KEY-UP Cryptographic Module Security Policy Document Version 0.5 Ian Donnelly Systems (IDS) December 29, 2005 Copyright Ian Donnelly Systems 2005. May be reproduced only in its original entirety [without revision]. Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 TABLE OF CONTENTS 1. MODULE OVERVIEW .........................................................................................................................................3 2. SECURITY LEVEL................................................................................................................................................3 3. MODES OF OPERATION.....................................................................................................................................5 4. PORTS AND INTERFACES .................................................................................................................................6 5. IDENTIFICATION AND AUTHENTICATION POLICY................................................................................6 6. ACCESS CONTROL POLICY..............................................................................................................................7 ROLES AND SERVICES................................................................................................................................................7 DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)........................................................................................9 DEFINITION OF CSPS MODES OF ACCESS ................................................................................................................11 7. OPERATIONAL ENVIRONMENT....................................................................................................................15 8. SECURITY RULES .............................................................................................................................................15 9. PHYSICAL SECURITY POLICY ......................................................................................................................16 PHYSICAL SECURITY MECHANISMS .........................................................................................................................16 10. MITIGATION OF OTHER ATTACKS POLICY...........................................................................................16 Page 2 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 1. Module Overview The KEY-UP Cryptographic Module (HW P/N KEY-UP Version II-A, FW Version 5.0) is a multiple-chip standalone cryptographic device encased in a hard opaque commercial grade steel case. The primary purpose for this device is to provide data security for Electronic Funds Transfer (EFT) transactions. The device provides status output via LEDs. The device provides network interfaces for data input and output. The diagram below illustrates these interfaces as well as defining the cryptographic boundary. Figure 1 – Image of the Cryptographic Module 2. Security Level The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Page 3 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks N/A Page 4 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 3. Modes of Operation Approved mode of operation The KEY-UP Cryptographic Module operates in the FIPS mode of operation by default from the factory. The following FIPS Approved algorithms are supported: • Triple-DES (ECB modes, two-key) for encryption and decryption • Triple-DES MAC (ECB) for data integrity • SHA-1 for hashing The cryptographic module also supports a deterministic random number generator (DRNG) that is compliant with ANSI X9.31. The following non-FIPS Approved algorithms are supported, but are not used to provide any cryptographic strength to the module’s security (both are further encrypted using Triple-DES): • Derived Unique Key Per Transaction (DUKPT) for decryption • DES (ECB) for encryption and decryption Execute the KEY-UP Show Status service to view which mode the module is operating in. Non-Approved mode of operation The KEY-UP Cryptographic Module may also be configured for operation in a non-Approved mode. In order to configure the module for non-Approved mode, execute the KEY-UP Operating Mode service and select not to operate in the Approved mode. Page 5 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 4. Ports and Interfaces The cryptographic module supports a data input, data output, control input, status output, and a power interface. The following table describes the physical ports that the cryptographic module provides and also lists the logical interfaces associated with these ports: Physical Port Logical Interface Asynchronous RS232 (Keys) Data input, Data output, Control Input, Status Output Asynchronous RS232 (Data) Data input, Data output, Control Input, Status Output Ethernet (Qty. 2, Second one Data input, Data output, Control Input, disabled) Status Output LED Status Output Mechanical Lock Control Input Reset Switch Control Input Power Switch Control Input, Power Power Port Power 5. Identification and Authentication Policy Assumption of roles The cryptographic module shall support four distinct operator roles (User, Cryptographic- Officer, Administrator, and Operator). The cryptographic module shall enforce the separation of roles using identity-based operator authentication. An operator must enter a username and password to authenticate or must provide a username and prove knowledge of a 128-bit shared secret to log in. The username is an alphanumeric string