Version 7 Revision 3
- i -
IBM System Storage TS1130 Tape Drive –
Machine Type 3592, Model E06
Security Policy
Document Version 7 Revision 3
Version 7 Revision 3
ii
1 Document History ..................................................................................................................................................1
2 Introduction............................................................................................................................................................2
2.1 References...............................................................................................................................................3
3 TS1130 Encrypting Tape Drive Cryptographic Module Description.....................................................................4
3.1 Overview.................................................................................................................................................4
3.2 Secure Configuration.............................................................................................................................5
3.3 Ports and Interfaces...............................................................................................................................8
3.4 Roles and Services..................................................................................................................................9
3.5 Physical Security ..................................................................................................................................15
3.6 Cryptographic Algorithms and Key Management............................................................................16
3.7 Design Assurance .................................................................................................................................20
3.8 Mitigation of other attacks..................................................................................................................20
Version 7 Revision 3
- 1 -
1 Document History
Date Author Change
02/25/2009 Christine Knibloe V0.0
Initial Creation
10/05/2009 Said Ahmad V1.0
Updated Figure 1 and Table 3
removing references to misc. port
10/20/2009 Said Ahmad V2.0
Updated cryptographic boundary
from the canister to drive brick
10/21/2009 Said Ahmad V3.0
Updated Figure 1 with duplicate
Ethernet port
10/29/2009 Said Ahmad V4.0
Updates per the Lab Comments
1/28/2009 Said Ahmad V5.0
Updated per the Lab Comments
6/2/2010 Said Ahmad V6.0
Updated per CMVP comments
6/3/2010 Said Ahmad V7.0
Updated per CMVP comments
6/8/2010 Said Ahmad V7.1
Updated per CMVP comments
7/16/2010 Said Ahmad V7.2
Updated per CMVP Comments
Version 7 Revision 3
2
2 Introduction
This non-proprietary security policy describes the IBM System Storage TS1130 Tape Drive - Machine
Type 3592, Model E06 cryptographic module and the approved mode of operation for FIPS 140-2,
meeting the security level 1 requirements for each section of the requirements. This policy was prepared
as part of FIPS 140-2 validation of the TS1130. The IBM System Storage TS1130 Tape Drive -
Machine Type 3592, Model E06 is referred to in this document as the “TS1130 Encrypting Tape Drive,”
the “TS1130,” and the encrypting tapedrive.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2—Security Requirements for
Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More
information about the FIPS 140-2 standard and validation program is available on the NIST web site at:
http://csrc.nist.gov/groups/STM/cmvp/
The security policy document is organized in the following sections:
• Introduction
• References
• Document Organization
TS1130 Encrypting Tape Drive Cryptographic Module Description
• Cryptographic Module Overview
• Secure Configuration
• Cryptographic Module Ports and Interfaces
• Roles and Services
• Physical Security
• Cryptographic Key Management
• Self-Tests
• Design Assurance
• Mitigation of Other Attacks
Version 7 Revision 3
3
2.1 References
This document describes only the cryptographic operations and capabilities of the TS1130 Encrypting Tape
Drive. More information is available on the general function of the TS1130 Encrypting Tape Drive at the
IBM web site:
http://www.ibm.com/storage/tape/
The tape drive meets the T10 SCSI-3 Stream Commands (SSC) standard for the behavior of sequential
access devices. In addition, the tape drive primary host interfaces are physical fibre channel ports. The
physical and protocol behavior of these ports conforms to Fibre Channel Protocol (FCP) specification.
These specifications are available at the INCITS T10 standards web site:
http://www.T10.org /
A Redbook describing tape encryption and user configuration of the drive in various environments can be
found at:
http://www.redbooks.ibm.com/abstracts/sg247320.html?Open
The TS1130 drive format on the tape media is designed to conform to the IEEE P1619.1 committee draft
proposal for recommendations for protecting data at rest on tape media. Details on P1619.1 may be found
at:
http://ieee-p1619.wetpaint.com/
Version 7 Revision 3
4
3 TS1130 Encrypting Tape Drive Cryptographic Module Description
3.1 Overview
The TS1130 Encrypting Tape Drive is a set of hardware, firmware, and interfaces allowing the optional
storage and retrieval of encrypted data to magnetic tape cartridges. The TS1130 tape drive is FIPS
validated as a multi-chip, embedded cryptographic module (Hardware Version: 45E8855 EC Level
L31095 and Firmware Version: 46X1651 EC Level L31096). In customer operation the “brick” unit is
embedded in a canister package for operation in a library. Some components of the TS1130 tape drive,
such as mechanical components used for tape loading/unloading and actuating the tape cartridge, labels,
cables, connectors, terminals and sensor components, do not have an effect on the security of the
cryptographic module.
