Thales e-Security, Inc 2200 North Commerce Parkway, Suite 200, Weston, FL 33326, USA
TEL: + 1-888-744-4976
FAX: + 1-954-888-6211
http://www.thalesesec.com
F
FI
IP
PS
S 1
14
40
0-
-2
2 L
Le
ev
ve
el
l 3
3 S
Se
ec
cu
ur
ri
it
ty
y P
Po
ol
li
ic
cy
y
F
Fi
ir
rm
mw
wa
ar
re
e V
Ve
er
rs
si
io
on
n v
v4
4.
.5
5
H
Ha
ar
rd
dw
wa
ar
re
e V
Ve
er
rs
si
io
on
ns
s
O
OC
C-
-3
3/
/1
12
2C
C/
/4
48
8C
C 1
16
60
00
0X
X4
43
35
5 R
Re
ev
v.
. 0
01
1,
,
1
16
60
00
0X
X4
43
35
5 R
Re
ev
v.
. 0
02
2
O
OC
C-
-1
19
92
2C
C 1
16
60
00
0X
X4
42
27
7 R
Re
ev
v.
. 0
01
1,
,
1
16
60
00
0X
X4
42
27
7 R
Re
ev
v.
. 0
02
2
D
Da
at
ta
ac
cr
ry
yp
pt
to
or
r®
® S
SO
ON
NE
ET
T/
/S
SD
DH
H O
OC
C-
-3
3/
/1
12
2/
/4
48
8/
/1
19
92
2C
C
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 2 OF 26 27 MARCH 2014
CONTENTS
1. INTRODUCTION....................................................................................................................... 4
2. IDENTIFICATION AND AUTHENTICATION POLICY ............................................................ 10
2.1 Crypto-Officer Role .......................................................................................................... 10
2.2 User Role......................................................................................................................... 11
2.3 Authentication .................................................................................................................. 11
3. ACCESS CONTROL POLICY................................................................................................. 13
3.1 Roles and Services.......................................................................................................... 13
3.2 Cryptographic Keys, CSPs and Access Rights................................................................ 15
3.3 Zeroisation ....................................................................................................................... 16
3.4 Other Security-Relevant Information................................................................................ 17
4. PHYSICAL SECURITY POLICY............................................................................................. 18
4.1 Inspection/Testing of Physical Security Mechanisms ...................................................... 18
4.1.1 1600X435, Rev. 01 Hardware ........................................................................... 18
4.1.2 1600X435, Rev. 02 Hardware ........................................................................... 19
4.1.3 1600X427, Rev. 01 Hardware ........................................................................... 20
4.1.4 1600X427, Rev. 02 Hardware ........................................................................... 22
5. MITIGATION OF OTHER ATTACKS POLICY........................................................................ 24
ACRONYMS AND ABBREVIATIONS............................................................................................ 25
REFERENCES............................................................................................................................... 26
Tables
Table 1-1 Physical Ports and Status Indicators................................................................................ 6
Table 1-2 Physical Port to Logical Port Mapping ............................................................................. 6
Table 1-3 Power-Up Tests ............................................................................................................... 8
Table 1-4 Conditional Tests ............................................................................................................. 9
Table 2-1 Roles and Required Identification and Authentication .................................................. 11
Table 2-2 Strengths of Authentication Mechanisms...................................................................... 12
Table 3-1 Services Authorized for Crypto Officer........................................................................... 13
Table 3-2 Services Authorized for User ......................................................................................... 14
Table 3-3 Cryptographic Keys and CSPs...................................................................................... 15
Figures
Figure 1-1 Datacryptor® SONET/SDH Crypto Module Example Network Configuration................. 5
Figure 4-1 1600X435, Rev. 01 Front.............................................................................................. 18
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 3 OF 26 27 MARCH 2014
Figure 4-2 1600X435, Rev. 01 Rear .............................................................................................. 18
Figure 4-3 1600x435, Rev. 01 Top................................................................................................. 19
Figure 4-4 1600X435, Rev. 02 Front.............................................................................................. 19
Figure 4-5 1600X435, Rev. 02 Rear .............................................................................................. 19
Figure 4-6 1600x435, Rev. 02 Top................................................................................................. 20
Figure 4-7 1600X427, Rev. 01 Front.............................................................................................. 20
Figure 4-8 1600X427, Rev. 01 Rear .............................................................................................. 21
Figure 4-9 1600x427, Rev. 01 Top................................................................................................. 21
Figure 4-10 1600X427, Rev. 02 Front............................................................................................ 22
Figure 4-11 1600X427, Rev. 02 Rear ............................................................................................ 22
Figure 4-12 1600x427, Rev. 02 Top............................................................................................... 23
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 4 OF 26 27 MARCH 2014
1. INTRODUCTION
Thales e-Security is a global leader in the network security market with over 60,000 network
security devices in operation, being one of the first companies to introduce a link encryption
product to the market in the early 1980s.
