Abstract This document provides a high level descriptio SafeNet Security Policy of the JRE SafeNet products. Also included is a description of the security services, key management system, and authorized operator roles. 1.0 IRE’s SafeNet Security System The Internet, by its nature, is an intricate and fri can also give anyone with a computer and a m eely accessed system that continues to grow at an astounding rate. Through this dem free access to connected Local Area Networks (LANs) and to company growth, it has produced a two-edged sword en provide ease of access in communicating with businesses world-wide but information. The SafeNet family of products h; government organizations on the Internet for nc The SafeNet Security System allows you to us private and Value-Added Networks. It also all to achieve the level of security necessary to personnel data and audit reports, on the networ! SafeNet is a comprehensive family of devices, u SafeNet/Dial Secure Modem — SafeNet/Dial Secure Modem are made from remote users’ | V.34 modem, supporting termi rates up to 115.2 Kbps and 28.8 Kbps on both secure and nı SafeNet/Dial is designed to pro authentication, and packet auther is available for both desk-top who already have modems, the incorporates all the security fe Modem—but without an int security barrier between a user's! protecting dial connections and user authentication, and packet and open systems. It includes po} from the keyboard port of either’ computers. SafeNet/Soft — This softw: graphic security to your pers software running on your PC user PINs and one-time pass‘ authentication packets, and encrypts incoming and outgoing information betwee: case basis. SafeNet/Soft provi Internet security. ve been developed to meet the computer security needs of corporations and yw and beyond the year 2000. the Internet for your most sensitive business communications, in place of ws users of private TCP/IP networks, most of which have Internet connections, sact sensitive business, including customer information, business plans, without use of dedicated, private lines. which are easy to use and manage, consisting of: portable, pocket-sized tects dial connections that tions. It includes an internal n-secure systems. The ide data encryption, user tiation security services. It notebook applications. modem. It establishes a PC and an external modem, providing data encryption, ntication on both secure cords that draw power notebook or desk-top product adds crypto- nal computer. Using drive, it processes ords, produces secure sites on a case-by- des you with the basics of m SafeNet/Smartcard - A step SafeNet/Smartcard product in and software programs that ru computer. The smartcard rs an additional level of input for authorized use. Safel to provide the same data enc! authentication, and packet aut SafeNet remote access produ SafeNet/LAN VPN Encrypt protects direct LAN to Interne encryption technology and pa combined with firewall filteri Virtual Private Network (VPI firewall products, because the up from SafeNet/Soft, the ludes a smartcard reader on your personal let/Smartcard continues ption, user entication as IRE’s other r- The SafeNet/LAN t connections using ket authentication g techniques, creating a ). Unlike conventional SafeNet/LAN is a self-contained, non-reprogrammable unit that responds only to encrypted and authenti commands, it cannot be succe network. SafeNet/Firewall — The Safe] exceeds industry standards for SafeNet/Firewall protects lar; combining a Pentium proxy Encryptor hardware. SafeNet/Security Center — T workstation is the heart of the providing central managemen! The SafeNet/Security Center management, registrations, u: Personal Identification Numb event auditing, alarm reports, including parameter download manage one or more SafeNe to support a broad range of si on multiple networks using a management technologies. cated management sfully attacked from the let/ Firewall product firewall technology. The area networks, rver firewall with VPN his Pentium-based SafeNet Security System, for all SafeNet products. forms key r and device enrollment, r (PIN) management, and network management ls. The S/SC can remotely irewalls. It is designed urity products operating ombination of key SafeNet Trusted Services Ci Services provides security ex, management. Using SafeNet/ above) that are housed in sec! Trust can be contracted to pr clients’ SafeNet products. A typical SafeNet Security System configurati rp — SafeNet Trusted rtise in VPN security Centers (see re facilities, SafeNet vide key management for n is shown in Figure 1-1. Customer (Ethernet) LAN Internet (TCP/IP) Smartcard SafeNet/ Security Center a Figure 1-L. Typical SafeNet Security System Configuration 2.0 Comprehensive Security Services To address threats to data communications, /RE’s SafeNet products broadly apply cryptography to authenticate users, keep data private, strengthen firewall functions, authenticate packets, and prevent spoofing. Once SafeNet products are configured, security services are virtually transparent to the user, the applications, and the Internet. Note that while the security