### **Curtiss-Wright Controls Defense Solutions**

3U VPX-ITB FSM Flash Storage Module Hardware Part Number: RHFS-3UR1024-F, RHFS-3UJ1024-F, Firmware Version: 1.11

### FIPS 140-2 Non-Proprietary Security Policy

FIPS Security Level: 2 Document Version: 1.2

Prepared for:

Controls **Defense Solutions** 

**Curtiss-Wright Controls Defense Solutions** 2600 Paramount Place, Suite 200 Fairborn, OH 45324 United States of America

> Phone: +1 (937) 252-5601 http://www.cwcdefense.com

Prepared by:



**Corsec Security, Inc.** 13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, Virginia 22033 United States of America

> Phone: +1 (703) 267-6050 http://www.corsec.com

#### Table of Contents

| L | INT |                                           | .3 |
|---|-----|-------------------------------------------|----|
|   | 1.1 | Purpose                                   | .3 |
|   | 1.2 | References                                | .3 |
|   | 1.3 | DOCUMENT ORGANIZATION                     | .3 |
| 2 | VPX | (3-FSM                                    | .4 |
|   | 2.1 | Overview                                  | .4 |
|   |     | 2.1.1 3U VPX-1TB FSM Flash Storage Module | .4 |
|   | 2.2 | MODULE SPECIFICATION                      | .6 |
|   | 2.3 | Module Interfaces                         | .6 |
|   | 2.4 | Roles and Services                        | .8 |
|   |     | 2.4.1 Authentication                      | 10 |
|   | 2.5 | Physical Security                         | 11 |
|   | 2.6 | OPERATIONAL ENVIRONMENT                   | П  |
|   | 2.7 | CRYPTOGRAPHIC KEY MANAGEMENT              | 11 |
|   | 2.8 | Self-Tests                                | 13 |
|   |     | 2.8.1 Power-Up Self-Tests                 | 13 |
|   |     | 2.8.2 Conditional Self-Tests              | 13 |
|   | 2.9 | MITIGATION OF OTHER ATTACKS               | 13 |
| 3 | SEC | URE OPERATION                             | 4  |
|   | 3.1 | Multiple Approved Modes                   | 14 |
|   | 3.2 | INITIAL SET-UP                            | 14 |
|   |     | 3.2.1 CO and User Account Setup           | 14 |
|   | 3.3 | SECURE MANAGEMENT                         | 14 |
|   |     | 3.3.1 Initialization                      | 15 |
|   |     | 3.3.2 Zeroization                         | 16 |
|   | 3.4 | CO AND USER GUIDANCE                      | 16 |
| 4 | ACF | RONYMS                                    | 7  |

### Table of Figures

| Figure 1 – 3U VPX-ITB FSM Flash Storage Module             | 5  |
|------------------------------------------------------------|----|
| FIGURE 2 – VPX3-FSM FRONT PANEL PORT INTERFACES            | 8  |
| FIGURE 3 – VPX3-FSM VPX PORT LOCATION                      | 8  |
| FIGURE 4 – VPX3-FSM TAMPER-EVIDENT SEAL PLACEMENT (TOP)    | 15 |
| FIGURE 5 – VPX3-FSM TAMPER-EVIDENT SEAL PLACEMENT (BOTTOM) | 16 |

#### List of Tables

| 5  |
|----|
| 6  |
| 9  |
|    |
| 12 |
| 17 |
|    |

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **2** of 19



# Introduction

### I.I Purpose

This is a non-proprietary Cryptographic Module Security Policy for the 3U VPX-1TB FSM Flash Storage Module from Curtiss-Wright Controls Defense Solutions. This Security Policy describes how the 3U VPX-1TB FSM Flash Storage Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S.and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp.

This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the modules. The 3U VPX-1TB FSM Flash Storage Module, which includes both hardware versions, is referred to in this document as VPX3-FSM or the module.

## I.2 References

This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:

- The Curtiss-Wright website (<u>http://www.curtisswright.com</u>) contains information on the full line of products from Curtiss-Wright. The website (<u>http://www.cwcdefense.com</u>) contains information on the full line of products from Curtiss-Wright Controls Defense Solutions.
- The CMVP website (<u>http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm</u>) contains contact information for individuals to answer technical or sales-related questions for the module.

## **I.3 Document Organization**

The Security Policy document is one document in a FIPS 140-2 Submission Package provided to the test laboratory. In addition to this document, the Submission Package contains:

- Vendor Evidence Document
- Finite State Model
- Validation Submission Summary
- Other supporting documentation as additional references

This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Curtiss-Wright. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Curtiss-Wright and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Curtiss-Wright.

