored on a tape. The Crypto Officer role is implicitly assumed when an operator performs key zeroization. The User role is implicitly assumed for all other services. Both operators have access to the Power-up Self-Tests service. The two main services the TS1140 drive provides are:  Encryption or decryption of tape data blocks using the Data Block Cipher Facility.  Establishment and use of a secure key channel for key material passing by the Secure Key Interface Facility. It is important to note that the Secure Key Interface Facility may be an automatically invoked service when a user issues Write or Read commands with encryption enabled that require key acquisition by the TS1140 drive. Under these circumstances the TS1140 drive automatically establishes a secure communication channel with a key manager and performs secure key transfer before the underlying write or read command may be processed. 3.4.1 User Guidance The services table describes what services are available to the User and Crypto Officer roles.  There is no authentication required for accessing the User Role  There is no authentication required for accessing the Crypto Officer Role Single Operator requirements:  The TS1140 drive enforces a requirement that only one host interface initiator may have access to cryptographic services at any given time. Version 1 Revision 17 11 3.4.2 Provided Services Available services are also documented in the specified references. All of the services summarized here, excluding the services expressly prohibited in Table 3, are allowed in the FIPS mode of operation. Table 5: Provided Services Service Interface(s) Description Inputs Outputs Role General SCSI - Host As documented in the Formatted Formatted User commands TS1140 SCSI Reference Operational Operational Codes and Codes and Messages Messages General Library - Library As documented in the Formatted Formatted User Interface commands Drive Library LDI and Operational Operational LMI Interface Codes and Codes and Specifications Messages Messages Service Panel - Service Set selected aspects of Button Service User Configuration Panel drive configuration selections Panel manually, per the 3592 E07 Maintenance Information Manual Service Panel - Service Invoke diagnostics Button Service User Diagnostics Panel manually, per the 3592 selections Panel, E07 Maintenance 8 Character Information Manual Display Service Panel Status - Service Displays status, per the From Service User Display Panel 3592 E07 Maintenance TS1140 Panel Information Manual drive operating system Front Panel Interface - Front Panel Displays status, per the From 8 Character User Status Interface 3592 E07 Maintenance TS1140 Display (8 Information Manual drive Character operating Display) system Front Panel Interface - Front Panel Unload via unload button Button 8 Character User Unload Interface selection Display (Unload Button) Front Panel Interface - Front Panel Reset via the reset button Button Reboot User Reset Interface selection occurs (Reset Button) Version 1 Revision 17 12 Service Interface(s) Description Inputs Outputs Role Encrypting Write- - Host The Secure Key Interface - Plaintext - Encrypted User type Command Facility automatically data data on tape requests a key, provides - SEDK - EEDK on authentication data, - EEDK tape securely transfers and verifies the key material. The Data Block Cipher Facility encrypts the data block with the received Data Key using AES- GCM block cipher for recording to media. A received EEDK is automatically written to media using the Cartridge memory and the RW Head Interface. The decryption-on-the- fly check performs AES- GCM decryption of the encrypted data block and verifies the correctness of the encryption process Decrypting Read- - Host The Secure Key Interface SEDK - Plaintext User type Command Facility automatically data to host requests a key, provides authentication data and EEDK information if available, securely transfers and verifies the key material. The received Data Key is used by the Data Block Cipher Facility to decrypt the data block with using AES-GCM decryption and returning plaintext data blocks to the host; Optionally in Raw mode the encrypted data block may be returned to the host in encrypted form (not supported in approved configuration) Set Encryption - Host Performed via Mode Requested None User Control Parameters - Library Select to Mode Page Mode Page (including Bypass x’25’ and Encryption and Subpage Mode) Subpage X’C0’ Query Encryption - Host Performed via Mode Requested Mode Data User Control Parameters - Library Sense to Mode Page Mode Page (including Bypass x’25’ and Encryption and Subpage Mode) Subpage X’C0’ “Show Status” Version 1 Revision 17 13 Service Interface(s) Description Inputs Outputs Role Drive - Host Allows