Cisco 1841 Integrated Services Router with AIM-VPN/SSL-1. And. Cisco 2801 Integrated Services Router with AIM-VPN/SSL-2

Transcription

1 Cisco 1841 Integate Sevices Route ith AIM-VPN/SSL-1 An Cisco 2801 Integate Sevices Route ith AIM-VPN/SSL-2 FIPS Non Popietay Secuity Policy Level 2 Valiation Vesion 1.7 Octobe 13, 2009 Copyight 2009 Cisco Systems, Inc. This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

2 Table of Contents 1 INTRODUCTION PURPOSE REFERENCES TERMINOLOGY DOCUMENT ORGANIZATION CISCO 1841 AND 2801 ROUTERS THE CISCO 1841 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS THE 2801 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS ROLES AND SERVICES Use Sevices Cypto ice Sevices Unauthenticate Sevices Stength of Authentication PHYSICAL SECURITY CRYPTOGRAPHIC KEY MANAGEMENT SELF-TESTS Self-tests pefome by the IOS image Self-tests pefome by Giove FPGA Self-tests pefome by AIM SECURE OPERATION OF THE CISCO 1841 OR 2801 ROUTER INITIAL SETUP SYSTEM INITIALIZATION AND CONFIGURATION IPSEC REQUIREMENTS AND CRYPTOGRAPHIC ALGORITHMS SSLV3.1/TLS REQUIREMENTS AND CRYPTOGRAPHIC ALGORITHMS PROTOCOLS REMOTE ACCESS Copyight 2009 Cisco Systems, Inc. Page 2 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

3 1 Intouction 1.1 Pupose This ocument is the non-popietay Cyptogaphic Moule Secuity Policy fo the Cisco 1841 Integate Sevices Route ith AIM-VPN/SSL-1 an 2801 Integate Sevices Route ith AIM-VPN/SSL-2 (Route Haae Vesion: 1841 o 2801; Route Fimae Vesion: IOS 12.4 (15) T3 an 12.4 (15) T10; AIM-VPN/SSL-1 Haae Vesion 1.0, Boa Revision 01; AIM- VPN/SSL-2 Haae Vesion 1.0, Boa Revision 01). This secuity policy escibes ho the Cisco 1841 an 2801 Integate Sevices Routes meet the secuity equiements of FIPS 140-2, an ho to opeate the oute in a secue FIPS moe. This policy as pepae as pat of the Level 2 FIPS valiation of the Cisco 1841 o 2801 Integate Sevices oute. FIPS (Feeal Infomation Pocessing Stanas Publication Secuity Requiements fo Cyptogaphic Moules) etails the U.S. Govenment equiements fo cyptogaphic moules. Moe infomation about the FIPS stana an valiation pogam is available on the NIST ebsite at Refeences This ocument eals only ith opeations an capabilities of the 1841 an 2801 outes in the technical tems of a FIPS cyptogaphic moule secuity policy. Moe infomation is available on the outes fom the folloing souces: The Cisco Systems ebsite contains infomation on the full line of Cisco Systems outes. Please efe to the folloing ebsite: Fo anses to technical o sales elate questions please efe to the contacts liste on the Cisco Systems ebsite at.cisco.com. The NIST Valiate Moules ebsite ( contains contact infomation fo anses to technical o sales-elate questions fo the moule. 1.3 Teminology In this ocument, the Cisco 1841 o 2801 outes ae efee to as the oute, the moule, o the system. 1.4 Document Oganization The Secuity Policy ocument is pat of the FIPS Submission Package. In aition to this ocument, the Submission Package contains: Veno Evience ocument Finite State Machine Othe suppoting ocumentation as aitional efeences Copyight 2009 Cisco Systems, Inc. Page 3 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

4 This ocument povies an ovevie of the outes an explains thei secue configuation an opeation. This intouction section is folloe by Section 2, hich etails the geneal featues an functionality of the oute. Section 3 specifically aesses the equie configuation fo the FIPS-moe of opeation. With the exception of this Non-Popietay Secuity Policy, the FIPS Valiation Submission Documentation is Cisco-popietay an is eleasable only une appopiate nonisclosue ageements. Fo access to these ocuments, please contact Cisco Systems. Copyight 2009 Cisco Systems, Inc. Page 4 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

5 2 Cisco 1841 an 2801 Routes Banch office netoking equiements ae amatically evolving, iven by eb an e- commece applications to enhance pouctivity an meging the voice an ata infastuctue to euce costs. The Cisco 1841 an 2801 outes povie a scalable, secue, manageable emote access seve that meets FIPS Level 2 equiements. This section escibes the geneal featues an functionality povie by the outes. The folloing subsections escibe the physical chaacteistics of the outes. 2.1 The Cisco 1841 Cyptogaphic Moule Physical Chaacteistics Figue 1 The 1841 oute case The Cisco 1841 Route is a multiple-chip stanalone cyptogaphic moule. The oute has a pocessing spee of 240MHz. Depening on configuation, the installe AIM-VPN/SSL-1 moule, onboa FPGA o the IOS softae is use fo cyptogaphic opeations. The cyptogaphic bounay of the moule is the evice s case as shon in Figue 1. All of the functionality iscusse in this ocument is povie by components ithin this cyptogaphic bounay. The inteface fo the oute is locate on the ea panel as shon in Figue 2. Figue 2 Rea Panel Physical Intefaces The Cisco 1841 oute featues a console pot, an auxiliay pot, Univesal Seial Bus (USB) pot, to high-spee WAN inteface ca/wan inteface ca/voice inteface ca (HWIC/WIC/VIC) slots, to 10/100 Fast Ethenet RJ45 pots, an a Compact Flash (CF) ive. Copyight 2009 Cisco Systems, Inc. Page 5 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