of up to eight characters. The password is an alphanumeric string of eight characters randomly chosen from the 62 alphanumeric characters: A-Z, a-z, 0-9. No previous authentications are maintained across power downs. Table 2 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data User Identity-based operator User ID, Shared Secret authentication (128-bit shared secret) Cryptographic-Officer Identity-based operator User ID, Password authentication Administrator Identity-based operator User ID, Password authentication Operator Identity-based operator User ID, Password authentication Page 6 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Table 3 – Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Password Entry The IDS KEY-UP passwords are 8 characters in length composed of the 62 characters 0-9, A-Z, a-z. The probability of guessing a password on one attempt is 1 / 628 or 1/218,340,105,584,896 which is less than 1/1,000,000. KEY-UP is configured using a serial connection at a speed of 9600 bps. There could at the very most be 75 attempts at password entry in one minute. Therefore, probability of guessing the password in one minute is (75 * 1/628) which is less than 1/100,000. Shared Secret The shared secret is a 128-bit Triple-DES key. The probability of guessing the shared secret on one attempt is 1 / 2128 which is less than 1/1,000,000. KEY-UP is configured using a serial connection at a speed of 9600 bps. There could at the very most be 75 authentication attempts in one minute. Therefore, the probability of guessing the password in one minute is (75 * 1/2128) which is less than 1/100,000. 6. Access Control Policy Roles and Services Table 4 – Services Authorized for Roles Role Authorized Services • User: PIN Translation: Decrypt Personal Identification Number (PIN) using PIN Encryption Key and encrypt it using another specified encryption key. • PIN Verification: Verify an encrypted PIN block. • PIN Change: Change a PIN and optionally verify the PIN. • PIN Offset Generation: Generate a PIN offset for use in PIN verification. • VISA PVV Generation: Generate a Visa PIN Verification Page 7 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Value (PVV) for use in PVV Verification. • Data Encrypt: Encrypt data using Triple-DES. • Data Decrypt: Decrypt data using Triple-DES. • CVV/CVC Generation: Generate a Card Verification Value (CVV) or Card Verification Code (CVC) for the purpose of verifying a credit card. • CVV/CVC Verification: Verify a CVV or CVC of a credit card. • MAC Generation: Generate a Message Authentication Code (MAC) for the purpose of providing data integrity. • MAC Verification: Verify a MAC. • Generate “Working” Key: Generate a Triple-DES key for the encryption of various data. • Key Translation: Decrypt a key using one key and re- encrypt using another key. • Change ATM Key: Generate a Triple-DES key and encrypt it with the ATM A or B Key. • Key Key Entry: Manually establish, electronically enter a split- Custodian/Cryptographic- knowledge key. Officer: • KEY-UP Show Status: Show the status of the module (i.e., version of the module, state of the keys, checksums, etc.) • Install Key: Install the entered key into persistent memory. (This service is only available when a MFK or KEK has been entered.) • Display Cryptogram: Triple-DES encrypt the last key entered with the MFK and output to console. • Generate Random Value: Generate a random value • KEY-UP Show Status: Show the status of the module (i.e., version of the module, state of the keys, checksums, etc.) • Log out Page 8 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 • Operator KEY-UP Show Status: Show the status of the module (i.e., version of the module, state of the keys, checksums, etc.) • Log out • Administrator All of the functions listed for Cryptographic Officer and Operator in addition to those listed below: • Configure TCP/IP: Configure the TCP/IP settings. • Configure KEY-UP Operating Mode: Configure the baud rate and protocol in use for communication. Select or de- select the FIPS mode of Operation • User Maintenance: Add user, list user, delete user, update user. • Clear KEY-UP Security Keys: FIPS140-2 Zeroization service. This service actively zeroizes all keys, both persistently stored and non-persistently stored CSPs, from memory • Log out Unauthenticated Services: The cryptographic module supports the following unauthenticated services: • LED Show status: This service provides the current status of the cryptographic module via the LED. • Self-tests: This service executes the suite of self-tests required by FIPS 140-2 and is invoked by power-cycling the module. Definition of Critical Security Parameters (CSPs) The following are CSPs contained in the module: Key Description/Usage Master File Key (MFK) 128-bit TDES key used to encrypt all keys used by the KeyUp module. All key data entering/exiting the module is decrypted/encrypted by the module. Key Exchange Key 128-bit TDES key used to encrypt/decrypt outgoing/incoming session keys. PIN Encryption Key 128-bit TDES key used to encrypt PINs Data Encryption Key 128-bit TDES key used to encrypt data. Page 9 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Key Description/Usage Message Authentication Key 128-bit TDES key used to generate/verify TDES message authentication codes of 32, 48, or 64 bits in length. ATM A Key 128-bit TDES key used to facilitate the generation of ATM encryption keys. (encrypts the ATM B key OR is encrypted by the ATM B key). ATM B Key 128-bit TDES key used to facilitate the generation