Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 1 of 14 Non-Proprietary Security Policy for AirFortressTM Client Cryptographic Module 2.4 FIPS 140-1 October 31, 2003 Rev. 08 This security policy of Fortress Technologies, Inc. for the AirFortressTM Client Cryptographic Module (AF Client) defines general rules, regulations, and practices under which the AF Client was designed and developed and for its correct operation. These rules and regulations have been and must be followed in all phases of security projects, including the design, development, manufacture, service, delivery and distribution, and operation of products. © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 2 of 14 Contents 1.0 INTRODUCTION ..................................................................................................... 3 2.0 AF CLIENT SECURITY FEATURES ...................................................................... 5 2.1 CRYPTOGRAPHIC MODULE.........................................................................................5 2.2 MODULE INTERFACES ................................................................................................5 2.3 ROLES AND SERVICES ................................................................................................6 2.3.1 Roles ................................................................................................................ 6 2.3.2 Services ............................................................................................................ 7 2.4 P HYSICAL SECURITY..................................................................................................8 2.5 SOFTWARE SECURITY..............................................................................................10 2.6 OPERATING SYSTEM SECURITY ................................................................................10 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ......................................................................10 2.7.1 Key Generation ............................................................................................... 10 2.7.2 Protocol Support ............................................................................................. 10 2.7.3 Key Storage..................................................................................................... 11 2.7.4 Zeroization of Keys.......................................................................................... 11 2.8 CRYPTOGRAPHIC ALGORITHMS................................................................................11 2.9 EMI/EMC...............................................................................................................11 2.10 SELF -TESTS.............................................................................................................11 3.0 CUSTOMER SECURITY POLICY ISSUES........................................................... 13 4.0 MAINTENANCE ISSUES....................................................................................... 14 Figures and Tables Figure 1. The Seven Layers of the OSI Reference Module .........................................................3 Figure 2. Information Flow Through the AF Client ...................................................................6 Table 1. Cryptographic Officer................................................................................................8 Table 2. User..........................................................................................................................8 © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 3 of 14 1.0 Introduction This security policy defines all security rules under which all products the AirFortressTM Client (also known as the AirFortressTM Secure Client) must operate and enforce, including rules from relevant standards such as FIPS. The AirFortressTM Client (AF Client) complies with all FIPS 140-1 level 1 requirements. The AF Client is a cryptographic software application that operates as a multi-chip standalone cryptographic module. The cryptographic boundary of the module is the compiled application executable. The physical boundary is the hardware platform, such as a typical PC or a PDA, on which the AF Client is installed. The AF Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. The AF Client software and computer hardware combination operates as an electronic encryption application designed to prevent unauthorized access to data transferred across a wireless network. The AF Client encrypts and decrypts traffic transmitted on that network, protecting all clients "behind" it on a protected network. Only authorized personnel, such as the system administrator (cryptographic officer), can log into the module. The AF Client operates at the datalink, (also known as MAC) layer of the OSI model as shown in Figure 1. Most of the security protocols are implemented without