FIPS 140-2 Non-Proprietary Security Policy Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Author: Robert Davidson Date: October 14, 2022 Document Issue: 1.3 This document may be copied without the author’s permission, provided that it is copied in its entirety without any modification. Apricorn is a trademark or a registered trademark of Apricorn in certain countries. All Apricorn product names and logos are trademarks or registered trademarks of Apricorn in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 2 of 22 Table of Contents 1. References................................................................................................................. 3 2. Target Audience ........................................................................................................ 3 3. Introduction ............................................................................................................... 4 3.1 Purpose of the Security Policy.............................................................................................. 4 3.2 Cryptographic Module Description ...................................................................................... 4 4. Security Levels.......................................................................................................... 8 5. Interfaces and Ports.................................................................................................. 8 6. Cryptographic Key and CSP Management.............................................................. 9 6.1 AES Master Key ................................................................................................................... 9 6.2 PIN Access Codes................................................................................................................. 9 6.3 Random Number Generation ................................................................................................ 9 6.4 EC DH Key Establishment ................................................................................................. 10 7. Identification and Authentication Policy ............................................................... 10 7.1 Roles ................................................................................................................................... 10 7.2 Authentication..................................................................................................................... 11 8. Access Control Policy ............................................................................................ 12 9. Self-Tests................................................................................................................. 14 10. Physical Security Policy....................................................................................... 15 11. Regulatory Compliance ........................................................................................ 15 12. Security Rules ....................................................................................................... 16 12.1 Initialization Period of the Cryptographic Module........................................................... 16 12.2 FIPS Approved Mode ....................................................................................................... 17 13. Mitigation of Other Attacks Policy....................................................................... 19 14. Acronyms............................................................................................................... 19 Appendix A. Critical Security Parameters................................................................. 20 Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 3 of 22 Revision History Version 1.0 Initial Public Release Version 1.1 Update Table 4 and section 12.2 Version 1.2 Update Entropy naming convention Version 1.3 Updated HW and FW revisions with other general updates Table 1 – Revision History 1. References Author Title NIST FIPS PUB 140-2: Security Requirements for Cryptographic Modules, December, 2002 NIST Derived Test Requirements for FIPS PUB 140-2, January, 2011 NIST Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program, August 16, 2019 NIST FIPS 197 NIST FIPS 180-4 NIST SP800-90B NIST SP800-38E NIST SP800-56Ar3 NIST SP800-133 Revision 2 NIST SP800-56Cr2 NIST SP800-90A Table 2 - References 2. Target Audience • NIST, CCCS, Accredited Laboratory and the FIPS 140-2 Validation Group • Developers Working on the Release • Product Verification • Documentation • Product and Development Managers • Security Assurance • Administrator and General User Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 4 of 22 3. Introduction This security policy document contains a description of the Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module (also referred to herein as the cryptographic module, or simply the module). This document contains a specification of the security rules under which the module must operate as derived from the requirements of FIPS 140-2. 