SCHWEITZER ENGINEERING LABORATORIES, INC.
2350 NE Hopkins Court + Pullman, WA 99163-5603. USA
Tel: +1509.332.1890 - Fax: +1.509.332.7990

@ www.selinc.com + info@selinc.com

 

 

SEL-3045
Security Policy

 

Schweitzer Engineering Laboratories, Inc.
Version: 2.0

Copyright 2009-2013 Schweitzer Engineering Laboratories, Inc.
May be reproduced only in its original entirety [without revision].

 
 

SEL-3045 Security Policy
Contents

1 Definitions and Acronyms
2 References

 
 
  
 

3 Module Overview
3.1 SSCP...
3.2 SEAP...
3.3 Security Leve

4 Modes of Operation
4.1 FIPS Approved Mode of Operation
4.2 Approved and Allowed Algorithms.

 

 

 

5 Ports and Interfaces
5.1 Physical Port:
5.2 Logical Ports

6 Identification and Authentication Policy
6.1 Assumption of Roles.....

7 Access Control Policy
7.1 Roles and Services .
7.2 Definition of Critical Security Parameters (CSPs)...
7.3 Definition of Public Keys...
7.4 Definition of CSPs Modes of Access

8 Operational Environment

9 Security Rules …

10 Physical Security Policy.
10.1 Physical Security Mechanisms
10.2 Operator Required Actions ....

11  Mitigation of Other Attacks Policy ...

 

 
 

 

 

 
  
 
 
 
  
 
 
 

 

 

SEL-3045 Security Policy Page 2 of 20

 

 
 

SEL-3045 Security Policy

Tables

Table 1: Module Security Level Specification.
Table 2: FIPS Approved Algorithms Used in Current Module
Table 3: FIPS Allowed Algorithms Used in Current Module.. ‚7
Table 4: Non-Callable Functions Present in Current Module
Table 5: Physical Ports
Table 6: Logical Ports
Table 7: Dorado Pins and FIPS 140-2 Ports and Interfaces
Table 8: Roles
Table 9: Identity Authentication Mechanism
Table 10: Roles and Service Matrix
Table 11: CSPs
Table 12: Public Keys...........
Table 13: CSP Access Rights within Roles & Services

 

 

 

 

 

  
 
 
 
 
 

 

Figures
Figure 1: Image of the Cryptographic Module
Figure 2: Point to Point Network
Figure 3: Point to Multipoint Network
Figure 4: Module Block Diagram

 

 

 

 

 

 

SEL-3045 Security Policy Page 3 of 20

 

 
(SEL) SEL-3045 Security Policy

1 Definitions and Acronyms

ABI - Asynchronous Bus Interface

SCADA - Supervisory Control And Data Acquisition
SEAP — SEL Encryption and Authentication Protocol
SSCP — Secure SCADA Communication Protocol
USB - Universal Serial Bus

2 References

“Secure SCADA Communication Protocol Specification”

3 Module Overview

The Schweitzer Engineering Laboratories, Inc. SEL-3045 (hereafter referred to as the module) is a
multi-chip standalone cryptographic module encased in a hard, opaque, tamper evident PCMCIA style
case. The cryptographic boundary is the entire module. No components are excluded from the
cryptographic boundary.

The module is a cryptographic protocol daughter card designed to reside in a host device to secure its
data on a particular communication network. The SEL-3045 implements the SSCP specification to
protect the data in transit.

The SEL-3045 is designed to protect devices that send and receive critical, sensitive data such as
electric power revenue meters, protective relays, Programming Logic Controllers (PLC), Remote
Terminal Units (RTU), and SCADA equipment from unauthorized access, control, monitoring, and
malicious attack. The module provides a plaintext port to connect to a device that requires data
protection (e.g. the SCADA unit, RTU, or a computer). The cryptotext port connects to a distrusted
channel (e.g. a modem connected to a leased phone line or network connection device) where it can
communicate with a remote module to provide a secure channel over an insecure network.

