Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 1
1
2
3
4
Security Policy
5
6
7
For
8
9
10
NRZ Link Encryptor
11
12
13
ES-14885-4
14
Rev B
15
16
17
18
19
20
May 17, 1999
21
22
23
24
25
26
27
Prepared by
28
29
30
CYLINK CORPORATION
31
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 2
1
1 SCOPE OF DOCUMENT ................................................................................................................................ 2
2
2 APPLICABLE DOCUMENTS ........................................................................................................................ 2
3
3 SECURITY LEVEL.......................................................................................................................................... 3
4
4 SECURITY RULES.......................................................................................................................................... 3
5
4.1 CRYPTOGRAPHIC MODULE .............................................................................................................................. 4
6
4.2 ROLES AND SERVICES...................................................................................................................................... 4
7
4.2.1 User Role .............................................................................................................................................. 4
8
4.2.2 Crypto Officer Role............................................................................................................................... 5
9
4.3 PHYSICAL SECURITY ....................................................................................................................................... 6
10
4.4 OPERATING SYSTEM SECURITY ....................................................................................................................... 6
11
4.5 KEY MANAGEMENT ........................................................................................................................................ 7
12
4.6 CRYPTO ALGORITHMS..................................................................................................................................... 8
13
4.7 SELF TEST ....................................................................................................................................................... 8
14
5 DEFINITION OF SECURITY RELEVANT DATA ITEMS (SRDIS)......................................................... 9
15
6 DEFINITIONS OF SRDI MODES OF ACCESS......................................................................................... 11
16
17
1 Scope of Document
18
19
This document contains the security policy requirements for the Cylink NRZ Link Encryptor
20
system module. The NRZ/T1/E1/RS-232 Link Encryptor System shall be referred to as the CLE
21
(Cylink Link Encryptor) in this document.
22
23
2 Applicable Documents
24
25
• FIPS 140-1 Security Requirements for Cryptographic Modules
26
• DTR Derived Test Requirements for FIPS 140-1, Security Requirements
27
for Cryptographic Modules (DTR)
28
• FIPS 46-2 Data Encryption Standard (DES)
29
• FIPS 81 DES Modes of Operation
30
• FIPS 180-1 Secure Hash Standard (SHA-1)
31
• FIPS 186 Digital Signature Standard (DSS)
32
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 3
1
3 Security Level
2
3
The CLE meets the overall requirements applicable to Level 2 security of FIPS 140-1, and
4
meets Physical Security, Software Security applicable to Level 3.
5
6
Security Requirements Section Level
Cryptographic Module 2
Module Interfaces 2
Roles and Services 2
Finite State Machine 2
Physical Security 3
EFP/EFT N/A
Software Security 3
Operating System Security N/A
Key Management 2
Cryptographic Algorithms 2
EMI/EMC 2
Self Test 2
7
8
9
4 Security Rules
10
11
This section documents the security rules enforced by the CLE to implement the security
12
requirements of FIPS 140-1 overall Level 2 module, with Level 3 Physical Security and
13
Software Security.
14
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 4
1
4.1 Cryptographic Module
2
3
The CLE shall be implemented as a “Multiple-Chip Standalone Cryptographic Module” as
4
defined in FIPS 140-1.
5
6
4.2 Roles and Services
7
8
The CLE shall employ role based authentication of the operator. The module supports two
9
roles as required by FIPS 140-1. The roles are the User Role and the Crypto Officer Role.
10
Access to these roles is restricted at the front panel by the use of a Medeco lock, and at the
11
Network Management (ethernet) port by the use of a password entered into the PrivaCy
12
Manager system. An operator is authenticated to the User and Crypto Officer roles at the front
13
panel through possession of the key that will turn the Medeco lock to the Enable position.
14
Concurrent operator access/operation is prevented by disallowing SNMP access when the
15
Medeco lock is set to enable the front panel.
16
17
PrivaCy Manager is an application that can be used to remotely control the CLE through an
18
Ethernet connection. In addition to the services that can be initiated from the front panel,
19
PrivaCy Manager can initiate network/voice authentication, initiate a software download
20
operation, display the CLE MAC address, and display the date and time of the last key
21
exchange.
22
23
Physical Maintenance shall be performed at the factory, as there are no services that require
24
the cover to be removed in the field, and there are no logical maintenance services performed
25
in the field. The CLE module should be zeriozed by a Crypto Officer before the module is
26
returned to the factory, either by command or by removing the cover.
