Cisco 3220 Mobile Access Router Card Cisco 3251 Mobile Access Router Card FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.5 September 23, 2004 © Copyright 2004 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1 INTRODUCTION.................................................................................................................. 3 1.1 PURPOSE ............................................................................................................................. 3 1.2 REFERENCES ....................................................................................................................... 3 1.3 TERMINOLOGY ................................................................................................................... 3 1.4 DOCUMENT ORGANIZATION ............................................................................................... 3 2 THE CISCO 3220 AND 3251 MOBILE ACCESS ROUTER CARDS ............................. 5 2.1 THE 3220 AND 3251 CRYPTOGRAPHIC MODULE ................................................................ 5 2.2 MODULE INTERFACES ......................................................................................................... 6 2.3 ROLES AND SERVICES ......................................................................................................... 8 2.3.1 Crypto Officer Role ........................................................................................ 8 2.3.2 User Services ................................................................................................ 9 2.4 PHYSICAL SECURITY .......................................................................................................... 9 2.5 CRYPTOGRAPHIC KEY MANAGEMENT ................................................................................ 9 2.6 SELF-TESTS ...................................................................................................................... 14 3 SECURE OPERATION OF THE CISCO 3220 AND 3251 MOBILE ACCESS ROUTERS ................................................................................................................................... 16 3.1 INITIAL SETUP .................................................................................................................. 16 3.2 SYSTEM INITIALIZATION AND CONFIGURATION ................................................................ 16 3.3 IPSEC REQUIREMENTS AND CRYPTOGRAPHIC ALGORITHMS ............................................ 17 3.4 PROTOCOLS ...................................................................................................................... 17 3.5 REMOTE ACCESS .............................................................................................................. 17 © Copyright 2004 Cisco Systems, Inc. Page 2 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 1 Introduction 1.1 Purpose This is the non-proprietary Cryptographic Module Security Policy for the Cisco 3220 and 3251 Mobile Access Router Cards. This security policy describes how the 3220 and 3251 Mobile Access Routers Cards (Hardware Version: 3.2; Firmware Version: 12.2(11r)YQ4) meet the security requirements of FIPS 140-2, and how to operate them in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the Cisco 3220 and 3251 Mobile Access Routers. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/cryptval/. 1.2 References This document deals only with operations and capabilities of the 3220 and 3251 Mobile Access Router Cards in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the 3220 and 3251 Mobile Access Router Cards and the entire 3200 series from the following sources: · The Cisco Systems website contains information on the full line of products at www.cisco.com. The 3200 Series product descriptions can be found at: http://www.cisco.com/en/US/products/hw/routers/ps272/index.html. · For answers to technical or sales related questions please refer to the contacts listed on the Cisco Systems website at www.cisco.com. · The NIST Validated Modules website (http://csrc.nist.gov/cryptval) contains contact information for answers to technical or sales-related questions for the module 1.3 Terminology In this document, the Cisco 3220 and 3251 Mobile Access Router Cards are referred to as the 3220 Router or 3251 Router (respectively), the router or routers, the module or modules, or the system or systems. 1.4 Document Organization The Security Policy document is part of the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Module Software Listing Other supporting documentation as additional references This document provides an overview of the Cisco 3220 and 3251 Mobile Access Routers and explains the secure configuration and operation of the module. This introduction section is © Copyright 2004 Cisco Systems, Inc. Page 3 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. followed by Section 2, which details the general features and functionality of the 3220 and 3251 Mobile Access Router Cards. Section 3 specifically addresses the required configuration for the FIPS-Approved mode of operation. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact Cisco Systems. © Copyright 2004 Cisco Systems, Inc. Page 4 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2 The Cisco 3220 and 3251 Mobile Access Router Cards The Cisco 3220 and 3251 Mobile Access Routers Cards are high-performance cards in a compact form factor ideally suited for integration in vehicles. They offer secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The Cisco 3220 and 3251 Mobile Access Router Cards along with the other Network interface cards (such as FESMIC and SMIC) extend the edge of the IP network to a new frontier of Networks-in-Motion and facilitates new and exciting applications in the defense, public safety, homeland security, and commercial transportation markets. The Routers offer users the following benefits: · Secure data, voice and video communications with seamless mobility across wireless networks independent of location or movement · High performance in a compact, rugged design for use in vehicles · Advanced IP services and interoperability through Cisco IOS Software The Cisco 3220 and 3251 Mobile Access Router Cards leverage Cisco IOS software features including Mobile Networks, security, QoS, routing and management functionality to deliver comprehensive services for Networks-in-Motion. They provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements except for physical security for which it meets level 1 requirements. This section describes the general features and functionality provided by the Cisco 3220 and 3251 Mobile Access Router Cards. 