Sonus Networks, Inc.
SBC 5110 and 5210 Session Border Controllers
Hardware Models: SBC 5110 and SBC 5210; Firmware Version: 5.0
FIPS 140-2 Non-Proprietary Security Policy
FIPS Security Level: 1
Document Version: 0.9
Prepared for: Prepared by:
Sonus Networks, Inc. Corsec Security, Inc.
4 Technology Park Drive 13921 Park Center Road
Suite 460
Westford, MA 01886 Herndon, VA 20171
United States of America United States of America
Phone: +1 855 GO SONUS Phone: +1 703 267 6050
www.sonus.net www.corsec.com
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 2 of 34
Table of Contents
1. Introduction ..........................................................................................................................................4
1.1 Purpose...................................................................................................................................................4
1.2 References ..............................................................................................................................................4
1.3 Document Organization..........................................................................................................................4
2. SBC 5110 and 5210 Session Border Controllers........................................................................................5
2.1 Overview.................................................................................................................................................5
2.2 Module Specification ..............................................................................................................................9
2.3 Module Interfaces................................................................................................................................ 10
2.4 Roles and Services................................................................................................................................ 15
2.4.1 Authorized Roles ................................................................................................................... 15
2.4.2 Operator Services.................................................................................................................. 15
2.4.3 Additional Services................................................................................................................ 18
2.4.4 Authentication ...................................................................................................................... 18
2.5 Physical Security................................................................................................................................... 20
2.6 Operational Environment .................................................................................................................... 20
2.7 Cryptographic Key Management ......................................................................................................... 20
2.8 EMI / EMC ............................................................................................................................................ 25
2.9 Self-Tests.............................................................................................................................................. 25
2.9.1 Power-Up Self-Tests.............................................................................................................. 25
2.9.2 Conditional Self-Tests............................................................................................................ 26
2.9.3 Critical Functions Self-Tests .................................................................................................. 26
2.9.4 Self-Test Failure Handling ..................................................................................................... 26
2.10 Mitigation of Other Attacks ................................................................................................................. 26
3. Secure Operation.................................................................................................................................27
3.1 Initial Setup.......................................................................................................................................... 27
3.1.1 SBC Hardware Installation and Commissioning .................................................................... 27
3.1.2 SBC Firmware Installation and Configuration ....................................................................... 27
3.1.3 SBC FIPS-Approved Mode Configuration and Status ............................................................ 28
3.2 Crypto Officer Guidance ...................................................................................................................... 28
3.2.1 Management......................................................................................................................... 28
3.2.2 Zeroization............................................................................................................................. 29
3.2.3 Status Monitoring.................................................................................................................. 29
3.3 User Guidance...................................................................................................................................... 29
3.4 Additional Usage Policies..................................................................................................................... 29
3.5 Non-FIPS-Approved Mode................................................................................................................... 30
4. Acronyms ............................................................................................................................................31
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 3 of 34
List of Tables
Table 1 – Security Level per FIPS 140-2 Section.........................................................................................................8
Table 2 – FIPS-Approved Algorithm Implementations...............................................................................................9
Table 3 – FIPS 140-2 Logical Interface Mappings.................................................................................................... 13
Table 4 – SBC 5110 and 5210 Session Border Controllers LEDs Description........................................................... 14
Table 5 – Authorized Operator Services.................................................................................................................. 15
Table 6 – Additional Services................................................................................................................................... 18
Table 7 – Authentication Mechanism Used by the Modules .................................................................................. 19
Table 8 – Cryptographic Keys, Cryptographic Key Components, and CSPs............................................................. 21
Table 9 – Non-Approved Services ........................................................................................................................... 30
Table 10 – Acronyms ............................................................................................................................................... 31
List of Figures
Figure 1 – Front View of SBC 5110 .............................................................................................................................5
Figure 2 – Front View of SBC 5210 .............................................................................................................................5
Figure 3 – Identifying Label for SBC 5110...................................................................................................................6
Figure 4 – Identifying Label for SBC 5210...................................................................................................................6
Figure 5 – Typical Deployment of SBCs in a Network.................................................................................................8
Figure 6 – Front Panel LEDs of SBC 5110 (with Bezel)............................................................................................. 11
Figure 7 – Front Panel LEDs of SBC 5110 (with Bezel Removed)............................................................................. 11
Figure 8 – Rear Panel Ports of SBC 5110 ................................................................................................................. 12
Figure 9 – Front Panel LEDs of SBC 5210 (with Bezel)............................................................................................. 12
Figure 10 – Front Panel LEDs of SBC 5210 (with Bezel Removed)........................................................................... 12
Figure 11 – Rear Panel Ports of SBC 5210 ............................................................................................................... 13
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 4 of 34
1. Introduction
1.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the SBC 5110 and 5210 Session Border
Controllers from Sonus Networks, Inc. (Sonus). This Security Policy describes how the SBC 5110 and 5210 Session
Border Controllersmeet the security requirements of Federal Information Processing Standards (FIPS) Publication
140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More
information about the FIPS 140-2 standard and validation program is available on the U.S. National Institute of
Standards and Technology (NIST) and Canada’s Communications Security Establishment (CSE) Cryptographic
Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp.
This document also describes how to run the modules in a secure FIPS-Approved mode of operation. This policy
was prepared as part of the Level 1 FIPS 140-2 validation of the modules. The SBC 5110 and 5210 Session Border
Controllers are referred to in this document as the SBCs or the modules. The SBC 5110 Session Border Controller
is individually referred to as SBC 5110 and the SBC 5210 Session Border Controller as SBC 5210.
1.2 References
This document deals only with operations and capabilities of the modules in the technical terms of a FIPS 140-2
cryptographic module security policy. More information is available on the modules from the following sources:
 The Sonus website (www.sonus.net) contains information on the full line of products from Sonus.
 The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains
contact information for individuals to answer technical or sales-related questions for the module.
1.3 Document Organization
The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document,
the Submission Package contains:
 Vendor Evidence document
 Finite State Model document
 Other supporting documentation as additional references
This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc.
under contract to Sonus. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission
Package is proprietary to Sonus and is releasable only under appropriate non-disclosure agreements. For access
to these documents, please contact Sonus.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 5 of 34
2. SBC 5110 and 5210 Session Border Controllers
2.1 Overview
Sonus Networks, Inc. (hereafter referred to as Sonus) is a leader in IP1
networking with proven expertise in
delivering secure, reliable and scalable next-generation infrastructure and subscriber solutions. The Sonus line of
Session Border Controllers (SBCs) help mid-sized and large enterprises take advantage of cost-saving SIP2
trunking
services by securing their network from IP-based attacks, unifying SIP-based communications and controlling
traffic in the network.
