Copyright © 2022 Extreme Networks, Inc. Extreme Networks SLX 9540 and SLX 9740 Switches FIPS 140-2 Non-Proprietary Security Policy Document Version 1.2 © 2022 Extreme Networks, Inc. All Rights Reserved. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 2 of 24 Revision History Revision Date Revision Summary of Changes 07/29/2021 1.0 Initial Release 05/12/2022 1.1 Tables 2, 6, 7, 13 and Sections 4, 6, 9 updated to address NIST comments 07/18/2022 1.2 Update made to KAS-ECC-SSC bit strength in Table 6 to address NIST comments © 2022 Extreme Networks, Inc. All Rights Reserved. This Extreme Networks Security Policy for Extreme Networks SLX 9540 and SLX 9740 series of switches embodies Extreme Networks' confidential and proprietary intellectual property. Extreme Networks Systems retains all title and ownership in the Specification, including any revisions. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 3 of 24 This Specification is supplied AS IS and may be reproduced only in its original entirety [without revision]. Extreme Networks makes no warranty, either express or implied, as to the use, operation, condition, or performance of the specification, and any unintended consequences it may have on the user environment. Contents 1 Introduction................................................................................................................................................................5 1.1 MODULE DESCRIPTION AND CRYPTOGRAPHIC BOUNDARY ................................................................................... 7 1.2 PORTS AND INTERFACES................................................................................................................................. 9 1.3 MODES OF OPERATION.................................................................................................................................11 2 Cryptographic Functionality...................................................................................................................................11 2.1 CRITICAL SECURITY PARAMETERS ..................................................................................................................15 2.2 PUBLIC KEYS ..............................................................................................................................................16 3 Roles, Authentication and Services......................................................................................................................17 3.1 ASSUMPTION OF ROLES ................................................................................................................................17 3.2 AUTHENTICATION METHODS..........................................................................................................................17 3.3 SERVICES ...................................................................................................................................................18 4 Self-Tests ..................................................................................................................................................................21 5 Physical Security Policy..........................................................................................................................................22 6 Operational Environment.......................................................................................................................................22 7 Mitigation of Other Attacks Policy........................................................................................................................22 8 Security Rules and Guidance ................................................................................................................................22 9 CO Initialization .......................................................................................................................................................23 10 Definitions and Acronyms......................................................................................................................................24 Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 4 of 24 Table of Tables: Table 1 – Security Level of Security Requirements................................................................................................... 