Security Policy, Version 1.2



This section describes the 3U VPX-1TB FSM Flash Storage Module from Curtiss-Wright Controls Defense Solutions.

## 2.1 Overview

Curtiss-Wright Controls Defense Solutions is the Motion Control business segment of Curtiss-Wright Corporation. It manufactures sophisticated, high-performance mechanical actuation and drive systems, specialized sensors, motors, and electronic controller units, and mission-critical embedded computing components and control systems. With manufacturing facilities that span the globe, Curtiss-Wright Controls delivers cost-effective and innovative products and services to its diverse customer base, including the aerospace, defense, and industrial markets. Their proven technical expertise and industry-leading capabilities provide complex motion control subsystems that operate at maximum performance and efficiency levels. The Defense Solutions business unit of Curtiss-Wright Controls, which produces the 3U VPX-1TB FSM Flash Storage Module, creates and integrates state-of-the-art rugged electronics for aerospace and defense applications.

#### 2.1.1 3U VPX-ITB FSM Flash Storage Module

The VPX3-FSM is a rugged, compact, and efficient one TB<sup>1</sup> data storage device that complies with the VITA<sup>2</sup> 46/48 standards. It is a VPX-REDI<sup>3</sup> Type 2 module that can be plugged into any VPX<sup>4</sup> chassis that accommodates conduction-cooled modules with a 3U<sup>5</sup> form factor and only requires 5-volts from the VPX backplane. The VPX3-FSM is available in two hardware configurations, supporting either a single SATA<sup>6</sup> lane (RAID<sup>7</sup>0) (Hardware Version: RHFS-3UR1024-F) or four independent SATA lanes (JBOD<sup>8</sup>) (Hardware Version: RHFS-3UJ1024-F). The VPX3-FSM unit can augment or replace an existing rotating data storage device in a VPX chassis and provide greater reliability due to its solid-state storage and conduction-cooled structure.

Figure 1 represents the 3U VPX-1TB FSM Flash Storage Module in both configurations. A label with the VPX3-FSM hardware version number is placed on the upper-left corner of up the bottom cover for quick identification of the module.

<sup>&</sup>lt;sup>1</sup> TB – Terabyte

<sup>&</sup>lt;sup>2</sup> VITA – VME International Trade Association

<sup>&</sup>lt;sup>3</sup> VPX-REDI – Versatile Performance Switching-Ruggedized Enhanced Design Implementation

<sup>&</sup>lt;sup>4</sup> VPX – Versatile Performance Switching

<sup>&</sup>lt;sup>5</sup> U – Rack Unit

<sup>&</sup>lt;sup>6</sup> SATA - Serial Advanced Technology Attachment

<sup>&</sup>lt;sup>7</sup> RAID – Redundant Array of Independent Disks

<sup>&</sup>lt;sup>8</sup> JB<u>OD – Just a Bunch Of Drives</u>

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page 4 of 19

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions

This document may be freely reproduced and distributed whole and intact including this copyright notice.



Figure I – 3U VPX-ITB FSM Flash Storage Module

The VPX3-FSM provides an effective capacity after flash over-provisioning of 800 GB<sup>9</sup> of solid-state memory utilizing SLC<sup>10</sup> NAND<sup>11</sup> flash components. The design includes over-provisioning for faster write operations and improved reliability. It also supports dynamic and static data wear-leveling for even distribution of erase/write cycles. This prevents excessive writes to the same locations extending the life cycle of the flash. The VPX3-FSM supports key generation, user authentication and authorization, and full disk encryption using Advanced Encryption Standard (AES). Key management can be handled internally on VPX3-FSM or externally by a host system. An on-board microcontroller monitors temperature, power, and error conditions. The internal structure is designed to dissipate component heat, provide rigidity, and move heat to the outer enclosure. This closed conduction-cooled structure makes the VPX3-FSM less susceptible to problems due to adverse environments and provides silent vibration-free operation.

The 3U VPX-1TB FSM Flash Storage Module is validated at the following FIPS 140-2 Section levels:

| Section | Section Title                             | Level |
|---------|-------------------------------------------|-------|
| I       | Cryptographic Module Specification        | 3     |
| 2       | Cryptographic Module Ports and Interfaces | 2     |
| 3       | Roles, Services, and Authentication       | 3     |
| 4       | Finite State Model                        | 2     |
| 5       | Physical Security                         | 2     |
| 6       | Operational Environment                   | N/A   |

| Table I – Security I | Level Per FIPS | 140-2 Section |
|----------------------|----------------|---------------|
|----------------------|----------------|---------------|

