Zebra Pseudo Random Number Generator
Version 2.3.1
FIPS 140-2 Non-Proprietary Security Policy
Version 1.0
Last Update: 2019-02-08
Prepared for:
Zebra Technologies Corporation
3 Overlook Point
Lincolnshire, IL 60069
Prepared by:
atsec information security corporation
9130 Jollyville Road, Suite 260
Austin, TX 78759
www.atsec.com
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
2 of 19
Table of Contents
1. INTRODUCTION............................................................................................................................................ 3
1.1 PURPOSE OF THE SECURITY POLICY .........................................................................4
1.2 TARGET AUDIENCE ..............................................................................................4
1.3 DOCUMENT ORGANIZATION / COPYRIGHT..................................................................4
2. CRYPTOGRAPHIC MODULE SPECIFICATION........................................................................ 5
2.1. DESCRIPTION OF MODULE ....................................................................................5
2.2. DESCRIPTION OF APPROVED MODE.........................................................................5
2.3. CRYPTOGRAPHIC MODULE BOUNDARY.....................................................................6
3. CRYPTOGRAPHIC MODULE PORTS AND INTERFACES................................................ 8
4. ROLES, SERVICES AND AUTHENTICATION........................................................................... 9
4.1. ROLES.............................................................................................................9
4.2. SERVICES.........................................................................................................9
4.3. OPERATOR AUTHENTICATION ..............................................................................10
4.4. MECHANISM AND STRENGTH OF AUTHENTICATION ...................................................10
5. PHYSICAL SECURITY ............................................................................................................................. 10
6. OPERATIONAL ENVIRONMENT...................................................................................................... 11
6.1. APPLICABILITY .................................................................................................11
7. CRYPTOGRAPHIC KEY MANAGEMENT.................................................................................... 12
7.1. RANDOM NUMBER GENERATION ..........................................................................12
7.2. KEY AND CSP LIST ...........................................................................................12
7.3. KEY/CSP GENERATION, ENTRY AND OUTPUT..........................................................13
7.4. KEY/CSP STORAGE AND ZEROIZATION..................................................................13
8. ELECTROMAGNETIC INTERFERENCE/ELECTROMAGNETIC COMPATIBILITY
(EMI/EMC).............................................................................................................................................................. 14
9. POWER-UP TESTS.................................................................................................................................... 15
9.1. CRYPTOGRAPHIC ALGORITHM TESTS .....................................................................15
10. DESIGN ASSURANCE.......................................................................................................................... 16
10.1. CONFIGURATION MANAGEMENT.........................................................................16
11. MITIGATION OF OTHER ATTACKS........................................................................................... 17
12. GLOSSARY AND ABBREVIATIONS........................................................................................... 18
13. REFERENCES............................................................................................................................................. 19
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
3 of 19
Copyrights and Trademarks
Copyright ©2019 Zebra Technologies Corporation. This document may be reproduced only in its
original entirety without any revision.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
4 of 19
1.Introduction
This document is the non-proprietary FIPS 140-2 Security Policy for the Zebra Pseudo Random
Number Generator cryptographic module. The version number of this cryptographic module is
2.3.1. This document contains a specification of the rules under which the module must operate
and describes how this module meets the requirements as specified in FIPS PUB 140-2 (Federal
Information Processing Standards Publication 140-2) for a Security Level 1 hardware cryptographic
module.
This module validation is a re-branding of a sub-chip cryptographic subsystem that was previously
validated under Certificate #3114 in a single-chip and is ported to other single-chip construct.
In this document, the terms “Zebra Pseudo Random Number Generator”, “cryptographic module”
or “module” are used interchangeably to refer to the Zebra Pseudo Random Number Generator
cryptographic module.
1.1 Purpose of the Security Policy
There are three major reasons that a security policy is needed:
⚫ it is required for FIPS 140-2 validation,
⚫ it allows individuals and organizations to determine whether the cryptographic module, as
implemented, satisfies the stated security policy, and
⚫ it describes the capabilities, protection, and access rights provided by the cryptographic
module, allowing individuals and organizations to determine whether it will meet their security
requirements.
