Version 1 Revision 7 i IBM LTO Generation 6 Encrypting Tape Drive FIPS 140-2 Non-Proprietary Security Policy Version 1 Revision 7 Version 1 Revision 7 ii 1 Document History .................................................................................................................................................. 1 2 Introduction ............................................................................................................................................................ 2 2.1 References ............................................................................................................................................... 4 2.2 Document Organization ........................................................................................................................ 4 3 IBM LTO Generation 6 Encrypting Tape Drive Cryptographic Module Description............................................ 5 3.1 Overview ................................................................................................................................................. 5 3.2 Secure Configuration ............................................................................................................................. 9 3.3 Ports and Interfaces ............................................................................................................................. 12 3.4 Roles and Services ................................................................................................................................ 14 3.5 Physical Security .................................................................................................................................. 20 3.6 Cryptographic Algorithms and Key Management............................................................................ 21 3.6 Cryptographic Algorithms and Key Management............................................................................ 22 3.7 Design Assurance ................................................................................................................................. 26 3.8 Mitigation of other attacks .................................................................................................................. 26 Version 1 Revision 7 1 1 Document History Date Author Change 09/26/2012 Said Ahmad Initial Creation 08/23/2013 Christine Knibloe General updates 10/10/2013 Christine Knibloe Corrections, diagrams 11/11/2013 Christine Knibloe Clarifications for bypass mode and cartridge memory. Added EC and part numbers. 11/11/2013 Christine Knibloe Correct part numbers 11/21/2013 Christine Knibloe Add hardware part numbers 11/25/2013 Christine Knibloe Update CSP table, add algorithm certificate numbers 05/21/2014 Said Ahmad Modify the title and fix typo 05/27/2014 Said Ahmad Add key wrapping to AES usage Version 1 Revision 7 2 2 Introduction This non-proprietary security policy describes the IBM LTO Generation 6 Encrypting Tape Drive cryptographic module and the approved mode of operation for FIPS 140-2, security level 1 requirements. This policy was prepared as part of FIPS 140-2 validation of the LTO Gen6. The LTO Gen6 Encrypting Tape Drive is referred to in this document as the LTO Gen6, the IBM LTO Gen6, and the encrypting tape drive. The security policy document is organized in the following sections:  Introduction  References  Document Organization Table 1: Security Section Security Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security 1 Operational Environment NA Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks NA Overall 1 FIPS 140-2 (Federal Information Processing Standards Publication 140-2—Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/ Version 1 Revision 7 3 LTO Gen6 Encrypting Tape Drive Cryptographic Module Description  Cryptographic Module Overview  Secure Configuration  Cryptographic Module Ports and Interfaces  Roles and Services  Physical Security  Cryptographic Key Management  Self-Tests  Design Assurance  Mitigation of Other Attacks Version 1 Revision 7 4 2.1 References This document describes only the cryptographic operations and capabilities of the LTO Gen6 Encrypting Tape Drive. More information is available on the general function of the LTO Gen6 Encrypting Tape Drive at the IBM web site: http://www.ibm.com/storage/tape/ The tape drive meets the T10 SCSI-3 Stream Commands (SSC) standard for the behavior of sequential access devices. The LTO Gen6 Encryption Tape Drive supports 2 host interface types: Fibre channel (FC) and serial- attached SCSI (SAS). The physical and protocol behavior of these ports conforms to their