programming Requested Mode Data User Challenge/Response - Library challenge data and Mode Page reading an optionally) and Subpage encrypted, signed response; not used in default configuration. Performed via mode select and mode sense to Mode Page x’25’ and Encryption Subpage x’D5’; not used in default configuration Query Drive - Host Allows reading of the Requested Mode Data User Certificate - Library Drive Certificate public Mode Page key. Performed via mode and Subpage sense to Mode Page x’25’ and Encryption Subpage x’D6’; the provided certificate is signed by the IBM Tape Root CA. Query dSK - Host Allows reading of the Requested Mode Data User - Library Drive Session (Public) Mode Page Key Performed via and Subpage mode sense to Mode Page x’25’ and Encryption Subpage X’DF’. Setup SEDK - Host This is the means to Requested Mode Data User structure (a - Library import a protected private Mode Page protected key key to the TS1140 drive and Subpage structure) for use in writing and encrypted tape or in order to read a previously encrypted tape. Performed via mode select to Mode Page x’25’ and Encryption Subpage x’E0’. In this service, the module generates a drive session key pair. The module then sends the dSK to the key manager where it is used to create an SEDK. Then, the key manager sends the SEDK back to the module. Version 1 Revision 17 14 Service Interface(s) Description Inputs Outputs Role Query DKx(s) – - Host Allows the reading from Requested Mode Data User active, needed, - Library the drive of DKx Mode Page pending , entire (all) structures in different and Subpage categories for the medium currently mounted. Performed by Mode Select commands to Mode Page x25’ and various subpages. Request DKx(s) - Host This status command is Requested Mode Data User Translate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that is has read DKx structures from a mounted, encrypted tape and needs them translated to an SEDK and returned for the drive to read the tape. The key manager issues this command to read DKx structures which the drive requires to be translated by the Key Manager and subsequently returned to the drive as an SEDK structure to enable reading of the currently active encrypted area of tape. Performed via mode sense to Mode Page x’25’ and Encryption Subpage X’EE’. Request DKx(s) - Host This status command is Requested Mode Data User Generate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it requires new SEDK and DKx structures to process a request to write an encrypted tape. This page provides information about the type of key the drive is requesting. Performed via mode sense to Mode Page x’25’ and Encryption Subpage X’EF’. Version 1 Revision 17 15 Service Interface(s) Description Inputs Outputs Role Alter DKx(s) - Host This command is used to Requested Mode Data User - Library modify the DKx Mode Page structures stored to tape and Subpage and cartridge memory. The TS1140 drive will write the modified structures out to the tape and cartridge memory as directed. Performed via mode sense to Mode Page x’25’ and Encryption Subpage x’E1’. Drive Error Notify - Host These status responses Requested Mode Data User and Drive Error - Library are the means used by the Mode Page Notify Query drive to notify the Key and Subpage Manager that an action is required, such as a Key generation or Translate, to proceed with an encrypted write or read operation. These status responses are read via Mode Sense commands to Mode Page x’25’ subpage ‘EF” and ‘FF’. Power-Up Self-Tests - Power Performs integrity and None Failure User, - Host cryptographic algorithm required status, if Crypto - Library self-tests, firmware applicable Officer image signature verification Configure Drive - Host Allows controlling of From Vital User Vital Product Data - Library default encryption mode TS1140 Product (VPD) settings and other operating drive Data (VPD) parameters operating system Key Path Check - Host As documented in the Send Send User diagnostic TS1140 SCSI Reference Diagnostic Diagnositc command command specifying status the Key Path diagnostic Key Zeroization - Service Zeroes all private Service Diagnositc Crypto Panel plaintext keys in the panel command Officer - Host TS1140 drive via buttons status Service Panel Or Or Send Send Diagnostic Diagnostic command with command Diagnostic ID EFFFh, as specifying documented in the the Key TS1140 SCSI Reference. Zeroization Firmware Load - Host Load new firmware to the New Load test Crypto module firmware indicator Officer Version 1 Revision 17 16 3.5 Physical Security The TS1140 drive cryptographic boundary is the drive “brick” unit. The drive brick unit is embedded in a factory supplied canister assembly. Both the drive brick unit and the canister assembly have industrial grade