Kanguru Defender Elite300 Security Policy Kanguru Defender Elite300 FIPS 140-2 Non-Proprietary Security Policy Document Revision: 1.0 H.W. Version: 1.0 F.W. Version: 2.10.10 (Kanguru Solutions Copyright 2015 - This document may be reproduced in its entirety without revision) Revision History Author(s) Version Updates Nate Cote, 1.0 Initial public release. Kanguru Solutions Page 1 of 24 Kanguru Defender Elite300 Security Policy Introduction The Kanguru Defender Elite300, herein after referred to as "cryptographic module" or "module", (HW Version: 1.0; FW Version: 2.10.10) is a FIPS 140-2 Level 2 multi-chip standalone cryptographic module that utilizes AES hardware encryption to secure data at rest. The module is a ruggedized, opaque, and tamper-evident USB token/storage device that connects to an external general purpose computer (GPC) outside of its cryptographic boundary to serve as a secure peripheral storage drive for the GPC. The module is a self-contained device that automatically encrypts and decrypts data copied to and from the drive from the externally connected GPC. All files distributed with the module that are loaded into the GPC (client application and PC configuration data) are excluded from the validation. The Kanguru Defender Elite300 has been specifically designed to address sensitive data concerns of Government and security conscious customers in a variety of markets. Cryptographic Boundary The physically contiguous cryptographic boundary is defined by the outer perimeter of the metal and plastic enclosure with the cap removed. The cryptographic module does not contain any removable covers, doors, or openings. The cryptographic module is available in a variety of Approved configurations. See Appendix 1 for complete list of Approved capacities. The following photographs (Figures 1-6) define the cryptographic boundary: Note: The exterior of all Kanguru Defender Elite300 models are the same regardless of hard drive capacity and colors. Models are available in 4GB, 8GB, 16GB, 32GB, 64GB, and 128GB. Models are available in the following colors: Green, Black, Red, and Silver. (See Appendix 1 for more information) Figure 1 ­ Top side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Page 2 of 24 Kanguru Defender Elite300 Security Policy Figure 2 ­ Bottom side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Figure 3 ­ Right side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Figure 4 ­ Left side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Page 3 of 24 Kanguru Defender Elite300 Security Policy Figure 5 ­ Front side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Figure 6 ­ Rear side of Kanguru Defender Elite300 ­ Model: KDFE300-8G-Silver. Page 4 of 24 Kanguru Defender Elite300 Security Policy Figure 7 ­ Block Diagram showing data flow for Kanguru Defender Elite300 ** ** NOTICE: To facilitate secure authentication, the cryptographic module supports the output of the "AES Session Key and IV" and "MAC Key of Secure Channel" RSA 2048 OAEP wrapped via the "Secure Session Public Key." The cryptographic module supports the input of the Master Disk Password and User Disk Password encrypted with AES via the "AES Session Key and IV" and authenticated with HMAC via the "MAC Key of Secure Channel" (See Exhibits 5 and 6 for more information). With the exception of the aforementioned, all other cryptographic module services provide the associated cryptographic module I/O in plaintext. Therefore, the Cryptographic Officer/Master, User and CD Update Officer must take special care to ensure that the module is only physically connected to a trustworthy external GPC that does not have any USB protocol analyzers attached as "all" I/O (with the exception of the aforementioned passwords and keys) is written into the module and read back from the module in plaintext form. The cryptographic module provides no protections on any information when such information is resident inside the external GPC; any such protections are hereby explicitly disclaimed "and" hereby explicitly stated to be beyond the specific scope of this validated cryptographic module. The methodology by which the Cryptographic Officer/Master, User and CD Update Officer determine the trustworthiness of the external GPC is beyond the specific scope of this validated cryptographic module. Page 5 of 24 Kanguru Defender Elite300 Security Policy Security Level Specification Security Requirements Area Level Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 2 Roles, Services, and Authentication 3 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-tests 2 Design Assurance 3 Mitigation of Other Attacks N/A Exhibit 1 ­ Security Level Table Approved Algorithms The cryptographic module supports the following Approved algorithms for secure data storage: · AES with 256-bit key in CBC and ECB mode Encrypt/Decrypt and XTS: AES (Cert. #2962) · AES KW: AES (Cert. #2962) · SHA-256: SHS (Cert. #2491) · HMAC-SHA256: HMAC (Cert. #1878) · RSASSA-PKCS1_V1_5 with 2048 bit key and SHA-256 Signature Verification: RSA (Cert. #1557) · SP800-90A DRBG HMAC_DRBG with HMAC-SHA256 core: DRBG (Cert. #560) · PBKDF2 (vendor affirmed); Key Establishment per Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, Special Publication 800-132, December 2010 (vendor affirmed per FIPS 140-2 IG D.6, Option 2a- The MK is used to recover the DPK through approved decryption ­ AES-256 (Cert. #1623); the PBKDF2 "salt" is generated by NIST SP800-90A HMAC_DRBG and its length is 32 bytes; see password strength in "Identification and Authentication Policy" section below; The keys derived in accordance with SP800-132 are used in storage applications only). Allowed Algorithms The cryptographic module supports the following Allowed algorithms: · RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Non-Approved algorithms The cryptographic module supports the following non-Approved algorithms: · Hardware non-deterministic random number generator (for seeding Approved DRBG) Page 6 of 24 Kanguru Defender Elite300 Security Policy Physical Ports and Logical Interfaces A single physical universal serial bus port (USB 3.0) is exposed on the top of the module that supports all logical interfaces (data input, data output, control input, status output, power). A light emitting diode (LED) is located inside the bottom metal enclosure for status output. A Write Protect Switch is used as a control input. The cryptographic module does not contain a maintenance interface. The following table summarizes the physical ports and logical interfaces: Physical Port Logical Interface Data Output, Data Input, USB 3.0 port Control Input, Status Output, Power LED Status Output Write Protect Switch Control Input Exhibit 2 ­ Specification of Cryptographic Module Physical Ports and Logical Interfaces Security rules The following specifies security rules under which the cryptographic module shall operate in accordance with FIPS 140-2: · The cryptographic module does not support a non-FIPS mode of operation and only operates in an Approved mode of operation. The method used to indicate the Approved mode of operation is to query the module for its firmware version number with a software tool provided by vendor and then the operator compares this value with the version number listed in this security policy. · The cryptographic module provides logical separation between all of the data input, control input, data output, status output interfaces. The module receives external power inputs through the defined power interface. · The cryptographic module supports identity based authentication for all services that utilize CSPs and Approved security functions. · The data output interface is inhibited during self-tests, zeroization, and when error states exist. · When the cryptographic module is in an error state, it ceases to provide cryptographic services, inhibits all data outputs, and provides status of the error. · The cryptographic module does not support multiple concurrent operators. · When the cryptographic module is powered off and subsequently powered on, the results of previous authentications are not to be retained and the cryptographic module requires the operator to be re-authenticated in an identity based fashion. Page 7 of 24 Kanguru Defender Elite300 Security Policy · The cryptographic module protects CSPs from unauthorized disclosure, unauthorized modification, and unauthorized substitution. · The cryptographic module protects public keys from unauthorized modification, and unauthorized substitution. · The cryptographic module satisfies the FCC EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B (i.e., for home use). · The cryptographic module implements the following self-tests: Power-up self-tests o Firmware integrity test (256-bit SHA256 hash verification) o SHA-256 KAT o HMAC-SHA256 KAT o RSA 2048 signature verification KAT o AES-256 CBC Encrypt KAT o AES-256 CBC Decrypt KAT o SP800-90A DRBG KAT o Critical functions: RSA 2048 Encrypt KAT Conditional self-test o Continuous test on SP800-90A DRBG o Continuous test on non-Approved NDRNG o Firmware load test (via RSA 2048 with SHA256 digital signature verification) o Critical functions: CSP integrity test (via SHA-256-bit CRC verification) · Manual key entry is not supported and the cryptographic module does not implement manual key entry tests. · The cryptographic module does not support bypass capability and does not implement bypass tests. · The status indicator output by the module when power-on self-tests succeeds is the LED flashing at 3 Hz and output of an icon to host GPC. · The status indicator output by the module when a power-on self-test fails is flashing on the status output LED in a continuous fashion at 16Hz. · The status indicator output by the module when a conditional self-test fails is flashing on the