3.1 Purpose of the Security Policy There are three major reasons that this security policy is defined for, and must be followed by, the cryptographic module: • This document is required for FIPS 140-2 validation. • This document allows individuals and organizations to determine whether the cryptographic module, as implemented, satisfies the stated security policy. • This document describes the capabilities, protection, and access rights provided by the cryptographic module, allowing individuals and organizations to determine whether it will meet their security requirements. 3.2 Cryptographic Module Description The Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Modules are multi-chip standalone cryptographic modules. Specifically, the modules are USB 3.1 to Data Storage Memory Modules which implement hardware encryption dependent on operator authentication. The modules provide secure encrypted (AES-XTS 256) storage, ensuring that only authorized operators have access to the protected data. Access is granted by use of an embedded alpha-numeric keypad whereby the authorized operator inputs a personal identification number (PIN) to access and unlock the secured data. Three (3) LEDs, each a different color, indicate the module status during authentication and operation. Electronic components containing all critical security parameters (CSPs) are encapsulated within a hard, opaque, tamper-evident, production-grade epoxy. The modules also incorporate a strong, tamper-resistant, non-removable, hard metal enclosure that defines the cryptographic boundary. This software-free, embedded authentication approach allows the modules to work with any mass storage compliant operating system whether it has a keyboard or not, and never shares any CSPs with the host. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 5 of 22 The cryptographic modules are designed to meet FIPS 140-2 Level 3 cryptographic module requirements for the storage of user credentials and file systems. The modules will only operate in the “FIPS Approved” mode of operation. They must be configured according to the initial setup instructions in Section 12.1 before being operational. A non-Approved FIPS mode is not supported. The Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Modules (Figure 1 and 2 below), represents the physical boundary of the devices and the cryptographic boundary as outlined by the red marking. Figure 1 Figure 2 Figure 1- Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Figure 2 - Aegis Secure Key 3NXC Cryptographic Module Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Firmware Version 2.0 Hardware Version Rev A Part Numbers ASK3Z-16GB ASK3Z-32GB ASK3Z-64GB ASK3Z-128GB ASK3-NX-2GB ASK3-NX-4GB ASK3-NX-8GB ASK3-NX-16GB ASK3-NX-32GB ASK3-NX-64GB ASK3-NX-128GB ASK3-NX-256GB ASK3-NXC-4GB ASK3-NXC-8GB ASK3-NXC-16GB ASK3-NXC-32GB ASK3-NXC-64GB ASK3-NXC-128GB ASK3-NXC-256GB Table 3 – Cryptographic Module Versions Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 6 of 22 List of all Approved Security Functions: The cryptographic modules offer FIPS Approved cryptographic security functions including the following: CAVP Cert. Algorithm Standard Mode / Method Key Lengths, Curves or Moduli Use A1909 AES SP 800-38E XTS 256-bits Data Encryption / Decryption Note: This mode is only approved for storage applications. A1909 AES SP 800-38A ECB 256-bits Data Encryption / Decryption Note: This is only a pre-requisite to AES-XTS. C967 AES SP 800-38A CBC 256-bits Data Decryption Vendor Affirmed CKG SP 800-133 Rev 2 Non-modified output Key Generation Sections 5.2 Key Pairs for Key Establishment, 6.1 “Direct Generation” of Symmetric Keys, 6.2.1 Symmetric Keys Generated Using Key-Agreement Schemes C1032 DRBG SP 800-90A Revision 1 HASH_Based DRBG (SHA-256) Security strength is 256 bits Deterministic Random Bit Generation C1033 ECDSA FIPS 186-4 PKG, PKV P-256 Prerequisite to KAS ENT (P) ENT (P) SP 800-90B Seeding for the HASH DRBG with 128 bits of security. A 1024-bit seed is used. A1913 KAS-SSC SP 800-56Ar3 ECC