The Datacryptor® family represents Thales’ next generation of network security devices for a wide
variety of communications environments. It is the culmination of 20 years’ experience protecting
wide-area and point-to-point networks for governments, financial institutions and information-
critical industries worldwide.
This document is the Security Policy1 for the Thales e-Security Datacryptor® SONET/SDH OC-
3/12/48/192C, conforming to the FIPS140-2 Security Policy Requirements [1].
Further information on the Datacryptor® family and the functionality provided by the Datacryptor®
SONET/SDH OC-3/12/48/192C is available from the Thales web site: http://iss.thalesgroup.com
Overview
The Datacryptor® SONET/SDH OC-3/12/48/192C is a multi-chip standalone cryptographic module
which facilitates secure data transmission across SONET networks using OC-3C, OC-12C, OC-
48C or OC-192C.
This Security Policy defines the Datacryptor® SONET/SDH OC-3/12/48/192C cryptographic
module for two hardware versions, 1600X435 (low speed module) which supports data
transmission using OC-3C, OC-12C or OC-48C, and 1600X427 (high speed module) which
supports data transmission using OC-192C. These variants utilize a different hardware platform
but are functionally identical therefore all references to Datacryptor® SONET/SDH OC-
3/12/48/192C or module refer to both variants unless explicitly stated otherwise.
Figure 1-1 shows a typical Datacryptor® SONET/SDH OC-3/12/48/192C configuration where 2
LANs are securely linked across a public domain SONET network.
Modes of Operation
The Datacryptor® SONET/SDH OC-3/12/48/192C can only operate in an FIPS 140-2 Approved
mode (this includes cryptographic services and bypass services). The modes of operation are
detailed below:
 Standby Mode The module transmits/receives no data via either its Host or Network
interfaces on that channel. This mode is automatically entered if the
module detects an error state or at start-up. This mode is indicated
by the green flashing Encrypt LED.
 Plain Text Mode2 All data received through the Host interface on that channel is
transmitted through the Network interface as plain text. Similarly, all
data received through the Network interface on that channel is
1
This document is non-proprietary and may be reproduced freely in its entirety but not modified or used for
purposes other than that intended.
2
This is the bypass mode.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 5 OF 26 27 MARCH 2014
transmitted through the Host interface with no decryption applied.
This mode should only be used for diagnostic purposes, or if there is
no security risk to the data if it is transferred unencrypted. This mode
is indicated by the solid red Plain LED. The module does not support
an alternating plaintext mode.
 Encrypt Mode All data received through the Host interface on that channel is
encrypted using the transmit Data Encryption Key (DEK) and then
the encrypted data is transmitted through the Network interface.
Similarly, all data received through the Network interface on that
channel is decrypted using the receive DEK and then the decrypted
data is transmitted through the Host interface. This mode is indicated
by the solid green Encrypt LED.
The mode of operation is selectable by the Crypto Officer using the Secure Remote
Management facility and the current mode of operation is displayed using both the Front Panel
LEDs and the Secure Remote Management (Element Manager PC) facility. Refer to the User
Manual [3] for further details.
Figure 1-1 Datacryptor® SONET/SDH Crypto Module Example Network Configuration
1 2 3
4 5 6
7 8 9
* 8 #
1 2 3
4 5 6
7 8 9
* 8 #
Physical Ports
Both variants of the Datacryptor® SONET/SDH OC-3/12/48/192C provide the same set of physical
ports with the exception of the host and network line interfaces, which use Small Form Factor
Pluggable (SFP) for low speed modules and 10 Gigabit Small Form Factor Pluggable (XFP) for
high speed modules
The physical ports are described below in Table 1-1 Physical Ports and Status Indicators:
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 6 OF 26 27 MARCH 2014
Table 1-1 Physical Ports and Status Indicators
Port Description
Network Connects to the public network for sending and receiving encrypted
user data and inter-module key exchange data. This is an optical
port.
