Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 1
1
2
3
4
Security Policy
5
6
7
For
8
9
10
CLE-HSSI Link Encryptor
11
12
13
ES-16347-4
14
Rev A
15
16
17
18
19
20
February 27, 2001
21
22
23
24
25
26
27
Prepared by
28
29
30
CYLINK CORPORATION
31
32
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 2
1
1 SCOPE OF DOCUMENT ...............................................................................................................................2
2
2 APPLICABLE DOCUMENTS .......................................................................................................................2
3
3 SECURITY LEVEL.........................................................................................................................................3
4
4 SECURITY RULES.........................................................................................................................................3
5
4.1 CRYPTOGRAPHIC MODULE .............................................................................................................................4
6
4.2 ROLES AND SERVICES.....................................................................................................................................4
7
4.2.1 User Role .............................................................................................................................................4
8
4.2.2 Crypto Officer Role..............................................................................................................................5
9
4.3 PHYSICAL SECURITY ......................................................................................................................................6
10
4.4 OPERATING SYSTEM SECURITY ......................................................................................................................7
11
4.5 KEY MANAGEMENT .......................................................................................................................................7
12
4.6 CRYPTO ALGORITHMS....................................................................................................................................8
13
4.7 SELF TEST ......................................................................................................................................................8
14
5 DEFINITION OF SECURITY RELEVANT DATA ITEMS (SRDIS)........................................................9
15
6 DEFINITIONS OF SRDI MODES OF ACCESS........................................................................................10
16
17
1 Scope of Document
18
19
This document contains the security policy requirements for the Cylink CLE-HSSI Link
20
Encryptor system module. The CLE-HSSI Link Encryptor System shall be referred to as the
21
CLE (Cylink Link Encryptor) in this document.
22
23
2 Applicable Documents
24
25
• FIPS 140-1 Security Requirements for Cryptographic Modules
26
• DTR Derived Test Requirements for FIPS 140-1, Security Requirements
27
for Cryptographic Modules (DTR)
28
• FIPS 46-2 Data Encryption Standard (DES)
29
• FIPS 81 DES Modes of Operation
30
• FIPS 180-1 Secure Hash Standard (SHA-1)
31
• FIPS 186 Digital Signature Standard (DSS)
32
33
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 3
1
3 Security Level
2
3
The CLE meets the overall requirements applicable to Level 2 security of FIPS 140-1, and
4
meets Physical Security applicable to Level 3.
5
6
Security Requirements Section Level
Cryptographic Module 2
Module Interfaces 2
Roles and Services 2
Finite State Machine 2
Physical Security 3
EFP/EFT N/A
Software Security 3
Operating System Security N/A
Key Management 2
Cryptographic Algorithms 2
EMI/EMC 2
Self Test 2
7
8
9
4 Security Rules
10
11
This section documents the security rules enforced by the CLE to implement the security
12
requirements of FIPS 140-1 overall Level 2 module, with Level 3 Software and Physical
13
Security.
14
15
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 4
1
4.1 Cryptographic Module
2
3
The CLE shall be implemented as a “Multiple-Chip Standalone Cryptographic Module” as
4
defined in FIPS 140-1.
5
6
4.2 Roles and Services
7
8
The CLE shall employ role based authentication of the operator. The module supports two
9
roles as required by FIPS 140-1. The roles are the User Role and the Crypto Officer Role.
10
From the CLE’s perspective, a user is authenticated into both roles simultaneously. Access to
11
these roles is restricted at the front panel by the use of a Medeco lock, and at the Network
12
Management (ethernet) port by the verification (by the CLE and the network application, Privacy
13
Manager) of mutually authenticated Cylink manufacturing certificates.
14
15
The Privacy Manager is a separate product, and contains its own methods for establishing and
16
validating roles, which may be restricted to subset of those supported by the CLE. Additionally,
17
PrivaCy Manager can initiate network/voice authentication, initiate a software download
18
operation, display the CLE MAC address, and display the date and time of the last key
19
exchange.
20
21
An operator is authenticated to the User and Crypto Officer roles at the front panel through
22
possession of the key that will turn the Medeco lock to the Enable position. Concurrent
23
operator access/operation is prevented by disallowing SNMP access when the Medeco lock is
24
set to enable the front panel.
25
26
Physical Maintenance shall be performed at the factory, as there are no services that require
27
the cover to be removed in the field, and there are no logical maintenance services performed
28
in the field. The CLE module should be zeriozed by a Crypto Officer before the module is
29
returned to the factory, either by command or by removing the cover.