A block diagram of the TS1130 Encrypting Tape Drive is shown below:
Cryptographic Module Block Diagram
Tape
Message
Display
Deck
Head
Main Card
Yuri
(U24)
SDRAM (U20,U21,U22,
U34,U49,U51,U67,U58)
FAS600
(U71)
SDRAM
(U52,U54)
UPIF
(internal PPC)
(U23)
SH7780
(U16)
Drive
SDRAM (U86,U87)
Flash (U17)
SDRAM (U10,U11)
Other
Card
Functions
(U14,U9,U13,
U8,U46,U48)
FC
Port
0
FC
Port
1
Power
(J37)
(J4)
(J12)
Cartridge
Mem
(J10)
Tape
(J6)
RS-
422
RS-
232
Service
Panel
Ether-
net
(J32)
ACF
I2C
Ether-
net
(J42)
Figure 1: TS1130 Block Diagram
Version 7 Revision 3
5
The TS1130 Encrypting Tape Drive has two major cryptographic functions:
ƒ Data Block Cipher Facility: The tape drive provides functions which provide the ability for
standard tape data blocks as received during SCSI-type write commands to be encrypted
before being recorded to media using AES-GCM block cipher using a provided key, and
decrypted during reads from tape using a provided key.
o Note the AES-GCM block cipher operation is performed after compression of the
host data therefore not impacting capacity and data rate performance of the
compression function
o The TS1130 drive automatically performs a complete and separate decryption and
decompression check of host data blocks after the compression/encryption process
to validate there were no errors in the encoding process
ƒ Secure Key Interface Facility: The tape drive provides functions which allow authentication
of the tape drive to an external IBM key manager, such as the IBM Encryption Key
Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and allow transfer of
protected key material between the key manager and the tape drive.
3.2 Secure Configuration
This section describes the approved mode of operation for the TS1130 drive to maintain the FIPS 140-2
validation.
There are two configurations for the TS1130 in the approved mode of operation. They are:
ƒ System-Managed Encryption (SME)
ƒ Library-Managed Encryption (LME)
In order to be in an approved mode of operation, the values of the fields Key Path (manager Type) (from
VPD), In-band Key Path (Manager Type) Override, Indirect Key Mode Default, Key Scope, and
Encryption Method must be set according to the table below. More details can be found in the TS1130
SCSI Reference.
Table 1: Settings for Approved Configurations
Required Fields System-Managed
Encryption (SME)
Library-Managed
Encryption (LME)
Key Path (Manager Type) (from VPD)
Mode Page X’25’, byte 21, bits 7-5
X’1’ X’6’
In-band Key Path (Manager Type) Override
Mode Page X’25’, byte 21, bits 4-2
X’0’ or X’1’ X’0’
Indirect Key Mode Default
Mode Page X’25’, byte 22, bit 4
B’0’ B’0’
Key Scope
Mode Page X’25’, byte 23, bits 2-0
X’0’ or X’1’ X’0’ or X’1’
Encryption Method
Mode Page X’25’, byte 27
X’10’ or X’1F’ X’60’
A user can determine if the TS1130 is in the approved mode of operation by issuing a SCSI Mode Sense
command to Mode Page X’25’ and evaluating the values returned.
Certain commands are prohibited while in the approved mode of operation. The commands vary based on
which configuration is used in the approved mode. In the LME configuration, all Mode Select commands
to subpages of Mode Page X’25’ are prohibited. In the SME configuration, Mode Select commands to the
following subpages of Mode Page X’25’ are prohibited.