covers. These covers are not removed in the field in the approved configuration. The TS1140 requires no preventative maintenance, and field repair is not performed for the unit. All failing units must be sent intact to the factory for repair. All of the drive’s components are production grade. Figure 2 TS1140 Drive Brick Figure 3 TS1140 Drive Canister Version 1 Revision 17 17 3.6 Cryptographic Algorithms and Key Management 3.6.1 Cryptographic Algorithms The TS1140 drive supports the following basic cryptographic functions. These functions are used by the Secure Key Interface Facility or the Data Block Cipher Facility to provide higher level user services. Table 6: Basic Cryptographic Functions Algorithm Type /Usage Specification Approved? Used by Algorithm Certificate AES-ECB mode Symmetric cipher AES: FIPS Yes Firmware #2385 encryption/decryption Provides underlying 197 (256-bit keys) AES encryption. AES key wrapping AES-GCM mode Symmetric Cipher AES: FIPS- Yes ASIC #2384, encryption / decryption Encrypts data blocks 197 #2387 (256-bit keys) while performing GCM: decrypt-on-the-fly SP800-38D verification Decrypts data blocks DRBG IV generation for SP800-90 Yes Firmware #314 AES-GCM, Drive using SHA- Session Key 512 generation SHA-1 Hashing Algorithm FIPS 180-4 Yes Firmware #2051 Multiple uses SHA-256 Hashing Algorithm FIPS 180-4 Yes Firmware #2051 Digest verifies key manager messages, digest appended on messages to key manager SHA-512 Hashing Algorithm FIPS 180-4 Yes Firmware #2051 Supports DRBG RSA Sign/Verify Digital signature FIPS 186-2 Yes Firmware #1234 generation and verification to sign the session key and to verify firmware image signature on firmware load RSA Key Generation Key Generation - No, but Firmware N/A (2048-bit key) Session key allowed in FIPS mode1 generation (provides 112 bits of encryption strength) RSA Key Transport Decryption of - No, but Firmware N/A (2048-bit key) transported SEDK allowed in key material FIPS mode (provides 112 bits of encryption strength) 1 Allowed for generation of keys used by the RSA Key Transport mechanism Version 1 Revision 17 18 Algorithm Type /Usage Specification Approved? Used by Algorithm Certificate No2 TRNG (Custom) Seeding DRBG - ASIC N/A 2 Allowed in FIPS mode for seeding approved DRBG Version 1 Revision 17 19 3.6.2 Security Parameters The following table provides a summary of both critical security parameters (CSPs) and non-critical security parameters used by the TS1140 drive. Table 7: Security Parameters Security Input into Output Generation Storage Storage Zeroized CSP Key Type Parameter Module from Method Location Form Module Drive RSA Yes - Yes N/A Drive Vital Non-volatile Yes No Certificate 2048-bit at time of Product Data Plaintext Public Key manufacture (VPD) (dCert) Drive Yes RSA Yes - No N/A Drive VPD Non-volatile Yes Certificate 2048-bit at time of X.509 Private Key manufacture certificate (dCert’) signed with the IBM Tape root CA Drive No RSA No – Yes Non- Drive RAM Ephemeral Yes Session 2048-bit Generated approved, Plaintext Public Key by module allowed in (dSK) FIPS mode Drive Yes RSA No – No Non- Drive RAM Ephemeral Yes Session 2048-bit Generated approved, Plaintext Private Key by module allowed in (dSK’) FIPS mode Session No RSA-2048 Yes No N/A Drive RAM Ephemeral Yes Encrypted encrypted Encrypted Data Key with the (SEDK) dSK Data Key Yes AES Yes – No N/A Before Use: Ephemeral Yes (DK) 256-bit (Received in Drive RAM Plaintext symmetric encrypted When in use: Ephemeral key form, Unreadable Encrypted encapsulated register in ASIC form as in the SEDK SEDK) Cryptograph Yes AES No – No DRBG Before Use: Ephemeral Yes ic Data Key 256-bit Generated Drive RAM plaintext (cDK) symmetric by module key DRBG Yes 256-bit No – No TRNG Drive RAM Ephemeral Yes Entropy input string Generated Plaintext Input String by module DRBG Yes 256 bits No - No Internal Drive RAM Ephemeral Yes value, V Generated state value Plaintext by module of DRBG DRBG Yes 256 bits No – No Internal Drive RAM Ephemeral Yes constant, C Generated state value Plaintext by module of DRBG Version 1 Revision 17 20 Additional notes on key management:  Secret and private keys are never output from the TS1140 drive in plaintext form.  Secret keys may only be imported to the TS1140 drive in encrypted form.  The module generates cryptographic keys whose strengths are modified by available entropy.  