Security Policy MM101880V1 R1A Jaguar™ 700P MM101880V1 R1A 2 NOTICE! This manual covers M/A-COM Private Radio Systems, Inc., products manufactured and sold by M/A-COM Private Radio Systems, Inc. NOTICE! The software contained in this device is copyrighted by M/A-COM Private Radio Systems, Inc. Unpublished rights are reserved under the copyright laws of the United States. This manual is published by M/A-COM Private Radio Systems, Inc., without any warranty. Improvements and changes to this manual necessitated by typographical errors, inaccuracies of current information, or improvements to programs and/or equipment, may be made by M/A-COM Private Radio Systems, Inc., at any time and without notice. Such changes will be incorporated into new editions of this manual. This manual may be reproduced in its entirety and without modifications for informational purposes only. Copyright 2002 M/A-COM Private Radio Systems, Inc. All rights reserved. MM101880V1 R1A 3 TABLE OF CONTENTS Page 1. INTRODUCTION ....................................................................................................................4 1.1 PRODUCT DESCRIPTION .........................................................................................4 1.2 FIPS Target.................................................................................................................4 2. ROLES...................................................................................................................................5 3. FIPS 140-1 SERVICES...........................................................................................................5 4. OPERATIONAL FEATURES..................................................................................................5 4.1 CRITICAL COMMUNICATIONS PACKAGE................................................................5 4.2 EXTENDED NETWORK OPERATION PACKAGE......................................................5 4.3 STATUS/MESSAGE ...................................................................................................6 4.4 ProScan™...................................................................................................................6 4.5 PRIORITY SYSTEM SCAN.........................................................................................6 4.6 800 SYSTEMS/GROUPS............................................................................................6 4.7 HIGH SYSTEM/GROUP CAPACITY AND DUAL MODE CAPABILITY.......................6 4.8 EDACS/ProVoice EMERGENCY ID AND ALARM ......................................................6 4.9 TRUNKED SCAN........................................................................................................6 4.10 UNIT ENABLE/DISABLE.............................................................................................6 4.11 ENCRYPTION KEYS ..................................................................................................6 4.12 TELEPHONE INTERCONNECT CALLS AND INDIVIDUAL CALLS............................6 4.13 INDICATORS AND DISPLAY MESSAGES.................................................................7 5. CONTROL FUNCTIONS ........................................................................................................7 5.1 TOP CONTROLS........................................................................................................7 5.1.1 On/Off/Volume knob ........................................................................................7 5.1.2 Control knob ....................................................................................................7 5.1.3 Emergency/Home button .................................................................................7 5.2 FRONT PANEL – SCAN MODEL................................................................................8 5.3 FRONT PANEL – SYSTEM MODEL...........................................................................9 1-9, *, 0, # .....................................................................................................................................9 5.4 SIDE CONTROLS.....................................................................................................10 5.4.1 PTT button.....................................................................................................10 5.4.2 Clear/Monitor button ......................................................................................10 5.4.3 Option button.................................................................................................10 6. KEY MANAGEMENT ...........................................................................................................11 7. PHYSICAL SECURITY.........................................................................................................11 8. SECURE OPERATION.........................................................................................................11 