27
28
29
4.2.1 User Role
30
31
The User Role provides the operator with the ability to control the operational mode of the CLE
32
and thus configure the network security policy. The services available to an operator while in
33
the User Role are as follows:
34
35
1. Set Operational Mode: This service allows the operator to select the current operational
36
mode. The operator shall be permitted to command the CLE into the following modes:
37
38
a) Clear Mode
39
b) Standby Mode
40
c) Secure Mode
41
d) Clear Pending Secure Mode (Dial-Up only)
42
e) Standby Pending Secure Mode (Dial-up only)
43
44
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 5
1
4.2.2 Crypto Officer Role
2
3
The Crypto Officer Role provides the operator the ability to perform all of the services listed
4
below.
5
6
1. Alarm/Event Services
7
a) Display Event Log: This service allows the operator to scroll through and view the
8
contents of the CLE’s event log.
9
f) Clear Event Log: This service allows the operator to completely clear the contents of
10
the event log.
11
2. Time/Date: This service allows the operator to set the real time clock to the current date
12
and time.
13
3. Key Management
14
a) Set Auto Key Change Attributes
15
b) Days Interval
16
c) End to End Delay
17
d) Clear Modes Allowed/Disallowed
18
e) Mode NET CERT, MANUAL (authentication) KEY, UNAUTH DH
19
f) Zeroize Keys: This service allows the operator to erase critical security parameters.
20
When this service is activated the following information shall be actively erased:
21
(i) CLE Network Certificate
22
(ii) CLE DSS secret key (X)
23
(iii) PrivaCy Manager DSS public key
24
(iv) PrivaCy Manger/CLE (SNMP) encryption key
25
(v) PrivaCy Manger/CLE SNMP message counter
26
(vi) CLE/CLE encryption key
27
(vii) Manually entered authentication key
28
(viii) Far End CLE serial number
29
(ix) Last key change timestamp
30
(x) Event Log
31
g) Set Manual Authentication Key
32
33
4. Set Line Interface Configuration Parameters
34
5. Network Management
35
a) Display/Set Unit IP Address
36
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 6
b) Display/Set Gateway IP Address
1
c) Display/Set Subnet Mask Address
2
d) Display/Set Trap1/Trap2 IP Address
3
6. System Test: This service allows the operator to set a Network Encryptor Loopback, or
4
a DTE Encryptor Loopback, or clear a loopback that has been previously set.
5
7. Display Manufacturing Info: This service allows the operator to display the following
6
information:
7
e) Firmware Revision
8
f) Firmware Date
9
g) Hardware List
10
h) Hardware Issue
11
i) Manufacturing Date
12
j) Unit Serial Number
13
k) Line Interface Unit (LIU) Type
14
l) End to End (Link) Key Size, and Encryption Mode and Algorithm
15
m) SNMP Key Size, and Encryption Mode and Algorithm
16
8. Set Default Configuration
17
9. Firmware Update
18
19
4.3 Physical Security
20
21
1. Access to the circuitry contained within the CLE shall be restricted by the use of a
22
Medeco lock. It shall not be possible to remove the enclosure cover without unlocking
23
the lock.
24
2. The CLE shall include tamper response and zeroization circuitry. Upon the removal of
25
the enclosure’s cover, all plaintext cryptographic key and unprotected critical security
26
parameters shall be immediately zeroized. This capability shall be operational whether
27
or not power is applied to the module.
28
3. The CLE shall not employ ventilation holes, and shall be designed to prevent physical
29
probing inside the enclosure.
30
31
32
4.4 Operating System Security
33
34
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 7
The FIPS 140-1 operating system requirements (FIPS PUB 140-1 section 4.7) do not apply to
1
the CLE because it is not a general purpose computer and thus it cannot run untrusted user-
2
supplied software. However, the CLE’s firmware can be field updated using a download
3
process. The following rules apply to the downloading of new CLE firmware.
4
The CLE shall verify the signature of the binary image. If this verification fails, the module shall
5
continue operation using the pervious version of firmware, the downloaded binary image shall
6
be marked as non-executable, and an SNMP-readable MIB status shall be set reporting the
7
failure.
8
9
4.5 Key Management
10
11
1. The PRNG seed (referred to as the XKEY in FIPS 186 Appendix 3.1) shall be installed
12
into the CLE using the Cylink Manufacturing Configurator (CMC) process.
13
2. PrivaCy Manager/CLE encryption keys shall be re-negotiated each time a new CLE
14
Network Certificate is loaded.