Sonus’s SBC 5110 and 5210 Session Border Controllers feature a unique architecture design that differs from other
SBCs on the market today by aggregating all of the session border functionality – security, encryption, transcoding,
call routing, and session management – into a single device and distributing those functions to embedded
hardware within the device. For example, media transcoding on the SBCs is performed on an embedded DSP3
farm while much of the encryption is handled via embedded cryptographic hardware, thereby, providing optimal
performance during real-world workloads, overloads, and attacks.
The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances
that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP4
signaling and media traffic), media transcoding, flexible SIP session routing & policy management.
Figure 1 and Figure 2 below shows a picture of the SBC 5110 and 5210 Session Border Controllers respectively.
Figure 1 – Front View of SBC 5110
Figure 2 – Front View of SBC 5210
1 IP – Internet Protocol
2 SIP – Session Initiation Protocol
3
DSP – Digital Signal Processor
4 VOIP – Voice Over Internet Protocol
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 6 of 34
Note that the front panel of the SBC shows “SBC 5100” and “SBC 5200” to indicate that it is a member of the 5100
and 5200 family of products. An accompanying label affixed to the top rear corner of each chassis identifies a
given SBC specifically as “SBC 5110”(shown in Figure 3) and “SBC 5210” (shown in Figure 4).
Figure 3 – Identifying Label for SBC 5110
Figure 4 – Identifying Label for SBC 5210
The SBCs are designed to fully address the next-generation need of SIP communications by delivering embedded
media transcoding, robust security and advanced call routing in a high-performance, small form-factor devices.
The SBC 5110 can accommodate 250-10,000 call sessions while SBC 5210 can accommodate 500-64,000 call
sessions. Some of the network and security features provided by the modules include:
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 7 of 34
 Session-aware firewall, split DMZ5
, bandwidth & QoS6
theft protection, topology hiding, DoS7
/DDoS8
detection/blocking, rogue RTP9
protection, IPsec10
and TLS11
encryption
 Embedded media transcoding hardware
 H.323 and SIP-I/T interworking
 Stateful call-handling even during overload/attack/outages
 Embedded localized or centralized call-routing options
 Far-end NAT12
traversal
 TLS, IPsec (IKEv113
) for signaling encryption
 Secure RTP/RTCP14
for media encryption
 Support for large number of protocols including IPv4, IPv6, IPv4/IPv6 interworking, SSH15
, SFTP16
, SNMP17
,
HTTPS18
, RTP/RTCP, UDP19
, TCP20
, DNS21
, and ENUM22
 Exceptional scalability even under heavy workloads
 Device management using encrypted and authenticated device management messages
 Controlled menu access and comprehensive audit logs
 Integrated Baseband Management Controller (BMC)
The validated module is a solution that delivers end-to-end SIP session control and a networkwide view of SIP
traffic and policy management. The modules can be deployed as peering SBCs, access SBCs, or enterprise-SBCs (e-
SBCs).
Management of the SBC 5110 and 5210 Session Border Controllers is accomplished via:
 SNMPv323
traps and polling, which are used only for non-security relevant information about the module’s
state and statistics
 Command Line Interface (CLI), which is accessible remotely via SSH over Ethernet Management ports
 Web-based Graphical User Interface (GUI), which is accessible remotely via HTTPS (using EMA24
and PM25
)
over Ethernet management ports
These management interfaces provide authorized operators access to the modules for configuration and
management of all facets of the modules’ operation, including system configuration, troubleshooting, security,
5 DMZ – Demilitarized Zone
6 QoS – Quality of Service
7 DoS – Denial of Service
8 DoS/DDoS – Denial-of-Service/Distributed Denial-of-Service
9 RTP – Real-time Transport Protocol
10 IPsec – Internet Protocol Secuirty
11
TLS – Transport Layer Secuirty
12 NAT – Network Address Translation
13 IKEv1 – Internet Key Exchange version 1
14 RTCP – RTP Control Protocol
15
SSH – Secure Shell
16 SFTP – SSH File Transport Protocol
17 SNMP – Simple Network Management Protocol
18 HTTPS – Hypertext Transfer Protocol Secure
19
UDP – User Datagram Protocol
20 TCP – Transmission Control Protocol
21 DNS – Domain Name System
22 ENUM – E.164 NUmber Mapping
23 SNMPv3 – Simple Network Management Protocol version 3
24
EMA – Embedded Management Application
25 PM – Platform Manager
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 8 of 34
and service provisioning. Using any of the management interfaces, an operator is able to monitor, configure,
control, receive report events, and retrieve logs from the SBCs.
Figure 5 below illustrates a typical deployment scenario of SBCs and the cryptographic boundary is shown by the
red-colored dotted line.
Service Provider’s
Core Network
Public Internet / ISP or
Metropolitan Backhaul
Enterprise
Home Users
SBC 5x10
SBC 5x10
Application
Service
Application
Service
Optional
High-Availability/
Redundancy
Figure 5 – Typical Deployment of SBCs in a Network
The SBC 5110 and 5210 Session Border Controllers are validated at the FIPS 140-2 section levels shown in Table 1
below.
Table 1 – Security Level per FIPS 140-2 Section
Section Section Title Level
1 Cryptographic Module Specification 1
2 Cryptographic Module Ports and Interfaces 1
3 Roles, Services, and Authentication 2
4 Finite State Model 1
5 Physical Security 1
6 Operational Environment N/A26
7 Cryptographic Key Management 1
8 EMI/EMC27 1
9 Self-tests 1
10 Design Assurance 2
11 Mitigation of Other Attacks N/A
26
N/A – Not applicable
27 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 9 of 34
2.2 Module Specification
The SBC 5110 and 5210 Session Border Controllers are hardware cryptographic modules with a multiple-chip
standalone embodiment. The cryptographic modules consist of firmware and hardware components enclosed in
a secure, production-grade metal case. The main hardware components consist of integrated circuits, processors,
memories, SSD28
, flash, DSP, power supplies, fans, and the enclosure containing all of these components. The
overall security level of the modules is 1. The cryptographic boundary of the SBC is defined by the SBC device
enclosure, which encompasses all the hardware and firmware components.
The other component that is excluded from the boundary and, therefore, from the FIPS 140-2 requirements is the
Small Form-Factor Pluggable (SFP) transceivers that can be connected to the media and the HA interfaces of the
modules. These are merely adapters to interface the module’s ports to either copper-based or fiber-based wiring,
depending on customer need.
The SBC 5110 and 5210 Session Border Controllers use the FIPS-Approved algorithm implementations in hardware
(Network Processor) and firmware (Crypto Library) as listed in Table 2 below.