Zeroization behavior outlined in Table 7 Table 8: CSP Access Table Drive Certificate Private Key Drive Certificate Public Key Session Encrypted Data Key DRBG Entropy Input Key Drive Session Private Key Drive Session Public Key Cryptographic Data Key DRBG Constant, C DRBG value ,V (SEDK) (dCert’) Data Key (dCert) (dSK’) (dSK) (DK) cDK General SCSI commands R R W General Library Interface commands Service Panel Configuration X X X X X X Service Panel Diagnostics Service Panel Status Display Front Panel Interface Status W W W W W Front Panel Interface Unload W W W W W W W W Front Panel Interface Reset X X Encrypting Write-type Command X X Decrypting Read-type Command Set Encryption Control Parameters (including Bypass Mode) Query Encryption Control Parameters (including Bypass Mode) “Show Status” X X X X Drive Challenge/Response R Query Drive Certificate X R Query dSK X W W W Setup an SEDK and EEDK structure (a protected key structure) Query EEDK(s) – active, needed, pending , entire (all) R Request EEDK(s) Translate W Request EEDK(s) Generate X RW Alter EEDK(s) Drive Error Notify and Drive Error Notify Query X X X X X X Power-Up Self-Tests W W Configure Drive Vital Product Data (VPD) settings X X RX X R Key Path Check diagnostic W W W W W W W W W W Key Zeroization Firmware Load Test Version 1 Revision 17 21 3.6.3 Self-Test The TS1140 drive performs both Power On Self Tests and Conditional Self tests as follows. The operator shall power cycle the device to invoke the Power On Self tests. Table 9: Self-Tests Function Self-Test Type Implementation Failure Behavior Tested FSC3 D131 posted AES-ECB Power-up KAT performed for Encrypt and Decrypt AES-GCM Power-Up KAT performed for Encrypt and Decrypt (256-bit) FSC D130 posted (256-bit keys) DRBG Power-Up KAT performed Drive reboot SHA-1 Power-Up KAT performed FSC D131 posted SHA-256 Power-Up KAT performed FSC D131 posted SHA-512 Power-Up KAT performed FSC D131 posted RSA Sign KAT Power-Up Separate KATs performed for sign and verify with FSC D131 posted and Verify pre-computed results KAT Application Power-Up RSA digital signature verification of application Drive reboot Firmware firmware; Integrity Check VPD Integrity Power-Up CRC check of vital product data (VPD); FSC D131 posted Check DRBG Conditional: Continuous random number generator test Drive reboot When a random performed. number is generated TRNG Conditional: Continuous random number generator test Drive reboot (Custom) When a random performed. number is generated Firmware Load Conditional: RSA signature verification of new firmware image Code load is Check When new firmware before new image may be loaded rejected is loaded Exclusive Conditional: Ensure correct data output after switching modes FSC F001 posted Bypass Test When switching Check to ensure the key is properly loaded between encryption (Note: The same implementation serves as the and bypass modes Alternating Bypass Test.) Alternating Conditional: Ensure correct data output after switching modes FSC F001 posted Bypass Test When switching Check to ensure the key is properly loaded between encryption (Note: The same implementation serves as the and bypass modes Exclusive Bypass Test.) Key Path test Conditional: The drive will initiate a key request and key transfer FSC D132 posted When the Send operation with an attached Key Manager; random Diagnostic command protected key material is imported into the device specifying this and checked for validity; status is reported back to diagnostic number is the Key Manager and the invoking Host received from the host fibre or library port; the drive must be unloaded and idle or the command is rejected 3 Fault Symptom Code Version 1 Revision 17 22 3.6.4 Bypass States The TS1140 supports the following bypass states: Table 10: Bypass States Bypass State To enter the Bypass State To verify the Bypass State Static Bypass Mode 1: Issue a Mode Select command to Issue a Mode Sense Encryption disabled mode page X’25’ and set the command to verify the “Encryption Disabled” bit mode is accurately reflected on mode page X’25’ Static Bypass Mode 2: Issue a Mode Select command to Zero key usage for all records mode page X’25’ and set bit 0 of Encryption Control 3 to 1 Alternating Bypass Mode 1: Issue a Mode Select command to Zero Key usage all labels mode page X’25’ and set bit 2 of Encryption Control 3 to 1 Alternating Bypass Mode 2: Issue a Mode Select command to Zero Key usage on Volume Labels mode page X’25’ and set bit 1 of Encryption Control 3 to 1 Bypass entry, exit, and status features are provided to meet approved methods for use of bypass states. 3.7 Design Assurance TS1140 drive release parts are maintained under the IBM Engineering Control (EC) system. All components are assigned a part number and EC level and may not be changed without re-release of a new part number or EC level. The following table shows the validated configuration for each host interfaces of the TS1140 encrypting tape drive: Table 11: Validated Configuration Hardware EC Level 00V6759 EC Level M11776 Firmware EC Level 35P2401 EC Level M11776 3.8 Mitigation of other attacks The TS1140 drive does not claim to mitigate other attacks.