5 Table 2 – SLX Configurations...................................................................................................................................... 5 Table 3 – Mapping of HW/PN to ‘show chassis’ Output ........................................................................................... 6 Table 4 - Physical/Logical Interface Correspondence............................................................................................... 9 Table 5 – Ports and Interfaces .................................................................................................................................10 Table 6 – Approved Algorithms.................................................................................................................................11 Table 7 – Non-Approved but Allowed Cryptographic Functions..............................................................................13 Table 8 – Security Relevant Protocols Used in FIPS Mode.....................................................................................13 Table 9 - Non-Approved Algorithms ..........................................................................................................................15 Table 10 – Critical Security Parameters (CSPs).......................................................................................................15 Table 11 – Public Keys..............................................................................................................................................16 Table 12 - Roles and Required Identification and Authentication..........................................................................17 Table 13 - Strengths of Authentication Mechanism................................................................................................17 Table 14 - Service Descriptions ................................................................................................................................18 Table 15 – Unauthenticated Services......................................................................................................................19 Table 16 - CSP Access Rights within Roles & Services ...........................................................................................20 Table of Figures Figure 1 - Block Diagram............................................................................................................................................. 7 Figure 2 –SLX Modules ............................................................................................................................................... 8 Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 5 of 24 1 Introduction This document defines the Security Policy for the Extreme Networks SLX 9540 and SLX 9740 Switches, hereafter denoted as, “the Module.” The Module is a Gigabit Ethernet routing network switch that provides secure network services and network management. The FIPS 140-2 security levels for the Module are as follows: Table 1 – Security Level of Security Requirements Security Requirement Security Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 3 Finite State Model 1 Physical Security 1 Operational Environment N/A Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A Overall 1 The Module configurations are listed in Table 2. Table 2 – SLX Configurations Module HW P/N Description SLX9740-40C SLX9740-90C Extreme SLX 9740-40C Router. Base unit with 40x100GE/40GE capable QSFP28 ports, 2 unpopulated power supply slots, 6 unpopulated fan slots. Intel Atom C3758 SLX9740-80C SLX9740-80C Extreme SLX 9740-S0C Router. Base unit with 80x100GE/40GE capable QSFP28 ports, 4 unpopulated power supply slots, 4 unpopulated fan slots. Intel Atom C3758 SLX9540-24S BR-SLX-9540-24S-AC-F1 SLX 9540-24S Switch AC with front-to-back airflow. Supports 24×10 GbE/1 GbE + 24×1 GbE ports. Intel Xeon D-1527 SLX9540-24S BR-SLX-9540-24S-DC-F1 SLX 9540-24S Switch DC with front-to-back airflow. Supports 24×10 GbE/1 GbE + 24×1 GbE ports. Intel Xeon D-1527 SLX9540-24S BR-SLX-9540-24S-AC-R1 SLX 9540-24S Switch AC with back-to-front airflow. Supports 24×10 GbE/1 GbE + 24×1 GbE ports. Intel Xeon D-1527 Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 6 of 24 SLX9540-24S