respective specifications. These specifications are available at the INCITS T10 standards web site: http://www.T10.org / A Redbook describing tape encryption and user configuration of the LTO Gen6 drive in various environments can be found at: http://www.redbooks.ibm.com/abstracts/sg247320.html?Open The LTO Gen6 drive format on the tape media is designed to conform to the IEEE P1619.1 committee draft proposal for recommendations for protecting data at rest on tape media. Details on P1619.1 may be found at: http://ieeexplore.ieee.org/servlet/opac?punumber=4413113 2.2 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the submission package contains:  Vendor Evidence Document  Other supporting documentation and additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to IBM and is releasable only under appropriate non-disclosure agreements. For access to these documents, contact IBM. Version 1 Revision 7 5 3 IBM LTO Generation 6 Encrypting Tape Drive Cryptographic Module Description 3.1 Overview The IBM LTO Generation 6 Encrypting Tape Drive, also referred to herein the LTO Gen6 Encrypting Tape Drive and the module, is a set of hardware, firmware, and interfaces allowing the optional storage and retrieval of encrypted data to magnetic tape cartridges. The entire “brick” unit of the LTO Gen6 tape drive is FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the “brick” unit may be used in conjunction with a computer system or tape library. Some components of the LTO Gen6 tape drive, such as mechanical components used for tape loading/unloading and actuating the tape cartridge, labels, cables, connectors, terminals and sensor components, do not have an effect on the security of the cryptographic module. Block diagrams of the LTO Gen6 Encrypting Tape Drive are shown below: FH FC Cryptographic Module Block Diagram BAB Port (J24) Protect Write SDRAM SDRAM (J4) Port 0 Port 1 Loop Link 422 232 Switches (U31) (U21,U22) (J14) FC FC FAS 88SC9210 (J1,SW2,D1,D13) (J32) Front Panel (U49) Ume (J39) (J40) (J8) (J38) FC FC RS- RS- Feature Threader Ether- (U18) Other Cartridge Mem FLASH Card (U16) Deck Functions (J10) (U8,U43,U46, (S4) U48,U58,U73) (J30) Port Head (J6,J27) Tape (J42) net Main Card Power (J37) Drive Figure 1a: LTO Gen6 Full-High Fibre Channel Drive Block Diagram Version 1 Revision 7 6 HH FC Cryptographic Module Block Diagram BAB Port (J24) SDRAM SDRAM Port 0 Port 1 Loop Link 422 232 Switches (U32) (U22,U47) FC FC (J8) FAS 88SC9210 Front Panel (U73) Ume (J39) (J40) (J14) FC FC RS- RS- Feature Threader Ether- (J19) (U18) Other Cartridge Mem FLASH Card (J11) (U40) Deck Functions (J1) (U8,U46, (S4) U48,U49,U58) (J30) Port Head (J2,J12) Tape (J42) net Main Card Power (J17) Drive Figure 1b: LTO Gen6 Half-High Fibre Channel Drive Block Diagram Version 1 Revision 7 7 FH SAS Cryptographic Module Block Diagram BAB Port (J24) Protect Write SDRAM SDRAM (J4) (U31) (U21,U22) Port 0 Port 1 SAS SAS FAS 88SC9210 (J1,SW2,D1,D13) (J14) Front Panel (U49) Ume (U18) Other RS- RS- Feature Threader Ether- 422 232 Switches (J8) (J38) Cartridge Mem FLASH Card (U16) Deck Functions (J10) (U8,U43,U46, (S4) U48,U58,U73) (J30) Port Head (J6,J27) Tape (J42) net Main Card Power (J37) Drive Figure 1c: LTO Gen6 Full-High SAS Drive Block Diagram Version 1 Revision 7 8 HH SAS Cryptographic Module Block Diagram BAB Port (J24) SDRAM SDRAM (U32) (U22,U47) Port 0 Port 1 SAS SAS FAS 88SC9210 (J37) Front Panel (U73) Ume (J19) (U18) Other RS- RS- Feature Threader Ether- 422 232 Switches (J14) Cartridge Mem FLASH Card (J11) (U40) Deck Functions (J1) (U8,U46, (S4) U48,U49,U58) (J30) Port Head (J2,J12) Tape (J42) net Main Card Power (J37) Drive Figure 1d: LTO Gen6 Half-High SAS Drive Block Diagram Version 1 Revision 7 9 The LTO Gen6 Encrypting Tape Drive has two major cryptographic functions:  Data Block Cipher Facility: The tape drive provides functions which provide the ability for standard tape data blocks as received during SCSI-type write commands to be encrypted before being recorded to media using AES-GCM block cipher using a provided key, and decrypted during reads from tape using a provided key. Note the AES-GCM block cipher operation is performed after compression of the o host data therefore not impacting capacity and data rate performance of the compression function The LTO Gen6 drive automatically performs a complete and separate decryption o and decompression check of host data blocks after the compression/encryption process to validate there were no errors in the encoding process  Secure Key Interface Facility: The tape drive provides functions which allow authentication of the tape drive to an external IBM key manager, such as the IBM Encryption Key Manager (EKM), the Tivoli Key Lifecycle Manager (TKLM), or the IBM Security Key Lifecycle Manager (ISKLM), and allow transfer of protected key material between the key manager and the tape drive. 