human intervention to prevent any chance of human error. Least 7. Application Secure 6. Presentation 5. Session 4. Transport 3. Network AirFortressTM Client 2. Datalink Most 1. Physical Secure Figure 1. The Seven Layers of the OSI Reference Module The AF Client is designed to operate on devices with Microsoft® Windows® 9x, NT, 2000, XP, and CE operating systems. Its security protocols are implemented without human intervention to prevent any chance of human error; therefore, the products operate with minimal intervention from the user. It secures communication within LANs, WANs, and WLANs. The cryptographic officer role manages the cryptographic configuration of the AF Client. Administrators can review module status and manage system settings where appropriate but not cryptographic settings when the modules are operating in FIPS mode. Because of the AF Client automates cryptographic processing, end users do not have to actively initiate cryptographic © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 4 of 14 processing; the AF Client encrypts and decrypts data sent or received by users operating authenticated devices connected to the AF Client. The AF Client offers point-to-point-encrypted communication between protected devices. Two or more AF Clients can communicate with each other directly or an AF Client can communicate to devices protected by an AirFortressTM Wireless Security Gateway. The products encrypt outgoing data from a client device and decrypt incoming data from networked computers located at different sites. © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 5 of 14 2.0 AF Client Security Features The AF Client provides true datalink layer (Layer 2 in Figure 1) security. To accomplish this, it was designed with the minimum security features described in the following sections. 2.1 Cryptographic Module The following security design concepts guide the development of the AF Client: 1. Use strong, proven encryption solutions such as Triple DES (TDES) and AES. 2. Protect data at or below the level of vulnerability 3. Minimize the human intervention to the module operation with a high degree of automation to prevent human error and to ease the use and management of a security solution. 4. Secure all points where a LAN, WLAN, or WAN can be accessed by using a unique company Access ID, defined by the customer, to identify authorized devices as belonging to the protected wireless network The Wireless Link Layer SecurityTM (wLLS) architecture of the cryptographic engine ensures that cryptographic processing is secure on a wireless network and automates most security operations to prevent any chance of human error. Because wLLS operates at the datalink layer, header information is less likely to be intercepted. In addition to applying standard strong encryption algorithms, wLLS also compresses data, disguising the length of the data to prevent analytical attacks and yielding a significant performance gain on network throughput. The AF Client requires no special configuration to operate once correctly installed by the cryptographic officer, although customers are encouraged to change certain security settings, such as the Access ID for the device, to ensure that each customer has unique parameters that must be met for access. The AF Client allows role -based access to user interfaces that access to the appropriate set of management and status monitoring tools. 2.2 Module Interfaces The AF Client provides logical interfaces for input and output; it does not support separate ports for cryptographic key management or data authentication. Inbound and outbound traffic is received through the communication port of the hardware device on which the AF client is installed. The information is processed by the Microsoft® NDIS Intermediate protocol and then to the packet capture component, which identifies packets as incoming or outgoing and encrypts or decrypts the packets accordingly. This NDIS interface interacts with third-party applications installed on the computer that receives packets and with the device communication port (NIC, RJ- 45 port, serial port, or other option). Data sent and received through the NDIS interface to a connected access point are always encrypted; the AF Client does not allow plaintext transmission of data, cryptographic keys, or critical security parameters across a LAN or WLAN. Figure 2. Information Flow Through the AF Client shows this information flow in relation to a standard set of computer components that will be present on any platform on which the AF Client is installed. The module has one logical interface for information flow, which handles all communication into and out of the module. Data is transmitted to the network exclusively as ciphertext. The AF Client © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 6 of 14 does not require physically separate entry and exit ports. The device communications port serves as both