Host Connects to the private network for sending and receiving plaintext
user data. This is an optical port.
RS-232 Connects to a local terminal for initialization of the module and also
allows remote management from the Element Manager application
utilizing the Point-to-Point (PPP) protocol.
Ethernet Allows the remote management of a unit using the Element Manager
application and status report using an SNMP management
application.
Front Panel LEDs Indicates the operational state of the unit, including Alarm state,
Error state, Plain or Encrypt mode and Host and Network line status.
Line Interface LEDs Indicates module present and laser input detected.
PSU LEDs Indicates the status of the PSUs (powered/unpowered)
Power Dual redundant power interface supporting customer options of AC
or DC and international power cord standards.
The physical ports are mapped to four logical ports defined by FIPS 140-2 as described below in
Table 1-2 Physical Port to Logical Port Mapping:
Table 1-2 Physical Port to Logical Port Mapping
Logical Interface Description and Mapping to Physical Port
Data Input Host Line Interface
Network Line Interface
Data Output Host Line Interface
Network Line Interface
Control RS-232 Interface
Ethernet Interface
Status RS-232 Interface
Ethernet Interface
Front Panel LEDs
Line Interface LEDs
PSU LEDs
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 7 OF 26 27 MARCH 2014
User Data Security
The communications channel between two Datacryptor® SONET/SDH OC-3/12/48/192Cs is
assumed to be vulnerable and therefore the Datacryptor® SONET/SDH OC-3/12/48/192C
encrypts the entire user data stream3.
The Datacryptor® SONET/SDH OC-3/12/48/192C uses public key cryptography for authentication
and key agreement4 and symmetric key cryptographic for data confidentiality. The authentication
mechanism employs signed X.509 v3 certificates using the Digital Signature Algorithm (DSA) for
signature verification. The Diffie-Hellman protocol is used to establish a Key Encryption Key (KEK)
between modules. Data Encryption Keys (DEKs), used for encrypting and decrypting data traffic,
are derived from the KEK.
Random Number Generation
This consists of a hardware random number source which provides a seed key to a FIPS 186-2
Appendix 3.1 [2] Approved pseudo random number generator.
Establishment of the module’s generated private and secret keys (Diffie-Hellman static/ephemeral
and Data Encryption Keys) uses the above random number generation mechanism.
Algorithm Support
The Datacryptor® SONET/SDH OC-3/12/48/192C contains the following algorithms:
 AES-256 for data encryption
 DSA for signature verification
 SHA-1 hashing algorithm
 Diffie-Hellman for key agreement
Physical Security
The multi-chip standalone embodiment of the circuitry within the Datacryptor® SONET/SDH OC-
3/12/48/192C is contained within a strong metal production-grade enclosure that is opaque within
the visible spectrum to meet FIPS 140-2 Level 3. The enclosure completely covers the module to
restrict unauthorized physical access to the module. The physical security includes measures to
provide both tamper evidence and tamper detection and response. In the case of tamper response
all sensitive information stored within the module will be zeroised.
The Datacryptor® SONET/SDH OC-3/12/48/192C’s cryptographic boundary (FIPS 140-2 [1],
section 2.1) is the physical extent of its enclosure but excludes the dual redundant power supplies
which are external to this boundary and may be hot-swapped by a customer and does not require
a “return to factory” operation.
3
Providing the module is configured to operate in Encrypt mode.
4
This key agreement method provides 80-bits of encryption strength.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 8 OF 26 27 MARCH 2014
Secure Remote Management
The Datacryptor® SONET/SDH OC-3/12/48/192C may be remotely and securely managed using
the Element Manager.
The Datacryptor® SONET/SDH OC-3/12/48/192C can also be managed (for status only) using an
SNMP v3.0 management application. Only one management session is permitted at a time with a
Datacryptor® SONET/SDH OC-3/12/48/192C.
Diagnostics
A variety of diagnostics are available to maintain secure operation. These diagnostics include
cryptographic mechanisms, critical functions and environmental monitoring. In addition the module
supports a local loop back mode to aid in diagnosing network connectivity. Log files are
maintained in the Datacryptor® SONET/SDH OC-3/12/48/192C and can be viewed or printed.
If the Datacryptor® SONET/SDH OC-3/12/48/192C is faulty, as indicated by the failure of a self-
test diagnostic, it will render itself inoperable until the fault is rectified.