services described in this section are the primary features of the SafeNet products, an overview of all of the available services is contained in section 4 of this document. The SafeNet family of products provide: m Data Encryption. Encryption, implemented] in a standards-compliant fashion, protects the privacy of sensitive transmitted data by scrambling and rendering the data unreadable. It assures that data cannot be viewed or meaningfully altered by monitoring devices on the network. m User Authentication. Remote users are authenticated using a complex, “one-time” password that is generated for each communication session from their Personal Identification Number (PIN). This prevents unauthorized access by hackers with stolen passwords. Remote encryption devices (SafeNet/Dial, SafeNet/Dial-R, SafeNet/Soft, or SafeNet/Smartcard) generate the password; SafeNet/Security Center authenticates the remote user. © Packet Authentication. Cryptographic authentication of header, counter, and encrypted information on all secure packets prevents hacker attacks using IP address header spoofing. m Address and Socket Filtering. If permitted by your organizational security policy, address and socket filtering allow you to manage access by unsecured locations. w Tunnel Processing. Tunnel processing pertains to the recognition of private IP addresses behind a publicly-addressed firewall in a Virtual Private Network (VPN) environment. Tunnel processing features within the SafeNet products permit the . encrypted transfer and conversion of the pri the firewall. Each of these are discussed further in the follo 2.1 Data Encryption Encryption for the SafeNet System is introduc compatible with TCP/IP protocol. The encrypti decryption—all of which are accomplished wit] Prior to transmission, data is encrypted (scr; number (depending upon the key managem During transmission, data is completely me: At the receiving end of communication, dat same key as used by the sender; public key Access to an encrypted network may occur onl; SafeNet/Dial, and is explicitly authorized at the 2.1.1 The Data Encryption Standard (DES) The mathematical algorithm which IRE uses to Standard (DES). DES is the preferred encrypti standard, originally developed by IBM and theı in commercial and sensitive-unclassified government applications. DES is approved to export for use in financial applications and by U.S. corporations and their subsidiaries, 2.1.2 The ATLAS Algorithm IRE’s SafeNet products optionally employ the proprietary algorithm. Like DES, ATLAS reli ATLAS devices employ a Master Key of 40 bit non-financial type applications including co 2.2 User Authentication IRE’s SafeNet Security System performs user assures that only authorized individuals are pe: two-part: you are the sole user of the authorizs Identification Number (PIN). Similar to banki: the communication session. After that, the sect The process of user authentication begins whet or SafeNet/Smartcard) accesses the SafeNet P| The SafeNet remote device sends a message t SafeNet/LAN to the SafeNet/Security Center (| they are to perform user authentication. If so, encryptor. The remote encryptor performs a calculation under the secret User Key. This creates a one- If the two results match, the user is confirmed transforms a user’s PIN into a new random pas one time so that, even if a hacker captures it, it 2.3 Packet Authentication ate IP addresses to enable messages to be delivered to the proper party behind ing sections. id at the packet level, so that data flows across complex networks and is fully ion process includes three basic steps—encryption, transmission, and out any user action. bled) by performing a mathematical calculation using a secret or private nt techniques employed) called a key. ingless to any viewer. is decrypted by performing another calculation. Secret key techniques use the chniques use a public/private key combination. if the remote location has an authorized remote product, such as the SafeNet/Security Center. implement encryption is set forth in ANSI standard X3.92, the Data Encryption n algorithm for private industry and government applications. This is a national n certified by the National Institute of Standards and Technology (NIST) for use TLAS algorithm for data encryption. The ATLAS algorithm is an {RE 's on individual private keys to protect data from unauthorized decryption. . ATLAS is approved by the U.S. Government to export for use in ercial and government. uthentication in accordance with ANSI Standard X9.26. User authentication itted to access the secured destination. The basis of user authentication is remote product, and you are the only one who knows your Personal g with an Automated Teller Machine, you must enter your PIN at the beginning of re session automatically and transparently takes place. the user of the remote encryptor (SafeNet/Dial, SafeNet/Dial-R, SafeNet/Soft, Entry Program, enters a PIN, and places a call to the Internet access server. a SafeNet/LAN to begin security services. This message is relayed by the /SC). The S/SC verifies that the products are enrolled in its database