status output LED in a continuous fashion at 16Hz. · The status indicator output by the module upon entry into the error state is flashing on the status output LED in a continuous fashion at 16Hz. Page 8 of 24 Kanguru Defender Elite300 Security Policy · Split-knowledge processes are not supported. · All maintenance related services (i.e. maintenance role, physical maintenance interface, logical maintenance interface) are not applicable. · Plaintext CSP output is not supported. · The module does not support plaintext password entry. Passwords are entered encrypted with AES. · The cryptographic module does not contain dedicated physical ports for CSP input/output · The power interfaces cannot be used to drive power to external targets. · The continuous comparison self-tests related to twin implementations are not applicable. · Upon authenticating into a particular role, it is not possible to switch into another role without re-authenticating. · The cryptographic module does not provide the means to feedback authentication data. · The finite state machine does not support the following states: maintenance, CSP output. · The requirements of FIPS 140-2 Section 4.6 are not applicable; there exists no support for the execution of untrusted code. All code loaded from outside the cryptographic boundary is cryptographically authenticated via RSA digital signature verification via the firmware load test. · The cryptographic module is not a radio and does not support any wireless interfaces or OTAR. · The requirements of FIPS 140-2 Section 4.11 are not applicable; the cryptographic module was not designed to mitigate specific attacks beyond the scope of FIPS 140-2. · All keys generated by SP800-90A DRBG, the key generation method complies with SP800- 133 Section 7.1, The "Direct Generation" of Symmetric keys. Page 9 of 24 Kanguru Defender Elite300 Security Policy Identification and Authentication Policy The following table defines the roles, type of authentication, and associated authenticated data types supported by the cryptographic module: Role Type of Authentication Authentication Data Cryptographic Identity-based Password (8 to 136 bytes) Officer/Master: responsible for initialization, physical security inspection, and administrative functions. User: the end user of the Identity-based Password (8 to 136 bytes) product that utilizes the module under the direction of the Cryptographic Officer/Master. CD Update Officer: the end Identity-based RSA Signature Verification user of the product that utilizes (RSA 2048 bit) the module to update the CD partition of the module. Exhibit 3 - Roles and Required Identification and Authentication (FIPS 140-2 Table C1) Page 10 of 24 Kanguru Defender Elite300 Security Policy The following table defines the strength of the implemented identity-based authentication mechanism (password verification or RSA signature verifications) by discussing the probabilities associated with random attempts and multiple consecutive attempts within a one-minute period towards subverting the implemented authentication mechanisms: Authentication Mechanism Strength of Mechanism: Strength of Mechanism: Random attempted Multiple consecutive breach attempts in a one-minute period Password verification Less than Less than 1 / 52,307,591,375,000 60/ 52,307,591,375,000 RSA signature verification Less than 1 / 2^112 Less than 60/ 2 ^112 Exhibit 4 - Strengths of Authentication Mechanisms (FIPS 140-2 Table C2) The upper bound for the probability of correctly guessing the password at random is: 1 / (10*26*26*95*95*95*95*95), which equates to 1 / 52,307,591,375,000. This is less than 1 / 1,000,000. The minimum length of a password is 8 characters, which can be seen in the format of 1 / (C0 * C1 * C2 * C3 * C4 * C5 * C6 * C7). The password characters include 95 possible samples, which come from a combination of "0 ­ 9", "A ­ Z", "a ­ z", and symbols (e.g. ! # { $ ). Furthermore, the module requires that passwords meet a specific composition: · One character of number 0 ­ 9 (10 possible samples) · One character of the upper case of letter A ­ Z (26 possible samples) · One character of the lower case of letter a ­ z (26 possible samples) The module allows 60 attempts in a one-minute period, which equates to the following: 60 / 10*26*26*95*95*95*95*95 which is less than 1 / 100,000. Page 11 of 24 Kanguru Defender Elite300 Security Policy Access Control Policy Exhibit 5 provides a mapping of CSPs/Public Keys to their respective services. CSP/Public Key Type Service(s) Data Encryption/Decryption Key XTS-AES-256 Set User Disk Password of Partition, of Private Partition Set User Disk Password of Private Partition, Generation: Generated via SP Set Master Disk Password of Partition, 800-90 HMAC-SHA-256 DRBG Set Master Disk Password of Private Partition, Entry: N/A Master Login Into Partition, User Login Into Partition, Output: N/A Master Login Into Private