FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) Introduction This security policy describes how the Cisco 7206VXR router with a NPE-G1 processor and the VPN Acceleration Module 2 (VAM2) (Hardware Version:7206 VXR; NPE-G1:Hardware Version 1.1, Fab Version 05; VAM2:Hardware Version 2.0, Board Version A0; Firmware Version:IOS 12.3(3d)) meets the security requirements of FIPS 140-2. This document also includes instructions for installing the Cisco 7206VXR with the VAM2 in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. Note This document may be copied in its entirety and without modification. All copies must include the copyright notice and statements on the last page. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/cryptval/. This document includes the following sections: · FIPS 140-2 Submission Package, page 2 · Overview, page 2 · Cryptographic Module, page 3 · Module Interfaces, page 4 · Roles and Services, page 7 · Physical Security, page 8 · Cryptographic Key Management, page 10 · Self-Tests, page 16 · Secure Operation, page 17 Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Copyright © 2004 Cisco Systems, Inc. All rights reserved. FIPS 140-2 Submission Package · Obtaining Documentation, page 18 · Documentation Feedback, page 19 · Obtaining Technical Assistance, page 19 · Obtaining Additional Publications and Information, page 21 FIPS 140-2 Submission Package This Security Policy document is one item in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package includes: · Vendor evidence document · Finite state machine · Module software listing · Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is proprietary to Cisco Systems, Inc. and is releasable only under appropriate non-disclosure agreements. For access to these documents, contact Cisco Systems, Inc. See "Obtaining Technical Assistance" section on page 19. Overview Cisco 7206VXR routers support gigabit capabilities to improve data, voice, and video integration in both the service provider and enterprise environments. Cisco 7206VXR routers support a high-speed network services engine (NSE), the high-speed network processing engine (NPE-G1), and other network processing engines. Cisco 7206VXR routers accommodate a variety of network interface port adapters and an Input/Output (I/O) controller. A Cisco 7206VXR router equipped with an NPE-G1 supports up to six high-speed port adapters and higher-speed port adapter interfaces including Gigabit Ethernet and OC-12 ATM (Optical Carrier-12 Asynchronous Transfer Mode). Cisco 7206VXR routers accommodate up to two AC-input or DC-input power supplies. Cisco 7206VXR routers support the following features: · Online insertion and removal (OIR)--Adds, replaces, or removes port adapters without interrupting the system. · Dual hot-swappable, load-sharing power supplies--Provides system power redundancy; if one power supply or power source fails, the other power supply maintains system power without interruption. Also, when one power supply is powered off and removed from the router, the second power supply immediately takes over the router power requirements without interrupting normal operation of the router. · Environmental monitoring and reporting functions--Maintains normal system operation by resolving adverse environmental conditions prior to loss of operation. · Downloadable software--Loads new images into Flash memory remotely, without having to physically access the router. FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) 2 OL-3959-01 Cryptographic Module The Cisco 7206VXR router incorporates either one or two VPN Acceleration Module 2 (VAM2) cryptographic accelerator cards. The VAM2s are installed in port adapter slots. The VPN Acceleration Module 2 (VAM2) is a single-width acceleration module that provides high-performance, hardware-assisted tunneling and encryption services suitable for virtual private network (VPN) remote access, site-to-site intranet, and extranet applications. It also provides platform scalability and security while working with all services necessary for successful VPN deployments--security, quality of service (QoS), firewall and intrusion detection, and service-level validation and management. The VAM2 off-loads IPSec processing from the main processor, thus freeing resources on the processor engines for other tasks. Cryptographic Module The Cisco 7206VXR NPE-G1 router with a single VPN Acceleration Module 2 (VAM2) or dual VPN Acceleration Module 2 (VAM2) supports multi-protocol routing and bridging with a variety of protocols and port adapter combinations available for Cisco 7200 series routers. The metal casing that fully encloses the module establishes the cryptographic boundary for the router, all the functionality discussed in this document is provided by components within the casing. The Cisco 7206VXR has six slots for port adapters, one slot for an I/O controller, and one slot for a network processing engine or network services engine. The router with single or dual VAM2 is a multi-chip standalone cryptographic module. The following defines the configuration tested for the Cisco 7206VXR: · Cisco 7206VXR chassis · Network Processing Engine (NPE-G1) · VAM2 hardware acceleration card (single and