The configuration of hardware and firmware for this validation is:
Hardware: v1.0
Firmware: R100, R101

 

 

SEL-3045 Security Policy Page 4 of 20

 

 
 

 

SEL-3045 Security Policy

 

Figure 1: Image of the Cryptographic Module

 

 

a

Modem
‘SeL-205
ec

Figure 2: Point to Point Network

seLaus
Remote

 

oy u

Client ans

Figure 3: Point to Multipoint Network

 

 

SEL-3045 Security Policy

Page 5 of 20

 

 
 

SEL-3045 Security Policy

3.1 SSCP

The Secure SCADA Communications Protocol (SSCP) secures serial control system communication
through the use of symmetric key cryptography. The module uses SSCP to communicate with remote
modules. The SSCP secures control system network communications by encapsulating the original
message within a header and authenticator. In order to ensure perfect forward secrecy, each pair of
communicating devices utilizes a secured Diffie-Hellman key agreement method to establish a session
and generate ample cryptographic key material for session authentication and encryption keys. During
the session negotiation, a static encryption key is used to secure portions of the Diffie-Hellman key
agreement and an authentication key is used to authenticate remote modules.

The Diffie-Hellman key agreement establishes two symmetric authentication session keys which are
used to provide message authenticity of network data. An additional set of symmetric encryption keys
can be used for optional network data encryption. The cryptographic authentication key of the message
recipient is used to create an un-transmitted nonce that provides a unique value for each packet. The
cryptographic authentication key of the message originator is used by a secure hash algorithm to
calculate a hashed message authentication code based upon the header, nonce, and original message.

3.2 SEAP

The SEAP protocol secures the operator communication channel with strong message encryption and
authentication. SEAP allows operators to securely log into the module to input configuration items (e.g.
CSPs) and view status. Each operator has a static AES encryption key, HMAC authentication key, user
name, and password. These parameters uniquely identify each operator. The encryption key provides
confidentiality during the session negotiation process. The authentication key provides authentication
during the session negotiation process. During the session negotiation process, the user name and
password are securely provided to the module to authenticate the operator and assign appropriate access
privileges. Session encryption and authentication keys are transported by the module and are used to
provide confidentiality and authenticity of each frame for the remainder of the session. These keys are
transported encrypted using AES CBC and the operator’s AES encryption key.

3.3 Security Level
The cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2.
Table 1: Module Security Level Specification

Security Requirements Section LOC |

Cryptographic Module Specification 3
Module Ports and Interfaces 2

 

 

Roles, Services and Authentication 3
[Finite State Model 2
Physical Security 2

 

 

 

(Operational Environment N/A

 

(Cryptographic Key Management 2

 

 

 

 

 

 

SEL-3045 Security Policy Page 6 of 20

 

 
(SEL) SEL-3045 Security Policy

IEMVEMC 3
Self-Tests

[Design Assurance
Mitigation of Other Attacks N/A

 

 

 

 

 

 

 

4 Modes of Operation
4.1 FIPS Approved Mode of Operation

The module only provides a FIPS Approved mode of operation, comprising all services described in
this document. The module will enter FIPS Approved mode following successful power up
initialization. The view status command can be used by an operator to verify that the firmware version
number matches the FIPS Approved firmware version listed in this document. The operator may
inspect the module label to verify the hardware version matches the FIPS Approved hardware version
listed in this document.