and that e S/SC issues a random number that is used as a challenge to the remote the random number challenge and the user-entered PIN, encrypting the result ime password that is sent to the S/SC. The S/SC performs the same calculation. to be authorized. This powerful form of password protection automatically ssword for each communication session. In this way the password is used only is immediately obsolete. Packet Authentication assures that the content applications, each TCP/IP packet represents a s add a “security header.” This protects the data DES encryption. The receiving SafeNet encryp} this cryptographic protection, intruders cannot f a message has been unaltered in transmission across a network. In Internet eparate “message.” To each encrypted packet, SafeNet products automatically ind contains a security Message Authentication Code (MAC), calculated using ‘or validates the MAC to make sure the data has not been altered. Because of “spoof” IP addresses and gain access to resources attached to the Internet or the private TCP/IP network, a common form of attack. Socket services and user data are also protected against alteration. 2.4 Address Filtering Filtering allows SafeNet products to be config: products can be set up to support only secure cı upon the network address and Internet service 2.5 Tunnel Processing Tunnel processing may be required for a Safe! red to support your organization’s security policy and application. SafeNet mmunication or a combination of secure and unsecured transmissions based et for your system. t encryptor that is in a private network or behind a firewall to communicate le outside the VPN. In these environments the al or VPN has a known, public IP address, but the IP addresses of the devices protected by it are anonymous. Tunnel process through a separate process in order to be recei' 3.0 Key Management The SafeNet product family supports ANSI X9. Recognizing the current evolution in key mana; ing encrypts the private IP addresses for transport and then deciphers them ed by the proper party. .17 secret key management as required by banking and government sement standards and organizational requirements, /RE has engineered the standards.Central to this key management mg is the SafeNet/Security Center, which acts as a Key Distribution Center. products with an upgrade path from secret key Key Management in IRE’s SafeNet product lint m Each communication session is encrypted uj (RAM) at call termination or key expiration. Keys cannot be read out of key storage onc: Each remote device stores a unique key (M: an encrypted identification for a device and Master Keys can be automatically-generate: Session Keys are never exchanged in clear 3.1 Key Types Within the SafeNet Security System there are generation or manually as specified by ANSI and management. The key exchange process operates na x to certificate-based, public key management. conforms to the basic principles of cryptographic protection: der a new randomly-generated key that is erased from Random Access Memory installed in a security device. ter Key) and deviceserial number in non-volatile memory. This key serves as allows Security Officers to deny access to the network for a specific device. random numbers. text, but only safely encrypted under another key. ig to ANSI Standard X9.17. ee types of electronic keys that can be changed through either random .17. These encryption keys are used for secure key delivery, exchange, storage The three levels of keys are Storage Key, Master Key and Session Key. These keys are defined as follows: = Storage Key - KMO SafeNet/Security Center. KMO is used to with ANSI X9.17, the Storage Key must that is within the S/SC. m Master Key-KK A manually-delivered DES key used to eı communications with each other. Master throughout the network. The Master Keys KMO. Session Key - KD An electronically-generated and delivered A manually-entered or MO at DES key used to encrypt Master Keys stored electronically in the ncrypt/decrypt Master Keys and other critical security parameters. In accordance changed manually. KMO is stored in the cryptographic module (24J board) Typt and decrypt Session Keys exchanged between devices establishing ni Keys are located within a tamper-proof enclosure at individual devices for all devices are also stored in the S/SC after being DES encrypted under DES key used to encrypt/decrypt or authenticate user data during communications sessions. The S/SC, acting as a Key Distribution Center, automatically generates and delivers (in accordance with ANSI X9.17) a new Session Key for each communication session between SafeNet encryptor pairs. 