FIPS 140-2 Non-Proprietary Security Policy: TW-230 (CheetahNet II) Level 2 Validation Document: TWFIPS101 TrellisWare Technologies Inc. Version: 1.2 Revision Date: 2013/03/18   Copyright © 2012 TrellisWare Technologies Inc.   May be reproduced only in its original entirety (without revision).    Document #: TWFIPS001 CHANGE RECORD  Revision Date Author Description of Change 1.0 2012/08/08 Chris Litvin Initial Release 1.1 2013/03/05 Chris Litvin Incorporate CMVP Comments 1.2 2013/03/18 Chris Litvin Incorporate additional CMVP Comments Page 2 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 Contents  1.  Module Overview ............................................................................................................................ 5  2.  Security Level ................................................................................................................................. 6  3.  Initialization Procedures................................................................................................................ 7  3.1.  Initializing Modules Received from the Factory ....................................................................... 7  3.2.  Reinitializing Modules After Zeroization ................................................................................... 7  4.  Modes of Operation ....................................................................................................................... 7  4.1.  Wideband (WB) FIPS Approved Mode of Operation ............................................................... 7  4.2.  Narrowband (NB) FIPS Approved Mode of Operation ............................................................. 7  4.3.  Approved and Allowed Algorithms ........................................................................................... 7  5.  Ports and Interfaces....................................................................................................................... 9  6.  Identification and Authentication Policy ................................................................................... 10  6.1.  Assumption of Roles .............................................................................................................. 10  7.  Access Control Policy ................................................................................................................. 11  7.1.  Roles and Services ................................................................................................................ 11  7.2.  Definition of Critical Security Parameters (CSPs) .................................................................. 12  7.3.  Definition of Public Keys......................................................................................................... 12  7.4.  Definition of CSPs and Public Key Modes of Access ............................................................ 13  8.  Operational Environment ............................................................................................................ 13  9.  Security Rules .............................................................................................................................. 14  10.  Physical Security Policy .............................................................................................................. 15  10.1.  Physical Security Mechanisms ......................................................................................... 15  10.2.  Operator Required Actions ............................................................................................... 15  11.  Mitigation of Other Attacks Policy.............................................................................................. 16  12.  References .................................................................................................................................... 17  Page 3 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 Tables  Table 1 - Module Security Level Specification ............................................................................................... 6  Table 2 - FIPS Approved Algorithms Used in Current Module..................................................................... 7  Table 3 – FIPS Allowed Algorithms Used in Current Module ....................................................................... 8  Table 4 - Logical Interface/Physical Interface Mapping ................................................................................ 9  Table 5 - Roles and Required Identification and Authentication ............................................................... 10  Table 6 – Strengths of Authentication Mechanisms ................................................................................... 10  Table 7 – Roles and Services......................................................................................................................... 11  Table 8 - CSPs ................................................................................................................................................. 12  Table 9 - Public Keys ...................................................................................................................................... 12  Table 10 - CSP and Public Key Access Rights within Roles & Services .................................................. 13  Table 11 - Inspection/Testing of Physical Security Mechanisms .............................................................. 15  Figures  Figure 1 – Physical Boundary of TW-230 ....................................................................................................... 5  Figure 2 – Tamper-Evident Paint Locations ................................................................................................. 