4.2 Approved and Allowed Algorithms
The cryptographic module supports the following FIPS Approved algorithms.
Table 2: FIPS Approved Algorithms Used in Current Module

FIPS Approved Algorithm Validation Number

 

 

 

 

 

 

 

 

AES 1272
Modes: ECB, CBC, CTR (Key Sizes: 128/256 bits)
SHS 1170
Modes: SHA-1, SHA-256
DSA 412
Modes: Signature Verification (Mod 1024, SHA-1)
RNG 710
Modes: FIPS 186-2 General Purpose ( x-Original, SHA-1)
HMAC 739
Modes: SHA1, SHA-256 (Key Sizes: KS<BS)

The cryptographic module supports the following non-FIPS Approved algorithms which are allowed

for use in FIPS mode.
Table 3: FIPS Allowed Algorithms Used in Current Module

 

FIPS Allowed Algorithm

Diffie-Hellman (key agreement). The key establishment methodology uses a 1024 bit
modulus and provides 80 bits of security strength). The Diffie-Hellman algorithm is
used for key agreement, as outlined in the SSCP specification, under the ‘Create SSCP
sessions’ service to establish a SSCP session with a remote module via the Network

 

 

 

SEL-3045 Security Policy Page 7 of 20

 

 
 

(SEL) SEL-3045 Security Policy

role.
An NDRNG is used to generate a 512-bit seed and seed key for input into the RNG.

AES (key transport) (Cert. #1272, key wrapping; key establishment methodology
provides 128 or 256 bits of encryption strength).

 

 

 

 

 

The cryptographic module does not support any non-Approved algorithms.
Table 4: Non-Callable Functions Present in Current Module

FIPS Approved Algorithm Validation Number

 

 

 

 

 

AES 1279
Modes: ECB, CBC, CTR (Key Sizes: 128/256 bits)

SHS 1171,1172
Modes: SHA-1, SHA-256

DSA 413
Modes: Signature Verification (Mod 1024, SHA-1)

RNG 714
Modes: FIPS 186-2 General Purpose ( x-Original, SHA-1)

HMAC 744,745
Modes: SHA1, SHA-256 (Key Sizes: KS<BS)

 

 

 

The cryptographic module performs a start-up KAT on all algorithms present on the module; both
callable and non-callable.

5 Ports and Interfaces

5.1 Physical Ports

Figure 4 depicts a block diagram of the module’s physical ports, with the cryptographic boundary
shown in red.

 

SEL-3045 Security Policy Page 8 of 20

 

 
 

SEL-3045 Security Policy

Crypto Reset—

   

Figure 4: Module Block Diagram
Table 5: Physical Ports

Port Description

 
   

USB .

The USB port provides a standardized device side interface for communication with host devices
such as PCs. Virtual logical ports exist on this physical port to provide the services of the module.

The USB port can be used as an alternate method for supplying power to the module.

 

 

 

 

 

ABI e The ABI port provides a 16-bit memory mapped register interface for interfacing with other
embedded host devices over their memory interface. Virtual logical ports exist on this physical port|
to provide the services of the module.

Power e The port is the primary power supply to the device. Alternatively the device can be powered from|
the USB interface.

TRIG ¢ The IRIG port is used to receive time codes from a valid IRIG source for the purpose o!
synchronization with other devices and time stamping log events.

Status e The Status port indicates the health and state of the module.

Alarm e The Alarm port indicates alarm conditions due to the module entering a failed state or system events

occurring during operation.

 

 

 

(Crypto Reset a

 

The port is used for module zeroization.

 

5.2 Logical Ports

Table 6: Logical Ports

 

Logical Interface
Data Input

Description
Data input consists of:

 

 

 

SEL-3045 Security Policy Page 9 of 20

 

 
 

 

SEL-3045 Security Policy

Plaintext network data entering on either the USB or ABI port. This data is processed|
by the SSCP service and encoded into Cryptotext.

Cryptotext network data entering on either the USB or ABI port. This data is|
processed by the SSCP service and decoded into Plaintext.

 

Data Output

Data output consists of:

Plaintext network data output on either the USB or ABI port. This data is generated
by the SSCP service from decoded Cryptotext.

Cryptotext network data output on either the USB or ABI port. This data is generated
by the SSCP service from encoded Plaintext.