BR-SLX-9540-24S-DC-R1 SLX 9540-24S Switch DC with back-to-front airflow. Supports 24×10 GbE/1 GbE + 24×1 GbE ports. Intel Xeon D-1527 SLX9540-48S BR-SLX-9540-48S-AC-F1 SLX 9540-48S Switch AC with front-to-back airflow. Supports 48×10 GbE/1 GbE + 6×100 GbE/40 GbE ports. Intel Xeon D-1527 SLX9540-48S BR-SLX-9540-48S-DC-F1 SLX 9540-48S Switch DC with front-to-back airflow. Supports 48×10 GbE/1 GbE + 6×100 GbE/40 GbE ports. Intel Xeon D-1527 SLX9540-48S BR-SLX-9540-48S-AC-R1 SLX 9540-48S Switch AC with back-to-front airflow. Supports 48×10 GbE/1 GbE + 6×100 GbE/40 GbE ports. Intel Xeon D-1527 SLX9540-48S BR-SLX-9540-48S-DC-R1 SLX 9540-48S Switch DC with back-to-front airflow. Supports 48×10 GbE/1 GbE + 6×100 GbE/40 GbE ports. Intel Xeon D-1527 1 The module SKU#s are the HW P/Ns above appended with “AC-F” or “AC-R” suffix for fan configuration. “AC-F” indicates, AC with Front to Back Airflow and “AC-R” indicates, AC with Back to Front Airflow. Table 3 – Mapping of HW/PN to ‘show chassis’ Output Item# HW P/N ‘show chassis’ output 1. SLX9740-40C SLX9740-80C 2. SLX970-80C SLX9740-80C 3. BR-SLX-9540-24S-* BR-SLX9540 4. BR-SLX-9540-48S-* BR-SLX9540 The firmware version is: SLXOS 20.2.1aa. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 7 of 24 1.1 Module Description and Cryptographic Boundary The Module is a multi-chip standalone embodiment. The cryptographic boundary is the metal chassis enclosure. The physical form of the Module is depicted in the Figures below. Figure 1 - Block Diagram Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 8 of 24 Figure 2 –SLX Modules SLX 9740-40C SLX 9740-80C SLX 9540-24S Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 9 of 24 SLX 9540-48S 1.2 Ports and Interfaces Each module provides Networking ports, USB ports, Management Ethernet port, Serial port, Power Supply connectors and LEDs. This section describes the physical ports and the interfaces they provide for Data input, Data output, Control input, and Status output. Table 4 below shows the correspondence between the physical interfaces of the modules and logical interfaces defined in FIPS 140-2. Table 4 - Physical/Logical Interface Correspondence Physical Interface Logical Interface Networking ports (including Management Ethernet port) Data input USB port(disabled) Networking ports (including Management Ethernet port) Data output USB port (disabled) Management Ethernet port Control input Networking ports Serial port Management Ethernet port Status output Serial port Networking ports USB port (disabled) LED Power Supply connector(s) Power Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 10 of 24 Table 5 below shows the Ports and Interfaces of the modules. Table 5 – Ports and Interfaces Physical Interface SLX 9740-24S SLX 9740-48S SLX 9540-24S SLX 9540-48S Networking ports 40x100Gbe QSFP28 or max 72 with breakout cable (18*4) supporting 10Gbe or 25Gbe 80x100Gbe QSFP28 or Max 144 with breakout cable (36 * 4) supporting 10Gbe or 25Gbe 24x10Gbe/1Gbe+2 4x1Gbe 48×10 GbE/1 GbE + 6×100 GbE/40 GbE ports Management Ethernet port RJ-45 10/100/1000 Ethernet out-of- band management port (x1) RJ-45 10/100/1000 Ethernet out-of- band management port (x1) RJ-45 10/100/1000 Ethernet out-of-band management port (x1) RJ-45 10/100/1000 Ethernet out-of- band management port (x1) Serial port RJ-45 used for console (x1) RJ-45 used for console (x1) RJ-45 used for console (x1) RJ-45 used for console (x1) USB port (Disabled in FIPS Mode) USB used for data downloads and FW uploads (x1) USB used for data downloads and FW uploads (x1) USB used for data downloads and FW uploads (x1) USB used for data downloads and FW uploads (x1) LED System Power (x1) System Status (x1) Status LEDs for QSFP ports (10Gb/25Gb/40Gb /50Gb/100Gb) The Ethernet LEDs are integrated with the RJ45 connector. The Power supply LEDs are integrated with the PSU. System Power (x1) System Status (x1) Status LEDs for QSFP ports (10Gb/25Gb/40Gb /50Gb/100Gb) The Ethernet LEDs are integrated with the RJ45 connector. The Power supply LEDs are integrated with the PSU. System Power (x1) System Status (x1) Power Supply (x2) Fan (x5) Port (x146) System Power (x1) System Status (x1) Power Supply (x2) Fan (x4) Port (x146) Power Supply connector(s) Connectors (x1) Connectors (x1) Connectors (x1) Connectors (x1) Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 11 of 24 1.3 Modes of Operation The Module supports an Approved mode of operation and a non-Approved mode of operation. The initial state of the cryptographic module is the non-Approved mode of operation. The Crypto-Officer shall follow the procedures in Section 9 to initialize the module into the Approved mode of operation. In the non-Approved mode, an operator will have no access to CSPs used within the Approved mode. When switching from the non-Approved mode of operation to the Approved-mode, the module performs zeroization of the module’s plaintext CSPs as indicated in the procedure in Section 9. Failure to follow the steps outlined to enter the Approved mode will result in a non-Approved mode of operation. 2 Cryptographic Functionality The Module implements the FIPS Approved and Non-Approved but Allowed cryptographic functions listed in Tables 6 and 7 below. The function descriptions reflect the CAVP testing. Table 6 – Approved Algorithms Label Cryptographic Function Certificate Number AES FIPS 197, SP800-38A Advanced Encryption Algorithm ECB, CBC, CTR; Encrypt/Decrypt; 128, 192 and 256-bit CFB-128; Encrypt/Decrypt; 128-bit [NOTE: ECB Decrypt Mode is not used or called by any service in FIPS mode.] A1076 CKG SP800-133 Sections 5, 6.2 Vendor Affirmed CVL SP800-135 KDF TLS TLS v1.0/1.1 and v1.2 SHA-256, 384 [NOTE: TLS 1.0 is not supported in FIPS mode] A1076 CVL SP 800-135 KDF SNMP PW len: 64-128 SHA-1 A1076 CVL SP800-135 KDF SSH (v2) AES-128, 192, 256 SHA-1, SHA-256, 384, 512 A1076 DRBG SP800-90A Deterministic Random Bit Generator Mode: AES-256 CTR_DRBG (Derivation Function and Prediction Resistance Enabled) A1076 DSA Digital Signature Algorithm FIPS 186-4 Key Gen: L = 2048, N = 256 A1076 Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 12 of 24 Label Cryptographic Function Certificate Number ECDSA FIPS 186-4 Elliptic Curve Digital Signature Algorithm FIPS 186-4 Key Gen: P-256, P-384, P-521 FIPS 186-4 PKV: P-256, P-384, P-521 FIPS 186-4 SigGen: P-256 with SHA-256, 384, 512; P-384 with SHA-256, 384, 512; P-521 with SHA-256, 384, 512 FIPS 186-4 SigVer: P-256 with SHA-256, 384, 512; P-384 with SHA-256, 384, 512; P-521 with SHA-256, 384, 512 [NOTE: SHA-512 is tested, but not used for ECDSA signature generation/verification.] A1076 ENT (NP) SP800-90B Entropy Source. The DRBG is seeded with 2048 bytes of entropy from the entropy source, which provides at least 256 bits of security strength. HMAC Keyed-Hash Message Authentication code MACs: HMAC-SHA-1 (λ=96, 160), HMAC-SHA-224 (λ=224), HMAC-SHA-256 (λ=256), HMAC SHA-384(λ=320), HMAC-SHA-512 (λ=512) [NOTE: HMAC-SHA-224 is tested, but not used or called by any service in FIPS mode] A1076 KAS- SSC Diffie-Hellman Key agreement; key establishment methodology provides 112 bits of encryption strength. dhEphem using 2048-bit EC Diffie-Hellman Key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength. Ephemeral Unified using P-256, P-384, P-521 A1076 KAS KAS-SSC Cert. #A1076, CVL Cert. #A1076) KTS AES (CBC or CTR) and HMAC within TLS or SSH; key establishment methodology provides between 128 and 256 bits of encryption strength A1076 RSA Rivest Shamir Adleman Signature Algorithm FIPS 186-4 Key Generation: RSA 2048, 3072-bit RSASSA-PKCS1_V1_5 Signature Generation: RSA 2048-bit with SHA-224, 256, 384, 512; 3072-bit with SHA-224, 256, 384, 512 RSASSA-PKCS1_V1_5 Signature Verification: RSA 1024-bit (legacy use) with SHA-1, SHA-224, 256, 384, 512; RSA 2048-bit with SHA-1 (legacy use only), SHA-224, 256, 384, 512; RSA 3072-bit with SHA-1 (legacy use only), SHA-224, 256, 384, 512 [NOTE: RSA 3072-bit is tested, but not used or called by any service in FIPS Mode. SHA-224 and SHA-512 are not used for RSA signature generation/ verification. SHA-1 is not used for RSA signature generation. RSA 1024-bit signature verification is also tested, but not used in the Approved mode] A1076 SHS Secure Hash Algorithm Message Digests: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256 [NOTE: SHA-224 is not used or called by any service in FIPS Mode] A1076 SHA-3 Secure Hash Algorithm Message Digest: SHA-3-256 A1076 Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 13 of 24 Table 7 – Non-Approved but Allowed Cryptographic Functions Algorithm Description HMAC (No Security Claimed) [IG 