1.2 Target Audience
This document is part of the package of documents that are submitted for FIPS 140-2 conformance
validation of the module. It is intended for the following people:
⚫ Developers working on the release
⚫ FIPS 140-2 testing lab
⚫ Cryptographic Module Validation Program (CMVP)
⚫ Consumers
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
5 of 19
2.Cryptographic Module Specification
2.1.Description of Module
The Zebra Pseudo Random Number Generator is classified as a single chip hardware module for
the purpose of FIPS 140-2 validation. It is designed to provide random numbers. The logical
cryptographic boundary of the module is the Zebra Pseudo Random Number Generator 2.3.1
which is a sub-chip hardware component contained within the Snapdragon 660 SoC. The sub-chip
cryptographic module implements a SHA-256 Hash DRBG as defined in SP 800-90A.
The hardware sub-chip cryptographic module is specified in Table 1:
Component Type Version Number
Zebra Pseudo Random Number
Generator
hardware 2.3.1
Table 1: Components of the Hardware Cryptographic Module
The module has been tested on the following platform: Snapdragon 660
The module is intended to meet the requirements of FIPS 140-2 at an overall Security Level 1. The
Table 2 shows the security level claimed for each of the eleven sections that comprise the
validation:
FIPS 140-2 Sections Security Level
N/A 1 2 3 4
Cryptographic Module Specification X
Cryptographic Module Ports and Interfaces X
Roles, Services and Authentication X
Finite State Model X
Physical Security X
Operational Environment X
Cryptographic Key Management X
EMI/EMC X
Self Tests X
Design Assurance X
Mitigation of Other Attacks X
Table 2: Security Levels
2.2.Description of Approved Mode
The module supports only FIPS mode which is entered without any special configurations. All
configurations possible via the registers are supported and do not violate the constraints of the
FIPS mode.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
6 of 19
When the module is powered on, the power-up self-test is executed automatically without any
operator intervention. The module enters FIPS mode automatically if the power-up self-test
completes successfully.
If any of self-tests fail during power-up, the module goes into Error state. All cryptographic
services are prohibited in error state. When an error state is entered the module can be reset to
reinitialize the module.
The status of the module can be determined by the availability of the module. If the module is
available it has passed all self-tests. If it is unavailable, it is in the error state.
The module provides the following CAVP validated algorithm (Note that the module has two cores
each implementing SHA-256):
Algorithms Standards CAVS Certs #
SHA-256 Hash DRBG SP-800-90A Cert.#: 2095
SHA-256 (core 1) FIPS 198-1 Cert.#: 4333
SHA-256 (core 2) FIPS 198-1 Cert.#: 4316
Table 3: Approved Algorithms
2.3.Cryptographic Module Boundary
The physical boundary of the module is the physical boundary of the Snapdragon 660 SoC (Figure
1) that contains the sub-chip which implements the module. Consequently, the embodiment of the
module is a single-chip standalone cryptographic module. The logical boundary of the module is
the Pseudo Random Number Generator sub-chip. The Figure 2 illustrates the various data, status
and control paths through the physical and logical boundaries of the cryptographic module.
Figure 1: Single-chip 660 top view (Left) bottom view with solder
balls (Right)
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
7 of 19
Figure 2: Cryptographic Boundaries
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
8 of 19
3.Cryptographic Module Ports and Interfaces
FIPS Interface Ports
Data Input Registers
Data Output Data Out Registers
Control Input Registers
Status Output Registers
Power Input Physical power connector
Table 4: Ports and Interfaces
As indicated in Table 4, all status output and control input are directed through the interface of the
module’s logical boundary, which is the registers of the module. For data input, the registers also
provide the interface. The data output is provided via data out registers.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
9 of 19
4.Roles, Services and Authentication
4.1.Roles
Role Description
User
Perform general security services, including cryptographic operations
and other Approved security functions.
Crypto Officer (CO) Configuration of the module.