 

Control Input

Control input consists of:

Cryptotext control data entering on either the USB or ABI port. This data is used to
control and configure the module.

A single control input entering on the Crypto Reset port is used to zeroize all CSP and|
any security relevant data.

Input data entering on the ABI port is used to zeroize all CSP and any security,
relevant data.

Input data entering on the IRIG port is used to synchronize the clock.

Input data entering on the ABI port is used to change the clock.

 

Status Output

Status output consists of:

Cryptotext data exiting on either the USB or ABI port. This data is used to show
status of the control and configuration the module.

Status data exiting on the Status port. This data is used to indicate the status and|
health of the module.

A single status output exiting on the Alarm port. This data is used to indicate an alarm|
condition if the module has entered a failed state or a system event occurred during
operation.

Syslog data exiting on either the USB or ABI port. This data is Syslog formatted and
provides logging information of events occurring during operation.

Two status outputs exiting on the Status port allow the card to be detected by a host
device.

 

 

Power Input

 

Power input consists of:

Power supplied on the Power port.

Power supplied on the USB port.

 

Module services are described in Section 7 below.

Table 7: Dorado Pins and FIPS 140-2 Ports and Interfaces

Physical Port Asso

 

 

 

 

 

Ground
Power Power (3.3 V)
Do ABI Data

 

 

 

 

 

 

SEL-3045 Security Policy

Page 10 of 20

 

 

 
SEL

Physical Port Associa Description

SEL-3045 Security Policy

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DI ABI Data
D2 ABI Data

D3 ABI Data

D4 ABI Data

Ds ABI Data

D6 ABI Data

D7 ABI Data

DS ABI Data

D9 ABI Data

DI0 ABI Data

DIL ABI Data

DI2 ABI Data

DI3 ABI Data

DI4 ABI Data

DIS ABI Data

AO ABI Address
Al ABI Address
A2 ABI Address
A3 ABI Address
A4 ABI Address
AS ABI Address
A6 ABI Address
AT ABI Address
A8 ABI Address
A9 ABI Address
A10 ABI Address
ICS ABI Chip select
JOE ABI Output enable
WE ABI Write Enable
ARQ ABI Interrupt
/CRST Crypto Reset Zeroization
Aların Alarm Alarm

 

 

 

 

SEL-3045 Security Policy

Page 11 of 20

 

 
 

SEL-3045 Security Policy

  

 

 

 

 

 

 

 

 

 

Pin Physical Port Associati Description
VCC Power Power

IRIGB IRIG IRIG

Status Status Card status
CDI Ground Card detection
CD2 Ground Card detection
RESET N/A HW reset
USB VBUS USB / Power Power (5 V)
USB VBUS USB / Ground Ground

USB D+ USB Data

USB D- USB Data

 

 

 

 

 

6 Identification and Authentication Policy
6.1 Assumption of Roles

The module supports four distinct roles. The cryptographic module enforces the separation of roles
using identity-based authentication. All operators are identified through knowledge of the appropriate
key(s) and a unique operator ID.

Table 8: Roles

Role Description

Administrator ‘The module supports a single Administrator role. The Administrator has the privilege to
control the configuration (including key and CSP data), monitor that status, and upgrade the
firmware of the module.

 

 

Cryptographic Officer An operator assigned the role of Cryptographic Officer has the privilege to control the
configuration (including key and CSP data), monitor that status, and upgrade the firmware of|
the module.

User An operator assigned the role of User has the privilege to control the configuration (excluding

key and CSP data), monitor that status, and upgrade the firmware of the module.

 

[Network A Network role is any remote module that has the privilege to encode SSCP packets to this
module and the ability to decode SSCP packets from this module. There can be up to 1500
|Network roles assigned in a module.