6 The 1841 oute suppots AIM-VPN/SSL-1 ca an to fast Ethenet connections. Figue 1 shos the font panel an Figue 2 shos the ea panel. The font panel contains 2 LEDs that output status ata about the system status (SYS PWR) an system activity (SYS ACT). The back panel consists of 8 LEDs: to uplex LEDs, to spee LEDs, to link LEDs, CF LED an AIM LED. The ea panel contains the folloing: (1) Poe inlet (2) Poe sitch (3) HWIC/WIC/VIC slot 0 (4) Console pot (5) FE pots (6) Lock (7) HWIC/WIC/VIC slot 1 (8) CF ive (9) CF LED (10) AIM LED (11) USB pot (12) Auxiliay pot (13) Goun connecto The folloing tables povie moe etaile infomation conveye by the LEDs on the font an ea panel of the oute: Name State Desciption System OK Soli Geen Blinking Geen Route has successfully boote up an the softae is functional. Booting o in ROM monito (ROMMON) moe. System Activity Soli Geen System is actively tansfeing packets. Blinking Geen System is sevicing inteupts. No inteupts o packet tansfe occuing. Table 1 Cisco 1841 Font Panel Inicatos Name State Desciption AIM Soli Geen AIM installe an initialize. Compact Flash Soli Oange Soli Geen AIM installe an initialize eo. AIM not installe. Inicates that the flash is busy an shoul not be emove. OK to emove flash ca. Copyight 2009 Cisco Systems, Inc. Page 6 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

7 Table 2 Cisco 1841 Rea Panel Inicatos The folloing table escibes the meaning of Ethenet LEDs on the ea panel: Name State Desciption Duplex Soli Geen Full-Duplex Half-Duplex Spee Soli Geen 100 Mbps 10 Mbps Link Soli Geen Ethenet link is establishe No link establishe Table Ethenet Inicatos The physical intefaces ae sepaate into the logical intefaces fom FIPS as escibe in the folloing table: Route Physical Inteface 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Console Pot Auxiliay Pot USB pot 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Console Pot Auxiliay Pot USB Pot 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Poe Sitch Console Pot Auxiliay Pot 10/100 Ethenet LAN Pot LEDs AIM LED System OK LED System Activity LED Compact Flash LED Console Pot Auxiliay Pot USB Pot Poe Plug FIPS Logical Inteface Data Input Inteface Data Output Inteface Contol Input Inteface Status Output Inteface Poe Inteface Table FIPS Logical Intefaces The moule s intenal Flash oes not stoe any IOS images. The CF ca must be use to stoe the vali IOS image. The CF ca that stoe the IOS image is consiee an intenal memoy moule, because the IOS image stoe in the ca may not be moifie o upgae. The ca itself must neve be emove fom the ive. Tampe evient seal ill be place ove the ca in the ive. Copyight 2009 Cisco Systems, Inc. Page 7 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

8 2.2 The 2801 Cyptogaphic Moule Physical Chaacteistics Figue 3 The Cisco 2801 oute case The Cisco 2801 oute is a multiple-chip stanalone cyptogaphic moule. The oute has a pocessing spee of 240MHz. Depening on configuation, the installe AIM-VPN/SSL-2 moule, onboa FPGA o the IOS softae is use fo cyptogaphic opeations. The cyptogaphic bounay of the moule is the evice s case. All of the functionality iscusse in this ocument is povie by components ithin this cyptogaphic bounay. The intefaces fo the oute ae locate on the font an ea panel as shon in Figue 3 an 4, espectively. Figue 4 Cisco 2801 Font Panel Physical Intefaces Figue 5 Cisco 2801 Rea Panel Physical Intefaces The Cisco 2801 oute featues a console pot, an auxiliay pot, Univesal Seial Bus (USB) pot, to high-spee WAN inteface ca (HWIC) slots, Voice inteface ca (VIC) slot, WIC/VIC slot, to10/100 Fast Ethenet RJ45 pots, an a Compact Flash (CF) ive. The Cisco 2801 oute has to slots fo AIM-VPN/SSL-BP cas 1, to intenal packet voice ata moules (PVDMs), an to fast Ethenet connections. Figue 4 an Figue 5 sho the font an ea 1 This secuity policy specifies that only one AIM ca be use. Copyight 2009 Cisco Systems, Inc. Page 8 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