 Power-Up Tests On power-up known answer tests (KAT) are performed on all
cryptographic algorithms and the pseudo-random number generator. In addition the
integrity of all firmware is checked.
Table 1-3 Power-Up Tests
Function Checked Description
CA Algorithm (DSA) KAT Test
KEK Algorithm (AES-256) KAT Test
DEK Algorithm (AES-256) KAT Test
SHA-1 KAT Test
SHA-1 RNG KAT Test
Firmware Integrity 16 bit Error Detection Code (EDC)
Checksum
 Conditional Tests
 The output of both the hardware random number generator and the pseudo-random
number generator are checked whenever random data is requested by the module.
Subsequent random numbers are compared against the last generated value to verify
that these values are not the same.
 The module also performs a bypass test before entering an encrypted channel mode.
When switching from a plain to an encrypted channel mode the module issues an
encrypted challenge to its peer using the Data Encryption Key (DEK). The challenge is
then decrypted by the peer using its DEK, and if verified, an encrypted response is
returned to the module (using the DEK). The response is decrypted by the module
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 9 OF 26 27 MARCH 2014
(using the DEK) and verified. If successful the channel is established as being in an
encrypted state with matching DEKs in each module.
 In the case of a firmware upgrade, this is digitally signed by a CA using DSA allowing
the module to verify the image so preventing unauthorized firmware upgrades. After
loading firmware onto this module it will no longer be a FIPS 140-2 validated module
unless the firmware has been FIPS 140-2 validated. This feature is used as an upgrade
path for future FIPS 140-2 approved modules.
Table 1-4 Conditional Tests
Function Checked Description
Hardware RNG CRNG
SHA-1 RNG CRNG
Bypass Bypass Test
Firmware Upgrade Authentication Verify (DSA)
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 10 OF 26 27 MARCH 2014
2. IDENTIFICATION AND AUTHENTICATION POLICY
The two roles associated with the Datacryptor® SONET/SDH OC-3/12/48/192C are:
Crypto-Officer Commissioning and configuration of the Datacryptor® SONET/SDH OC-
3/12/48/192C.
User This role occurs when two Datacryptor® SONET/SDH OC-3/12/48/192Cs are
communicating with each other.
The Datacryptor® SONET/SDH OC-3/12/48/192C does not support multiple concurrent roles.
2.1 Crypto-Officer Role
The Datacryptor® SONET/SDH OC-3/12/48/192C can be managed by the Crypto-Officer using
either of the following two methods:
 Element Manager - This PC-based software application enables a Crypto-Officer to
commission and administer the module.
 SNMP Management Station - This is limited to requesting and obtaining status
information from the Datacryptor® SONET/SDH OC-3/12/48/192C.
The Crypto-Officer role utilizes the Element Manager to commission and configure the module via
the dedicated ethernet or serial management port.
Commissioning a module installs a X.509 certificate (containing the CA public key, certificate
name, unit serial number and certificate life time) and the required Diffie Hellman parameters
(base and modulus) to allow the Datacryptor® SONET/SDH OC-3/12/48/192C to generate a
corresponding Diffie Hellman key set. This information is digital signed allowing the unit to
authenticate the certificate’s signature using the issuing CA Public key held within the module. The
module must be commissioned before it may be administered.
When administering the module the Element Manager establishes a secure connection
(connection authentication and data confidentiality) to the module. This connection is established
and protected in the same manner as a module to module connection. To establish the secure
connection the Crypto-Officer uses a removable media key-material set containing the Crypto-
Officer’s name and access rights, Diffie-Hellman key set and own certificate. To access the key-
material set the Crypto-Officer must login to the Element Manager by presenting the key-material
set and the Crypto-Officer’s own password of at least 8 ASCII printable characters. This allows the
Element Manager to verify the identity of a Crypto-Officer before establishing a secure connection
using the key material set.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 11 OF 26 27 MARCH 2014
2.2 User Role
The Crypto-Officer can download one or more signed X.509 User Certificates to the Datacryptor®
SONET/SDH OC-3/12/48/192C. Each User Certificate gives a Datacryptor® SONET/SDH OC-
3/12/48/192C an identity.
Identity-based authentication is implemented between two communicating Datacryptor®
SONET/SDH OC-3/12/48/192C. The modules are then operating in the User role. This identity can
be authenticated to another module which verifies the User Certificate’s signature using the
issuing CA Public key held within the module.
