Copyright 2005 Voltage Security. May be reproduced only in its original entirety without revision.
Voltage IBE Cryptographic Module
Security Policy
Document Version 2.5
Voltage Security, Inc.
April 12, 2005
Voltage IBE Cryptographic Module Security Policy
Page 2
Revision History
The following table presents the history of changes to this document.
Document History
Date Version Changes
2004-05-24 0.1 Created
2004-06-2 01.5 First draft complete
2004-06-07 01.7 Ready for client review
2004-06-16 01.8 Revised to include Create, Destroy, and Set Random Object.
Revised to specify “Show Status” as User Service
2004-08-19 2.0 Revised to reflect Module logical interface changes
2004-09-15 2.1 Incorporate feedback from InfoGard review
2004-11-03 2.2 Add algorithm certificate numbers and test platform information.
Corrected the Module API and DLL file names. Added information on
test hardware and operating systems. Added information about limited
processing when a FIPS error occurs. Clarified the public keys used in
the Module.
Made module name consistent.
2005-03-14 2.3 Updated section 4: clarified FIPS error state
2005-04-01 2.4 Updated Section 6.4: Clarified “create” definition
2005-04-12 2.5 Updated section 6.4: Added explanatory text for Table 5.
Voltage IBE Cryptographic Module Security Policy
Page 3
TABLE OF CONTENTS
REVISION HISTORY................................................................................................................................................2
1. MODULE OVERVIEW .........................................................................................................................................4
2. SECURITY LEVEL................................................................................................................................................6
3. MODES OF OPERATION.....................................................................................................................................7
3.1 FIPS APPROVED MODE OF OPERATION .................................................................................................................7
3.2 NON-FIPS MODE OF OPERATION ..........................................................................................................................7
4. PORTS AND INTERFACES .................................................................................................................................8
5. IDENTIFICATION AND AUTHENTICATION POLICY................................................................................9
6. ACCESS CONTROL POLICY...........................................................................................................................10
6.1 ROLES AND SERVICES ........................................................................................................................................10
6.2 SERVICE INPUTS AND OUTPUTS .........................................................................................................................12
6.3 DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)................................................................................15
6.4 DEFINITION OF CSPS MODES OF ACCESS...........................................................................................................15
7. OPERATIONAL ENVIRONMENT....................................................................................................................18
8. SECURITY RULES ..............................................................................................................................................19
9. PHYSICAL SECURITY POLICY .....................................................................................................................19
10. MITIGATION OF OTHER ATTACKS POLICY...........................................................................................19
11. REFERENCES ....................................................................................................................................................20
12. DEFINITIONS AND ACRONYMS...................................................................................................................21
Voltage IBE Cryptographic Module Security Policy
Page 4
1. Module Overview
The Voltage IBE Cryptographic Module is a FIPS 140-2 Level 1 compliant software module,
which is also referred to by the acronym VIBECM, or the capitalized word Module. The
Voltage IBE Developers Toolkit product includes the VIBECM along with supporting
documentation and tools supporting non-FIPS functionality (see section 3.2 Non-FIPS mode of
operation). The VIBECM is a software-only cryptographic module packaged as a single DLL
(vibecryptofips.dll Version 2.0) and is supported on Windows 2000 Server, Windows 2003
Server, and Windows XP Service Pack 2. The primary purpose for this cryptographic module is
to provide encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic.
The VIBECM provides status output via the “Show Status” command. The VIBECM provides
program interfaces for data input and output. The diagram below illustrates these interfaces as
well as defining the cryptographic boundary.
Figure 1 – Image of the Cryptographic Module
The physical cryptographic boundary for the Module is defined as the enclosure of the computer
system on which the cryptographic module is to be executed. The physical embodiment of the
Module, as defined in FIPS 140-2, is Multi-Chip Standalone.
Persistent storage of keys is not supported by the VIBECM.
DES, TDES, AES
DSA, SHA-1
Key Management, DRNG, DSA Key
Generation
VIBECM
API
Interface
vibecrypto.h
Module Logical Boundary
Microsoft Windows Operating System
Module Physical Boundary (PC Physical Boundary)
Voltage IBE Cryptographic Module Security Policy
Page 5
The Module was tested on Dell Dimension 2400 hardware running the Microsoft Windows XP
Service Pack 2, Windows 2003 Server, and Windows 2000 Server operating systems.
