RDL-3000 and eLTE-MT FIPS 140-2 Non-Proprietary Security Policy Hardware: RDL-3000, eLTE-MT – Firmware: v3.1 April, 2016 Prepared by: Prepared for: Redline Communications Redline Communications 302 Town Centre Blvd., Markham 302 Town Centre Blvd., Markham ON L3R 0E8, CANADA. ON L3R 0E8, CANADA. t +1.905.479.8344 | f +1.905.479.5331 t +1.905.479.8344 | f +1.905.479.5331 rdlcom.com rdlcom.com © 2016. Redline Communications Inc. 1 This document may be freely reproduced and distributed whole and intact, Including this copyright notice. Table of Contents Table of Figures .................................................................................................. 2 List of Tables ....................................................................................................... 2 1.0 Introduction .............................................................................................. 4 1.1 Purpose .................................................................................................................... 4 1.2 References ............................................................................................................... 4 1.3 Document Organization........................................................................................... 4 2.0 Redline Communications RDL-3000, Elte-MT Broadband Wireless Systems5 2.1 Overview .................................................................................................................. 5 2.2 Module Interfaces.................................................................................................... 6 2.3 Roles and Services ................................................................................................... 7 Crypto-Officer Role 7 User Role 10 Authentication Mechanisms 11 2.4 Physical Security .................................................................................................... 11 2.5 Operational Environment ...................................................................................... 12 2.6 Cryptographic Key Management ........................................................................... 12 2.7 Electromagnetic Interference / Electromagnetic Compatibility ........................... 16 2.8 Self-Tests ................................................................................................................ 16 Power-up Self-Tests 16 Conditional Self-Tests 17 Critical Function Tests 17 2.9 Mitigation of Other Attacks ................................................................................... 17 3.0 Secure Operation .................................................................................... 17 3.1 Crypto-Officer Guidance ........................................................................................ 17 Initialization 18 Management 18 3.2 User Guidance........................................................................................................ 19 4.0 Acronyms ................................................................................................ 20 Table of Figures Figure 1 – Redline RDL-3000, Elte-MT Broadband Wireless Systems ..................................................................... 5 Figure 2 – Tamper-Evident Label Locations for RDL-3000 and Elte-MT ............................................................... 12 List of Tables Table 1 – Security Level Per FIPS 140-2 Section ...................................................................................................... 6 Table 2 – FIPS 140-2 Logical Interfaces ................................................................................................................... 7 Table 3 – Mapping of Crypto-Officer Role’s Services to Type of Access ................................................................. 8 © 2016. Redline Communications Inc. 2 Table 4 – Mapping of User Role’s Services to Type of Access .............................................................................. 10 Table 5 – Authentication Mechanisms Employed by the Module ........................................................................ 11 Table 6 – Certificate Numbers for Cryptographic Algorithm Implementations.................................................... 12 Table 7 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs ................................................ 14 Table 8 – Acronyms ............................................................................................................................................... 20 © 2016. Redline Communications Inc. 3 Introduction 1.0 Purpose 1.1 This is a non-proprietary Cryptographic Module Security Policy for Redline Communications RDL-3000, Elte-MT Broadband Wireless Systems (running firmware version 3.1). This Security Policy describes how the RDL-3000, Elte-MT Broadband Wireless Systems meet the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) requirements for cryptographic modules as specified in Federal Information Processing Standards Publication (FIPS) 140-2. This document also describes how to run the module in its Approved FIPS 140-2 mode of operation. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. The Redline RDL-3000, Elte-MT Broadband Wireless Systems running firmware version 3.1 is referred to in this document as the RDL-3000 and Elte-MT, the cryptographic module, or the module. References 1.2 This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: The Redline website (http://www.rdlcom.com/) contains information on the full line of products from Redline. The National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains information about the FIPS 140-2 standard and validation program. It also lists contact information for answers to technical or sales-related questions for the module. Document Organization 1.3 The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Submission Summary Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Redline Communications. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Redline and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Redline. © 2016. Redline Communications Inc. 4 Redline Communications RDL-3000, Elte-MT 2.0 Broadband Wireless Systems Overview 2.1 The RDL-3000, Elte-MT Broadband Wireless Systems by Redline Communications leverage proven orthogonal frequency-division multiplexing (OFDM) technology to deliver high-speed Ethernet throughput over wireless links. Under clear line-of-sight conditions, the RDL-3000 and Elte-MT can provide robust, long-range connectivity at distances beyond 50 kilometers. The all-Internet Protocol (IP) design of the RDL-3000 and Elte-MT deliver a seamless extension of Ethernet local area networks and wide area networks, at proven Ethernet data rates greater than 100 Mbps1. The RDL-3000 and Elte-MT provide unmatched spectral flexibility with support for several different channel sizes (3.5, 5, 7, 10 and 20 MHz2) in Point-to-Point (PTP) and Point-to-Multipoint (PMP) modes, and center frequency specification in 2.5 MHz increments. Extremely low latency in PTP (less than 4 ms3), and PMP (less than 10 ms) ensures the successful delivery of bandwidth-intensive applications such as Voice-over-IP (VoIP), real time video, teleconferencing, and SCADA. Designed for the harshest outdoor conditions, the radio receives Direct Current (DC) Power Over Ethernet (POE) from the indoor unit via standard CAT4-5 Ethernet cable. Operating over the 600MHz–5.8 GHz5 frequency bands, covering the 4.94–4.99 GHz Public Safety band, and the 5.250-5.850 FCC, ETSI ISM bands, the RDL-3000 and Elte-MT can be considered for wireless networking solutions such as public safety, first responders, government and enterprise networks, and long/short-haul digital oil field communications connectivity. Transmissions can be secured via the embedded encryption capability or via external Ethernet Inline Network Encryption (INE) devices. The lightweight RDL-3000 and Elte-MT is easy to configure and deploy. Using a standard Web browser, an operator has access to all required configuration items and statistics necessary to configure and monitor the operation of the radio. Third-party network management applications can also be utilized via the standard Simple Network Management Protocol (SNMPv3) interface. Figure 1 – Redline RDL-3000, Elte-MT Broadband Wireless Systems The RDL-3000 and Elte-MT are validated at the following FIPS 140-2 section Levels: 1 Mbps – Megabits per second 2 MHz – megahertz 3 ms – milliseconds 4 CAT – Category 5 GHz – Gigahertz © 2016. Redline Communications Inc. 5 Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 Electromagnetic Interference / Electromagnetic Compatibility (EMI/EMC) 3 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 14 Cryptographic Module Security Policy 2 Module Interfaces 2.2 The RDL-3000 and Elte-MT are of multi-chip standalone cryptographic module that meets overall Level 2 FIPS 140-2 requirements. The cryptographic boundary of the RDL-3000 and Elte-MT is defined by the aluminum case, which surrounds all the hardware and software components. Interfaces on the module can be categorized into the following FIPS 140-2 logical interfaces: Data Input Interface Data Output Interface Control Input interface Status Output Interface Power Interface Ports on the module can be categorized into the following FIPS 140-2 physical interfaces: Ethernet port (RDL-3000 and eLTE-MT enclosures) RF ports (RDL-3000 enclosure only) Buzzer (RDL-3000 and eLTE-MT enclosures) GPS port (RDL-3000 enclosure only) All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: © 2016. Redline Communications Inc. 6 Table 2 – FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface Module Port/Interface RDL-3000 Enclosure eLTE-MT Enclosure Data Input Ethernet port, RF port, GPS port Ethernet port Data Output Ethernet port, RF port Ethernet port Control Input