Security Policy for NRZ Link Encryptor Cylink Corporation ——$—$—$——————— SSS Ee mE 2 3 4 5 Security Policy 7 8 For nu NRZ Link Encryptor 14 ES-14885-4 15 Rev À 21 July 24, 1998 | 28 Prepared by 31 CYLINK CORPORATION 08/04/98 ES-14885-4 Rev A Page 1 { CONN NH PB WN — Security Policy for NRZ Link Encryptor Cylink Corporation 1 SCOPE OF DOCUMENT ..... 2 APPLICABLE DOCUMENTS nn 2 3 SECURITY LEVEL... mn 3. 4 SECURITY RULES .....csssssssssssssssssssescesssccesessesessssnnsssssnssssssssnssnsssssnnssnensnanunenussssseceecceceseeesesessssssnsnanasessesoosseeeees 3 4.1 CRYPTOGRAPHIC MODULE. 4.2 ROLES AND SERVICES 4.2.1 User Role...... 4.2.2 Crypto Officer Rol 4.3 PHYSICAL SECURITY... 4.4 OPERATING SYSTEM SECURITY. 4.5 KEY MANAGEMENT... 4.6 CRYPTO ALGORITHMS. 47 1 Scope of Document This document contains the security policy requirements for the Cylink NRZ Link Encryptor system module. The NRZ Link Encryptor System shall be referred to as the CLE (Cylink Link Encryptor) in this document. 2 Applicable Documents FIPS 140-1 Security Requirements for Cryptographic Modules DTR Derived Test Requirements for FIPS 140-1, Security Requirements for Cryptographic Modules (DTR) e FIPS 46-2 Data Encryption Standard (DES) « FIPS 81 DES Modes of Operation e FIPS 180-1 Secure Hash Standard (SHA-1) « FIPS 186 Digital Signature Standard (DSS) 08/04/98 ES-14885-4 Rev A Page 2 DAnbWn re 7 8 9 10 11 12 13 Security Policy for NRZ Link Encryptor 3 Security Level Cylink Corporation The CLE meets the overall requirements applicable to Level 2 security of FIPS 140-1, and meets Physical Security applicable to Level 3. ee pes EEE pare BE = EE = = u en er ee 4 Security Rules This section documents the security rules enforced by the CLE to implement the security requirements of FIPS 140-1 overall Level 2 module, with Level 3 Physical Security. 08/04/98 ES-14885-4 Rev A Page 3 Aut wn ae Security Policy for NRZ Link Encryptor Cylink Corporation 4.1. Cryptographic Module The CLE shall be implemented as a “Multiple-Chip Standalone Cryptographic Module” as defined in FIPS 140-1. 4.2, Roles and Services The CLE shall employ role based authentication of the operator. The module supports two roles as required by FIPS 140-1. The roles are the User Role and the Crypto Officer Role. An operator that gains contro! of the CLE shall simultaneously assume both the User and Crypto Officer roles. Access to these roles are restricted at the front panel by the use of a Medeco lock, and at the Network Management (ethernet) port by the use of a password entered into the PrivaCy Manager system. Concurrent operator access/operation is prevented by disallowing SNMP access when the Medeco lock is set to enable the front panel. Physical Maintenance shall be performed at the factory, as there are no services that require the cover to be removed in the field, and there are no logical maintenance services performed in the field. The CLE module should be zeriozed by a Crypto Officer before the module is returned to the factory, either by command or by removing the cover. 4.2.1 User Role The User Role provides the operator with the ability to control the operational mode of the CLE and thus configure the network security policy. The services available to an operator while in the User Role are as follows: 1. Set Operational Mode: This service allows the operator to select the current operational mode. The operator shall be permitted to command the CLE into the following modes: a) Clear Mode b) Standby Mode c) Secure Mode 08/04/98 ES-14885-4 Rev A Page 4 vo saupw ve Security Policy for NRZ Link Encryptor Cylink Corporation 4.2.2 Crypto Officer Role The Crypto Officer Role provides the operator the ability to perform all of the services listed below. 1. 4. 