15
3. PrivaCy Manager/CLE encryption keys shall be established using the Diffie-Hellman
16
Key Agreement process.
17
4. Messages exchanged between the PrivaCy Manager and the CLE systems that contain
18
the Diffie-Hellman public components used to establish the PrivaCy Manager/CLE
19
encryption key shall be signed using the DSA associated with each entities
20
Manufacturing Certificate.
21
5. Prior to accepting the PrivaCy Manager/CLE encryption key the CLE shall perform
22
various message and certificate signature verification tests.
23
If any of the tests fail the PrivaCy Manager/CLE encryption key and the newly loaded
24
Network Certificate are rejected and the CLE shall report the failure at the end of the
25
protocol.
26
6. A new CLE/CLE encryption key shall be negotiated each time the CLE transitions from
27
a non-secure state to a secure state.
28
7. While in the secure mode the CLE/CLE encryption key shall be periodically re-
29
negotiated.
30
8. CLE/CLE encryption keys shall be established using the Diffie-Hellman Key Agreement
31
process.
32
9. When establishing a new CLE/CLE encryption key, the messages containing the Diffie-
33
Hellman public component shall be signed.
34
10. Prior to accepting the CLE/CLE encryption key each CLE shall:
35
a) Verify the compatibility of the two units’ session settings:
36
b) Verify the validity of the Network Certificate’s signature.
37
If any of the above tests fail the CLE/CLE encryption key shall be rejected.
38
39
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 8
11. If the link encryption key generation process fails, the CLE shall generate an alarm.
1
12. If a successful CLE/CLE key exchange does not occur within the Days Interval setting
2
of the previous key exchange, the CLE shall produce an alarm due to the resulting
3
Local Secure mode.
4
13. The CLE shall have the ability to generate a pseudo-random authentication key, and
5
use it to authenticate the end-to-end communication protocol, in situations where
6
PrivaCy Manager and Network Certificates are not available. The plaintext 24-byte
7
authentication key shall be generated randomly as per FIPS Pub 186, shall not be
8
displayed after user acceptance, and shall be zeroized by operator command or by a
9
tamper situation.
10
14. The CLE shall have the ability to accept and utilize a manually entered end-to-end
11
authentication key. The plaintext 24-byte authentication key shall nor =t be displayed
12
after user entry, and shall be zeroized by operator command or by a tamper situation.
13
14
4.6 Crypto Algorithms
15
16
1. The CLE shall use the Data Encryption Standard (DES) algorithm or Triple DES to
17
protect the NRZ line data. Sensitive PrivaCy Manager/CLE data shall be protected
18
using the Triple DES algorithm.
19
2. The CLE shall use the Digital Signature Standard as described in FIPS 186 for the
20
authentication of all security related information.
21
3. As specified in FIPS 186, the module will also support the Secure Hash Standard
22
(SHA-1) as described in FIPS 180-1.
23
24
4.7 Self Test
25
26
1. The following Power-Up Self Tests shall be performed when power is first applied to the
27
system.
28
a) Field Programmable Gate Array (FPGA) Test
29
b) Program Memory (ROM/FLASH) Integrity Test
30
c) General Purpose Memory Test
31
d) Non-Volatile Memory Integrity Test
32
e) Real Time Clock Test
33
f) Cipher Chip Test
34
g) Random Number Generator Test
35
h) General Cryptographic Algorithm Test
36
i) Pairwise Consistency Test
37
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 9
1
2. During normal operation, once during each second the battery that backs up the non-
2
volatile RAM shall be tested.
3
3. All keys to be used for symmetric key cryptographic algorithms shall be checked to
4
verify that they are cryptographically suitable for use as an encryption/decryption key.
5
This check shall be performed immediately after the value of the key has been
6
established and before the key is used or stored for later use.
7
For example, a DES key must be checked to verify that it is of the correct parity and is
8
not on the list of known “weak” or “semi-weak” DES keys.