3.2 Secure Configuration This section describes the approved mode of operation for the LTO Gen6 drive to maintain FIPS-140 validation. There are two configurations for the LTO Gen6 in the approved mode of operation. They are:  System-Managed Encryption (SME)  Library-Managed Encryption (LME) In order to be in an approved mode of operation, the values of the fields Key Path (manager Type) (from VPD), In-band Key Path (Manager Type) Override, Indirect Key Mode Default, Key Scope, and Encryption Method must be set according to the table below. More details can be found in the LTO Ultrium Tape Drive SCSI Reference. Table 2: Settings for Approved Modes of Operation Required Fields System-Managed Library-Managed Encryption (SME) Encryption (LME) 001b 110b Key Path (Manager Type) (from VPD) Mode Page X’25’, byte 21, bits 7-5 000b or 001b 000b In-band Key Path (Manager Type) Override Mode Page X’25’, byte 21, bits 4-2 0b 0b Indirect Key Mode Default Mode Page X’25’, byte 22, bit 4 000b or 001b 000b or 001b Key Scope Mode Page X’25’, byte 23, bits 2-0 10h or 1Fh 60h Encryption Method Mode Page X’25’, byte 27 A user can determine if the LTO Gen6 is in the approved mode of operation by issuing a SCSI Mode Sense command to Mode Page X’25’ and evaluating the values returned. Certain commands are prohibited while in the approved modes of operation. The commands vary based on which configuration is used in the approved mode. In the LME configuration, all Mode Select commands to Mode Page X’30’, Subpage X’20’ and all subpages of Mode Page X’25’ are prohibited. In the SME configuration, Mode Select commands to Mode Page X’30’, Subpage X’20’ and the following subpages of Mode Page X’25’ are prohibited. Version 1 Revision 7 10 Table 3: Mode Select Eligibility of Mode Page X’30’, Subpage X’20’ and Mode Page X’25’ Subpages Mode Mode Subpage System-Managed Library-Managed Page Encryption (SME) Encryption (LME) X’25’ X’C0’ – Control/Status Prohibited Allowed X’25’ X’D0’ – Generate dAK/dAK’ Prohibited Prohibited Pair X’25’ X’D1’ – Query dAK Prohibited Prohibited X’25’ X’D2’ – Update dAK/dAK’ Prohibited Prohibited Pair X’25’ X’D3’ – Remove dAK/dAK’ Prohibited Prohibited Pair X’25’ X’D5’ – Drive Prohibited Allowed Challenge/Response X’25’ X’D6’ – Query Drive Prohibited Allowed Certificate X’25’ X’D7’ – Query/Setup HMAC Prohibited Prohibited X’25’ X’D8’ – Install eAK Prohibited Prohibited X’25’ X’D9’ – Query eAK Prohibited Prohibited X’25’ X’DA’ – Update eAK Prohibited Prohibited X’25’ X’DB’ – Remove eAK Prohibited Prohibited X’25’ X’DF’ – Query dSK Prohibited Allowed X’25’ X’E0’ – Setup SEDK Prohibited Allowed X’25’ X’E1’ – Alter DKx Prohibited Allowed X’25’ X’E2’ – Query DKx (Active) Prohibited Allowed X’25’ X’E3’ – Query DKx (Needed) Prohibited Allowed X’25’ X’E4’ – Query DKx (Entire) Prohibited Allowed X’25’ X’E5’ – Query DKx (Pending) Prohibited Allowed X’25’ X’EE’ – Request DKx Prohibited Allowed (Translate) X’25’ X’EF’ – Request DKx Prohibited Allowed (Generate) X’25’ X’FE’ – Drive Error Notify Prohibited Allowed X’30’ X’20’ – Encryption Mode Prohibited Prohibited Loading a FIPS 140-2 validated drive microcode level and configuring the drive for SME or LME operation initializes the LTO Gen6 into the approved mode of operation. The FIPS 140-2 validated drive microcode level should be loaded twice to ensure the firmware occupies both the main and reserved firmware locations. The LTO Gen6 supports multi-initiator environments, but only one initiator may access cryptographic functions at any given time. Therefore the LTO Gen6 does not support multiple concurrent operators. The LTO Gen6 implements a non-modifiable operational environment which consists of a firmware image stored in FLASH. The firmware image is copied to, and executed from, RAM. The firmware image can only be updated via FIPS-approved methods that verify the validity of the image. The LTO Gen6 drive operates as a stand-alone tape drive and has no direct dependency on any specific operating system or platform for FIPS approved operating mode, but does have requirements for:  Key Manager/Key Store attachment  Drive Configuration Version 1 Revision 7 11 The following criteria apply to the usage environment:  Key Manager and Key Store Attachment o In both SME and LME modes of operation, an IBM key manager, such as the Encryption Key Manager (EKM), the Tivoli Key Lifecycle Manager (TKLM), or the IBM Security Key Lifecycle Manager (ISKLM), and a supported key store must be used in a manner which supports secure import and export of keys with the LTO Gen6 drive :  Keys must be securely passed into the LTO Gen6 drive. The key manager must support encryption of the Data Key to form an Session Encrypted Data Key (SEDK) for transfer to the LTO Gen6 drive using the LTO Gen6 drive public Session Key and a 2048-bit RSA encryption method.  