Table 5: Roles
The module meets all FIPS 140-2 level 1 requirements for Roles and Services, implementing both
User and Crypto Officer roles. The module does not allow concurrent operators.
The User and Crypto Officer roles are implicitly assumed by the entity accessing services
implemented by the module. No further authentication is required. The Crypto Officer can initialize
the module.
4.2.Services
The module does not support bypass capability. The module provides random data from the SHA-
256 Hash DRBG.
Table 6 describes the services available in FIPS-mode:
Service Roles CSP Access
(Read-R,
Write -W,
Execute-X)
User
CO
Approved
SHA-256-Hash-DRBG ü Seed, (i.e., entropy input string
and nonce),
Personalization string
R, X
Self-Test
(Self-test is executed automatically
when device is booted or restarted)
ü N/A R, X
Check Status/Get State ü N/A R
Module Configuration ü N/A N/A
Zeroization ü Seed, (i.e., entropy input string
and nonce), Personalization string
N/A
Non-approved but Allowed
NDRNG ü Entropy input string, nonce R
Table 6: Services
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
10 of 19
4.3.Operator Authentication
There is no operator authentication; assumption of role is implicit by action.
4.4.Mechanism and Strength of Authentication
No authentication is required at security level 1; authentication is implicit by assumption of the
role.
5.Physical Security
The Zebra Pseudo Random Number Generator 2.3.1 is a sub-chip module implemented as part of
the Snapdragon 660 SoC, which is the physical boundary of the sub-chip module. The Snapdragon
660 SoC is a single chip with a production grade enclosure and hence conforms to the Level 1
requirements for physical security.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
11 of 19
6.Operational Environment
6.1.Applicability
The module is a single chip hardware module. The procurement, build and configuring procedure
are controlled. Therefore the operational environment is considered non-modifiable.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
12 of 19
7.Cryptographic Key Management
7.1.Random Number Generation
Hardware is used to collect random bits as the seed (i.e., the entropy input string and the nonce)
for the module to generate FIPS 140-2 compliant random numbers.
The DRBG used to generate pseudo random numbers is an SP 800-90A compliant SHA-256 Hash
DRBG using a derivation function without prediction resistance. It processes a personalization
string that can be provided by the caller. The implementation performs a continuous self-test, a
health check, and a power-on self-test.
A re-seed process is applied to the DRBG, the re-seed frequency is programmable, up to 2^32
blocks of data.
When the DRBG is instantiated, it runs a self-test with a set of test vectors, and also runs a health
check test to verify that the instantiation function and generation function are able to handle any
incorrect parameter inputs, such as the input data length being a negative number, etc. The DRBG
implements a continuous self-test verifying the random number generation. The self-test
compares the output bits with the generated bits from the previous round and ensures that they
do not match.
The entropy source for the DRBG originates from a series of ring oscillators. The NDRNG consists
of the combined data streams of the oscillators which is fed into the DRBG. Statistical tools have
been used to measure the entropy generated by each ring oscillator and also the combined output
of the oscillators. The combined output has been determined to contain one bit of entropy per bit
of output.
The DRBG also implements a derivation function to counter any slight imperfections in the entropy
stream. Based on an analysis of the entropy output and the use of a 256 bit entropy value along
with a 128 bit nonce, it has been determined that the input random data into the approved Hash
DRBG contains at least 256 bits of security strength.
The output of the noise source is processed by a continuous self-test which compares the output
bits with the generated bits from the previous round and ensures that they do not match.
7.2.Key and CSP List
The entropy input string and the nonce inputs to the DRBG are generated internal to the hardware
module and do not have an external interface. The personalization string is written by the calling
application into a hardware register for use by the module. The calling application has read/write
access to the hardware register that holds the personalization string.