Voltage IBE Cryptographic Module Security Policy
Page 6
2. Security Level
The VIBECM meets the overall requirements applicable to Level 1 security of FIPS 140-2.
Table 1 - Module Security Level Specification
Security Requirements Section Level
Cryptographic Module Specification 1
Module Ports and Interfaces 1
Roles, Services and Authentication 1
Finite State Model 1
Physical Security N/A
Operational Environment 1
Cryptographic Key Management 1
EMI/EMC 3
Self-Tests 1
Design Assurance 1
Mitigation of Other Attacks N/A
Voltage IBE Cryptographic Module Security Policy
Page 7
3. Modes of Operation
The VIBECM supports two modes of operation, FIPS approved mode and non-FIPS approved
mode.
3.1 FIPS approved mode of operation
In FIPS mode, the VIBECM only supports FIPS Approved algorithms as follows:
Table 2 – FIPS Approved Algorithms with Modes of Operation
Algorithm Modes of Operation Certificate #
DSA with 1024 bit keys Sign/Verify Cert. #124
DES (Legacy Systems Only) ECB, CBC, OFB, CFB Cert. #282
TDES – 3 key mode ECB, CBC, OFB, CFB Cert. #291
SHA-1 Byte Oriented Cert. #277
AES - 128 and 192 and 256
key sizes are supported
ECB, CBC, OFB, CFB Cert. #199
DRNG – FIPS 186-2 X-Change Notice (SHA-1)
K-Change Notice (SHA-1)
Cert. #43
The VIBECM includes a deterministic random number generator (DRNG) that is compliant
with FIPS 186-2 with 256-bit XKEY and underlying G function constructed from SHA-1 for
generation of all cryptographic keys.
FIPS-186-2 requires that the DRNG for DSA X values is slightly different from the
algorithm for DSA K values (Appendix 3.1 and 3.2 respectively). The VIBECM implements
both of these algorithms and they are used appropriately.
To operate the VIBECM in the FIPS approved mode operators must run VIBECM on
Microsoft Windows XP Service Pack 2, Windows 2003 Server, and Windows 2000 Server
operating systems, use only FIPS approved algorithms and access only the service listed in
Table 3 below.
3.2 Non-FIPS mode of operation
In non-FIPS mode, the VIBECM provides non-FIPS approved algorithms as follows:
• MD5
• Identity Based Encryption (IBE)
Voltage IBE Cryptographic Module Security Policy
Page 8
4. Ports and Interfaces
The logical interface of the Module is accessed through the API (VIBECM API) as defined in
the header file vibecrypto.h.
The API function calls, which represent the services provided by the Module, act as the Control
Input. Data Input is provided by the variables passed with the function calls. These variables
are passed on the program stack either directly on the stack or as a pointer on the stack that
points to memory allocated in a heap. Both stack and heap are located in RAM. Data Output is
provided by variables returned from a function call. As with Data Input, these variables are
located either on the program stack or in a heap. The Status Output is provided in the return
values and error codes provided by a function.
All data output is inhibited during the self-test process, and during key generation.
Only limited data processing will be allowed when the module is in a FIPS error state.. During
this limited processing no cryptographic operations are allowed. The only FIPS services
available during limited process are Zeroize and Show Status. The only operations available
during limited processing that output data provide Base64 encoding and decoding. There is no
output of any critical security parameters during limited data processing. The only way to reset
the Module from this limited processing state is to unload the Module or to power down the
computer.
Voltage IBE Cryptographic Module Security Policy
Page 9
5. Identification and Authentication Policy
This section describes the identification and authentication policy of the Module.
The VIBECM supports two distinct operator roles (User and Cryptographic-Officer).
The User role provides the basic services to process data (encryption, decryption, and key
management), whereas the Crypto Officer role provides the services to perform integrity
checking self-tests, and zeroize.
VIBECM does not support a Maintenance role.
The role of the operator of VIBECM is identified implicitly on the library function being called,
as shown in Table 3 in the next section. There is no operator authentication.
Voltage IBE Cryptographic Module Security Policy
Page 10
6. Access Control Policy
This section describes the access control policy of the Module.
6.1 Roles and Services
The services available to each role are described in the following table.