The key manager/key store must be able to use the DKi it supplies the drive to determine the Data Key.  Drive Configuration requirements o The LTO Gen6 drive must be configured in SME or LME encryption mode. o The LTO Gen6 drive must have the FIPS 140-2 validated drive firmware level loaded and operational. o Drive must be configured in the approved mode of operation. o In LME mode, the LTO Gen6 drive must be operated in an automation device which operates to the LDI or ADI interface specifications provided. Version 1 Revision 7 12 3.3 Ports and Interfaces The cryptographic boundary of the LTO Gen6 drive cryptographic module is the drive brick. Tape data blocks to be encrypted (write operations) or decrypted data blocks to be returned to the host (read operation) are transferred on the host interface ports using SCSI commands, while protected key material may be received on the host interface ports or the library port. The physical ports are separated into FIPS-140-2 logical ports as described below. Table 4: Ports Common to All Host Interface Types LTO Gen6 Drive FIPS-140-2 Crypto Interface Functionality Physical Ports Logical Interface Services  Disabled by FIPS approved firmware levels. BAB Port Disabled None  Inputs data RS-422 Port Data Input Yes  Crypto: Inputs protected keys from the key Data Output Control Input manager in LME mode.  Outputs data Status Output  Outputs encrypted key components  Inputs LDI and LMI protocol commands.  Outputs LDI and LMI protocol status.  Disabled by FIPS approved firmware levels. RS-232 Port Disabled None  Inputs controls and image for firmware load Ethernet Port Control Input None  Outputs status Status Output Data Input  Supplies power to threader unit internal to tape Threader Power Power None Port drive brick.  Inputs power to the LTO Gen6 drive Input Power Port Power None  Inputs write protect state of the cartridge Write Protect Control Input None Switch (FH models only)  Displays status Front Panel Single- Status Output None Character Display (SCD)  Displays status Front Panel Amber Status Output None LED  Displays status Front Panel Green Status Output None LED  Front Panel Unload Control Input None Inputs unload command  Button Places the drive in manual diagnostic mode  Scrolls through manual diagnostics  Exits manual diagnostic mode  Forces drive dump  Resets the drive  Cartridge Memory Data Input Yes Inputs parameters.  RFID Port Data Output Crypto: Inputs encrypted data indicator  Outputs parameters.  Crypto: Outputs encrypted data indicator  Read/Write Head Data Input None Inputs data from tape cartridges  Data Output Outputs data to tape cartridges  Control Input Inputs command to load firmware from special FMR cartridges Version 1 Revision 7 13 Table 4a: Fibre Channel-Specific Host Interfaces Ports LTO Gen6 FC FIPS-140-2 Crypto Interface Functionality Drive Logical Interface Services Physical Ports  Inputs data Fibre Channel Port Data Input Yes  Crypto: Inputs protected keys from the key 0 Data Output Control Input manager in SME mode. Fibre Channel Port  Outputs data Status Output 1  Outputs encrypted key components  Inputs SSC-3 SCSI protocol commands  Outputs SSC-3 SCSI protocol status  Inputs fibre channel interface control parameters Fibre Channel Control Input None  Outputs fibre channel interface status Loop ID Port Status Output  Inputs fibre channel interface control parameters Fibre Channel Link Control Input None Characteristics Port  Inputs RS-422 interface control parameters Feature Switches Control Input None  Inputs fibre channel interface control parameters  Inputs read/write head cleaner brush control parameters Table 4b: SAS-Specific Host Interfaces Ports LTO Gen6 SAS FIPS-140-2 Crypto Interface Functionality drive Logical Interface Services Physical Ports  Inputs data SAS Connector Data Input Yes  Crypto: Inputs protected keys from the key Data Output Control Input manager in SME mode  Outputs data Status Output  Outputs encrypted key components Power  Inputs T10 SAS Standards commands  Outputs T10 SAS Standards status  Inputs RS-422 interface control parameters Feature Switches Control Input None  Inputs read/write head cleaner brush control parameters Version 1 Revision 7 14 3.4 Roles and Services The LTO Gen6 drive supports both a Crypto Officer role and a User role, and uses basic cryptographic functions to provide higher level services. For example, the LTO Gen6 drive uses the cryptographic functions as part of its data reading and writing operations in order to perform the encryption/decryption of data stored on a tape. The Crypto Officer role is implicitly assumed when an operator performs key zeroization. The User role is implicitly assumed for all other services. The two main services the LTO Gen6 drive provides are:  Encryption or decryption of tape data blocks using the Data Block Cipher Facility.  