Ethernet port, RF port, PPS Port Ethernet port Status Output Ethernet port, Buzzer Ethernet port, Buzzer Power Ethernet port Ethernet port Roles and Services 2.3 The module supports role-based authentication. There are two roles in the module that operators may assume: a Crypto-Officer role and a User role. A Crypto-Officer can create/delete/modify identities in the module and assign them access to the module based on the two available roles. Operators access the system via one of the available secure management interfaces using their assigned identity and credentials. All role-appropriate services are exposed via any of the 3 available secured management interfaces (SSH, HTTPS, or SNMPv3). The CO/User can use whichever management interface they are most comfortable with. The CO can disable any (but not all) of the management interfaces according to their preference. Crypto-Officer Role The Crypto-Officer performs administrative services for the module, such as initialization, configuration, and monitoring of the module. Before accessing the module for any administrative service, the operator must authenticate to the module. The module offers three management interfaces: Web Interface Command Line Interface (CLI) SNMPV3 The Web Interface is Redline’s proprietary web-based GUI6 that can be accessed via the local network using a web browser. The Web Interface serves as the primary management tool for the module. All Web Interface sessions with the module are protected over a secure TLS channel. Authentication of the CO requires the input of a username and password which is checked against the module’s local database. The CLI is accessed via the Ethernet port using a Secure Shell (SSH) session. Authentication of the CO on the CLI requires the input of a username and password which is checked against the modules local database. 6 GUI – Graphical User Interface © 2016. Redline Communications Inc. 7 The SNMPv3 interface is accessible using any standard SNMP client software or NMS which supports the SNMPv3 protocol. The module’s Management Information Base (MIB) files which define the structure of the interface are available on Redline’s website. Authentication of the CO via SNMPv3 requires the input of a username and password which is checked against the module’s local database. Descriptions of the services available to the Crypto-Officer role are provided in the table below. Table 3 – Mapping of Crypto-Officer Role’s Services to Type of Access Service Description CSP and Type of Access CSPs: 8+ character ASCII User Authenticate Used to login to the module using TLS or SSH protocol string, RSA/DSA 1024/2048 bit key, Access: Read CSPs: Access Graphical User Graphical User interface (HTTPS/TLS) by Interface which the CO/User accesses the remainder of RSA 2048bit key, the services HMAC SHA256 key, AES-128/256 key Access: Read/Execute CSPs: Access Command Line Command Line interface (SSH) by which the Interface CO/User access the remainder of the Diffie-Hellman 2048bit module’s services. exponent, HMAC SHA1 160bit key, AES-128/256 key Access: Read/Execute CSPs: Access SNMPv3 Interface Secured interface by which Network Management Systems access the available 11 byte static value, services 8+ character ASCII string, AES 128/256 bit CFB Access: Read/Execute CSPs: Transmit/Receive Wireless Allows received Ethernet data to be sent Data securely across the wireless link AES-128/256 CCM key, AES-128/256 Pre-shared key Access: Read/Execute Enable/Disable FIPS Mode Allows Crypto-Officer to configure the module None for FIPS Mode. Get FIPS Status Allows Crypto-Officer to view general system None identification and Configuration Settings. System Status Allows Crypto-Officer to view system, None Ethernet, and wireless statistics. System Log Allows Crypto-Officer to view the system None status messages. Configure System Allows Crypto-Officer to view and adjust None configuration system, IP address, management, and wireless settings. © 2016. Redline Communications Inc. 8 Service Description CSP and Type of Access Link Summary Allows users to view the current status of None wireless link conditions (e.g. signal strength, signal quality, wireless packet errors, etc.) CSPs: RSA 2048 bit key Upload Firmware Allows Crypto-Officer to upload new software Access: Read/Execute binary file CSPs: 8+ character ASCII Add/Delete Users Allows Crypto-Officer to add/delete users string Access: Read/Write CSPs: 8+ character ASCII Change Password Modify existing login passwords string Access: Read/Write Spectrum Sweep Allows Crypto-Officer to scan radio None frequencies to detect additional RF sources which could be a source of interference Zeroize Zeroize all keys and CSPs CSPs: All CSPs listed in table 7 as zeroized “by zeroize command” Access: Write Clear Clears frequency list and log messages None Del Deletes keys/certificates CSPs: ECDSA P-384 key Access: Write Freq Used to enter the frequency ranges for