Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 14 May 2003
Datacryptor ® 2000
FIPS 140-1
Cryptographic Module Security Policy
Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326, USA
Tel: + 1-888-744-4976 or + 1-954-888-6200
Fax: + 1-954-888-6211
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page i 14 May 2003
Document History
Part Number Date Description
0562a192.001 10 June 1999 Initial version
0562b192.001 14 May 2003 Company’s name and address
changed.
“Commercial in confidence”
removed from header.
Copyright banner removed from
cover page.
Photograph of DC2K with old
company name removed from
cover page.
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page ii 14 May 2003
Distribution List
Text Location
Master Copy Project log.
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page iii 14 May 2003
Contents
1 GLOSSARY........................................................................................................................................................ 1
2 RELATED DOCUMENTS ............................................................................................................................... 2
3 INTRODUCTION.............................................................................................................................................. 3
3.1 PURPOSE........................................................................................................................................................... 3
3.2 PRODUCT COMPONENTS................................................................................................................................... 3
3.3 FOR MORE INFORMATION ................................................................................................................................. 3
3.4 TERMINOLOGY ................................................................................................................................................. 3
4 DC2K PRODUCT OVERVIEW...................................................................................................................... 4
5 PRODUCT RATIONALE................................................................................................................................. 4
5.1 PRODUCT FEATURES......................................................................................................................................... 4
6 ROLES & SERVICES....................................................................................................................................... 5
6.1 CRYPTO-OFFICER ROLE AND SERVICES AVAILABLE ....................................................................................... 6
6.2 USER ROLE AND SERVICES AVAILABLE........................................................................................................... 6
7 SECURE OPERATION OF THE DC2K........................................................................................................ 6
7.1 MANAGEMENT OPTIONS .................................................................................................................................. 7
8 FIPS 140-1 MODE OF OPERATION............................................................................................................. 7
8.1 FIPS 140-1 LEVEL 3 SECURITY MODE OF OPERATION. .................................................................................. 7
9 THREATS TO THE SYSTEM......................................................................................................................... 8
9.1 OPERATIONAL VULNERABILITIES..................................................................................................................... 8
9.1.1 Commissioning of DC2K units.............................................................................................................. 8
9.1.2 Host link security................................................................................................................................... 8
9.1.3 Secure location of equipment................................................................................................................ 8
9.1.4 Encrypt Mode Only ............................................................................................................................... 8
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 1 14 May 2003
1 Glossary
3DES Triple DES
DC2K Datacryptor 2000 Link encryptor product
DEK Data Encrypting Key
DES Data Encryption Standard, a widely used SEA
FIPS Federal Information Processing Standards
ITSEC Information Technology Security Evaluation Criteria
KEK Key Encrypting Key
KV Key Variable (either a DEK or KEK)
link Communications link between two DC2K units
SEA Symmetric Encryption Algorithm
SNMP Simple Network Management Protocol
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 2 14 May 2003
2 Related Documents
FIPS 140-1 Federal Information Processing Standards Publication 140-1, 11 January 1994,
Security Requirements for Cryptographic Modules
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 3 14 May 2003
3 Introduction
3.1 Purpose
This document constitutes the security policy for the Datacryptor ® 2000 product hereafter
referred to as the DC2K. This document lays down the constraints placed on the operating
environment for The DC2K, and then makes security claims for the product, given the proviso
of conformance to the delineated environment. These claims are made as a basis for submission
to ITSEC evaluation at level E3 and FIPS140-1 evaluation at level 3.
3.2 Product components
The DC2K product is a secure encryptor supplied as a stand-alone unit. A pair of units may be
used to secure a communications link between two host computers.
This is a non-proprietary Cryptographic Module Security Policy for the Datacryptor ® 2000.
This policy was prepared as part of FIPS 140-1 certification of the DC2K. FIPS 140-1 (Federal
Information Processing Standards Publication 140-1 -- Security Requirements for
Cryptographic Modules) gives U.S. Government requirements for cryptographic modules, and
defines the Security Policy as:
"A precise specification of the security rules under which the cryptographic module must operate, including rules
derived from the security requirements of this standard, and the additional security rules imposed by the
manufacturer."
The DC2K provides extraordinary security, meeting all security requirements up to Level 3, and
several level 4 requirements. This security policy addresses how the DC2K meets these
requirements, and how it can be operated in a secure fashion.
3.3 For more information
This document describes the operations and capabilities of the DC2K in the technical terms of a
FIPS 140-1 cryptographic module security policy.