5. Alarm/Event Services a) Display Event Log: This service allows the operator to scroll through and view the contents of the CLE's event log. d) Clear Event Log: This service allows the operator to completely clear the contents of the event log. . Time/Date: This service allows the operator to set the real time clock to the current date and time. Key Management a) Set Auto Key Change Attributes b) Days Interval c) End to End Delay d) Clear Modes Allowed/Disallowed e) Mode Managed/Unmanaged f) Zeroize Keys: This service allows the operator to erase critical security parameters. When this service is activated the following information shall be actively erased: (i) CLE Network Certificate (ii) CLE DSS secret key (X) (iii) PrivaCy Manager DSS public key (iv) PrivaCy Manger/CLE (SNMP) encryption key (v) PrivaCy Manger/CLE SNMP message counter (vi) CLE/CLE encryption key (vii) Far End CLE serial number (viii) Last key change timestamp (ix) Event Log Set Line Interface Configuration Parameters Network Management a) Display/Set Unit IP Address b) Display/Set Gateway IP Address c) Display/Set Subnet Mask Address 08/04/98 ES-14885-4 Rev A Page 5 D © I DUR WN = © Security Policy for NRZ Link Encryptor Cylink Corporation d) Display/Set Trap1/Trap2 IP Address 6. System Test: This service allows the operator to set a Network Encryptor Loopback, or a DTE Encryptor Loopback, or clear a loopback that has been previously set. 7. Display Manufacturing Info: This service allows the operator to display the following information: a) Firmware Revision b) Firmware Date c) Hardware List d) Hardware Issue e) Manufacturing Date f) Unit Serial Number g) Line Interface Unit (LIU) Type h) End to End (Link) Key Size, and Encryption Mode and Algorithm i) SNMP Key Size, and Encryption Mode and Algorithm 8. Set Default Configuration 9. Perform Network Certification 4.3 Physical Security 1. Access to the circuitry contained within the CLE shall be restricted by the use of a Medeco lock. It shall not be possible to remove the enclosure cover without unlocking the lock. 2. The CLE shall include tamper response and zeroization circuitry. Upon the removal of the enclosure’s cover, all plaintext cryptographic key and unprotected critical security parameters shall be immediately zeroized. This capability shall be operational whether or not power is applied to the module. 3. The CLE shall not employ ventilation holes, and shall be designed to prevent physical probing inside the enclosure. 4.4 Operating System Security The FIPS 140-1 operating system requirements (FIPS PUB 140-1 section 4.7) do not apply to the CLE because it is not a general purpose computer and thus it cannot run untrusted user- supplied software. However, the CLE’s firmware can be field updated using a download process. The following rules apply to the downloading of new CLE firmware. 08/04/98 ES-14885-4 RevA Page 6 Security Policy for NRZ Link Encryptor Cylink Corporation The CLE shall verify the signature of the binary image. If this verification fails, the module shall continue operation using the pervious version of firmware, the downloaded binary image shall be marked as non-executable, and an SNMP-readable MIB status shall be set reporting the failure. 4.5 Key Management 1. The PRNG seed (referred to as the XKEY in FIPS 186 Appendix 3.1) shall be installed into the CLE using the Cylink Manufacturing Configurator (CMC) process. 2. PrivaCy Manager/CLE encryption keys shall be re-negotiated each time a new CLE Network Certificate is loaded. 3. PrivaCy Manager/CLE encryption keys shall be established using the Diffie-Hellman Key Agreement process. 4. Messages exchanged between the PrivaCy Manager and the CLE systems that contain the Diffie-Hellman public components used to establish the PrivaCy Manager/CLE encryption key shall be signed using the DSA associated with each entities Manufacturing Certificate. 5. Prior to accepting the PrivaCy Manager/CLE encryption key the CLE shall perform various message and certificate signature verification tests. If any of the tests fail the PrivaCy Manager/CLE encryption key and the newly loaded Network Certificate are rejected and the CLE shall report the failure at the end of the protocol. 6. Anew CLE/CLE encryption key shall be negotiated each time the CLE transitions from a non-secure state to a secure state. 7. While in the secure mode the CLE/CLE encryption key shall be periodically re- negotiated. 8. CLE/CLE encryption keys shall be established using the Diffie-Hellman Key Agreement process. 