Table 3 – Services Authorized for Roles
Role Authorized Services
User Role:
This role shall provide all
of the services necessary
to:
• Examine and set the
attributes of the
Voltage IBE
Cryptographic Module.
• Support data encryption
and decryption
operations.
• Compute hashes and
create and verify digital
signatures.
• Generate DSA key
pairs for signatures
• Create Algorithm Object: Creates a new algorithm object.
• Destroy Algorithm Object: Destroys an algorithm object.
• Create Random Object: Creates a new random number
generator object.
• Destroy Random Object: Destroys a random number
generator object.
• Create Key Object: Creates a new key object.
• Destroy Key Object: Destroys a key object.
• Set Key Object: Sets the key object with information.
• Get Key Info: Returns key information.
• Create Parameter Object: Creates a new parameter object.
• Destroy Parameter Object: Destroys a parameter object.
• Set Parameter Object: Sets a parameter object with
information.
• Get Parameter Info: Returns parameter information.
• Generate Parameters: Generates default DSA parameters.
• Digest Data: Initializes an object for digesting. Finishes the
digest process, generating the final digest output.
• Encrypt Data: Initializes an object for encrypting. Encrypts
a data stream.
• Decrypt Data: Initializes the object for decrypting. Decrypts
Voltage IBE Cryptographic Module Security Policy
Page 11
Role Authorized Services
a data stream.
• Seed Random: Add seed material to a DRNG object.
• Generate Random Bytes: Generates bytes of random data.
• Sign: Creates a DSA signature.
• Verify: Verifies a DSA signature.
• Generate Key Pair: Generates a DSA key pair.
• Show Status: Returns the current status of the Module.
Cryptographic-Officer
Role:
This role shall provide the
services necessary for:
• Performing module
Self-Tests
• Zeroizing and
destroying CSPs
• Perform Self-Tests: Executes the suite of self-tests required
by FIPS 140-2.
• Zeroize: Actively destroys all plaintext critical security
parameters.
The Perform Self-Tests service is automatically run when the VIBECM is powered
on/initialized. The operator can cause this service to be run by calling the VtCreateLibCtxFips
function in the C language API vibecrypto.h.
Voltage IBE Cryptographic Module Security Policy
Page 12
6.2 Service Inputs and Outputs
The following table specifies the inputs and output for each service.
Table 4 - Specification of Service Inputs & Outputs
Service Control Input Data Input Data Output Status
Output
Create
Algorithm
Object
VtCreateAlgorithmObject
function call
Algorithm
specific
information
Algorithm
Object
Succeed /
Fail
Destroy
Algorithm
Object
VtDestroyAlgorithmObjec
t function call
Pointer to
Algorithm
Object
None Succeed /
Fail
Create Random
Object
VtCreateRandomObject
function call
XKEY DRNG Object Succeed /
Fail
Destroy
Random
Object
VtDestroyRandomObject
function call
Pointer to
DRNG Object
None Succeed /
Fail
Create Key
Object
VtCreateKeyObject
function call
None Key Object Succeed /
Fail
Destroy Key
Object
VtDestroyKeyObject
function call
Pointer to Key
Object
None Success /
Fail
Set Key Object VtSetKeyParam function
call
Key data None Succeed /
Fail
Get Key Info VtGetKeyParam function
call
Pointer to Key
Object
Key data Succeed /
Fail
Create
Parameter
Object
VtCreateParameterObject
function call
None Parameter
Object
Succeed /
Fail
Destroy
Parameter
Object
VtDestroyParameterObject
function call
Pointer to
Parameter
Object
None Succeed /
Fail
Set Parameter
Object
VtSetParameterParam
function call
Parameter data. None Succeed /
Fail
Voltage IBE Cryptographic Module Security Policy
Page 13
Service Control Input Data Input Data Output Status
Output
Get Parameter
Info
VtGetParameterParam
function call
Pointer to
Parameter
Object
Parameter data Succeed /
Fail
Generate
Parameters
VtGenerateParameters
function call
Size of DSA
Prime
Parameter
Object filled
with generated
parameters
Succeed /
Fail
Digest Data VtDigestInit,
VtDigestUpdate, and
VtDigestFinal function
calls
Data to hash Hashed data Succeed /
Fail
Encrypt Data VtEncryptInit,
VtEncryptUpdate, and
VtEncryptFinal function
calls
Data to
Encrypt, Key
Object,
Random
Number
Generator
Object
Encrypted data Succeed /