P-256 Key Agreement A1913 KDA SP 800-56Cr2 One Step KDF 256-bits Key Agreement C1029 SHS FIPS 180-4 SHA-256 Message Digest Table 4 – List of All Approved Security Functions Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 7 of 22 Figure 3 – Aegis Secure Key 3z and Aegis Secure Key NX Cryptographic Module Block Diagram Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 8 of 22 4. Security Levels The cryptographic modules meet an overall security of FIPS 140-2 Level 3. The FIPS 140-2 specification defines security requirements that are grouped into Security Requirement Areas. These areas are tested individually for a specific level of achievement. The table below defines the targeted level in each section for the module. FIPS 140-2 Security Requirement Target Level Cryptographic Module Specification Level 3 Cryptographic Module Ports and Interfaces Level 3 Roles, Services and Authentication Level 3 Finite State Model Level 3 Physical Security Level 3 Operational Environment N/A Cryptographic Key Management Level 3 EMI/EMC Level 3 Self-Tests Level 3 Design Assurance Level 3 Mitigation of Other Attacks N/A Table5 – FIPS Security Levels 5. Interfaces and Ports There are three physical ports on the cryptographic modules: a Super Speed Universal Serial Bus (USB 3.1), a Keypad Input, and signals to drive three external status LEDs. Physical Port Description Logical Interface Super Speed Universal Serial Bus (USB 3.1) Super Speed Universal Serial Bus Signals (USB 3.1) Data Input/ Data Output/ Power/ Control Input/ Status Output Keypad Keypad Input Data Input/ Control Input (manual controls) LEDs output (Red, Blue, Green) Output LEDs Status Output Table 6 – Interfaces and Ports Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 9 of 22 6. Cryptographic Key and CSP Management 6.1 AES Master Key The cryptographic modules use an AES Master Key (an AES-XTS 256-bit key) to encrypt/decrypt protected data. The AES-XTS 256-bit key is generated using the FIPS Approved deterministic random bit generator. 6.2 PIN Access Codes On the cryptographic module, each personal identification number (PIN) has a minimum of seven (7) digits and maximum of sixteen digits. The module supports one Admin PIN, one User PIN, one Self-Destruct PIN, and four Recovery PINs. The Admin PIN is used by the cryptographic officer to administer the device or access the storage area. The User PIN is used to access the storage area. The Recovery PIN is used to create a new User PIN that will overwrite the current User PIN. The Self-Destruct PIN zeroizes all PINs and the AES Master key, then resets to a new AES Master key and new Admin PIN. 6.3 Random Number Generation The cryptographic modules contain a non-deterministic hardware random number generator (ENT (P)) that uses an internal, unpredictable physical source of entropy that is outside of human control. Random numbers generated by the ENT (P) are used as seeding values for the FIPS Approved Deterministic Random Bit Generator. The HASH DRBG Internal State (V and C) is the DRBG’s working state. The HASH DRBG Seed is used to seed the DRBG. The seed is 1024 bits and includes the Entropy Input and Nonce. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 10 of 22 6.4 EC DH Key Establishment AES-CBC Decryption Key (AES-256) is used to decrypt the data sent from the host. ECDH Public Key (P-256) is the module’s SP 800-56Ar3 public key component and is used to create secure communication with the host. ECDH Private Key (P-256) is the module’s SP 800-56Ar3 private key component and is used to create secure communication with the host. ECDH Shared Secret "Z" is generated using SP 800-56Ar3 and is fed into the SP 800-56Cr2 key derivation function to create the AES-CBC Decryption Key. Host ECDH Public Key (P-256) is the host PC’s SP 800-56Ar3 public key component and is used to create secure communication with the module. 