None autoscan and dynamic frequency selection Generate Creates new keys for use with SSH, TLS, and CSPs: AES CFB Key, SNMPv3 RSA/DSA KeyPair, All DRBG-associated CSPs Access: Write Get Displays statistic and parameter values None Load Cert Loads new certificates CSPs: ECDSA P-384 key Access: Write Load Script Loads a script for backup/restore None Ping Ping utility None Reboot Restarts the module. Also initiates power-up None self-test. Reset Statistics Resets the statistical values stored in the None module Save Saves the selected configuration settings None Export Script Generates and outputs a config script None Set Displays system parameter values and allows None modification to the displayed values Show Displays configuration and additional system None compound objects Test Config Allows configuration changes to be run for a None five minute test period © 2016. Redline Communications Inc. 9 Service Description CSP and Type of Access Power-up self-test Executes a series of Known-Answer-Tests CSPs: All Cryptographic against all certified cryptographic algorithms components listed in in the module. See section 2.8 for more section 2.8 under “Power- details. This service is executed automatically up Self Tests” on module startup, and can be executed by Access: Read/Write issuing a reboot command to the module. User Role The User has the ability to view general status information about the module, and utilize the module’s data transmitting functionalities via the Ethernet port. Descriptions of the services available to the User role are provided in the table below. Table 4 – Mapping of User Role’s Services to Type of Access Service Description CSP and Type of Access Used to login to the module using TLS or SSH CSPs: 8+ character ASCII User Authenticate protocol string, RSA/DSA 1024/2048 bit key, Access: Read CSPs: Access Graphical User Graphical User interface (HTTPS/TLS) by Interface which the CO/User accesses the remainder of RSA 2048bit key, the services HMAC SHA256 key, AES-128/256 key Access: Read/Execute CSPs: Access Command Line Command Line interface (SSH) by which the Interface CO/User access the remainder of the Diffie-Hellman 2048bit module’s services. exponent, HMAC SHA1 160bit key, AES-128/256 key Access: Read/Execute CSPs: Access SNMPv3 Interface Secured interface by which Network Management Systems access the available 11 byte static value, services 8+ character ASCII string, AES 128/256 bit CFB Access: Read/Execute CSPs: Transmit/Receive Wireless Allows received Ethernet data to be sent Data securely across the wireless link AES-128/256 CCM key, AES-128/256 Pre-shared key Access: Read/Execute Authenticate Used to login to the module using TLS or SSH CSPs: 8+ character ASCII protocol string Access: Read General Information Allows Users to view general system None identification and Configuration Settings. Link Summary Allows users to view the current status of None wireless link conditions (e.g. signal strength, signal quality, wireless packet errors, etc.) © 2016. Redline Communications Inc. 10 Service Description CSP and Type of Access System Status Allows Users to view system, Ethernet, and None wireless statistics. System Log Allows Users to view the system status None messages. Change Password Allows Users to change login password CSPs: 8+ character ASCII string Access: Read/Write Authentication Mechanisms The module employs the following authentication methods to authenticate Crypto-Officers and Users. Table 5 – Authentication Mechanisms Employed by the Module Type of Authentication Authentication Strength Password Passwords are required to be at least 8 characters long. Alphabetic (uppercase and lowercase), numeric, and special characters can be used, which gives a total of 94 characters to choose from. With the possibility of repeating characters, the chance of a random attempt falsely succeeding is 1 in 8 94 , or 1 in 6,095,689,385,410,816. The module forces a 1 second pause between failed login attempts. This means that in a 60-second period a maximum of 60 attempts can be made, making the chances of a random attempt falsely succeeding 1 in 101,594,823,090,180. This is well below the required 1 in 100,000 maximum. Certificate The minimum size certificate used by the module in an approved mode of operation is 2048 bits, which provides 112 bits of security. The probability of a random attempt falsely 112 33 succeeding is 1 in 2 , or 1 in 5.19229 x 10 . Two modules exchange certificates for device authentication once every wireless registration attempt. The minimum possible time between registration attempts is 500 milliseconds, resulting in a maximum of 120 registration attempts in a 60-second period. This makes the chances of a random attempt falsely 33 succeeding 1 in 5.19229 x 10 divided by 120, or 1 in 31 4.32691 x 10 . This is well below the required 1 in 100,000 maximum. Physical Security 2.4 The Redline RDL-3000 and Elte-MT are both multi-chip