Version 7 Revision 3 -i- IBM System Storage TS1130 Tape Drive ­ Machine Type 3592, Model E06 Security Policy Document Version 7 Revision 3 ii Version 7 Revision 3 1 Document History .................................................................................................................................................. 1 2 Introduction ............................................................................................................................................................ 2 2.1 References ............................................................................................................................................... 3 3 TS1130 Encrypting Tape Drive Cryptographic Module Description ..................................................................... 4 3.1 Overview ................................................................................................................................................. 4 3.2 Secure Configuration ............................................................................................................................. 5 3.3 Ports and Interfaces ............................................................................................................................... 8 3.4 Roles and Services .................................................................................................................................. 9 3.5 Physical Security .................................................................................................................................. 15 3.6 Cryptographic Algorithms and Key Management............................................................................ 16 3.7 Design Assurance ................................................................................................................................. 20 3.8 Mitigation of other attacks .................................................................................................................. 20 Version 7 Revision 3 -1- 1 Document History Date Author Change 02/25/2009 Christine Knibloe V0.0 Initial Creation 10/05/2009 Said Ahmad V1.0 Updated Figure 1 and Table 3 removing references to misc. port 10/20/2009 Said Ahmad V2.0 Updated cryptographic boundary from the canister to drive brick 10/21/2009 Said Ahmad V3.0 Updated Figure 1 with duplicate Ethernet port 10/29/2009 Said Ahmad V4.0 Updates per the Lab Comments 1/28/2009 Said Ahmad V5.0 Updated per the Lab Comments 6/2/2010 Said Ahmad V6.0 Updated per CMVP comments 6/3/2010 Said Ahmad V7.0 Updated per CMVP comments 6/8/2010 Said Ahmad V7.1 Updated per CMVP comments 7/16/2010 Said Ahmad V7.2 Updated per CMVP Comments 2 Version 7 Revision 3 2 Introduction This non-proprietary security policy describes the IBM System Storage TS1130 Tape Drive - Machine Type 3592, Model E06 cryptographic module and the approved mode of operation for FIPS 140-2, meeting the security level 1 requirements for each section of the requirements. This policy was prepared as part of FIPS 140-2 validation of the TS1130. The IBM System Storage TS1130 Tape Drive - Machine Type 3592, Model E06 is referred to in this document as the "TS1130 Encrypting Tape Drive," the "TS1130," and the encrypting tapedrive. FIPS 140-2 (Federal Information Processing Standards Publication 140-2--Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/ The security policy document is organized in the following sections: · Introduction · References · Document Organization TS1130 Encrypting Tape Drive Cryptographic Module Description · Cryptographic Module Overview · Secure Configuration · Cryptographic Module Ports and Interfaces · Roles and Services · Physical Security · Cryptographic Key Management · Self-Tests · Design Assurance · Mitigation of Other Attacks 3 Version 7 Revision 3 2.1 References This document describes only the cryptographic operations and capabilities of the TS1130 Encrypting Tape Drive. More information is available on the general function of the TS1130 Encrypting Tape Drive at the IBM web site: http://www.ibm.com/storage/tape/ The tape drive meets the T10 SCSI-3 Stream Commands (SSC) standard for the behavior of sequential access devices. In