<sup>9</sup> GB – Gigabyte

<sup>11</sup> NAND – Not AND

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **5** of 19

© 2013 Curtiss-Wright Controls Defense Solutions

<sup>&</sup>lt;sup>10</sup> SLC – Single-Level Cell

| Section | Section Title                | Level |
|---------|------------------------------|-------|
| 7       | Cryptographic Key Management | 2     |
| 8       | EMI/EMC <sup>12</sup>        | 2     |
| 9       | Self-tests                   | 2     |
| 10      | Design Assurance             | 3     |
| 11      | Mitigation of Other Attacks  | N/A   |

### 2.2 Module Specification

The 3U VPX-1TB FSM Flash Storage Module is a hardware module with a multi-chip embedded embodiment. The overall security level of the module is 2. The module supports two FIPS-Approved modes of operation. The first Approved mode of operation is defined as *Security Mode 1* and generates an AES Data Encryption Key (DEK) internally. The second Approved mode of operation is defined as *Security Mode 2*. *Security Mode 2* does not generate an AES DEK internally; instead it accepts externally generated DEKs. Instructions on how to invoke these two modes are provided in Section 3.2.

The cryptographic boundary of the 3U VPX-1TB FSM Flash Storage Module is defined by the anodized aluminum covers that enclose the module and surround all the hardware and software components. Please note that references to the module in this document refer to both the RAID0 and JBOD versions of the module.

### 2.3 Module Interfaces

The VPX3-FSM supports the four logical interfaces defined in FIPS 140-2: Data Input, Data Output, Control Input, and Status Output. In addition, the module supports a Power Input interface. Table 2 explains the mapping of the module's physical ports to the FIPS interfaces and Figure 2 and Figure 3 depict the physical ports of the VPX3-FSM.

| Physical Port             | VPX Port | Description                                  | FIPS 140-2 Interfaces                                    |
|---------------------------|----------|----------------------------------------------|----------------------------------------------------------|
| VPX 5V                    | PO       | Connection to VPX chassis for power supply   | Power Input                                              |
| I2C <sup>13</sup> Primary | PO       | I2C system management                        | Data Input, Data Output,<br>Control Input, Status Output |
| System Reset              | PO       | Reboot signal from host via VPX<br>backplane | Control Input                                            |
| +3.3V auxiliary<br>supply | PO       | Auxiliary power supply                       | Power Input                                              |
| VBAT                      | PI       | Battery voltage power supply                 | Power Input                                              |
| SATA Lane 4               | PI       | SATA transmit and receive                    | Data Input, Data Output                                  |
| SATA Lane 5               | PI       | SATA transmit and receive                    | Data Input, Data Output                                  |

| Table 2 – Mapping o | f VPX3-FSM Physical | Interfaces to FIPS | 140-2 Logical Interfaces |
|---------------------|---------------------|--------------------|--------------------------|
|---------------------|---------------------|--------------------|--------------------------|

Page **6** of 19

 $<sup>^{12}\</sup> EMI/EMC-Electromagnetic\ Interference\ /\ Electromagnetic\ Compatibility$ 

<sup>&</sup>lt;sup>13</sup> I2C – Inter-Integrated Circuit

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions

This document may be freely reproduced and distributed whole and intact including this copyright notice.

| Physical Port           | VPX Port | Description                                                                                                | FIPS 140-2 Interfaces                                    |
|-------------------------|----------|------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|
| SATA Lane 0             | P2       | SATA transmit and receive                                                                                  | Data Input, Data Output                                  |
| SATA Lane I             | P2       | SATA transmit and receive                                                                                  | Data Input, Data Output                                  |
| SATA Lane 2             | P2       | SATA transmit and receive                                                                                  | Data Input, Data Output                                  |
| SATA Lane 3             | P2       | SATA transmit and receive                                                                                  | Data Input, Data Output                                  |
| RS232                   | P2       | Serial communications                                                                                      | Data Input, Data Output,<br>Control Input, Status Output |
| I2C Secondary           | P2       | I2C system management                                                                                      | Data Input, Data Output,<br>Control Input, Status Output |
| Security Trigger        | P2       | External trigger signal from host via VPX<br>backplane to zeroize keys and user<br>account information     | Control Input                                            |
| RTM CardFail Signal     | P2       | Asserted when: Internal or external error condition                                                        | Status Output                                            |
| RTM Status Signal       | P2       | Indicates when AES key is loaded into encryption processor                                                 | Status Output                                            |
| Push Button Switch      | N/A      | Front panel button to zeroize keys and<br>user account information (labeled KEY<br>CLR on front panel)     | Control Input                                            |
| Fault LED <sup>14</sup> | N/A      | Asserted when: Internal or external error condition                                                        | Status Output                                            |
| Power LED               | N/A      | Illuminates GREEN when module is powered up                                                                | Status Output                                            |
| Status LED              | N/A      | Illuminates YELLOW when an AES key<br>has been successfully loaded for<br>encryption/decryption processing | Status Output                                            |

<sup>&</sup>lt;sup>14</sup> LED – Light Emitting Diode Curtiss-Wright 3U VPX-1TB FSM Flash Storage Module

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.