 

 

 

 

Table 9: Identity Authentication Mechanism

 

\Authentication Mechanism Authentication Data Strength of Authentication
Administrator |The authentication mechanism is an|Knowledge of the administrator’s [In order to authenticate as an
identity based authentication encryption key (256-bit AES key), [operator under the Administrator

comprised of an encryption key, _ authentication key (256-bit HMAC [role an attacker must know the
authentication key, and password. |SHA-256 key) and password (6-80 [values of the cryptographic security

 

 

 

SEL-3045 Security Policy Page 12 of 20

 

 
 

 

JA unique name is used to
distinguish this role from the other
operators and is hard-configured to
be ‘Administrator’.

printable ASCII characters).

SEL-3045 Security Policy

ed with

 

parameters (CSPSs) asso.
the Administrator (256 bit
encryption key, the 256 bit
authentication key, and the
password).

Assuming that all parameters are
independent, and that a minimum-
length, eight byte password is used,
the probability that a random
attempt will succeed or a false
acceptance will occur is
1/(21256*2"256*92"8) or 1.45 E -
170 which is less than one in
1,000,000.

Assuming that the module can
process 1 guess per second (the
module has a one second lockout
for incorrect attempts), the
probability of successfully
authenticating to the module within
one minute is 1.45 E -170 * 60 or
18.72 E -169 which is less than one
in 100,000.

 

 

 

Cryptographic|The authentication mechanism is |The authentication data is The strength of the authentication is
Officer equivalent to the Administrator’s. equivalent to the Administrator’s. |equivalent to the Administrator’s.
User The authentication mechanism is |The authentication data is The strength of the authentication is

equivalent to the Administrator’s. equivalent to the Administrator’s. |equivalent to the Administrator’s.
[Network The authentication mechanism is an|Knowledge of a unique Network Under the least secure

 

identity based authentication
comprised of an encryption key and
authentication key. A unique 16-bit
address identifier is used to
distinguish between remote
modules assuming this role.

Encryption Key (128-bit or 256-bit
AES key), and a unique Network
Authentication Key (128-bit
HMAC SHA-1 or 256-bit HMAC
SHA-256 key).

 

 

configuration, an attacker must
know the value of the unique
Network Encryption Key. If this
keys is configured for 128-bits in
length the probability that a random
attempt will succeed is 1/ (2”128)
or 2.938 E-39 which is less than
one in 1,000,000.

The module is capable of
performing approximately one
authentication every .1 seconds
(based on the computation time of a
Diffie-Hellman calculation). This
results in a maximum
authentication processing rate of
600 attempts per minute. The
probability of successfully
authenticating to the module within
one minute is 2.938 E-39 * 600 or
1.76 E-36 which is less than one in
100,000.

 

 

 

 

SEL-3045 Security Policy

Page 13 of 20

 

 
 

SEL-3045 Security Policy
7 Access Control Policy

7.1 Roles and Services
Table 10: Roles and Service Matrix

      

Service rator Cryptographic Officer| User |Network

Create a management session e e e
for the configuration of the
device and status monitoring

 

Close a management session e e e

 

Change non-CSP e e
configuration. This is any
data that is not considered a
CSP (e.g. event log
collection configuration)

 

Change current operator’s e e e
log-in credentials (e.g.
associated password and
keys)

 

Change CSP configuration. e e
This is any available
configuration data this is
considered a CSP (keys,
passwords, etc.).

 

[View status and event logs e e e

 

Clear status and event logs e e

 

Upgrade firmware e e e

 

Encode plaintext messages e
into SSCP messages

 

(Create SSCP sessions e

 

[Decode SSCP messages into e
plaintext messages

 

(Close SSCP sessions e

 

FIPS self-tests and e
diagnostics

 

View status indicators such e
as health and alarm output
indicators.

 

Zeroize the device. This e
service removes all CSP data
from NV memory and
returns the device to its
factory default state.