1.23, Scenario 2b] SHA-1, 256, 384 or 512 used to authenticate OSPFv2/3 packets using non-compliant keys. HMAC-MD5 [IG 1.23, Scenario 2a] Used in RADIUS for operator authentication only (HMAC-MD5 is not exposed to the operator) Also used in the SP800-135 TLS 1.0/1.1 KDF MD5 (No Security Claimed) [IG 1.23, Scenario 1 and 2b] Used for User/ CO password hash and legacy use in industry protocols (Note: The use of MD5 does not provide cryptographic protection and the resultant MD5 digest is considered plaintext). Table 8 – Security Relevant Protocols0F 2 Used in FIPS Mode Protocol Key Exchange Server/ Host Auth Cipher Integrity SSHv2 [IG D.8 and SP 800- 135] diffie-hellman-group- exchange-sha256 (2048 bit) RSA AES-CBC-128, AES-CBC-192, AES-CBC-256, AES-CTR-128, AES-CTR-192, AES-CTR-256 HMAC-SHA-1, HMAC-SHA- 256, HMAC-SHA-512 diffie-hellman- group14-sha1 RSA AES-CBC-128, AES-CBC-192, AES-CBC-256, AES-CTR-128, AES-CTR-192, AES-CTR-256 HMAC-SHA-1, HMAC-SHA- 256, HMAC-SHA-512 ecdh-sha2-nistp256 ECDSA P-256 AES-CBC-128, AES-CBC-192, AES-CBC-256, AES-CTR-128, AES-CTR-192, AES-CTR-256 HMAC-SHA-1, HMAC-SHA- 256, HMAC-SHA-512 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS v1.1, v1.2 2 No parts of these protocols, other than the KDFs, have been tested by the CAVP and CMVP Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 14 of 24 Protocol Key Exchange Server/ Host Auth Cipher Integrity TLS/ HTTPS (both client and server) [IG D.8 and SP 800- 135] Static ECDH RSA AES-CBC-128 SHA-256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS v1.1, v1.2 Static ECDH RSA AES-CBC-256 SHA-384 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS v1.1, v1.2 Static ECDH ECDSA AES-CBC-128 SHA-256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS v1.1, v1.2 Static ECDH ECDSA AES-CBC-256 SHA-384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS v1.1, v1.2 Ephemeral ECDH RSA AES-CBC-128 SHA-256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS v1.1, v1.2 Ephemeral ECDH RSA AES-CBC-256 SHA-384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS v1.1, v1.2 Ephemeral ECDH ECDSA AES-CBC-128 SHA-256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS v1.1, v1.2 Ephemeral ECDH ECDSA AES-CBC-256 SHA-384 SNMPv3 in authPriv mode N/A N/A AES-CFB-128 HMAC-SHA-1 (λ=96) Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 15 of 24 The module provides the following non-Approved algorithms in the non-Approved mode of operation: Table 9 - Non-Approved Algorithms Crypto Function/Service User Role Change Additional Details ARCFOUR Crypto-Officer Non-approved cipher for SSH and TLS. Blowfish Crypto-Officer Non-approved cipher for SSH and TLS. CAST Crypto-Officer Non-approved cipher for SSH and TLS. CHACHA20 Crypto-Officer Non-approved cipher for SSH and TLS. DES Crypto-Officer Non-approved cipher for SNMPv3 HMAC-MD5 Crypto-Officer Non-approved within SNMPv3 MD5 Crypto-Officer NTP authentication key, SSH MACs: hmac-md5, hmac-md5-96, hmac-md5-etm@openssh.com RIJNDAEL Crypto-Officer Non-approved cipher for SSH and TLS RIPEMD Crypto-Officer Non-approved cipher for SSH and TLS RSA Crypto-Officer RSA operations with key size 1024 bits and RSA Key Transport within SSH and TLS SNMP SNMPv1, SNMPv2c, and SNMPv3 in noAuthNoPriv, authNoPriv mode Triple-DES Crypto-Officer Non-approved cipher for SSH and TLS. UMAC Crypto-Officer Non-approved cipher for SSH and TLS. 2.1 Critical Security Parameters All CSPs used by the Module are described in this section. All usage of these CSPs by the Module (including all CSP lifecycle states) is described in the services detailed in Section 3. Table 10 – Critical Security Parameters (CSPs) CSP Description / Usage KAS Private Keys 2048-bit DH or P-256, P-384, P-521 ECDH private keys used in SSH or TLS to establish a shared secret. KAS Shared Secret 2048-bit shared secret from KAS-SSC. Used in SSH or TLS KDF to derive (client and server) session keys. Session Encryption Keys AES (CBC, CTR; 128, 192, 256-bit) used to secure SSH (including SCP and SFTP) or TLS sessions. Session MAC Keys HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 Session authentication key used to provide integrity of SSHv2 (including SCP and SFTP) or TLS sessions. Host Authentication Private Keys ECDSA P-256, P-384, P-521 or RSA-2048, 3072-bit private keys used to authenticate to external entities for SSH and TLS. DRBG Entropy Input 2048-bytes output from the SP800-90B Entropy Source; used to seed the SP800- 90A DRBG (CTR_DRBG AES-256) to a security strength of 256-bits. DRBG Internal State Internal State of SP800-90A AES-256 CTR DRBG (256-bit Key and 128-bit V). Passwords Password used to authenticate operators (8 to 40 characters). Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 16 of 24 CSP Description / Usage RADIUS Secret Used to facilitate session establishment with the RADIUS server (6 to 40 characters). SNMPv3 Passphrases Used to derive SNMPv3 auth key and SNMPv3 privacy keys (8-16 characters). SNMPv3 auth key Used to authenticate SNMPv3 packet using HMAC-SHA-1 (λ=96). SNMPv3 privacy key Used to encrypt SNMPv3 packet using AES-CFB-128. 2.2 Public Keys Table 11 – Public Keys Key Description / Usage KAS Public Keys DH 2048-bit or ECDH P-256, P-384, P-521 public keys used in SSH or TLS to establish a shared secret. Authentication Public Keys ECDSA P-256, P-384, P-521 or RSA-2048, 3072-bit external entity public keys, as well as module public keys for use in TLS and SSH authentication. Firmware Download Public Key RSA-2048-bit public key used to update the FW of the module. Syslog ROOT CA certificate RSA-2048-bit public key used to authenticate Syslog server. RADIUS ROOT CA certificate RSA-2048-bit public key used to authenticate RADIUS server. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 17 of 24 3 Roles, Authentication and Services 3.1 Assumption of roles The cryptographic module supports two (2) operator roles. The cryptographic module shall enforce the separation of roles using role-based and identity-based operator authentication. Thirty-two (32) concurrent operators are allowed on the Module. Table 12 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data Authentication Mechanism User: User role has the permission to execute a subset of the commands via the console, SSH and TLS services. Identity-based Username and Password and PKI Password and PKI Admin (Crypto-Officer): Admin role has the permission to access and execute all the commands via the console, SSH and TLS services. Identity-based Username and Password and PKI Password and PKI 3.2 Authentication Methods Table 13 - Strengths of Authentication Mechanism Authentication Mechanism Strength of Mechanism Password 90 possible characters can be used with a minimum length of eight (8) characters, which is enforced by the module. The probability that a random attempt will succeed, or a false acceptance will occur is 1/90^8 which is less than 1/1,000,000. The module can be configured to restrict the number of consecutive failed authentication attempts. If the module is not configured to restrict failed authentication attempts, then the maximum possible within one (1) minute is 20, which is the default value for maximum consecutive failed authentication attempts. The probability of successfully authenticating to the module within one minute is 20/90^8 which is less than 1/100,000. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 18 of 24 Authentication Mechanism Strength of Mechanism Digital Signature Verification (PKI) ECDSA with at least P-256 and RSA-2048 or better with SHA-256 is used for signature verification. Both digital signatures are associated with a security strength of at least 112 bits. The probability that a random attempt will succeed, or a false acceptance will occur is 1/2^112 which is less than 1/1,000,000. The module will restrict the number of consecutive failed authentication attempts to 10. The probability of successfully authenticating to the module within one minute is 10/2^112 which is less than 1/100,000. Note that when using a RADIUS server over TLS in the Approved mode, the strength of authentication is also based on PKI, as the RADIUS server itself must be authenticated. 