Version 7 Revision 3
6
Table 2: Mode Select Eligibility of Mode Page X’25’ Subpages
Mode Page X’25’ Subpages System-Managed Encryption
(SME)
Library-Managed Encryption
(LME)
X’C0’ – Control/Status Allowed Prohibited
X’D0’ – Generate dAK/dAK’ Pair Prohibited Prohibited
X’D1’ – Query dAK Prohibited Prohibited
X’D2’ – Update dAK/dAK’ Pair Prohibited Prohibited
X’D3’ – Remove dAK/dAK’ Pair Prohibited Prohibited
X’D5’ – Drive Challenge/Response Allowed Prohibited
X’D6’ – Query Drive Certificate Allowed Prohibited
X’D7’ – Query/Setup HMAC Prohibited Prohibited
X’D8’ – Install eAK Prohibited Prohibited
X’D9’ – Query eAK Prohibited Prohibited
X’DA’ – Update eAK Prohibited Prohibited
X’DB’ – Remove eAK Prohibited Prohibited
X’DF’ – Query dSK Allowed Prohibited
X’E0’ – Setup SEDK/EEDK(s) Allowed Prohibited
X’E1’ – Alter EEDK(s) Allowed Prohibited
X’E2’ – Query EEDKs (Active) Allowed Prohibited
X’E3’ – Query EEDKs (Needed) Allowed Prohibited
X’E4’ – Query EEDKs (Entire) Allowed Prohibited
X’E5’ – Query EEDKs (Pending) Allowed Prohibited
X’EE’ – Request EEDKs (Translate) Allowed Prohibited
X’EF’ – Request EEDKs (Generate) Allowed Prohibited
X’FE’ – Drive Error Notify Allowed Prohibited
Loading a FIPS 140-2 validated drive microcode level and configuring the drive for SME or LME
operation initializes the TS1130 into the approved mode of operation. The FIPS 140-2 validated drive
microcode level should be loaded twice to ensure the firmware occupies both the main and reserved
firmware locations.
The TS1130 supports multi-initiator environments, but only one initiator may access cryptographic
functions at any given time. Therefore the TS1130 does not support multiple concurrent operators.
The TS1130 implements a non-modifiable operational environment which consists of a firmware image
stored in FLASH. The firmware image is copied to, and executed from, RAM. The firmware image can
only be updated via FIPS-approved methods that verify the validity of the image.
The TS1130 drive operates as a stand-alone tape drive and has no direct dependency on any specific
operating system or platform for FIPS approved operating mode, but does have requirements for:
• Key Manager/Key Store attachment
• Drive Configuration
The following criteria apply to the usage environment:
ƒ Key Manager and Key Store Attachment
o In both SME and LME modes of operation, an IBM key manager, such as the Encryption
Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and a supported key
store must be used in a manner which supports secure import and export of keys with the
TS1130 drive :
• Keys must be securely passed into the TS1130 drive. The key manager
must support encryption of the Data Key to form an Session Encrypted
Data Key (SEDK) for transfer to the TS1130 drive using the TS1130
drive public Session Key and a 2048-bit RSA encryption method.
Version 7 Revision 3
7
• The key manager/key store must be able to use the EEDK it supplies
the drive to determine the Data Key.
ƒ Drive Configuration requirements
o The TS1130 drive must be configured in SME or LME encryption mode.
o The TS1130 drive must have the FIPS 140-2 validated drive firmware level loaded and
operational.
o Drive must be configured in the approved mode of operation.
o In LME mode, the TS1130 drive must be operated in an automation device which
operates to the LDI or ADI interface specifications provided.
Version 7 Revision 3
8
3.3 Ports and Interfaces
The cryptographic boundary of the TS1130 drive cryptographic module is the drive brick. Tape data
blocks to be encrypted (write operations) or decrypted data blocks to be returned to the host (read
operation) are transferred on the host interface ports using SCSI commands, while protected key material
may be received on the host interface ports or the library port.
The physical ports are separated into FIPS-140-2 logical ports as described below.
Table 3: Ports and Interfaces of the TS1130
TS1130 Drive
Physical Ports
FIPS-140-2
Logical Interface
Crypto
Services
Interface Functionality
Fibre Channel Port
0
Data Input
Data Output
Control Input
Status Output
Yes ƒ Inputs data
ƒ Crypto: Inputs protected keys from the key
manager in SME mode.
ƒ Outputs data
ƒ Outputs encrypted key components
ƒ Inputs SSC-3 SCSI protocol commands
ƒ Outputs SSC-3 SCSI protocol status
Fibre Channel Port
1
RS-422 Port Data Input
Data Output
Control Input
Status Output
Yes ƒ Crypto: Inputs protected keys from the key
manager in LME mode.