addition, the tape drive primary host interfaces are physical fibre channel ports. The physical and protocol behavior of these ports conforms to Fibre Channel Protocol (FCP) specification. These specifications are available at the INCITS T10 standards web site: http://www.T10.org / A Redbook describing tape encryption and user configuration of the drive in various environments can be found at: http://www.redbooks.ibm.com/abstracts/sg247320.html?Open The TS1130 drive format on the tape media is designed to conform to the IEEE P1619.1 committee draft proposal for recommendations for protecting data at rest on tape media. Details on P1619.1 may be found at: http://ieee-p1619.wetpaint.com/ 4 Version 7 Revision 3 3 TS1130 Encrypting Tape Drive Cryptographic Module Description 3.1 Overview The TS1130 Encrypting Tape Drive is a set of hardware, firmware, and interfaces allowing the optional storage and retrieval of encrypted data to magnetic tape cartridges. The TS1130 tape drive is FIPS validated as a multi-chip, embedded cryptographic module (Hardware Version: 45E8855 EC Level L31095 and Firmware Version: 46X1651 EC Level L31096). In customer operation the "brick" unit is embedded in a canister package for operation in a library. Some components of the TS1130 tape drive, such as mechanical components used for tape loading/unloading and actuating the tape cartridge, labels, cables, connectors, terminals and sensor components, do not have an effect on the security of the cryptographic module. A block diagram of the TS1130 Encrypting Tape Drive is shown below: Cryptographic Module Block Diagram Power (J37) Message Display SDRAM SDRAM (U20,U21,U22, (U52,U54) U34,U49,U51,U67,U58) Port 0 Port 1 422 232 Panel net (J4) FC FAS600 (U71) FC (J12) Yuri (U24) Cartridge Mem RS- RS- Service Ether- UPIF Other (J10) (internal PPC) (U23) Card Functions Deck (U14,U9,U13, (J32) Flash (U17) U8,U46,U48) SH7780 (U16) Head ACF I2C net Tape (J6) SDRAM (U86,U87) SDRAM (U10,U11) Main Card Ether- (J42) Drive Figure 1: TS1130 Block Diagram 5 Version 7 Revision 3 The TS1130 Encrypting Tape Drive has two major cryptographic functions: Data Block Cipher Facility: The tape drive provides functions which provide the ability for standard tape data blocks as received during SCSI-type write commands to be encrypted before being recorded to media using AES-GCM block cipher using a provided key, and decrypted during reads from tape using a provided key. o Note the AES-GCM block cipher operation is performed after compression of the host data therefore not impacting capacity and data rate performance of the compression function o The TS1130 drive automatically performs a complete and separate decryption and decompression check of host data blocks after the compression/encryption process to validate there were no errors in the encoding process Secure Key Interface Facility: The tape drive provides functions which allow authentication of the tape drive to an external IBM key manager, such as the IBM Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and allow transfer of protected key material between the key manager and the tape drive. 3.2 Secure Configuration This section describes the approved mode of operation for the TS1130 drive to maintain the FIPS 140-2 validation. There are two configurations for the TS1130 in the approved mode of operation. They are: System-Managed Encryption (SME) Library-Managed Encryption (LME) In order to be in an approved mode of operation, the values of the fields Key Path (manager Type) (from VPD), In-band Key Path (Manager Type) Override, Indirect Key Mode Default, Key Scope, and Encryption Method must be set according to the table below. More details can be found in the TS1130 SCSI Reference. Table 1: Settings for Approved Configurations Required Fields System-Managed Library-Managed Encryption (SME) Encryption (LME) Key Path (Manager Type) (from VPD) X'1' X'6' Mode Page X'25', byte 21, bits 7-5 In-band Key Path (Manager Type) Override X'0' or X'1' X'0' Mode Page X'25', byte 21, bits 4-2 Indirect Key Mode Default B'0' B'0' Mode Page X'25', byte 22, bit 4 Key Scope X'0' or X'1' X'0' or X'1' Mode Page X'25', byte 23, bits 2-0 Encryption Method X'10' or X'1F' X'60' Mode Page X'25', byte 27 A user can determine if the TS1130 is in the approved mode of operation by issuing a SCSI Mode Sense command to Mode Page X'25' and evaluating the values returned. Certain commands are prohibited while in the approved mode of operation. The commands vary based on which configuration is used in the approved mode. In the LME configuration, all Mode Select commands to subpages of Mode Page X'25' are prohibited. In the SME configuration, Mode Select commands to the following subpages of Mode Page X'25' are prohibited. 