vosau a wo 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation —— EEO 70HrENN Security Policy For NRZ/T1/E1 Link Encryptor ES-14885-4 Rev B May 17, 1999 Prepared by CYLINK CORPORATION ES-14885-4 Rev B Page 1 Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation poration 1 SCOPE OF DOCUMENT 2 _APPLICABLE DOCUMENTS „nun. 3 SECURITY LEVEL... Crypto Officer Role. 4.3 PHYSICAL SECURITY 4.4 OPERATING SYSTEM 4.5 KEY MANAGEMENT. 4.6 CRYPTO ALGORITHM: 4.7 SELF TEST... 5 DEFINITION OF SECURITY RELEVANT DATA ITEMS (SRDIS)....... 6 DEFINITIONS OF SRDI MODES OF ACCESS 1 Scope of Document This document contains the security policy requirements for the Cylink NRZ/T1/E1 Link Encryptor system module. The NRZ/T1/E1 Link Encryptor System shall be referred to as the CLE (Cylink Link Encryptor) in this document. 2 Applicable Documents FIPS 140-1 Security Requirements for Cryptographic Modules DTR Derived Test Requirements for FIPS 140-1, Security Requirements for Cryptographic Modules (DTR) « FIPS 46-2 Data Encryption Standard (DES) « FIPS 81 DES Modes of Operation « FIPS 180-1 Secure Hash Standard (SHA-1) « FIPS 186 Digital Signature Standard (DSS) ES-14885-4 Rev B Page 2 Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation m—- - _____ yinkborporation 1 2 3 Security Level 3 4 The CLE meets the overall requirements applicable to Level 2 security of FIPS 140-1, and | 5 meets Physical Security applicable to Level 3. | 6 | Security Requirements Section | Cryptographic Module ia | Module Interfaces | Roles and Services |? | Finite State Machine a Physical Security “_ Software Security Operating System Security Key Management |? | Cryptographic Algorithms |? | EMI/EMC Self Test | 2 | 7 8 9 10 4 Security Rules 11 12 This section documents the security rules enforced by the CLE to implement the security 13 requirements of FIPS 140-1 overall Level 2 module, with Level 3 Software and Physical 14 Security. ES-14885-4 RevB Page 3 D DUR © ND = Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation 4.1 Cryptographic Module The CLE shall be implemented as aj“Multiple-Chip Standalone Cryptographic Module” as defined in FIPS 140-1. - 4.2 Roles and Services The CLE shall employ role based authentication of the operator. The module supports two roles as required by FIPS 140-1. The roles are the User Role and the Crypto Officer Role. Access to these roles is restricted at the front panel by the use of a Medeco lock, and at the Network Management (ethernet) port by the use of a password entered into the PrivaCy Manager system. An operator is authenticated to the User and Crypto Officer roles at the front panel through possession of the key that will turn the Medeco lock to the Enable position. . Concurrent operator access/operation is prevented by disallowing SNMP access when the Medeco lock is set to enable the front panel. PrivaCy Manager is an application that can be used to remotely control the CLE through an Ethernet connection. In addition to the services that can be initiated from the front panel, PrivaCy Manager can initiate network/voice authentication, initiate a software download . operation, display the CLE MAC address, and display the date and time of the last key exchange. Physical Maintenance shall be performed at the factory, as there are no services that require the cover to be removed in the field, and there are no logical maintenance services performed in the field. The CLE module should be zeriozed by a Crypto Officer before the module is returned to the factory, either by command or by removing the cover. 