7. Identification and Authentication Policy 7.1 Roles The cryptographic modules perform identity-based authentication via verification of the PIN code for the Administrator role and General User role. Alternatively, the Administrator role may authenticate using the Configurator service, which utilizes EC Diffie-Hellman. The individual that takes physical possession of the module and initializes the PIN for the first time is the Administrator. The first-time user of the Configurator tool is also considered the Administrator. The Administrator role is the Cryptographic Officer role as defined in the FIPS 140-2 standard. The Administrator role is responsible for the overall security of the module. The Administrator can change his/her own personal identification number (PIN) and can access all the data stored within the device, set or modify all device settings, as well as add and erase a General User. The General User role is the User role as defined in the FIPS 140-2 standard. The General User role has limited privileges and access to limited services of the module. The General User can change his/her own personal identification number (PIN) and access all the data stored within the storage device. The cryptographic module supports up to two (2) authenticated operators; at least one authenticated operator will be an Administrator. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 11 of 22 7.2 Authentication The cryptographic modules require a minimum of seven (7) digits and maximum of sixteen (16) digits for a personal identification number (PIN). When the module is powered on, it will allow a maximum of ten (10) attempts to correctly enter the PIN code. The individual that takes physical possession of the module, or uses the Configurator service, and initializes the PIN for the first time is the Administrator. Upon a total of ten (10) consecutive failed authentication attempts (as described above), the module will lock the keypad and require a pre-defined command sequence to be entered to allow the Administrator or General User another ten (10) attempts at entering the correct PIN code depending on the settings controlled by the Administrator when the device is setup. Brute Force setting is programmable between 4 - 20 consecutive failed attempts. If the module does not receive the correct PIN code within the maximum of twenty (20) attempts (described above), all critical security parameters will be actively zeroized. In such case any encrypted data remaining on the external storage device(s) will be useless (unrecoverable). Role Type of Authentication Authentication Data Administrator (Cryptographic Officer) Identity-based Personal Identification Number (PIN) Identity-based EC Diffie-Hellman (Configurator Service) General User (User) Identity-based Personal Identification Number (PIN) Table 7 - Roles and Required Authentication Authentication Mechanism Strength of Mechanism PIN code verification A minimum seven-digit PIN is used, with each digit selected from ten (10) possible characters. There are 10^7 (ten million) possible PIN combinations. Therefore, the probability of a random attempt to authenticate to the module is 1/10,000,000 which is much less than 1/1,000,000. The probability of multiple consecutive attempts to authenticate to the module during a one-minute period is 20/10,000,000 which is much less than 1/100,000. EC Diffie-Hellman Since EC Diffie-Hellman with P-256 is used, the probability that a random attempt to authenticate to the module is 1/(2^128) which is much less than 1/1,000,000. One authentication attempt is allowed before a User reset must be performed which takes approximately 30 seconds to complete the procedure, therefore there could be ~2 attempts per minute. Given this, the probability of multiple consecutive attempts to authenticate to the module during a one-minute period is 2/(2^128) which is much less than 1/100,000. Table 8 – Strengths of Authentication Mechanisms Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 12 of 22 8. Access Control Policy The cryptographic modules support two roles: Administrator and General User. The types of services corresponding to each of the supported roles are described below. Administrator General User Unauthenticated Service Description X X Login/Unlock Authenticates the operator to the module. X X Logout/Lock De-authenticates the operator and locks the module. X* X Write Data Receives plaintext data from the host and AES XTS encrypt the data to internal storage. X* X Read Data AES XTS decrypts data from internal storage and output plaintext data to the host. X* X Establish User PIN Establishes a User PIN if to create a general user role. X X Change PIN Updates the PIN. X* Set Self-Destruct Enables the self-destruct feature. X* X Set Self-Destruct PIN Prepares the module for duress event. X X Self-Destruct Reinitializes the module. X Delete All User PINs Overwrites and supersedes all PINs. X* Set Unattended Auto Lock Sets idle timeout value in minutes. X* X Set Read Only When set, does not allow writing of data to the storage. If the Admin sets the device to read only, the user is prevented from overriding this setting. X* Set Lock Override Sets the