If the issuing CA Public key is not held within the authenticating module then verification cannot be
undertaken. Therefore no communications channel can be established between the two
Datacryptor® SONET/SDH OC-3/12/48/192Cs.
2.3 Authentication
The types and strengths of authentication for each Role identified for the Datacryptor®
SONET/SDH OC-3/12/48/192C are given in Table 2-1 and Table 2-2 below.
Table 2-1 Roles and Required Identification and Authentication
Role Type of Authentication Authentication Data
Crypto-Officer Identity based Signed X.509 Digital Certificate
User Identity based Signed X.509 Digital Certificate
The identity of each entity performing a role that requires authentication is held within the X.509
Digital Certificate allowing the identity and authorization of the operator to be validated by
checking the signature (DSA) of the certificate.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 12 OF 26 27 MARCH 2014
Table 2-2 Strengths of Authentication Mechanisms
Authentication
Mechanism
Strength of Mechanism
Signed X.509
Digital Certificate
The strength depends upon the size of the private key space. The
Datacryptor® SONET/SDH OC-3/12/48/192C uses DSA, which is a FIPS
Approved algorithm. Therefore the probability of successfully guessing the
private key (160 bits), and hence correctly signing an X.509 certificate, is
significantly less than one in 1,000,000 (2160).
Multiple attempts to use the authentication mechanism during a one-minute
period do not constitute a threat for secure operation of the Datacryptor®
SONET/SDH OC-3/12/48/192C. This is because each attempt requires the
Datacryptor® SONET/SDH OC-3/12/48/192C to check the signature on the
certificate that is to be loaded. Therefore the total number of attempts that can
be made in a one-minute period will be limited by the Datacryptor®
SONET/SDH OC-3/12/48/192C signature verification and response operation,
which takes on average approximately 30 seconds. The majority of this time is
accounted for by the communications overheads since the signature checking
operation within the module is relatively fast.
Given the very large size (160 bits) of the private key space used by the FIPS
Approved signature algorithm (DSA) loaded in the Datacryptor® SONET/SDH
OC-3/12/48/192C it follows that the probability that an intruder will be able to
guess the private key, and thereby gain authentication, by making multiple
attempts is significantly less than one in 100,000 (2160 / 2).
There is no feedback of authentication data to the Crypto-Officer or User that
might serve to weaken the authentication mechanism.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 13 OF 26 27 MARCH 2014
3. ACCESS CONTROL POLICY
3.1 Roles and Services
Table 3-1 Services Authorized for Crypto Officer lists the authorized services available for each
role within the Datacryptor® SONET/SDH OC-3/12/48/192C. All services require authentication to
the module.
For further details of each operation refer to the Datacryptor® SONET/SDH OC-3/12/48/192C
User Guide [3].
Table 3-1 Services Authorized for Crypto Officer
Service Description Input Output Access
Access module Login/logout of the
module
password, crypto
officer public
key, crypto
officer certificate
Command
response
Peer Module Certificate - read
Manage Key Material Loads module’s key
material, deletes
module’s key material
module public
key, module
certificate
Command
response
CA Public Key – read/write,
Module Certificate – read/write
General Configuration Display/edit module’s
name, description, time
and interface settings.
Commands and
parameters
Command
response
None
Diagnostics Reboot or erase key
material. Configure
loopback mode
Commands and
parameters
Command
response
None
IP Management Display/edit module’s
ports, ethernet and
serial, configuration.
Commands and
parameters
Command
response
None
SNMP Display/edit general
information, SNMP
version, SNMP
communities and
SNMP traps.
Commands and
parameters
Command
response
None
IP Routes Display/edit IP routing
information
Commands and
parameters
Command
response
None
Security Display/edit key
lifetimes, and general
key exchange
parameters
Commands and
parameters
Command
response;
key
exchange if
forced.
Key Encryption Key – write
(delete), Data Encryption Key –
write (delete)
RIP Display/edit RIP version
and RIP password
Commands and
parameters
Command
response
None
Communications Display/edit SONET
path mode, SONET line
mode, laser mode and
interface mode
Commands and
parameters
Command
response
None
Path Display/edit current
setting of the
connection – one of
standby, plain or
Commands and
parameters
Command
response
None
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 14 OF 26 27 MARCH 2014
Service Description Input Output Access
encrypt.