dual) · One power supply Figure 1 Cisco 7206VXR NPE-G1 Router (Front View) Port adapters TOKEN RING 6 3 2 1 0 5 FAST ETHERNET ETHERNET 10BT D BLE 5 K RJ4 LINK 4 LIN D 3 MII 2 A 1 0 LE EN AB 3 1 EN 3 2 0 0 ETHERNET-10BFL FAST SERIAL EN TX RX EN TX RX TX RX CD RC LB RD TX RX TC TD CD RC LB TX RD RX TC 2 TD CD RC LB RD TC TD CD RC LB RD TC TD 4 3 2 1 0 1 Port adapter Cisco 7200 119876 Series 0 lever The NPE-G1 uses an RM7000 microprocessor that operates at an internal clock speed of 350 MHz. The NPE-G1 uses SDRAM for storing all packets received or sent from network interfaces. The SDRAM memory array in the system allows concurrent access by port adapters and the processor. The NPE-G1 has three levels of cache: a primary and a secondary cache that are internal to the microprocessor, and a tertiary 4-MB external cache that provides additional high-speed storage for data and instructions. FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) OL-3959-01 3 Module Interfaces The Cisco 7206VXR router comes equipped with one 280W AC-input power supply. A 280W DC -input power supply option is also available. A power supply filler plate is installed over the second power supply bay. A fully configured Cisco 7206VXR router operates with only one installed power supply; however, a second, optional power supply of the same type provides hot-swappable, load-sharing, redundant power. Module Interfaces The router interfaces are located on the rear panel. The module has three interfaces, each with 2 ports: one Fast Ethernet/Gigabit (10/100/1000 RJ-45) connector and one Gigabit Ethernet port; only one of these two ports can be active for each interface. The module also has a compact flash interface, reset switch, and two other RJ-45 connectors for a console terminal for local system access and an auxiliary port for remote system access or dial backup using a modem. Figure 2 shows the front panel LEDs (light emitting diodes), which shows overall status of the router operation. The front panel displays whether or not the router is booted, if the redundant power is attached and operational, and the overall activity/link status. Figure 2 Cisco 7206VXR Router Front Panel LEDs 1 GIGAB IT ETH ER NET 0 LINK /3 NETWOR K PROC ESSING EN CPU GINE - G1 3 RJ45 EN RESET RX SLOT GBIC ACTIVE TX C O M PA CT FLA SH POWER ON 2 CO NS O LE AU X 4 66873 Callout LED Indication Description 1 Enabled Green The NPE-G1 faceplate LEDs indicate system and port status. The RJ-45 and GBIC ports share the same LINK LED because only one of these ports per interface (0/1, 0/2, or 0/3) can be used at any one time. The EN (enable) LED is on if the RJ-45 port is in use. Off No traffic is transgressed. 2 EN (enabled) Green The RJ-45 port is active Off The Gigabit Ethernet port is active FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) 4 OL-3959-01 Module Interfaces Callout LED Indication Description 3 Slot active Green Compact flash interface is active Off The compact flash interface is inactive 4 Power On Green The POWER ON LED is on whether or not an I/O controller is present in the router. The compact Flash Disk slot can be used whether or not an I/O controller is present in the router. The SLOT ACTIVE LED is on only when the compact Flash Disk slot is in use. Off The module is not powered on FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) OL-3959-01 5 Module Interfaces The VAM2 has three LEDs, as shown in Figure 3. Figure 3 VAM2 LEDs 2 1 3 ENCRYPTION/COMPRESSION SA-VAM2 84754 Number LED Label Color State Function 1 ENABLE Green On Indicates the VAM2 is powered up and enabled for operation. 2 BOOT Amber Pulses Indicates the VAM2 is operating. On Indicates the VAM2 is booting or a packet is being encrypted or decrypted. 3 ERROR Amber On Indicates an encryption error has occurred. This LED is normally off. All physical interfaces are separated into the logical interfaces from FIPS as shown in Table 1 Table 1 FIPS 140-2 Logical Interface Router Physical Interface FIPS 140-2 Logical Interface 10/100/1000 BASE-TX LAN Port Data Input Interface Gigabit Ethernet Port Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot 10/100/1000 BASE-TX LAN Port Data Output Interface Gigabit Ethernet Port Port Adapter Interface Console Port Auxiliary Port PCMCIA Slot 10/100/1000 BASE-TX LAN Port Control Input Interface Gigabit Ethernet Port Power Switch Reset Switch Console Port Auxiliary Port FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) 6 OL-3959-01 Roles and Services Table 1 FIPS 140-2 Logical Interface (Continued) Router Physical Interface FIPS 140-2 Logical Interface 10/100/1000BASE-TX LAN Port LEDs Status Output Interface Gigabit Ethernet Port Enabled LED PCMCIA LEDs IO Pwr Ok LED VAM2 LEDs Console Port Auxiliary Port Power Plug Power Interface In addition to the built-in interfaces, the router also has additional port adapters that can optionally be placed in an available slot. These port adapters have many embodiments, including multiple Ethernet, token ring, and modem cards to handle frame relay, ATM, and ISDN (Integrated Services Digital Network) connections. (Note: These additional port adapters were excluded from this FIPS 140-2 Validation.) Roles and Services Authentication is role-based. There are