 

 

 

 

 

 

 

 

 

 

SEL-3045 Security Policy Page 14 of 20

 

 
 

SEL-3045 Security Policy

 

Change time

 

 

Output Syslog event logs

 

 

 

 

 

 

 

7.2 Definition of Critical Security Parameters (CSPs)

The module contains the following CSPs:

Name

Administrator Encryption
Key

Table 11: CSPs

 

A 256-bit AES key used during the management session creation to encrypt the session
creation messages that create an operator session. This key is used to encrypt the transport of
the Operator Session Encryption Key and Operator Session Authentication Key.

 

Administrator
Authentication Key

A 256-bit HMAC (SHA-256) used during the management session creation to authenticate
session creation messages that create an operator session.

 

Administrator Password

An 8 to 80 character password used during the management session creation to authenticate the
operator.

 

Operator[s] Encryption Key

Equivalent to the Administrator Encryption Key. This key is used to authenticate an operator
assuming the role of a Cryptographic Officer or User and protect the transport of the session
keys. There can be up to 32 operators.

 

Operator[s] Authentication
Key

Equivalent to the Administrator Authentication Key. This key is used to authenticate an
operator assuming the role of a Cryptographic Officer or User. There can be up to 32 operators.

 

Operator Password[s]

Equivalent to the Administrator Password. This value is used to authenticate an operator
assuming the role of a Cryptographic Officer or User. There can be up to 32 operators.

 

Operator Session
Encryption Key

A 256-bit AES key generated during the management session creation and used to encrypt all
frames travelling to and from the management interface data during a management session.

 

Operator Session
Authentication Key

A 256-bit authentication key generated during the management session creation and used to
authenticate all frames travelling to and from the management interface data during a
management session.

 

RNG State

A 512-bit state maintained by the FIPS 186-2 RNG.

 

IRNG Seed Key

A 512-bit key used to seed the FIPS 186-2 RNG.

 

IFW Upgrade Encryption
Key

A 256-bit AES key used to decrypt received FW upgrades.

 

Remote Network Device
Master Encryption Key[s]

Based on operator configuration, this can be either a 128 bit or 256-bit AES key. The key is
used for encrypting the public key of the Diffie-Hellman key agreement protocol during the
SSCP handshake to establish a SSCP session with a remote device. There can be up to 1500
remote devices (and consequently up to 1500 keys).

 

Remote Network Device
Master Authentication
Keys]

Based on operator configuration, this can be either a 160-bit HMAC (SHA-1) or 256-bit
HMAC (SHA-256) key. The key is used for authenticating Challenge Response messages used
during the SSCP handshake to establish a SSCP session with a remote device. There can be up
to 1500 remote devices (and consequently up to 1500 keys).

 

Remote Network Device
Session Encryption Key[s]

Based on operator configuration, this can be either a 128 bit or 256-bit AES key used to
encrypt the network data sent under a SSCP session to a remote device. There can be up to
1500 remote devices (and consequently up to 1500 keys).

 

 

[Remote Network Device

 

Based on operator configuration, this can be either a 128 bit or 256-bit AES key used to

 

 

 

SEL-3045 Security Policy

Page 15 of 20

 

 

 
 

SEL-3045 Security Policy

 

Session Decryption Key[s]

decrypt the network data received under a SSCP session from a remote device. There can be up
to 1500 remote devices (and consequently up to 1500 keys).

 

Remote Network Device
Session Authentication
Encode Key[s]

Based on operator configuration, this can be either a 160-bit HMAC (SHA-1) or 256-bit
HMAC (SHA-256) key used to add authentication on the data sent under a SSCP session to a
remote device. There can be up to 1500 remote devices (and consequently up to 1500 keys).

 

Remote Network Device
Session Authentication
Decoding Key[s]

Based on operator configuration, this can be either a 160-bit HMAC (SHA-1) or 256-bit
HMAC (SHA-256) key used to authenticate the data received under a SSCP session from a
remote device. There can be up to 1500 remote devices (and consequently up to 1500 keys).