Table 2 – FIPS-Approved Algorithm Implementations
Algorithm
Certificate Number
Network Processor Crypto Library
AES29 in CBC30, CTR modes (128-bit key) #3480 -
AES in CBC, CFB12831 modes (128, 256-bit keys) - #3481
AES in ECB32 mode (128, 192, 256-bit keys) - #3481
AES in GCM33 mode (128, 256-bit key) - #3481
Triple-DES34 in CBC, ECB modes (keying option 1) - #1962
Triple-DES in CBC mode (keying option 1) #1961 -
SHA35-1 #2874 #2875
HMAC36-SHA-1 #2222 #2223
SHA-224, SHA-256, SHA-384, SHA-512 - #2875
HMAC using SHA-224, SHA-256, SHA-384, SHA-512 - #2223
RSA key generation (2048-bit) - #1787
RSA (PKCS37#1 v1.5) signature generation (2048-bit), signature
verification (1024, 2048-bit)
- #1787
ECDSA (FIPS 186-4) PKV/SigVer for all P, K, and B curves; PKG/SigGen
for all P, K, and B curves except P-192, K-163, and B-163
- #708
28 SSD – Solid State Drive
29 AES – Advanced Encryption Standard
30 CBC – Cipher Block Chaining
31
CFB – Cipher Feedback
32 ECB – Electronic Codebook
33 GCM - Galois/Counter Mode
34 DES – Data Encryption Standard
35 SHA – Secure Hash Algorithm
36
HMAC – Keyed-Hash Message Authentication Code
37 PKCS – Public-Key Cryptography Standards
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 10 of 34
Algorithm
Certificate Number
Network Processor Crypto Library
SP38 800-90A CTR_DRBG39 - #859
CVL40 for KDF41 (TLS – SP 800-135, Section 4.2) - #556
CVL for KDF (SSH – SP 800-135, Section 5.2) - #556
CVL for KDF (SNMP – SP 800-135, Section 5.4) - #556
CVL for KDF (SRTP – SP 800-135, Section 5.3) #554 -
CVL for EC42 Diffie-Hellman SP800-56A All NIST-Defined Curves
except P-192, K-163, and B-163
- #555
Note: The TLS, SSH, SNMP, and SRTP protocols have not been reviewed or tested by the CAVP or CMVP.
The modules use the FIPS-Approved SP 800-90A CTR_DRBG to generate cryptographic keys. The modules do not
receive seed value for the DRBG from outside; rather, it is seeded via /dev/random, a Non-Deterministic Random
Number Generator (NDRNG) internal to the modules.
The modules implement the following non-Approved algorithms that are allowed to be used in FIPS-Approved
mode of operation:
 RSA (key encapsulation; key establishment methodology provides 112 bits of encryption strength)
 Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)
 EC Diffie-Hellman (used for key establishment) (key agreement; key establishment methodology provides
between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 NDRNG (used for seeding the DRBG)
 MD5 (used for firmware integrity test during power-up self-test)
Note that when using EC Diffie-Hellman with less than 112 bits of encryption strength, the module implicitly
switches to a non-Approved mode of operation (see Section 3.5 below for more details regarding the non-
Approved mode). Additional information concerning DSA, ECDSA, SHA-1, Diffie-Hellman key establishment, RSA,
and specific guidance on transitions to the use of stronger cryptographic keys and more robust algorithms is
contained in NIST Special Publication 800-131A.
2.3 Module Interfaces
The module’s design separates the physical ports into four logically distinct and isolated categories. They are:
 Data Input Interface
 Data Output Interface
 Control Input Interface
 Status Output Interface
38 SP – Special Publication
39 DRBG – Deterministic Random Bit Generator
40 CVL – Component Validation List
41
KDF – Key Derivation Function
42 EC – Elliptical Curve
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 11 of 34
Data input/output are the packets utilizing the services provided by the modules. These packets enter and exit
the modules through the Ethernet Media, Management, and HA 43
interfaces. Control input consists of
configuration or administration data entered into the modules through the Command Line Interface (CLI) and
Web GUI over Ethernet management interfaces, USB, and HA ports. Status output consists of the status provided
over Ethernet Management interfaces, HA ports, and also displayed via LEDs44
and log information.
The physical ports and interfaces of the SBC 5110 are depicted in Figure 6, Figure 7, and Figure 8 below.
Figure 6 – Front Panel LEDs of SBC 5110 (with Bezel)
Figure 7 – Front Panel LEDs of SBC 5110 (with Bezel Removed)
43
HA – High Availability
44 LED – Light Emitting Diode
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 12 of 34
Figure 8 – Rear Panel Ports of SBC 5110
The physical ports and interfaces of the SBC 5210 are depicted in Figure 1, Figure 2, Figure 8, and Figure 11.
Figure 9 – Front Panel LEDs of SBC 5210 (with Bezel)
Figure 10 – Front Panel LEDs of SBC 5210 (with Bezel Removed)
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 13 of 34
Figure 11 – Rear Panel Ports of SBC 5210
Table 3 lists the physical ports/interfaces available in the SBCs, and also provides the mapping from the physical
ports/interfaces to logical interfaces as defined by FIPS 140-2.
Table 3 – FIPS 140-2 Logical Interface Mappings
Physical Port/Interface
Quantity FIPS 140-2 Logical
Interface
SBC 5110 SBC 5210
Ethernet Media Port BP45 2 BP 4 Data in, Data out
Ethernet Management
Port
BP 2 BP 2 Data in, Data out
Control in, Status out
Ethernet HA Port BP 2 BP 2 Data in, Data out
Control in, Status out
USB Port FP46 1 FP 1 Control in
Power LED FP 1 FP 1 Status out
Status LED FP 1 FP 1 Status out
Active LED FP 1 FP 1 Status out
Alarm LED FP 1 FP 1 Status out
Locator LED FP
BP
1
1
FP
BP
1
1
Status out
Power Supply LED BP 2 BP 2 Status out
45
BP – Back Panel
46 FP – Front Panel
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 14 of 34
Physical Port/Interface
Quantity FIPS 140-2 Logical
Interface
SBC 5110 SBC 5210
AC/DC47 Power Input
Connector
BP 2 BP 2 Control in
NOTE: Each module also includes a back panel alarm port. This port is not operational, and provides no facility for input or output.
Each SFP48
port and Ethernet port on the SBC 5110 and SBC 5210 has LEDs associated with it, which indicate the
status of the port. The LED is OFF if the cable is not connected and link is not established. The LED turns GREEN if
a cable is connected and the link is established, and flashes when activity is present.
As shown in Figure 1, Figure 2, Figure 8, and Figure 11 above, both the modules have number of LEDs that indicate
the state of the modules. The descriptions for the LEDs are listed in the Table 4 below.
Table 4 – SBC 5110 and 5210 Session Border Controllers LEDs Description
LED Description Color Definition
Power LED Indicator of power
status for all
voltages generated
on the modules
OFF The module is not powered.
GREEN The module is all powered on.
AMBER The module’s BMC powers on and off when all power is
off.
Status LED Indicator of
modules Status
OFF The module is not powered.
GREEN The module is powered and is healthy and operating
normally.