For more detailed information about the DC2K, please visit the Thales e-Security web site at
http://www.thales-esecurity.com. The web site contains non-technical descriptions of Thales e-
Security products, technical specifications, product offerings, DC2K functionality, DC2K
developer information, and more.
For more information about the FIPS 140-1 standard and validation program please visit the
NIST web site at http://csrc.nist.gov/cryptval.
For answers to technical or sales related questions please refer to the contacts listed on the
DC2K web site at http://www.thales-esecurity.com.
3.4 Terminology
In this document the Datacryptor ® 2000 is referred to as the DC2K or Datacryptor ®.
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 4 14 May 2003
4 DC2K Product Overview
The DC2K is an external stand-alone hardware component. Two DC2K units are used to
interconnect two networks or computers for secure data communication.
The DC2K encrypts the entire data stream using one of a number of available algorithms,
including among others, the Triple DES, DES, and Embattle. Automatic re-synchronization of
the cryptographic processes following transmission errors is also performed.
LAN A
LAN B
High Speed Line
Gateway
Gateway
Figure 1 – Example Local Area Network (LAN) implementation of the DC2K to
secure data transmission
5 Product rationale
The following subsections identify the security features of the DC2K unit, its purpose, intended
environment and method of use. The primary purpose of the DC2K is that of a secure encryptor
enforcing data secrecy when data is required to be transmitted from one secure location to
another via unsecured public communications networks. All identified threats within such
environments are countered either by the unit, or by security procedures that are to be
implemented by the user. The perceived threats and the proposed defenses against them are
identified below.
5.1 Product features
The DC2K product has a number of variants, including a synchronous link encryptor and a
frame relay encryptor. The user and encrypted data may be unframed or framed in accordance
with ITU-T recommendation G.704. E1/T1 interfaces are available, as are RS-232 (also known
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 5 14 May 2003
as V.24), X.21 and V.35. The unit has been designed to operate using any suitable software
based symmetric encryption algorithm (SEA).
The DC2K unit uses public key technology for key distribution and authentication of all other
unit management. The units can be commissioned with their asymmetric key pair securely
before being issued to users. Data Encryption Keys (DEKs) are generated internally by the
DC2K unit and distributed to a peer DC2K using public key cryptography.
Note: attacks against clear text data before it is passed to the DC2K are beyond the scope of this
product.
The communications link between two DC2K units is assumed to be vulnerable and it is the
role of the product to protect this zone. In encrypt mode, a unit ensures that data originating at
the host port is never transmitted in plain text. In framed modes of communication, it is possible
to assign a mode of operation to each time slot, such that each time slot may be assigned to
operate in clear, encrypt or standby mode.
The keys and SEA in a DC2K unit are protected using alarm circuitry. If the tamper alarm is
triggered, then the keys and SEA loaded in the DC2K unit is erased.
If the DC2K is faulty, as indicated by the failure of a self-test diagnostic, it will revert to its
standby mode and will not leave this mode until the fault has been rectified.
6 Roles & Services
The DC2K is configured and managed via the Element Manager. Any communication with the
DC2K from the Element Manager or from another DC2K is identity based. Signed Certificates
are used for authentication between two DC2Ks, or between a DC2K and the Element Manager.
There are two DC2K roles, Crypto-Officer and user. The Crypto-Officer role is used to
configure the DC2K via the control port, Ethernet port, or network port.
The user role is when two DC2Ks attempt to establish a secure connection with each other over
the Network port. Two DC2Ks will authenticate to one another using digital certificates (CA).
This allows the DC2K to meet the requirement for FIPS 140-1 Level 3 security.
The mechanism the DC2K uses for authentication between two or more DC2Ks are defined
below.
Identity-Based Authentication
Identity-Based authentication is implemented via Digital Certificates. During the
commissioning or administrative process of the DC2K a crypto-officer can download one or
multiple digital Certificates to the DC2K. In addition, the crypto-officer can control all
Certificate lifetimes.
Transaction Groups
Adding multiple Certificates to a DC2K would allow it to communicate with other DC2Ks that
contain at least one of the signed Certificates. This allows for one DC2K to talk with multiple
DC2Ks. The DC2K Link operating in framed mode over E1 or T1 is capable of encrypting
traffic form a different DC2K on each of its available timeslots.
The Frame Relay (multi-channel) DC2K is capable of talking with multiple DC2K over
separate channels.
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 6 14 May 2003
6.1 Crypto-Officer Role and Services Available
The only user that the DC2K Datacryptor ® Element Manager is allowed to authenticate based
on identity is the Crypto-Officer. The Crypto-Officer will have the following services available:
1. Login to the DC2K using identity based authentication.
2. Logout of the DC2K
3. Commission the DC2K with a Certificate of Authority (CA).
4. Change CA on a DC2K.
5. Adding multiple Certificates (creating a transaction group) to a DC2K
6. Enable/Disable motion and temperature alarms.
7. Install different security software modules such as DES, CA, and Diffie-Hellman parameters
on the DC2K.
