Lexmark PrintCryptionTM (Firmware Version 1.3.2f) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 2.4 February, 2011 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents INTRODUCTION ............................................................................................................. 3 PURPOSE ....................................................................................................................... 3 REFERENCES ................................................................................................................. 3 DOCUMENT ORGANIZATION ............................................................................................. 3 LEXMARK PRINTCRYPTIONTM ..................................................................................... 4 OVERVIEW ..................................................................................................................... 4 MODULE SPECIFICATION ................................................................................................. 4 MODULE INTERFACES ..................................................................................................... 7 ROLES AND SERVICES ..................................................................................................... 9 Crypto Officer Role .................................................................................................... 9 User Role ................................................................................................................ 10 PHYSICAL SECURITY ..................................................................................................... 10 OPERATIONAL ENVIRONMENT ........................................................................................ 10 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................. 11 Access Control Policy .............................................................................................. 12 Key Generation ....................................................................................................... 12 Key Storage ............................................................................................................ 12 Key Entry and Output .............................................................................................. 12 Key Zerorization ...................................................................................................... 12 SELF-TESTS ................................................................................................................. 12 DESIGN ASSURANCE ..................................................................................................... 14 MITIGATION OF OTHER ATTACKS .................................................................................... 14 OPERATION IN FIPS MODE ........................................................................................ 15 INITIAL SETUP............................................................................................................... 15 CRYPTO OFFICER GUIDANCE ......................................................................................... 16 USER GUIDANCE .......................................................................................................... 16 ACRONYMS ................................................................................................................. 20 Page 2 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Introduction Purpose This is a non-proprietary Cryptographic Module Security Policy for the Lexmark PrintCryptionTM from Lexmark International Inc. This Security Policy describes how the Lexmark PrintCryptionTM meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp/index.html . The Lexmark PrintCryptionTM is referred to in this document as PrintCryption, PrintCryption module, cryptographic module, firmware module, or module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The Lexmark International website (http://www.lexmark.com) contains information on the full line of products from Lexmark International.  The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module. Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Machine  Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Lexmark and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Lexmark International. Page 3 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. LEXMARK PRINTCRYPTIONTM Overview The Lexmark PrintCryptionTM is an option for the Lexmark printers that enable the transfer and printing of encrypted print jobs. This new Lexmark technology offers a level of security that is the first of its kind in the printing industry. With the PrintCryption module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryptionTM analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the document to be printed. This new level of printing security is ideal for industries that commonly handle sensitive or personal information, such as financial institutions, government agencies, and healthcare organizations. Module Specification The version 1.3.2f PrintCryptionTM module is a firmware module composed of three binaries (aessd, dkmd & libcl.so) on the IBM750CL and Freescale 7448 powerPC processor platform. The module is enabled in Lexmark printers using a Downloaded Emulator Card (DLE), PN: 57X9000, a PCI interface PCB board that plugs into the printer which contains an activation code. The DLE card is shown in Figure 1. Figure 1 - Optional Firmware Card Per FIPS PUB 140-2, PrintCryptionTM is classified as multi-chip standalone cryptographic module. The module meets overall level 1 FIPS 140-2 requirements, as detailed in Table 2. Page 4 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Printer Model Processor C792 Freescale 7448 C796 Freescale 7448 C925 IBM 750CL C950 Freescale 7448 X548 IBM 750CL XS548 IBM 750CL X792 Freescale 7448 XS796 Freescale 7448 X925 IBM 750CL XS925 IBM 750CL X950 Freescale 7448 X952 Freescale 7448 X954 Freescale 7448 XS955 Freescale 7448 Table 1 – Printers that Maintain the PrintCryption FIPS 140-2 Validation (Option P/N 57X9000): Figure 2 X548 with PrintCryption 1.3.2f Figure 3 X792 with PrintCryption 1.3.2f Page 5 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Operating System: Lexmark proprietary ver. 2.6.28 based on the Linux operating system. Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N/A 7 Cryptographic Key Management 1 8 EMI/EMC 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A Table 2 – Security Level per FIPS 140-2 Section Logically, the cryptographic boundary is composed of three binaries and is evaluated for use on Lexmark printers that are running Linux operating system. Once the PrintCryption firmware is activated in the printer, the printer must use this firmware. The cryptographic module cannot be bypassed. Functionality is then controlled by the PrintCryption firmware. Internal Data Applications OS Plaintext Cryptographic Boundary PrintCryption Firmware Ciphertext Figure 4 - Logical Cryptographic Boundary The PrintCryption module runs on number of Lexmark printers including Color printers (C792, C796, C925, and C950), and color MFP printers (X548, X792, XS796, X925, XS925, X950, X952, X954 and XS955). FIPS testing was performedon the X548 and X792. The module’s physical cryptographic boundary is the metal and plastic enclosure of the printer. Within the physical cryptographic boundary are the following components: Page 6 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.  A CPU which executes the module binaries  FLASH memory storage which stores the module binaries  Volatile memory consisting of RAM  A custom ASIC which contains support circuitry including: RAM controller, PCI buss interface, IO port interfaces and print engine interface circuits.  An option slot containing the PrintCryption DLE card connected to the PCI bus  The print engine consisting of various electronics and mechanisms that constitute the print device, sensors, and operator panel Print Option Slot Engine PCI BUS Custom I/O Port ASIC Volatile FLASH System BUS Memory CPU Cryptographic Boundary Figure 5 - Physical Cryptographic Boundary Module Interfaces The cryptographic module’s physical ports are composed of the physical ports provided by the hardware platforms listed above. These printer ports include the network port, optional parallel port, USB port, paper exit port, multipurpose feeder, LED, and LCD display. Since all of the module’s services are server processes, the logical interfaces of the module are network port and API calls, which provide the only means of accessing the module’s services. Data inputs are service requests on the TCP Page 7 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. ports. Control inputs are also data at TCP/IP port, however they are logically distinct from Data input and controls how the function is executed. The data output from the module includes X.509 certificate and deciphered data, which exit through the network port and an internal API, respectively. The status outputs of the module are sent via network and stored in log file. The LCD status output displays if the module is installed and its version number. All of these physical ports are separated into logical interfaces defined by FIPS 140-2, as described in the following table. Page 8 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Logical Interface of the Module Module Physical Port FIPS 140-2 Logical Interface Network Port Network (Ethernet 10/100) Port Data Input Interface USB Port Parallel Port (optional) Network Port Network (Ethernet 10/100) Port Data Output Interface Internal API Paper Exit Port Network Port Operator Panel Control Input Interface Network (Ethernet 10/100) Port USB Port Parallel Port (optional) Multipurpose/envelope Feeder Power Switch Network Port LED Status Output Interface Log File LCD Display Network (Ethernet 10/100) Port USB Port Parallel Port (Optional) Paper Exit Port Not Applicable Power Plug Power Interface Power Connector Table 3 – FIPS 140-2 Logical Interfaces Roles and Services The module supports two roles, a Crypto Officer role and a User role, and an operator on the module implicitly assumes one of the roles. Descriptions and responsibilities for the two roles are described below. Crypto Officer Role The Crypto Officer activates and deactivates the PrintCryption module by installing and removing the DLE card. The Crypto Officer is also responsible for Run Self Tests and Show Status services Service Description Input Output CSP Type of Access to CSP Activate Assemble the printer Command Result of None -- and insert the DLE activation card to activate the PrintCryption module; Install printer driver on host PC Deactivate Remove the DLE card Command Deactivated None -- to deactivate the module PrintCryption module Run Self- Perform the self-test Command Status output Integrity Check Read Test on demand Key Show Status Call a show status Command Status output None -- from the printer status Page 9 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Service Description Input Output CSP Type of Access to CSP menu (HTTP) which has an LPC log page Table 4 – Crypto Officer Services, Descriptions, CSPs User Role Users utilize the cryptographic functionalities of the PrintCryption, and they communicate with the module via network port only. Service descriptions and inputs/outputs are listed in the following table: Service Description Input Output CSP Type of Access to CSP Public Key Users request for Public Key X.509 RSA public key Read/Write request printers public key. Request (PKR) certificate PRNG seed Read The module generates at network port PRNG seed key a key pair if needed 9150. Secure AES encrypted Encrypted Status output AES session key