ƒ Outputs data
ƒ Outputs encrypted key components
ƒ Inputs LDI and LMI protocol commands.
ƒ Outputs LDI and LMI protocol status.
RS-232 Port Disabled None ƒ Disabled in the FIPS validated firmware
Ethernet Port Control Input
Status Output
Data Input
None ƒ Inputs controls and image for firmware load
ƒ Outputs status
ACF Interface Control Input
Status Output
None ƒ Inputs controls from automatic cartridge facility
ƒ Outputs status
I2C Interface Data Input
Data Output
None ƒ Inputs VPD data
ƒ Outputs VPD data
Service Panel
Interface
Control Input
Status Output
Yes ƒ Inputs controls from service panel
ƒ Crypto: Inputs controls for key zeroization
ƒ Crypto: Inputs controls for VPD configuration
ƒ Outputs status
ƒ Crypto: Outputs indicator for the encrypting state
Front Panel
Interface
- 8 Character
Display
- Unload Button
- Reset Button
Control Input
Status Output
Yes ƒ Inputs unload button selection
ƒ Inputs reset button selection
ƒ Outputs status on 8 character display
ƒ Crypto: Outputs indicator for the encrypting state
Input Power Port Power None ƒ Inputs power to the TS1130 drive
Write Protect
Switch
Control Input None ƒ Inputs write protect state of the cartridge
Cartridge Memory
RFID Port
Data Input
Data Output
Yes ƒ Inputs parameters.
ƒ Crypto: Inputs external key structures
ƒ Outputs parameters.
ƒ Crypto: Outputs external key structures
Read/Write Head Data Input
Data Output
Control Input
None ƒ Inputs data from tape cartridges (decrypted reads)
ƒ Outputs data to tape cartridges (encrypted writes)
ƒ Inputs command to load firmware from special
FMR cartridges
Version 7 Revision 3
9
3.4 Roles and Services
The TS1130 drive supports both a Crypto Officer role and a User role, and uses basic cryptographic
functions to provide higher level services. For example, the TS1130 drive uses the cryptographic functions
as part of its data reading and writing operations in order to perform the encryption/decryption of data
stored on a tape.
The Crypto Officer role is implicitly assumed when an operator performs key zeroization. The User role is
implicitly assumed for all other services. Both operators have access to the Power-up Self-Tests service.
The two main services the TS1130 drive provides are:
• Encryption or decryption of tape data blocks using the Data Block Cipher Facility.
• Establishment and use of a secure key channel for key material passing by the Secure Key Interface
Facility.
It is important to note that the Secure Key Interface Facility may be an automatically invoked service when
a user issues Write or Read commands with encryption enabled that require key acquisition by the TS1130
drive. Under these circumstances the TS1130 drive automatically establishes a secure communication
channel with a key manager and performs secure key transfer before the underlying write or read
command may be processed.
3.4.1 User Guidance
The services table describes what services are available to the User and Crypto Officer roles.
ƒ There is no authentication required for accessing the User Role
ƒ There is no authentication required for accessing the Crypto Officer Role
Single Operator requirements:
ƒ The TS1130 drive enforces a requirement that only one host interface initiator may have access to
cryptographic services at any given time.
Version 7 Revision 3
10
3.4.2 Provided Services
Available services are also documented in the specified references. All of the services summarized here are
allowed in the FIPS mode of operation:
Table 4: Provided Services
Service Interface(s) Description Inputs Outputs Role
General SCSI
commands
- Host As documented in the
TS1130 SCSI Reference
Formatted
Operational
Codes and
Messages
Formatted
Operational
Codes and
Messages
User
General Library
Interface commands
- Library As documented in the
Drive Library LDI and
LMI Interface
Specifications
Formatted
Operational
Codes and
Messages
Formatted
Operational
Codes and
Messages
User
Service Panel
Configuration
- Service
Panel
Set selected aspects of
drive configuration
manually, per the 3592
E06 Maintenance
Information Manual
Button
selections
Service
Panel
User
Service Panel
Diagnostics
- Service
Panel
Invoke diagnostics
manually, per the 3592
E06 Maintenance
Information Manual
Button
selections
Service
Panel,
8 Character
Display
User
Service Panel Status
Display
- Service
Panel
Displays status, per the
3592 E06 Maintenance
Information Manual
From
TS1130
drive
operating
system
Service
Panel
User
Front Panel Interface
Status
- Front Panel
Interface
(8
Character
Display)
Displays status, per the
3592 E06 Maintenance
Information Manual
From
TS1130
drive
operating
system
8 Character
Display
User
Front Panel Interface
Unload
- Front Panel
Interface
(Unload
Button)
Unload via unload button Button
selection
8 Character
Display
User
Front Panel Interface
Reset
- Front Panel
Interface
(Reset
Button)
Reset via the reset button Button
selection
Reboot
occurs
User
Version 7 Revision 3
11
Service Interface(s) Description Inputs Outputs Role
Encrypting Write-
type Command
- Host The Secure Key Interface
Facility automatically
requests a key, provides
authentication data,
securely transfers and
verifies the key material.