2.1 The 3220 and 3251 Cryptographic Module © Copyright 2004 Cisco Systems, Inc. Page 5 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 1 - The 3220 and 3251 Router The 3220 and 3251 Routers are multi-chip embedded cryptographic modules. The cryptographic boundary is defined as the Mobile Access Router Card ("MARC"). The cryptographic boundary includes the PCI, ISA, and PC/104-Plus PCI connection interfaces between the MARC and other cards (such as the Serial Mobile Interface Card ("SMIC") or Fast-Ethernet Switch Mobile Interface Card ("FESMIC")), but the boundary does not include any other cards. All of the functionality discussed in this document is provided by components within this cryptographic boundary. Cisco IOS features such as tunneling, data encryption, and termination of Remote Access WANs via IPSec, Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocols (L2TP) make the Cisco 3220 and 3251 Mobile Access Routers an ideal platform for building virtual private networks or outsourced dial solutions. The modules' RISC-based processor provides the power needed for the dynamic requirements of the remote branch office. 2.2 Module Interfaces The Cisco 3220 and 3251 Routers feature a multifunctional header interface, which provides functionality to connect a console port, auxiliary ports, and system and network LEDs. The module also provides the ability to add network modules and other interface cards via the PC/104-Plus PCI interface. Network modules support a variety of serial, ISDN BRI, and integrated CSU/DSU options for primary and backup WAN connectivity. An NM is connected to the PC/104-Plus PCI bus interface. NMs interface directly with the processor, and cannot perform cryptographic functions; they only serve as a data input and data output physical interface. © Copyright 2004 Cisco Systems, Inc. Page 6 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The physical interfaces include the ISA interface which provides power to the module via the power card. The module also has an RS-232 connector for a console terminal for local system access. The router also has a multifunctional header interface which connects to system and network status LEDs, the console port and auxiliary port. Table 1 describes the LEDs: LED Indication Description MARC (In ROMMON) OK S Normal operation LINK S Normal operation ACT OFF Normal operation MARC (During Boot-up) OK B, S Normal operation LINK S, OFF, S, OFF, S F0/0 interface is Not Shutdown and is connected to another device S, OFF, S F0/0 interface is Shutdown and is connected to another device S, OFF F0/0 interface is not connected to another device ACT OFF, S, B F0/0 interface is Not Shutdown and is connected to another device OFF, S, OFF F0/0 interface is Shutdown and is connected to another device OFF F0/0 interface is not connected to another device MARC (In IOS) OK S Normal operation LINK S F0/0 interface is connected to another device OFF F0/0 interface is not connected to another device ACT OFF, B F0/0 interface is Not Shutdown and is connected to another device OFF F0/0 interface is Shutdown and/or is not connected to another device SMIC (In DTE mode) ACT B A packet is transmitted or received via the Serial1 port LINK OFF Date Set Ready (DSR), Data Carrier Detect (DCD), and Clear To Send (CTS) are not detected. S Date Set Ready (DSR), Data Carrier Detect (DCD), and Clear To Send (CTS) are detected. SMIC (In DCE mode) ACT B A packet is transmitted or received via the Serial1 port LINK OFF Data Terminal Ready (DTR) and Request To Send (RTS) are not detected. S Data Terminal Ready (DTR) and Request To Send (RTS) are detected. FESMIC ACT B A packet is transmitted or received via the FESMIC port LINK OFF Link state is "down" S Link state is "up" Table 1 ­ 3220 and 3251 LEDs and Descriptions All of these physical ports are separated into the logical interfaces from FIPS 140-2 as described in the following table: Router Physical Port FIPS 140-2 Logical Interface 10/100 Base T Data Input Interface Multifunctional Header PC/104-Plus PCI Interface © Copyright 2004 Cisco Systems, Inc. Page 7 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Router Physical Port FIPS 140-2 Logical Interface 10/100 Base T Data Output Interface Multifunctional Header PC/104-Plus PCI Interface 10/100 Base T Control Input Interface ISA interface Multifunctional Header PC/104-Plus PCI Interface Multifunctional Header Status Output Interface 10/100 Base T PC/104-Plus PCI Interface ISA Interface Power Interface Table 2 ­ FIPS 140-2 Logical Interfaces 2.3 Roles and Services Authentication is role-based. There are two main roles in the router that operators may assume: the Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role in order to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic User services. Both roles are authenticated by providing a valid username and password. The configuration of the encryption and decryption functionality is performed only by the Crypto Officer after authentication to the Crypto Officer role by providing a valid Crypto Officer username and password. Once the Crypto Officer configured the encryption and decryption functionality, the User can use this functionality after authentication to the User role by providing a valid User username and password. The Crypto Officer can also use the encryption and decryption functionality after authentication to the Crypto Officer role. The module supports RADIUS and TACACS+ for authentication and they are used in the FIPS mode. A complete description of all the management and configuration capabilities of the Cisco 3220 and 3251 Mobile Access Router Cards can be found in the Performing Basic System Management manual and in the online help for the router. The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least 8 alphanumeric characters in length. See Section 3, Secure Operation of the Cisco 3220 and 3251 Mobile Access Router, for more information. If only integers 0-9 are used without repetition for an 8 digit PIN, the probability of randomly guessing the correct sequence is 1 in 1,814,400. Including the rest of the alphanumeric characters drastically decreases the odds of guessing the correct sequence. 