device to ignore re-enumeration over the USB bus. X* Create Recovery PINs Admin sets a PIN used to create a recovery PIN. X X Use Recovery PIN Creates a new User PIN after using the recovery PIN. X* Setup Forced Enrollment Admin sets the drive to require a PIN setup on the next use. X* Set Minimum PIN Length Admin setting for minimum digit length of PINs. X* Set LED Flicker LED to flash when buttons are pressed. X* Configurator Sends configuration data to device. X X X Run Diagnostic Mode Verifies proper keypad function and check firmware version. X* Set Brute Force Attempts Sets the number of tries before the drive will lock. X X X Self-Test Performs required power-up self-tests. X X X Self-Test (On-Demand) Performs on-demand self-tests. X X X Get Status Status outputs. X X X User Reset (FIPS Zeroize) Resets the module and zeroize all CSPs. X Provision Lock Allows a User Reset (FIPS Zeroize) to be performed by the Administrator only. X* Format Storage as FD or RM Formats the storage as fixed disks or removable media *Note: This Admin service can also be performed via the EC Diffie-Hellman authentication scheme. Table 9 – Roles and Services Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 13 of 22 The table below shows the how CSPs and Public Keys are accessed by the module’s services. The modes of access shown in the table are defined as: • G = Generate: The service generates or derives the CSP. • I = Input: The service inputs the CSP from outside of the module. • O = Output: The service outputs the CSP to outside of the module. • E = Execute: The service uses the CSP. • S = Store: The service stores the CSP persistently. • Z = Zeroize: The service zeroizes the CSP. Service AES Master Key User PIN Admin PIN Recovery PIN Self-Destruct PIN HASH DRBG Internal State HASH DRBG Seed and Entropy Input AES-CBC Decryption Key ECDH Public Key ECDH Private Key ECDH Shared Secret "Z" Host ECDH Public Key SP 800-56Cr2 KDF Internal State Login/Unlock E IE IE - - - - - - - - - - Logout/Lock - - - - - - - - - - - - - Write Data E - - - - - - - - - - - - Read Data E - - - - - - - - - - - - Establish User PIN - IGES IGES - - - - - - - - - - Change PIN - ZIGES ZIGES - - - - - - - - - - Set Self-Destruct - - - - Z - - - - - - - - Set Self-Destruct PIN - - - - IGES - - - - - - - - Self-Destruct ZGES Z ZGS Z ZIE - - - - - - - - Delete All User PINs - Z - Z Z - - - - - - - - Set Unattended Auto lock - - - - - - - - - - - - - Set Read Only - - - - - - - - - - - - - Set Lock Override - - - - - - - - - - - - - Create Recovery PINs - - - IGS - - - - - - - - - Use Recovery PIN - ZIGS - IEZ - - - - - - - - - Setup Forced Enrollment - - - - - - - - - - - - - Set Minimum PIN Length - - - - - - - - - - - - - Set LED Flicker - - - - - - - - - - - - - Configurator - IS IS IS IS GE GE GEZ GEOZ EZ GEZ EIZ GEZ Run Diagnostic Mode - - - - - - - - - - - - - Set Brute force Attempts - - - - - - - - - - - - - Self-Test - - - - - - - - - - - - - Self-Test (On-Demand) - - - - - - - - - - - - - Get Status - - - - - - - - - - - - - User Reset (FIPS Zeroize) ZGS Z Z Z Z ZGE ZGE - - ZG - - Z Provision Lock - - - - - - - - - - - - - Format Storage as FD or RM - - - - - - - - - - - - - Table 10 – CSP and Public Key Access by Service Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 14 of 22 9. Self-Tests The cryptographic module performs all required self-tests, at power up and conditionally, as required by FIPS 140-2. When all of the self-tests are completed successfully, the module will display a solid RED LED. In the case that the module fails any particular self-test, the module will enter a FIPS error state. See table 11 below for error LED patterns. Error code will flash RED LED "n" times and then BLUE LED 1 time as a separator. Self-Test Type of Test Error Shown 16-Bit FW integrity tests Power up Red LED 5 Blinks SHA-256 KAT Power up Red LED 6 Blinks DRBG KAT1 Power up Red LED 7 Blinks AES-256 CBC KAT (Decrypt) Power up Red LED 9 Blinks ECDH KAT (Primitive “Z” computation) Power up Red LED 10 Blinks One Step KDF KAT Power up Red LED 10 Blinks SP 800-90B RCT & APT Health tests 2 Power up & Conditional Red LED 13 Blinks AES-256 XTS KAT (Encrypt & Decrypt) Power up Red LED 17 Blinks Partial key validation test (Module’s public Key) Conditional Red LED 11 Blinks Partial key validation test (Host’s public Key) Conditional Red LED ON BLUE Blinks once every 10 seconds AES-XTS IG A.9 Key Compare Conditional Red LED 15 Blinks Table 11 – Self tests 1 This Self test includes SP 800-90A section 11.3 Health Tests 2 The