two main roles in the router that operators may assume: the Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role to configure and maintain the router using Crypto Officer services, while Users exercise only the basic User services. Both roles are authenticated by providing a valid username and password. The configuration of the encryption and decryption functionality is performed only by the Crypto Officer after authentication to the Crypto Officer role by providing a valid Crypto Officer username and password. Once the Crypto Officer configured the encryption and decryption functionality, the User can use this functionality after authentication to the User role by providing a valid User username and password. The Crypto Officer can also use the encryption and decryption functionality after authentication to the Crypto Officer role. The module supports RADIUS and TACACS+ for authentication and they are used in the FIPS mode. See the Cisco 7206VXR Installation and Configuration Guide for more configuration information. The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least 8 alphanumeric characters in length. See the "Secure Operation" section on page 17 for more information. If only integers 0-9 are used without repetition for an 8 digit PIN, the probability of randomly guessing the correct sequence is 1 in 1,814,400. Including the rest of the alphanumeric characters drastically decreases the odds of guessing the correct sequence. Crypto Officer Role During initial configuration of the router, the Crypto Officer password (the "enable" password) is defined. A Crypto Officer assigns permission to access the Crypto Officer role to additional accounts, thereby creating additional Crypto Officers. The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto Officer services consist of the following: FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) OL-3959-01 7 Physical Security · Configures the Router: Defines network interfaces and settings, creates command aliases, sets the protocols the router will support, enables interfaces and network services, sets system date and time, and loads authentication information. · Defines Rules and Filters: Creates packet filters that are applied to User data streams on each interface. Each Filter consists of a set of rules, which define a set of packets to permit or deny based characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction. · Status Functions: Views the router configuration, routing tables, active sessions; views SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics; reviews accounting logs, and views physical interface status. · Manages the Router: Logs off users, shuts down or reloads the router, manually backs up router configurations, views complete configurations, manager user rights, and restores router configurations. · Sets Encryption/Bypass: Sets up the configuration tables for IP tunneling; sets keys and algorithms to be used for each IP range or allow plaintext packets to be set from specified IP address. · Changes Port Adapters: Inserts and removes adapters in a port adapter slot. User Role A User enters the system by accessing the console port with a terminal program. The IOS prompts the User for their password. If the password is correct, the User is allowed entry to the IOS executive program. The services available to the User role consist of the following: · Status Functions: Views state of interfaces, state of layer 2 protocols, and version of IOS currently running · Network Functions: Connects to other network devices (via outgoing telnet or PPP) and initiates diagnostic network services (i.e., ping, mtrace) · Terminal Functions: Adjusts the terminal session (e.g., lock the terminal, adjust flow control) · Directory Services: Displays directory of files kept in flash memory Physical Security The router is encased in a steel chassis. The front of the router includes six port adapter slots. The rear of the router includes on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors, power cable connection, a power switch, and access to the Network Processing Engine. Any port adapter slot not populated with a port adapter must be populated with a slot cover (blank port adapter) to operate in FIPS compliant mode. Slot covers are included with each router; additional covers may be ordered from Cisco. You apply the same procedure for labeling port adapters covers as for the port adapters. Once the router has been configured to meet FIPS 140-2 Level 2 requirements, the router cannot be accessed without signs of tampering. The word `Open' may appear on the label if it was peeled away from the surface of the module. The Crypto Officer should be instructed to record serial numbers, and to inspect for signs of tampering or changed numbers periodically. To seal the system, apply serialized tamper-evidence labels as described below, and as shown in Figure 4 and Figure 5: FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) 8 OL-3959-01 Physical Security Step 1 Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based cleaning pads are recommended for this purpose. The ambient air must be above 10C, otherwise the labels may not properly cure. Step 2 A tamper evidence label should be