Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 2560 Mission College, Suite 130 Santa Clara, CA 95054-1217 Security Policy for Cubic Managed Asset Tag (M AT) Cryptographic M odule and Cubic SINK Cryptographic M odule Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.3 Page 1 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 Detailed Revision History Issue Description of Changes 1.4 Initial release. Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 2 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 Table of Contents 1. SCOPE .............................................................................................................................................................................. 5 1.1 REFERENCE DOCUMENTS ................................................................................................................................................ 5 2. CRYPTOGRAPHIC MODULE OVERVIEW ............................................................................................................ 5 2.1 VALIDATED MODULE VERSIONS .................................................................................................................................... 5 3. SECURITY LEVELS...................................................................................................................................................... 5 4. CRYPTOGRAPHIC BOUNDARY ......................................................................................................................... 6 5. APPROVED ALGORITHMS ........................................................................................................................................ 7 6. NON-APPROVED ALGORITHMS ............................................................................................................................. 7 7. PORTS AND INTERFACES ......................................................................................................................................... 8 8. AUTHENTICATION .................................................................................................................................................... 10 9. ROLES AND SERVICES ............................................................................................................................................. 10 9.1 CRYPTOGRAPHIC OFFICER SERVICES .......................................................................................................................... 10 9.2 USER SERVICES .............................................................................................................................................................. 11 9.3 GATEWAY SERVICES ..................................................................................................................................................... 11 9.4 UNAUTHENICATED SERVICES....................................................................................................................................... 12 10. CRITICAL SECURITY PARAMETERS .......................................................................................................... 13 11. PHYSICAL SECURITY .......................................................................................................................................... 14 12. OPERATIONAL ENVIRONMENT....................................................................................................................... 14 13. SELF-TESTS ....................................................................................................................................................... 14 14. MITIGATION OF OTHER ATTACKS ................................................................................................................ 15 15. SECURITY RULES .................................................................................................................................................. 15 16. ACRONYMS ............................................................................................................................................................. 16 Table of Figures Figure 1 Isometric view of cryptographic module ____________________________________________________ 6 Figure 2 Top view of cryptographic module _________________________________________________________ 7 Figure 3 Bottom view of cryptographic module ______________________________________________________ 7 Figure 4 Cryptographic module ports and interfaces __________________________________________________ 8 List of Tables Table 1 Reference Documents ____________________________________________________________________ 5 Table 2 FIPS 140-2 Security Levels ________________________________________________________________ 6 Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 3 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 Table 3 Roles and Authentication Data ___________________________________________________________ 10 Table 4 Strength of Authentication Mechanism ______________________________________________________ 10 Table 5 Cryptographic Officer Services ____________________________________________________________ 11 Table 6 User Services __________________________________________________________________________ 11 Table 7 Gateway Services_______________________________________________________________________ 11 Table 8 Unauthenticated Services ________________________________________________________________ 12 Table 9 Inspection/Test of Physical Security Mechanism ______________________________________________ 14 Table 10 Mitigation of Other Attacks _____________________________________________________________ 15 Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 4 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 1. SCOPE This document is the Cryptographic Module Security Policy for the Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module (herein after referred to “the cryptographic module” or “the module”). This policy is a specification of the security rules under which the module operates and meets the overall requirements of FIPS 140-2 Level 1. 