15  Page 4 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 1. Module Overview The module is the TrellisWare Technologies TW-230 (CheetahNet II) hand held unit. The module is a multi-chip standalone embodiment. For the TW-230, the physical cryptographic boundary is defined as the module case. Figure 1 shows the physical cryptographic boundary of the TW-230. The cryptographic boundary does not include any port caps. Additionally, the internal IO CPLD, RF Microcontroller, and RF CPLD have been excluded from the FIPS requirements. Figure 1 – Physical Boundary of TW-230 The Module Configuration covered by this Security Policy is: TW-230 (CheetahNet II)  Hardware: ASY0560001 rev X2  Firmware 4c-beta2-FIPS Page 5 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 2. Security Level The cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks N/A Overall Level 2 Page 6 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 3. Initialization Procedures 3.1. Initializing Modules Received from the Factory  The TW-230 modules ship from the factory in an initialized state with a default set of User Certificates, Crypto Officer (CO) Certificates, and Network Key. Operators may use the module in the FIPS Approved mode right out of the box. TrellisWare recommends that the Crypto Officer apply a new Network Key to the module before operation as the default Network Key is common to all modules shipped from the factory. 3.2. Reinitializing Modules After Zeroization  The Crypto Officer must use the following procedure to re-initialize the module: 1) Load new certificates on the module using the "Certificate Update" service. Note: If the module has not already been zeroized, this service will zeroize all keys on the module. 2) Load the FIPS validated firmware on the module using the “Firmware Upgrade” service. Only the existing version can be reloaded. 3) Load a new Network Key onto the module using the “Wideband Configuration” service. 4. Modes of Operation 4.1. Wideband (WB) FIPS Approved Mode of Operation  The module will enter the Wideband (WB) FIPS Approved Mode of Operation following successful power up initialization. The Crypto-Officer, User or Human Operator (unauthenticated) role can perform the switch to WB FIPS mode (from NB FIPS mode) by selecting a wideband load via the Module User Display Controls and Manual Configuration Service. An operator may check that the TW-230 module is in the WB FIPS Approved mode by activating the OLED Display and observing the designation “TSM” in the lower left corner. An operator may confirm the hardware and firmware version of the module using the Status & Troubleshooting service. 4.2. Narrowband (NB) FIPS Approved Mode of Operation  The module has a second FIPS Approved mode of operation identified as Narrowband (NB) FIPS Approved Mode of Operation. This mode allows the module to support legacy unencrypted analog voice operation. The Crypto-Officer, User or Human Operator (unauthenticated) role can perform the switch to NB FIPS mode (from WB FIPS mode) by selecting a narrowband load via the Module User Display Controls and Manual Configuration Service. The Analog Voice service available in the NB FIPS mode is allocated to the Human Operator role and enables unencrypted analog voice operation. An operator may check that the TW-230 module is in the NB FIPS Approved mode by activating the OLED Display and observing the designation “NB-A” in the lower left corner. An operator may confirm the hardware and firmware version of the module using the Status & Troubleshooting service. 4.3. Approved and Allowed Algorithms  The cryptographic module supports the following FIPS Approved algorithms. Table 2 - FIPS Approved Algorithms Used in Current Module WB FIPS Mode NB FIPS Mode Available in Available in CAVP FIPS Approved Algorithm Cert. # AES ECB mode encryption and AES CTR mode encryption/decryption with 256 bit 1980 X X keys [FIPS 197 and SP 800-138A] Page 7 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 WB FIPS Mode NB FIPS Mode Available in Available in CAVP FIPS Approved Algorithm Cert. # RSA 2048 bit signature verification for authentication and firmware load [FIPS 186- 1026 X X 3 and ANSI X9.31] X X SHA-256 used with RSA signature verification [FIPS 180-3] 1734 The cryptographic module supports the following non-FIPS Approved algorithms which are allowed for use in FIPS mode. Table 3 – FIPS Allowed Algorithms Used in Current Module WB FIPS Mode NB FIPS Mode Available in Available in FIPS Allowed Algorithm AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of X X encryption strength) AES (“non-compliant”) used internally and separate from AES Cert # 1980 - no security X X claimed. HTTPS using SSL v2, SSL v3, and SSL v3.1/TLS 1.0 using many ciphersuites – no security X X claimed. Page 8 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 5. Ports and Interfaces The interfaces for the cryptographic boundary include physical and logical interfaces. The physical interfaces provided by each module are mapped to four FIPS 140-2 defined logical interfaces: Data Input, Data Output, Control Input, and Status Output. The mapping of logical interfaces to module physical interfaces is provided in the following table. Table 4 - Logical Interface/Physical Interface Mapping Physical Port Description Logical Interface Types RF Antenna Connector TNC wireless antenna connector Data input, Data output, Control input, Status output GPS Antenna Connector SMA GPS antenna connector Data input Audio Connector 6-pin audio in/out connector Data input, Data output Side Connector Interface Multi-pin connector for dongle Data input, accessory Data output, Control input, Status output Bottom Connector Interface Battery/power