8. Modify the Key Encryption Key change interval.
9. Modify the Data Encryption Key change interval.
10. Configure additional DC2Ks
11. Cloning a particular DC2K
12. Deleting a DC2K unit
13. Restoring a DC2K unit
14. Configure a DC2Ks IP address, connection method or unit name.
For detailed information on the services available to the Crypto-Officer, please refer to the
DC2K Element Manager manual.
It is possible to monitor the state of a DC2K remotely using either the Element Manager
software or SNMP software. State monitoring is a non-authenticated function of the DC2K.
6.2 User Role and Services Available.
· The user role is considered as two DC2Ks communicating with each other in a transaction
Group. Again, digital Certificates loaded into each DC2K is used as the mechanism for
identity-based authentication.
7 Secure Operation of the DC2K
The secure operation of the DC2K consists of the initial commissioning of the unit and later
administrative procedures.
Note that an identity based authentication scheme using Certificates is used whenever the
crypto-officer administers a DC2K. Identity based authentication using signed Certificates also
applies to two DC2Ks communicating with each other.
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 7 14 May 2003
7.1 Management Options
The DC2K can be managed using several methods. These methods are:
1. Datacryptor ® Element Manager- This software allows a Crypto Officer to administer the
DC2K as described in Section 6.
2. SNMP management Station – This is limited to requesting and obtaining status information
from the Datacryptor.
Note: Only one management session is allowed at any one time
8 FIPS 140-1 Mode of Operation
FIPS 140-1 mode of operation is defined as a mode in which only FIPS approved security
methods are used.
Example of FIPS approved security algorithms are:
· DES
· 3DES
· DSA
· SHA-1
· Diffie-Hellman
By default, the DC2K has the 3DES, DSA, SHA-1, and Diffie-Hellman algorithms preloaded in
the factory. In addition, the Certificate Authority is also preloaded.
Having the DC2K operate under these conditions will place the DC2K in FIPS 140-1 mode.
Note that only one encryption algorithm such as 3DES or DES can be loaded into the unit at any
one time.
8.1 FIPS 140-1 Level 3 Security Mode of Operation.
For Level 3 Security, the following must be met.
1. Use of FIPS approved security algorithms as stated previously.
2. Enabling motion detection on the DC2K
3. Enabling Diffie-Hellman Key Distribution each time the Data Encryption Keys (DEK)
changes.
NOTE
The DC2K uses the Diffie-Hellman algorithm for the Key Encryption Key (KEK) and Data
Encryption Key (DEK), Key Distribution. The KEK is used to encrypt the DEK and exchange
the DEKs that is generated at each DC2K unit. There is a DC2K option to update the KEK
with the DEK. For FIPS 140-1 mode of operation, KEK must be updated each time the DEK
is also updated. Essentially, the Diffie-Hellman algorithm is used whenever there is a DEK
Thales e-Security Datacryptor ® 2000
Datacryptor ® 2000 FIPS 140-1 Security Policy
0562b192.001 Page 8 14 May 2003
exchange between units.
9 Threats to the system
9.1 Operational Vulnerabilities
In order to provide adequate security, the unit needs to be used in association with a set of
security procedures. The following section identifies possible vulnerabilities in operation and
identifies the Security procedures used to address them.
9.1.1 Commissioning of DC2K units
While commissioning a DC2K the secret key of the Certificate Authority is at risk of disclosure.
In systems where the secret keys are pre-generated, they are at risk from point of generation to
when they are installed in the DC2K. To counter act this vulnerability, all keys should be
securely stored and transported.
9.1.2 Host link security
The DC2K is a Network security device, securing the data presented to its Host port while being
transmitted over a network connection to another DC2K. A Security Procedure should be
established to address the possibility that an attack ban be introduced between the host
application and the Host port interface of the DC2K.
The DC2K does not protect the connection between the host application and the DC2K Host
port.
9.1.3 Secure location of equipment
If the DC2K is used in a FIPS 140-1 compliant mode, the Datacryptor ® will erase keys and
algorithms if stolen, thus preventing unauthorized use.
9.1.4 Encrypt Mode Only
The DC2K can be configured to operate in Plaintext mode. If a link is required to operate in
Encrypt mode, the Crypto-Officer should ensure that he has indeed configured the link to
operate in encrypt mode.