1.1 REFERENCE DOCUMENTS Document No. Description Security Requirements For Cryptographic Modules [FIPS PUB 140-2] FIPS PUB 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf ) Table 1 Reference Documents 2. CRYPTOGRAPHIC MODULE OVERVIEW The cryptographic module is a single-chip cryptographic module based on the TI CC2530 SOC chip. The cryptographic module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic mist ™ mesh networking solutions. The difference in module firmware implementations is summarized in the NOTE at the bottom of Section 7 below. 2.1 VALIDATED MODULE VERSIONS The validated module consists of the following hardware and firmware: Cubic Managed Asset Tag Cryptographic Module Hardware version: 380270-1 Rev. - • Firmware version: mat_v2_1_0 • Cubic SINK Cryptographic Module Hardware version: 380270-1 Rev. - • Firmware version: sink_v2_1_0 • 3. SECURITY LEVELS The cryptographic module satisfies the FIPS 140-2 Security Level 1 requirements as shown in Table 2 below: FIPS 140-2 Security Requirements Security Level 1. Cryptographic Module Specification 1 2. Cryptographic Module Ports and Interfaces 1 Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 5 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 3. Roles, Services and Authentication 1 4. Finite State Model 1 5. Physical Security 1 6. Operational Environment N/A 7. Cryptographic Key Management 1 8. EMI/EMC 1 9. Self-Tests 1 10. Design Assurance 1 11. Mitigation of Other Attacks N/A FIPS Overall Level 1 Table 2 FIPS 140-2 Security Levels 4. CRYPTOGRAPHIC BOUNDARY The illustration below indicates the cryptographic boundary. Figure 1 Isometric view of cryptographic module Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 6 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 Figure 2 Top view of cryptographic module Figure 3 Bottom view of cryptographic module 5. APPROVED ALGORITHMS The cryptographic module supports the following Approved algorithms: Symmetric Encryption/Decryption • o Advanced Encryption Standard (AES): Cert # 1863 Random Number Generation (DRBG) • o DRBG – NIST SP800-90: Cert # 150 6. NON-APPROVED ALGORITHMS The cryptographic module supports the following non-Approved algorithms: Non-deterministic hardware RNG for seeding Approved NIST SP800-90 DRBG • Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 7 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 7. PORTS AND INTERFACES Figure 4 Cryptographic module ports and interfaces The following table maps the cryptographic module logical interfaces to the physical ports: Logical Interface Pin Name PIN PIN Description P0_0 19 Light Sensor P0_1 18 Motion Sense P0_2 17 GPS serial receive P0_4 15 I2C Data P0_6 13 Acceleration sensor interrupt P1_0 11 Door Sensor RTC SPI_MISO SFLASH SPI_ MISO P1_7 37 Data Input FRAM SPI_ MISO Expander SPI_ MISO P2_1 35 Programmer Data Input P2_2 34 Programmer Clock P2_3 33 32.768 kHz crystal P2_4 32 XOSC_Q1 22 32 MHz crystal XOSC_Q2 23 Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 8 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 RF_N 26 Negative RF input signal RF_P 25 Positive RF input signal * P0_3 16 Serial transmit P0_4 15 I2C Data RTC SPI_MOSI SFLASH SPI_MOSI * P1_6 38 FRAM SPI_MOSI Data Output Expander SPI_MOSI P2_1 35 N/A – Disabled in secure Cubic factory. RF_N 26 Negative RF output signal RF_P 25 Positive RF output signal Reset_N 20 Reset RF_N 26 Negative RF input signal Control Input RF_P 25 Positive RF input signal P0_7 12 Buzzer control * 6 P1_4 SPI expander chip select * 5 P1_5 SPI clock P2_0 36 LED Status Output P0_5 14 Acceleration sensor reset P1_1 9 RTC chip select P1_2 8 Serial Flash chip select P1_3 7 FRAM chip select AVDD1 28 2-V–3.6-V analog power-supply connection AVDD2 27 2-V–3.6-V analog power-supply connection AVDD3 24 2-V–3.6-V analog power-supply connection AVDD4 29 2-V–3.6-V analog power-supply connection AVDD5 21 2-V–3.6-V analog power-supply connection AVDD6 31 2-V–3.6-V analog power-supply connection Power DCOUPL 40 1.8-V digital power-supply decoupling DVDD1 39 2-V–3.6-V digital power-supply connection DVDD2 10 2-V–3.6-V digital power-supply connection GND _ Ground pad connected to a solid ground plane GND 1, Ground 2, 3, 4 Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 9 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 * NOTE: Ports/Interfaces differences Cubic Managed Asset Tag Cryptographic Module: • o Pin 16: Used for GPS Serial Transmit. o Pins 5, 6 and 38: “Secure Magnetic Wipe” service IS NOT supported. Cubic SINK Cryptographic Module: • o Pin 16: Used for GPS Serial Transmit and Serial Transmit. o Pins 5, 6 and 38: Used for “Secure Magnetic Wipe” service. 