Table 7 lists the CSP in the module:
CSP Generation Storage Zeroization
DRBG Seed (i.e., entropy
input string and nonce)
Hardware NDRNG Internal registers Reset event
Personalization string User Hardware register
(Read/write by application)
Reset event
Table 7: Keys and CSPs
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
13 of 19
7.3.Key/CSP Generation, Entry and Output
The module does not provide any key generation service or perform key generation for any of its
Approved algorithms. The caller of the DRBG can use the output for key generation.
The cryptographic module does not provide any asymmetric algorithms or key establishment
methods.
7.4.Key/CSP Storage and Zeroization
The entropy input string and nonce used by the DRBG are generated internally by the hardware
and are not accessible external to the module. The personalization string is input by the caller of
the DRBG into a register that is able to be read and written by the caller.
Zeroization of the DRBG CSPs is accomplished by either a reset event or a power-off/power-on
cycle of the DRBG.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
14 of 19
8.Electromagnetic Interference/Electromagnetic Compatibility
(EMI/EMC)
The CM hardware component cannot be certified by the FCC as it is not a standalone device. It is
a sub-chip embedded in the Snapdragon 660 SoC which is also not a standalone device, but rather
intended to be used within a COTS device which would undergo standard FCC certification for
EMI/EMC.
According to 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, the CM is
not subject to EMI/EMC regulations because it is a subassembly that is sold to an equipment
manufacturer for further fabrication. That manufacturer is responsible for obtaining the necessary
authorization for the equipment with the CM embedded prior to further marketing to a vendor or to
a user.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
15 of 19
9.Power-Up Tests
Power-Up tests consist of known-answer tests (KAT) of algorithm implementations. The power-up
self-tests are automatically performed without any operator intervention during power-up of the
module. If any of the power-up self-tests fail, the module will enter the error state. Data output is
prohibited and no further cryptographic operation is allowed in the error state. The module can be
reset to recover from the error state. Re-initialization is also possible by doing a power-cycle to set
the module to the power-on state.
FIPS 140-2 explicitly allows that the on-demand test can be fulfilled with a power cycle of the
module. Hence, a power cycle and its associated power-on self-test is the methodology used to
perform the "on-demand" tests.
9.1.Cryptographic Algorithm Tests
Algorithm Test
SP 800-90A DRBG
Continuous Random Number Generator Test
KAT for DRBG only (not the hash)
SHA-256 KAT performed for both SHA-256 cores independently
Hardware NDRNG Continuous Random Number Generator Test
Table 8: Power-Up Cryptographic Algorithm Tests
The module is implemented in hardware and is not modifiable; therefore no integrity test is
required.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
16 of 19
10.Design Assurance
.
10.1.Configuration Management
ClearCase, a version control system from IBM/Rational, is used to manage the revision control of
the hardware code (Verilog code) and hardware documentation. The ClearCase version control
system provides version control, workspace management, parallel development support, and build
auditing. The Verilog code is maintained within the ClearCase database.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
17 of 19
11.Mitigation of Other Attacks
No other attacks are mitigated.
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
18 of 19
12.Glossary and Abbreviations
CAVP Cryptographic Algorithm Validation Program
CMVP Cryptographic Module Validation Program
COTS Commercial Off The Shelf
CSP Critical Security Parameter
DRBG Deterministic Random Bit Generator
FIPS Federal Information Processing Standards Publication
KAT Known Answer Test
NIST National Institute of Science and Technology
SHA Secure Hash Algorithm
SoC System on Chip
Zebra Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
© 2019 Zebra Technologies Corporation
This document can be reproduced and distributed only whole and intact, including this copyright notice.
19 of 19
13.References
[1] FIPS 140-2 Standard,
http://csrc.nist.gov/groups/STM/cmvp/standards.html
[2] FIPS 140-2 Implementation Guidance,
http://csrc.nist.gov/groups/STM/cmvp/standards.html
[3] FIPS 180-4 Secure Hash Standard,
http://csrc.nist.gov/publications/PubsFIPS.html
[4] NIST Special Publication 800-90A, Recommendation for Random Number Generation Using
Deterministic Random Bit Generators
http://csrc.nist.gov/publications/nistpubs/800-90A/SP900-90A.pdf