3.3 Services The table below lists authenticated and unauthenticated services provided by the Module. Mode Legend: Approved – A Non-Approved – N Both - B Table 14 - Service Descriptions Role Service Description Mode User Admin Configuration Configuration of the device B X X Console Provides console access to the module. Also facilitates the zeroization service. B X X External Authenticate Provides a way to authenticate the operator using an external server, like RADIUS, LDAP and TACACS+. (Note only RADIUS is used in approved mode over TLS.) B X X SSH Server This service provides secure inbound connection to the module, including Secure Copy (SCP) operation. Also facilitates the zeroization service. B X X SSH Client This service provides a secure outbound connection B X X Telnet Server This service provides an inbound connection between Telnet server and remote Telnet client N X X Telnet Client This service provides an outbound connection between remote Telnet server and module N X X HTTP Server This service provides an inbound HTTP connection to the module inclusive of authentication of the user. N X X Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 19 of 24 Role Service Description Mode User Admin HTTPS Server This service provides a secure inbound HTTPS connection to a remote client inclusive of authentication of the user. B X X Copy Service This service provides authenticated user a non-secure way to copy files or images using FTP, and TFTP. N X X Firmware Upload Service Used within the console or an SSH session to install firmware into the device B X Zeroization Service Provide zeroization of Keys and CSPs B X X SNMP This service provides SNMPv3 protocol in authPriv and authNoPriv mode for MIB access. It does not modify CSPs or affect the modules security. B X X Table 15 – Unauthenticated Services Service Mode Description Self-Tests B Executes the suite of self-tests required by FIPS 140-2. Self-tests may be initiated on-demand by power-cycling the module. Show Status B Status output provided by requesting any service specified above, as well as the LED interfaces. Network Switching Service B This service provides non-security relevant switching operations: L2 protocols, L3 routing protocols, L4 services like ACL, Rate Limiting, service ethernet operation, NTP. Services listed in Table 16 below are the only services which have access to CSPs and Public Keys within the module. Legend: N – Not used R - Read W - Write Z – Zeroize "Session CSPs and Public Keys" refers to KAS Private Keys, KAS Public Keys, KAS Shared Secret, Session Encryption Keys, and Session MAC Keys. “DRBG CSPs” refers to DRBG Entropy Input and DRBG Internal State. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 20 of 24 Table 16 - CSP Access Rights within Roles & Services CSPs / Public Keys Services Session CSPs and Public Keys Host Authentication Private Keys DRBG CSPs Passwords RADIUS Secret Host Authentication Public Key Firmware Download Public Key Radius/Syslog Root CAs SNMP CSPs Configuration RWZ RW RW RW RW RW N RW RWZ Console N RW N RW RW RW N RW RWZ External Authentication RWZ RW RW R R R N RW N SSH Server RWZ RW R RW RW R N N N SSH Client RWZ N R N N R N N N Telnet Server N N N N N N N N N Telnet Client N N N N N N N N N HTTP Server N N N N N N N N N HTTPS Server RWZ RW R N RW R N N N Copy Service N N N N N N N N N Firmware Upload Service N N N N N N RW N Z Zeroization Service Z Z Z Z Z Z N Z N SNMP N N R N N N N N R Self-tests N N N N N N N N N Show Status N N N N N N N N N Network Switching Service N N N N N N N N N Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 21 of 24 4 Self-Tests The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-2, these are categorized as either power-up self-tests or conditional self-tests. Power up self–tests are available on demand by power cycling the module. All algorithm Known Answer Tests (KATs) must be completed successfully prior to any other use of cryptography by the Module. If one of the KATs fails, the Module enters an error state and outputs status in the format “ failed!”, otherwise it indicates successful completion by outputting a status message in the format “...successful.” The module performs the following algorithm KATs on power-up. (1) Firmware Integrity Test (128-bit CRC) (2) AES-128 CBC KAT (encrypt/decrypt) (3) SP800-90A AES-256 CTR_DRBG KAT (4) SHA-1, 256, 512 KATs (5) SHA-3-256 KAT (6) HMAC SHA-1, 224, 256, 384, 512 KATs (7) RSA 2048 PKCS#1 SHA 256 Sign/Verify KATs (8) SP800-135 TLS v1.0/1.1 KDF KAT (9) SP800-135 TLS v1.2 KDF KAT (10) SP800-135 SNMP KDF KAT (11) SP800-135 SSHv2 KDF KAT (12) KAS-ECC-SSC KAT (13) KAS-FFC-SSC KAT (14) ECDSA P-256 SHA-256 sign/verify KATs The module performs the following conditional self-tests as indicated. Tests