9. When establishing a new CLE/CLE encryption key, the messages containing the Diffie- Hellman public component shall be signed. 10. Prior to accepting the CLE/CLE encryption key each CLE shall: a) Verify the compatibility of the two units’ session settings: b) Verify the validity of the Network Certificate’s signature. If any of the above tests fail the CLE/CLE encryption key shall be rejected. 11. If the link encryption key generation process fails, the CLE shall generate an alarm. 08/04/98 ES-14885-4 Rev A Page 7 Security Policy for NRZ Link Encryptor Cylink Corporation 12. If a successful CLE/CLE key exchange does not occur within the Days Interval setting of the previous key exchange, the CLE shall produce an alarm due to the resulting Local Secure mode. 4.6 Crypto Algorithms 1. The CLE shall use the Data Encryption Standard (DES) algorithm or Triple DES to protect the NRZ line data. Sensitive PrivaCy Manager/CLE data shall be protected using the Triple DES algorithm. 2. The CLE shall use the Digital Signature Standard as described in FIPS 186 for the authentication of all security related information. 3. As specified in FIPS 186, the module will also support the Secure Hash Standard (SHA-1) as described in FIPS 180-1. 4.7 Self Test 1. The following Power-Up Self Tests shall be performed when power is first applied to the system. a) Field Programmable Gate Array (FPGA) Test b) Program Memory (ROM/FLASH) Integrity Test c) General Purpose Memory Test d) Non-Volatile Memory Integrity Test e) Real Time Clock Test f} CipherChipTest g) Random Number Generator Test h) General Cryptographic Algorithm Test i) Pairwise Consistency Test 2. During normal operation, once during each second the battery that backs up the non- volatile RAM shall be tested. 3. All keys to be used for symmetric key cryptographic algorithms shall be checked to verify that they are cryptographically suitable for use as an encryption/decryption key. This check shall be performed immediately after the value of the key has been established and before the key is used or stored for later use. | 08/04/98 ES-14885-4 Rev A Page 8 Do Security Policy for NRZ Link Encryptor Cylink Corporation For example, a DES key must be checked to verify that it is of the correct parity and is not on the list of known “weak’ or “semi-weak” DES keys. 5 Definition of Security Relevant Data Items (SRDIs) (1) CLE Manufacturing Certificate (2) PrivaCy Manager Manufacturing Certificate (3) PrivaCy Manager/CLE SNMP Encryption Algorithm Flag (4) PrivaCy Manager/CLE SNMP Encryption Mode Flag (5) PrivaCy Manager/CLE SNMP Encryption Key Size Flag (6) CLE to CLE Encryption Algorithm Flag (7) CLE to CLE Encryption Mode Flag (8) CLE to CLE Encryption Key Size Flag (9) Near End Network Certifi ate (10) Far End Network Certificate (11) PRNG Running Seed (KEY) (12) CLE DSS Secret Key (X) (13) CLE DSS Public Key (Y) (14) PrivaCy Manager DSS Public Key (15) PrivaCy Manager/CLE ( NMP) Encryption Key (16) PM/CLE Message Counter Value (17) PrivaCy Manager/CLE Message Counter (18) CLE/CLE Encryption Key, (19) Near End CLE Challenge Value (20) Far End CLE Challenge Value (21) Voice Authentication Hash Value (22) Far End CLE Serial Number (23) Far End CLE Serial Number timestamp (24) Last Key Change Timestamp (25) Event Log | (26) Key Change Method (27) Begin Time (28) End Time ee 08/04/98 ES-14885-4 Rev A Page 9 Security Policy for NRZ Link Encryptor Cylink Corporation 1 (29) Days Interval 2 (30) Clear Modes 3 (31) Mode i | i 08/04/98 ES-14885-4 Rev A Page 10 Security Policy for NRZ Link Encryptor Cylink Corporation 6 Definitions of SRDI The table below defines the services. The modes of access are shown as codes in the table and are defined as follows: lationship between access to SRDIs and the different module 2 3 4 5 6 7 a) D -The SRDI is set back to the manufacturing default by the service. 8 b) G - This service generates the SRDI internal to the CLE. 9 10 11 12 13 2 - The SRDI is input into the CLE by this service. d) R -The SRDI is read and used by the service. - The SRDI is updated by the service. - The SRDI is verified by the service. ed by the service. > N