 

Remote Network Device
Diffie-Hellman Key
Agreement Private Key[s]

 

The 1024-bit private key used in the Diffie-Hellman key exchange during a session negotiation
with a remote device. There can be up to 1500 remote devices (and consequently up to 1500
keys).

 

 

7.3 Definition of Public Keys

The module contains the following public keys:

Name

FW Upgrade Authentication
Key

Table 12: Public Keys

Desc

1024-bit DSA key used to verify a received firmware image was signed by an authenticated
source.

 

 

 

Remote Network Device
Diffie-Hellman Key
Agreement Public Key[s]

The 1024-bit public key used in the Diffie-Hellman key exchange during a session negotiation
with a remote device. There can be up to 1500 remote devices (and consequently up to 1500
keys).

 

 

7.4 Definition of CSPs Modes of Access

Table 13 defines the re

 

lationship between access to CSPs and the different module services and roles.

The modes of access shown in the table are defined as:

G = Generate: The module generates the CSP.
R = Read: The module reads the CSP. The read access is typically performed before the module

W = Write: The module writes the CSP. The write access is typically performed after a CSP is

imported into the module, or the module generates a CSP, or the module overwrites an existing

e
e
uses the CSP.
e
CSP.
e

Z = Zeroize: The module zeroizes the CSP.

Table 13: CSP Access Rights within Roles & Services

Access Control

Service

 

 

 

 

R Create a management session
Administrator Encryption Key WwW Change CSP configuration

Z Zeroize
Administrator Authentication Key R Create a management session

 

 

 

 

 

 

SEL-3045 Security Policy

Page 16 of 20

 

 

 
 

SEL-3045 Security Policy

 

Change CSP configuration

 

Zeroize

 

Administrator Password

Create management session

 

Change CSP configuration

 

Zeroize

 

Operator Encryption Key[s]

Create a management session

 

Change CSP configuration

 

Zeroize

 

Operator Authentication Key[s]

Create a management session

 

Change CSP configuration

 

Zeroize

 

Operator Password[s]

Create a management session

 

Change CSP configuration

 

Zeroize

 

Operator Session Encryption Key

OQ] N} =| >] N} =] >] NI =] >] NI] EZ] AN =

Create a management session

 

Change non-CSP configuration

 

View non CSP configuration

 

Change CSP configuration

 

View status and event logs

 

Clear status and event logs

 

Upgrade firmware

 

Zeroize

 

Close management session

 

Operator Session Authentication Key

Create a management session

 

Change non-CSP configuration

 

View non CSP configuration

 

Change CSP configuration

 

View status and event logs

 

Clear status and event logs

 

Upgrade firmware

 

Zeroize

 

Close management session

 

RNG State

 

N/A

 

 

 

N/A

 

 

 

 

SEL-3045 Security Policy

Page 17 of 20

 

 
 

SEL-3045 Security Policy

 

N/A
N/A

 

RNG Seed Key

 

Upgrade firmware
FW Upgrade Encryption Key

 

Upgrade firmware

 

Change CSP configuration

 

Remote Network Device Master Encryption Key[s] Create SSCP session

 

Zeroize

 

Change CSP configuration

 

Remote Network Device Master Authentication Key[s] Create SSCP session

 

Zeroize

 

Create SSCP session

 

Remote Network Device Session Encryption Encoding

Key[s] Encode plaintext messages

 

Zeroize

 

Create SSCP session

 

Remote Network Device Session Encryption Decoding

Key[s] Decode SSCP messages

 

Zeroize

 

Create SSCP session

 

Remote Network Device Session Authentication

Encoding Key[s] Encode plaintext messages

 

Zeroize

 

Create SSCP session

 

Remote Network Device Session Authentication

Decoding Key[s] Decode SSCP messages

 

Zeroize

 

Create SSCP session

 

Remote Network Device Diffie-Hellman Key Agreement

Private Key[s] Create SSCP session

 

Create SSCP session

 

Upgrade firmware

 

=| | N| »| Q| N| #| Q| N| »| ol NI] x] ol NI A] OJ N] A] EI] NI] | <=] =] A] NI OO

FW Upgrade Authentication Key

 

 

 

Upgrade firmware

 

8 Operational Environment

The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because SEL-3045
loes not contain a modifiable operational environment.