9 panels of the oute. The font panel consists of 14 LEDs: to uplex LEDs, to spee LEDs, to link LEDs, to PVDM LEDs, to AIM LEDs, system status LED (SYS OK), system activity (SYS ACT) LED, inline poe LED, an CF LED. The back panel has the poe inlet an on/off sitch. The font panel contains the folloing: (1) VIC slot (2) HWIC/WIC/VIC slot 0 (3) WIC/VIC slot (4) HWIC/WIC/VIC slot 1 (5) Console pot (6) FE pots (7) System status an activity LEDs (8) Inline poe LED (9) USB pot (10) FE LEDs (11) Auxiliay pot (12) CF LED (13) CF ive The ea panel contains the folloing: (1) Poe inlet (2) Poe sitch (3) Goun connecto The folloing tables povie moe etaile infomation conveye by the LEDs on the font an ea panel of the oute: Name State Desciption System OK Soli Geen Blinking Geen Route has successfully boote up an the softae is functional. Booting o in ROM monito (ROMMON) moe. Inline Poe System Activity Compact Flash PVDM1 PVDM0 Soli Geen Ambe Soli Geen Blinking Geen Soli Geen Soli Geen Soli Oange Soli Geen Soli Oange Inline poe supply is oking popely. Inline poe failue. Inline poe supply is not pesent. System is actively tansfeing packets. System is sevicing inteupts. No inteupts o packet tansfe occuing. Inicates that the flash is busy an shoul not be emove. OK to emove flash ca. PVDM1 installe an initialize. PVDM1 installe an initialize eo. PVDM1 not installe. PVDM0 installe an initialize. PVDM0 installe an initialize eo. PVDM0 not installe. Copyight 2009 Cisco Systems, Inc. Page 9 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

10 AIM1 AIM0 Soli Geen Soli Oange Soli Geen Soli Oange AIM1 installe an initialize. AIM1 installe an initialize eo. AIM1 not installe. AIM0 installe an initialize. AIM0 installe an initialize eo. AIM0 not installe. Table 5 Cisco 2801 Font Panel Inicatos The folloing table escibes the meaning of Ethenet LEDs on the font panel: Name State Desciption Duplex Soli Geen Full-Duplex Half-Duplex Spee Soli Geen 100 Mbps 10 Mbps Link Soli Geen Ethenet link is establishe No link establishe Table Ethenet Inicatos The physical intefaces ae sepaate into the logical intefaces fom FIPS as escibe in the folloing table: Route Physical Inteface 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Console Pot Auxiliay Pot USB Pot 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Console Pot Auxiliay Pot USB Pot 10/100 Ethenet LAN Pots HWIC/WIC/VIC Pots Poe Sitch Console Pot Auxiliay Pot 10/100 Ethenet LAN Pot LEDs AIM LEDs PVDM LEDs Inline Poe LED System Activity LED System OK LED Compact Flash LED Console Pot Auxiliay Pot USB Pot Poe Plug FIPS Logical Inteface Data Input Inteface Data Output Inteface Contol Input Inteface Status Output Inteface Poe Inteface Copyight 2009 Cisco Systems, Inc. Page 10 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

11 Table FIPS Logical Intefaces The moule s intenal Flash oes not stoe any IOS images. The CF ca must be use to stoe the vali IOS image. The CF ca that stoe the IOS image is consiee an intenal memoy moule. The eason is the IOS image stoe in the ca cannot be moifie o upgae. The ca itself must neve be emove fom the ive. Tampe evient seal ill be place ove the ca in the ive. 2.3 Roles an Sevices Authentication in Cisco 1841 an 2801 is ole-base. Thee ae to main oles in the oute that opeatos can assume: the Cypto ice ole an the Use ole. The aministato of the oute assumes the Cypto ice ole in oe to configue an maintain the oute using Cypto ice sevices, hile the Uses execise only the basic Use sevices. The moule suppots RADIUS an TACACS+ fo authentication. A complete esciption of all the management an configuation capabilities of the oute can be foun in the Pefoming Basic System Management manual an in the online help fo the oute Use Sevices Uses ente the system by accessing the console pot ith a teminal pogam o IPSec potecte telnet o SSH session to a LAN pot. The IOS pompts the Use fo usename an passo. If the passo is coect, the Use is alloe enty to the IOS executive pogam. The sevices available to the Use ole consist of the folloing: Status Functions Netok Functions Teminal Functions Diectoy Sevices SSL-TLS/VPN EASY VPN Get VPN Vie state of intefaces an potocols, vesion of IOS cuently unning. Connect to othe netok evices though outgoing telnet, PPP, etc. an initiate iagnostic netok sevices (i.e., ping, mtace). Ajust the teminal session (e.g., lock the teminal, ajust flo contol). Display iectoy of files kept in flash memoy. Negotiation an encypte ata tanspot via SSL/TLS. Negotiation an encypte ata tanspot via EASY VPN. Negotiation an encypte ata tanspot via Get VPN Cypto ice Sevices Duing initial configuation of the oute, the Cypto ice passo (the enable passo) is efine. A Cypto ice can assign pemission to access the Cypto ice ole to aitional accounts, theeby ceating aitional Cypto ices. The Cypto ice ole is esponsible fo the configuation an maintenance of the oute. The Cypto ice sevices consist of the folloing: Copyight 2009 Cisco Systems, Inc. Page 11 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