Establishment and use of a secure key channel for key material passing by the Secure Key Interface Facility. It is important to note that the Secure Key Interface Facility may be an automatically invoked service when a user issues Write or Read commands with encryption enabled that require key acquisition by the LTO Gen6 drive. Under these circumstances the LTO Gen6 drive automatically establishes a secure communication channel with a key manager and performs secure key transfer before the underlying write or read command may be processed. 3.4.1 User Guidance The services table describes what services are available to the User and Crypto Officer roles.  There is no requirement for accessing the User Role  There is no requirement for accessing the Crypto Officer Role Single Operator requirements:  The LTO Gen6 drive enforces a requirement that only one host interface initiator may have access to cryptographic services at any given time. Version 1 Revision 7 15 3.4.2 Provided Services Available services are also documented in the specified references. All of the service summarized here, excluding the services expressly prohibited in Table 3, are allowed in the FIPS mode of operation. Table 5: Provided Services Service Interface(s) Description Inputs Outputs Role General SCSI - Host As documented in the See See User commands LTO Ultrium Tape description description Drive SCSI Reference General Library - Library As documented in the See See User Interface commands Drive Library LDI and description description LMI Interface Specifications Unload tape - Host/Library Unload tape can be Button press Green LED User - Front Panel performed using unload flashes Unload button or via commands while Button over the host or library unload is in interface progress. Enter manual - Front Panel Place in manual Button press SCD User diagnostic mode Unload diagnostic mode via the displays 0. Button unload button Amber LED becomes solid. Scrolls through - Front Panel Scroll through manual Button press SCD User manual diagnostic Unload diagnostic functions via changes to functions Button the unload button indicate scrolling. Exits manual - Front Panel Exit manual diagnostic Button press SCD User diagnostic mode Unload mode via the unload becomes Button button blank. Green LED becomes solid. Forces drive dump - Front Panel Force a drive dump via Button press SCD shows User Unload the unload button 0, then Button becomes blank. Resets the drive - Front Panel Power-cycle the device Button press Reboot User Unload via Unload Button occurs. Button Version 1 Revision 7 16 Service Interface(s) Description Inputs Outputs Role Encrypting Write- - Host The Secure Key - Plaintext - Encrypted User type Command Interface Facility data data on tape automatically requests a - SEDK - DKx on key, provides - DKx tape authentication data, securely transfers and verifies the key material. The Data Block Cipher Facility encrypts the data block with the received Data Key using AES- GCM block cipher for recording to media. A received DKx is automatically written to media using the RW Head Interface. The decryption-on-the- fly check performs AES- GCM decryption of the encrypted data block and verifies the correctness of the encryption process Decrypting Read- - Host The Secure Key SEDK - Plaintext User type Command Interface Facility data to host automatically requests a key, provides authentication data and DKx information if available, securely transfers and verifies the key material. The received Data Key is used by the Data Block Cipher Facility to decrypt the data block with using AES-GCM decryption and returning plaintext data blocks to the host; Optionally in Raw mode the encrypted data block may be returned to the host in encrypted form (not supported in approved configuration) Set Encryption - Host Performed via Mode Requested None User Control Parameters - Library Select to Mode Page Mode Page (including Bypass x’25’ and Encryption and