Figure 2 – VPX3-FSM Front Panel Port Interfaces





### 2.4 Roles and Services

In both FIPS-Approved modes, the module supports identity-based authentication and authorization using a Userid and password. There are two roles in the VPX3-FSM (as required by FIPS 140-2) that operators

may assume: a Crypto Officer (CO) role and a User role. The CO installs the module and can execute all of the module's services. The User can execute a subset of the module's services. Both the CO and User manage the device by authenticating to the module via the RS232 or I2C ports and issuing commands through the User Control Interface (UCI). Descriptions of the services available in each Approved mode are provided in Table 3 below. The approved mode that the service is available in is shown in the "Security Mode" column. Please note that the CSPs<sup>15</sup> listed in the table indicate the type of access required using the following notation:

**R** – **Read:** The plaintext CSP is read by the service.

*W* – *Write: The CSP is established, generated, modified, or zeroized by the service.* 

X - Execute: The CSP is used within an Approved or allowed security function or authentication mechanism.

| Service                      | Role       | Security<br>Mode | Description                                                                                               | Input   | Output | CSP and<br>Type of Access                         |
|------------------------------|------------|------------------|-----------------------------------------------------------------------------------------------------------|---------|--------|---------------------------------------------------|
| Push Button<br>Switch        | CO<br>User | 1, 2             | Zeroize keys, configuration data, and all user<br>authentication data via front panel                     | Command | Status | DEK – W<br>KEK <sup>16</sup> – W<br>Passwords – W |
| Security Trigger             | CO<br>User | 1, 2             | Zeroize keys, configuration data, and all user<br>authentication data via VPX backplane signal            | Command | Status | DEK – W<br>KEK – W<br>Passwords – W               |
| System Reset                 | CO<br>User | 1, 2             | Reboot the module via VPX backplane signal                                                                | Command | Status | None                                              |
| Sanitize (UCI)               | CO<br>User | 1, 2             | Zeroize keys, configuration data, and all user<br>authentication data                                     | Command | Status | DEK – W<br>KEK – W<br>Passwords – W               |
| Clear DEK (UCI)              | CO<br>User | 1, 2             | Zeroize DEK only                                                                                          | Command | Status | DEK – W                                           |
| Clear Key (UCI)              | CO<br>User | 1, 2             | Zeroize DEK only, DEK+KEK, or DEK+KEK+Passwords                                                           | Command | Status | KEK – W<br>DEK – W<br>Passwords – W               |
| Clear all (UCI)              | CO<br>User | 1, 2             | Zeroize keys, including the PSK <sup>17</sup> , configuration data, and all user authentication data      | Command | Status | DEK – W<br>KEK – W<br>PSK – W<br>Passwords – W    |
| Setup user<br>accounts (UCI) | со         | 1, 2             | Display, create, modify, or delete user accounts                                                          | Command | Status | Passwords – W                                     |
| Set security<br>mode (UCI)   | со         | 1, 2             | Specify if DEK is entered into module or generated internally. A security mode change causes zeroization. | Command | Status | DEK – W<br>KEK – W<br>Passwords – W               |
| Generate DEK<br>(UCI)        | со         | I                | Generate and store a new DEK                                                                              | Command | Status | DEK – RW                                          |

