SNAPcell Security Policy Document Version 1.7. Snapshield



Similar documents
Security Policy. Trapeze Networks

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Pulse Secure, LLC. January 9, 2015

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS Security Policy

Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor

FIPS Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3

FIPS Security Policy LogRhythm Log Manager

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

SecureDoc Disk Encryption Cryptographic Engine

FIPS Security Policy LogRhythm or Windows System Monitor Agent

NitroGuard Intrusion Prevention System Version and Security Policy

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Secure Network Communications FIPS Non Proprietary Security Policy

Security Policy: Key Management Facility Crypto Card (KMF CC)

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: 0.9

PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls Security Policy

HP LTO-6 Tape Drive Level 1 Security Policy

FIPS SECURITY POLICY

13135 Lee Jackson Memorial Hwy., Suite 220 Fairfax, VA United States of America

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

FIPS SECURITY POLICY FOR

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

FIPS SECURITY POLICY

Cisco Catalyst 3560-X and 3750-X Switches FIPS Level 2 Non-Proprietary Security Policy

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

HEWLETT PACKARD TIPPINGPOINT. FIPS NON PROPRIETARY SECURITY POLICY HP TippingPoint Security Management System

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

Secure Computing Corporation Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150 with SecureOS v )

A COMPARISON OF THE SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES IN FIPS AND FIPS 140-2

SafeEnterprise TM ATM Encryptor II Model 600 FIPS Level 3 Validation Non-Proprietary Security Policy

FIPS Security Policy for WatchGuard XTM

Athena Smartcard Inc. IDProtect Key with LASER PKI FIPS Cryptographic Module Security Policy. Document Version: 1.0 Date: April 25, 2012

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

SkyRecon Cryptographic Module (SCM)

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cisco Telepresence C40, C60, and C90 Codecs (Firmware Version: TC5.0.2) (Hardware Version: v1) FIPS Non-Proprietary Security Policy

1C - FIPS Cisco VPN Client Security Policy

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

How To Protect Your Computer From Attack

FIPS Security Policy 3Com Embedded Firewall PCI Cards

MOTOROLA ACCOMPLI 009 PERSONAL COMMUNICATOR MODULE OVERVIEW SCOPE OF DOCUMENT. Security Policy REV 1.2, 10/2002

FIPS Security Policy

ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA , ASA , ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

Security Policy for Oracle Advanced Security Option Cryptographic Module

USB Portable Storage Device: Security Problem Definition Summary

Symantec Mobility: Suite Server Cryptographic Module

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: Winterson Road Linthicum, MD 21090

OpenSSL FIPS Security Policy Version 1.2.4

Security Policy for FIPS Validation

Non-Proprietary Security Policy for the FIPS Level 1 Validated Fortress Secure Client Software Version 3.1

FIPS Non-Proprietary Security Policy

Network Security Services (NSS) Cryptographic Module Version

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module FIPS Security Policy

USB Portable Storage Device: Security Problem Definition Summary

Sonus Networks, Inc. SBC 5110 and 5210 Session Border Controllers Hardware Version: SBC 5110 and SBC 5210 Firmware Version: 4.0

7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE,

ES3X 16 P, SM ES3X 24 P, SM D ES3X 48 P, PVDM4 32, PVDM4 64, PVDM4

Non-Proprietary Security Policy for the FIPS Level 2 Validated Fortress Secure Bridge

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

TANDBERG MXP Codec (Firmware Version: F6.0) FIPS Non-Proprietary Security Policy

USER MANUAL DataLocker Enterprise

OpenSSL FIPS Security Policy Version 1.2.2

Payment Card Industry (PCI) Hardware Security Module (HSM) Security Requirements Version 1.0

Certification Report

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: 0.7

Blue Coat Systems ProxySG S500 Series

Acano solution. Security Considerations. August E

Certification Report

FIPS Security Policy

Directives and Instructions Regarding Security and Installation of Wireless LAN in DoD Federal Facilities

Junos OS for EX Series Ethernet Switches, Release 12.1R6

Blue Coat Systems, Inc. Secure Web Gateway Virtual Appliance-V100 Software Version: FIPS Non-Proprietary Security Policy

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Windows 7 BitLocker Drive Encryption Security Policy For FIPS Validation

OpenSSL FIPS Security Policy Version 1.2.3

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

IronKey Data Encryption Methods

Protection Profile for Full Disk Encryption

Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll) Security Policy Document

ABUS WIRELESS ALARM SYSTEM

HP Networking Switches

Potential Targets - Field Devices

Transcription:

SNAPcell Security Policy Document Version 1.7 Snapshield July 12, 2005 Copyright Snapshield 2005. May be reproduced only in its original entirety [without revision].

