August 24, 1999 - Page 1 of 11
RedCreek Ravlin 10 Cryptographic Module Security Policy for the
Federal Information Processing Standards Publication (FIPS Pub) 140-1
1.0 Introduction
1.1 Purpose
This Cryptographic Module Security Policy is for the FIPS 140-1 Level 2 certification of the RedCreek
Ravlin 10. The Ravlin 10 is an Internet Engineering Task Force (IETF) IP Security (IPSec) Standard based
product that enables secure data communications. This security policy describes how the Ravlin 10 meets
the FIPS 140-1 Level 2 requirements and how it can be securely operated.
1.2 References
Additional information regarding the RedCreek suite of network security solutions for data
communications can be found at the http://www.redcreek.com web site.
Additional information regarding the IETF IPSec standard for encryption, authentication, key management,
and anti-replay services can be found at the http://ww.ietf.org web site.
Additional information regarding the Security Requirements for Cryptographic Modules, FIPS 140-1, can
be found at the http://csrc.nist.gov/cryptval web site.
2.0 Ravlin 10 Description
Figure 1 – Ravlin 10 Front View
The RedCreek Ravlin 10, shown in Figure 1, is a cost-effective network security solution that performs
encryption and decryption with a throughput of 10 Mbps. The Ravlin 10 provides data privacy using
industry standard 40-bit/56-bit Data Encryption Standard (DES) and 168-bit Triple DES encryption.
Authentication and access control are provided using the Digital Signature Algorithm (DSA), Secure Hash
Algorithm (SHA1), Diffie-Hellman key exchange, X.509 v.3 digital certificates, and ISAKMP/Oakley key
management. ISAKMP is defined as Internet Security Association and Key Management Protocol in the
IPSec standards. The Ravlin 10 maintains the 10 Mbps throughput through the use of the RedCreek
CryptoCore technology.
August 24, 1999 - Page 2 of 11
2.1 Cryptographic Module
The Ravlin 10 is composed of a printed circuit (PC) board in a sealed plastic case with a LCD and
membrane button front panel. The unit weight is 2 lbs. 3 oz, and the dimensions are 1.75" H x 11" D x
8.75" W. The Ravlin 10 front panel interface provides a series of menus for configuration and monitoring
the operations of the unit. The power, console and two Ethernet connector sets are mounted on the printed
circuit board, and are accessible through the back panel. A permanent printed label with the unit's unique
characteristics is attached to the bottom of the unit: the Ethernet MAC (media access control) hardware
address and the security identification number (or Security ID).
The Security ID is a representation of the unit's DSA public/private key pair. The unit's DSA X.509 v.3
digital certificate's distinguished name would be its Security ID. The RedCreek Certificate Authority (CA)
signs the digital certificate as part of the unit's manufacturing process. The unit's DSA key pair, the unit's
digital certificate, and the RedCreek CA public key are stored in flash memory. The CryptoCore is a
multi-chip implementation of a DES engine and a random number generator.
2.2 Module interfaces
The module has two 10BaseT or AUI Ethernet ports, one RS-232 console port, and one front panel
management interface. Logically, the module has the following interfaces:
Local Port
Remote Port
Configuration: Network, Front Panel, and Console
The Local and Remote Ports are for sending and receiving Ethernet packets, and serve as the unit's data
input and data output interfaces. If the received Ethernet packets are addressed specifically to the Ravlin
unit, then they are forwarded to the Network Port. Module interface Level 2 requirements permit the
sharing of the ports for data input/output and for critical security parameters. The control-input interface is
the Network Port. The Ravlin 10 front panel interface provides a series of menus for configuration and
monitoring the operations of the unit. There is a single DC power interface, and no maintenance access
interface.
Front-Panel Menu System: minimum configuration tasks can be performed through the front-panel menu
system. The main configuration tasks are performed though the RavlinNodeManager interface. The front
panel contains an LCD display with two 16-character lines. Input to the unit is accomplished by pressing
the numbered keys, the left and right arrows, and the <Menu>, <Select>, <Enter>, and <Clear> keys. { XE
"Ravlin 10:front-panel menu system" } In normal operation, the Ravlin 10 displays various operating
messages on the front-panel LCD. The information is updated every second. When the Ravlin 10 is in
menu mode, it displays the contents of the current menu location on the LCD.