12 Configue the oute Define netok intefaces an settings, ceate comman aliases, set the potocols the oute ill suppot, enable intefaces an netok sevices, set system ate an time, an loa authentication infomation. Define Rules an Filtes Ceate packet Filtes that ae applie to Use ata steams on each inteface. Each Filte consists of a set of Rules, hich efine a set of packets to pemit o eny base chaacteistics such as potocol ID, aesses, pots, TCP connection establishment, o packet iection. Vie Status Functions Vie the oute configuation, outing tables, active sessions, use gets to vie SNMP MIB statistics, health, tempeatue, memoy status, voltage, packet statistics, evie accounting logs, an vie physical inteface status. Manage the oute Set Encyption/Bypass Log off uses, shuton o eloa the oute, ease the flash memoy, manually back up oute configuations, vie complete configuations, manage use ights, an estoe oute configuations. Set up the configuation tables fo IP tunneling. Set pe-shae keys an algoithms to be use fo each IP ange o allo plaintext packets to be set fom specifie IP aess. Bypass Moe The outes implement an altenating bypass capability, in hich some connections may be cyptogaphically authenticate an encypte hile othes may not. To inepenent intenal actions ae equie in oe to tansition into each bypass state: Fist, the bypass state must be configue by the Cypto ice using match aess <ACL-name>" sub-comman une cypto map hich efines hat taffic is encypte. Secon, the moule must eceive a packet that is estine fo an IP that is not configue to eceive encypte ata. The configuation table uses an eo etection coe to etect integity failues, an if an integity eo is etecte, the moule ill ente an eo state in hich no packets ae oute. Theefoe, a single eo in the configuation table cannot cause plaintext to be tansmitte to an IP aess fo hich it shoul be encypte Unauthenticate Sevices The sevices available to unauthenticate uses ae: Vieing the status output fom the moule s LEDs Poeing the moule on an off using the poe sitch Sening packets in bypass Copyight 2009 Cisco Systems, Inc. Page 12 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

13 2.3.4 Stength of Authentication The secuity policy stipulates that all use passos must be 8 alphanumeic chaactes, so the passo space is 2.8 tillion possible passos. The possibility of anomly guessing a passo is thus fa less than one in one million. To excee a one in 100,000 pobability of a successful anom passo guess in one minute, an attacke oul have to be capable of 28 million passo attempts pe minute, hich fa excees the opeational capabilities of the moule to suppot. When using RSA base authentication, RSA key pai has moulus size of 1024 bit to 2048 bit, thus poviing beteen 80 bits an 112 bits of stength. Assuming the lo en of that ange, an attacke oul have a 1 in 280 chance of anomly obtaining the key, hich is much stonge than the one in a million chance equie by FIPS To excee a one in 100,000 pobability of a successful anom key guess in one minute, an attacke oul have to be capable of appoximately 1.8x1021 attempts pe minute, hich fa excees the opeational capabilities of the moules to suppot. When using peshae key base authentication, the secuity policy stipulates that all peshae keys must be 8 alphanumeic chaactes, so the key space is 2.8 tillion possible combinations. The possibility of anomly guessing this is thus fa less than one in one million. To excee a one in 100,000 pobability of a successful anom guess in one minute, an attacke oul have to be capable of 28 million attempts pe minute, hich fa excees the opeational capabilities of the moule to suppot. 2.4 Physical Secuity The oute is entiely encase by a metal, opaque case. The ea of the unit contains HWIC/WIC/VIC connectos, LAN connectos, a CF ive, poe connecto, console connecto, auxiliay connecto, USB pot, an fast Ethenet connectos. The font of the unit contains the system status an activity LEDs. The top, sie, an font potion of the chassis can be emove to allo access to the motheboa, memoy, AIM slot, an expansion slots. The Cisco 1841 an 2801 outes equie that a special opacity shiel be installe ove the sie ai vents in oe to opeate in FIPS-appove moe. The shiel eceases the suface aea of the vent holes, eucing visibility ithin the cyptogaphic bounay to FIPS-appove specifications. Install the opacity shiels an tampe evient labels as specifie in the pictues belo: Copyight 2009 Cisco Systems, Inc. Page 13 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

14 Figue 6 Tampe evient labels attache on the opacity shiel of Route 1841 Figue 7 Tampe evient labels attache on the opacity shiel of Route 1841 Figue 8 Opacity shiel attache on the sie panel of oute 2801 Copyight 2009 Cisco Systems, Inc. Page 14 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

15 Figue 9 Tampe evient label attache on the opacity shiel of Route 2801 Figue 10 Tampe evient label attache on the opacity shiel of Route 2801 Once the oute has been configue in to meet FIPS Level 2 equiements, the oute cannot be accesse ithout signs of tampeing. To seal the system, apply seialize, tampeevience labels as follos: Fo Cisco 1841 oute: 1. Clean the cove of any gease, it, o oil befoe applying the tampe evience labels. Alcohol-base cleaning pas ae ecommene fo this pupose. The tempeatue of the oute shoul be above 10 C. 2. The tampe evience label shoul be place ove the CF ca in the slot so that any attempt to emove the ca ill sho sign of tampeing. 3. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the pot aapte slot. 4. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the ea panel. 5. Place tampe evient labels on the opacity shiel as shon in Figues 6 an 7. Copyight 2009 Cisco Systems, Inc. Page 15 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

16 6. The labels completely cue ithin five minutes. Figues 11 an 12 sho the aitional tampe evience label placements fo the Cisco Figue 11 Cisco 1841 Tampe Evient Label Placement (Back Vie) Figue 12 Cisco 1841 Tampe Evient Label Placement (Font Vie) Fo Cisco 2801 oute: 1. Clean the cove of any gease, it, o oil befoe applying the tampe evience labels. Alcohol-base cleaning pas ae ecommene fo this pupose. The tempeatue of the oute shoul be above 10 C. 2. The tampe evience label shoul be place so that one half of the label coves the font panel an the othe half coves the enclosue. 3. The tampe evience label shoul be place ove the CF ca in the slot so that any attempt to emove the ca ill sho sign of tampeing. 4. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the pot aapte slot. 5. Place tampe evient labels on the opacity shiel as shon in Figues 9 an The labels completely cue ithin five minutes. Figues 13 an 14 sho the aitional tampe evience label placements fo the Copyight 2009 Cisco Systems, Inc. Page 16 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