are also performed during startup. (1) Continuous Random Number Generator (RNG) Test – performed on Entropy Source and DRBG (2) Continuous APT and RCT SP800-90B Health Tests – performed on SP800-90B Entropy Source (3) Periodic DRBG health test as specified in SP 800-90A, Section 11 (i.e., Instantiate, Generate, Reseed) (4) RSA 2048 SHA- 256 Pairwise Consistency Test (Sign/Verify) (5) ECDSA Pairwise Consistency Test (Sign/Verify) (6) Firmware Load Test (RSA 2048 SHA-256 Signature Verification) Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 22 of 24 5 Physical Security Policy The multi-chip standalone cryptographic module includes the following physical security mechanisms: • Production-grade components with standard passivation and production-grade opaque enclosure. 6 Operational Environment FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the device supports a limited operational environment; only trusted, validated code signed by Extreme Networks using a trusted RSA 2048-bit private key may be loaded. Any firmware loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-2 validation. 7 Mitigation of Other Attacks Policy The Module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-2 requirements. 8 Security Rules and Guidance The cryptographic modules’ design corresponds to the cryptographic module’s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 1 module. 1. The cryptographic module enforces passwords with a minimum length of eight (8) characters. 2. When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 3. Data output is inhibited during self-tests and while in an error state. 4. Data output is logically disconnected from processes performing key generation and zeroization. 5. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 6. The serial port may only be accessed by the Crypto-Officer when the Crypto-Officer is physically present at the cryptographic boundary, via a direct connection without any network access or other intervening systems. 7. The module does not support manual key entry. 8. The module does not provide bypass services or ports/ interfaces. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 23 of 24 9 CO Initialization The cryptographic module may be configured for FIPS 140-2 mode by logging into the switch as an admin (i.e., Cryptographic Officer) and entering the following commands: 1. Log into the switch as an admin. 2. Enable the unhide fips command to unhide FIPS-specific commands. device# unhide fips 3. Enter the fips selfttests command to move the crypto module to FIPS mode. NOTE: This command cannot be undone. device# fips selftests 4. Enter the fips zeroize command to zeroize all the existing security configurations and parameters. device# fips zeroize This command will reboot the switch. 5. After the module successfully reboots and performs all Power-Up Self-tests successfully, login as an administrator to disable the boot prom. device# prom-access disable The “fips enable” procedure will zeroize all CSPs, disable Telnet, HTTP and TFTP, enable POST and reboot. The admin must then configure the passwords, rekey and configure desired services and settings. Non-Proprietary Security Policy, Extreme Networks SLX 9540 and SLX 9740 Switches V1.2 Extreme Networks Inc. Page 24 of 24 10 Definitions and Acronyms 10 GbE 10 Gigabit Ethernet AES Advanced Encryption Standard CBC Cipher Block Chaining CLI Command Line interface CSP Critical Security Parameter DH Diffie-Hellman DRBG Deterministic Random Bit Generator FIPS Federal Information Processing Standard GbE Gigabit Ethernet HMAC Hash Message Authentication Code HTTP Hyper Text Transfer Protocol KAT Known Answer Test KDF Key Derivation Function LED Light Emitting Diode LDAP Lightweight Directory Access Protocol LIC License MAC Message Authentication Code MM Management Module NTP Network Time Protocol NOS Network Operating System (SLX OS) PKI Public Key Infrastructure PROM Programmable read-only memory PSU Power Supply Unit RADIUS Remote Authentication Dial In User Service RNG Random Number Generator RSA Rivest Shamir and Adleman method for asymmetric encryption SCP Secure Copy Protocol SFM Switch Fabric Module SHA Secure Hash Algorithm SNMPv3 Simple Network Management Protocol Version 3 SSHv2 Secure Shell Protocol TLS Transport Layer Security Protocol