30
31
32
4.2.1 User Role
33
34
The User Role provides the operator with the ability to control the operational mode of the CLE
35
and thus configure the network security policy. The services available to an operator while in
36
the User Role are as follows:
37
38
1. Set Operational Mode: This service allows the operator to select the current operational
39
mode. The operator shall be permitted to command the CLE into the following modes:
40
41
a) Clear Mode
42
b) Standby Mode
43
c) Secure Mode
44
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 5
1
2. Additional Services available via external network interface (Privacy Manager)
2
a) Change Password and Login Properties for logged on user
3
b) View Trap information
4
c) Locate Module by IP or Name
5
d) View Operational Mode
6
e) View Event Browser
7
f) View Audit Logs
8
g) Clear Alarms
9
h) Print Security Policy Report
10
i) Print Inventory Report
11
12
4.2.2 Crypto Officer Role
13
14
The Crypto Officer Role provides the operator the ability to perform all of the services listed
15
below.
16
17
1. Alarm/Event Services
18
a) Display Event Log: This service allows the operator to scroll through and view the
19
contents of the CLE’s event log.
20
b) Clear Event Log: This service allows the operator to completely clear the contents of
21
the event log.
22
3. Time/Date: This service allows the operator to set the real time clock to the current date
23
and time.
24
4. Key Management
25
a) Set Auto Key Change Attributes
26
b) Days Interval
27
c) End to End Delay
28
d) Clear Modes Allowed/Disallowed
29
e) Mode NET CERT, MANUAL (authentication) KEY, UNAUTH DH
30
f) Zeroize Keys: This service allows the operator to erase critical security parameters.
31
When this service is activated the following information shall be actively erased:
32
(i) CLE Network Certificate
33
(ii) CLE DSS secret key (X)
34
(iii) PrivaCy Manager DSS public key
35
(iv) PrivaCy Manger/CLE (SNMP) encryption key
36
(v) PrivaCy Manger/CLE SNMP message counter
37
(vi) CLE/CLE encryption key
38
(vii) Manually Entered Authentication Key
39
(viii) Far End CLE serial number
40
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 6
(ix) Last key change timestamp
1
(x) Event Log
2
g) Set Manual Authentication Key
3
h) Adapt Algorithm Allowed/Disallowed
4
5. Network Management
5
a) Display/Set Unit IP Address
6
b) Display/Set Gateway IP Address
7
c) Display/Set Subnet Mask Address
8
d) Display/Set Trap1/Trap2 IP Address
9
6. System Test: This service allows the operator to set a Network Encryptor Loopback, or
10
a DTE Encryptor Loopback, or clear a loopback that has been previously set. CLEs
11
with a T1 or E1 interface also allow setting or clearing a Network Line Loopback or a
12
DTE Line Loopback
13
7. Display Manufacturing Info: This service allows the operator to display the following
14
information:
15
a) Firmware Revision
16
b) Firmware Date
17
c) Hardware List
18
d) Hardware Issue
19
e) Manufacturing Date
20
f) Unit Serial Number
21
g) Line Interface Unit (LIU) Type
22
h) End to End (Link) Key Size, and Encryption Mode and Algorithm
23
i) SNMP Key Size, and Encryption Mode and Algorithm
24
8. Set Default Configuration
25
9. Firmware Update
26
27
4.3 Physical Security
28
29
1. Tamper evident tape spans the interface between the removable cover assembly and
30
the chassis rear. It is not possible to remove the enclosure cover without destroying the
31
tamper evident tape. Operation of the front panel user interface of the CLE-HSSI is
32
restricted by the use of a Medeco lock. The purpose of this lock is not to prevent
33
opening the unit.
34
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 7
2. The CLE includes tamper response and zeroization circuitry. Upon the removal of the
1
enclosure’s cover, all plaintext cryptographic key and unprotected critical security
2
parameters are immediately zeroized. This capability is operational whether or not
3
power is applied to the module.
4
3. The CLE employs ventilation holes and related internal baffles that are designed to
5
prevent physical probing inside the enclosure.
6
4. The CLE-HSSI is made of commercially available, production grade components.
7
5. The CLE-HSSI's integrated circuit chips have standard passivation applied to them.
8
9
10
4.4 Operating System Security
11
12
The FIPS 140-1 operating system requirements (FIPS PUB 140-1 section 4.7) do not apply to
13
the CLE because it is not a general purpose computer and thus it cannot run untrusted user-
14
supplied software. However, the CLE’s firmware can be field updated using a download
15
process. The following rules apply to the downloading of new CLE firmware.
16
The CLE shall verify the signature of the binary image. If this verification fails, the module shall
17
continue operation using the pervious version of firmware, the downloaded binary image shall
18
be marked as non-executable, and an SNMP-readable MIB status shall be set reporting the
19
failure.
20
21
4.5 Key Management
22
23
1. The PRNG seed (referred to as the XKEY in FIPS 186 Appendix 3.1) shall be installed
24
into the CLE using the Cylink Manufacturing Configurator (CMC) process.