17 Figue 13 Cisco 2801 Tampe Evient Label Placement (Back Vie) Figue 14 Cisco 2801 Tampe Evient Label Placement (Font Vie) The tampe evience seals ae pouce fom a special thin gauge vinyl ith self-ahesive backing. Any attempt to open the oute ill amage the tampe evience seals o the mateial of the moule cove. Since the tampe evience seals have non-epeate seial numbes, they can be inspecte fo amage an compae against the applie seial numbes to veify that the moule has not been tampee. Tampe evience seals can also be inspecte fo signs of tampeing, hich inclue the folloing: cule cones, bubbling, cinkling, ips, teas, an slices. The o OPEN ill appea if the label as peele back. 2.5 Cyptogaphic Key Management The oute secuely aministes both cyptogaphic keys an othe citical secuity paametes such as passos. The tampe evience seals povie physical potection fo all keys. All keys ae also potecte by the passo-potection on the Cypto ice ole login, an can be zeoize by the Cypto ice. All zeoization consists of oveiting the memoy that stoe the key. Keys ae exchange an entee electonically o via Intenet Key Exchange (IKE) o SSLv3.1/TLS hanshake potocols. The outes suppot the folloing FIPS-2 appove algoithm implementations: Algoithm Algoithm Cetificate Numbe Softae (IOS) Implementations IOS 12.4 (15) T3 IOS 12.4 (15) T10 AES Tiple-DES Copyight 2009 Cisco Systems, Inc. Page 17 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

18 SHA-1, SHA-256, SHA HMAC-SHA X9.31 RNG RSA Onboa FPGA Implementations AES 181 Tiple-DES 283 SHA HMAC-SHA-1 27 AIM Moule Implementations AES 173 Tiple-DES 275 SHA HMAC-SHA-1 39 X9.31 RNG 83 RSA 382 The oute is in the appove moe of opeation only hen FIPS appove algoithms ae use (except DH, RSA key tanspot, an GDOI key apping hich ae alloe in the appove moe fo key establishment espite being non-appove). Note: The moule suppots DH key sizes of 1024 an 1536 bits, RSA key sizes of 1024, 1536 an 2048 bits, an AES keys sizes of 128, 192 an 256 bits. Theefoe, the Diffie Hellmann Key ageement, key establishment methoology povies beteen 80-bits an 96-bits of encyption stength pe NIST RSA Key apping, key establishment methoology povies beteen 80-bits an 112-bits of encyption stength pe NIST GDOI Key apping, key establishment methoology povies beteen 128 bits an 256 bits of encyption stength pe NIST The folloing ae not FIPS appove Algoithms: DES, RC4, MD5, HMAC-MD5, RSA key apping an DH; hoeve again DH an RSA ae alloe fo use in key establishment. The moule contains a HiFn 7855 cyptogaphic acceleato chip, integate in the AIM ca. Unless the AIM ca is isable by the Cypto ice ith the no cypto engine aim comman, the HiFn 7855 povies AES (128-bit, 192-bit, an 256-bit), an Tiple-DES (168-bit) encyption/ecyption; MD5 an SHA-1 hashing; an haae suppot fo DH, X9.31 RNG, RSA encyption/ecyption, an RSA signatue/veification. The moule suppots the folloing types of key management schemes: 1. Pe-shae key exchange via electonic key enty. Tiple-DES/AES key an HMAC- SHA-1 key ae exchange an entee electonically. 2. Intenet Key Exchange metho ith suppot fo pe-shae keys exchange an entee electonically. The pe-shae keys ae use ith Diffie-Hellman key ageement technique to eive Tiple-DES o AES keys. Copyight 2009 Cisco Systems, Inc. Page 18 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