The Data Block Cipher
Facility encrypts the data
block with the received
Data Key using AES-
GCM block cipher for
recording to media. A
received EEDK is
automatically written to
media using the
Cartridge memory and
the RW Head Interface.
The decryption-on-the-
fly check performs AES-
GCM decryption of the
encrypted data block and
verifies the correctness of
the encryption process
- Plaintext
data
- SEDK
- EEDK
- Encrypted
data on tape
- EEDK on
tape
User
Decrypting Read-
type Command
- Host The Secure Key Interface
Facility automatically
requests a key, provides
authentication data and
EEDK information if
available, securely
transfers and verifies the
key material.
The received Data Key is
used by the Data Block
Cipher Facility to decrypt
the data block with using
AES-GCM decryption
and returning plaintext
data blocks to the host;
Optionally in Raw mode
the encrypted data block
may be returned to the
host in encrypted form
(not supported in
approved configuration)
SEDK - Plaintext
data to host
User
Set Encryption
Control Parameters
(including Bypass
Mode)
- Host
- Library
Performed via Mode
Select to Mode Page
x’25’ and Encryption
Subpage X’C0’
Requested
Mode Page
and Subpage
None User
Query Encryption
Control Parameters
(including Bypass
Mode)
“Show Status”
- Host
- Library
Performed via Mode
Sense to Mode Page
x’25’ and Encryption
Subpage X’C0’
Requested
Mode Page
and Subpage
Mode Data User
Version 7 Revision 3
12
Service Interface(s) Description Inputs Outputs Role
Drive
Challenge/Response
- Host
- Library
Allows programming
challenge data and
reading an optionally)
encrypted, signed
response; not used in
default configuration.
Performed via mode
select and mode sense to
Mode Page x’25’ and
Encryption Subpage
x’D5’; not used in
default configuration
Requested
Mode Page
and Subpage
Mode Data User
Query Drive
Certificate
- Host
- Library
Allows reading of the
Drive Certificate public
key. Performed via
mode sense to Mode
Page x’25’ and
Encryption Subpage
x’D6’; the provided
certificate is signed by
the IBM Tape Root CA.
Requested
Mode Page
and Subpage
Mode Data User
Query dSK - Host
- Library
Allows reading of the
Drive Session (Public)
Key Performed via
mode sense to Mode
Page x’25’ and
Encryption Subpage
X’DF’.
Requested
Mode Page
and Subpage
Mode Data User
Setup an SEDK and
EEDK structure (a
protected key
structure)
- Host
- Library
This is the means to
import an encrypted
private key to the
TS1130 for use in writing
and encrypted tape or in
order to read a previously
encrypted tape.
Performed via mode
select to Mode Page
x’25’ and Encryption
Subpage x’E0’. In this
service, the module
generates a drive session
key pair. The module
then sends the dSK to the
key manager where it is
used to create an SEDK.
At this time, the key
manager also uses its
own RSA key to generate
the EEDK. Then, the
key manager sends both
the SEDK and the EEDK
back to the module.
Requested
Mode Page
and Subpage
Mode Data User
Version 7 Revision 3
13
Service Interface(s) Description Inputs Outputs Role
Query EEDK(s) –
active, needed,
pending , entire (all)
- Host
- Library
Allows the reading from
the drive of EEDK
structures in different
categories for the
medium currently
mounted. Performed by
Mode Select commands
to Mode Page x25’ and
various subpages.
Requested
Mode Page
and Subpage
Mode Data User
Request EEDK(s)
Translate
- Host
- Library
This status command is
used when the drive has
already notified the Key
Manager that it has read
EEDKs from a mounted,
encrypted tape and needs
them translated to an
SEDK and returned for
the drive to read the tape.