Read/Write Printing printing program; print job at RSA private key Read Decrypts and prints TCP/IP port the print job data 9152. using the supplied AES Session key Table 5 – User Services, Descriptions, Inputs and Outputs Physical Security In FIPS terminology, the firmware module is defined as a multi-chip standalone cryptographic module. The module runs on Lexmark printers listed in Module Specification section. The printers are made of all production-grade components and are enclosed in a strong plastic and steel case, which surrounds all of the module’s internal components, including all hardware and firmware. The cryptographic module conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use). Operational Environment The operational environment is non-modifiable and thus not applicable for this firmware module. The PrintCryption module runs on the Lexmark Linux v2.6.28 OS, and configured for single-user mode by default. The operating system is used as an embedded OS within the Lexmark printers, and there is no direct access to the OS provided. Page 10 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Cryptographic Key Management The module implements the following FIPS-Approved algorithms. Algorithm IBM750CL Certificate Freescale 7884 Certificate AES ECB, CBC mode decryption – FIPS 197 Certificate #1209 Certificate #1487 Deterministic Random Number Generator (RNG) – Appendix Certificate #670 Certificate #811 A.2.4 of ANSI X9.31 HMAC – FIPS 198 Certificate #704 Certificate #876 RSA (sign/verify) – PKCS#1.5 Certificate #579 Certificate #730 SHS– FIPS 180-2 Certificate #1112 Certificate #1343 Table 6 – FIPS-Approved Algorithms Additionally, the module utilizes the following non-FIPS-Approved algorithm implementation:  RSA Key Wrapping (PKCS #1): Key establishment method uses a 1024- bit key length providing 80-bits of security.  Non-approved RNG used to generate seed & seed key for approved PRNG The module supports the following critical security parameters: Key or CSP Key type Generation Storage Use AES Session Key 128, 192, 256 Externally generated. Imported in Held in volatile Decrypts input data bits AES key encrypted form (RSA key transport) memory in plaintext. for printing Zeroized after the session is closed. RSA Public Key 1024 bit RSA Internally generated according to FIPS Stored on flash in Key transport public key (80- PUB 186-3 and IG A.6 plaintext. Zeroized by bits of overwriting the flash security) image. RSA Private Key 1024 bit RSA Internally generated according to FIPS Stored on flash in Key transport private key PUB 186-3 and IG A.6 plaintext. Zeroized by (80-bits of overwriting the flash security) image. Integrity Check Keys 168 bit HMAC Externally generated, hard coded in Stored on flash in Firmware Integrity keys the module plaintext. Zeroized by test overwriting the flash image. PRNG Seed 64 bits Internally generated from non- Held in volatile RNG approved RNG memory only in plaintext. Zeroized after the session is closed. Page 11 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. PRNG Seed Key 168 bits with Internally generated from non- Held in volatile RNG 128 bits of approved RNG memory only in entropy plaintext. Zeroized after the session is closed. Table 7 - Listing of Key and Critical Security Parameters Access Control Policy User functionalities have read/write access to the AES Session Key and RSA public key. AES Session key is used to decrypt the data for printing. RSA public key is used for AES Session key transport. Integrity Check Keys can be read by Crypto-Officer “Run Self-Test” service. Key Generation The module key is generated internally is 1024 bits RSA key pair using key generation techniques that meet IG A.6 and FIPS Pub 186-3. FIPS-Approved PRNG X9.31 Appendix A.2.4 is used to seed the RSA key generation mechanism. AES Session Key is generated outside of the module and imported via RSA key transport. Key Storage The AES Session Key is held in volatile memory only in plaintext. The RSA public key is stored in flash memory in an X.509 certificate in plaintext, and the RSA private key is stored flash memory in plaintext. Key Entry and Output All keys that are entered into (AES key) or output from (RSA certificate) the module are electronically entered or output. AES Session Key is entered into the module transported (encrypted) by RSA public key. Key Zerorization AES Session key is an ephemeral key which is zeroized after the connection is closed or by rebooting the module. The RSA key pair can be erased by invoking the “Wipe All Settings” option in the Configuration Menu Self-Tests The PrintCryption module runs power-up and conditional self-tests to verify that it is functioning properly. Power-up self-tests are performed during startup of the module. Module startup occurs every time a new network connection is established and the dkmd or aessd process starts. Conditional self-tests are executed whenever specific conditions are met. Firmware Integrity Check: The module employs a firmware integrity test in the form of HMAC SHA-1 which does not need its own KAT because it is tested via the integrity check. Page 12 of 20 © Copyright 2010 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Cryptographic Algorithm Tests: Known Answer Tests (KATs) are run at power-up for the following algorithms:  AES KAT  RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency check  SHA-1 KAT  X9.31 RNG KAT The module implements the following Conditional self-tests:  Continuous RNG Test for X9.31 PRNG  Continuous RNG Test for non-approved RNG  RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency check If any of these self-tests fail, the module will output an error indicator and enter an error state. All self-test results are logged in the device’s Self-Test Log. The log is available through the device’s web interface. The log messages are formatted as follows: LOG: ()