adapter Power input Power/ Volume 8-position multi-function control Control input knob Channel Knob 8-position, free turning, channel Control input select knob Squelch Control / Return Squelch on/off and menu return Control input button OLED Display Display screen for viewing current Status output settings and configuring the unit User Display Controls Used to navigate the unit display Control input menus Push-to-Talk (PTT) Future Push-to-Talk button N/A - currently disabled Page 9 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 6. Identification and Authentication Policy 6.1. Assumption of Roles  The module supports three distinct operator roles: Crypto Officer (CO), User, and the Module. Additionally, the module supports an unauthenticated Human Operator role. These roles and the required identification and authentication are described below. Table 5 - Roles and Required Identification and Authentication WB FIPS Mode NB FIPS Mode Available in Available in Authentication Authentication Role Description Type Data Crypto Officer (CO) This role accesses the module via Role-based 2048 bit Web Browser for initialization and Certificate X X configuration of the module. This role also has access to all other services offered by the module. User This role accesses the module via Role-based 2048 bit Web Browser and has access to Certificate most services offered by the X X module; however it is not permitted to load keys to the module. Module This role allows the module to Role-based 256 bit AES key X perform “Packet Forwarding” using the Network Keys. Human Operator This role can control switches, N/A N/A X X (Unauthenticated) dials, and other unauthenticated services on the module. Table 6 – Strengths of Authentication Mechanisms Authentication Strength of Mechanism Mechanism 2048 bit Certificate The RSA certificate is 2048 bit and uses SHA-256. The probability that a random attempt will succeed is 1/2112 which is less than 1/1,000,000. The number of HTTPS sessions at a time is limited to 10. Assuming 10 attempts per second per session via a script or automated attack, the probability of a success with multiple attempts is 6000/2112 which is less than 1/100,000. 256 bit AES Key The probability that a random attempt will succeed or a false acceptance will occur is 1/2256 which is less than 1/1,000,000. Assuming 10 attempts per second via a script or automated attack, the probability of a success with multiple attempts is 600/2256 which is less than 1/100,000. Page 10 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 7. Access Control Policy 7.1. Roles and Services  Table 7 describes the services provided, along with which roles can access each service. Table 7 – Roles and Services (Unauthenticated) Human Operator WB FIPS Mode NB FIPS Mode Crypto Officer Available in Available in Module User Service Description Xa X X X Initialize and Configure Initialization and configuration of device. This is broken into two subsections (Device and Wideband Configuration) below. a X X X X Device Configuration Configure device specific parameters as well as external interfaces (dongles). Xa X X X Wideband Configuration Configuration of wideband network, including definition of Network Key. Xa X X X Narrowband Configuration Configuration of narrowband analog voice operation. X X Analog Voice Legacy unencrypted analog voice operation. X X Packet Forwarding Provides packet forwarding and receipt. Forwarded packets are encrypted and incoming packets are decrypted. X X X X Network Monitoring & Monitor network and individual radios. Remote Control Remote control of radio settings and stream control. COMSEC OTAZ/OTARb X X X X Over the air zeroize & rekey of COMSEC channel locks. X X X X Firmware Upgrade Upgrade firmware to newer release. Note: If non-FIPS validated firmware is loaded, the module is no longer a FIPS validated module. N/A N/A N/A N/A Certificate Generate This service is described in module documentation but has been disabled in this version of the module. X X X X Certificate Update Update the User and CO certificates on a unit. Prior to the certificate update, the module is automatically zeroized. X X X X X Self-Test Performs self test of critical functions of the module. Run automatically at startup. X X X X X Status & Troubleshooting Status of the module, refresh, reboot, run BIT & COMSEC zeroize. X X X X OTAC (FIPS Zeroize) Remotely zeroize all CSPs in the module. Once zeroized, the module must reinitialize as described in Section 3.2. Local Zeroize (COMSEC)b X X X X X Zeroize COMSEC channel locks on module. Page 11 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 (Unauthenticated) Human Operator WB FIPS Mode NB FIPS Mode Crypto Officer Available in Available in Module User Service Description X X X X X Manual Configuration Selection of voice channel, volume and other system configuration parameters using the manual controls on the unit. a. The User role can view Configurations but cannot write them. b. COMSEC channel locks are not considered CSPs within the scope of this module. 7.2. Definition of Critical Security Parameters (CSPs)  The module contains the following CSPs: Table 8 - CSPs WB FIPS Mode NB FIPS Mode Available in Available in Key Name Type Description X X Network Keys Encryption AES-256 bit key for CTR mode encryption and decryption of network traffic. The Crypto Officer may store up to 8 Network Keys on a crypto module by configuring multiple wideband loads, but only one key is used at a time. X X KEK Encryption AES-256 bit key for CTR mode decryption of Network Keys. 7.3. Definition of Public Keys   The module contains the following public keys: Table 9 - Public Keys NB FIPS Mode Available in Available in WB FIPS Mode Key Name Type Description X X User Certificate Verify 2048 bit key used to authenticate User Role (RSA Public Key) X X Crypto Officer Certificate Verify 2048 bit key used to authenticate Crypto (RSA Public Key) officer role X X FW Certificate Verify 2048 bit used to verify Firmware load (RSA Public Key) Page 12 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 7.4. Definition of CSPs and Public Key Modes of Access  Table 10 defines the relationship between access to CSPs or Public Keys and the different module services. The modes of access shown in the table are defined as:  R = Read: Role has privilege to read the CSP or Public Key.  