The key manager issues
this command to read
EEDK(s) structures
which the drive requires
to be translated by the
Key Manager and
subsequently returned to
the drive as an SEDK
structure to enable
reading of the currently
active encrypted area of
tape. Performed via
mode sense to Mode
Page x’25’ and
Encryption Subpage
x’EE’ .
Requested
Mode Page
and Subpage
Mode Data User
Request EEDK(s)
Generate
- Host
- Library
This status command is
used when the drive has
already notified the Key
Manager that it requires
new SEDK and EEDK(s)
to process a request to
write an encrypted tape.
This page provides
information about the
type of key the drive is
requesting. Performed
via mode sense to Mode
Page x’25’ and
Encryption Subpage
x’EF’ .
Requested
Mode Page
and Subpage
Mode Data User
Version 7 Revision 3
14
Service Interface(s) Description Inputs Outputs Role
Alter EEDK(s) - Host
- Library
This command is used to
modify the EEDK
structures stored to tape
and cartridge memory.
The TS1130 will write
the modified structures
out to the tape and
cartridge memory as
directed.
Performed via mode
sense to Mode Page
x’25’ and Encryption
Subpage x’E1’ .
Requested
Mode Page
and Subpage
Mode Data User
Drive Error Notify
and Drive Error
Notify Query
- Host
- Library
These status responses
are the means used by the
drive to notify the Key
Manager that an action is
required, such as a Key
generation or Translate,
to proceed with an
encrypted write or read
operation. These status
responses are read via
Mode Sense commands
to Mode Page x’25’
subpage ‘EF” and ‘FF’.
Requested
Mode Page
and Subpage
Mode Data User
Power-Up Self-Tests - Power
- Host
- Library
Performs integrity and
cryptographic algorithm
self-tests, firmware
image signature
verification
None
required
Failure
status, if
applicable
User,
Crypto
Officer
Configure Drive
Vital Product Data
(VPD) settings
- Host
- Library
Allows controlling of
default encryption mode
and other operating
parameters
From
TS1130
drive
operating
system
Vital
Product
Data (VPD)
User
Firmware Load - Host Allows loading of
validated firmware
images
Firmware
image
None Crypto
Officer
Key Path Check
diagnostic
- Host As documented in the
TS1130 SCSI Reference
Diagnostic
command
specifying
the Key Path
diagnostic
Diagnositc
command
status
User
Key Zeroization - Service
Panel
Zeroes all private
plaintext keys in the
TS1130 drive via the
Service Panel
Service
panel
buttons
Diagnositc
command
status
Crypto
Officer
Version 7 Revision 3
15
3.5 Physical Security
The TS1130 drive “brick” unit is embedded in a factory supplied canister assembly. The brick assembly is
the cryptographic boundary of the TS1130. All of the drive’s components are production grade.
Both the drive brick unit and the canister assembly have industrial grade covers. These covers are not
removed in the field in the approved configuration. The TS1130 requires no preventative maintenance, and
field repair is not performed for the unit. All failing units must be sent intact to the factory for repair.
Figure 2 TS1130 Drive Brick
Figure 3 TS1130 Drive Canister
Version 7 Revision 3
16
3.6 Cryptographic Algorithms and Key Management
3.6.1 Cryptographic Algorithms
The TS1130 drive supports the following basic cryptographic functions. These functions are used by the
Secure Key Interface Facility or the Data Block Cipher Facility to provide higher level user services.