4.2.1 User Role The User Role provides the operator with the ability to control the operational mode of the CLE and thus configure the network security policy. The services available to an operator while in the User Role are as follows: 1. Set Operational Mode: This service allows the operator to select the current operational mode. The operator shall be permitted to command the CLE into the following modes: a) Clear Mode b) Standby Mode c) Secure Mode d) Clear Pending Secure Mode (Dial-Up only) e) Standby Pending Secure Mode (Dial-Up only) ee ES-14885-4 Rev B Page 4 CoO ADNBW NH as oN SI sur Ny =o ww W w D D & D D © DR R BRAS © » à à À À à D Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation Sa — OO ere eee 4.2.2 Crypto Officer Role ae Crypto Officer Role provides the operator the ability to perform all of the services listed elow. 1. Alarm/Event Services a) Display Event Log: This service allows the operator to scroll through and view the contents of the CLE’s event log. f) Clear Event Log: This service allows the operator to completely clear the contents of the event log. 2. Time/Date: This service allows the operator to set the real time clock to the current date and time. 3. Key Management a) Set Auto Key Change Attributes b) Days Interval c) End to End Delay d) Clear Modes Allowed/Disallowed e) Mode NET CERT, MANUAL (authentication) KEY, UNAUTH DH f) Zeroize Keys: This service allows the operator to erase critical security parameters. When this service is activated the following information shall be actively erased: (i) | CLE Network Certificate (ii) CLE DSS secret key (X) (iii) PrivaCy Manager DSS public key (iv) PrivaCy Manger/CLE (SNMP) encryption key (v)_ PrivaCy Manger/CLE SNMP message counter (vi) CLE/CLE encryption key (vii) Manually Entered Authentication Key (viii) Far End CLE serial number (ix) Last key change timestamp (x) Event Log g) Set Manual Authentication Key 4. Set Line Interface Configuration Parameters 5. Network Management a) Display/Set Unit IP Address b) Display/Set Gateway IP Address Ne ES-14885-4 Rev B Page 5 Security Policy for NRZ/T1/E1 Link Eheryptor Cylink Corporation 1 c) Display/Set Subnet Mask Address 2 d) Display/Set Trap1/Trap2 IP Address 3 6. System Test: This service allows the operator to set a Network Encryptor Loopback, or 4 a DTE Encryptor Loopbak, or clear a loopback that has been previously set. CLEs 5 with a T1 or E1 interface also allow setting or clearing a Network Line Loopback or a 6 DTE Line Loopback 7 7. Display Manufacturing Info: This service allows the operator to display the following 8 information: 9 a) Firmware Revision 10 b) Firmware Date 11 c) Hardware List 12 d) Hardware Issue 13 e) Manufacturing Date 14 f) Unit Serial Number 15 g) Line Interface Unit (LIU) Type 16 h) End to End (Link) Key|Size, and Encryption Mode and Algorithm 17 i) SNMP Key Size, and Encryption Mode and Algorithm 18 8. Set Default Configuration 19 9. Firmware Update 20 21 4.3 Physical Security 22 23 1. Access to the circuitry conned within the CLE shall be restricted by the use of a 24 Medeco lock. It shall not be possible to remove the enclosure cover without unlocking 25 the lock. 26 2. The CLE shall include tamper response and zeroization circuitry. Upon the removal of 27 the enclosure’s cover, all plaintext cryptographic key and unprotected critical security 28 parameters shall be immediately zeroized. This capability shall be operational whether 29 or not power is applied to the module. 30 3. The CLE shall not employ ventilation holes, and shall be designed to prevent physical 31 probing inside the enclosure. 32 33 4.4 Operating System Security ES-14885-4 Rev B D osauı BONY cryptor Security Policy for NRZ/T1/E1 Link En Cylink Corporation The FIPS 140-1 operating syste! the CLE because it is not a gener, supplied software. However, the process. The following rules appl The CLE shall verify the signatur continue operation using the pervi be marked as non-executable, an failure. 4.5 Key Management 1. 