AMBER The module is powered but unhealthy, one or more
errors have occurred.
Active LED Indicator of
modules
redundancy State
OFF The module is in standby mode.
GREEN The module is active and protected.
Blinking GREEN The module is active and not protected.
AMBER The module is core dumping
Alarm LED Indicator of
modules
Critical/Major
Failure
OFF The module is in no alarm condition state.
AMBER The module is in major alarm condition state.
RED The module is in critical alarm state.
Locator LED Indicator of module
Identifier
OFF The module is not being identified.
Blinking WHITE The module is being user identified.
Power Supply LED Indicator of state of
the power supply
OFF The power supply is not working.
GREEN The power supply is operational.
Ethernet and SFP
Port LEDs
Indicator of link and
activity status
GREEN A cable is connected and the link is up.
Blinking GREEN Activity is present on the link.
47
AC/DC – Alternating Current/Direct Current
48 SFP – Small Form-factor Pluggable
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 15 of 34
Apart from these indicators, the alarms events are also logged into log file.
2.4 Roles and Services
The sections below describe the modules’ roles and services, and define any authentication methods employed.
2.4.1 Authorized Roles
As required by FIPS 140-2, the modules support two roles that operators may assume:
 Crypto Officer – The CO is responsible for initializing the modules for first use, which includes the
configuration of passwords, public and private keys, and other CSPs. The CO is also responsible for the
management of all keys and CSPs, including their zeroization. Lastly, the CO is the only operator that can
configure the modules into FIPS-Approved mode of operation. The CO also has access to all User services.
 User – The User has read-only privileges and can show the status and statistics of the modules, show the
current status of the module, and connect to the modules remotely using HTTPS and SSH.
2.4.2 Operator Services
Descriptions of the services available to the Crypto Officer role and User role are provided in the Table 5 below.
The keys and CSPs listed in Table 5 indicate the type of access required using the following notation:
 R – Read: The CSP is read.
 W – Write: The CSP is established, generated, modified, or zeroized.
 X – Execute: The CSP is used within an Approved or Allowed security function or authentication
mechanism.
Table 5 – Authorized Operator Services
Service
Operator
Description Input Output CSP and Type of Access
CO User
Commission the
module

Commission the module
by following the Security
Policy guidelines
None None None
Manage SBC
License

Installs the license to
enable SBC features;
delete or update license;
view current license
status
Command Status output None
Configure the SBC
system

Define network interfaces
and settings; set
protocols; configure
authentication
information; define
policies and profiles
Command
and
parameter
Command
response/
Status output
None
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 16 of 34
Service
Operator
Description Input Output CSP and Type of Access
CO User
Configure routing
policy and control
services

Configure IP network
parameters and profiles
for signaling, media, call
routing, call services,
zone, IP ACL49 rules, NTP50
and DNS51 servers
Command
and
parameters
Command
response/
Status output
None
Configure Crypto
Suite Profile

Select crypto suites for
SRTP, SRTCP, and SIP
communication
Command
and
parameters
Command
response/
Status output
None
Configure Call Data
Record (CDR)
 Configure log file behavior
Command
and
parameters
Command
response/
Status output
None
Manage users 
Create, edit and delete
users; define user
accounts and assign
permissions.
Command
and
parameters
Command
response/
Status output
Password – R/W/X
Manage user
sessions
 Terminate User sessions
Command
and
parameters
Command
response/
Status output
TLS Session Key – W
Change password  
Modify existing login
passwords
Command
and
parameters
Command
response/
Status output
Password – R/W
Load certificate  Loads new certificates Command
Command
response/
Status output
CA52 Public Keys – R/W
Peer Public Keys – R/W
Run script 
Run a script file (a text file
containing a list of CLI
commands to execute in
sequence)
Command
Command
response/
Status output
None (service may potentially
access CSPs indirectly via
scripted CLI commands)
Perform Self Tests 
Perform on-demand Self-
Tests
Command
Command
response/
Status output
All ephermeral keys and CSPs –
W
Perform Network
Diagnostics (e.g.
ping)
  Monitor connections Command
Command
response/
Status output
None
49 ACL – Access Control List
50 NTP – Network Time Protocol
51
DNS – Domain Name System
52 CA – Certificate Authority
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 17 of 34
Service
Operator
Description Input Output CSP and Type of Access
CO User
Show Status  
Show the system status,
Ethernet status, FIPS
Approved mode, alarms,
system identification and
configuration settings of
the module
Command
Command
response/
Status output
None
View Event Log 
View event status
messages
Command
Command
response/
Status output
None
Zeroize Keys  Zeroize all keys and CSPs Command
Command
response/
Status output
All CSPs – W
Upgrade Firmware 
Load new firmware and
performs an integrity test
using an RSA digital
signature
Command
Command
response/
Status output
RSA Public Key – R/X
Perform Keying of
CDB53 key
 Generate CDB key
Command
and
parameters
Command
response/
Status output
CDB key – W/X
Reboot/Reset 
Reboot or reset the
module
Command
Command
response/
Status output
CSPs stored in SDRAM – W
Establish TLS
Session
 
Establish web session
using TLS
Command
Command
response/
Status output
Password – X
RSA Public key – R/X
RSA Private key – X
ECDSA Public key – R/X
ECDSA Private key – X
HMAC Key – W/X
TLS Session key – R/W/X
TLS Authentication Key – R/W/X
Establish SSH
Session
 
Establish remote session
using SSH protocol
Command
Command
response/
Status output
Password – X
SSH Authentication Key – R/W/X
SSH Session Key – R/W/X
RSA Public key – R/X
RSA Private Key – X
HMAC Key – W/X
SNMPv3 Traps 
Provides system condition
information
None Status output
SNMPv3 Session Key – R/W/X
SNMPv3 Authentication Key –
R/W/X
53 CDB – Configuration Database
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 18 of 34
Service
Operator
Description Input Output CSP and Type of Access
CO User
Encryption/
Decryption service
 
Encrypt or decrypt user
data, keys, or
management traffic
Command
and
parameters
Command
response
TLS Session Key – X
SSH Session key – X
Authentication
service
 
Authenticate user data or
management traffic
Command
and
parameters
Command
response
TLS Authentication Key – X
SSH Authentication key – X
All services listed above require the operator to assume a role, and the module authenticates the role before
providing any of these services.
2.4.3 Additional Services
The modules provide a limited number of services for which the operator is not required to assume an authorized
role. Table 6 lists the services for which the operator is not required to assume an authorized role. None of the
services listed in the table disclose cryptographic keys and CSPs or otherwise affect the security of the modules.