APPENDIX A – RADIO STATUS ICONS...................................................................................12 APPENDIX B – MESSAGES .....................................................................................................13 APPENDIX C – ERROR MESSAGES........................................................................................14 APPENDIX D – OPTION AND ACCESSORIES ........................................................................14 MM101880V1 R1A 4 1. INTRODUCTION The purpose of this document is to provide a point of reference for operators to describe the Jaguar™ 700P radio’s capabilities, protection, and access rights. This document was developed to meet the FIPS 140-1 Cryptographic Module Standard requirements. 1.1 PRODUCT DESCRIPTION The Jaguar 700P is M/A-COM’s premier portable radio for critical communications. With the input of public safety users, the Jaguar 700P was designed to excel in the challenging public safety environment. Over 2,200 firefighters, law enforcement officers, and administrative users were interviewed to determine the most useful mix of features, functions, and physical attributes for the radio. As a result, the Jaguar 700P reflects the preference for durability, ease of use while wearing gloves, and high-volume audio. A durable and rugged high-tier portable, the Jaguar 700P performs well under adverse conditions. The Jaguar 700P provides access to all Enhanced Digital Access Communications System (EDACS® ) and ProVoice™ (M/A Com’s third generation digital trunked offering) trunking terminal features, superior RF specifications, and MIL-STD 810C, D, and E environmental specifications in a compact package. The Jaguar 700P is available in system and scan models with a variety of options and accessories. The large display and push-to-talk (PTT) button, ergonomic talkgroup and volume knobs, and powerful speaker make the Jaguar 700P the radio that serves the critical communication needs of public safety users. 1.2 FIPS Target The following table provides a list of the FIPS 140-1 compliance levels met by the Jaguar radio. FIPS 140-1 SECURITY REQUIREMENTS SECTION LEVEL Cryptographic Module Design and Documentation 1 Module Interfaces 1 Roles and Services 1 Finite State Machine Model 1 Physical Security 1 Software Security 1 Operating System Security N/A Cryptographic Key Management 1 Cryptographic Algorithms 1 EMI/EMC 1 Self-Tests 1 Overall 1 MM101880V1 R1A 5 2. ROLES The M/A Com Jaguar 700P radio supports two roles; a Crypto-officer and User role. Since the module is only a Level 1 device, no authentication of either operator is necessary or provided by the radio. Each operator only requires physical access to the radio to perform the necessary operators. The Crypto-officer and User share the same set of services provided by the radio. The Crypto-officer and User are the operators of the radio. Both roles use the radio to communicate and/or transmit data. 3. FIPS 140-1 SERVICES The Jaguar 700P radio provides the following types of services available with respect to the FIPS 140-1 standard. Both the User and Crypto-Officer roles have access to the full set of services provided by the Jaguar 700P radio. FIPS 140-1 SERVICES ROLE Show Status User / Crypto-Officer Self-Tests User / Crypto-Officer Encryption/Decryption User / Crypto-Officer Cryptographic Bypass User / Crypto-Officer Zeroize Keys User / Crypto-Officer 4. OPERATIONAL FEATURES The Jaguar 700P is a digital-capable two-way radio that operates on trunked communications systems and in conventional talkaround mode. When used in a M/A Com trunked system, the Jaguar 700P automatically monitors a digital control channel. When the user initiates a call, the unit sends a digital request via the control channel. The system then assigns the calling radio and all members of the talkgroup to an available working channel. The portables operate in all M/A Com trunked system configurations from single-site systems to wide-area trunking networks. The standard Jaguar 700P is fully equipped to deliver advanced trunked radio features, including module data capability. All that is required is a data cable to connect the Jaguar 700P to the dta device. Two software feature option packages upgrade its operation cost effectively with key customer-required features: Critical Communications Package and Extended Network Operation Package. Most individual software operation continue to be available. The exception is that the Emergency and Dynamic Regroup can only be ordered in the Critical Communications Package. 4.1 CRITICAL COMMUNICATIONS PACKAGE This package offers the EDACS/ProVoice Emergency ID and alarm and Dynamic Regroup at a cost savings. These meet the requirements of APCO 16. 4.2 EXTENDED NETWORK OPERATION PACKAGE The Extended Network Operation Package upgrades capacity from 128 to 800 systems/groups, and includes ProFile and ProScan. MM101880V1 R1A 6 4.3 STATUS/MESSAGE This feature delivers short data messages on the control channel with the press of a single button. 