Subpage Mode) Subpage X’C0’ Query Encryption - Host Performed via Mode Requested Mode Data User Control Parameters - Library Sense to Mode Page Mode Page (including Bypass x’25’ and Encryption and Subpage Mode) Subpage X’C0’ Version 1 Revision 7 17 Service Interface(s) Description Inputs Outputs Role Show Status - Front Panel Visual indicators that an From LTO Visual User (Visual Indicators) LEDs and encryption operation is Gen6 drive indicators Single- currently in progress operating on front Character may be monitored on the system panel Display front panel Drive - Host Allows programming Requested Mode Data User Challenge/Response - Library challenge data and Mode Page reading an optionally) and Subpage encrypted, signed response; not used in default configuration. Performed via mode select and mode sense to Mode Page x’25’ and Encryption Subpage x’D5’; not used in default configuration Query Drive - Host Allows reading of the Requested Mode Data User Certificate - Library Drive Certificate public Mode Page key. Performed via and Subpage mode sense to Mode Page x’25’ and Encryption Subpage x’D6’; the provided certificate is signed by the IBM Tape Root CA. Query dSK - Host Allows reading of the Requested Mode Data User - Library Drive Session (Public) Mode Page Key Performed via and Subpage mode sense to Mode Page x’25’ and Encryption Subpage X’DF’ . Setup SEDK - Host This is the means to Requested Mode Data User structure (a - Library import a protected Mode Page protected key private key to the LTO and Subpage structure) Gen6 drive for use in writing and encrypted tape or in order to read a previously encrypted tape. Performed via mode select to Mode Page x’25’ and Encryption Subpage x’E0’. In this service, the module generates a drive session key pair. The module then sends the dSK to the key manager where it is used to create an SEDK. Then, the key manager sends the SEDK back to the module. Version 1 Revision 7 18 Service Interface(s) Description Inputs Outputs Role Query DKx(s) – - Host Allows the reading from Requested Mode Data User active, needed, - Library the drive of DKx Mode Page pending , entire (all) structures in different and Subpage categories for the medium currently mounted. Performed by Mode Select commands to Mode Page x25’ and various subpages. Request DKx(s) - Host This status command is Requested Mode Data User Translate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that is has read DKx structures from a mounted, encrypted tape and needs them translated to an SEDK and returned for the drive to read the tape. The key manager issues this command to read DKx structures which the drive requires to be translated by the Key Manager and subsequently returned to the drive as an SEDK structure to enable reading of the currently active encrypted area of tape. Performed via mode sense to Mode Page x’25’ and Encryption Subpage X’EE’. Request DKx(s) - Host This status command is Requested Mode Data User Generate - Library used when the drive has Mode Page already notified the Key and Subpage Manager that it requires new SEDK and DKx structures to process a request to write an encrypted tape. This page provides information about the type of key the drive is requesting. Performed via mode sense to Mode Page x’25’ and Encryption Subpage X’EF’. Version 1 Revision 7 19 Service Interface(s) Description Inputs Outputs Role Alter DKx(s) - Host This command is used to Requested Mode Data User - Library modify the DKx Mode Page structures stored to tape. and Subpage The LTO Gen6 drive will write the modified structures out to the tape as directed. Performed via mode sense to Mode Page x’25’ and Encryption Subpage x’E1’. Drive Error Notify - Host These status responses Requested Mode Data User and Drive Error - Library are the means used by Mode Page Notify Query the drive to notify the and Subpage Key Manager that an action is required, such as a Key generation or Translate, to proceed with an encrypted write or read operation. These status responses are read via Mode Sense commands to Mode Page x’25’ subpage ‘EF” and ‘FF’. Power-Up Self-Tests - Power Performs integrity and None Failure User, - Host cryptographic algorithm required status, if Crypto - Library self-tests, firmware applicable Officer image signature verification Configure Drive - Host Allows controlling of From LTO Vital User Vital Product Data - Library default encryption mode Gen6 drive Product (VPD) settings and other operating operating Data (VPD) parameters system Key Path Check - Host As documented in the Send Send User diagnostic LTO Ultrium Tape Diagnostic Diagnostic Drive SCSI Reference