of ATM encryption keys. (may encrypt the ATM A key OR is encrypted by the ATM A key). Seed Key 128-bit value used by the ANSI X9.31 DRNG for the creation of random numbers and cryptographic keys. Passwords Used to authenticate operators to the module. Definition of Public Keys: The module does not support Public Keys. Page 10 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Definition of CSPs Modes of Access Table 6 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as follows: • Generate • Read • Write • Destroy Table 6 – Service to CSP Access Rights Service Cryptographic Keys and CSPs Accessed Seed PIN Translation MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed PIN Verification MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed PIN Change MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed PIN Offset MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generation Generate Read X X Write Destroy Seed VISA PVV MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generation Generate Read X X Write Page 11 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Destroy Seed Data Encrypt MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed Data Decrypt MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed CVV/CVC MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generation Generate Read X X Write Destroy Seed CVV/CVC MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Verification Generate Read X X Write Destroy Seed MAC Generation MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed MAC Verification MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write Destroy Seed Generate “Working MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Key” Generate X X X X X X X Read X X Write Destroy Page 12 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Seed Key Translation MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X X X X X X Write Destroy Seed Change ATM Key MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate X X Read X X X Write Destroy Seed Key Entry MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X X X X X X X Write X X X X X X X X Destroy Seed Install Key MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X Write X X Destroy Seed KEY-UP Show MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Status Generate Read X X Write Destroy Seed Configure of MFK KEK PEK DEK MAK ATM A ATM B Passwords Key TCP/IP Generate Read Write Destroy Seed Display Cryptogram MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read X X X X X X X Write Destroy Page 13 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 Seed Clear KEY-UP MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Security Keys Generate Read Write Destroy X X X X X X X X X Seed Generate Random MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Value Generate Read X Write X Destroy Seed Clear KEY-UP MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Security Keys Generate Read Write Destroy X X X X X X X X Seed Logout MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate Read Write Destroy Seed Configure KEY-UP MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Operating Mode Generate Read Write Destroy Seed User Maintenance MFK KEK PEK DEK MAK ATM A ATM B Passwords Key Generate X Read Write Destroy Page 14 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 7. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the KEY-UP Cryptographic Module is a non-modifiable environment. 8. Security Rules The cryptographic module’s design corresponds to the cryptographic module’s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 3 module. 1. The cryptographic module shall provide four distinct operator roles. These are the User role, Administrator role, Operator role, and the Cryptographic-Officer role. 2. The cryptographic module shall provide identity-based authentication. 3. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 4. The cryptographic module shall perform the following tests: A. Power up Self-Tests: 1. Cryptographic algorithm tests: a. TDES Known Answer Test b. DRNG Known Answer Test c. SHA-1 Known Answer Test 2. Software Integrity Test: 16-bit CRC 3. Critical Functions Tests a. BB-SRAM Read/Write Test B. Conditional Self-Tests: 1. Continuous Random Number Generator (RNG) Test 2. Split-Knowledge Key Integrity Test 5. At any time the cryptographic module may be commanded to perform power-up self-tests by power-cycling the module. 6. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 7. The module shall not support concurrent operators. 8. Split key entry is required for all plaintext keys entered into the module, whether they are Page 15 Ian Donnelly Systems KEY-UP Security Policy Version 0.5 December 29, 2005 loaded into the module, or used externally. The module supports from 2 to 9 key parts which are combined to create the key. The only possible way to ascertain the final key is to know all parts entered to create the key. There is no way to obtain the resulting key with only one key component. 9. Physical Security Policy Physical Security Mechanisms The multiple-chip standalone cryptographic module includes the following physical security mechanisms: • Production-grade components and production-grade opaque enclosure with pick-resistant locks. • Automatic zeroization when enclosure is opened. • Tamper response and zeroization circuitry. • Protected vents. 10. Mitigation of Other Attacks Policy The module has not been designed to mitigate any specific attacks beyond the scope of FIPS140- 2 requirements. Page 16