The Ultralock Symmetric Module Date: 5 February 2007 © Copyright 2007 nCipher Corporation Limited, Cambridge, United Kingdom. Reproduction is authorised provided the document is copied in its entirety without modification and including this copyright notice. nCipherTM, nForceTM, nShieldTM, nCoreTM, KeySafeTM, CipherToolsTM, CodeSafeTM, SEETM and the SEE logo are trademarks of nCipher Corporation Limited. nFast® and the nCipher logo are registered trademarks of nCipher Corporation Limited. All other trademarks are the property of the respective trademark holders. nCipher Corporation Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness to a particular purpose. nCipher Corporation Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Patents UK Patent GB9714757.3. Corresponding patents/applications in USA, Canada, South Africa, Japan and International Patent Application PCT/GB98/00142. Contents Chapter 1: The Ultralock Symmetric Module 4 Ports and interfaces 7 Roles and Authentication 8 Services 9 Rules 11 Delivery and Operation 12 Physical Security 13 Strength of Functions 14 Self Tests 15 Algorithms 16 3 4 Ultralock Symmetric Module security policy: v1.0.1 .cte ,yromem gnidulcni ,stnenopmoc lanoitidda fo rebmun llams a seriuqer pihc sihT .erawdrah detacided sulp seroc rossecorp elpitlum sah hcihw - pihc 0102NB eht - pihc elgnis a no tnediser yllacisyhp era revres yxorp eht fo stnenopmoc niam ehT .sdeeps enil lluf ta noitacinummoc tenretni eruces gnireviled ,retupmoc tsoh eht morf gnissecorp SLT eht daol ffo yletelpmoc sdrac esehT .trop etarapes yllacisyhp a no noitacinummoc PI/PCT txet nialp dna trop tenrehte eno no noitacinummoc PI/PCT eruces htiw ,srevres yxorp SLT sa tca taht sdrac ICP a si artlU ecroFn rehpiCn ehT .rehpiCn yb derutcafunam eb won lliw stcudorp esehT .rehpiCn dna maertsetirB yb yltnioj depoleved yllanigiro snoitulos rotarelecca cihpargotpyrc fo enil artlU ecroFn eht fo pihsrenwo lluf ekat ot rehpiCn selbane noitisiuqca sihT .cnI skrowteN maertsetirB fo stessa eht deriuqa evah rehpiCn etoN .0521NB maertsetirB eht sa dlos osla ylsuoiverp - tcudorp artlU ecroFn rehpiC eht fo trap smrof taht eludom 1 level 2-041 SPIF a si eludoM cirtemmyS kcolartlU ehT The Ultralock Symmetric Module 5 Ultralock Symmetric Module security policy: v1.0.1 .neerg ni dethgilhgih MSHiniM eht dna eulb ni dethgilhgih eludoM cirtemmysA rehpi Cn maertsetirB eht mrof taht stnenopmoc eht htiw eludoM cirtemmyS kcolartlU eht swohs margaid gniwollof ehT .3 level 2-041 SPIF ot yletarapes detadilav neeb evah hcihw MSHiniM rehpiCn dna eludoM cirtemmys A rehpiCn maertsetirB eht gnidulcni ,drac ICP eht no stnenopmoc lla fo stsisnoc eludoM cirtemmyS kcolartlU ehT .2-041 SPIF ni denifed sa eludom deddebme pihcitlum a si eludoM cirtemmyS kcolartlU ehT .MSHiniM eht fo sliated rof 276 etacifitrec ot dna 0102MB eht fo noitarepo cihpargotpyrc cirtemmysa fo sliated rof ,607 etacifitrec 2-041 SPIF ,eludom taht rof ycilop ytiruces eht ot refeR .MSHiniM rehpiCn eht dna eludoM cirtemmysA rehpiCn maertsetirB eht rof noitadilav etarapes a si erehT .ylno eludoM cirtemmyS kcolartlU eht rof si noitadilav sihT etoN Long-term keys Asymmetric Module Britestream nCipher TRAFFIC TRAFFIC TCP/IP Server TCP/IP SSL / TLS Proxy PLAINTEXT TLS Client TCP/IP stack Server TCP/IP stack Ephemeral keys Ultralock Symmetric Module :margaid gniwollof eht ni nwohs sa - syek cirtemmys laremehpe dna syek cirtemmysa mret gnol rof seludom cihpargotpyrc etarapes sedulcni 0102NB ehT Britestream - nCipher 6 Ultralock Symmetric Module security policy: v1.0.1 .00.a 70000-010 noisrev erawdrah si eludoM cirtemmyS kcolartlU ehT .eludoM cirtemmyS kcolartlU eht fo trap mrof erawdrah dna srossecorp rehto eht ,eludoM cirtemmysA rehpi Cn maertsetirB eht yb desu si - CRA tnemeganam eht - rossecorp enO .srossecorp CRA lareves sniatnoc - eulb rekrad eht ni nwohs - pihc 0102NB ehT bridge (Server) (Client) Ethernet to PCI Ethernet Phy Ethernet Phy MiniHSM RJ45 components Power port Serial Phy (Mgt) Ethernet SRAM U34 BN2010 Flash Boundary Potting switch FPGA DIP CPLD DDR Socket PCI board layout Figure 1 Britestream - nCipher 7 Ultralock Symmetric Module security policy: v1.0.1 .ecivres teser eht mrofrep ot eludom eht sesuac nottub teser eht gnisserP .eludoM cirtemmysA rehpiCn maertsetirB eht hguorht detuor si noitamrofni sutats dna lortnoC etoN PCI interface Power LEDs TCP status RJ-45 socket Status Output Messages PCI Interface Reset button Reset Control Input PCI Interface Commands RJ-45 socket Cipher text Data Output PCI Interface Plain text RJ-45 socket Cipher text Data Input PCI Interface Plain text Physical Interface FIPS 140 Interface .tuo sutats dna ni lortnoc ,tuo atad ,ni atad rof ecafretni ICP eht no - strop PI/PCT - slennahc lacigol etarapes era erehT .drac ICP eht no secafretni lacisyhp ot detcennoc era eseht woh dna eludoM cirtemmyS kcolartlU eht fo secafretni atad eht stsil elbat gniwollof ehT .drac ICP a no deilppus si eludoM cirtemmyS kcolartlU ehT Ports and interfaces Ports and interfaces Britestream - nCipher 8 Ultralock Symmetric Module security policy: v1.0.1 .rotarepo eht ot meht sdnes nrut ni hcihw eludo M cirtemmysA rehpiCn maertsetirB eht ot seilper sdnes eludoM cirtemmyS kcolartlU ehT .eludo M cirtemmyS kcolartlU eht ot sdnammoc eht sessap hcihw eludoM cirtemmysA rehpiCn maertsetirB eht ot sdnammoc timbus neht nac yehT .elor rotartsinimdA na ni eludoM cirtemmysA rehpiCn maertsetirB eht ot no gol tsrif tsum rotarepo eht ,elor rotartsinimd A eht emussa ot redro nI .emit yna ta elor hcae emussa yam rotarepo eno ylnO .elor hcae rof ecafretni etarapes a sah eludom ehT .ecafretni etairporppa eht no eludom eht ot gnitcennoc yb elor a semussa resu A policies set by the Administrator. for symmetric encryption and decryption, based on TCP TCP Operator Routes TLS application traffic to the Symmetric Module, policies set by the Administrator. causes keys to be derived by the module: based on TLS TLS Operator Negotiates the TLS handshake, loads key seeds and Initializes the module and receives status messages. Administrator Performs Role .selor rotarepo owt dna elor rotartsinimda eno sah eludom ehT Roles and Authentication Roles and Authentication Britestream - nCipher Britestream - nCipher Services Services .elbat gniwollof eht ni detsil secivres eht stroppus eludom ehT ot ssecca eht ,ecivres eht esu nac taht selor eht stsil elbat eht ,ecivres hcae roF ni detsil sepyt devorppa SPIF-non htiw ,sepyt yek elbaliava eht dna ,sPSC .sisehtnerap .snoitcnuf noitareneg yek yna edulcni ton seod eludoM cirtemmyS kcolartlU ehT .)6422 CFR( locotorp SLT gnisu devired era eludom eht yb desu syeK seitilicaf on era ereht - deyortsed era yeht litnu terces syek lla speek eludom ehT .mrof yna ni syek tropxe ot Key access Description Derive Derives a in-memory object., but does not reveal value. Writes over the object from memory, or non-volatile memory without revealing Overwrite value Set Changes a CSP to a given value Performs an operation with an existing CSP - without revealing or changing Use the CSP Role Description Service name Key Use Admin TLS TCP Key