Fail
Decrypt Data VtDecryptInit,
VtDecryptUpdate, and
VtDecryptFinal function
calls
Encrypted data,
Key Object,
Random
Number
Generator
Object
Decrypted Data Succeed /
Fail
Seed Random VtSeedRandom function
call
DRNG Seed
Data
None Succeed /
Fail
Generate
Random Bytes
VtGenerateRandomBytes
function call
None Random Data Succeed /
Fail
Sign VtSign function call Key Object,
Hashed Data,
Random
Number
Generator
Object
Cryptographic
Signature
Succeed /
Fail
Voltage IBE Cryptographic Module Security Policy
Page 14
Service Control Input Data Input Data Output Status
Output
Verify VtVerifySignature
function call
Cryptographic
Signature, Key
Object, Hashed
Data, Random
Number
Generator
Object
Verification
result
Succeed /
Fail
Generate Key
Pair
VtGenerateKeyPair
function call
Algorithm
Object,
Random
Number
Generator
Object
DSA Public and
Private Key
Objects
Succeed /
Fail
Show Status VtGetFipsError function
call
None Cryptographic
Module Status
Succeed /
Fail
Perform Self
Test
VtCreateLibCtxFips
function call
None None Succeed /
Fail
Zeroize VtDestroyLibCtx function
call
None None Succeed /
Fail
Voltage IBE Cryptographic Module Security Policy
Page 15
6.3 Definition of Critical Security Parameters (CSPs)
The following are the critical security parameters contained in the module:
• AES Keys: These keys are imported into the Module by the operator using VIBECM
services.
• Triple-DES Keys: These keys are imported into the Module by the operator using
VIBECM services.
• DES Keys: These keys are imported into the Module by the operator using VIBECM
services.
• DSA Private Keys. These keys are generated by, or imported into the Module by the
operator using VIBECM services.
• DRNG XKEY: This key is imported into the Module by the operator using VIBECM
services and is the initial XKEY value for the FIPS 186-2 DRNG.
• DRNG Seed. This key is imported into the Module by the operator using VIBECM
services and is the optional user input seed for the FIPS 186-2 DRNG.
Definition of Public Keys:
The following are the public keys contained in the module:
• DSA Software Signing Public Key: This key is the DSA public key associated with the
DSA private key used to sign the Module DLL for software integrity checking.
• DSA Public Keys. These keys are generated by, or imported into the Module by the
operator using VIBECM services.
6.4 Definition of CSPs Modes of Access
The modes of access shown in the table are defined as follows:
• Create: Creates two key objects, and then fills the key objects with cryptographic keys,
using previously created random object as input. One key object contains the private key,
and the other key object contains the public key.
• Zeroize: Destroys a cryptographic key object, freeing memory allocated for this object.
• Write: Sets a cryptographic key object with key data.
• Read: Accesses a CSP to obtain information about the CSP.
The following table describes how the services performed by each role access the CSP. The
mode of access that a service has to a CSP is indicated in the column “Cryptographic Keys
and CSPs Access Operation”. An “X” in a “Role” column means that the service is allowed
by the role in that mode.
Voltage IBE Cryptographic Module Security Policy
Page 16
Table 5 – CSP Access Rights within Roles & Services
Role
Crypto
graphic
Officer
User
Service Cryptographic Keys and CSPs Access Operation
X Create
Algorithm
Object
None
X Destroy
Algorithm
Object
None
X Create Random
Object
Writes a DRNG XKEY key to a Random Number
Generator Object
X Destroy
Random Object
None
X Create Key
Object
None
X Destroy Key
Object
Zeroizes AES Key, Triple-DES Key, DES Key, or DSA
Key
X Set Key Object Writes to a key object with key data
X Get Key Info Reads key data
X Create
Parameter
Object
None
X Destroy
Parameter
Object
None
X Set Parameter
Object
None
X Get Parameter
Info
None
X Generate
Parameters
None
X Digest Data None
Voltage IBE Cryptographic Module Security Policy
Page 17
Role
Crypto
graphic
Officer
User
Service Cryptographic Keys and CSPs Access Operation
X Encrypt Data Reads key for selected algorithm (AES Key, Triple-DES
Key, or DES Key.)
X Decrypt Data Reads key for selected algorithm (AES Key, Triple-DES
Key, or DES Key.)