19 The pe-shae key is also use to eive HMAC-SHA-1 key. 3. RSA igital signatues base authentication is use fo IKE, ith Diffie-Hellman Key ageement technique to eive AES o Tiple-DES keys. 4. RSA encypte nonces base authentication is use fo IKE, ith Diffie-Hellman Key ageement technique to eive AES o Tiple-DES keys. 5. RSA key tanspot is use to eive the Tiple-DES o AES keys uing SSLv3.1/TLS hanshake. The moule suppots commecially available Diffie-Hellman an RSA key tanspot fo key establishment. All pe-shae keys ae associate ith the CO ole that ceate the keys, an the CO ole is potecte by a passo. Theefoe, the CO passo is associate ith all the pe-shae keys. The Cypto ice nees to be authenticate to stoe keys. All Diffie-Hellman (DH) keys agee upon fo iniviual tunnels ae iectly associate ith that specific tunnel only via the IKE potocol. RSA Public keys ae entee into the moules using igital cetificates hich contain elevant ata such as the name of the public key's one, hich associates the key ith the coect entity. All othe keys ae associate ith the use/ole that entee them. Key Zeoization: Each key can be zeoize by sening the no comman pio to the key function commans. This ill zeoize each key fom the, the unning configuation. Clea Cypto IPSec SA ill zeoize the IPSec Tiple-DES/AES session key (hich is eive using the Diffie-Hellman key ageement technique) fom the. This session key is only available in the ; theefoe this comman ill completely zeoize this key. The folloing comman ill zeoize the pe-shae keys fom the : no set session-key inboun ah spi hex-key-ata no set session-key outboun ah spi hex-key-ata no set session-key inboun esp spi ciphe hex-key-ata [authenticato hex-key-ata] no set session-key outboun esp spi ciphe hex-key-ata [authenticato hex-key-ata] no cypto isakmp key The unning configuation must be copie to the stat-up configuation in NVRAM in oe to completely zeoize the keys. The RSA keys ae zeoize by issuing the CLI comman cypto key zeoize sa". All SSL/TLS session keys ae zeoize automatically at the en of the SSL/TLS session. The moule suppots the folloing keys an citical secuity paametes (CSPs). Key/CSP Name Algoithm Desciption Stoage Location Zeoization Metho Copyight 2009 Cisco Systems, Inc. Page 19 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

20 RNG See X9.31 This is the see fo X9.31 RNG. This CSP is stoe in an upate peioically afte the geneation of 400 bytes afte this it is eseee ith oute-eive entopy; hence, it is zeoize peioically. Also, the opeato can tun off the oute to zeoize this CSP. Automatically evey 400 bytes, o tun off the oute. RNG See key X9.31 This is the see key fo the X9.31 RNG Tun off the oute Diffie Hellman pivate exponent DH The pivate exponent use in Diffie- Hellman (DH) exchange as pat of IKE. Zeoize afte DH shae secet has been geneate. Automatically afte shae secet geneate. Diffie Hellman public key DH The public key use in Diffie-Hellman (DH) exchange as pat of IKE. Zeoize afte the DH shae secet has been geneate. Automatically afte shae secet geneate. skeyi Keye SHA-1 Value eive fom the shae secet ithin IKE exchange. Zeoize hen IKE session is teminate. skeyi_ Keye SHA-1 The IKE key eivation key fo non ISAKMP secuity associations. Automatically afte IKE session teminate. Automatically afte IKE session teminate. skeyi_a HMAC-SHA-1 The ISAKMP secuity association authentication key. Automatically afte IKE session teminate. skeyi_e TRIPLE- DES/AES The ISAKMP secuity association encyption key. Automatically afte IKE session teminate. IKE session encypt key TRIPLE- DES/AES The IKE session encypt key. Automatically afte IKE session teminate. IKE session authentication key HMAC-SHA-1 The IKE session authentication key. Automatically afte IKE session teminate. ISAKMP peshae Shae secet The key use to geneate IKE skeyi uing peshae-key authentication. no cypto isakmp key comman zeoizes it. This key can have to foms base on hethe the key is elate to the hostname o the IP aess. NVRAM # no cypto isakmp key IKE hash key HMAC-SHA-1 This key geneates the IKE shae secet keys. This key is zeoize afte geneating those keys. Automatically afte geneating IKE shae secet keys. IKE RSA Authentication pivate Key RSA RSA pivate key fo IKE authentication. Geneate o entee like any RSA key, set as IKE RSA Authentication Key ith the cypto keying o ca tust-point comman. NVRAM # cypto key zeoize sa" Copyight 2009 Cisco Systems, Inc. Page 20 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

21 IKE RSA Authentication Public Key RSA RSA public key fo IKE authentication. Geneate o entee like any RSA key, set as IKE RSA Authentication Key ith the cypto keying o ca tust-point comman. NVRAM # cypto key zeoize sa" IKE RSA Encypte Nonce Pivate Key RSA RSA pivate key fo IKE encypte nonces. Geneate like any RSA, ith the usagekeys paamete inclue. NVRAM # cypto key zeoize sa" IKE RSA Encypte Nonce Public Key RSA RSA public key fo IKE encypte nonces. Geneate like any RSA, ith the usagekeys paamete inclue. NVRAM # cypto key zeoize sa" IPSec encyption key DES/TRIPLE- DES/AES The IPSec encyption key. Zeoize hen IPSec session is teminate. # Clea Cypto IPSec SA IPSec authentication key Configuation encyption key HMAC-SHA-1 AES The IPSec authentication key. The zeoization is the same as above. The key use to encypt values of the configuation file. This key is zeoize hen the no key co nfig-key is issue. Note that this comman oes not ecypt the configuation file, so zeoize ith cae. NVRAM # Clea Cypto IPSec SA # no key config-key Route authentication key 1 PPP authentication key Route authentication key 2 Shae secet RFC 1334 Shae Secet This key is use by the oute to authenticate itself to the pee. The oute itself gets the passo (that is use as this key) fom the AAA seve an sens it onto the pee. The passo etieve fom the AAA seve is zeoize upon completion of the authentication attempt. The authentication key use in PPP. This key is in the an not zeoize at untime. One can tun off the oute to zeoize this key because it is stoe in. This key is use by the oute to authenticate itself to the pee. The key is ientical to Route authentication key 1 except that it is etieve fom the local atabase (on the oute itself). Issuing the no usename passo zeoizes the passo (that is use as this key) fom the local atabase. NVRAM Automatically upon completion of authentication attempt. Tun off the oute. # no usename passo SSH session key Vaious symmetic This is the SSH session key. It is zeoize hen the SSH session is teminate. Automatically hen SSH session teminate Use passo Shae Secet The passo of the Use ole. This passo is zeoize by oveiting it ith a ne passo. NVRAM Oveite ith ne passo Enable passo Shae Secet The plaintext passo of the CO ole. This passo is zeoize by oveiting it ith a ne passo. NVRAM Oveite ith ne passo Copyight 2009 Cisco Systems, Inc. Page 21 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