#### Table 3 - Mapping of Services to Roles, Inputs, Outputs, CSPs, and Type of Access

<sup>16</sup> KEK – Key Encryption Key

<sup>17</sup> PSK – Pre-Shared Key

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **9** of 19

© 2013 Curtiss-Wright Controls Defense Solutions

<sup>&</sup>lt;sup>15</sup> CSP – Critical Security Parameter

| Service                                   | Role       | Security<br>Mode | Description                                                                                        | Input           | Output         | CSP and<br>Type of Access         |
|-------------------------------------------|------------|------------------|----------------------------------------------------------------------------------------------------|-----------------|----------------|-----------------------------------|
| Generate KEK<br>(UCI)                     | со         | 1, 2             | Generate a new KEK. Encrypts new KEK with old KEK and exports it                                   | Command         | Status,<br>key | KEK - RWX                         |
| Store KEK (UCI)                           | со         | 1, 2             | Stores the latest generated KEK                                                                    | Command         | Status         | KEK-R                             |
| Enter DEK (UCI)                           | со         | 2                | DEK entry and storage                                                                              | Command,<br>key | Status         | DEK – RW<br>KEK – RWX<br>PSK – RX |
| Set password<br>(UCI)                     | CO<br>User | 1, 2             | Set/change passwords                                                                               | Password        | Status         | Password – RW                     |
| Select SATA port configuration            | CO<br>User | 1, 2             | Configure SATA port configuration                                                                  | Command         | Status         | None                              |
| Select UCI<br>communication<br>port (UCI) | CO<br>User | Ι, 2             | Display or configure communication settings                                                        | Command         | Status         | None                              |
| Set I2C slave<br>address (UCI)            | со         | 1, 2             | I2C node address setup                                                                             | Command         | Status         | None                              |
| View SATA<br>connection status<br>(UCI)   | CO<br>User | 1, 2             | Display SATA lane configuration                                                                    | Command         | Status         | None                              |
| View<br>temperature<br>status (UCI)       | CO<br>User | 1, 2             | Display output from temperature sensors                                                            | Command         | Status         | None                              |
| View DEK status<br>(UCI)                  | CO<br>User | 1, 2             | Display DEK load status and storage location                                                       | Command         | Status         | None                              |
| View KEK status<br>(UCI)                  | CO<br>User | 1, 2             | Display KEK load status and storage locations                                                      | Command         | Status         | None                              |
| View FSM ID<br>(UCI)                      | CO<br>User | 1, 2             | Display the FSM module ID                                                                          | Command         | Status         | None                              |
| View Security<br>Mode (UCI)               | CO<br>User | 1, 2             | View the current security mode of the FSM                                                          | Command         | Status         | None                              |
| View error status<br>(UCI)                | CO<br>User | 1, 2             | Display error conditions (including POST <sup>18</sup> s and BIST <sup>19</sup> s) and log history | Command         | Status         | None                              |
| Clear error<br>status (UCI)               | со         | 1, 2             | Clear log history                                                                                  | Command         | Status         | None                              |
| Logoff (UCI)                              | CO<br>User | 1, 2             | Logoff                                                                                             | Command         | None           | None                              |

#### 2.4.1 Authentication

The 3U VPX-1TB FSM Flash Storage Module supports identity-based authentication to control all of the services it provides. To access the services on the module for each approved mode, the operator must

Page **10** of 19

<sup>&</sup>lt;sup>18</sup> POST – Power-On Self-Test

<sup>&</sup>lt;sup>19</sup> BIST – Built-In Self-Test

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions

provide the correct Userid and password combination to the module in order to gain access to the module. Each username is a unique identity to each operator of the module. The Userid provides access to either CO or User services depending on the role that it was assigned. CO and User account setup is covered in Section 3.2.1.

#### 2.4.1.1 Authentication Data Protection

The VPX3-FSM does not allow the disclosure, modification, or substitution of authentication data to unauthorized operators. Authentication data can only be modified by the operator who has assumed the CO role.

#### 2.4.1.2 Authentication Mechanism Strength

Passwords created for the CO and User shall be between 8 and 15 characters long and may consist of upper- and lower-case letters and numbers, for a total character space of 62 characters. There are, at minimum,  $62^8$  (2.18x10<sup>14</sup>) possible password combinations. This means there is a 1 in 2.18x10<sup>14</sup> chance that a random access attempt will succeed, surpassing the 1 in 1,000,000 requirement.

User accounts will be locked out after 10 contiguously failed login attempts. After an account is locked out, the CO must log in and reset the password for that Userid. Because user accounts are locked out after only 10 attempts, the probability of guessing the password to a Userid in a one minute period is less than 1 in 100,000.

### 2.5 Physical Security

The 3U VPX-1TB FSM Flash Storage Module is a multi-chip embedded cryptographic module. The module consists of production-grade components that include standard passivation techniques. The VPX3-FSM enclosure is constructed of two custom-machined 6061-T6 anodized aluminum covers. The top and bottom covers enclose this assembly and fasten together to form a rugged conduction-cooled VPX U3, 1" pitch data storage device. The case is sealed using tamper-evident warranty labels in order to prevent the covers from being removed without signs of tampering.

### 2.6 Operational Environment

The operational environment requirements do not apply to the 3U VPX-1TB FSM Flash Storage Module.