6 Version 7 Revision 3 Table 2: Mode Select Eligibility of Mode Page X'25' Subpages Mode Page X'25' Subpages System-Managed Encryption Library-Managed Encryption (SME) (LME) X'C0' ­ Control/Status Allowed Prohibited X'D0' ­ Generate dAK/dAK' Pair Prohibited Prohibited X'D1' ­ Query dAK Prohibited Prohibited X'D2' ­ Update dAK/dAK' Pair Prohibited Prohibited X'D3' ­ Remove dAK/dAK' Pair Prohibited Prohibited X'D5' ­ Drive Challenge/Response Allowed Prohibited X'D6' ­ Query Drive Certificate Allowed Prohibited X'D7' ­ Query/Setup HMAC Prohibited Prohibited X'D8' ­ Install eAK Prohibited Prohibited X'D9' ­ Query eAK Prohibited Prohibited X'DA' ­ Update eAK Prohibited Prohibited X'DB' ­ Remove eAK Prohibited Prohibited X'DF' ­ Query dSK Allowed Prohibited X'E0' ­ Setup SEDK/EEDK(s) Allowed Prohibited X'E1' ­ Alter EEDK(s) Allowed Prohibited X'E2' ­ Query EEDKs (Active) Allowed Prohibited X'E3' ­ Query EEDKs (Needed) Allowed Prohibited X'E4' ­ Query EEDKs (Entire) Allowed Prohibited X'E5' ­ Query EEDKs (Pending) Allowed Prohibited X'EE' ­ Request EEDKs (Translate) Allowed Prohibited X'EF' ­ Request EEDKs (Generate) Allowed Prohibited X'FE' ­ Drive Error Notify Allowed Prohibited Loading a FIPS 140-2 validated drive microcode level and configuring the drive for SME or LME operation initializes the TS1130 into the approved mode of operation. The FIPS 140-2 validated drive microcode level should be loaded twice to ensure the firmware occupies both the main and reserved firmware locations. The TS1130 supports multi-initiator environments, but only one initiator may access cryptographic functions at any given time. Therefore the TS1130 does not support multiple concurrent operators. The TS1130 implements a non-modifiable operational environment which consists of a firmware image stored in FLASH. The firmware image is copied to, and executed from, RAM. The firmware image can only be updated via FIPS-approved methods that verify the validity of the image. The TS1130 drive operates as a stand-alone tape drive and has no direct dependency on any specific operating system or platform for FIPS approved operating mode, but does have requirements for: · Key Manager/Key Store attachment · Drive Configuration The following criteria apply to the usage environment: Key Manager and Key Store Attachment o In both SME and LME modes of operation, an IBM key manager, such as the Encryption Key Manager (EKM) or the Tivoli Key Lifecycle Manager (TKLM), and a supported key store must be used in a manner which supports secure import and export of keys with the TS1130 drive : · Keys must be securely passed into the TS1130 drive. The key manager must support encryption of the Data Key to form an Session Encrypted Data Key (SEDK) for transfer to the TS1130 drive using the TS1130 drive public Session Key and a 2048-bit RSA encryption method. 7 Version 7 Revision 3 · The key manager/key store must be able to use the EEDK it supplies the drive to determine the Data Key. Drive Configuration requirements o The TS1130 drive must be configured in SME or LME encryption mode. o The TS1130 drive must have the FIPS 140-2 validated drive firmware level loaded and operational. o Drive must be configured in the approved mode of operation. o In LME mode, the TS1130 drive must be operated in an automation device which operates to the LDI or ADI interface specifications provided. 