Partition, Create User of Private Partition, Write Mass-Storage Data to Partition, Read Mass-Storage Data to Partition, Write Mass-Storage Data to Private Partition, Read Mass-Storage Data to Private Partition, Zeroize Data Encryption/Decryption Key XTS-AES-256 Read Mass-Storage Data from CD of CD Area Partition, Zeroize Generation: Generated via SP 800-90 HMAC-SHA-256 DRBG Entry: N/A Output: N/A User Disk Password 8-byte to 136- Set User Disk Password of Partition, byte password Set User Disk Password of Private Generation: N/A Partition, User Login Into Partition, Entry: User enters the value into Change Disk Password of Partition, the GPC via keyboard; enters Change Disk Password of Private module via USB interface Partition, Create User of Partition, Output: N/A Create User of Private Partition, Zeroize Page 12 of 24 Kanguru Defender Elite300 Security Policy Master Disk Password 8-byte to 136-byte Set Master Disk Password of Partition, password Set Master Disk Password of Private Generation: N/A Partition, Master Login Into Partition, Entry: Master enters the value Master Login Into Private Partition, into the GPC via keyboard; Change Disk Password of Partition, enters module via USB Change Disk Password of Private interface Partition, Create User of Partition, Output: N/A Create User of Private Partition, Zeroize Key Encryption/Decryption AES-256 Set User Disk Password of Partition, Key of Private Partition Key Wrap Set User Disk Password of Private Partition, Generation: Derived by Master * This key is used to Set Master Disk Password of Partition, Disk Password (or) User Disk wrap/unwrap the Data Set Master Disk Password of Private Encryption/Decryption Password respectively via SP Key of Private Partition, 800-132 PBKDF2 Partition and the Data Master Login Into Partition, HMAC_SHA-256 Encryption/Decryption User Login Into Partition, Key of CD Area; these Master Login Into Private Partition, Entry: N/A keys are "never" Create User of Private Partition, output from the cryptographic module. Zeroize Output: N/A Seed Material of SP 800-90 Seed Material Set User Disk Password of Partition, HMAC-SHA-256 DRBG Set User Disk Password of Private Partition, Generation: H/W NDRNG Set Master Disk Password of Partition, Set Master Disk Password of Private Entry: N/A Partition, Master Login Into Partition, Output: N/A User Login Into Partition, Master Login Into Private Partition, Create User of Private Partition, Zeroize Page 13 of 24 Kanguru Defender Elite300 Security Policy DRBG SP800-90A Set User Disk Password of Partition, Internal State (V and Key) Set User Disk Password of Private Partition, Generation: Updated via SP800- Set Master Disk Password of Partition, 90A HMAC-SHA-256 DRBG Set Master Disk Password of Private Partition, Entry: N/A Master Login Into Partition, User Login Into Partition, Output: N/A Master Login Into Private Partition, Create User of Private Partition, Zeroize AES Session Key and IV AES-256 CBC Set User Disk Password of Partition, Set User Disk Password of Private Generation: Generated via Partition, SP800-90A HMAC-SHA-256 Set Master Disk Password of Partition, DRBG Set Master Disk Password of Private Partition, Entry: N/A Master Login Into Partition, User Login Into Partition, Output: RSA Wrapped via Master Login Into Private Partition, Secure Session Public Key Logout From Partition, Logout From Private Partition, Change Disk Password of Partition, Change Disk Password of Private Partition, Create User of Partition, Create User of Private Partition, Write Mass-Storage Data to Partition, Read Mass-Storage Data to Partition, Write Mass-Storage Data to Private Partition, Read Mass-Storage Data to Private Partition, Zeroize Page 14 of 24 Kanguru Defender Elite300 Security Policy MAC Key of Secure Channel HMAC-SHA- Set User Disk Password of Partition, 256 Set User Disk Password of Private Generation: Generated via SP Partition, 800-90 HMAC-SHA-256 Set Master Disk Password of Partition, Set Master Disk Password of Private Entry: N/A Partition, Master Login Into Partition, Output: RSA Wrapped via User Login Into Partition, Secure Session Public Key Master Login Into Private Partition, Logout From Partition, Logout From Private Partition, Change Disk Password of Partition, Change Disk Password of Private Partition, Create User of Partition, Create User of Private Partition, Write Mass-Storage Data to Partition, Read Mass-Storage Data to Partition, Write Mass-Storage Data to Private Partition, Read Mass-Storage Data to Private Partition, Zeroize CD Update Public Key RSA-2048 CD Update, SHA-256 Set CD Update Public Key Generation: N/A Entry: Via Set CD Update Public Key service Output: N/A Firmware Update Public Key RSA-2048 Start Firmware Update SHA-256 Generation: N/A Entry: Via Start Firmware Update service Output: N/A Page 15 of 24 Kanguru Defender Elite300 Security Policy Secure Session Public Key RSA-2048 Master Login