types Show Status Yes No No Reports the status of the module Clears all memory. The reset service can also be activated by pressing the reset button. Zeroize Yes No No Overwrites all keys All keys Causes all power-on and known-answer self tests to run. Initialize/Self Test Yes No No Sets, uses and overwrites all keys AES128, AES256, Triple DES, HMAC-SHA-1 Imports a seed in plain text. Three seeds are required to derive a TLS key set. Import Seed No Yes No Sets a seed TLS seed (SSL seed) Ultralock Symmetric Module security policy: v1.0.1 9 Britestream - nCipher Services Role Description Service name Key Use Admin TLS TCP Key types Uses the three imported seeds to derive a set of keys using the TLS, or SSL, protocol. See "Algorithms" on page 16 TLS No Yes No for encryption strengths. Derives a key from components TLS (SSL) key Decrypts a message using a TLS key. Decrypt No Yes Yes Uses a TLS key AES128, AES256, Triple DES (RC4, DES) Verifies a MAC using the TLS HMAC key. Returns true or false. Verify HMAC No Yes Yes Uses a TLS HMAC key HMAC-SHA1 (HMAC-MD5) Encrypts a message using a TLS key. Encrypt No Yes Yes Uses a TLS key AES128, AES256, Triple DES (RC4, DES) Generates a TLS HMAC message digest using TLS HMAC KEY. Generate HMAC No Yes Yes Uses a TLS HMAC key HMAC-SHA1 (HMAC-MD5) Hashes a message Hash No Yes Yes No access to CSPs SHA-1 (MD5) Invalidates all keys for this connection, Close connection No Yes No keys cannot be reused. Overwrites keys Ultralock Symmetric Module security policy: v1.0.1 10 11 Ultralock Symmetric Module security policy: v1.0.1 .noitcennoc esolC 6 .atad tneilc eht fo edoc noitacitnehtua egassem eht yfirev ot 1-AHS-CAMH esU .atad revres eht rof edoc noitacitnehtua egassem eht evired ot 1 -AHS-CAMH esU .tneilc morf atad tpyrced dna revres morf atad tpyrcne ot syek eht esU 5 .syek dracsid sliaf noitacifirev fi ,yltcerroc devired neeb evah syek eht taht yfirev ot 1-AHS-CAMH esU 4 .noitcennoc siht rof syek fo tes a evired ot noitcnuf noitavired yek SLT eht esU 3 .ecnon retsamerp ,ecnon revres ,ecnon tneilc ,sdees eerht eht tropmI 2 .ecnon retsamerp detpyrcne ASR s'tneilc eht tpyrced ,eludoM cirtemmysA rehpiCn maertsetirB eht evaH 1 .noitacificeps SLT eht ni nwod dial snoitisnart etats eht wollof tsum eludom eht yb desu yek yrevE .slocotorp LSS dna SLT eht stnemelpmi hcihw revres yxorP LSS a fo trap sa esu rof dengised yllacificeps si eludom ehT Rules Rules Britestream - nCipher 12 Ultralock Symmetric Module security policy: v1.0.1 .dnammoc setProxyState eht gnisu yxorp siht no nruT 3 :noitarepo fo edom devorppa-SPIF ni desu eb yam setius rehpic gniwollof ehT .eludom 3 level 2-041 SPIF "eludoM cirtemmysA rehpiCn maertsetirB" eht rof ycilop ytiruces eht ees ,dnammoc eht gnisu enod si sihT setGlobalCipher 1AHS_652_SEA_ASR · 1AHS_821_SEA_ASR · 1AHS_861_CDC_ED E_SED3_ASR · :smhtirogla devorppa esu taht setius rehpic gniwollof esu ylno ot eludom eht erugifnoc ,edom SPIF ni etarepo ylno ot eludom eht eriuqer uoy fI .smhtirogla devorppa SPIF gnisu nehw edom devorppa SPIF ni si eludom ehT .smhtirogla devorppa SPIF-non dna devorppa SPIF htob sreffo eludoM cirtemmyS kcolartlU eht ,stneilc elbissop fo rebmun mumixam eht htiw ytilibitapmoc reffo ot redro nI .dnammoc setProxySSL eht gnisu yxorp siht rof esu ot setius rehpic eht enifeD 2 .dnammoc setProxy eht gnisu ciffart ssecorp lliw yxorp siht hcihw rof sesserdda PCT eht enifeD 1 .eludom 1 level eht erugifnoc nac uoy derugifnoc si siht ecnO .607 etacifitrec 2-041 SPIF ees ,ycilop ytiruces sti ni debircsed sa ,eludom 3 level 2-041 