8 Version 7 Revision 3 3.3 Ports and Interfaces The cryptographic boundary of the TS1130 drive cryptographic module is the drive brick. Tape data blocks to be encrypted (write operations) or decrypted data blocks to be returned to the host (read operation) are transferred on the host interface ports using SCSI commands, while protected key material may be received on the host interface ports or the library port. The physical ports are separated into FIPS-140-2 logical ports as described below. Table 3: Ports and Interfaces of the TS1130 TS1130 Drive FIPS-140-2 Crypto Interface Functionality Physical Ports Logical Interface Services Fibre Channel Port Data Input Yes Inputs data 0 Data Output Crypto: Inputs protected keys from the key Control Input manager in SME mode. Fibre Channel Port Status Output Outputs data 1 Outputs encrypted key components Inputs SSC-3 SCSI protocol commands Outputs SSC-3 SCSI protocol status RS-422 Port Data Input Yes Crypto: Inputs protected keys from the key Data Output manager in LME mode. Control Input Outputs data Status Output Outputs encrypted key components Inputs LDI and LMI protocol commands. Outputs LDI and LMI protocol status. RS-232 Port Disabled None Disabled in the FIPS validated firmware Ethernet Port Control Input None Inputs controls and image for firmware load Status Output Outputs status Data Input ACF Interface Control Input None Inputs controls from automatic cartridge facility Status Output Outputs status I2C Interface Data Input None Inputs VPD data Data Output Outputs VPD data Service Panel Control Input Yes Inputs controls from service panel Interface Status Output Crypto: Inputs controls for key zeroization Crypto: Inputs controls for VPD configuration Outputs status Crypto: Outputs indicator for the encrypting state Front Panel Control Input Yes Inputs unload button selection Interface Status Output Inputs reset button selection - 8 Character Outputs status on 8 character display Display Crypto: Outputs indicator for the encrypting state - Unload Button - Reset Button Input Power Port Power None Inputs power to the TS1130 drive Write Protect Control Input None Inputs write protect state of the cartridge Switch Cartridge Memory Data Input Yes Inputs parameters. RFID Port Data Output Crypto: Inputs external key structures Outputs parameters. Crypto: Outputs external key structures Read/Write Head Data Input None Inputs data from tape cartridges (decrypted reads) Data Output Outputs data to tape cartridges (encrypted writes) Control Input Inputs command to load firmware from special FMR cartridges 9 Version 7 Revision 3 3.4 Roles and Services The TS1130 drive supports both a Crypto Officer role and a User role, and uses basic cryptographic functions to provide higher level services. For example, the TS1130 drive uses the cryptographic functions as part of its data reading and writing operations in order to perform the encryption/decryption of data stored on a tape. The Crypto Officer role is implicitly assumed when an operator performs key zeroization. The User role is implicitly assumed for all other services. Both operators have access to the Power-up Self-Tests service. The two main services the TS1130 drive provides are: · Encryption or decryption of tape data blocks using the Data Block Cipher Facility. · Establishment and use of a secure key channel for key material passing by the Secure Key Interface Facility. It is important to note that the Secure Key Interface Facility may be an automatically invoked service when a user issues Write or Read commands with encryption enabled that require key acquisition by the TS1130 drive. Under these circumstances the TS1130 drive automatically establishes a secure communication channel with a key manager and performs secure key transfer before the underlying write or read command may be processed. 