Into Partition, OAEP User Login Into Partition, Generation: N/A Master Login Into Private Partition Entry: Enters module via USB interface via Master Login Into Partition service, User Login Into Partition service, and Master Login Into Private Partition service Output: N/A Exhibit 5 ­ CSPs/Public Keys with respective services The list of roles, services, cryptographic keys & CSPs, and types of access to the cryptographic keys & CSPs that are available to each of the authorized roles via the corresponding services are demonstrated in Exhibit 6. Role Service Type(s) of Access to * No Crypto- User CD Cryptographic Keys & CSPs: role graphic Update Officer/ Officer R = Read the item into Master memory W = Write the item into memory N/A = Not Applicable X Self Tests: Performs the full suite of N/A required power-up self-tests. X Get Device Info: This function gets N/A status information from the module. X Set Write Protect: This function N/A enables or disables the module with write-protection. X Set User Disk Password of Partition: W: User Disk Password This function sets the User Disk Password for Partition to the module to W: Data Encryption/ restrict access to the encrypted Decryption Key of Private partition of the module. Partition W, R: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG Page 16 of 24 Kanguru Defender Elite300 Security Policy R: MAC Key of Secure Channel Set User Disk Password of Partition: R: AES Session Key and IV (continued...) X Set User Disk Password of Private W: User Disk Password Partition: This function sets the User Disk Password for Private Partition to W: Data Encryption/ the module to restrict access to the Decryption Key of Private encrypted (private) partition of the Partition module. W, R: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel R: AES Session Key and IV X Set Master Disk Password of W: Master Disk Password Partition: This function sets the Master Disk Password for Partition to W: Data Encryption/ the module to restrict access to the Decryption Key of Private encrypted partition of the module. Partition W, R: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel R: AES Session Key and IV X Set Master Disk Password of Private W: Master Disk Password Partition: This function sets the Master Disk Password for Private W: Data Encryption/ Partition to the module to restrict Decryption Key of Private access to the encrypted (private) Partition partition of the module. Page 17 of 24 Kanguru Defender Elite300 Security Policy Set Master Disk Password of Private W, R: Key Encryption/ Partition: (continued...) Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel R: AES Session Key and IV X Master Login Into Partition: This R: Master Disk Password function opens (enables access to) the encrypted partition of module with W: Data Encryption/ Master Disk Password. Decryption Key of Private Partition R: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel R: AES Session Key and IV W, R: Secure Session Public Key X User Login Into Partition: This R: User Disk Password function opens (enables access to) the encrypted partition of module with R: Data Encryption/ User Disk Password. Decryption Key of Private Partition R: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel Page 18 of 24 Kanguru Defender Elite300 Security Policy User Login Into Partition: R: AES Session Key and IV (Continued...) W, R: Secure Session Public Key X Master Login Into Private Partition: R: Master Disk Password This function opens (enables access to) the encrypted (private) partition of R: Data Encryption/ module with Master Disk Password. Decryption Key of Private Partition W: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG R: MAC Key of Secure Channel R: AES Session Key and IV W, R: Secure Session Public Key X X Logout From Partition: This function R: MAC Key of Secure closes (disables access to) the Channel encrypted partition of module. R: AES Session Key and IV X X Logout From Private Partition: This R: MAC Key of Secure function closes (disables access to) the Channel encrypted (private) partition of module. R: AES Session Key and IV X X Change Disk Password of Partition: R: MAC Key of Secure This function changes the Master Disk Channel Password (or) User Disk Password of partition from old password to new R: AES Session Key and IV password. W, R: Master Disk Password (or) User Disk Password X X Change Disk Password of Private R: MAC Key of Secure Partition: This function changes the Channel Master Disk Password (or) User Disk Password of Private partition from old R: AES Session Key and IV password to new password. W, R: Master Disk Password (or) User Disk Password X Create User of Partition: This R: Master Disk Password function creates the User and associated passwords for accessing the R: AES Session Key and IV partition. Page 19 of 24 Kanguru Defender Elite300 Security Policy Create User of Partition: R: MAC