TABLE OF CONTENTS 1. MODULE OVERVIEW...3 2. SECURITY LEVEL...4 3. MODES OF OPERATION...5 4. PORTS AND INTERFACES...6 5. IDENTIFICATION AND AUTHENTICATION POLICY...6 6. ACCESS CONTROL POLICY...8 ROLES AND SERVICES...8 DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)...8 DEFINITION OF CSPS MODES OF ACCESS...9 7. OPERATIONAL ENVIRONMENT...10 8. SECURITY RULES...10 9. PHYSICAL SECURITY...11 10. MITIGATION OF OTHER ATTACKS POLICY...11 11. DEFINITIONS AND ACRONYMS...12 Page 2

1. Module Overview SNAPcell (Firmware Version 5133 050322.2 SnapP2P.2 & 5133 050322.2 SnapP2MP.2, Hardware P/N Snapcell Version 1.5) is a multi-chip standalone encryption device for securing outgoing and incoming voice communications over a GSM connection by creating an encrypted communication channel with either the Encryption Center or another SNAPcell unit. The SNAPcell attaches to mobile phones through a mobile phone connector and the SNAPcell also provides a 2.5mm hands-free headset jack. The module provides status output via an LCD that is outside of the boundary and the single LED of the SNAPcell. The cryptographic boundary is defined as the outer perimeter of the plastic enclosure. Figure 1 SNAPcell Image Page 3

2. Security Level SNAPcell meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks N/A Page 4

3. Modes of Operation Approved mode of operation The SNAPcell only supports an Approved mode of operation. As such, the module always operates in a FIPS Approved mode of operation. The cryptographic module supports the following FIPS Approved algorithms as follows: AES with 256-bit keys (Cert. #212) SHA-1 (Cert. #289). DRNG implemented in accordance to FIPS 186-2 with underlying G function constructed from SHA-1 (Cert. #53). The DRNG is seeded by a NDRNG. The cryptographic module supports the following non-approved algorithms: Diffie-Hellman with 1024-bit keys for key agreement Instructions for Secure Operation In order to place a Secure Call: 1. Click the headset button once. 2. Dial the destination number and select Yes on the mobile phone keypad. 3. Once the other party answers the call, a secure session will be initiated. In order to receive a Secure Call: 1. Click the headset button once. If a secure session is successfully established, the following indicators will confirm that the call is secured: Two beeps will be emitted through the headset initially An optional beep every 20 seconds may be configured The LED will be lit red, A message will be sent to the external phone LCD, Secure Key: XXXX for the SnapP2P.2 version or User-User for the SnapP2MP.2 version. Page 5

4. Ports and Interfaces The SNAPcell supports a data input, data output, control input, status output, and power interface. The following physical ports and associated logical interfaces are supported: Sony-Ericsson Mobile phone connector: Data input, Data output, Control input, Status output, Power input 2.5mm Headset Jack: Data input, Data output. LED: Status Output. 5. Identification and Authentication Policy Assumption of roles SNAPcell supports two distinct operator roles, the User and the Cryptographic-Officer. The Cryptographic-Officer is authenticated by entering an eight-digit password and is assumed by the human operator of the SNAPcell. The User is authenticated by providing a six-character Group Number and is assumed by a SNAPtrunk or another SNAPcell device. Table 2 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data Cryptographic-Officer Role-based authentication Eight-digit Password User Role-based authentication Six-character Group Number Page 6

Table 3 Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Group Number The Group Number is a six-character secret chosen from a set of 94-alphanumeric characters. The probability that a random attempt will succeed or a false acceptance will occur is 1/94^6, which is less than 1/1,000,000. Each User authentication attempt takes approximately six seconds. As a result, a maximum of 10 authentication attempts may be made in a minute. The probability of successfully authenticating to the module within one minute is 10/94^6, which is less than 1/100,000. Password The CO Password is an eight-digit number chosen from a set of 10-digits. The probability that a random attempt will succeed or a false acceptance will occur is 1/100,000,000 which is less than 1/1,000,000. After ten failed authentication attempts, the module must be power cycled before it accepts any further authentication requests. Power cycling the module takes approximately six seconds and each authentication attempt takes approximately one second. As a result, a maximum of 38 authentication attempts may be made in a minute. The probability of successfully authenticating to the module within one minute is 38/100,000,000, which is less than 1/100,000. Page 7