3.4.1 User Guidance The services table describes what services are available to the User and Crypto Officer roles. There is no authentication required for accessing the User Role There is no authentication required for accessing the Crypto Officer Role Single Operator requirements: The TS1130 drive enforces a requirement that only one host interface initiator may have access to cryptographic services at any given time. 10 Version 7 Revision 3 3.4.2 Provided Services Available services are also documented in the specified references. All of the services summarized here are allowed in the FIPS mode of operation: Table 4: Provided Services Service Interface(s) Description Inputs Outputs Role General SCSI - Host As documented in the Formatted Formatted User commands TS1130 SCSI Reference Operational Operational Codes and Codes and Messages Messages General Library - Library As documented in the Formatted Formatted User Interface commands Drive Library LDI and Operational Operational LMI Interface Codes and Codes and Specifications Messages Messages Service Panel - Service Set selected aspects of Button Service User Configuration Panel drive configuration selections Panel manually, per the 3592 E06 Maintenance Information Manual Service Panel - Service Invoke diagnostics Button Service User Diagnostics Panel manually, per the 3592 selections Panel, E06 Maintenance 8 Character Information Manual Display Service Panel Status - Service Displays status, per the From Service User Display Panel 3592 E06 Maintenance TS1130 Panel Information Manual drive operating system Front Panel Interface - Front Panel Displays status, per the From 8 Character User Status Interface 3592 E06 Maintenance TS1130 Display (8 Information Manual drive Character operating Display) system Front Panel Interface - Front Panel Unload via unload button Button 8 Character User Unload Interface selection Display (Unload Button) Front Panel Interface - Front Panel Reset via the reset button Button Reboot User Reset Interface selection occurs (Reset Button) 11 Version 7 Revision 3 Service Interface(s) Description Inputs Outputs Role Encrypting Write- - Host The Secure Key Interface - Plaintext - Encrypted User type Command Facility automatically data data on tape requests a key, provides - SEDK - EEDK on authentication data, - EEDK tape securely transfers and verifies the key material. The Data Block Cipher Facility encrypts the data block with the received Data Key using AES- GCM block cipher for recording to media. A received EEDK is automatically written to media using the Cartridge memory and the RW Head Interface. The decryption-on-the- fly check performs AES- GCM decryption of the encrypted data block and verifies the correctness of the encryption process Decrypting Read- - Host The Secure Key Interface SEDK - Plaintext User type Command Facility automatically data to host requests a key, provides authentication data and EEDK information if available, securely transfers and verifies the key material. The received Data Key is used by the Data Block Cipher Facility to decrypt the data block with using AES-GCM decryption and returning plaintext data blocks to the host; Optionally in Raw mode the encrypted data block may be returned to the host in encrypted form (not supported in approved configuration) Set Encryption - Host Performed via Mode Requested None User Control Parameters - Library Select to Mode Page Mode Page (including Bypass x'25' and Encryption and Subpage Mode) Subpage X'C0' Query Encryption - Host Performed via Mode Requested Mode Data User Control Parameters - Library Sense to Mode Page Mode Page (including Bypass x'25' and Encryption and Subpage Mode) Subpage X'C0' "Show Status" 12 Version 7 Revision 3 Service Interface(s) Description Inputs Outputs Role Drive - Host Allows programming Requested Mode Data User Challenge/Response - Library challenge data and Mode Page reading an optionally) and Subpage encrypted, signed response; not used in default configuration. Performed via mode select and mode sense to Mode Page x'25' and Encryption Subpage x'D5'; not used in default configuration Query Drive - Host Allows reading of the Requested Mode Data User Certificate - Library Drive Certificate public Mode Page key. Performed via and Subpage mode sense to Mode Page x'25' and Encryption Subpage x'D6'; the provided certificate is signed by the IBM Tape Root CA. Query dSK - Host Allows reading of the Requested Mode Data User - Library Drive Session (Public) Mode Page Key Performed via and Subpage mode sense to Mode Page x'25' and Encryption Subpage X'DF'. Setup an SEDK and - Host This is the means to Requested Mode Data User EEDK structure (a - Library import an encrypted Mode Page protected key private key to the and Subpage structure) TS1130 for use in writing and encrypted tape or in order to read a previously encrypted tape. Performed via mode select to Mode Page x'25' and Encryption Subpage x'E0'. In this service, the module generates a drive session key pair. The module then sends the dSK to the key manager where it is used to create an SEDK. At this time, the key manager also uses its own RSA key to generate the EEDK. Then, the key manager sends both the SEDK and the EEDK back to the module. 