22 Enable secet Shae Secet The ciphetext passo of the CO ole. Hoeve, the algoithm use to encypt this passo is not FIPS appove. Theefoe, this passo is consiee plaintext fo FIPS puposes. This passo is zeoize by oveiting it ith a ne passo. NVRAM Oveite ith ne passo RADIUS secet Shae Secet The RADIUS shae secet. This shae secet is zeoize by executing the no aius-seve key comman. NVRAM # no aius-seve key secet_1_0_0 The fixe key use in Cisco veno ID geneation. This key is embee in the moule binay image an can be elete by easing the Flash. NVRAM Delete by easing the Flash. TACACS+ secet Shae Secet The TACACS+ shae secet. This shae secet is zeoize by executing the no tacacs-seve key comman. NVRAM # no tacacs-seve key TLS seve pivate key RSA 1024/1536/2048 bit RSA pivate key use fo SSLV3.1/TLS. NVRAM # cypto key zeoize sa" TLS seve public key RSA 1024/1536/2048 bit RSA public key use fo SSLV3.1/TLS. NVRAM # cypto key zeoize sa" TLS pemaste secet Shae Secet Shae Secet ceate using asymmetic cyptogaphy fom hich ne TLS session keys can be ceate Automatically hen TLS session is teminate TLS Encyption Key AES/TRIPLE- DES Key use to encypt TLS session ata Automatically hen TLS session is teminate TLS Integity Key HMAC-SHA-1 HMAC-SHA-1 use fo TLS ata integity potection Automatically hen TLS session is teminate GDOI Key encyption Key (KEK) GDOI Taffic Encyption Key (TEK) AES (128, 192 an 256 bits) TDES/AES This key is ceate using the GROUPKEY-PULL egistation potocol ith GDOI. It is use potect GDOI ekeying ata. This key is ceate using the GROUPKEY-PULL egistation potocol an upate using the GROUPKEY-PUSH egistation potocol ith GDOI. It is use to encypt ata taffic beteen Get VPN pees (plaintext) (plaintext) Automatically hen session teminate. Automatically hen session teminate. Table 8 - Cyptogaphic Keys an CSPs Copyight 2009 Cisco Systems, Inc. Page 22 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

23 SRDI/Role/Sevice Access Policy ( = ea, = ite, = elete) RNG See RNG See Key Diffie Hellman pivate exponent Diffie Hellman public key skeyi skeyi_ skeyi_a skeyi_e IKE session encypt key IKE session authentication key ISAKMP peshae IKE hash key IKE RSA Authentication pivate Key IKE RSA Authentication Public Key Roles/Sevice Use Role Status Functions Netok Functions Teminal Functions Diectoy Sevices SSL-TLS/VPN Copyight 2009 Cisco Systems, Inc. Page 23 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice. EASY VPN Get VPN Cypto ice Role Configue the Route Define Rules an Filtes Status Functions Manage the Route Set Encyption/Bypass Change WAN Inteface Cas

24 Copyight 2009 Cisco Systems, Inc. Page 24 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice. IKE RSA Encypte Nonce Pivate Key IKE RSA Encypte Nonce Public Key IPSec encyption key IPSec authentication key Configuation encyption key Route authentication key 1 PPP authentication key Route authentication key 2 SSH session key Use passo Enable passo Enable secet RADIUS secet secet_1_0_0 TACACS+ secet TLS seve pivate key TLS seve public key TLS pe-maste secet

25 TLS Encyption Key TLS Integity Key GDOI Key Encyption Key (KEK) GDOI Taffic Encyption Key (TEK) Table 9 Role an Sevice Access to CSP Copyight 2009 Cisco Systems, Inc. Page 25 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

26 2.6 Self-Tests In oe to pevent any secue ata fom being elease, it is impotant to test the cyptogaphic components of a secuity moule to insue all components ae functioning coectly. The oute inclues an aay of self-tests that ae un uing statup an peioically uing opeations. All self-tests ae implemente by the softae. An example of self-tests un at poe-up is a cyptogaphic knon anse test (KAT) on each of the FIPS-appove cyptogaphic algoithms an on the Diffie-Hellman algoithm. Examples of tests un peioically o conitionally inclue: a bypass moe test pefome conitionally pio to executing IPSec, an a continuous anom numbe geneato test. If any of the self-tests fail, the oute tansitions into an eo state. In the eo state, all secue ata tansmission is halte an the oute outputs status infomation inicating the failue. Examples of the eos that cause the system to tansition to an eo state: IOS image integity checksum faile Micopocesso oveheats an buns out Knon anse test faile FLASH moule malfunction. Tempeatue high aning Self-tests pefome by the IOS image IOS Self Tests o POST tests AES Knon Anse Test RSA Signatue Knon Anse Test (both signatue/veification) Softae/fimae test Poe up bypass test RNG Knon Anse Test Diffie Hellman test HMAC-SHA-1 Knon Anse Test SHA-1/256/512 Knon Anse Test Tiple-DES Knon Anse Test o Conitional tests Paiise consistency test fo RSA signatue keys Conitional bypass test Continuous anom numbe geneation test fo appove an nonappove RNGs Self-tests pefome by Giove FPGA Giove FPGA Tests o POST tests AES Knon Anse Test Tiple-DES Knon Anse Test Copyight 2005 Cisco Systems, Inc. This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