After the correct password is entered, the unit is ready for configuration. Press the <Menu> key to start the
menu sequence. Press <Menu> to advance to the next menu item on the list. When you reach the last menu
item, the list starts again at the beginning. Use <3> and <4> on the Ravlin 10 keypad to advance through
the circular submenu lists and select a specific function in that group. Use <Menu> again to escape from
the menu system.
August 24, 1999 - Page 3 of 11
Note: To quickly display values, use the following front panel keys:{ XE "short-cut keys" }
Press 1 for the unit’s IP address (IP)
Press 2 for the unit’s subnet mask (Mask)
Press 3 for the unit’s Security ID (SID, also called Distinguished Name)
Press 5 for the date and time, Greenwich Mean Time (GMT)
Press 6 for the unit’s MAC address{ XE "MAC address" } (MAC)
Press 7 for the unit’s firmware version (FVer)
Press 8 for the unit’s hardware version (HVer)
Press 0 to put the display into temporary hold mode (Hold)
Press 1, 2, or 6 twice to alternate the display of the unit’s IP address, subnet mask, or MAC addresses
between the Local and Remote interfaces.
The Ravlin 10 uses a hierarchical menu system with three main menu groups:
Set Local Params—Sets the IP address, subnet mask, and password for the unit.
Get Local Params—Displays the IP address, subnet mask, security ID, Ethernet MAC address{ XE
"MAC address" }, hardware and firmware version numbers, and date/time for the local unit.
Utilities—Allows restart of the Ravlin unit and initiation of a self-test of the front panel menu.
The Ravlin 10 console interface is currently inactive. In the future, it may support a terminal type interface
with the capability to display and change the same values as the front panel menu system.
2.3 Roles and Services
RedCreek Communications manufactures the Ravlin hardware unit. The manufacturing process initializes
the unit's security parameters with specialized manufacturing firmware. The unit's public key pair is
generated in the Ravlin unit. The unit's public key is formatted into a X.509 v3 digital certificate, and
transferred to and signed by the RedCreek Certificate Authority. The unit's private key, digital certificate,
and RedCreek CA public key are stored in the unit's flash memory. The unit's real time clock, Security ID,
Ethernet MAC addresses are initialized, and the password, IP address, subnet mask, and operational mode
are assigned default values. The manufacturing firmware is then replaced with the product firmware,
which doesn't include the capability to generate new DSA public key pairs.
The Ravlin network administrator or security manager would be referred to as the Crypto Officer in FIPS
140-1 terminology. RedCreek recommends that the network administrator be responsible for receiving and
distributing the Ravlin hardware units. The network administrator would then log the incoming unit's
Security ID, set the unit's new password, and assign the unit's IP address.
The Crypto Officer would be responsible for assigning the unit's name, password, IP address, and subnet
mask, and for setting them up on the network. RedCreek recommends that the password be at least 8 digits
(0-9) in length, and can be up to 16 digits. The Crypto Officer would be responsible for setting up which
units may establish virtual private network (VPN) security associations (SA) and their modes. The Ravlin
product implements role-based authentication, as defined in FIPS 140-1, meets the Level 2 operator
authentication requirements. The current status of the module is always shown on the LCD front panel.
In IPSec terminology, a security association is established between the Ravlin hardware unit and any other
Ravlin suite or other IPSec compliant product when information traffic must be exchanged. The traffic
between the Ravlin units can be configured to be authenticated or confidential, or both. The security of the
traffic is determined by the policy data entries in each Ravlin unit, as configured by the Crypto Officer.
The Ravlin unit will only allowed the security association if the request is permitted by the configured
security policy. The policy data entries include key management information and protocol information. If
the security association were allowed, the Ravlin units would authenticate themselves and exchange session
keys using the ISAKMP protocol. Thus, the Ravlin units would be considered Users in FIPS 140-1
terminology.