Key of Secure (Continued...) Channel W: User Disk Password X Create User of Private Partition: R: Master Disk Password This function creates the User and associated passwords for accessing the R: MAC Key of Secure Private partition. Channel R: AES Session Key and IV W: User Disk Password W: Data Encryption/ Decryption Key of Private Partition W: Key Encryption/ Decryption Key of Private Partition W: DRBG Internal State (V and Key), Seed Material of SP 800-90 HMAC-SHA-256 DRBG X X Write Mass-Storage Data to R: MAC Key of Secure Partition This function writes data to Channel the (encrypted) partition. R: AES Session Key and IV R: Data Encryption/ Decryption Key of Private Partition X X Read Mass-Storage Data to R: MAC Key of Secure Partition: This function reads data Channel from the (encrypted) partition. R: AES Session Key and IV R: Data Encryption/ Decryption Key of Private Partition X X Write Mass-Storage Data to Private R: MAC Key of Secure Partition: This function writes data to Channel the private (encrypted) partition. R: AES Session Key and IV R: Data Encryption/ Decryption Key of Private Partition X X Read Mass-Storage Data to Private R: MAC Key of Secure Partition: This function reads data Channel from the private (encrypted) partition. R: AES Session Key and IV Page 20 of 24 Kanguru Defender Elite300 Security Policy Read Mass-Storage Data to Private R: Data Encryption/ Partition: (Continued...) Decryption Key of Private Partition X Read Mass-Storage Data from CD R: Data Encryption/ Partition: This function reads data Decryption Key of CD Area from the public CD partition. X Show Status: This function gets the N/A status from specified partition. X CD Update: This function enables R: CD Update Public Key writing of data to the CD partition. X Set CD Update Public Key: This W, R: CD Update Public function updates the 2048-bit RSA Key public key used to verify the signature of the data written to CD partition. X Start Firmware Update: This W, R: Firmware Update function enables the secure firmware Public Key update via RSA 2048 with SHA-256 digital signature verification (limited operational environment firmware load test). X Zeroize: This function zeroizes all the W: All CSPs CSPs, and puts module into un- initialized state. Exhibit 6 ­ Services Authorized for Roles, Access Rights within Services (FIPS 140-2 Table C3, Table C4) * No role means that the associated services in the Exhibit 6 are non-security relevant, unauthenticated, and can be accessed by any operator. Page 21 of 24 Kanguru Defender Elite300 Security Policy Physical Security Policy The following physical security mechanisms are implemented by the cryptographic module: · Production grade components. · Opaque tamper evident metal and plastic enclosure without any gaps or openings. · Strong adhesive materials that prevent dismantling the module without high probability of causing severe damage and visible tamper evidence. · Chips and pin connectors are coated with epoxy. The following table summarizes the actions required by the Cryptographic Officer/Master Role to ensure that physical security is maintained. Recommended Physical Inspection/Test Guidance Frequency Security Mechanisms Details of Inspection/Test Production grade components N/A N/A Opaque Upon Inspect the entire perimeter for non-removable each usage scratches, scrapes, gouges, cuts metal enclosure with and any other signs of strong adhesive materials tampering. Remove the unit from service when any such markings are found. Exhibit 7 - Inspection/Testing of Physical Security Mechanisms (FIPS 140-2 Table C5) Mitigation of Other Attacks Policy The cryptographic module has not been including the security mechanisms implemented to mitigate the attacks. Other Mitigation Specific Attacks Mechanism Limitations N/A N/A N/A Exhibit 8 - Mitigation of Other Attacks (FIPS 140-2 Table C6) Page 22 of 24 Kanguru Defender Elite300 Security Policy References · FIPS PUB 140-2 · FIPS PUB 140-2 DTR · FIPS PUB 140-2 Implementation Guidance · FIPS 197 ­ AES · FIPS 198 - HMAC · FIPS 180-4 - SHS · RSA PKCS#1 V2.1 · SP800-90A Rev.1 · SP800-132 · SP800-38E · SP800-133 Page 23 of 24 Kanguru Defender Elite300 Security Policy Appendix 1 ­ Part Number Matrix (Kanguru Defender Elite300: Hardware Version 1.0; Firmware Version: 2.10.10) Storage Part Number Capacity 4GB KDFE300-4G-Green 4GB KDFE300-4G-Black 4GB KDFE300-4G-Red 4GB KDFE300-4G-Silver 8GB KDFE300-8G-Green 8GB KDFE300-8G-Black 8GB KDFE300-8G-Red 8GB KDFE300-8G-Silver 16GB KDFE300-16G-Green 16GB KDFE300-16G-Black 16GB KDFE300-16G-Red 16GB KDFE300-16G-Silver 32GB KDFE300-32G-Green 32GB KDFE300-32G-Black 32GB KDFE300-32G-Red 32GB KDFE300-32G-Silver 64GB KDFE300-64G-Green 64GB KDFE300-64G-Black 64GB KDFE300-64G-Red 64GB KDFE300-64G-Silver 128GB KDFE300-128G-Green 128GB KDFE300-128G-Black 128GB KDFE300-128G-Red 128GB KDFE300-128G-Silver Exhibit 9 ­ Module Part Numbers Page 24 of 24