9 Security Rules

This section documents the security rules enforced by the cryptographic module to implement the
security requirements of this FIPS 140-2 Level 3 module.

 

 

 

SEL-3045 Security Policy Page 18 of 20

 

 
(SEL) SEL-3045 Security Policy

1. The cryptographic module shall provide four distinct operator roles. These are the Administrator,
User, and the Cryptographic Officer, and Network roles.

2. The cryptographic module shall provide identity-based authentication.
3. The cryptographic module shall clear previous authentications on power cycle.

4. When the module has not been placed in a valid role, the operator shall not have access to any
cryptographic services.

5. The cryptographic module shall perform the following tests
A. Power up Self-Tests

1. Cryptographic algorithm tests
DSA Verify Known Answer Test
SHA-1 Known Answer Test
SHA-256 Known Answer Test
HMAC-SHA-1 Known Answer Test
HMAC-SHA-256 Known Answer Test
RNG Known Answer Test
g. AES Encrypt and Decrypt Known Answer Test
2. Firmware Integrity Test
a. A 32-bit CRC is calculated over the program image. If the calculated CRC value does
not match the value in NV memory, the module declares a failure and disables itself.

pepoges

B. Critical Functions Tests

1. Runtime volatile memory tests
a. Read and write tests are performed on the memory. This continuously checks the
memory address space during runtime. If an error is detected, the device declares a
failure and disables itself.
2. Settings integrity test
a. A 32-bit CRC is calculated over the settings image. If the calculated CRC value does
not match the value in NV memory, the device declares a failure and disables itself.
C. Conditional Self-Tests

1. Continuous Random Number Generator Tests
a. One test compares the last 32 bit NDRNG output with the current 32 bit NDRNG
output. If the two values are equal the module declares a failure and disables itself.
b. A second test compares the last 512 bit RNG output with the current 512 bit RNG
output. If the two values are equal the module declares a failure and disables itself.
2. Firmware Load Test
a. The module verifies a DSA digital signature when loading firmware.
6. The operator shall be capable of commanding the module to perform the power-up self-test by
cycling power or resetting the module.

 

7. Power-up self tests do not require any operator action.

8. Data output shall be inhibited during key generation, self-tests, zeroization, and error states.

 

 

SEL-3045 Security Policy Page 19 of 20

 

 
(SEL) SEL-3045 Security Policy

9. Status information does not contain CSPs or sensitive data that if misused could lead to a
compromise of the module.

10. The module ensures that the seed and seed key inputs to the Approved RNG are not equal.
11. There are no restrictions on which keys or CSPs are zeroized by the zeroization service.
12. The module does not support concurrent operators.

13. The module does not support a maintenance interface or role.

14. The module does not support manual key entry.

15. The module does not have any external input/output devices used for entry/output of data.
16. The module shall not support a bypass capability.

17. The module does not enter or output plaintext CSPs.

18. The module does not output intermediate key values.

10 Physical Security Policy
10.1 Physical Security Mechanisms
The cryptographic module includes the following physical security mechanisms:

¢ Production-grade components

e Hard potting material encapsulation of multiple chip circuitry enclosure with removal and/or
penetration attempts causing serious damage

¢ Hard metallic composite enclosure comprises the cryptographic boundary
10.2 Operator Required Actions

The operator is required to periodically inspect the enclosure for tamper evidence.

11 Mitigation of Other Attacks Policy

The module has not been designed to mitigate any attacks outside of the scope of FIPS 140-2.

 

 

SEL-3045 Security Policy Page 20 of 20