25
2. PrivaCy Manager/CLE encryption keys shall be re-negotiated each time a new CLE
26
Network Certificate is loaded.
27
3. PrivaCy Manager/CLE encryption keys shall be established using the Diffie-Hellman
28
Key Agreement process.
29
4. Messages exchanged between the PrivaCy Manager and the CLE systems that contain
30
the Diffie-Hellman public components used to establish the PrivaCy Manager/CLE
31
encryption key shall be signed using the DSA associated with each entities
32
Manufacturing Certificate.
33
5. Prior to accepting the PrivaCy Manager/CLE encryption key the CLE shall perform
34
various message and certificate signature verification tests.
35
If any of the tests fail the PrivaCy Manager/CLE encryption key and the newly loaded
36
Network Certificate are rejected and the CLE shall report the failure at the end of the
37
protocol.
38
6. A new CLE/CLE encryption key shall be negotiated each time the CLE transitions from
39
a non-secure state to a secure state.
40
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 8
7. While in the secure mode the CLE/CLE encryption key shall be periodically re-
1
negotiated.
2
8. CLE/CLE encryption keys shall be established using the Diffie-Hellman Key Agreement
3
process.
4
9. When establishing a new CLE/CLE encryption key, the messages containing the Diffie-
5
Hellman public component shall be signed.
6
10. Prior to accepting the CLE/CLE encryption key each CLE shall:
7
a) Verify the compatibility of the two units’ session settings:
8
b) Verify the validity of the Network Certificate’s signature.
9
If any of the above tests fail the CLE/CLE encryption key shall be rejected.
10
11. If the Leased Line link encryption key generation process fails, the CLE shall generate
11
an alarm.
12
12. If a successful Leased Line CLE/CLE key exchange does not occur within the Days
13
Interval setting of the previous key exchange, the CLE shall produce an alarm due to
14
the resulting Local Secure mode.
15
13. The CLE shall have the ability to generate a pseudo-random authentication key, and
16
use it to authenticate the end-to-end communication protocol, in situations where
17
PrivaCy Manger and Network Certificates are not available. The plaintext 24-byte
18
authentication key shall be generated randomly as per FIPS Pub 186, shall not be
19
displayed after user acceptance, and shall be zeroized by operator command or by a
20
tamper situation.
21
14. The CLE shall have the ability to accept and utilize a manually entered end-to-end
22
authentication key. The plaintext 24-byte authentication key shall not be displayed after
23
user entry, and shall be zeroized by operator command or by a tamper situation.
24
15. All persistent keys shall be stored in tamper-protected non-volatile memory in clear text.
25
26
4.6 Crypto Algorithms
27
28
1. The CLE shall use the Data Encryption Standard (DES) algorithm or Triple DES to
29
protect the user line data. Sensitive PrivaCy Manager/CLE data shall be protected
30
using the Triple DES algorithm.
31
2. The CLE shall use the Digital Signature Standard as described in FIPS 186 for the
32
authentication of all security related information.
33
3. As specified in FIPS 186, the module will also support the Secure Hash Standard
34
(SHA-1) as described in FIPS 180-1.
35
36
4.7 Self Test
37
38
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 9
1. The following Power-Up Self Tests shall be performed when power is first applied to the
1
system.
2
a) Field Programmable Gate Array (FPGA) Test
3
b) Program Memory (ROM/FLASH) Integrity Test
4
c) Bypass Test
5
d) General Purpose Memory Test
6
e) Non-Volatile Memory Integrity Test
7
f) Real Time Clock Test
8
g) Cipher Chip Test
9
h) Random Number Generator Test
10
i) General Cryptographic Algorithm Test
11
j) Pair wise Consistency Test
12
13
2. During normal operation, once during each second the battery that backs up the non-
14
volatile RAM shall be tested.
15
3. All keys to be used for symmetric key cryptographic algorithms shall be checked to
16
verify that they are cryptographically suitable for use as an encryption/decryption key.
17
This check shall be performed immediately after the value of the key has been
18
established.
19
For example, a DES key must be checked to verify that it is of the correct parity and is
20
not on the list of known “weak” or “semi-weak” DES keys.