3.2 Key Distribution As the Key Distribution Center, the S/SC is the fundamental component in the generation, storage, and distribution of both Master Keys and Session Keys. Master Keys Keys are used to encrypt/decrypt the Session re generated and manually distributed for each SafeNet encryptor. The Master ys which are distributed electronically in accordance with ANSI X9.17. All data exchanged during a secure session between two devices is encrypted and authenticated by a Session Key. The Master Key for each SafeNet encryptor is device is generated, it is DES encrypted under encrypted under a configuration PIN and writt enerated (manually or randomly) by the S/SC. Once the Master Key for a (0 and stored at the S/SC in a database. The Master Key is also DES n to a configuration smartcard (or diskette for SafeNet/Soft). The configuration smartcard and associated PIN are manually distributed (separately) to the Security Officer responsible for configuring the SafeNet encryptor. At the remote encryptor, the Security Officer inserts the smartcard into the encryptor and runs a configuration utility which prompts for the P| smartcard, decrypts the Master Key, and write: Distribution of Session Keys is performed by t encryptors, it generates a random Session Key Keys are encrypted separately by the Master Kt Keys are then sent electronically to the two Sai Keys. The Session Key is then used by each d communications session. 3.3 Key Storage . If the PIN is verified to be correct, the device reads the configuration it to its non-volatile memory. ¢ S/SC. When the S/SC receives a key request from an authorized pair of for data encryption and authentication. As described in ANSI X9.17, Session y of both the requesting device and the peer device. The encrypted Session Net encryptors. Each encryptor uses its own Master Key to decrypt the Session ‚vice to encrypt/decrypt and authenticate all data being exchanged in the secure The Storage Key (KMO) is only resident in the|S/SC. The key is stored in a separate tamper-proof cryptographic board which is installed in the S/SC workstation. Once entered, the value of KMO cannot be displayed by the Security Officer operating the SISC. Encryptor Master Keys are stored in both the S/SC and the individual encryptors. At the S/SC, each device Master Key is DES encrypted under KMO and stored in a database indexed by the device serial number. Once entered, the Master Keys cannot be displayed by the Security Officer operating the S/SC. Once the Master Key has been loaded into the encryptor, it is stored in non-volatile memory. The Master Key is used the device operator. Session Keys are randomly generated by the S, not retain the Session Keys once they are dis: decrypted with the device’s Master Key. Eac! session is terminated or the key expires, at whil 3.4 User Authentication Keys The S/SC generates User Keys in support of Al the User Keys can be generated manually or r: KM0 and stored in an S/SC database. The Us: SafeNet/Soft). The user authentication smartc; encryptor user. As described in Section 2.2, t part of the ANSI X9.26 User Authentication pt 4.0 Roles and Services internally by the encryptor and cannot be read out of the device nor displayed to SC and then electronically distributed to the encryption devices. The S/SC does buted. The encrypted Session Keys are received by the devices and then Session Key is stored in RAM within the encryptor until the communications h time the Session Key is erased. SI X9.26 User Authentication procedures. Similar to encryptor Master Keys, indomly by the S/SC. Once the User Key is generated, it is DES encrypted under t Key is also written to a user authentication smartcard (or diskette for d and associated user PIN are manually distributed (separately) to the remote je random challenge - user PIN combination is encrypted under the User Key as ‘ocess. A secure network with the latest technology is pnly effective if the security policies and procedures are enforced. An integral part of the development of a company-specific|security policy is the definition of the operator roles and the authorized services provided by the encryption devices. JRE SafeNet products have been developed with specific roles and services defined to allow easy incorporation into a company-specific security policy. 4.1 SafeNet/Security Center The SafeNet/Security Center is the heart of the SafeNet Security System, providing central management for all SafeNet products. The SafeNet/Security Center performs key management, registrations, user and device enrollment, Personal Identification Number (PIN) management, event auditing, alarm reports, and network management including parameter downloads. The S/SC can remotely manage one or more SafeNet/Firewalls. Serious consideration must be used in setting up user access to the S/SC. It is important that the individuals provided access to this system are trustworthy, since the information they have access to, in varying degrees, can affect the credibility of the entire secure network. There are six levels of access privileges defined in the S/SC—from the Security Administrator with access to all areas of the workstation, to the Maintenance personnel with limited access to only the backup and archive features. The six distinct levels of access to the S/SC are sui ized below. m Security Administrator This is the highest level of access available to users of the system. This level is capable of establishing access levels for security personnel, modifying critical configuration settings, authorizing network devices, administering access controls, setup of the