Line Display current
connection mode - one
of standby, plain or
encrypt and ping the
connected unit.
Commands and
parameters
Command
response,
ping packet
to
connected
peer.
None
Environment Display fan speed,
module temperature
and unit power status.
Commands and
parameters
Command
response
None
License Display/edit currently
loaded license file for
the Datacryptor OC-
3/12/48C module.
License file Command
Response
None
Show Status View status of the
module.
None
Commands and
parameters
Front Panel
LEDs Status
Indicators
Status
information
over
Element
Manager or
SNMP
Traps
None
Operator Callable Self-
Test
Module performs self-
test
Reboot Module Front Panel
LEDs Status
Indicators
None
Plaintext Enable module to
perform bypass.
Commands and
parameters.
Bypass test
pass or fail
indicated by
Front Panel
Status
LEDs.
None
Table 3-2 Services Authorized for User
Service Description Input Output Accessed
Encrypt Encrypt data received
from the Host interface
and transmit on the
Network interface.
User traffic
(plain)
User traffic
(encrypted)
DEK – read
Decrypt Decrypt data received
from the Network
interface and transmit
on the Host interface.
User traffic
(encrypted)
User traffic
(plain)
DEK - read
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 15 OF 26 27 MARCH 2014
3.2 Cryptographic Keys, CSPs and Access Rights
The cryptographic keys and CSPs stored in the Datacryptor® SONET/SDH OC-3/12/48/192C
module are listed in Table 3-3.
All private and secret keys (Diffie-Hellman, KEKs and DEKs) are generated internally in the
module and may not be either loaded or read by the Crypto Officer or User.
Table 3-3 Cryptographic Keys and CSPs
Keys/CSPs Description Key/CSP
Type
and Size
Generated/
Established
Stored Zeroised
Master Key Encrypts all non-volatile
Keys and CSPs stored on
the module.
AES
(256 bits)
Generated at start-up
if not present, using
the module’s
hardware random
number generator
and an approved
RNG (cert# 588).
FRAM
(plaintext)
On tamper
detect or by
user.
CA Public Key The public key of the CA
key pair use to verify
subsequent key material
loaded into the module.
DSA
(1024 bits)
Generated external
and loaded as part of
the commissioning
process.
Non-volatile
memory –
Compact
Flash
(encrypted)
When the key is
deleted or
replace by a
subsequent key.
Own Module
Certificate/Diffie-
Hellman Static Key
Pair
An X.509 certificate
containing the module
name, Diffie-Hellman static
public key (the static private
key is stored separately)
and associated parameters.
Diffie-
Hellman
(1024 bits)
The Diffie-Hellman
static key pair is
generated locally by
the module, using the
module’s hardware
random number
generator and an
approved RNG
(cert#588) from the
parameters supplied
during the
commissioning
process. The module
name and Diffie-
Hellman static public
key is then exported
to be signed by
issuing CA so forming
the module certificate.
Own Module
Certificate
Non-volatile
memory –
Compact
Flash
(encrypted)
Diffie-
Hellman
static private
key – Non-
volatile
memory –
FRAM
(encrypted)
When the
certificate is
deleted or
replaced by a
subsequent
certificate.
The Diffie-
Hellman static
private key may
deleted by a
user.
Diffie-Hellman
Ephemeral Key
Pair
The Diffie-Hellman
ephemeral key pair.
Diffie-
Hellman
(1024 bits)
The Diffie-Hellman
ephemeral key pair is
generated locally by
the module, using the
module’s hardware
random number
generator and an
approved RNG
(cert#588) from the
parameters supplied
during the
commissioning
process. This key pair
is used in conjunction
with the static key pair
Volatile
memory -
SRAM
(encrypted)
Zeroised when a
new link is
established.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 16 OF 26 27 MARCH 2014
Keys/CSPs Description Key/CSP
Type
and Size
Generated/
Established
Stored Zeroised
to establish the KEK.
Peer Module
Certificate/Diffie-
Hellman Static
Public Key
Received during link
establishment between two
modules to allow
authentication of the peer
module using signature
verification (DSA).
Diffie-
Hellman
(1024 bits)
Generated by peer in
the same manner as
Own Module
Certificate.
Non-Volatile
memory –
Compact
Flash
(encrypted)
Zeroised when a
new link is
established.
Key Encryption
Key (KEK)
Key used to derive data
encryption keys in
conjunction with DEKID
AES
(256 bits)
Established during
link establishment
with Diffie-Hellman
using the static and
ephemeral key pairs.