placed so that the one half of the label covers the enclosure and the other half covers the NPE-G1. Step 3 A tamper evidence label should be placed over the Flash PC Card slot on the NPE-G1. Step 4 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 1. Step 5 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 2. Step 6 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 3. Step 7 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 4. Step 8 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 5. Step 9 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the port adapter slot 6. Step 10 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the I/O Controller blank face plate. Step 11 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the power supply plate. Step 12 A tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the redundant power supply plate. Step 13 Allow the labels to cure for five minutes. Figure 4 Tamper Evidence Label Placement (Front View) TOKEN RING 6 3 2 1 0 5 FAST ETHERNET ETHERNET 10BT D LE 5 K RJ4 4 AB LINK LIN D 3 MII 2 1 0 LE EN AB 3 1 EN 3 2 0 0 ETHERNET-10BFL FAST SERIAL EN TX RX EN TX RX TX RX CD RC LB RD TX RX TC TD CD 2 RC LB TX RD RX TC TD CD RC LB RD TC TD CD RC LB RD TC TD 4 3 2 1 0 1 Cisco 7200 119799 Series VXR 0 IA C M PC FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) OL-3959-01 9 Cryptographic Key Management Figure 5 Tamper Evidence Label Placement (Rear View) 119798 NETWORK PROCESSING ENGINE-300 Cryptographic Key Management The IOS software implementations of the FIPS algorithms have the following FIPS algorithm certifications: · DES (certificate #202) · 3DES (certificate #156) · AES (certificate #46) · SHA-1 (certificate #26) · SHA-1 HMAC (vendor affirmed) The VAM2 firmware implementations of the FIPS algorithms have the following FIPS algorithm certifications: · DES (certificate #204) · 3DES (certificate #158) · AES (certificate #48) · SHA-1 (certificate #143) · SHA-1 HMAC (vendor affirmed) The router securely administers both cryptographic keys and other critical security parameters such as passwords. The tamper evidence seals provide physical protection for all keys stored within the module. All keys are also protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto Officer. Keys are exchanged manually and entered electronically via manual key exchange methods or Internet Key Exchange (IKE) as described below. The modules contain a cryptographic accelerator card (the VAM2), which provides AES, DES (56-bit) (only for legacy systems), and 3DES (168-bit) IPSec encryption, MD5 and SHA-1 hashing, HMAC-SHA-1, RSA (sign and verify), and has hardware support for Diffie-Hellman (DH) and RSA key generation. The module supports the following critical security parameters (CSPs): FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) 10 OL-3959-01 Cryptographic Key Management Table 2 Critical Security Parameters # CSP Name Description Storage 1 CSP 1 This is the seed key for X9.31 PRNG. This DRAM key is stored in DRAM and updated (plaintext) periodically after the generation of 400 bytes; hence, it is zeroized periodically. Also, the operator can turn off the router to zeroize this key. 2 CSP2 The private exponent used in Diffie-Hellman DRAM (DH) exchange. Zeroized after DH shared (plaintext) secret has been generated. 3 CSP3 The shared secret within IKE exchange. DRAM Zeroized when IKE session is terminated. (plaintext) 4 CSP4 Same as above DRAM (plaintext) 5 CSP5 Same as above DRAM (plaintext) 6 CSP6 Same as above DRAM (plaintext) 7 CSP7 The IKE session encrypt key. The DRAM zeroization is the same as above. (plaintext) 8 CSP8 The IKE session authentication key. The DRAM zeroization is the same as above. (plaintext) 9 CSP9 The RSA private key. "crypto key zeroize" NVRAM command zeroizes this key. (plaintext) 10 CSP10 The key used to generate IKE skeyid during NVRAM preshared-key authentication. The no crypto (plaintext) isakmp key command zeroizes it. This key can have two forms based on whether the key is related to the hostname or the IP address. 11 CSP11 This key generates keys 3, 4, 5 and 6. This DRAM key is zeroized after generating those keys. (plaintext) 12 CSP12 The RSA public key used to validate DRAM signatures within IKE. These keys are (plaintext) expired either when CRL (certificate revocation list) expires or 5 secs after if no CRL exists. After above expiration happens and before a new public key structure is created this key is deleted. This key does not need to be zeroized because it is a public key; however, it is zeroized as mentioned here. 13 CSP13 The fixed key used in Cisco vendor ID NVRAM generation. This key is embedded in the (plaintext) module binary image and can be deleted by erasing the Flash. FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-G1 Router with Single or Dual VPN Acceleration Module 2 (VAM2) OL-3959-01 11 Cryptographic Key Management Table 2 Critical Security Parameters (Continued) # CSP Name Description Storage 14 CSP14 The IPSec encryption key. Zeroized when DRAM IPSec session is terminated. (plaintext) 15 CSP15 The IPSec authentication key. The DRAM zeroization is the same as above. (plaintext) 16 CSP16 The RSA public key of the CA. The no NVRAM crypto ca trust