### 2.7 Cryptographic Key Management

The module implements the FIPS-Approved algorithms listed in Table 4 below in both FIPS-Approved modes of operation.

| Algorithm                                                            | Certificate Number |  |  |  |
|----------------------------------------------------------------------|--------------------|--|--|--|
| Symmetric Key Algorithm                                              |                    |  |  |  |
| AES-CBC, 128-, 192-, and 256-bit key sizes (hardware implementation) | #250               |  |  |  |
| AES-ECB 256-bit key sizes (software implementation)                  | #1978              |  |  |  |
| Secure Hashing Algorithm (SHA)                                       |                    |  |  |  |
| SHA-256                                                              | #1732              |  |  |  |

| Table 4 – | FIPS-Ap | proved A | lgorithm | Implem | entations |
|-----------|---------|----------|----------|--------|-----------|
|           |         |          |          |        |           |

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

© 2013 Curtiss-Wright Controls Defense Solutions

| Algorithm                                  | Certificate Number |  |  |  |  |
|--------------------------------------------|--------------------|--|--|--|--|
| Message Authentication Code (MAC) Function |                    |  |  |  |  |
| HMAC-SHA-256                               | #1191              |  |  |  |  |
| Deterministic Random Bit Generator (DRBG)  |                    |  |  |  |  |
| SP 800-90 HMAC_DRBG                        | #180               |  |  |  |  |

The module also implements the following non-Approved algorithm which is allowed in the FIPS-Approved mode of operation:

TRNG (True Random Number Generator; as the entropy source for SP800-90 HMAC\_DRBG) •

The cryptographic keys and other CSPs used by the module in both FIPS-Approved modes are shown in Table 5 below:

| CSP/Key                      | Туре                 | Input                                               | Output                          | Storage                                                      | Zeroization          | Use                                                 |
|------------------------------|----------------------|-----------------------------------------------------|---------------------------------|--------------------------------------------------------------|----------------------|-----------------------------------------------------|
| PSK (Pre-<br>shared key)     | AES 256-bit<br>key   | Pre-installed<br>at factory                         | Never                           | Plaintext in<br>RAM <sup>20</sup> or<br>EEPROM <sup>21</sup> | See Section<br>3.3.2 | Encrypt the<br>KEK                                  |
| KEK (Key<br>encryption key)  | AES 256-bit<br>key   | Generated<br>internally                             | Encrypted<br>with PSK<br>or KEK | Plaintext in<br>RAM,<br>SRAM <sup>22</sup> , or<br>EEPROM    | See Section<br>3.3.2 | Decrypt the<br>DEK                                  |
| DEK (Data<br>encryption key) | AES 256-bit<br>key   | Encrypted<br>with KEK or<br>generated<br>internally | Never                           | Plaintext in<br>RAM, SRAM,<br>or EEPROM                      | See Section<br>3.3.2 | Encrypt and<br>decrypt the data<br>on SATA flash    |
| HMAC key                     | HMAC SHA-<br>256 key | Generated<br>internally                             | Never                           | Plaintext in<br>RAM                                          | See Section<br>3.3.2 | Message<br>Authentication<br>with SHS <sup>23</sup> |
| CO/User<br>password          | Password             | Plaintext                                           | Never                           | Plaintext in<br>RAM, SRAM,<br>or EEPROM                      | See Section 3.3.2    | Login to the<br>UCI for module<br>management        |
| DRBG seed                    | Random<br>value      | Generated internally                                | Never                           | Plaintext in<br>RAM                                          | See Section 3.3.2    | Seed input to<br>SP 800-90<br>HMAC_DRBG             |

#### Table 5 – VPX3-FSM Keys, Key Components, and CSPs

Page **12** of 19

© 2013 Curtiss-Wright Controls Defense Solutions

 <sup>&</sup>lt;sup>20</sup> RAM – Random Access Memory
<sup>21</sup> EEPROM – Electrically Erasable Programmable Read-Only Memory
<sup>22</sup> SRAM – Static Random Access Memory
<sup>23</sup> SHS – Secure Hash Standard

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

This document may be freely reproduced and distributed whole and intact including this copyright notice.

### 2.8 Self-Tests

#### 2.8.1 Power-Up Self-Tests

In both FIPS-Approved modes, the 3U VPX-1TB FSM Flash Storage Module performs the following self-tests at power-up:

- Firmware integrity check (16-bit CRC<sup>24</sup>)
- Known Answer Tests (KATs)
  - o AES encryption and decryption
  - o SHA-256
  - o HMAC-SHA-256
  - HMAC\_DRBG

If an error occurs during a power-up self-test, the module will enter a critical error state. Data output from the module will be inhibited. The module will log the error into an error log and the Fault LED will illuminate. To correct the error, the CO must restart the module.

#### 2.8.2 Conditional Self-Tests

In both FIPS-Approved modes, the 3U VPX-1TB FSM Flash Storage Module performs the following conditional self-tests:

- Continuous Random Number Generator (RNG) test for HMAC\_DRBG
- Continuous RNG test for TRNG

If an error occurs during a conditional self-test, the module will enter a critical error state. Data output from the module will be inhibited. The module will log the error into an error log and the Fault LED will illuminate. To correct the error, the CO must restart the module.