27 2.6.3 Self-tests pefome by AIM SHA-1 Knon Anse Test HMAC SHA-1 Knon Anse Test Fimae Integity Test AIM Self Tests o POST tests AES Knon Anse Test Tiple-DES Knon Anse Test SHA-1 Knon Anse Test HMAC-SHA-1 Knon Anse Test RNG Knon Anse Test Fimae integity test Diffie Hellman Test RSA signatue gen/ve knon anse test o Conitional Tests Paiise consistency test fo RSA signatue keys Continuous RNG test fo the haae RNG Copyight 2005 Cisco Systems, Inc. Page 27 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

28 3 Secue Opeation of the Cisco 1841 o 2801 oute The Cisco 1841 an 2801 outes meet all the Level 2 equiements fo FIPS Follo the instuctions povie belo to place the moule in its FIPS-appove moe. Opeating this oute ithout maintaining the folloing settings ill emove the moule fom its FIPS appove moe of opeation. 3.1 Initial Setup 1. The Cypto ice must apply tampe evience labels as escibe in Section 2.4 of this ocument. 2. The Cypto ice must isable IOS Passo Recovey by executing the folloing commans: configue teminal no sevice passo-ecovey en sho vesion NOTE: Once Passo Recovey is isable, aministative access to the moule ithout the passo ill not be possible. 3.2 System Initialization an Configuation 1. The Cypto ice must pefom the initial configuation. IOS vesion IOS 12.4 (15) T3 o 12.4 (15) T10, Avance Secuity buil (avsecuity) ae the only alloable images; no othe images may be loae. 2. The value of the boot fiel must be 0x0102. This setting isables beak fom the console to the ROM monito an automatically boots the IOS image. Fom the configue teminal comman line, the Cypto ice entes the folloing syntax: config-egiste 0x The Cypto ice must ceate the enable passo fo the Cypto ice ole. The passo must be at least 8 chaactes (all igits; all loe an uppe case lettes; an all special chaactes except? ae accepte) an is entee hen the Cypto ice fist engages the enable comman. The Cypto ice entes the folloing syntax at the # pompt: enable secet [PASSWORD] 4. The Cypto ice must alays assign passos (of at least 8 chaactes) to uses. Ientification an authentication on the console pot is equie fo Uses. Fom the configue teminal comman line, the Cypto ice entes the folloing syntax: line con 0 passo [PASSWORD] login local Copyight 2005 Cisco Systems, Inc. Page 28 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

29 3.3 IPSec Requiements an Cyptogaphic Algoithms 1. The only type of key management potocol that is alloe in FIPS moe is Intenet Key Exchange (IKE), although manual ceation of secuity associations is also pemitte. 2. Although the IOS an AIM implementation of IKE allos a numbe of algoithms, only the folloing algoithms ae alloe in a FIPS configuation: ah-sha-hmac esp-sha-hmac esp-tiple-des esp-aes 3. The folloing algoithms ae not FIPS appove an shoul not be use uing FIPSappove moe: MD-5 fo signing MD-5 HMAC DES 3.4 SSLv3.1/TLS Requiements an Cyptogaphic Algoithms When negotiating SSLv3.1/TLS ciphe suites, only FIPS appove algoithms must be specifie. All othe vesions of SSL except vesion 3.1 must not be use in FIPS moe of opeation The folloing algoithms ae not FIPS appove an shoul not be use in the FIPSappove moe: MD5 RC4 RC2 DES 3.5 Potocols 1. SNMP v3 ove a secue IPSec tunnel may be employe fo authenticate, secue SNMP gets an sets. Since SNMP v2c uses community stings fo authentication, only gets ae alloe une SNMP v2c. 3.6 Remote Access 1. Telnet access to the moule is only alloe via a secue IPSec tunnel beteen the emote system an the moule. The Cypto office must configue the moule so that any emote connections via telnet ae secue though IPSec, using FIPS-appove algoithms. Note that all uses must still authenticate afte emote access is gante. 2. SSH access to the moule is only alloe if SSH is configue to use a FIPS-appove algoithm. The Cypto office must configue the moule so that SSH uses only FIPSappove algoithms. Note that all uses must still authenticate afte emote access is Copyight 2005 Cisco Systems, Inc. Page 29 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

30 gante. Copyight 2005 Cisco Systems, Inc. Page 30 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

31 CISCO EDITOR S NOTE: You may no inclue all stana Cisco infomation inclue in all ocumentation pouce by Cisco. Be sue that the folloing line is in the legal statements at the en of the ocument: By pinting o making a copy of this ocument, the use agees to use this infomation fo pouct evaluation puposes only. Sale of this infomation in hole o in pat is not authoize by Cisco Systems. Copyight 2005 Cisco Systems, Inc. Page 31 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.