X Seed Random Writes DRNG seed into a Random Number Generator
Object
X Generate
Random Bytes
None
X Sign Reads DSA key
X Verify Reads DSA key
X Generate Key
Pair
Creates DSA key pair
X Show Status None
X Perform Self
Test
None
X Zeroize Zeroize all CSPs
Voltage IBE Cryptographic Module Security Policy
Page 18
7. Operational Environment
The operating environment for the Module is a “modifiable operational environment”.
The FIPS 140-2 Area 6 Operational Environment requirements for Security Level 1 are satisfied
in the following ways:
When the Module is operated in FIPS approved mode, the environment is restricted to a single
operator mode of operation (i.e., concurrent operators are explicitly excluded).
The Module prevents access by other processes to plaintext private and secret keys, CSPs, and
intermediate key generation values during the time the cryptographic Module is
executing/operational; using address space separation mechanisms of the operational
environment. Processes that are spawned by the Module are owned by the Module and are not
owned by external processes/operators. Noncryptographic processes shall not interrupt the
Module during execution.
The Module software is installed in a form that protects the software and executable code from
unauthorized disclosure and modification.
Cryptographic algorithm integrity tests are performed using Power-Up Self-Tests, Software
Integrity Tests, and Conditional Self Tests. (See Section 8 - Security Rules)
Voltage IBE Cryptographic Module Security Policy
Page 19
8. Security Rules
1. The Module design corresponds to the VIBECM security rules. This section documents
the security rules enforced by the Module to implement the security requirements of this
FIPS 140-2 Level 1 module.
2. The VIBECM performs all of the tests listed below.
A. Power up Self-Tests: This are performed without any operator intervention.
1. Cryptographic algorithm tests
a. DSA Sign/Verify Known Answer Test
b. SHA-1 Known Answer Test
c. AES, CBC mode, 128 bit key size Known Answer Test
d. DES, CBC mode, Known Answer Test
e. TDES, CBC mode, Known Answer Test
f. DRNG, X values, Known Answer Test
g. DRNG, K values, Known Answer Test
2. Software Integrity Test
a. Software integrity test via DSA Signature verification of the
vibecryptofips.dll.
B. Conditional Self-Tests: These tests are performed during the appropriate services.
1. Continuous Random Number Generator (DRNG) tests – initiated
at random number generation and performed by both the FIPS 186-
2 appendix 3.1 (DRNG, X values) and the FIPS 186-2 appendix
3.2 (DRNG, K values) random number generators
2. Pairwise consistency test for newly generated DSA key pairs
9. Physical Security Policy
VIBECM is a software module and the physical security requirements are not applicable.
10. Mitigation of Other Attacks Policy
The Module is not designed to mitigate any other attacks.
Voltage IBE Cryptographic Module Security Policy
Page 20
11. References
This section contains informative references that provide helpful background information.
[FIPS-140-2] “Security Requirements for Cryptographic Modules” Version 2, May 25, 2001.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
[FIPS-180-2] “Secure Hash Standard” Version 2, August 1, 2002.
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
[FIPS-186-2] “Digital Signature Standard (DSS)” Version 2, January 27, 2000.
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf
[FIPS-197] “Advanced Encryption Standard (AES)” November 26, 2001.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[FIPS-46-3] “Data Encryption Standard” October 25, 1999.
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
Voltage IBE Cryptographic Module Security Policy
Page 21
12. Definitions and Acronyms
The following paragraphs define the acronyms used in this document.
AES. Advanced Encryption Standard secret key algorithm. See [FIPS-197].
API. Application Program Interface
CBC. Cipher Block Chaining mode
CFB. Cipher Feed Back mode
CSP. Critical Security Parameters
DES. Data Encryption Standard. See [FIPS-46-3].
DRNG. Deterministic Random Number Generator.
DSS. Digital Signature Standard. See [FIPS-186-2]
ECB. Electronic Codebook mode
EMI. Electromagnetic Interference
EMC. Electromagnetic Compatibility
FIPS. Federal Information Processing Standards of NIST.
IV. Initialization Vector
NIST. National Institute of Standards and Technologies.
OFB. Output Feed Back mode
SHA-1. Secure Hash Algorithm revision 1. See [FIPS-180-2].
TDES. Triple DES. See [FIPS-43-3].