8. AUTHENTICATION The cryptographic module supports the following distinct roles: Cryptographic Officer role, User role and Gateway role. The cryptographic module does not support a Maintenance role. The cryptographic module enforces the separation of roles using role-based authentication. Role Type of Authentication Authentication Data Cryptographic Role-based authentication Join Keyset and Data Key Officer User Role-based authentication Data Key Gateway Role-based authentication Join Keyset Table 3 Roles and Authentication Data Authentication Mechanism Strength of Mechanism Knowledge of symmetric key(s) The authentication is based on proof of knowledge of AES CCM symmetric key(s) via encryption/authentication of commands providing 128 bits of equivalent computational resistance to attack. The probability that a random attempt will succeed or a false acceptance will occur is 1/2128 which is significantly less than 1/1,000,000. The module supports a maximum of 60 authentication attempts within a one-minute period. Therefore the probability that multiple consecutive random authentication attempts will be successful within one minute is 60/2128 which is significantly less than 1/100,000. Table 4 Strength of Authentication Mechanism 9. ROLES AND SERVICES 9.1 CRYPTOGRAPHIC OFFICER SERVICES Table 5 summarizes the services and associated CSP access rights that are only available to the Cryptographic Officer role. Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 10 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27//2013 Services Description CSP(s) and Key(s) Type(s) of Access Zeroizes all plaintext CSPs from 1. Zeroize Internal Key Write RAM, Program memory and registers. Data Key Write NIST SP800-90 Write CTR_DRBG V and Key 2. Program CSP Updates CSP(s). Internal Key Read Key Delivery Key Read Data Key Read Table 5 Cryptographic Officer Services User ServicesTable 6 summarizes the services and associated CSP access rights that are only available to User role. Services Description CSP(s) and Key(s) Type(s) of Access 1. Send Send data to the device. Internal Key Read 2. Receive Receive data from the device. Internal Key Read 3. Send secure Send data securely to the device. Internal Key Read Data Key Read Receive data securely from the 3. Receive secure Internal Key Read device. Data Key Read Table 6 User Services 9.2 GATEWAY SERVICES Table 7 summarizes the services that are only available to the Gateway role. Services Description CSP(s) and Key(s) Type(s) of Access Make the module part of Join Network Internal Key Read a wireless mesh network. Join Keyset Read Session Key Write NIST SP800-90 Write CTR_DRBG V and Key Choke Point Transponder Send/receive asset related Internal Key Read (CPT) information. Choke Point Transponder Read (CPT) Key Table 7 Gateway Services Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 11 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 9.3 UNAUTHENICATED SERVICES Table 8 summarizes the unauthenticated services that are available. Services Description CSP(s) and Key(s) Type(s) of Access Required self-tests are Power On Self-Tests N/A N/A performed at Power On. Status Output to external Status LED N/A N/A LED(s). ** Secure Magnetic Wipe Zeroizes all plaintext All CSPs are actively Write CSPs from the RAM and destroyed from the RAM registers. and registers. Table 8 Unauthenticated Services ** NOTE: The “Secure Magnetic Wipe” service is only available on the Cubic SINK Cryptographic Module (i.e. the “Secure Magnetic Wipe” service IS NOT available on the Cubic Managed Asset Tag Cryptographic Module). The "Secure Magnetic Wipe" service is intended to take a module offline temporarily, not permanently destroy the module as is the case with the "Zeroize" service. If the timed sequence described below is not strictly adhered to (such as performing the required tasks out of order, failing to abide by the timing restrictions such as applying the magnet over the peripheral for more than 4 seconds during the initial step as per your inquiry, etc.) nothing happens. • The Secure Magnetic Wipe service can be invoked as follows: • Apply the magnet to the right hand side of the MAT for 4 seconds. There will be 1 second green LED blink in the beginning of these 4 seconds. • Remove magnet for 4 seconds. As soon as you remove the magnet you will see sub-second green and then orange blinks. Reapply magnet for 1 second you will see sub-second green and then orange blinks again. • • Then after 1-2 seconds pause you will see orange LED going solid for ~10 seconds. This is an indication of the successful Zeroization of all plaintext CSPs from the RAM and registers. Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 12 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 10. CRITICAL SECURITY PARAMETERS # Name Description 1. Internal Key AES CCM 128-bit key used for protection of data and CSPs while communicating with peripherals outside the cryptographic boundary. Keyset (Qty. 2 keys) AES CCM 128-bit for joining a 2. Join Keyset wireless mesh network. 3 Key Delivery Key AES CCM 128-bit key used for key delivery. AES CCM 128-bit key used for protection of data and 4. Session Key CSPs in wireless communication session. 5. Data Key AES CCM 128-bit key for end-to-end data encryption. 6. NIST SP800-90 CTR_DRBG V and Key DRBG internal state. AES CCM 128-bit key for protection of asset related 7. Choke Point Transponder (CPT) Key information. Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 13 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 11. PHYSICAL SECURITY The cryptographic module is a production-grade single-chip embodiment.. The physical security mechanism of the module is the hard, opaque and tamper-evident epoxy IC packaging. Attempts to remove the epoxy IC packaging will, with high probability, result in irreparable damage to the module to the extent that the module will no longer function. Physical Security Recommended Inspection/Test Guidance Details Mechanism Frequency of Inspection/Test Hard, opaque and tamper The Cryptographic The Cryptographic Officer shall visually inspect the evident epoxy IC Officer shall perform epoxy IC packaging of the single-chip module for packaging inspection upon receipt of scratches, scrapes, gouges, rips, tears, divots, nicks, module and as often as scuffs, deformations, evidence of attempts to mask or feasible. otherwise hide malicious activity, any and all other visible signs of tampering. Table 9 Inspection/Test of Physical Security Mechanism NOTICE: If “any” tampering of the module is observed or suspected, the Cryptographic Officer shall remove the module from service “immediately”. 12. OPERATIONAL ENVIRONMENT The module includes a non-modifiable operational environment. 13. SELF-TESTS The module performs the following self-tests: Power Up Self-Tests • o Cryptographic algorithm tests:   AES encrypt/decrypt Known Answer Test   NIST SP800-90 DRBG Known Answer Test o Firmware Integrity Test (CRC-16) o Critical functions tests: N/A Conditional Self-Tests • o Continuous Random Number Generator (RNG) tests:   NIST SP800-90 DRBG   Non-deterministic Hardware RNG o Manual Key Entry Test: N/A – the module does not support manual key entry. o Firmware Load Test: N/A – the module has a non-modifiable operational environment. o Pairwise Consistency Test: N/A – the module does not generate asymmetric key pairs and does not implement any asymmetric algorithms. o Bypass Test: N/A – the module does not support a bypass capability. Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 14 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 Critical functions tests: N/A o 14. MITIGATION OF OTHER ATTACKS The cryptographic module does not mitigate any specific attacks beyond the scope of FIPS 140-2. Other Attacks Mitigation Mechanism Specific Limitations N/A N/A N/A Table 10 Mitigation of Other Attacks 15. SECURITY RULES The following specifies the security rules under which the cryptographic module shall operate: The module shall not support a bypass capability or a maintenance interface. • The module shall support concurrent operators. However, the module shall not support more than one • operator per role. The operators are not allowed to switch roles without re-authenticating and separation of roles and associated services shall be maintained for concurrent operators. The operator shall re-authenticate on each power-up event. • The module shall inhibit data output during self-tests, error states, key generation and zeroization. • The module shall provide role-based authentication. • The module shall not provide feedback of authentication data or and CSPs. • The module shall not support a non-FIPS mode of operation. • The module shall only operate in an Approved mode of operation. The module shall be initialized for • FIPS mode of operation within the secure Cubic factory. The operator may verify that the module is running in an approved mode of operation by verifying the • status output to external LED(s): o Solid Orange: the module is performing power-up self-tests. o Blinking Orange rapidly: the module is in a error state following the power-up self-tests o Blinking Green (in 2.5 second intervals): the module has successfully performed self-tests, is connected to an external Cubic Gateway and is running in FIPS mode o Blinking Red (in 2.5 second intervals): the module has successfully performed self-tests, is not connected to an external Cubic Gateway and is running in FIPS mode NOTE: for the SINK module, the equivalent of orange is one red and one green. An error state may be cleared by power-cycling the module. • The module shall provide logical separation between all the data input, control input, data output and • status output interfaces. The module shall include a power input interface and shall not support a power output interface. • The module protects CSPs from unauthorized disclosure, unauthorized modification and unauthorized • modification. The module does not support manual key entry; a manual key entry test is not implemented by the • module. The module does not support split-knowledge processes. • The operator may perform on-demand power-on self-test by recycling power to the module. • Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 15 of 16 Security Policy for Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module 11/27/2013 The status output does not contain CSPs or sensitive data that if misused could lead to a compromise of • the module. The module does not support a bypass capability and does not support a bypass test. • 16. ACRONYMS Acronym Definition AES Advanced Encryption Standard CCM Counter with CBC MAC SOC System on a chip CSP Critical Security Parameter DRBG Deterministic Random Bit Generator EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communications Commission FIPS Federal Information Processing Standards IC Integrated Circuit KAT Known Answer Test N/A Not applicable Cubic Corporation Copyright 2013. This document may only be reproduced in its entirety without modification including this statement. Non-Proprietary Security Policy v.1.4 Page 16 of 16