command command specifying status the Key Path diagnostic Key Zeroization - Host Zeroes all private Send Send Crypto plaintext keys in the Diagnostic Diagnostic Officer LTO Gen6 drive via a command command Send Diagnostic specifying status command with the Key Diagnostic ID EFFFh, as Zeroization documented in the IBM TotalStorage LTO Ultrium Tape Drive SCSI Reference. Firmware Load - Host Load new firmware to New Load test Crypto the module firmware indicator Officer Version 1 Revision 7 20 3.5 Physical Security The LTO Gen6 drive cryptographic boundary is the drive “brick” unit. The drive brick unit has industrial grade covers, and all the drive’s components are production grade. The LTO Gen6 drive requires no preventative maintenance, and field repair is not performed for the unit. The drive brick covers are not removed in the field in the approved configuration. All failing units must be sent intact to the factory for repair. Figure 2a: Front View of LTO Gen6 Full-High Drive Brick Figure 2b: Rear View of LTO Gen6 Figure 2c: Rear View of LTO Gen6 Full-High Fibre Channel Drive Brick Full-High SAS Drive Brick Version 1 Revision 7 21 3.6 Figure 2d: Front View of LTO Gen6 Half-High Drive Brick Figure 2e: Rear View of LTO Gen6 Figure 2f: Rear View of LTO Gen6 Half-High Fibre Channel Drive Brick Half-High SAS Drive Brick Version 1 Revision 7 22 Cryptographic Algorithms and Key Management 3.6.1 Cryptographic Algorithms The LTO Gen6 drive supports the following basic cryptographic functions. These functions are used by the Secure Key Interface Facility or the Data Block Cipher Facility to provide higher level user services. Table 6: Basic Cryptographic Functions Algorithm Type /Usage Specification Approved? Used by Algorithm Certificate AES-ECB mode Symmetric cipher AES: FIPS Yes Firmware #2694 encryption/decryption provides underlying 197 (256-bit keys) AES encryption. AES key wrapping AES-GCM mode Symmetric Cipher AES: FIPS- Yes ASIC #2692, encryption / decryption Encrypts data blocks 197 #2693 (256-bit keys) while performing GCM: decrypt-on-the-fly SP800-38D verification Decrypts data blocks DRBG IV generation for SP800-90 Yes Firmware #440 AES-GCM, Drive using SHA- Session Key 512 generation SHA-1 Hashing algorithm. FIPS-180-4 Yes Firmware #2261 Multiple uses SHA-256 Hashing algorithm FIPS-180-4 Yes Firmware #2261 digest checked on key manager messages, digest appended on messages to key manager SHA-512 Hashing algorithm FIPS 180-4 Yes Firmware #2261 supports DRBG RSA Sign/Verify Digital signature FIPS 186-2 Yes Firmware #1392 generation and verification to sign the session key and to verify firmware image signature on firmware load RSA Key Generation Key Generation - No, but Firmware N/A (2048-bit keys) Session key allowed in FIPS mode1 generation RSA Key Transport Decryption of - No, but Firmware N/A (2048-bit keys) transported SEDK allowed in key material FIPS mode (provides 112 bits of encryption strength) No2 TRNG (Custom) Seeding DRBG - ASIC N/A 1 Allowed for generation of keys used by the RSA Key Transport mechanism 2 Allowed in FIPS mode for seeding approved DRBG Version 1 Revision 7 23 3.6.2 Security Parameters This table lists LTO Gen6 drive critical security parameters (CSPs) and non-critical security parameters. Table 7: Security Parameters Security Input into Output Generation Storage Storage Zeroized CSP Key Parameter Module from Method Location Form Type Module Drive RSA Yes - Yes N/A Drive Vital Non-volatile N/A No Certificate 2048-bit at time of Product Data Plaintext Public Key manufacture (VPD) (dCert) Drive Yes RSA Yes - No N/A Drive VPD Non-volatile Yes Certificate 2048-bit at time of X.509 Private Key manufacture certificate (dCert’) signed with the IBM Tape root CA Drive Session No RSA No – Yes Non- Drive RAM Ephemeral N/A Public Key 2048-bit Generated by approved, Plaintext (dSK) module allowed in FIPS mode Drive Session Yes RSA No – No Non- Drive RAM Ephemeral Yes Private Key 2048-bit Generated by approved, Plaintext (dSK’) module allowed in FIPS mode Data Key Yes AES Yes – No N/A Before Use: Ephemeral Yes (DK) 256-bit (Received in Drive RAM Plaintext symmetric encrypted When in use: key form) Stored In ASIC; (unreadable register) Cryptographic Yes AES No – No PRNG Before Use: Ephemeral Yes Data Key 256-bit Generated by Drive RAM plaintext (cDK) symmetric module When in use: Ephemeral key Stored in encrypted ASIC form as wDK (unreadable register) DRBG Yes 256-bit No – No TRNG Drive RAM Ephemeral Yes Entropy Input input Generated by Plaintext String string module DRBG value, Yes 256 bits No – No Internal state Drive RAM Ephemeral Yes V Generated by value of Plaintext module DRBG DRBG Yes 256 bits No – No Internal state Drive RAM Ephemeral Yes constant, C Generated by value of Plaintext module DRBG Additional notes on key management:  Secret and private keys are never output from the LTO Gen6 drive in plaintext form.  