Table 5: Basic Cryptographic Functions
Algorithm Type /Usage Specification Approved? Used by Algorithm
Certificate
AES-GCM mode
encryption /
decryption
(256-bit keys)
Symmetric Cipher
Encrypts data
blocks while
performing
decrypt-on-the-fly
verification
Decrypts data
blocks
AES: FIPS-197
GCM: SP800-38D
Yes ASIC #918, #919
and #1273
RNG IV generation for
AES-GCM, Drive
Session Key
generation
FIPS 186-2 using
SHA-1
Yes Firmware #711
SHA-1 Hashing
Algorithm
Multiple uses
FIPS 180-3 Yes Firmware #1173
SHA-256 Hashing
Algorithm
Digest verifies
key manager
messages, digest
appended on
messages to key
manager
FIPS 180-3 Yes Firmware #1173
PKCS #1 :RSA
Sign/Verify
Digital signature
generation and
verification to
sign the session
key and to verify
firmware image
signature on
firmware load
FIPS 186-2 and
PKCS#1
Yes Firmware #611
PKCS #1 :RSA Key
Generation (1024
and 2048-bit keys)
Key Generation
Session key
generation
- No, but
allowed in
FIPS mode1
Firmware N/A
PKCS #1 RSA Key
Transport (1024 and
2048-bit keys)
Unwrapping of
transported key
material SEDK
- No, but
allowed in
FIPS mode
Firmware N/A
TRNG (Custom) Seeding RNG - No2
ASIC N/A
1
Allowed for generation of keys used by the RSA Key Transport mechanism
2
Allowed in FIPS mode for seeding approved RNG
Version 7 Revision 3
17
3.6.2 Security Parameters
The following table provides a summary of both critical security parameters (CSPs) and non-critical
security parameters used by the TS1130 drive.
Table 6: Security Parameters
Security
Parameter
CSP Key Type Input into
Module
Output
from
Module
Generation
Method
Storage
Location
Storage Form Zeroized
Drive
Certificate
Public Key
(dCert)
No RSA
2048-bit
PKCS#1
Yes -
at time of
manufacture
Yes N/A Drive
Vital
Product
Data
(VPD)
Non-volatile
Plaintext
N/A
Drive
Certificate
Private Key
(dCert’)
Yes RSA
2048-bit
PKCS#1
Yes -
at time of
manufacture
No N/A Drive
VPD
Non-volatile
X.509
certificate
signed with the
IBM Tape root
CA
Yes
Drive
Session
Public Key
(dSK)
No RSA
2048-bit
PKCS#1
No –
Generated
by module
Yes Non-approved,
allowed in
FIPS mode
Drive
RAM
Ephemeral
Plaintext
N/A
Drive
Session
Private
Key
(dSK’)
Yes RSA
2048-bit
PKCS#1
No –
Generated
by module
No Non-approved,
allowed in
FIPS mode
Drive
RAM
Ephemeral
Plaintext
Yes
Session
Encrypted
Data Key
(SEDK)
No RSA-2048
encrypted
with the
dSK
Yes No N/A Drive
RAM
Ephemeral
Encrypted
Yes
Data Key
(DK)
Yes AES
256-bit
symmetric
key
Yes –
(Received in
encrypted
form,
encapsulated
in the
SEDK)
No N/A Before
Use:
Drive
RAM
Ephemeral
Plaintext
Yes
When in
use:
Stored In
ASIC;
(unreadab
le
register)
Ephemeral
Encrypted
form as SEDK
186-2 RNG
Seed Key
Yes Seed No –
Generated
by module
No TRNG Drive
RAM
Ephemeral
Plaintext
Yes
186-2 RNG
Seed
Yes Seed
(20 bytes)
No –
Generated
by module
No TRNG Drive
RAM
Ephemeral
Plaintext
Yes
Additional notes on key management:
• Secret and private keys are never output from the TS1130 drive in plaintext form.
• Secret keys may only be imported to the TS1130 drive in encrypted form.
• Zeroization behavior outlined in Table 7
Version 7 Revision 3
18
Table 7: CSP Access Table
Drive
Certificate
Public
Key
(
dCert)
Drive
Certificate
Private
Key
(dCert’)
Drive
Session
Public
Key
(dSK)
Drive
Session
Private
Key
(dSK’)
Session
Encrypted
Data
Key
(SEDK)
Data
Key
(DK)
186-2
RNG
Seed
Key
186-2
RNG
Seed
General SCSI commands
General Library Interface commands R R W
Service Panel Configuration ,
Diagnostic and Status services
X X X X
Service Panel Configuration
Service Panel Diagnostics X X X X
Service Panel Status Display
Front Panel Interface Status
Front Panel Interface Unload Z Z Z Z
Front Panel Interface Reset Z Z Z Z Z Z
Encrypting Write-type Command X
Decrypting Read-type Command X
Set Encryption Control Parameters
(including Bypass Mode)
Query Encryption Control Parameters
(including Bypass Mode)
“Show Status”
Drive Challenge/Response X X X X
Query Drive Certificate R
Query dSK X R
Setup an SEDK and EEDK structure
(a protected key structure)
X W W
Query EEDK(s) – active, needed,
pending , entire (all)
Request EEDK(s) Translate R
Request EEDK(s) Generate W
Alter EEDK(s) X RW
Drive Error Notify and Drive Error
Notify Query
Power-Up Self-Tests X X X X
Configure Drive Vital Product Data
(VPD) settings
W W
Firmware Load Test
Key Path Check diagnostic X X RX X R
Key Zeroization Z Z Z Z Z Z
Version 7 Revision 3
19
3.6.3 Self-Test
The TS1130 drive performs both Power On Self Tests and Conditional Self tests as follows. The operator
shall power cycle the device to invoke the Power On Self tests.