event log backups, reviewing and clearing alert messages as well as accessing diagnostic messages. = System Administrator The System Administrator has essentially the same capabilities of the Security Administrator, with the exception of revising critical configurations, and can only view the listing of all security personnel. The System Administrator is capable of viewing and modifying network databases; modifying related configuration settings; backing up and restoring all databases; maintaining access control; backing up, archiving, clearing, and viewing the Event Log; acknowledging alerts; and viewing diagnostic messages. mw Network Administrator At the third highest level, the Network Administrator may view and modify network databases, view configuration settings, view Security Officer access; administer backup databases, access control and S/SC sites; archive and view the Event Log, acknowledge alerts, and view diagnostic messages. w Network Monitor The Network Monitor level is provided to personnel who will routinely operate the system, viewing diagnostics, acknowledging alerts, and backing up the databases. m Event Monitor Event monitors are only capable of viewing the Event Log. = Maintenance This level is used in situations where employees other than the security personnel and administrators would be backing up the S/SC computer databases, as well as archiving and backing up the Event Log. 4.2 SafeNet Encryption Devices Services provided by the encryption devices can be broken into two categories: services that involve the transfer of data and services related to operation of the encryptor. |Services included in the data transfer category are secure data, bypass data, discard data, and user authentication. The encryptor configuration, self-test, and status indication services are all related to operation of the encryptor. While all these seryices are provided by the encryptors, the primary purpose of the devices is the transfer of secure data. As such, Section 2 of this document describes in detail the elements that make up the secure data service: data encryption, user authentication, packet authentication, address and socket filtering, and tunnel processing. The remote encryptors support four different roles: security officer, user with authentication, user without authentication, and remote manager. The S/LAN encryptor supports the security officer and remote manager roles. A summary of the different roles follows. m Security Officer The security officer is responsible for configuring the encryptor. This can be done using a smartcard and associated PIN, or through the local interface. x a User With Authentication There are two different user roles that are si requires the user to enter an alphanumeric provided. User Without Authentication The second user role does not require identi pported by the remote encryptors. The first role, user with authentication, 'IN (password) and smartcard for authentication before secure data services are ity-based authentication before authorized services are provided to the operator. This role is used by remote encryptor operators when they transfer data with a peer device that does not require user authentication for access. Remote Manager The remote manager role is filled by the Sa key management. The S/SC is capable of 1 . There is no maintenance role authorized for thı configuration parameters may provide assistan not resolved, the encryptor must be returned to Appendix A: SafeNet/LAN Tamper Evidence encryptor is enclosed in a physically secure c: feNet/Security Center (S/SC). The S/SC provides configuration downloads and venting the devices from performing secure communications. SafeNet encryptors. A Security Officer with access to the encryptor e with troubleshooting. If, after contacting /RE Client Support, the problem is the manufacturing facility for repair. , the rear panel can be removed. Under normal conditions removal of the rear One of the many benefits of the SafeNet/LAN nt is its high level of physical security. Although the SafeNe/LAN panel will result in zeroization of the critical with in an attempt to circumvent its physical se be checked for tamper evidence: m= Whether the paint on the case (especially t attempt to penetrate the enclosure. Whether the silicone coating on the switch Whether the metal cup on the inside of the the switch when the module is closed. urity parameters. Whenever it is suspected that the S/LAN has been tampered curity features (i.e. the SafeNet/LAN is in an alarm state), the following should je rear panel) has been scratched or shows similar signs of an unauthorized is present and intact (without any large holes). rear panel is present and intact so that there will be no gap between the panel and The paint can be visually inspected without opening the device. The other two areas may be checked by opening the rear panel and removing the S/LAN cover. If the silicon¢ coating and the metal cup have not been tampered with, then the S/LAN can be safely reconfigured. Otherwise, the silicone ci S/LAN. ating and the metal cup should be properly fixed before reconfiguring the