Table 6 – Additional Services
Service Description Input Output CSP and Type of Access
Zeroize Zeroize keys and CSPs
Power cycling using
power connectors
Status output All ephemeral keys and CSPs – W
Perform on-demand
self-tests
Perform power-up
self-tests on demand
Power cycling using
power connectors
Status output All ephemeral keys and CSPs – W
Authenticate
Use to log into the
module
Command Status output Password – X
2.4.4 Authentication
The modules support role-based authentication. All module operators authenticate using a username and
password. Password complexities can be configured by the Crypto Officer. The module requires a minimum of 8
characters and allows a maximum of 24 characters for a password. The password must contain any combination
of at least one uppercase letter and one lowercase letter, one number, and a special character, allowing a choice
from a total of 95 possible characters. The strength calculation below provides minimum strength based on
password policy.
Table 7 lists the authentication mechanisms used by the modules.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 19 of 34
Table 7 – Authentication Mechanism Used by the Modules
Authentication Type Strength
Password The minimum length of the password is eight characters, with 95 different
case-sensitive alphanumeric characters and symbols possible for usage.
The chance of a random attempt falsely succeeding is 1: (958), or 1:
6,634,204,312,890,625.
The fastest network connection over Ethernet Interface supported by the
module is 100 Mbps.
Hence, at most (10 ×107 × 60 = 6 × 109 =) 6,000,000,000 bits of data can be
transmitted in one minute. Therefore, the probability that a random attempt
will succeed or a false acceptance will occur in one minute is 1 : [958 possible
passwords / ((6 ×109 bits per minute) / 64 bits per password)]
1: (958 possible passwords / 93,750,000 passwords per minute)
1: 70,764,846;
which is less than 1:100,000 as required by FIPS 140-2.
Public Key Certificates The modules support RSA digital certificate authentication of users during
Web GUI/HTTPS (TLS) access. Using conservative estimates and equating a
2048 bit RSA key to a 112 bit symmetric key, the probability for a random
attempt to succeed is 1:2112 or 1: 5.19 x 1033.
The fastest network connection supported by the modules over Ethernet
interfaces is 100 Mbps.
Hence at most (100 ×106 × 60 = 6 × 109 =) 6,000,000,000 bits of data can be
transmitted in one minute. Therefore, the probability that a random attempt
will succeed or a false acceptance will occur in one minute is
1: (2112 possible keys / ((6 × 109 bits per minute) / 112 bits per key))
1: (2112 possible keys / 53,571,428 keys per minute)
1: 96.92 × 1024;
which is less than 100,000 as required by FIPS 140-2.
The feedback of authentication data to a user is obscured during authentication. The modules provide feedback
by displaying a “rounded dot” (●) symbol when an operator is entering his password for EMA and Platform
Manager login while no feedback is provided for CLI login.
The modules provide the ability for an operator to change roles and require re-authentication of an operator to
assume a new role. In order to change roles, an operator is required to first log out and then log in with an account
with appropriate permissions for the desired role.
The modules do not allow the disclosure, modification, or substitution of authentication data to unauthorized
operators. The authenticated CO can modify their own authentication credentials as well as the credentials of the
Users, while the Users have the ability to modify their own authentication data only.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 20 of 34
2.5 Physical Security
All CSPs are stored and protected within the SBC 5110 and 5210 Session Border Controllers’ production-grade
enclosures. The entire enclosure consists of two parts: the main chassis and the removable upper cover. The
removable upper cover is secured to the main enclosure with screws.
All of the components within the modules are production grade with standard passivation.
2.6 Operational Environment
The operational environment of the modules does not provide a general-purpose operating system (OS) to the
user. The SBCs’ processors run Sonus’s proprietary Linux-based kernel in a non-modifiable operational
environment. The operating system is not modifiable by the operator, and only the modules’ signed image can
be executed. All firmware upgrades are digitally-signed, and a conditional self-test (RSA signature verification) is
performed during each upgrade.
NOTE: Only FIPS-validated firmware may be loaded to maintain the module’s validation.
2.7 Cryptographic Key Management
The modules support the CSPs described in Table 8 below.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 21 of 34
Table 8 – Cryptographic Keys, Cryptographic Key Components, and CSPs
CSP CSP Type Generation / Input Output Storage Zeroization Use
Config Database
(CDB) Key
Triple-DES 168-bit
key
Generated internally via
FIPS-Approved DRBG
Never exits the
module
Plaintext in SSD Re-keyed over CLI or
EMA , when appliance is
re-imaged, or over
management command
Encryption of RSA and ECDSA
Private key, preshared
secrets for RADIUS in CDB
SSH Session Key AES 128, 256-bit or
Triple-DES 168-bit
key
Generated internally via
Diffie-Hellman key
agreement
Never exits the
module
Plaintext in RAM Reboot or session
termination
Encryption or decryption
during SSH
TLS Session Key AES 128, 256-bit key Generated internally via
FIPS-Approved DRBG or
entered into the module
in encrypted form
Never exits the
module
Plaintext in RAM Reboot or session
termination
Encryption or decryption of
TLS communication
HMAC Key 160-bit (minimum)
HMAC key
Generated internally via
Diffie-Hellman key
agreement
Never exits the
module
Plaintext in RAM Reboot or session
termination
TLS and SSH session packet
authentication
SRTP Master Key 128-bit shared secret Generated externally,
imported in encrypted
form via a secure SIP/TLS
session
Exits in encrypted
form
Plaintext in RAM Reboot or session
termination
Peer Authentication, Session
and Authentication keys
derivation for SRTP session
SRTP Symmetric Key AES-CTR 128-bit key Generated internally
using Master Key
Never exits the
module
Plaintext in RAM Reboot or session
termination
Encryption or decryption
during SRTP session
SRTP Authentication
Key
160-bit HMAC key Generated internally
using Master Key
Never exits the
module
Plaintext in RAM Reboot or session
termination
Authentication of SRTP
session packets
RADIUS Shared Secret Shared secret (alpha-
numeric string)
Entered electronically by
Crypto Officer
Never exits the
module
Stored in the CDB
on SSD in encrypted
form
Command via CLI or
EMA
Peer Authentication of
RADIUS messages
DRBG Seed 256-bit value Generated internally
using entropy input
string
Never exits the
module
Plaintext in RAM Reboot or session
termination
Generation of random
number
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 22 of 34
CSP CSP Type Generation / Input Output Storage Zeroization Use
Entropy Input String 512-bit value Continually polled from
various system resources
to accrue entropy by
NDRNG
Never exits the
module
Plaintext in RAM Reboot or session
termination
Generation of random
number
RSA Private Key 2048-bit Generated internally via
FIPS-Approved DRBG
Never exit the module Stored in the CDB
on SSD – encrypted
for the certificates;
stored outside CDB
on SSD – plaintext
for SSH
Command via CLI or
EMA
Used for SSH and SFTP key
negotiation; TLS
authentication and
certificate generation
RSA Public Key 1024, 2048-bit The module’s public key
(2048-bit) is generated
internally; public key of a
peer enters the module
in plaintext
The module’s public
key (2048-bit) exits
the module in
plaintext form; public