Volatile
memory –
BRAM
(encrypted)
Zeroised when a
new link is
established or
when a new KEK
is generated at a
user defined time
interval.
Data Encryption
Key Derivation
Data (DEKDD)
Random data used to
derive data encryption keys
in conjunction with KEK
256 bits Generated during
DEK derivation using
the module’s
hardware random
number generator
and an approved
RNG (cert# 588).
Not stored. N/A
Data Encryption
Keys (DEKs)
A pair of key (one for
transmit and one for
receive) used for encryption
and decryption of line data.
AES
(256 bits)
Generated during link
establishment using
AES (KEK), DEKDD
and XOR operations.
Volatile
memory –
BRAM
(encrypted)
Zeroised when a
new link is
established or
when a new DEK
is generated at a
user defined time
interval.
Seed Key Used by the Approved RNG RNG Seed
Key
(256 bits)
Generated via internal
hardware RNG
Not stored. Zeroised when a
subsequent seed
key is generated
and the CRNG
comparison is
successful.
Note: A Thales e-Security public key is embedded within the firmware which is used to verify the
integrity of the firmware during module startup.
3.3 Zeroisation
The Crypto Officer can zeroise keys through the Element Manager application. As indicated in the
table above, the Crypto Officer has the choice to directly delete keys, establish a new link with
another peer module or force the module to generate new keys. Keys that are not zeroised are
encrypted by the master key. The module zeroises the master key when the tamper response and
zeroisation circuitry responds to an intrusion of the enclosure which renders all other keys
indecipherable.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 17 OF 26 27 MARCH 2014
3.4 Other Security-Relevant Information
FIPS Approved Mode of Operation
The Datacryptor® SONET/SDH OC-3/12/48/192C only operates in an Approved mode and does
not support any unapproved modes of operation.
1. FIPS 140-2 Approved and Certified
 SHA-1 (FIPS Certificate #985)
 DSA (FIPS Certificate #349)
 FIPS 186-2 RNG (FIPS Certificate #588).
 AES-256 (FIPS Certificate #1033, 1079 and 1080)
2. FIPS 140-2 Approved, Vendor Affirmed
 Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of
encryption strength) (vendor affirmed: SP 800-56A; Key Derivation Function: ANSI
X9.42)
3. Non-Approved Allowed
 Hardware RNG for generating seed key for Approved RNG
Datacryptor® SONET/SDH OC-3/12/48/192C FPGA Details
This Security Policy defines the Datacryptor® SONET/SDH OC-3/12/48/192C cryptographic
module for two hardware versions which utilize different FPGAs as described below:
 1600X435 Rev. 01 & 02 (low speed module) utilize a Xilinx VirtexII-Pro XC2VP30 FPGA.
 1600X427 Rev. 01 & 02 (high speed module) utilize two Xilinx VirtexII-Pro XC2VP50
FPGAs.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 18 OF 26 27 MARCH 2014
4. PHYSICAL SECURITY POLICY
The Datacryptor® SONET/SDH OC-3/12/48/192C is a multiple-chip standalone cryptographic
module consisting of production-grade components to meet FIPS 140-2 Level 3.
The Datacryptor® SONET/SDH OC-3/12/48/192C is protected by a strong metal production-grade
enclosure that is opaque within the visible spectrum with tamper evident labels and tamper
response mechanisms. Attempts to access the module without removing the cover will cause
visible physical damage to the module and/or tamper evident labels.
The module’s ventilation holes on the sides and back on the enclosure are fitted with baffles to
prevent physical probing of the enclosure.
The module has a removable top cover which is protected by tamper response circuitry, which
zeroises all plaintext CSPs. Access to the internal components of the module requires that these
covers are removed.
The module's cryptographic boundary (FIPS 140-2 [1], section 2.1) is the physical extent of its
external casing but excludes the field replaceable dual redundant power supply.
4.1 Inspection/Testing of Physical Security Mechanisms
The following guidelines should be considered when producing a Security Policy for the network in
which the module is deployed.
The Datacryptor® SONET/SDH OC-3/12/48/192C should be periodically checked for evidence of
tampering, in particular damage to the tamper evident labels (highlighted in solid red for opaque
silver labels and outline red for clear labels) as these are part of the security of the unit. In addition
the audit logs should be checked for activation of the tamper response mechanism.