a data entry and exit port for secured network communications, as the data streams are bi- directional and conform to the real-time information exchange over the network. AF Secure Client Front End (GUI) AF Secure Client Back End Storage Media Encrypted databases Control Data (input in GUI) Key Engine Config DB NFRemote COM (NFServer) Status Data (output in GUI) NFS (Partner) Kernel FSDrvr IOCTL Crypto Module (wLLS) Packet Capture Microsoft® NDIS Intermediate Protocol Plaintext Applications NDIS Driver interacting with the AF Secure Client Communications Port (NIC, RJ-45, etc.) Encrypted Data Figure 2. Information Flow Through the AF Client 2.3 Roles and Services The AF Client supports two user roles: Cryptographic Officer and User. Role -based authentication is supported. 2.3.1 Roles The AF Client supports two user roles, cryptographic officer and user. The cryptographic officer performs the following tasks in particular: · Install the AF Client · Set the unique, company-specific access ID that identifies AF Clients on a common network © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 7 of 14 · Select the cryptographic algorithm to use · Set operation mode to FIPS or non-FIPS. This is accomplished during the install process by selecting the FIPS radio button. Once installed, the C-O can take the module out of FIPS mode by turning off the module's cryptographic functions or by selecting the non- FIPS radio button. · Configure cryptographic officer password · Reset current session keys, which zeroizes the session keys and requires a new session key be created before any further communication · Create an emergency repair disk The cryptographic officer performs most tasks while installing the AF Client. Access to other cryptographic controls after the product is installed requires the cryptographic officer to enter the correct password. Passwords must be of a minimum specified length. The user role of the AF Client can monitor system status and perform the following tasks: · Review system status information · Turn encryption off to switch to bypass mode (Not available in FIPS mode) · Toggle system messages on or off · Reset current session keys, zeroizing current cryptographic keys and requiring that a new session key be created before further communication is allowed · Restart the AF Client The user cannot change any critical system or cryptographic settings 2.3.2 Services The following key management services are provided in the module without requiring operator intervention: · Generating the module's keys · Generating cryptographic keys using encrypted Diffie -Hellman exchanges to prevent man-in-the-middle attacks · Creating and maintaining tables (users can manually clear tables) · Authenticating devices attempting to communicate with the AF Client · Reinitiating key exchange at user-specified intervals · Zeroizing keys if power to the module is turned off The following cryptographic operations services are provided in the module without requiring operator intervention: · Filtering packets to prevent any unencrypted (and, therefore, unauthorized) packets from entering the network · Encrypting and decrypting packets at the datalink layer (OSI level 2) · Authenticating the origin of packets · Testing packet integrity using a SHA-1 hash Other services performed by the module include monitoring and displaying device status and performing all self-tests. © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 8 of 14 The following tables show the services supported and allowed for each CSP for each role. Table 1. Cryptographic Officer Restore Disable Restart Enable Reset Show Critical Security Parameter & Save Set Access Rights to Service Access ID X Crypto keys X Device ID X X X Device MAC X FIPS mode X X Role passwords X Table 2. User Restore Restart Reset Show Critical Security Parameter & Save Access Rights to Service Access ID Crypto keys X Device ID X X X Device MAC X FIPS mode X Role passwords 2.4 Physical Security The AF Client was designed to be installed on production quality devices used by the customer. However, as the AF Client is delivered as a software cryptographic module only, the physical security requirements do not apply to the module. The AF Client was tested on the following operating system/hardware combinations; Windows 2000 ­ Service Pack 2 Pentium III 450 MHz 256 MB DRAM 8 GB IDE Hard-drive © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 9 of 14 CD, 1.44 MB Floppy Drive Netgear 10/100 Mbps NIC Generic 8 MB Video Accelerator Display Card Tested to comply with FCC Class B MS DOS 6.20, Windows 98 2nd Edition & Windows NT 4.0 Service Pack 2 Multiboot system Pentium II 266 MHz 64 MB RAM 6.5 MB HD Total CDROM, 1.44 MB Floppy Drive Generic 10/100 Mbps NIC Generic VGA Display Card Tested to comply with FCC Class B Windows XP Pro ­ Service Pack 1 Pentium IV 1.60 GHz 256 MB RAM 17 GB IDE HD CD, 1.44 MB Floppy Drive Netgear 10/100 Mbps NIC Generic SVGA Display Card Tested to comply with FCC Class B Windows CE 3.0 Compaq iPaq pocket pc ARM SA1110 64 MB RAM Compaq WL110 11 Mbps Wireless LAN NIC (FCC: IMRWLPCE24H) 5V Power & Battery (120 to 5 volt converter included) Tested to comply with FCC Class B PalmOS 4.1 Symbol Module Number SPT1846 1D 4 MB Fijitsu FLASH © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 10 of 14 8 MB RAM 11 Mbps T2 S24 Wireless LAN NIC 4.05V Power & Battery (120 to 4.05 converter included) FCC ID: H9PSPT1846 The physical security of a deployed AF Client is determined by the customer's security policy. 