Table 8: Self-Tests
Function
Tested
Self-Test Type Implementation Failure Behavior
AES-GCM
(256-bit keys)
Power-Up KAT performed for Encrypt and Decrypt (256-
bit)
FSC3
D12D posted
RNG Power-Up KAT performed FSC D12D posted
SHA-1 Power-Up KAT performed FSC D12D posted
SHA-256 Power-Up KAT performed FSC D12D posted
RSA PKCS #1
Sign/Verify
Power-Up KAT performed FSC D12D posted
Firmware
Integrity Check
Power-Up RSA PKCS #1 digital signature verification of
application firmware; CRC check of SH vital
product data (VPD); CRC check of FPGA
image.
Drive reboot
RNG Conditional:
When a random number is
generated
Ensure the newly generated random number
does not match the previously generated random
number. Also ensure the first number generated
after start up is unused and stored for
comparison
FSC D133 posted
TRNG
(Custom)
Conditional:
When a random number is
generated
Ensure the newly generated random number
does not match the previously generated random
number. Also ensure the first number generated
after start up is unused and stored for
comparison
FSC D133 posted
Firmware Load
Check
Conditional:
When new firmware is
loaded
RSA PKCS #1 signature verification of new
firmware image before new image may be
loaded
Code load is
rejected
Exclusive
Bypass Test
Conditional:
When switching between
encryption and bypass
modes
Ensure correct data output after switching
modes
Check to ensure the key is properly loaded
(Note: The same implementation serves as the
Alternating Bypass Test.)
FSC D189 posted
Alternating
Bypass Test
Conditional:
When switching between
encryption and bypass
modes
Ensure correct data output after switching
modes
Check to ensure the key is properly loaded
(Note: The same implementation serves as the
Exclusive Bypass Test.)
FSC D188 posted
Key Path test Conditional:
When the Send Diagnostic
command specifying this
diagnostic number is
received from the host
fibre or library port; the
drive must be unloaded
and idle or the command
is rejected
The drive will initiate a key request and key
transfer operation with an attached Key
Manager; random protected key material is
imported into the device and checked for
validity; status is reported back to the Key
Manager and the invoking Host
FSC D132 posted
3
Fault Symptom Code
Version 7 Revision 3
20
3.6.4 Bypass States
The TS1130 supports the following bypass states:
Table 9: Bypass States
Bypass State To enter the Bypass State To verify the Bypass State
Static Bypass Mode 1:
Encryption disabled
Issue a Mode Select command to
mode page X’25’ and set the
“Encryption Disabled” bit
Issue a Mode Sense
command to verify the
mode is accurately reflected
on mode page X’25’
Static Bypass Mode 2:
Zero key usage for all records
Issue a Mode Select command to
mode page X’25’ and set bit 0 of
Encryption Control 3 to 1
Alternating Bypass Mode 1:
Zero Key usage all labels
Issue a Mode Select command to
mode page X’25’ and set bit 2 of
Encryption Control 3 to 1
Alternating Bypass Mode 2:
Zero Key usage on Volume Labels
Issue a Mode Select command to
mode page X’25’ and set bit 1 of
Encryption Control 3 to 1
Bypass entry, exit, and status features are provided to meet approved methods for use of bypass states.
3.7 Design Assurance
TS1130 drive release parts are maintained under the IBM Engineering Control (EC) system. All
components are assigned a part number and EC level and may not be changed without re-release of a new
part number or EC level.
The following table shows the validated configuration for each host interfaces of the TS1130 encrypting
tape drive:
Table 10: Validated Configuration
Hardware EC Level 45E8855 EC Level L31095
Firmware EC Level 46X1651 EC Level L31096
3.8 Mitigation of other attacks
The TS1130 drive does not claim to mitigate other attacks.