Secret keys may only be imported to the LTO Gen6 drive in encrypted form.  Zeroization behavior outlines in Table 8. Version 1 Revision 7 24 Table 8: CSP Access Table Drive Certificate Private Key Drive Certificate Public Key DRBG Entropy Input Key Drive Session Private Key Drive Session Public Key Cryptographic Data Key DRBG Constant, C DRBG value ,V (dCert’) Data Key (dCert) (dSK’) (dSK) (DK) cDK General SCSI commands R R General Library Interface commands Service Panel Configuration X X X X X Service Panel Diagnostics Service Panel Status Display Front Panel Interface Status W W W W Front Panel Interface Unload W W W W W W W Front Panel Interface Reset X X Encrypting Write-type Command X X Decrypting Read-type Command Set Encryption Control Parameters (including Bypass Mode) Query Encryption Control Parameters (including Bypass Mode) “Show Status” X X X X Drive Challenge/Response R Query Drive Certificate X R Query dSK X W W Setup an SEDK structure (a protected key structure) Drive Error Notify and Drive Error Notify Query X X X X X Power-Up Self-Tests W W Configure Drive Vital Product Data (VPD) settings X X RX X Key Path Check diagnostic W W W W W W W W W Key Zeroization Firmware Load Test Version 1 Revision 7 25 3.6.3 Self-Test The LTO Gen6 drive performs both Power On Self Tests and Conditional Self tests as follows. The operator shall power cycle the device to invoke the Power On Self tests. Table 9: Self-Tests Function Self-Test Type Implementation Failure Behavior Tested AES-ECB Power-up KAT performed for Encrypt and Decrypt FSC 0x1130 posted AES-GCM Power-Up KAT performed for Encrypt and Decrypt FSC 0x1130 (256-bit keys) (256-bit) posted DRBG Power-Up KAT performed FSC 0x1133 posted SHA-1 Power-Up KAT performed FSC 0x1131 posted SHA-256 Power-Up KAT performed FSC 0x1131 posted SHA-512 Power-Up KAT performed FSC 0x1131 posted RSA Sign Power-Up KAT performed FSC 0x1131 KAT and posted Verify KAT Firmware Power-Up RSA digital signature verification of Drive reboot Integrity application firmware; CRC check of SH Check vital product data (VPD); CRC check of FPGA image. VPD Integrity Power-Up CRC check of vital product data (VPD) FSC 0x112E Check posted DRBG Conditional: Continuous random number generator test FSC 0x1133 When a random performed. posted number is generated TRNG Conditional: Continuous random number generator test Drive reboot (Custom) When a random performed. number is generated Firmware Conditional: RSA signature verification of new Drive rejects code Load Check When new firmware is firmware image before new image may load with FSC loaded or current be loaded 0x5902 firmware is re-booted Exclusive Conditional: Ensure the correct output of data after Drive reboots and Bypass Test When switching switching modes. rejects failure between encryption Check to ensure the key is properly injection code and bypass modes loaded. level. Version 1 Revision 7 26 3.6.4 Bypass States The LTO Gen6 drive supports a single static bypass mode. Bypass entry, exit, and status features are provided to meet approved methods for use of bypass states. Two independent internal actions are required to activate bypass mode. First, the LTO Gen6 drive checks the host interface on which the bypass request was received for transmission errors. Then the LTO Gen6 drive checks the value of the Encryption State field within the Encryption Control 1 field of Mode Page X’25’ to determine if the bypass capability is enabled. 3.7 Design Assurance LTO Gen6 drive release parts are maintained under the IBM Engineering Control (EC) system. All components are assigned a part number and EC level and may not be changed without re-release of a new part number or EC level. The following table shows the certified configuration for each host interfaces of the LTO Gen6 encrypting tape drive: Table 9: Certified Configurations Hardware Firmware IBM LTO Generation 6 EC Part Part Firmware Image Encrypting Tape Drive Level Number Number Full-High Fibre Channel 12X5118 M12977 00V7133 LTO6_DA86.fcp_fh_f.fmrz Interface Half-High Fibre Channel 12X5116 M12977 00V7137 LTO6_DA86.fcp_hh_f.fmrz Interface 12X5119 M12977 Full-High SAS Interface 00V7135 LTO6_DA86.sas_fh_f.fmrz 12X5117 M12977 Half-High SAS Interface 00V7139 LTO6_DA86.sas_hh_f.fmrz 3.8 Mitigation of other attacks The LTO Gen6 drive does not claim to mitigate other attacks.