4.4 ProScan™ ProScan is an advanced algorithm for operation on wide area networks. 4.5 PRIORITY SYSTEM SCAN This feature sets the priority system in ProScan operation. 4.6 800 SYSTEMS/GROUPS This option upgrades from the standard 128 to 800 system/group operation. 4.7 HIGH SYSTEM/GROUP CAPACITY AND DUAL MODE CAPABILITY Both the System and the Scan versions can operate, optionally, with up to 800 different trunked system/group combinations and with up to 200 conventional channels. Trunked systems/groups can be configured in many different ways to meet specific user needs. The Jaguar 700P is also capable of basic conventional talkaround operation by simply selecting a pre-programmed conventional system. 4.8 EDACS/ProVoice EMERGENCY ID AND ALARM Emergency ID allows the user to quickly summon assistance from the dispatcher and other group members by simply pressing the emergency button (recessed red button located on the top of the radio). Pressing this button transmits a unique unit ID with the emergency signal. All radios on that talkgroup will received the LID or alias of the unit initiating the emergency. 4.9 TRUNKED SCAN Trunked system users can scan multiple talkgroups when in scan mode. 4.10 UNIT ENABLE/DISABLE Jaguar 700P radios can be enabled or disabled from the System Manager or Communications Systems Director (CSD) equipped with optional radio control. This capability allows a lost or stolen radio to be disabled to prevent unauthorized monitoring of or interfering with radio communications. 4.11 ENCRYPTION KEYS Up to eight banks of seven encryption keys (56 total) can be defined for the Jaguar 700P. 4.12 TELEPHONE INTERCONNECT CALLS AND INDIVIDUAL CALLS The Jaguar 700P is capable of initiating or receiving telephone calls. In addition, the individual call feature allows individual addressing within the trunked system for unit-to-unit calls. The Jaguar 700P can store 99 individual call numbers and 99 telephone interconnect numbers in memory per system (up to maximum memory use). The System model allows individual calls and telephone numbers to be directly entered as well. MM101880V1 R1A 7 4.13 INDICATORS AND DISPLAY MESSAGES The radio display is made up of 3 lines. Lines 1 and 2 contain eight alphanumeric character blocks and are used primarily to display system and group names. Line 1 also displays radio status messages. Line 3 is used primarily to display radio status icons. All three lines are used to display menu options when in the menu mode. If configured, the display backlighting will illuminate upon power up or when radio controls are operated. See Appendix A, B, and C for additional details of the specific Jaguar 700P indicators, display messages, and error messages. 5. CONTROL FUNCTIONS The portable features two rotary control knobs and an emergency button mounted on the top fo the radio. Push-to-talk, option, and clear/monitor buttons are mounted on the side. The front-mounted keypad has 6 buttons on the Scan model and 15 buttons on the System model. 5.1 TOP CONTROLS The following describe the three controls located on the top portion of the radio for both the System and Scan models. Emergency/Home Button On/Off Volume Knob Control Knob Antenna Figure 1 – Top View of Controls 5.1.1 On/Off/Volume knob Turns the radio on and off and adjusts audio listening level. Minimum volume levels may be programmed into the radio to prevent missed calls due to a low volume setting. The volume range is from a minimum programmed level of zero (shown as OFF in the display) up to 31 which is the loudest level. 5.1.2 Control knob Selects systems or groups/channels (depending upon initialization programming). This is a 16-position rotary knob. 5.1.3 Emergency/Home button The Emergency/Home Button is used to automatically select a pre-programmed Group/System by pressing and holding for a programmed duration. It can also be used to declare an emergency by pressing and holding for a programmed duration. MM101880V1 R1A 8 5.2 FRONT PANEL – SCAN MODEL Figure 2 – Front Panel of Scan Model KEY FUNCTION !" Primary Function: Allows user to select either system, groups, or channels, depending on personality initialization. The buttons act as STEP UP or STEP DOWN. Pressing one of these buttons displays the next or previous stored system, group, or channel. Secondary Function: Changes the selection for an item within a list. # Primary Function: Accesses the pre-stored menu. The menu can include high/low power setting, keypad lock, LCD contrast, LCD and keypad backlighting as well as many other menu items. Secondary Function: Activates a selected item within a list. After a menu list is accessed, scroll through the list using the “∧” or “∨” keys and then activate specific items with the “M” key. This is similar to an “Enter” key. $ (Scan only) Adds/Deletes selected