Health tests are run over 1024 samples Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 15 of 22 10. Physical Security Policy Epoxy coating The modules incorporate a hard, opaque, tamper-evident, production-grade epoxy coating encapsulating all electrical components containing critical security parameters. Attempts to remove the epoxy will cause damage to these components. Tamper-Resistance The module incorporates a strong, tamper-resistant, hard metal enclosure that defines the cryptographic boundary. Note: The module hardness testing was only performed at an ambient, single temperature (i.e. 78.4° F) and no assurance is provided for Level 3 hardness conformance at any other temperature. Physical Security Mechanisms Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Hard, opaque, tamper-evident, production-grade epoxy coating and metal enclosure In accordance with the Administrator role organizational security policy or every 3 months. Inspect the cryptographic boundary for scratches, gouges, scrapes, deformations, and any other suspicious signs of malice and tampering. If any evidence of tampering exists, the Administrator role is required to cease use of the cryptographic module immediately. Table 12 – Physical Security 11. Regulatory Compliance The cryptographic module has been tested for and passes the following: EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 16 of 22 12. Security Rules 12.1 Initialization Period of the Cryptographic Module The Administrator role is responsible for the overall security of the module and initializing the cryptographic module into the FIPS Approved mode of operation. The Administrator shall perform one (1) of the following two (2) procedures to set the initial Admin PIN and initialize the module into FIPS mode: 1. Wake up the module by pressing the Unlock button. The BLUE and GREEN LEDs will glow solidly. a. Press UNLOCK + 9 at the same time. The BLUE LED will glow solidly, and the GREEN LED will be blinking. b. Enter the series of numbers that you will use for the Admin PIN and press the UNLOCK button. c. Re-enter that same PIN and press the UNLOCK button again. The GREEN LED will illuminate for one second followed by the BLUE LED glowing solidly by itself. d. Push the Lock button. 2. Execute the “Configurator” service to perform the initialization of the module and set the admin PIN. The Configurator GUI application is outside of the module’s FIPS 140-2 validation scope. It resides on the host pc used by the Cryptographic Officer during module initialization. Upon completion of the initialization period, the module’s LED status will indicate a solid RED LED. The cryptographic module only supports a FIPS Approved mode of operation, therefore a non-compliant configuration is not possible and out of scope for this validation. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 17 of 22 12.2 FIPS Approved Mode • The cryptographic module always runs in a FIPS Approved mode of operation (i.e., non-FIPS mode is not supported). It is possible to determine that the module is in FIPS mode by waking up the module and observing LED status as follows: RED LED is solid to indicate self-tests completed successfully; RED LED flashes to indicate an error state, including failure of a power-up self-test as well as failure of a conditional self-test. • Power on self-tests are run automatically when the device is initially powered. This can happen at the time of manufacture or when power is applied through the USB and the batteries have been depleted. • On-demand self-tests can be performed from the standby state. To invoke these tests, first ensure the device is not plugged into a powered USB port (this prevents damaging the USB plug) and wake the device by pressing the UNLOCK button. Next press the LOCK + 8 buttons simultaneously. The solid red LED will transition to a blinking green LED for ten (10) seconds. Within these ten seconds, plug the device into a powered USB port and the device will automatically perform on-demand self- tests. Otherwise, the device will time out and return to standby state. Successful self-tests completion will be indicated by the following LED sequence: solid RED followed by solid GREEN followed by solid BLUE. The device will then return to standby state. • The firmware revision can be determined by the following procedure: 1. Push the Unlock button to bring the module out of a sleep state or plug into a powered USB port. 2. Push the Lock + 1 keys at the same time and release. 