standalone cryptographic modules. The module is enclosed in a weatherproof aluminum alloy case, which is defined as the cryptographic boundary of the module. The module’s enclosure is opaque within the visible spectrum. The module’s enclosure is sealed using two (2) tamper-evident labels, which prevent the case covers from being removed without signs of tampering. Tamper-evident labels are applied at the factory. It is the responsibility of the Crypto-Officer to ensure that all tamper-evident labels are properly placed on the module before use. The location of the © 2016. Redline Communications Inc. 11 tamper-evident labels is indicated with the red circles in Figure 2 below. The CO is responsible for the yearly inspection of the integrity of these seals. If CO suspects that the integrity of either of the seals has been compromised, then the module should be immediately decommissioned and returned to Redline for inspection. Figure 2 – Tamper-Evident Label Locations for RDL-3000 and Elte-MT Operational Environment 2.5 The module does not provide a general purpose operating system nor does it allow operators to load untrusted software. The operating system (OS) employed by the modules is referred to as Wind River VxWorks version 6.9 OS. The OS is not modifiable by the operators of the modules, and only the modules’ custom written image can be run in the system. The modules provide a method to update the firmware in the module with a new version. This method involves uploading a digitally signed firmware update to the module. The VxWorks operating system and firmware-implemented cryptographic functions are executed on a Cavium Networks ECONA CNS3411 (ARMv6) SoC. Cryptographic Key Management 2.6 The module implements the FIPS-approved algorithms shown in Table 6 below. Table 6 – Certificate Numbers for Cryptographic Algorithm Implementations Approved Functions Algorithm Implementation Certificate # Symmetric Key Algorithm Advanced Encryption Standard (AES) Hardware Implementation: #3469 7 8 128-, 256-bit in ECB and CCM modes Advanced Encryption Standard (AES) Management Implementation: #3472 9 10 128-, 256-bit in CBC /CFB mode, 11 256-bit in CTR mode 7 ECB – Electronic Codebook 8 CCM – Counter with CBC-MAC 9 CBC – Cipher-Block Chaining 10 CFB – Cipher Feedback © 2016. Redline Communications Inc. 12 Approved Functions Algorithm Implementation Certificate # Secure Hashing Algorithm (SHA) SHA-1, SHA-256, SHA-384 Management Implementation: #2866 SHA-384 ECDSA Implementation: #2867 12 Message Authentication Code HMAC using SHA-1, SHA-256, SHA- Management Implementation: #2216 (MAC) Function 384 HMAC using SHA-384 ECDSA Implementation: #2217 13 14 Deterministic Random Bit NIST SP 800-90A DRBG : Hash Management Implementation: #854 Generator (DRBG) SHA-1 and Hash SHA-256 Key Derivation Function TLS, SSH, SNMPv3 KDF Management Implementation: #541 Key Agreement Scheme Full MQV KAS Implementation: #63 15 16 Asymmetric Key Algorithm RSA PKCS #1 v1.5 Management Implementation: #1780 SigGen 2048-bit w/ SHA256 SigVer 1024/2048-bit w/ SHA1/SHA256 DSA SigGen 2048-bit w/ SHA256 Management Implementation: #981 KeyPairGen 2048-bit SigVer 1024/2048-bit w/ SHA1/SHA256 ECDSA – P-384 curve ECDSA Implementation: #703 The module implements network protocols which make use of KDFs that are listed in NIST SP 800- 135rev1. The KDF algorithms have been tested, validated, and assigned certificate #541 (see above). The testing of protocols is beyond the scope of FIPS 140-2. Thus, the following protocols have not been reviewed or tested by either CAVP or CMVP: TLS • SSH • SNMPv3 • The module implements the following non-FIPS-approved algorithms which are allowed for use in FIPS mode: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) NDRNG 11 CTR – Counter Mode 12 HMAC – Hash Message Authentication Code 13 NIST – National Institute of Standards and Technology 14 DRBG – Deterministic Random Bit Generator 15 RSA – Rivest, Shamir, and Adleman 16 PKCS – Public Key Cryptography Standard © 2016. Redline Communications Inc. 13 The module implements a Non-deterministic Random Number Generator (NDRNG) which is capable of providing a minimum of 256 bits of entropy. This NDRNG is entirely contained within the module’s cryptographic boundary, is used for all key generation in the system, and operates in a blocking manner. The module supports the following critical security parameters: Table 7 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Generation / Key Key Type Output Storage Zeroization Use Input SNMPv3 AES 128, Internally Never exits Stored in Upon reboot Provides secured Session Key 256-bit CFB generated the module volatile or session channel for SNMPv3 key memory termination management. SNMPv3 Minimum 8- Entered in Never exits Stored in By zeroize Authentication for Password character plaintext the module non-volatile command remote client 17 ASCII memory communication with string the module