10. ES-14885-4 RevB . Anew CLE/CLE encryptio The PRNG seed (referred requirements (FIPS PUB 140-1 section 4.7) do not apply to | purpose computer and thus it cannot run untrusted user- LE’s firmware can be field updated using a download to the downloading of new CLE firmware. of the binary image. If this verification fails, the module shall us version of firmware, the downloaded binary image shall an SNMP-readable MIB status shall be set reporting the to as the XKEY in FIPS 186 Appendix 3.1) shall be installed into the CLE using the Cylink Manufacturing Configurator (CMC) process. PrivaCy Manager/CLE aa keys shall be re-negotiated each time a new CLE Network Certificate is loa PrivaCy Manager/CLE en: Key Agreement process. the Diffie-Hellman public ed. ryption keys shall be established using the Diffie-Hellman omponents used to establish the PrivaCy Manager/CLE Messages exchanged ior the PrivaCy Manager and the CLE systems that contain encryption key shall be si Manufacturing Certificate. Prior to accepting the Priv: various message and cert ned using the DSA associated with each entities Cy Manager/CLE encryption key the CLE shall perform ficate signature verification tests. If any of the tests fail the PrivaCy Manager/CLE encryption key and the newly loaded Network Certificate are rej protocol. a non-secure state to a se While in the secure mode negotiated. CLE/CLE encryption keys process. jected and the CLE shall report the failure at the end of the key shall be negotiated each time the CLE transitions from ure state. the CLE/CLE encryption key shall be periodically re- shall be established using the Diffie-Hellman Key Agreement When establishing a new CLE/CLE encryption key, the messages containing the Diffie- Hellman public component shall be signed. Prior to accepting the CLE/CLE encryption key each CLE shall: a) Verify the compatibility of the two units’ session settings: b) Verify the validity of the Network Certificate’s signature. If any of the above tests fail the CLE/CLE encryption key shall be rejected. Page 7 Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation 11. If the Leased Line link encryption key generation process fails, the CLE shall generate 12. 4.6 Crypto Algorithms . The CLE shall have the al an alarm. If a successful Leased Line CLE/CLE key exchange does not occur within the Days Interval setting of the previous key exchange, the CLE shall produce an alarm due to the resulting Local Secur: use it to authenticate the PrivaCy Manger and Ne! authentication key shall b displayed after user acce| tamper situation. authentication key. The p! user entry, and shall be z mode. ility to generate a pseudo-random authentication key, and nd-to-end communication protocol, in situations where ork Certificates are not available. The plaintext 24-byte generated randomly as per FIPS Pub 186, shall not be tance, and shall be zeroized by operator command or by a laintext 24-byte authentication key shall not be displayed after roized by operator command or by a tamper situation. . The CLE shall have the Han to accept and utilize a manually entered end-to-end 1. The CLE shall use the Data Encryption Standard (DES) algorithm or Triple DES to 4.7 Self Test 1. protect the user line data. The CLE shall use the Di authentication of all secu As specified in FIPS 186, (SHA-1) as described in F using the Triple DES Oils Sensitive PrivaCy Manager/CLE data shall be protected ital Signature Standard as described in FIPS 186 for the ity related information. the module will also support the Secure Hash Standard IPS 180-1. The following Power-Up Self Tests shall be performed when power is first applied to the system. Field Programmable Non-Volatile Memory | Real Time Clock Test Cipher Chip Test General Cryptographic Gate Array (FPGA) Test Program Memory (ROM/FLASH) Integrity Test General Purpose Memory Test tegrity Test Random Number Generator Test Algorithm Test ES-14885-4 Rev B Page 8 CO MIADN AWN No 13 Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation fT Oe Dorporation i) Pairwise Consistency Test 2. During normal operation, once during each second the battery that backs up the non- volatile RAM shall be tested. 