3. Push and hold the 0 key. The LEDs will flash Red and Blue for five (5) seconds then all the LEDs will come on for one (1) second. Release the 0 key. 4. The LEDs will flash the firmware revision: Example: a. 2 Blue LED blink = 2 b. Then 1 Red blink = . c. Then 1 Red blink (no Blue blink) = 0 d. Then Blue LED on solid = end of sequence This firmware revision shows 2.0 • The cryptographic module enforces separation of all data inputs, data outputs, control inputs, status outputs via defined ports and interfaces. Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 18 of 22 • The cryptographic module receives power via its defined power interface either via USB or the internal battery. • The cryptographic module does not support a maintenance interface or bypass capability. • The cryptographic module does not support FW loading capability. • The cryptographic module does not support the output of any secret keys, private keys, or CSPs in any form. • During error states, the cryptographic module enforces the inhibition of all data outputs, ceases to provide any cryptographic or otherwise security relevant services, and provides non-security relevant error status. To recover from an error state, the operator can perform a complete reset or invoke the on-demand self-tests. Only if all self-tests are completed successfully, will the module transition to an operational state. • The cryptographic module supports Identity-based authentication. • The Administrator and General User roles are explicitly prohibited from sharing PINs with any other operator. In the event that the Administrator role shares his or her PIN, the cryptographic module is deemed non-compliant and unfit for service to protect sensitive but unclassified data. • The cryptographic module provides a hard, opaque, tamper-evident, production- grade epoxy encapsulating all electrical components containing CSPs. • The cryptographic module incorporates a strong, tamper-resistant, non-removable, hard metal enclosure that defines the cryptographic boundary. • The cryptographic module enforces a non-modifiable operational environment. • The cryptographic module protects all critical security parameters from unauthorized disclosure, modification, and substitution. • The cryptographic module provides a non-deterministic hardware random number generator strictly for the purposes of seeding the deterministic random bit generator. • The cryptographic module does not support manual key entry. • The cryptographic module supports zeroization to destroy all critical security parameters. All CSPs are destroyed with the User Reset (FIPS Zeroize) service. • The cryptographic module conforms to applicable EMI/EMC requirements. • The cryptographic module generates cryptographic keys whose strengths are a minimum 256 bits of entropy. • As per IG A.9, the AES-XTS implementation verifies that Key_1 ≠ Key_2, before the keys are to be used. If the test fails, the module will enter a FIPS error state, and blink the RED LED 15 times Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 19 of 22 • Excluded components include, capacitors, eMMC memory, resistors, diodes, regulator, battery charger, battery, and USB cover, that are not replaceable or removable. 13. Mitigation of Other Attacks Policy The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-2. Other Attacks Mitigation Mechanism Specific Limitations Not applicable Not applicable Not applicable Table 13 – Mitigation of Other Attacks 14. Acronyms - AES: Advanced Encryption Standard - CBC: Cipher Block Chaining - CCCS: Canadian Centre for Cyber Security - CMVP: Cryptographic Module Validation Program - CSP: Critical Security Parameters - DRBG: Deterministic Random Bit Generator - ECC CDH: Elliptic Curve Cryptography Cofactor Diffie-Hellman - EDC: Error Detection Code - EMI/EMC: Electromagnetic Interference/Electromagnetic Compatibility - FIPS: Federal Information Processing Standards - KAT: Known Answer Test - LED: Light Emitting Diode - NIST: National Institute of Standards and Technology - ENT (P): Entropy from a Physical source - N/A: Not Applicable - PIN: Personal Identification Numbers - RNG: Random Number Generator - SHA: Secure Hashing Algorithm - USB: Universal Serial Bus - XTS: XEX Tweakable Block Cipher with Ciphertext Stealing Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 20 of 22 Appendix A. Critical Security Parameters The public keys, cryptographic keys, cryptographic key components, and CSPs used by the module are as follows: 1) AES Master Key Description: 256-bit AES-XTS key used to encrypt/decrypt