## 2.9 Mitigation of Other Attacks

This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 2 requirements for this validation.

<sup>&</sup>lt;sup>24</sup> CRC – Cyclic Redundancy Check Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **13** of 19

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.



The 3U VPX-1TB FSM Flash Storage Module meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation.

## 3.1 Multiple Approved Modes

The 3U VPX-1TB FSM Flash Storage Module provides two FIPS-Approved modes of operation. The two Approved modes of operation are defined as *Security Mode 1* and *Security Mode 2*.. Section 3.2 provides instructions on how to configure the module in one of the two Approved modes. A description of the two Approved modes is provided in Section 3.3.

## 3.2 Initial Set-up

Sections 3 and 4 of the VPX3-FSM FIPS Flash Storage Module User Guide provide detailed instructions on how to unpack, install, and setup the module for the first time. The steps are summarized below.

- 1. After unpacking the module, a physical inspection should be conducted to:
  - a. Identify any damage to the assemblage or tamper-evident seals
  - b. Verify the correct seating of all screws and front panel switches.
- 2. The VPX-FSM is not a freestanding device. Therefore, mount the module into a VPX chassis frame that can accommodate a 3U, 1" pitch bay with wedgelock slots for conduction-cooled modules. Push the wedgelock handles in until each wedgelock expands enough to make contact with the conduction cooled chassis rails and verify the board is locked in place.
- 3. Establish serial communication to the device using either the RS-232 connection or I2C bus.
- 4. Configure the module by:
  - a. Establishing CO and User accounts (See Section 3.2.1)
  - b. Selecting the VPX I/O SATA lanes
  - c. Setting the *Security Mode* (see Section 3.3 below)
  - d. Selecting a storage option for the AES encryption key
  - e. In *Security Mode 1*, request the module to generate an AES encryption key
  - f. In Security Mode 2, enter an externally generated AES encryption key into the module.

#### 3.2.1 CO and User Account Setup

The startup account on the VPX3-FSM unit is "guest" with a default password of "xxxxxxx". After logging in as "guest", another login prompt appears. At this point, the CO will configure the module security mode, the storage device for the DEK, and a CO (Admin) username and password. Passwords shall be between 8 and 15 characters and may consist of upper- and lower-case letters and numbers. The CO will then log on using the newly set Admin credentials. The "FSM>" prompt will appear indicating that initial log on and account establishment has been completed. The CO may then add additional CO or User accounts. The "guest" Userid and default password are deleted after the first successful authentication by the CO. The "guest" Userid and password will be available again after zeroization.

## 3.3 Secure Management

The module operates in FIPS-Approved mode when used as specified within this Security Policy. The "mode" command will report if the module is in the FIPS-Approved mode. The VPX3-FSM FIPS Flash Storage Module User Guide specifies two Security Modes for the VPX3-FSM that both operate in FIPS-Approved mode. Each mode defines how the SATA flash encryption key management is performed. Following each power cycle or key zeroization, the VPX3-FSM software will determine the appropriate Security Mode to run based on configuration settings. The Security Modes are defined as follows:

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

<sup>© 2013</sup> Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.

- Security Mode 1 AES encryption key for SATA flash storage is to be generated internally.
  - When operating in *Security Mode 2*, the CO can issue the "mode 1" command to switch to this Approved mode\*
- Security Mode 2 AES encryption key for SATA flash storage is to be generated externally and entered into the module.
  - When operating in *Security Mode 1*, the CO can issue the "mode 2" command to switch to this Approved mode\*

\* Switching between security modes will cause the module to reboot and zeroize all stored keying material (See Section 3.3.2). Upon entering the new security mode, the module will perform the power-up self-tests listed in Section 2.8.1.

#### 3.3.1 Initialization

Four tamper-evident labels are applied by the vendor during manufacturing. Upon initialization of the module, the Crypto Officer shall visually inspect the labels to ensure that they are in the proper locations and that they do not show any signs of tampering. Labels will be placed on the two center screws located on the top and bottom of the module. Figure 4 and Figure 5 show the proper seal placement for the module.



Figure 4 – VPX3-FSM Tamper-Evident Seal Placement (Top)

Page 15 of 19

© 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.