The frequency of a physical inspection depends on the information being protected and the
environment in which the unit is located. At a minimum it would be expected that a physical
inspection would be made at least monthly and audit logs daily.
4.1.1 1600X435, Rev. 01 Hardware
Figure 4-1 1600X435, Rev. 01 Front
Figure 4-2 1600X435, Rev. 01 Rear
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 19 OF 26 27 MARCH 2014
Figure 4-3 1600x435, Rev. 01 Top
The tamper evident labels shall only be applied at the Thales facility. Tamper evident labels are
not available for order or replacement from Thales.
Four tamper evident labels are required to be visible and undamaged for each module to be
operated in a FIPs approved mode of operation. They must be in the positions shown in Figure 4-2
and Figure 4-3.
4.1.2 1600X435, Rev. 02 Hardware
Figure 4-4 1600X435, Rev. 02 Front
Figure 4-5 1600X435, Rev. 02 Rear
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 20 OF 26 27 MARCH 2014
Figure 4-6 1600x435, Rev. 02 Top
The tamper evident labels shall only be applied at the Thales facility. Tamper evident labels are
not available for order or replacement from Thales.
Two tamper evident labels are required to be visible and undamaged for each module to be
operated in a FIPs approved mode of operation. They must be in the positions shown in Figure
4-6.
4.1.3 1600X427, Rev. 01 Hardware
Figure 4-7 1600X427, Rev. 01 Front
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 21 OF 26 27 MARCH 2014
Figure 4-8 1600X427, Rev. 01 Rear
Figure 4-9 1600x427, Rev. 01 Top
The tamper evident labels shall only be applied at the Thales facility. Tamper evident labels are
not available for order or replacement from Thales.
Three tamper evident labels are required to be visible and undamaged for each module to be
operated in a FIPs approved mode of operation. They must be in the positions shown in Figure 4-8
and Figure 4-9.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 22 OF 26 27 MARCH 2014
4.1.4 1600X427, Rev. 02 Hardware
Figure 4-10 1600X427, Rev. 02 Front
Figure 4-11 1600X427, Rev. 02 Rear
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 23 OF 26 27 MARCH 2014
Figure 4-12 1600x427, Rev. 02 Top
The tamper evident labels shall only be applied at the Thales facility. Tamper evident labels are
not available for order or replacement from Thales.
Two tamper evident labels are required to be visible and undamaged for each module to be
operated in a FIPs approved mode of operation. They must be in the positions shown in Figure
4-12.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 24 OF 26 27 MARCH 2014
5. MITIGATION OF OTHER ATTACKS POLICY
None.
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 25 OF 26 27 MARCH 2014
ACRONYMS AND ABBREVIATIONS
Acronym Definition
AES Advanced Encryption Standard
ANSI American National Standards Institute
CA Certification Authority
DEK Data Encryption Key
DSA Digital Signature Algorithm
EDC Error Detection Code
FIPS Federal Information Processing Standards
ITU International Telecommunications Union
KAT Know Answer Test
KEK Key Encryption Key
LAN Local Area Network
NIST National Institute of Standards and Technology
PPP Point-to-Point
PRNG Pseudo Random Number Generator
PSU Power Supply Unit
RIP Routing Information Protocol
RNG Random Number Generator
SDH Synchronous Digital Hierarchy
SFP Small Form Factor Pluggable
SHA-1 Secure Hash Algorithm
SNMP Simple Network Management Protocol
SONET Synchronous Optical NETwork
XFP 10 Gigabit Small Form Factor Pluggable
THALES e-SECURITY
DATACRYPTOR® SONET/SDH OC-3/12/48/192C
SECURITY POLICY
VERSION 002 PAGE 26 OF 26 27 MARCH 2014
REFERENCES
1. FIPS 140-2 Security Requirements for Cryptographic Modules, Federal
Information Processing Standards Publication, 25th May 2001.
Including Change Notices 2,3,4: 12/03/2002
Available from the NIST web site: http://www.nist.gov/cmvp
2. FIPS 186-2 Digital Signature Standard, Federal Information Processing
Standards Publication, 27th January 2000. Including Change Notice 1: 5th
October 2001.
Available from the NIST web site: http://www.nist.gov/cmvp
3. Datacryptor® SONET/SDH OC-3/12/48/192C User Manual, 1270A427, Issue 8
June 2008.
Available from Thales e-Security.