3. All keys to be used for symmetric key cryptographic algorithms shall be checked to verify that they are cryptographically suitable for use as an encryption/decryption key. This check shall be performed immediately after the value of the key has been established and before the key is used or stored for later use. For example, a DES key must be checked to verify that it is of the correct parity and is not on the list of known “weak” or “semi-weak” DES keys. Definition of Security Relevant Data Items (SRDIs) (1) CLE Manufacturing Certificate (2) PrivaCy Manager Manufacturing Certificate (3) PrivaCy Manager/CLE SNMP Encryption Algorithm Flag (4) PrivaCy Manager/CLE SNMP Encryption Mode Flag (5) PrivaCy Manager/CLE SNMP Encryption Key Size Flag (6) CLE to CLE Encryption Algorithm Flag (7) CLE to CLE Encryption Mode Flag (8) CLE to CLE Encryption Key Size Flag (9) Near End Network Certificate (10) Far End Network Certificate (11) Far End Manual Authentication Code (12) Firmware Binary Image Signature (13) PRNG Running Seed (XKEY) (14) CLE DSS Secret Key (X) (15) CLE DSS Public Key (Y) (16) PrivaCy Manager DSS Public Key (17) PrivaCy Manager/CLE (SNMP) Encryption Key (18) PM/CLE Message Counter Value (19) PrivaCy Manager/CLE Message Counter (20) CLE/CLE Encryption Key (21) Near End CLE Challenge Value (22) Far End CLE Challenge Value ES-14885-4 Rev B Page 9 D OXIA DNA WN = nu BD PRES Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation -—K.—$———L——— errr (23) Voice Authentication Hash Value (24) Far End CLE Serial Number (25) Far End CLE Serial Number timestamp (26) Last Key Change Timestamp (27) Event Log (28) Key Change Method (29) Begin Time (30) End Time (31) Days Interval (32) Clear Modes (33) Key Management Mode (34) Manual Authentication Key (35) Algorithm Adaptation Flag (36) Exclusion List: For Dial-Up operation 6 Definitions of SRDI Modes of Access The table below defines the relationship between access to SRDIs and the different module services. The modes of access are shown as codes in the table and are defined as follows: a) D -The SRDI is set back to the manufacturing default by the service. b) G _ - This service generates the SRD! internal to the CLE. c) 1 - The SRDI is input into the CLE by this service. d) R - The SRDI is read and used by the service. e) U - The SRDI is updated by the service. f) V_ - The SRDI is verified by the service. g) Z -The SRDI is erased by the service. ES-14885-4 Rev B Page 10 11 e6eg gAOU 9-9887 1-53 A u Syepdn sremu seBBu, x alalalalala ala vonesnByuoo 1Nejag 18S) x syoe9d007 LSNALA Jeeonesı x ulu 8lu|u|u oyuı weIsäg Aeıdsıq| sasselppy di des] 8185| x Sep Jeuqns 185 x SS@IPPY di Aemayed 18S x SSOIPPV di 310 185 X Byuoo dni ies} x BERITITZERTENTEINEEN 14 uoneidepy wuuoBIy 18] x 1 Kay uonesjuayny jenueyy 18S| x zZ Zz z|z|z z|z z|z zZ Z shay 8z10187| x IH Opoy\ Jusweßeueyy Ady 18S) x a MOIESI/MOIIY SEPOW 18819 18S| x Aeıoq Pu3-07-pu3 18S) x Id Teweyuı sÄeq Jos} x 18 IH SWL eg es] x IH Poyoy ebueyo key 18S x eqeg/ewi yes] x zZ 607 juenz 18soy] x u 507 juona Aeıdsıq uluju n|n|n NO n ATA ulululululu S1n585 - apow leuoyeadO 195 ululy a n A|D AIA Aqpuejs - apoyy reuojesedo 18s} ulululu n n NE) ATA 18819 = SPO feuoyesedo 19S x IAD nfaleli [ele AS UOpEORUEUNY 890 A 319/Nd U0pEY x Alo{tfuly JAD uoweoqueyiny YOMIeN jo IEMEUSE | x n/alolılalu IAD ALA uoHeORUaYINY WOMIEN WHOHed| SU EES (ESE SSE STE else ee elelele eel oles ele) eel e ele ele) S12] comes seouo ordkignesn 3 a2: 8 23/3 =/o/2/a/e|8]215/88|8 8|21212/5/8|2]215\8 3 3 35|5|52 pue aomues Buumoeynuem 5 5 3 = 5 2 s/>|=/3 12/8213 ]2 13812 )5|0/8 5/2 m/21517/28]8 2/8 <|5 a mm mmminieıs A EHER RHREIBRBEBBREIHRHERHBBIBEIBIE 2| |"|S8l2l8l2 | [algisioin 8553/88 |8/5|32|2|2|S|S sig 3 2/5135 Bleie/Folsls/SlBiS/s|s/S\s/2/F| zisis/$/S/B/S] SE | | SR AREA RH AABÉREARÉENE 2 aja} 2121818 ad z832]5 533 lslslsi®]s]3/2/a/ ele 2/8) / {8 |e e Bls|Sl