groups or channels from the SCAN list of the currently selected system. % (Scan only) Turns the SCAN operation On and Off. & (Scan only) Activates one of a number of available software options, selected during the initialization. These options include high/low transmitter power, talkaround, status/message as well as many other selectable options. MM101880V1 R1A 9 5.3 FRONT PANEL – SYSTEM MODEL Figure 3 – Front Panel of System Model KEY FUNCTION '" Same as Scan Model # Same as Scan Model 1-9, *, 0, # These keys are used to place telephone interconnect and individual (unit-to-unit) calls. The keys operate like a normal telephone keypad. ( Used to select a specific system. If the rotary knob is used to select the system and more than 16 systems are programmed in the radio, the “SYS” key is used to select additional banks (groupings) of systems. ) Used to select a specific group. * Used to turn the SCAN operation on and off. + Used to place telephone interconnect calls. , Used to initiate individual calls. - Adds groups or channels from the currently selected system to the SCAN list. . Deletes selected groups or channels of the currently selected system from the SCAN list. MM101880V1 R1A 10 5.4 SIDE CONTROLS The following are the controls located on the side of the System and Scan models. Option Button Clear/Monitor/ Option Button PTT Button Figure 4 – Side View of Jaguar 700P 5.4.1 PTT button The weather-sealed Push-To-Talk (PTT) button must be pressed before voice transmission begins. In trunked mode, the ID is transmitted automatically upon depression of the PTT button. 5.4.2 Clear/Monitor button In the trunked mode, the weather-sealed Clear/Monitor button is used to: 1. Exit the current operation, removing all displays associated with it, and return the radio to the selected talkgroup 2. Disconnect individual and telephone interconnect calls. In the conventional mode, the Clear/Monitor button is used to: 1. Unsquelch the receiver and allow channel monitoring prior to transmission. 2. Remove Channel Guard Decoding from a channel. 5.4.3 Option button The weather-sealed option button activates one of a number of software options selected during initialization. Selectable options include high/low power setting, keypad lock, LCD contrast, and LCD and keypad backlighting, among others. MM101880V1 R1A 11 6. KEY MANAGEMENT The M/A Com Jaguar 700P radio has a very simple key management plan. The radio only stores one type of cryptographic key (DES). The DES keys stored by the radio are used for the protection of data transmitted when the radio is in Private mode. The DES keys stored on the radio are the only security relevant data items (SRDIs) stored within the radio. These cryptographic keys are accessible to both the User and Crypto-Officer roles for use. However, DES keys can never be read or output from the radio. The radio can store up to 56 separate and distinct DES keys. All DES keys can be zeroized by pressing the MONITOR/CLEAR button and while still pressing this button, press and hold the OPTION button. Continue to press both buttons for 2 seconds. A series of beeps will begin at the start of the 2 second period and then switch to a solid tone after the keys have been zeroized. The display will then indicate “KEY ZERO.” 7. PHYSICAL SECURITY The M/A Com Jaguar 700P radio was designed to meet Level 1 physical security requirements for a multiple-chip standalone module. The radios are packaged in a polycarbonate blend exterior housing. The radio does not have any special physical security mechanisms beyond the rugged enclosure of the radio itself. The operator is responsible for ensuring the security and safety of the radio. 8. SECURE OPERATION Initialization is procedurally controlled prior to module configuration. The initialization process includes radio personality configuration, key entry, and disabling of PIN1 on the UDC port. The following are security requirements that have been implemented within the Jaguar radio: • Radio initialization is procedurally control. All radios must be received directly from M/A Com. • DES encryption must be used for protection of all encrypted data transmissions • Radio must confirm that bypass activation has been requested by the operator and is allowed by the radio • Operators may zeroize all cryptographic keys by performing the appropriate key sequence as described in operator documentation • Self-test are performed at power-up and do not require operator intervention i. DES Power-up Known Answer Test ii. Bypass Power-up Self-test iii. Firmware Integrity Test (CRC) • Radio performs a continuous random number generator test to ensure that two consecutive blocks of random values generated are not equal MM101880V1 R1A 12 APPENDIX A – RADIO STATUS ICONS Status icons are indicators that show the various operating characteristics of the radio. The icons show operating modes and conditions and appear on the third line of the display