2.5 Software Security The AF Client software is written in C and C++ and operates on most versions of the Windows operating system. The software is installed in the host hardware storage medium as a compiled executable. Self-tests validate the operational status of each product, including critical functions and files. If the software is compromised, the module enters an error state in which no cryptographic processing occurs, preventing a security breach through a malfunctioning device. 2.6 Operating System Security The AF Client operates on Microsoft® Windows® 95, 98, NT, 2000, XP, CE, and PalmOS. The operating system must be in single -user mode. The AF Client operates automatically after power- up. 2.7 Cryptographic Key Management The AF Client itself automatically performs all cryptographic processing and key management functions. 2.7.1 Key Generation The AF Gateway uses seven cryptographic keys, generated by FIPS-approved processes: · Module's Secret Key (Symmetric, 3DES and AES) · Static Private Key · Static Public Key · Static Secret Encryption Key (Symmetric, 3DES and AES) · Dynamic Private Key · Dynamic Public Key · Dynamic Session Key (Symmetric, 3DES and AES) Notes: · Symmetric DES keys are used for backward compatibility with legacy units. · The public and private keys above are those used in the Diffie -Hellman key agreement protocol. An ANSI X9.31 A.2.4 pseudo-random number generator generates random numbers used for key generation. 2.7.2 Protocol Support The AF Client supports the Diffie -Hellman key agreement protocol © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 11 of 14 2.7.3 Key Storage No encryption keys are stored permanently in the module hardware. 2.7.4 Zeroization of Keys The session keys of the AF Client are automatically zeroized when the system is turned off and regenerated at every boot-up of the host hardware. All session keys can be zeroized manually by the crypto officer. 2.8 Cryptographic Algorithms The AF Client applies the following cryptographic algorithms: FIPS Algorithms NIST Certificate number AES (ECB, CBC, encrypt/decrypt; 128, 192, 256) 14 3DES (CBC, encrypt/decrypt) 19 DES (ECB, CBC, encrypt/decrypt) 23 SHA-1 (Byte) 34 HMAC-SHA-1 34 (Vendor affirmed) Non-FIPS Algorithms Diffie -Hellman 2.9 EMI/EMC The cryptographic officer installs the AF Client on FCC-compliant (Part 15, Subpart J, Class A) computer hardware at the customer site. 2.10 Self-Tests The AF Client conducts self-tests at power-up and conditionally as needed, when a module performs a particular function or operation. The following list of all self-tests includes both power-up tests and conditional tests that apply to the AF Client. A. Power-Up Tests · Cryptographic Algorithm Test AES KAT TDES KAT DES KAT HMAC-SHA-1 KAT SHA-1 KAT · Software/Firmware Test, HMAC-SHA-1 · Critical Functions Test, None B. Conditional Tests · Continuous Random Number Generator test, Comparison with previous numbers first © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 12 of 14 8-byte block © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 13 of 14 3.0 Customer Security Policy Issues FTI expects that after the module's installation, any potential customer (government organization or commercial entity or division) employs its own internal security policy covering all the rules under which the module(s) and the customer's network(s) must operate. In addition, the customer systems are expected to be upgraded as needed to contain appropriate security tools to enforce the internal security policy. © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03 Non-Proprietary Security Policy for AirFortressTM Secure Client Cryptographic Module Fortress Technologies, Inc., 4025 Tampa Rd., Suite 1111, Oldsmar, FL 34677 Page 14 of 14 4.0 Maintenance Issues All software installation and reinstallation for modules is performed by the cryptographic officer following the procedures defined by Fortress Technologies. Software troubleshooting to resolve an error state may require the product to be reinstalled by the cryptographic officer. -*-*- End of the "Non-Proprietary Security Policy for the AirFortressTM Client (AF Client) Cryptographic Module © Copyright Fortress Technology, Inc. This document can be reproduced and distributed only whole and intact, including this copyright notice. Updated 31-Oct-03