SPIF "eludoM cirtemmysA rehpiCn maertsetirB" eht erugifnoc tsrif tsum uoy eludoM cirtemmyS maertsetirB eht esu ot redro nI Delivery and Operation Delivery and Operation Britestream - nCipher 13 Ultralock Symmetric Module security policy: v1.0.1 .noitarbiv dna kcohs dna ,ytilibailer ,erutarepmet ,segnar egatlov dna rewop ot sdrager ni stnenopmoc edarg noitcudorp ,dradnats yrtsudni fo stsisnoc erawdrah s'eludom ehT .eludom cihpargotpyrc deddebme pihc-itlum a si eludom ehT Physical Security Physical Security Britestream - nCipher 14 Ultralock Symmetric Module security policy: v1.0.1 dessecca eb tonnac lairetam yek ,devired ecnO .stnenopmoc eerht lla tuohtiw yek a evired ot elbissop ton si tI .msinahcem noitavired yek SLT eht gnisu devired era syek neht dna yletarapes dedaol era sdeeS Strength of Functions Strength of Functions Britestream - nCipher 15 Ultralock Symmetric Module security policy: v1.0.1 .etats rorre na otni tup si eludom eht liaf stset eseht fo yna fI .yradnuob 1 level eht nihtiw decrofne era selur ssapyb eht ,revewoH .ecivres setPassThru eht gnisu eludoM cirtemmysA rehpiCn maertsetirB eht ni derugifnoc si tset ssapyB ehT .edom ssapyb eht stset osla eludom ehT .erawdrah ni rotareneg rebmun-modnar citsinimreted non eht fo tset suounitnoc a smrofrep eludom ehT .pu trats ta smhtirogla lla no stset rewsna nwonk smrofrep eludoM cirtemmyS kcolartlU ehT Self Tests Self Tests Britestream - nCipher 16 Ultralock Symmetric Module security policy: v1.0.1 .69 etacifitreC RNG* .301 etacifitreC .noitacifirev erutangis ASR RSA* .htgnerts noitpyrcne fo stib 211 sedivorp ygolodohtem tnemhsilbatse yek ,tnemeerga yeK Diffie Hellman* .831 etacifitreC DSA* .57 etacifitreC HMAC-SHA-1 .243 etacifitreC SHA-1 .362 etacifitreC .htgnerts noitpyrcne fo stib 652 ro 821 sedivorP AES (128-bit or 256-bit keys) .543 etacifitreC .htgnerts noitpyrcne fo stib 651 ro 211 sedivorP Triple DES (112-bit or 156-bit keys) FIPS approved algorithms .607 etacifitrec eludoM cirtemmysA rehpiCn maertsetirB yb dedivorp era ksiretsa na htiw dekram smhtiroglA etoN .smhtirogla gniwollof eht sesu eludoM cirtemmyS kcolartlU ehT Algorithms Algorithms Britestream - nCipher 17 Ultralock Symmetric Module security policy: v1.0.1 .LSS dna SLT rof ecnon revres eht etareneg ot desu si GNR erawdrah tnialpmoc-non A etoN .noitarepo fo edom devorppa-SPIF non a si tnemeerga yek LSS SSL .noitarepo fo edom devorppa-SPIF seludom eht ni detroppus era syek namlle H-eiffiD tib-8402 ro ASR tib-6904 ot pu htiw syek SEA tib-652 ro tib-821 dna syek SED elpirt tib-651 dna tib-211 .seludom detadilav 2-041 SPIF yb esu rof devorppa si tnemeerga yek SLT TLS Protocols .htgnerts noitpyrcne fo stib-051ot -08 sedivorp ,slocotorp LSS dna SLT fo trap sa ,gnipparw yek ASR RSA* MD5 HMAC MD5 RC4 .ycilop noitisnart SED PVAC ot eud tnailpmoc-noN etoN DES Non Approved algorithms Algorithms Britestream - nCipher Addresses nCipher Corporation Ltd. nCipher Inc. Cambridge, UK Boston Metro Region, USA Jupiter House 92 Montvale Avenue, Suite 4500 Station Road Stoneham, MA 02180 Cambridge USA CB1 2JD UK Tel: 800-NCIPHER Tel: +44 (0) 1223 723600 800-6247437 Fax: +44 (0) 1223 723601 +1 (781) 994 4000 Fax: +1 (781) 994 4001 E-mail: sales@ncipher.com E-mail: sales@us.ncipher.com support@ncipher.com support@ncipher.com Internet addresses Web Site: http://www.ncipher.com/ Online Documentation: http://active.ncipher.com/documentation/ Note nCipher also maintain international sales offices. Please contact the UK, or the US, head office for details of your nearest nCipher representative.