21
5 Definition of Security Relevant Data Items (SRDIs)
22
23
(1) CLE Manufacturing Certificate
24
(2) PrivaCy Manager Manufacturing Certificate
25
(3) PrivaCy Manager/CLE SNMP Encryption Algorithm Flag
26
(4) PrivaCy Manager/CLE SNMP Encryption Mode Flag
27
(5) PrivaCy Manager/CLE SNMP Encryption Key Size Flag
28
(6) CLE to CLE Encryption Algorithm Flag
29
(7) CLE to CLE Encryption Mode Flag
30
(8) CLE to CLE Encryption Key Size Flag
31
(9) Near End Network Certificate
32
(10) Far End Network Certificate
33
(11) Far End Manual Authentication Code
34
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 10
(12) Firmware Binary Image Signature
1
(13) PRNG Running Seed (XKEY)
2
(14) CLE DSS Secret Key (X)
3
(15) CLE DSS Public Key (Y)
4
(16) PrivaCy Manager DSS Public Key
5
(17) PrivaCy Manager/CLE (SNMP) Encryption Key
6
(18) PM/CLE Message Counter Value
7
(19) PrivaCy Manager/CLE Message Counter
8
(20) CLE/CLE Encryption Key
9
(21) Near End CLE Challenge Value
10
(22) Far End CLE Challenge Value
11
(23) Voice Authentication Hash Value
12
(24) Far End CLE Serial Number
13
(25) Far End CLE Serial Number timestamp
14
(26) Last Key Change Timestamp
15
(27) Event Log
16
(28) Key Change Method
17
(29) Begin Time
18
(30) End Time
19
(31) Days Interval
20
(32) Clear Modes
21
(33) Key Management Mode
22
(34) Manual Authentication Key
23
(35) Algorithm Adaptation Flag
24
(36)Exclusion List: For Dial-Up operation
25
26
6 Definitions of SRDI Modes of Access
27
28
The table below defines the relationship between access to SRDIs and the different module
29
services. The modes of access are shown as codes in the table and are defined as follows:
30
31
a) D - The SRDI is set back to the manufacturing default by the service.
32
b) G - This service generates the SRDI internal to the CLE.
33
c) I - The SRDI is input into the CLE by this service.
34
Security Policy for CLE-HSSI Link Encryptor Cylink Corporation
ES-16347-4 Rev A
Page 11
d) R - The SRDI is read and used by the service.
1
e) U - The SRDI is updated by the service.
2
f) V - The SRDI is verified by the service.
3
g) Z - The SRDI is erased by the service.
4
Security Policy for NRZ/T1/E1/HSSI Link Encryptor Cylink Corporation
ES-14885-4 Rev C
Page 12
Table 1 Services Versus SRDI Access
Security Relevant Data Items (PM=PrivaCy Manager, CLE=Cylink Link Encryptor) Role
Manufacturing Service and
User/Crypto Officer Service
CLE
Manufacturing
Certificate
PM
Manufacturing
Certificate
PM/CLE
Encrypt
Algo
Flag
PM/CLE
Encrypt
Mode
Flag
PM/CLE
Encrypt
Key
Size
Flag
CLE/CLE
Encrypt
Algo
Flag
CLE/CLE
Encrypt
Mode
Flag
CLE/CLE
Encrypt
Key
Size
Flag
Near
End
CLE
Network
Certificate
Far
End
CLE
Network
Certificate
Far
End
Manual
Auth
Code
Firmware
Binary
Image
Signature
PRNG
Running
Seed
(XKEY)
CLE
DSS
Secret
Key
(X)
CLE
DSS
Public
Key
(Y)
PM
DSS
Public
Key
PM/CLE
Encryption
Key
PM/CLE
Challenge
Value
PM/CLE
Message
Counter
CLE/CLE
Encryption
Key
Near
End
CLE
Challenge
Value
Far
End
CLE
Challenge
Value
Voice
Authentication
Hash
Value
Far
End
CLE
Serial
Number
Last
Key
Change
Timestamp
Event
Log
Key
Change
Method
Begin
Time
End
Time
Days
Interval
Clear
Modes
Allow/Disallow
Key
Management
Mode
Manual
Authentication
Key
Algorithm
Adaptation
Flag
Exlcusion
List
User
Role
Crypto
Officer
Role
Perform Network Authentication V IV GV R R I G V U X
Renewal of Network Authentication GV R R I G V X
Perform PM/CLE Voice Authentication GV G G I G V U GV X
Set Operational Mode - Clear V V G V U U R R R R R X
Set Operational Mode - Standby V V G V U U R R R R X
Set Operational Mode - Secure R R R R R R V V U G G V U U U R R R R X
Display Event Log R X
Reset Event Log Z X
Set Time/Date X
Set Key Change Method RI X
Set Begin Time RI X
Set End Time RI X
Set Days Interval RI X
Set End-to-End Delay X
Set Clear Modes Allow/Disallow RI X
Set Key Management Mode RI X
Zeroize Keys Z Z Z Z Z Z Z Z Z Z Z X
Set Manual Authenication Key I X
Set Algorithm Adaptation RI
Set Line Interface Parameters X
Set Dial-Up Config X
Set CLE IP Address X
Set Gateway IP Address X
Set Subnet Mask X
Set 8 Trap IP Addresses X
Display System Info R R R R R R X
Set/Clear DTE/NET Loopbacks X
Set Default Configuration D D D D D D D D X
Trigger Firmware Update R R V X