9
5 Definition of Security Relevant Data Items (SRDIs)
10
11
(1) CLE Manufacturing Certificate
12
(2) PrivaCy Manager Manufacturing Certificate
13
(3) PrivaCy Manager/CLE SNMP Encryption Algorithm Flag
14
(4) PrivaCy Manager/CLE SNMP Encryption Mode Flag
15
(5) PrivaCy Manager/CLE SNMP Encryption Key Size Flag
16
(6) CLE to CLE Encryption Algorithm Flag
17
(7) CLE to CLE Encryption Mode Flag
18
(8) CLE to CLE Encryption Key Size Flag
19
(9) Near End Network Certificate
20
(10) Far End Network Certificate
21
(11) Far End Manual Authentication Code
22
(12) Firmware Binary Image Signature
23
(13) PRNG Running Seed (XKEY)
24
(14) CLE DSS Secret Key (X)
25
(15) CLE DSS Public Key (Y)
26
(16) PrivaCy Manager DSS Public Key
27
(17) PrivaCy Manager/CLE (SNMP) Encryption Key
28
(18) PM/CLE Message Counter Value
29
(19) PrivaCy Manager/CLE Message Counter
30
(20) CLE/CLE Encryption Key
31
(21) Near End CLE Challenge Value
32
(22) Far End CLE Challenge Value
33
(23) Voice Authentication Hash Value
34
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 10
(24) Far End CLE Serial Number
1
(25) Far End CLE Serial Number timestamp
2
(26) Last Key Change Timestamp
3
(27) Event Log
4
(28) Key Change Method
5
(29) Begin Time
6
(30) End Time
7
(31) Days Interval
8
(32) Clear Modes
9
(33) Key Management Mode
10
(34) Manual Authentication Key
11
(35) Algorithm Adaptation Flag
12
(36) Exclusion List: For Dial-Up operation
13
Security Policy for NRZ/T1/E1 Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 11
1
6 Definitions of SRDI Modes of Access
2
3
The table below defines the relationship between access to SRDIs and the different module
4
services. The modes of access are shown as codes in the table and are defined as follows:
5
6
a) D - The SRDI is set back to the manufacturing default by the service.
7
b) G - This service generates the SRDI internal to the CLE.
8
c) I - The SRDI is input into the CLE by this service.
9
d) R - The SRDI is read and used by the service.
10
e) U - The SRDI is updated by the service.
11
f) V - The SRDI is verified by the service.
12
g) Z - The SRDI is erased by the service.
13
Security Policy for NRZ Link Encryptor Cylink Corporation
08/31/98 ES-14885-4 Rev A
Page 12
Security Relevant Data Items (PM=PrivaCy Manager, CLE=Cylink Link Encryptor) Role
User/Crypto Officer Service CLE
Manufacturing
Certificate
PM
Manufacturing
Certificate
PM/CLE
Encrypt
Algo
Flag
PM/CLE
Encrypt
Mode
Flag
PM/CLE
Encrypt
Key
Size
Flag
CLE/CLE
Encrypt
Algo
Flag
CLE/CLE
Encrypt
Mode
Flag
CLE/CLE
Encrypt
Key
Size
Flag
Near
End
CLE
Network
Certificate
Far
End
CLE
Network
Certificate
PRNG
Running
Seed
(XKEY)
CLE
DSS
Secret
Key
(X)
CLE
DSS
Public
Key
(Y)
PM
DSS
Public
Key
PM/CLE
Encryption
Key
PM/CLE
Challenge
Value
PM/CLE
Message
Counter
CLE/CLE
Encryption
Key
Near
End
CLE
Challenge
Value
Far
End
CLE
Challenge
Value
Voice
Authentication
Hash
Value
Far
End
CLE
Serial
Number
Last
Key
Change
Timestamp
Event
Log
Key
Change
Method
Begin
Time
End
Time
Days
Interval
Clear
Modes
Allow/Disallow
Mode
Managed/Unmanaged
User
Role
Crypto
Officer
Role
Perform Network Authentication V IV GV R R I G V U X
Renewal of Network Authentication GV R R I G V X
Perform PM/CLE Voice Authentication GV G G I G V U GV X
Set Operational Mode - Clear V G V U U R X
Set Operational Mode - Standby V G V U U X
Set Operational Mode - Secure R R R R R R V U G G V U U U R X
Display Event Log R X
Reset Event Log Z X
Set Time/Date X
Set Key Change Method RI X
Set Begin Time RI X
Set End Time RI X
Set Days Interval RI X
Set End-to-End Delay X
Set Clear Modes Allow/Disallow RI X
Set Mode Managed/Unmanaged RI X
Zeroize Keys Z Z Z Z Z Z Z Z Z X
Set Line Interface Parameters X
Set CLE IP Address X
Set Gateway IP Address X
Set Subnet Mask X
Set Trap1 IP Address X
Set Trap2 IP Address X
Display System Info R R R R R R X
Set/Clear DTE/NET Loopbacks X
Set Default Configuration D D D D D D D D X