key of a peer never
exits the module
Stored in the CDB
on SSD in plaintext
Command via CLI or
EMA
Used for SSH and SFTP key
negotiation; TLS
authentication and
certificate generation; 1024-
bit key is used for legacy
purposes for signature
verification only
ECDSA Private Key All NIST defined
Approved Curves
Generated internally via
FIPS-Approved DRBG
Never exit the module Stored in the CDB
on SSD – encrypted
for the certificates
Command via CLI or
EMA
TLS authentication and
certificate generation
ECDSA Public Key All NIST defined
Approved Curves
The module’s public key
is generated internally;
public key of a peer
enters the module in
plaintext
The module’s public
key exits the module
in plaintext; public key
of a peer never exits
the module
Stored in the CDB
on SSD in plaintext
Command via CLI or
EMA
TLS authentication and
certificate generation
Diffie-Hellman Public
Key
2048-bit The module’s public key
is generated internally;
public key of a peer
enters the module in
plaintext
The module’s public
key exits the module
in plaintext form;
public key of a peer
never exits the module
Plaintext in RAM Reboot or session
termination
Generation of SSH Session
key
Diffie-Hellman Private
Key
2048-bit Generated internally Never exits the
module
Plaintext in RAM Reboot or session
termination
Generation of SSH Session
key
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 23 of 34
CSP CSP Type Generation / Input Output Storage Zeroization Use
EC DH public
component
Public components of
EC DH protocol
The module’s public key
is generated internally;
public key of a peer
enters the module in
plaintext
The module’s public
key exits the module
in plaintext form;
public key of a peer
never exits the module
Plaintext in RAM Reboot or session
termination
Generation of SSH Session
key
EC DH private
component
Private exponent of
EC DH protocol
Generated internally Never exits the
module
Plaintext in RAM Reboot or session
termination
Generation of SSH Session
key
SNMPv3 Privacy Key AES-CFB 128-bit or
Triple-DES 168-bit
Generated externally,
imported in encrypted
form via a secure TLS or
SSH session
Exits in encrypted
form (over TLS
session) within
configuration data
when performing
configuration backup
Stored in the CDB
on SSD - plaintext
Command via CLI or
EMA
Encrypting SNMPv3 packets
SNMPv3
Authentication Key
HMAC-SHA-1-96 Generated externally,
imported in encrypted
form via a secure TLS or
SSH session
Exits in encrypted
form (over TLS
session) within
configuration data
when performing
configuration backup
Stored in the CDB
on SSD - plaintext
Command via CLI or
EMA
Authenticating SNMPv3
packets
Crypto Officer
password
Minimum of eight
characters of
alphanumeric string
Initial password
generated internally
using FIPS-Approved
DRBG, password changes
entered into module via
a console port or over
SSH
Initially generated
password provided to
the CO on CLI/EMA
over encrypted
session, changed
password never exits
the module
Plaintext (hashed54)
on SSD and in RAM
Zeroized when the
password is updated
with a new one
Authenticating the Crypto
Officer
54 Passwords are hashed by the operating system and stored on the SSD. They are temporarily loaded into the memory in hashd form for comparison during a login.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 24 of 34
CSP CSP Type Generation / Input Output Storage Zeroization Use
User password Minimum of eight
characters of
alphanumeric string
Initial password
generated internally
using DRBG, password
changes entered into
module via a console
port or over SSH
Initially generated
password provided to
the User on CLI/EMA
over encrypted
session, changed
password never exits
the module
Plaintext (hashed)
on SSD and in RAM
Zeroized when the
password is updated
with a new one
Authenticating the User
Firmware Load
Authentication Key
Hardcoded RSA 2048-
bit key with SHA-256
Embedded in release
image
Never exits the
module
Image in Flash
memory
The Flash location is
write protected in
hardware at the factory
(i.e. not writeable by
end user) and is not
zeroized.
Verify RSA signature of
firmware image digest
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 25 of 34
2.8 EMI / EMC
The modules were tested and found to be conformant to the EMI/EMC requirements specified by 47 Code of
Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use).
2.9 Self-Tests
The modules perform power-up self-tests, conditional self-tests, and critical function tests. These tests are
described in the sections that follow.
2.9.1 Power-Up Self-Tests
The SBC 5110 and 5210 Session Border Controllers perform the following self-tests at power-up to verify the
integrity of the firmware images and the correct operation of the FIPS-Approved algorithm implementations:
 Firmware integrity tests using MD5 and HMAC SHA 256
 Network Processor driver algorithm tests:
o AES encrypt KAT55
o AES decrypt KAT
o HMAC SHA-1 KAT
o Triple-DES encrypt KAT
o Triple-DES decrypt KAT
 Crypto Library algorithm tests:
o AES encrypt KAT
o AES decrypt KAT
o AES GCM encrypt KAT
o AES GCM decrypt KAT
o Triple-DES encrypt KAT
o Triple-DES decrypt KAT
o HMAC SHA-1, HMAC SHA-224, HMAC SHA-256, HMAC SHA-384, HMAC SHA-512 KAT
o SP 800-90A CTR_DRBG KAT
o RSA signature generation KAT
o RSA signature verification KAT
o ECDSA Pair-wise Consistency Test
o ECC CDH KAT
Note: HMAC KATs with SHA-1 and SHA-2 utilize (and thus test) the full functionality of the SHA-1 and SHA-2
algorithms; thus, no independent KATs for SHA-1 and SHA-2 implementations are required.
The CO or User can perform the power-up self-tests at any time by power-cycling the module or issuing a reboot
command over the modules’ Management interface over SSH or HTTPS. Also, the modules can be made to
perform power-up self-tests by disconnecting and reconnecting power connectors to the modules; and for this
service, an operator is not required to assume an authorized role.
55 KAT – Known Answer Test
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 26 of 34
2.9.2 Conditional Self-Tests
The SBC 5110 and 5210 Session Border Controllers perform the following conditional self-tests:
 Continuous Random Number Generator Test (CRNGT) for the DRBG (Crypto Library)
 CRNGT for the NDRNG entropy source (Crypto Library)
 Firmware Load Test using RSA signature verification (for OS, SonusDB, EMA, and SBC)
 RSA Pair-wise Consistency Test (Crypto Library)
 ECDSA Pair-wise Consistency Test (Crypto Library)
 EC Diffie-Hellman pairwise consistency test (Crypto Library)
2.9.3 Critical Functions Self-Tests
The SBC 5110 and 5210 Session Border Controllers implement the SP 800-90A CTR_DRBG as its random number
generator. The SP 800-90A specification requires that certain critical functions be tested conditionally to ensure
the security of the DRBG. Therefore, the following critical function tests are implemented by the cryptographic
modules:
 SP 800-90A CTR_DRBG Instantiate Critical Function Test
 SP 800-90A CTR_DRBG Generate Critical Function Test
 SP 800-90A CTR_DRBG Reseed Critical Function Test
 SP 800-90A CTR_DRBG Uninstantiate Critical Function Test
2.9.4 Self-Test Failure Handling
Upon failure of the conditional firmware load test, the modules enter a “Soft Error” state and disable all access to
cryptographic functions and CSPs. This is a transitory error state, during which the error status is recorded to the
system log file and/or event audit log file. Upon failure of this self-test, the CO may choose to reject or continue
with the firmware load. Rejecting the load will abort the load process, clear the error condition, and the modules
continue normal operations with the currently-loaded firmware. Choosing to continue will load the firmware,
clear the error condition, and the modules continue operating with the currently-loaded firmware until the next
reboot.