6. Access Control Policy Roles and Services Role Table 4 Services Authorized for Roles Authorized Services User Make Secure Call: Initiate an AES encrypted session. Receive Secure Call: Receive an AES encrypted session. Cryptographic-Officer Change Group Number: Update the Group Number, which is used for User authentication. Change Password: Update the Password, which is used for CO authentication. View/Change User Parameters: View and update nonsecurity relevant configuration items. Reset: Invoke on-demand power-on self-tests. Zeroize: Actively zeroizes plaintext CSPs Unauthenticated Services: SNAPcell supports the following unauthenticated services: Show status: This service provides the current status of the cryptographic module through the mobile phone s LCD, the SNAPcell s LED, and the SNAPcell s 2.5mm headset jack. Power-up self test: Invokes on-demand power-on self-tests by power cycling the module. Definition of Critical Security Parameters (CSPs) The following are CSPs contained in the module: Cryptographic Officer Password Used to authenticate the CO role. Group Number Used to authenticate the User role. AES Key Used to secure sessions. DH Private Key Used as the private component during the Diffie-Hellman key agreement protocol. Page 8

DRNG Seed Key Used to seed the DRNG. DRNG state Used during the DRNG Continuous RNG Test. Definition of Public Keys: The following are the public keys contained in the module: DH SNAPcell Public Key Used as the SNAPcell s public component during the Diffie- Hellman key agreement protocol. DH Device Public Key Used as the public component received from the other party during the Diffie-Hellman key agreement protocol. Definition of CSPs Modes of Access Table 5 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as follows: Generate: Generate the CSP. Establish: Establish the CSP. Use: Use the CSP. Destroy: Actively zeroizes the CSP. Modify: Update the CSP. Role Table 5 CSP Access Rights within Roles & Services Service Cryptographic Keys and CSPs Access Operation C.O. User X Make Secure Call Generate DH Private Key. Establish AES Key. Use Group Number. Destroy AES Key (at the end of the session). Destroy DH Private Key (at the end of the session). X Receive Secure Call Generate DH Private Key. Establish AES Key. Use Group Number. Destroy AES Key (at the end of the session). Destroy DH Private Key (at the end of the session). Page 9

X View/Change User Parameters. Use CO Password. X Reset Use CO Password Destroy AES Key Destroy DH Private Key X Zeroize. Use CO Password Destroy DRNG Seed Key Destroy DRNG State Destroy Group Number Destroy CO Password X Change Group Number. Use CO Password Modify Group Number. X Change Password. Use CO Password. Modify CO Password. 7. Operational Environment The SNAPcell operates in a non-modifiable environment. As a result, the requirements of Area 6 of the FIPS 140-2 standard are not applicable. 8. Security Rules This section documents the security rules enforced by the SNAPcell: 1. SNAPcell shall provide two distinct operator roles: the User role and the Cryptographic- Officer role. 2. SNAPcell shall provide role-base authentication. 3. SNAPcell shall secure data sessions using the AES algorithm. 4. The AES key shall be agreed using Diffie-Hellman algorithm. 5. SNAPcell shall perform the following tests: A. Power up Self-Tests: 1. Cryptographic algorithm tests: a. AES Known Answer Test. b. SHA-1 Known Answer Test. c. DRNG Known Answer Test. Page 10

2. Firmware integrity test: 16-bit EDC. B. Conditional Self-Tests: 1. Continuous NDRNG test. 2. Continuous DRNG test. 6. The operator shall be capable of commanding the module to perform the power-up selftest by power-cycling the module. In addition, the CO may invoke the Reset command to invoke self-tests. 7. The module inhibits all data output during key generation, self-tests, zeroization, and error states. 8. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 9. The module does not support manual key entry. 10. The module does not support a maintenance role or interface. 11. The module does not support a bypass service. 9. Physical Security The SNAPcell enclosure consists of two hard, opaque, plastic halves that encompass all components of the module. The two halves are ultrasonically welded together and cannot be separated without causing evidence of tamper. Physical Security Mechanisms Table 6 Inspection/Testing of Physical Security Mechanisms Recommended Frequency of Inspection/Test N/A N/A N/A Inspection/Test Guidance Details 10. Mitigation of Other Attacks Policy The SNAPcell is not designed to mitigate any specific attacks beyond the scope of FIPS 140-2. Table 7 Mitigation of Other Attacks Other Attacks Mitigation Mechanism Specific Limitations N/A N/A N/A Page 11

11. Definitions and Acronyms AES Advanced Encryption Standard CO DH DRNG LCD LED NDRNG P2MP P2P SHA USB Cryptographic Officer Diffie-Hellman Deterministic Random Number Generator Liquid Crystal Display Light Emitting Diode Non-Deterministic Random Number Generator Point-to-Multi-Point Point-to-Point Secure Hash Algorithm Universal Serial Bus Page 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information