as follows. ON - indicates the radio is transmitting. In trunked mode: ON - indicates the radio is transmitting or receiving a call on the working channel. FLASHING - indicates a call has been queued. In conventional mode: ON – indicates a call is being received. Indicates EDACS is in the failsoft™ mode (if enabled during initialization). ON - indicator for conventional channel is enabled with Channel Guard. FLASHING - indicates Channel Guard is temporarily disabled. ON – indicates the selected group or channel is selected to transmit at low power. OFF – indicates the selected group or channel is selected to transmit at high power. ON – indicates the group or channel is enabled to receive and transmit encrypted messages. FLASHING - indicates an encrypted transmission is being received. ON – indicates the SCAN mode is enabled (rotates clockwise). OFF – indicates SCAN is temporarily disabled (no status icon is present). ON - indicates selected group or channel is in SCAN list. ON - indicates selected group or channel is priority-two scan. ON - indicates selected group or channel is priority-one scan. ON – indicates the radio is in the special call select/entry mode (Individual or Telephone Interconnect). Indicates battery voltage is getting low and radio will no longer transmit. MM101880V1 R1A 13 APPENDIX B – MESSAGES During radio operation, various radio status messages can be displayed. The messages are described below. MESSAGE NAME DESCRIPTION QUEUED Call Queued Trunked mode only. Indicates the system has placed the call in a request queue. SYS BUSY System Busy Trunked mode only. Indicates the system is busy, no channels are currently available, the queue is full, or an individual call is being attempted to a radio that is currently transmitting. DENIED Call Denied Trunked mode only. Indicates the radio or talkgroup is not authorized to operate on the selected system and/or talkgroup. CC SCAN Control Channel Scan Trunked mode only. Indicates the control channel is lost and the radio has entered the Control Channel Scan mode to search for the control channel. (Usually out-of-range indication.) WA SCAN Wide Area Scan Trunked mode only. Indicates the radio has entered the Wide Area Scan mode to search for a new system (if enabled during initialization). TALKARND Talkaround Conventional mode only. Indicates the radio is operating on conventional channels in talkaround mode (no repeater). SYSC ON System Scan Feature On Trunked mode only. Indicates the System Scan features are enabled. SYSC OFF System Scan Feature Off Trunked mode only. Indicates the System Scan features are disabled. LOW BATT Low Battery Battery voltage has dropped to the point that the radio is no longer able to transmit. If the user attempts to transmit, the Low Battery message appears while the PTT is depressed. The radio emits a periodic booping sound. RXEMER Receive Emergency Trunked mode only. Indicates an emergency call is being received. This message will be flashing on line two. TXEMER Transmit Emergency Trunked mode only. Indicates an emergency call has been transmitted on this radio. This message will be flashing on line two. VOL=31 Volume Level Indicates the current volume level. The volume level display ranges from OFF (silent) to 31 (loudest). WHC Who Has Called (trunked mode only) ON – indicates an individual call has been received, but not responded to. The indicator turns OFF if the individual call mode is entered, the system is changed, or the radio is turned off and back on. UNKNOWN Unknown ID Trunked mode only. Indicates an individual call is being received by an unknown radio ID. MM101880V1 R1A 14 APPENDIX C – ERROR MESSAGES If either of the following error messages are displayed, the radio was either initialized incorrectly or needs servicing: DSP ERR ERR=XXXX DSP ERR or DIG V ERR (Power Up only) APPENDIX D – OPTION AND ACCESSORIES The Jaguar 700P has the following accessories that are offered separately. • Variety of Speaker Microphones • Earpiece • Extra High Capacity Batteries (Nickel Metal Hydride and Nickel Cadmium) • Intrinsically Safe Accessories • ½ Wave high gain antenna • New quick release ¼ turn fastener for UDC accessories • Desk Chargers – Two desk chargers are available for charging the batteries. Both are powered by 120V/60Hz or 230V/50Hz. All battery chargers include a red charging indicator light and feature a controlled charge rate to avoid battery damage. ➣ Single-Unit Rapid Rate Charger: Recharges a single battery in approximately 1 hour. ➣ Multi-Unit Rapid Rate Charger: Recharges up to six batteries in approximately 1 hour. • Vehicular Charger • PC Programming Software and Cables • Carrying Case (leather and nylon, blaze orange available) • Swivel Mount • Surveillance Kit MM101880V1 R1A 15 This page intentionally left blank M/A-COM Wireless Systems 3315 Old Forest Road Lynchburg, Virginia 24501 (Outside USA, 434-385-2400) Toll Free 800-528-7711 Printed in U.S.A.