2.3.1 Crypto Officer Role During initial configuration of the router, the Crypto Officer password (the "enable" password) is defined. A Crypto Officer may assign permission to access the Crypto Officer role to additional accounts, thereby creating additional Crypto Officers. The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto Officer services consist of the following: © Copyright 2004 Cisco Systems, Inc. Page 8 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. · Configure the router: define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set system date and time, and load authentication information. · Define Rules and Filters: create packet Filters that are applied to User data streams on each interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction. · Status Functions: view the router configuration, routing tables, active sessions, use Gets to view SNMP MIB II statistics, health, temperature, memory status, voltage, packet statistics, review accounting logs, and view physical interface status · Manage the router: log off users, shutdown or reload the router, manually back up router configurations, view complete configurations, manager user rights, and restore router configurations. · Set Encryption/Bypass: set up the configuration tables for IP tunneling. Set keys and algorithms to be used for each IP range or allow plaintext packets to be set from specified IP address. · Change Port Adapters: insert and remove adapters in a port adapter slot. 2.3.2 User Services A User enters the system by accessing the console port with a terminal program. The IOS prompts the User for their password. If the password is correct, the User is allowed entry to the IOS executive program. The services available to the User role consist of the following: · Status Functions: view state of interfaces, state of layer 2 protocols, version of IOS cur- rently running · Network Functions: connect to other network devices (via outgoing telnet or PPP) and initiate diagnostic network services (i.e., ping, mtrace) · Terminal Functions: adjust the terminal session (e.g., lock the terminal, adjust flow control) · Directory Services: display directory of files kept in flash memory 2.4 Physical Security The router must be installed within an approved chassis. Such chassis are available from various resellers; please contact your Cisco distributor for more information. Console and auxiliary port connectors are provided on the router, and the power cable connection is provided on the power supply. 2.5 Cryptographic Key Management The router securely administers both cryptographic keys and other critical security parameters such as passwords. All keys are also protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto Officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet Key Exchange (IKE). The module supports the following critical security parameters (CSPs): # CSP Description Storage © Copyright 2004 Cisco Systems, Inc. Page 9 of 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Name 1 CSP 1 This is the seed key for X9.31 PRNG. This key is DRAM stored in DRAM and updated periodically after the (plaintext) generation of 400 bytes; hence, it is zeroized periodically. Also, the operator can turn off the router to zeroize this key. 2 CSP 2 The private exponent used in Diffie-Hellman (DH) DRAM exchange. Zeroized after DH shared secret has been (plaintext) generated. 3 CSP 3 The shared secret within IKE exchange. Zeroized when DRAM IKE session is terminated. (plaintext) 4 CSP 4 Same as above DRAM (plaintext) 5 CSP 5 Same as above DRAM (plaintext) 6 CSP 6 Same as above DRAM (plaintext) 7 CSP 7 The IKE session encrypt key. The zeroization is the DRAM same as above. (plaintext) 8 CSP 8 The IKE session authentication key. The zeroization is DRAM the same as above. (plaintext) 9 CSP 9 The RSA private key. "crypto key zeroize" command NVRAM zeroizes this key. (plaintext) 10 CSP 10 The key used to generate IKE skeyid during preshared- NVRAM key authentication. "no crypto isakmp key" command (plaintext) zeroizes it. This key can have two forms based on whether the key is related to the hostname or the IP address. 11 CSP 11 This key generates keys 3, 4, 5 and 6. This key is DRAM zeroized after generating those keys. (plaintext) 12 CSP 12 The RSA public key used to validate signatures within DRAM IKE. These keys are expired either when CRL (plaintext) (certificate revocation list) expires or 5 secs after if no CRL exists. After above expiration happens and before a new public key structure is created this key is deleted. This key does not need to be zeroized because it is a public key; however, it is zeroized as mentioned here. 13 CSP 13 The fixed key used in Cisco vendor ID generation. This NVRAM key is embedded in the module binary image and can (plaintext) be deleted by erasing the Flash. 14 CSP 14 The IPSec encryption key. Zeroized when IPSec DRAM session is terminated. (plaintext) 15 CSP 15 The IPSec authentication key. The zeroization is the DRAM same as above. (plaintext) 16 CSP 16 The RSA public key of the CA. "no crypto ca trust NVRAM