13 Version 7 Revision 3 Service Interface(s) Description Inputs Outputs Role Query EEDK(s) ­ - Host Allows the reading from Requested Mode Data User active, needed, - Library the drive of EEDK Mode Page pending , entire (all) structures in different and Subpage categories for the medium currently mounted. Performed by Mode Select commands to Mode Page x25' and various subpages. Request EEDK(s) - Host This status command is Requested Mode Data User Translate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it has read EEDKs from a mounted, encrypted tape and needs them translated to an SEDK and returned for the drive to read the tape. The key manager issues this command to read EEDK(s) structures which the drive requires to be translated by the Key Manager and subsequently returned to the drive as an SEDK structure to enable reading of the currently active encrypted area of tape. Performed via mode sense to Mode Page x'25' and Encryption Subpage x'EE' . Request EEDK(s) - Host This status command is Requested Mode Data User Generate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it requires new SEDK and EEDK(s) to process a request to write an encrypted tape. This page provides information about the type of key the drive is requesting. Performed via mode sense to Mode Page x'25' and Encryption Subpage x'EF' . 14 Version 7 Revision 3 Service Interface(s) Description Inputs Outputs Role Alter EEDK(s) - Host This command is used to Requested Mode Data User - Library modify the EEDK Mode Page structures stored to tape and Subpage and cartridge memory. The TS1130 will write the modified structures out to the tape and cartridge memory as directed. Performed via mode sense to Mode Page x'25' and Encryption Subpage x'E1' . Drive Error Notify - Host These status responses Requested Mode Data User and Drive Error - Library are the means used by the Mode Page Notify Query drive to notify the Key and Subpage Manager that an action is required, such as a Key generation or Translate, to proceed with an encrypted write or read operation. These status responses are read via Mode Sense commands to Mode Page x'25' subpage `EF" and `FF'. Power-Up Self-Tests - Power Performs integrity and None Failure User, - Host cryptographic algorithm required status, if Crypto - Library self-tests, firmware applicable Officer image signature verification Configure Drive - Host Allows controlling of From Vital User Vital Product Data - Library default encryption mode TS1130 Product (VPD) settings and other operating drive Data (VPD) parameters operating system Firmware Load - Host Allows loading of Firmware None Crypto validated firmware image Officer images Key Path Check - Host As documented in the Diagnostic Diagnositc User diagnostic TS1130 SCSI Reference command command specifying status the Key Path diagnostic Key Zeroization - Service Zeroes all private Service Diagnositc Crypto Panel plaintext keys in the panel command Officer TS1130 drive via the buttons status Service Panel 15 Version 7 Revision 3 3.5 Physical Security The TS1130 drive "brick" unit is embedded in a factory supplied canister assembly. The brick assembly is the cryptographic boundary of the TS1130. All of the drive's components are production grade. Both the drive brick unit and the canister assembly have industrial grade covers. These covers are not removed in the field in the approved configuration. The TS1130 requires no preventative maintenance, and field repair is not performed for the unit. All failing units must be sent intact to the factory for repair. Figure 2 TS1130 Drive Brick Figure 3 TS1130 Drive Canister 16 Version 7 Revision 3 3.6 Cryptographic Algorithms and Key Management 3.6.1 Cryptographic Algorithms The TS1130 drive supports the following basic cryptographic