Figure 5 – VPX3-FSM Tamper-Evident Seal Placement (Bottom)

#### 3.3.2 Zeroization

Cryptographic keys are zeroized in memory upon power-up after the module is power-cycled or rebooted. Keys and all other CSPs stored in SRAM or EEPROM can be zeroized by the following methods:

- Pressing the Push Button Switch on the front panel (labeled KEY CLR)
- Sending a Security Trigger signal from the host device via the VPX backplane
- Using the "Sanitize" services as listed in Table 3.
- Using the "Clear DEK" service as listed in Table 3. This only zeroizes the DEK used to protect the data stored on flash.
- Automatic zeroization of keys and CSPs occurs when changing the security mode, which designates if the AES encryption key will be internally generated or externally entered into the module.
- Automatic zeroization of keys and CSPs occurs when battery power is too low.

If the Push Button Switch is pressed or the Security Trigger is activated when the module is powered off, then zeroization will occur upon power up. The CO or User must wait until the module has been successfully rebooted in order to verify that zeroization has completed. The VPX3-FSM monitors the zeroization process, and if the process is interrupted, it will begin again upon reboot or power up.

## 3.4 CO and User Guidance

The Crypto Officer is responsible for initialization and security-relevant configuration and management of the module. Both the CO and User shall examine the enclosure regularly and see if there are signs of tamper attempts. If damage to the tamper-evident seals is found, then the device is not considered operating in the Approved mode of operation. The device must be returned to Curtiss-Wright for service before it can operate in the Approved mode of operation again.



Table 6 describes the acronyms used in this document.

#### Table 6 – Acronyms

| Acronym | Definition                                          |  |  |
|---------|-----------------------------------------------------|--|--|
| AES     | Advanced Encryption Standard                        |  |  |
| ASCII   | American Standard Code for Information Interchange  |  |  |
| BIST    | Built-In Self-Test                                  |  |  |
| СВС     | Cipher Block Chaining                               |  |  |
| СМУР    | Cryptographic Module Validation Program             |  |  |
| СО      | Crypto Officer                                      |  |  |
| CSEC    | Communications Security Establishment Canada        |  |  |
| CSP     | Critical Security Parameter                         |  |  |
| DRBG    | Deterministic Random Bit Generator                  |  |  |
| DEK     | Data Encryption Key                                 |  |  |
| EEPROM  | Electrically Erasable Programmable Read-Only Memory |  |  |
| EMC     | Electromagnetic Compatibility                       |  |  |
| EMI     | Electromagnetic Interference                        |  |  |
| FIPS    | Federal Information Processing Standard             |  |  |
| GB      | Gigabyte                                            |  |  |
| HMAC    | (Keyed-) Hash Message Authentication Code           |  |  |
| I2C     | Inter-Integrated Circuit                            |  |  |
| I/O     | Input/Output                                        |  |  |
| JBOD    | Just a Bunch Of Drives                              |  |  |
| КАТ     | Known Answer Test                                   |  |  |
| KEK     | Key Encryption Key                                  |  |  |
| LED     | Light Emitting Diode                                |  |  |
| MAC     | Message Authentication Code                         |  |  |
| NAND    | Not AND                                             |  |  |
| NIST    | National Institute of Standards and Technology      |  |  |
| NVLAP   | National Voluntary Laboratory Accreditation Program |  |  |
| POST    | Power-On Self-Test                                  |  |  |
| PSK     | Pre-Shared Key                                      |  |  |
| RAID    | Redundant Array of Independent Disks                |  |  |
| RAM     | Random Access Memory                                |  |  |

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **17** of 19

 $\hfill \ensuremath{\mathbb{C}}$  2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.

| Acronym | Definition                                |  |  |
|---------|-------------------------------------------|--|--|
| REDI    | Ruggedized Enhanced Design Implementation |  |  |
| RNG     | Random Number Generator                   |  |  |
| SATA    | Serial Advanced Technology Attachment     |  |  |
| SHA     | Secure Hash Algorithm                     |  |  |
| SHS     | Secure Hash Standard                      |  |  |
| SLC     | Single-Level Cell                         |  |  |
| SRAM    | Static Random Access Memory               |  |  |
| ТВ      | Terabyte                                  |  |  |
| TRNG    | True Random Number Generator              |  |  |
| U       | Rack Unit                                 |  |  |
| UCI     | User Control Interface                    |  |  |
| VITA    | VMEbus International Trade Association    |  |  |
| VME     | Versa Module Eurocard                     |  |  |
| VPX     | Versatile Performance Switching           |  |  |

Curtiss-Wright 3U VPX-ITB FSM Flash Storage Module

Page **18** of 19

© 2013 Curtiss-Wright Controls Defense Solutions This document may be freely reproduced and distributed whole and intact including this copyright notice.

### Prepared by: **Corsec Security, Inc.**



13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, Virginia 22033 United States of America

> Phone: +1 (703) 267-6050 Email: <u>info@corsec.com</u> <u>http://www.corsec.com</u>