W = Write: Role has the privilege to write the CSP or Public Key.  Z = Zeroize: Role has the privilege to zeroize the CSP or Public Key. Table 10 - CSP and Public Key Access Rights within Roles & Services Crypto Officer Certificate Certificate Certificate Network Keys User KEK FW Service Crypto Officer Authentication (not a service - occurs prior to CO services) R User Authentication (not a service - occurs prior to User services) R Module Authentication (not a service - occurs prior to Module services) R Initialize and Configure RW R Device Configuration Wideband Configuration RW R Narrowband Configuration Analog Voice Packet Forwarding R Network Monitoring & Remote Control COMSEC OTAZ/OTAR Firmware Upgrade W W W RW Certificate Update W W Self-Test Status & Troubleshooting OTAC (FIPS Zeroize) Z Z Z Z Local Zeroize (COMSEC) Manual Configuration 8. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. Page 13 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 9. Security Rules The module’s design corresponds to the module’s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1) The cryptographic module shall provide three distinct operator roles. These are the User role, the Cryptographic Officer role, and Module role. The module also supports an unauthenticated Human Operator role. 2) The cryptographic module shall provide role-based authentication. 3) The cryptographic module shall clear previous authentications on power cycle or closure of Web Browser GUI window. 4) When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 5) The cryptographic module shall perform the following tests (in both FIPS modes of operation): A. Power-up Self-Tests 1. Cryptographic Algorithm Tests a. AES-256 ECB Encrypt Known Answer Tests (KAT) (Note: ECB Encrypt only required because CTR Encrypt/Decrypt both make use of that function) b. RSA 2048 Verify KAT (includes SHA-256 KAT) 2. Firmware Integrity Test - CRC16 and SHA-256 3. Critical Functions Tests – N/A B. Conditional Self-Tests 1. Firmware Load Test – RSA 2048 with SHA-256 verify 6) The operator shall be capable of commanding the module to perform the power-up self-test by cycling power. 7) Failure of a power-up self-test will be indicated by a reboot of the module. If the Firmware Load Test fails, the Crypto-Officer or User will be notified of the failure and the module will halt the firmware load process. 8) Power-up self-tests do not require any operator action. 9) Data output shall be inhibited during self-tests, zeroization, and error states. 10) Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 11) There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 12) The module supports concurrent operators. 13) The module does not support a maintenance interface or role. 14) The module does not support bypass. 15) The module does not support manual key entry. 16) The module does not enter or output plaintext CSPs. 17) The module does not output intermediate key values. TrellisWare imposed Security Rules are as follows: 1) The Human Operator shall not turn off the module during the OTAC (FIPS Zeroize) service. 2) No more than 10 active HTTPS sessions are allowed to be connected to the module at a time. 3) Operators shall not load non-FIPS validated firmware. In this case, the module is no longer a FIPS validated module. Page 14 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 10. Physical Security Policy 10.1. Physical Security Mechanisms  The module is of production quality. Blue tamper evident coating is applied to all screws on each access panel (performed at the factory). This makes it impossible to remove or move aside the access panel without resulting in damage to the tamper evident coating. If tampering is demonstrated, the local Crypto Officer is instructed to perform the zeroize operation prior to discarding the module or returning it to the manufacturer. Tamper evidence is evident by the presence of any ‘dry joints’ or gaps between the adhesive and the protected components, or other inconsistencies in the applications. Inspect screw heads daily for chipped adhesive material. If any damage is present, remove the device from service. 10.2. Operator Required Actions  Table 11 - Inspection/Testing of Physical Security Mechanisms Physical Security Recommended Frequency Inspection/Test Guidance Details Mechanisms of Inspection/Test Tamper Evident Coating Daily TW-230: Inspect all screws (15). See Figure 2. 5 6 1 2 3 4 8 7 Bottom Top 11 10 9 Right Side Left Side 12 13 14 15 Front Figure 2 – Locations of Blue Tamper-Evident Coating Page 15 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 11. Mitigation of Other Attacks Policy The module does not mitigate other attacks. Page 16 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision). Document #: TWFIPS001 12. References FIPS Publication 140-2: Security Requirements for Cryptographic Modules FIPS Publication 180-3: Secure Hash Signature Standard (SHS) FIPS Publication 197: Advanced Encryption Standard (AES) PKCS #1: RSA Cryptographic Standard Page 17 of 17 March 18, 2013 Copyright © 2012 TrellisWare Technologies Inc. May be reproduced only in its original entirety (without revision).