functions. These functions are used by the Secure Key Interface Facility or the Data Block Cipher Facility to provide higher level user services. Table 5: Basic Cryptographic Functions Algorithm Type /Usage Specification Approved? Used by Algorithm Certificate AES-GCM mode Symmetric Cipher AES: FIPS-197 Yes ASIC #918, #919 encryption / Encrypts data GCM: SP800-38D and #1273 decryption blocks while (256-bit keys) performing decrypt-on-the-fly verification Decrypts data blocks RNG IV generation for FIPS 186-2 using Yes Firmware #711 AES-GCM, Drive SHA-1 Session Key generation SHA-1 Hashing FIPS 180-3 Yes Firmware #1173 Algorithm Multiple uses SHA-256 Hashing FIPS 180-3 Yes Firmware #1173 Algorithm Digest verifies key manager messages, digest appended on messages to key manager PKCS #1 :RSA Digital signature FIPS 186-2 and Yes Firmware #611 Sign/Verify generation and PKCS#1 verification to sign the session key and to verify firmware image signature on firmware load PKCS #1 :RSA Key Key Generation - No, but Firmware N/A Generation (1024 Session key allowed in and 2048-bit keys) generation FIPS mode1 PKCS #1 RSA Key Unwrapping of - No, but Firmware N/A Transport (1024 and transported key allowed in 2048-bit keys) material SEDK FIPS mode TRNG (Custom) Seeding RNG - No2 ASIC N/A 1 Allowed for generation of keys used by the RSA Key Transport mechanism 2 Allowed in FIPS mode for seeding approved RNG 17 Version 7 Revision 3 3.6.2 Security Parameters The following table provides a summary of both critical security parameters (CSPs) and non-critical security parameters used by the TS1130 drive. Table 6: Security Parameters Security CSP Key Type Input into Output Generation Storage Storage Form Zeroized Parameter Module from Method Location Module Drive No RSA Yes - Yes N/A Drive Non-volatile N/A Certificate 2048-bit at time of Vital Plaintext Public Key PKCS#1 manufacture Product (dCert) Data (VPD) Drive Yes RSA Yes - No N/A Drive Non-volatile Yes Certificate 2048-bit at time of VPD X.509 Private Key PKCS#1 manufacture certificate (dCert') signed with the IBM Tape root CA Drive No RSA No ­ Yes Non-approved, Drive Ephemeral N/A Session 2048-bit Generated allowed in RAM Plaintext Public Key PKCS#1 by module FIPS mode (dSK) Drive Yes RSA No ­ No Non-approved, Drive Ephemeral Yes Session 2048-bit Generated allowed in RAM Plaintext Private PKCS#1 by module FIPS mode Key (dSK') Session No RSA-2048 Yes No N/A Drive Ephemeral Yes Encrypted encrypted RAM Encrypted Data Key with the (SEDK) dSK Data Key Yes AES Yes ­ No N/A Before Ephemeral Yes (DK) 256-bit (Received in Use: Plaintext symmetric encrypted Drive key form, RAM encapsulated in the When in Ephemeral SEDK) use: Encrypted Stored In form as SEDK ASIC; (unreadab le register) 186-2 RNG Yes Seed No ­ No TRNG Drive Ephemeral Yes Seed Key Generated RAM Plaintext by module 186-2 RNG Yes Seed No ­ No TRNG Drive Ephemeral Yes Seed (20 bytes) Generated RAM Plaintext by module Additional notes on key management: · Secret and private keys are never output from the TS1130 drive in plaintext form. · Secret keys may only be imported to the TS1130 drive in encrypted form. · Zeroization behavior outlined in Table 7 18 Version 7 Revision 3 Table 7: CSP Access Table Drive Certificate Private Key Drive Certificate Public Key Session Encrypted Data Key Drive Session Private Key Drive Session Public Key 186-2 RNG Seed Key 186-2 RNG Seed (SEDK) (dCert') Data Key (dCert) (dSK') (dSK) (DK) General SCSI commands General Library Interface commands R R W Service Panel Configuration , X X X X Diagnostic and Status services Service Panel Configuration Service Panel Diagnostics X X X X Service Panel Status Display Front Panel Interface Status Front Panel Interface Unload Z Z Z Z Front Panel Interface Reset Z Z Z Z Z Z Encrypting Write-type Command X Decrypting Read-type Command X Set Encryption Control Parameters (including Bypass Mode) Query Encryption Control Parameters (including Bypass Mode) "Show Status" Drive Challenge/Response X X X X Query Drive Certificate R Query dSK X R Setup an SEDK and EEDK structure X W W (a protected key structure) Query EEDK(s) ­ active, needed, pending , entire (all) Request EEDK(s) Translate R Request