Upon any other self-test failure, the modules go into “Critical Error” state and disable all access to cryptographic
functions and CSPs. All data outputs are inhibited, and a permanent error status will be recorded to the system
log file and/or event audit log file. The task that invoked the failed self-test will be suspended, and the current
operation will not complete. The management interfaces will not respond to any commands while the modules
are in this state. The CO must reboot the modules to clear the error condition and return to a normal operational
state.
2.10 Mitigation of Other Attacks
This section is not applicable. The modules do not claim to mitigate any attacks beyond the FIPS 140-2 Level 1
requirements for this validation.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 27 of 34
3. Secure Operation
The SBC 5110 and 5210 Session Border Controllers meet overall Level 1 requirements for FIPS 140-2. The sections
below describe how to ensure that the modules are running securely. Please note that physical access to the
modules shall be limited to authorized operators only.
3.1 Initial Setup
The modules are delivered in an uninitialized factory state, and require first-time configuration in order to operate
in their FIPS-Approved mode. Physical access to the module shall be limited to the Crypto Officer, and the CO shall
be responsible for putting the module into the Approved mode. The following sections provide the necessary step-
by-step instructions for the secure installation of the SBCs device, as well as the steps necessary to configure the
module for its FIPS-Approved mode of operation.
3.1.1 SBC Hardware Installation and Commissioning
In order to setup the SBCs, the following steps should be performed by an authorized CO:
1. Before unpacking the SBC from the shipping container, examine the shipping container for evidence of
damage. If any such damage exists, indicate that on the shipping document of the carrier and contact
Sonus Networks, Inc. immediately for instructions.
2. Retain the packing list. Make sure all the items on the list are present including all the components of the
universal rack mount kit that is shipped with the module.
3. Follow the instructions in “Sonus SBC 5000 Series 5.0 Hardware Install Guide” to install Rack Mount Kits,
SBC Chassis, Front Bezel, and Cables.
Once these steps have been completed, the SBC hardware is considered to be installed and commissioned.
3.1.2 SBC Firmware Installation and Configuration
The next steps are to configure the firmware amd management ports and to install the SBC application software.
Please follow the detailed instructions in “Sonus SBC 5000 & 7000 Software Installation Guide” for configuring,
installing, and upgrading the SBC 5x10 appplication, or the following instructions shall be followed by the CO:
1. Connect your PC/Laptop via an Ethernet cable to the Ethernet Field Service Port (FSP) provided by the
BMC of the appliance.
2. Configure your PC with an IP address on the “169.254.77.x” subnet.
3. Type the pre-configured IP address “169.254.77.1” in a web browser to connect to the BMC.
4. Configure the real BMC IP address in BMC configuration screen to replace the initial address
“169.254.77.1”.
5. Disconnect the PC/Laptop from FSP. Connect the FSP port to the router on LAN segment for out-of-band
management.
6. Connect a PC to the IP network that can access the BMC IP address.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 28 of 34
7. Configure the network management interface from the BMC GUI and connect the management cables to
the router. Disconnect your PC from the BMC and connect to the IP network that can reach the
management IP address range.
8. Launch the Platform Manager (PM) from the BMC either by clicking the link from the BMC or by typing
the https://<mgtport_ip>:444 in the web browser.
9. Install the SBC 5000 Series application software using the Platform Manager. For stand-alone installation
and configuration guide, see section "Sonus SBC Portfolio 5.0 Documentation Set”.
After successful installation, configure the module per the configuration instructions in the “Sonus SBC Portfolio
5.0 Documentation Set” document. Once the network settings are correctly configured for the module, continue
to Section 3.1.3 in this document to configure SBC module for the FIPS-Approved mode.
3.1.3 SBC FIPS-Approved Mode Configuration and Status
During the initial setup of the SBC, as described in section 3.1 above, it is the responsibility of the Crypto Officer
to enable FIPS mode during the SBC initial configuration. To set the FIPS mode to enabled via CLI after logging in,
the CO shall run the set of CLI commands documented in “Sonus SBC Portfolio 5.0 Documentation Set” where it
ends with commands:
a. set system admin <system name> fips-140-2 mode enabled
b. commit
After completion of the above steps the system will reboot. After this reboot, and on all subsequent reboots, the
module is in its FIPS-Approved mode of operation.
At any point of time, the status of the module (i.e. FIPS Mode status) can be viewed on the CLI management
interfaces by performing the following steps:
a. show configuration system admin <systemName> fips-140-2 mode -> “mode enabled”
The status of the module can also be viewed using EMA GUI navigator.
3.2 Crypto Officer Guidance
The Crypto Officer shall receive the module from Sonus via trusted couriers (e.g. United Parcel Service, Federal
Express, and Roadway). On receipt, the Crypto Officer should check the package for any irregular tears or openings.
Prior to use, the Crypto Officer shall perform physical inspection of the unit in accordance with the procedure
described in section 3.1.1 and if there are any signs of damage, the Crypto Officer should immediately contact
Sonus.
The SBCs support multiple Crypto Officers. This role is assigned when the first CO logs into the system using the
default username and password. The CO is required to change the default password as part of initial configuration.
Only the CO can create other operators and configure the SBC module to operate in FIPS-Approved mode.
3.2.1 Management
Once installed, commissioned, and configured, the Crypto Officer is responsible for maintaining and monitoring
the status of the modules to ensure that it is running in its FIPS-Approved mode. Please refer to Section 3.1.3 and
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 29 of 34
Section 3.2 above for guidance that the Crypto Officer must follow for the modules to be considered running in a
FIPS-Approved mode of operation. The Crypto Officer should monitor the module’s status regularly. If any
irregular activity is noticed, or the module is consistently reporting errors, customers should consult “Sonus SBC
Portfolio 5.0 Documentation Set” document to resolve the issues. If the problems cannot be resolved through
these resources, Sonus customer support should be contacted. The CO must ensure that the key type and size
requirement matches those specificed in Table 8 above and the CO password is at least 8 characters in length.
For details regarding the management of the modules, please refer to the “Sonus SBC Portfolio 5.0 Documentation
Set”.