August 24, 1999 - Page 4 of 11
The process of creating of a policy entry consists of three basic steps:
1. Create at least one entry in the { XE "Key Management table" }Key Management table.
Each Key Management entry is a profile that describes the kind of key to use when establishing an {
XE "SA" }SA, the type of hashing to use, and the kind of encryption to perform during the SA. An
entry in the Key Management table has no direct effect when the Ravlin unit builds an SA. It only
contains possible settings for a policy entry.
2. Create at least one entry in the { XE "Protocol table" }Protocol table.
Each Protocol Table entry is a profile that determines which IPSEC protocol to use (Authenticated
Headers, Encapsulating Security Payload, or Encryption In Place). As with Key Management table
entries, an entry in the Protocol Table has no direct effect when the Ravlin unit builds an SA. It only
contains possible settings for a policy entry.
3. Create a policy entry in the Policy table. { XE "Policy table" }
A policy entry is a specification the Ravlin unit uses to build an SA. Because the Ravlin unit can
establish and run multiple SAs simultaneously, more than one such entry may be created.
The Key Management table has two types of subcomponents:
• { XE "manual key" }Manual (to specify a pre-arranged, manual key)
• ISAKMP (for generating a session key using ISAKMP and the Diffie-Hellman algorithm).
The Manual Key Information has the following options to support entry of pre-arranged values:
Under Encryption Key:
• Inbound - The key used for decrypting IP packets received from the peer Ravlin unit
August 24, 1999 - Page 5 of 11
• Outbound - The key used for encrypting IP packets for transmission to the peer Ravlin unit
Under Authentication Key:
• Inbound - The hashing key used for authenticating IP packets received from the peer Ravlin unit.
• Outbound - The hashing key used for authenticating IP packets sent to the peer Ravlin unit.
Under SPI:
The { XE "SPI" }SPI (Security Parameter Index{ XE "Security Parameter Index" \t "See SPI" }) is
a 32-bit integer value that identifies the SA to which an IP packet belongs. This value resides in
the { XE "ESP header" }ESP header of each packet sent and received by the Ralvin unit.
• Inbound - The SPI that identifies the SA for IP packets received from the peer Ravlin unit.
• Outbound - The SPI that identifies the SA for IP packets sent to the peer Ravlin unit.
The Crypto Officer may configure the following security parameters in the protocol table for security
associations:
• While running in the { XE "AH" }{ XE "Authenticated Headers" \t "See AH" }Authentication
Headers (AH) security mode, the Ravlin unit provides integrity and authentication without
confidentiality. AH ensures proper authentication by inserting an authentication header in the
packet between the IP header and the payload. Because neither the packet's payload nor its IP
address are encrypted, AH mode is widely acceptable even where the export, import, or use of
encryption is regulated or prohibited.
While running in the AH Tunneling security mode, the Ravlin unit encapsulates the original IP
packet and attaches an AH header and a new IP header. As with normal AH mode, no encryption
takes place.
• While running in the { XE "ESP" }Encapsulated Security Payload (ESP) security mode, the
Ravlin unit encrypts the entire IP packet, authenticates it, encapsulates it, and gives it a new IP
header. When two Ravlin units establish a security association in ESP mode, the communication
link between the units is referred to as an ESP tunnel. Because ESP tunnel mode encapsulates and
August 24, 1999 - Page 6 of 11
encrypts the original IP header along with the payload, intruders cannot capture routing
information and use it to attack the system.
While running in ESP Transport security mode, the Ravlin encrypts only the payload and ESP
trailer. It does not encrypt the source IP address. Because of low overhead, ESP Transport mode
usually gives high performance.
• While running in { XE "EIP" }RedCreek Proprietary (EIP) security mode, the Ravlin unit
encrypts the IP packet's payload only, without encrypting the packet header. Because EIP
("Encryption In Place") does not require encryption of the IP header or encapsulation of the IP
packet, overhead is lower and performance enhanced.
The Control Settings configuration parameters determine how the Ravlin unit operates in the VPN
environment.
ARP Cache Cleanup
Interval{ XE "ARP Cache
Cleanup" }
Determines if the Ravlin unit performs automatic ARP
cache cleanups, and specifies the interval between such
cleanups.