protected data Generation: Internally using the SP 800-90A HASH DRBG Establishment: N/A Entry: N/A Output: N/A Storage: Plaintext in EEPROM & RAM Zeroization: Actively overwritten via "Self-destruct" and "User reset" services 2) User PIN Description: 7 to 16 digit PIN; authentication data for the General User Generation: Externally generated by the operator during module initialization Establishment: N/A Entry: Direct entry via keypad or AES-CBC encrypted with AES-CBC Decryption Key via the “Configurator” service Output: N/A Storage: SHA-256 hash value stored in EEPROM Zeroization: Actively overwritten via "Self-destruct", "Delete all User PINs", "User reset", and "Change PIN" services 3) Admin PIN Description: 7 to 16 digit PIN; authentication data for the Administrator Generation: Externally generated by the operator during module initialization Establishment: N/A Entry: Direct entry via keypad or AES-CBC encrypted with AES-CBC Decryption Key via the “Configurator” service Output: N/A Storage: SHA-256 hash value stored in EEPROM Zeroization: Actively overwritten via "Self-destruct", "Delete all User PINs", "User reset", and "Change PIN" services 4) Recovery PIN Description: 7 to 16 digit PIN; authentication data for the General User/ Administrator Generation: Externally generated by the operator during module initialization Establishment: N/A Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 21 of 22 Entry: Direct entry via keypad or AES-CBC encrypted with AES-CBC Decryption Key via the "Configurator" service Output: N/A Storage: SHA-256 hash value stored in EEPROM Zeroization: Actively overwritten via “Self-destruct”, "Delete all User PINs", "User reset", and "Change PIN" services 5) HASH DRBG Internal State Description: 880-bit; Values of V and C of HASH DRBG mechanism Generation: Internally using the SP 800-90A HASH DRBG Establishment: N/A Entry: N/A Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten after each DRBG instantiation or via "User reset" service 6) HASH DRBG Seed and Entropy Input Description: Seed is 440-bits and entropy input is 1024-bits; Used only in generating the initial state of the SP 800-90A HASH DRBG Generation: The seed is internally generated using the SP 800-90A HASH DRBG; the entropy input is generated by the SP 800-90B RNG Establishment: N/A Entry: N/A Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten after each DRBG instantiation or via "User reset" service 7) AES-CBC Decryption Key Description: 256-bit AES-CBC key used to decrypt protected data Generation: N/A Establishment: Internally using SP 800-56Cr2 One Step KDF Entry: N/A Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten inside of the “Configurator” service upon successful completion or if any errors occur 8) Client ECC CDH Public Key Description: Client’s P-256 SP 800-56Ar3 ECC CDH public key Generation: Calculated from ECC CDH Private Key Establishment: N/A Entry: N/A Output: Plaintext Storage: Plaintext in RAM Zeroization: Actively overwritten inside of the “Configurator” service upon successful completion 9) Client ECC CDH Private Key Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module Security Policy © Apricorn V1.2 Page 22 of 22 Description: Client’s P-256 SP 800-56Ar3 ECC CDH private key Generation: Internally using the SP 800-90A HASH DRBG Establishment: N/A Entry: N/A Output: N/A Storage: Plaintext in EEPROM Zeroization: Actively overwritten via “User reset” service, upon completion of the “Configurator” service, or when the module fails the partial public key validation 10) Client ECC CDH Shared Secret "Z" Description: Client’s 256-bit SP 800-56Ar3 ECC CDH Shared Secret “Z” resulting from KAS- SSC (Shared secret computation) Generation: N/A Establishment: ECC CDH Key Agreement as per SP 800-56Ar3 Entry: N/A Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten inside of the “Configurator” service, or when the module encounters any errors during the service 11) Host ECC CDH Public Key Description: Host’s P-256 SP 800-56Ar3 ECC CDH Public Key Generation: N/A Establishment: N/A Entry: Plaintext Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten inside of the “Configurator” service upon successful completion, or when the module encounters any errors during the service 12) SP 800-56Cr2 KDF Internal State Description: Client's Internal state of the ECC CDH One step key derivation function (SHA-256) Generation: N/A Establishment: SP 800-56Cr2 KDF Entry: N/A Output: N/A Storage: Plaintext in RAM Zeroization: Actively overwritten via "User reset" service