3.2.2 Zeroization
There are many CSPs within the modules’ cryptographic boundary including symmetric key, private keys, public
keys, and login passwords hashes. All ephemeral keys used by the module are zeroized on reboot, power cycle, or
session termination. CSPs reside in multiple storage media including the SDRAM and system SSD. Ephemeral keys
are zeroized when the module is rebooted or sessions are terminated. Other keys and CSPs, such as CDB-key, that
is stored on the SSD of the modules can be zeroized by using commands via EMA or CLI. The zeroization of the
CDB-key renders other keys and CSPs stored in the non-volatile memory of the CDB useless, thereby, effectively
zeroizing them. The public key used for the firmware load test is stored in a file in the flash file system, and cannot
be zeroized. Reinstallation of the firmware also erases all the volatile and non-volatile keys and CSPs from the
modules.
The commands that can be used over CLI and EMA to zeroize keys and CSPs are:
CLI: request system admin <systemName> zeroizePersistenKeys
EMA: All -> System ->Admin -> <systemName>-> Admin Commands-> zeroizePersistenKeys
3.2.3 Status Monitoring
On the first power up, the modules are, by default, in non-Approved mode of operation. During initial
configuration and setup, the modules are explicitly set to operate in the FIPS-Approved mode of operation. An
authorized user can access the modules via the CLI or the EMA and determine the FIPS-Approved mode of the
modules.
Detailed steps and procedure required to determine whether the module is operating in FIPS-Approved mode or
not can be found in the “Sonus SBC Portfolio 5.0 Documentation Set”, which is made available through a secure
customer portal after purchase.
3.3 User Guidance
The User does not have the ability to configure sensitive information on the module, with the exception of their
password. The User must be diligent to pick strong passwords, and must not reveal their password to anyone.
Additionally, the User should be careful to protect any secret or private keys in their possession.
3.4 Additional Usage Policies
This sections notes additional policies below that must be followed by module operators:
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 30 of 34
 As noted above, operator access to the BMC is provided over two external ports: an RS-232 serial port
and a 1Gbps Ethernet port (called the BMC Field Service Port). The CO must use this port in order to
accomplish the module’s initial setup and configuration as described in section 3.1.1 above. Beyond this,
the BMC’s external ports shall not be used while the module is operational; use of the BMC’s external
ports is prohibited while the module is operating in its FIPS-Approved mode. The CO shall ensure that
operators do not directly access the module via the BMC’s external ports for any purpose.
 EC Diffie-Hellman with encryption strength less than 112 bits shall not be used in the FIPS Approved mode
of operation.
 In case the module’s power is lost and then restored, a new key for use with the AES GCM
encryption/decryption shall be established.
3.5 Non-FIPS-Approved Mode
During operation, the module can switch modes implicity on a service-by-service basis between an Approved
mode of operation and a non‐Approved mode of operation. The module will transition to the non‐Approved mode
of operation when the “Establish SSH Session” service is invoked using EC Diffie-Hellman curves P-192, K-163, or
B-163. The module transitions back to the Approved mode of operation upon the utilization of an Approved
security function.
The module supports the Crypto Officer and User roles while in the non-Approved mode of operation. Table 9
below lists the service(s) available in the non-Approved mode of operation.
Table 9 – Non-Approved Services
Service
Operator
Description Input Output
CO User
Establish SSH Session
(non-compliant)
 
Establish remote session using
SSH protocol
Command
Command response/
Status output
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 31 of 34
4. Acronyms
Table 10 provides definitions for the acronyms used in this document.
Table 10 – Acronyms
Acronym Definition
AC Alternating Current
ACL Access Control List
AES Advanced Encryption Standard
ANSI American National Standards Institute
ASCII American Standard Code for Information Interchange
BMC Baseboard Management Controller
CA Certificate Authority
CBC Cipher Block Chaining
CDR Call Data Record
CFB Cipher Feedback
CLI Command Line Interface
CMVP Cryptographic Module Validation Program
CO Crypto Officer
CSE Communications Security Establishment
CSP Critical Security Parameter
CTR Counter
CVL Component Validation List
DC Direct Current
DDOS Distributed Denial of Service
DES Data Encryption Standard
DMZ Demilitiarized Zone
DNS Domain Name System
DOS Denial of Service
DRBG Deterministic Random Bit Generator
DSA Digital Signature Algorithm
DSP Digital Signal Processor
EC Elliptical Curve
ECB Electronic Codebook
ECC Elliptical Curve Cryptography
ECDSA Elliptical Curve Digital Signature Algorithm
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 32 of 34
Acronym Definition
EMA Embedded Management Application
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
ENUM E.164 NUmber Mapping
FIPS Federal Information Processing Standard
GCM Galois/Counter Mode
GUI Graphical User Interface
HA High Availability
HMAC (Keyed-) Hash Message Authentication Code
HTTPS Hypertext Transfer Protocol Secure
IEEE Institute of Electrical and Electronics Engineers
IKE v1 Internet Key Exchange version1
IP Internet Protocol
IPMI Intelligent Platform Management Interface
IPsec Internet Protocol Security
KAT Known Answer Test
KDF Key Derivation Function
LED Light Emitting Diode
MAC Message Authentication Code
Mbps Mega-bits per second
MD5 Message Digest 5
MKEK Master Key Encrypting Key
N/A Not Applicable
NAT Network Address Translation
NDRNG Non-Deterministic Random Number Generator
NIST National Institute of Standards and Technology
NTP Network Time Protocol
OS Operating System
PKCS Public-Key Cryptography Standards
PM Platform Manager
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
RAM Random Access Memory
RNG Random Number Generator
RSA Riverst, Shamir, and Adleman
RTCP Real-time Transport Control Protocol
FIPS 140-2 Non-Proprietary Security Policy, Version 0.9 March 25, 2016
Sonus SBC 5110 and 5210 Session Border Controllers
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 33 of 34
Acronym Definition
RTP Real-time Transport Protocol
SBC Session Border Controller
SDRAM Synchronous Dynamic Random Access Memory
SFP Small Form-Factor Pluggable
SFTP SSH (or Secure) File Transfer Protocol
SHA Secure Hash Algorithm
SIP Session Initiation Protocol
SNMP Simple Network Management Protocol
SP Special Publication
SRTCP Secure Real-Time Transport Control Protocol
SRTP Secure Real-Time Transport Protocol
SSD Solid State Drive
SSH Secure Shell
TCP Transport Control Protocol
TLS Transport Layer Security
UDP User Datagram Packet
USB Universal Serial Bus
VOIP Voice Over Internet Protocol
Prepared by:
Corsec Security, Inc.
13921 Park Center Road, Suite 460
Herndon, VA 20171
United States of America
Phone: +1 703 267 6050
Email: info@corsec.com
http://www.corsec.com