Operational Mode{ XE
"operational modes" }
Specifies the default action to take when the Ravlin unit
detects an IP packet. The possible settings are:
• Pass all traffic
The Ravlin unit passes all IP traffic in the clear.
• Block all traffic
The Ravlin unit blocks all IP traffic.
• Virtual Private Network
The Ravlin unit encrypts, blocks, or passes IP
traffic according to the entries in the policy
database. { XE "IP packets" }
Inactive Client Timeout{ XE
"timeout" }{ XE "Inactive
Client Timeout" }
Determines how long the Ravlin unit waits before
terminating a security association between the Ravlin
unit and an inactive RavlinSoft client.
Password Determines the password required to access this Ravlin
unit's configuration parameters with the
RavlinNodeManager. The password consists of 2–16
digits (0 through 9). Passwords of at least 8 characters
are recommended. As you enter the password, it appears
as a sequence of asterisk (*) symbols for security. The
default password{ XE "default password" }{ XE
"password:default" } for all Ravlin units is “1234.”
2.4 Physical Security
The Ravlin 10 would be considered a multi-chip standalone module meeting Level 2 physical security
requirements. The production grade integrated circuits are assembled on a printed circuit board. The PC
board is installed into an opaque enclosure. The enclosure is sealed by gluing the back panel. Any attempt
to access the physical components would require damaging the seal, enclosure, and/or back panel.
2.5 Key Management
The unit's DSA key pair, the unit's digital certificate, and the RedCreek CA public key are stored in flash
memory. The firmware does not include the capability of generating new DSA key pairs, and thus cannot
change the unit's DSA key pair. The session keys are exchanged using the Diffie-Hellman algorithm, thus
August 24, 1999 - Page 7 of 11
they are never exposed outside the unit. The session keys are stored in DRAM, and are zeroized after
power off or rekey. The firmware does not support the exporting of any of the session keys nor of the unit's
DSA private key.
2.6 Electromagnetic Interference/Electromagnetic Compatibility
The Ravlin 10 was tested and found to be fully compliant with FCC/CISPR 22/85 Class B, EN 5022B
Class B, and EN50082-1 (1992). CKC Laboratories, Inc. performed the test, and the report number is
FB97-049 & CE97-142. Their DAR Registration Number is DAT-P-051/95-00. According to FCC Part 15
Section 15.107, paragraph (e) and Section 109, paragraph (g), these tests meet the requirements of FCC
Part 15, Subpart B, Class B.
3.0 Ravlin Operation
The Ravlin 10 and RavlinNodeManager User Guides outline the steps for the secure operation of the
Ravlin 10.
A. Install the RavlinNodeManager on a workstation in the network.
B. Install the Ravlin units on the network
C. Logically add the Ravlin units to the RavlinNodeManager
D. Establish the Key Management Table, Protocol Table, and Policy Data Entries.
E. Specify the operational parameters.
The following information may form the basis for an Appendix or Release Note regarding FIPS 140-1
Rules of Operation in addition to the standard User Guides.
3.1 Password Length
The password may consist of 2-16 digits (0 through 9). RedCreek recommends that the password be at least
8 digits in length
3.2 Manual Keys
The Encryption Key entered into the manual key field may be either a string or a hex value. If a hex value
is to be entered, then it must be preceded by “0x”. The string may be up to 24 bytes long. The Ravlin unit
will load the string, and will zero out any bytes not provided. The Crypto Officer is reminded to use all of
the available resources, and to enter quality encryption keys.
The Authentication Key entered into the manual key field may be either a string or a hex value. If a hex
value is to be entered, then it must be preceded by “0x”. The string may be up to 20 bytes long. The
Ravlin unit will load the string, and will zero out any bytes not provided. The Crypto Officer is reminded
to use all of the available resources, and to enter quality authentication keys.
The Security Parameter Index entered into the manual key field must be a 32-bit integer from 256 to
4,294,967,295.