EEDK(s) Generate W Alter EEDK(s) X RW Drive Error Notify and Drive Error Notify Query Power-Up Self-Tests X X X X Configure Drive Vital Product Data W W (VPD) settings Firmware Load Test Key Path Check diagnostic X X RX X R Key Zeroization Z Z Z Z Z Z 19 Version 7 Revision 3 3.6.3 Self-Test The TS1130 drive performs both Power On Self Tests and Conditional Self tests as follows. The operator shall power cycle the device to invoke the Power On Self tests. Table 8: Self-Tests Function Self-Test Type Implementation Failure Behavior Tested AES-GCM Power-Up KAT performed for Encrypt and Decrypt (256- FSC3 D12D posted (256-bit keys) bit) RNG Power-Up KAT performed FSC D12D posted SHA-1 Power-Up KAT performed FSC D12D posted SHA-256 Power-Up KAT performed FSC D12D posted RSA PKCS #1 Power-Up KAT performed FSC D12D posted Sign/Verify Firmware Power-Up RSA PKCS #1 digital signature verification of Drive reboot Integrity Check application firmware; CRC check of SH vital product data (VPD); CRC check of FPGA image. RNG Conditional: Ensure the newly generated random number FSC D133 posted When a random number is does not match the previously generated random generated number. Also ensure the first number generated after start up is unused and stored for comparison TRNG Conditional: Ensure the newly generated random number FSC D133 posted (Custom) When a random number is does not match the previously generated random generated number. Also ensure the first number generated after start up is unused and stored for comparison Firmware Load Conditional: RSA PKCS #1 signature verification of new Code load is Check When new firmware is firmware image before new image may be rejected loaded loaded Exclusive Conditional: Ensure correct data output after switching FSC D189 posted Bypass Test When switching between modes encryption and bypass Check to ensure the key is properly loaded modes (Note: The same implementation serves as the Alternating Bypass Test.) Alternating Conditional: Ensure correct data output after switching FSC D188 posted Bypass Test When switching between modes encryption and bypass Check to ensure the key is properly loaded modes (Note: The same implementation serves as the Exclusive Bypass Test.) Key Path test Conditional: The drive will initiate a key request and key FSC D132 posted When the Send Diagnostic transfer operation with an attached Key command specifying this Manager; random protected key material is diagnostic number is imported into the device and checked for received from the host validity; status is reported back to the Key fibre or library port; the Manager and the invoking Host drive must be unloaded and idle or the command is rejected 3 Fault Symptom Code 20 Version 7 Revision 3 3.6.4 Bypass States The TS1130 supports the following bypass states: Table 9: Bypass States Bypass State To enter the Bypass State To verify the Bypass State Static Bypass Mode 1: Issue a Mode Select command to Encryption disabled mode page X'25' and set the "Encryption Disabled" bit Static Bypass Mode 2: Issue a Mode Select command to Zero key usage for all records mode page X'25' and set bit 0 of Issue a Mode Sense Encryption Control 3 to 1 command to verify the Alternating Bypass Mode 1: Issue a Mode Select command to mode is accurately reflected Zero Key usage all labels mode page X'25' and set bit 2 of on mode page X'25' Encryption Control 3 to 1 Alternating Bypass Mode 2: Issue a Mode Select command to Zero Key usage on Volume Labels mode page X'25' and set bit 1 of Encryption Control 3 to 1 Bypass entry, exit, and status features are provided to meet approved methods for use of bypass states. 3.7 Design Assurance TS1130 drive release parts are maintained under the IBM Engineering Control (EC) system. All components are assigned a part number and EC level and may not be changed without re-release of a new part number or EC level. The following table shows the validated configuration for each host interfaces of the TS1130 encrypting tape drive: Table 10: Validated Configuration Hardware EC Level 45E8855 EC Level L31095 Firmware EC Level 46X1651 EC Level L31096 3.8 Mitigation of other attacks The TS1130 drive does not claim to mitigate other attacks.