3.3 ISAKMP Proposal Table Selection
Only FIPS approved cryptographic algorithms should be selected for FIP 140-1 operations. The FIPS
approved algorithms include DES, SHA-1, and DSA. Pre-shared key authentication mode may also be
selected.
August 24, 1999 - Page 8 of 11
3.4 AH Proposal Table Selection
Only FIPS approved cryptographic algorithms should be selected for FIP 140-1 operations. The FIPS
approved algorithm include SHA-1. Only the tunnel encapsulation should be selected for VPN security
associations between Ravlin units.
3.5 ESP Proposal Table Selection
Only FIPS approved cryptographic algorithms should be selected for FIP 140-1 operations. The FIPS
approved algorithms include DES, and SHA-1. The 3-Key Triple DES is also approved for US and
Canadian Government usage. Only the “Tunnel” encapsulation should be selected for VPN security
associations between Ravlin units. “None” is shown as an alternative for Authentication, but this should
not be selected when operating in a FIPS environment.
August 24, 1999 - Page 9 of 11
3.6 EIP Proposal Table Selection
Only FIPS approved cryptographic algorithms should be selected for FIP 140-1 operations. The FIPS
approved algorithm include DES. The 3-Key Triple DES is also approved for US and Canadian
Government usage.
3.7 Ravlin Unit Disposal
Part of the FIPS 140-1 cryptographic module security requirements is concerned with the entire life cycle
management of cryptographic keys. Even after the Ravlin unit is reset to factory defaults, the FIPS 140-1
require an implementation to zeroize all internal plaintext cryptographic keys. These internal cryptographic
keys are the unit's DSA key pair, the unit's X.509 v3 certificate, and the RedCreek Certificate Authority
August 24, 1999 - Page 10 of 11
public key. These keys cannot be used to unprotect previously protected data since the Diffie-Hellman key
exchange algorithm used provides perfectly forwarded secrecy.
In any event, the Ravlin unit should be disabled before the unit is disposed. Go to “Tools” menu, and select
“Reset Unit”. From the Reset Unit dialogue box, select “Disable Unit”. Only Ravlin units with firmware
version 3.3 or greater support the Disable Unit function. The RavlinNodeManager will only display that
Reset Unit option for the supported Ravlin units. There will be three confirmation screens since zeroizing
the Ravlin unit will completely disable unit, and the operation is not recoverable. However, the Ravlin unit
may be sent back to RedCreek Communications to be re-manufactured, for a fee.
The confirmation screens button defaults are designed to prevent accidental disabling of the unit by hitting
a series of returns or by clicking on the same spot on the screen, in case the wrong reset operation was
selected. In addition, the unit's password is separately requested before the disable command is sent along
with the entered password to the Ravlin unit.
August 24, 1999 - Page 11 of 11
If the same password is not entered, then the RavlinNodeManager will display an 'Invalid Key' dialog box.
If the request operation was successful, the RavlinNodeManager will display a 'Reset Complete' dialog box.
3.8 Power-On Self-Test (POST)
The Ravlin 10 executes a series of power-on self-tests after power is applied to the unit. If there were no
errors, then the “RedCreek Ravlin Network Security” message would briefly be displayed on the front
panel. If there were a power-on self-test failure, then the front panel would alternatively display the
“postFAIL” message and the failed test message for 10 seconds. After 10 seconds, the unit would
automatically reboot, and repeat the power-on self-tests. The corresponding failed test message would be
the following:
Power-On Self-Test Failed Test Message
FIPS Bypass Test BRAM
Test Real Time Clock RTC
Test Random Numbers RandNum
Test Crypto-Core Gate Array Crypto
(DES encrypt and decrypt)
SHA Hash Algorithm Test SHA ALG
DSA Signature Test DSA Sig
3.9 Firmware Upgrade
Ravlin units with firmware version 3.31 or greater require that all firmware downloaded be digitally signed
(DSA) by RedCreek Communications. If the firmware downloaded to the Ravlin unit is not properly
signed, the Unknown error code 319 will occur. The RedCreek DSA private key used to sign the firmware
is separate from the RedCreek Certificate Authority DSA private key used to sign Ravlin unit certificates.