via SNMPv3 SNMPv3 11-byte value Internally Output in Stored in Not Uniquely identifies the Engine ID unique to generated plaintext (not volatile applicable module’s SNMPv3 each module: a secret) memory (module- agent for use in SNMP-OID + specific communication with MAC-ADDR runtime remote SNMPv3 identifier) clients Pre-shared Key AES 128-, Internally Never exits Stored in By Zeroize Provides confidentiality 256-bit key generated the module non-volatile command of data over PTP radio memory. channel Authentication RSA 1024 – DSA keys are Public key Stored in By Zeroize Peer Authentication of public/private 2048 bit keys Internally exported non-volatile command, or SSH/TLS sessions keys or DSA 1024 generated and electronically memory by – 2048 bit RSA keys are in plaintext via termination keys externally Ethernet port of session, or generated and by module imported in reboot certificate form Peer RSA/DSA RSA/DSA Imported Never exits Stored in Upon reboot Peer Authentication for public keys 1024-, 2048- electronically the module volatile or session SSH and TLS sessions bit keys during memory termination handshake protocol Local ECDSA P- Internally Public key Stored in By Zeroize Establish trusted point public/private 384 key, generate exported non-volatile command in peer entity keys using FIPS electronically memory. 186-4 B.4.1 in plaintext via (extra wireless port; random bits) private component not exported 17 ASCII – American Standard Code for Information Interchange © 2016. Redline Communications Inc. 14 Generation / Key Key Type Output Storage Zeroization Use Input SSH Key Diffie- Internally Public Stored in Upon reboot Key Agreement Hellman generated exponent volatile or session exchange/agreement keys 2048-bit electronically memory termination for SSH sessions exponents in plaintext; private component not exported TLS Key RSA 2048-bit Externally Public key Stored in Upon reboot Key Agreement key generated electronically volatile or session exchange/agreement Keys in plaintext; memory termination for TLS sessions private key not exported TLS Session HMAC Internally Never exits Stored in Upon reboot Data authentication for Authentication SHA256 256- generated the module volatile or session TLS sessions Key bit key memory termination TLS Session AES-128, Internally Never exits Stored in Upon reboot Data encryption for Key AES-256 generated the module volatile or session TLS sessions memory termination SSH Session HMAC SHA1 Internally Never exits Stored in Upon reboot Data authentication for Authentication 160-bit key generated the module volatile or session SSH sessions Key memory termination SSH Session AES-128, Internally Never exits Stored in Upon reboot Data encryption for Key AES-256 generated the module volatile or session SSH sessions memory termination Redline RSA 2048-bit Externally Never exits Stored in Not Verifies the signature Firmware public key generated and the module non-volatile applicable associated with a Update Public hard coded in memory broadband radio Key the image (hardcoded) firmware update package Administrator Minimum 8- Entered in Never exits Stored in By Zeroize Authentication for Passwords character plaintext the module non-volatile command administrator login ASCII string memory in plaintext User Minimum 8- Entered in Never exits Stored in By Zeroize Authentication for user Passwords character plaintext the module non-volatile command login ASCII string memory in plaintext NIST SP 800- 256-bit Internally Never exits Generated Upon reboot, Used during FIPS- 90A DRBG random generated the module after reset. and also approved random seed value Stored in overwritten number generation volatile (as a circular memory buffer) by random value Entropy Input 256-bit value Internally Never exits Stored in Upon reboot, Random number String generated the module volatile and upon generation using DRBG memory each use © 2016. Redline Communications Inc. 15 Generation / Key Key Type Output Storage Zeroization Use Input AES CCM Key AES 128- Internally Encrypted via Stored in Upon reboot, Used for and 256-bit generated AES for volatile or zeroize cryptographically keys wireless memory command securing wireless transmission communications using between connected ECDSA- modules. derived shared secret DRBG ‘C’ DRBG Internally Never exits Stored in Upon reboot, Intermediate value Value intermediate generated the module volatile or upon used in DRBG C-value: 440 memory DRBG reset bits DRBG ‘V’ DRBG Internally Never exits Stored in Upon reboot, Intermediate value Value intermediate generated the module volatile or upon used in DRBG V-value: 440 memory DRBG reset bits Electromagnetic Interference / Electromagnetic Compatibility 2.7 The Redline RDL-3000 and Elte-MT was tested and found to be conformant to the Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) requirements specified by Federal Communications Commission CFR18 47, Parts 2 and 90 (Subpart Y) – Regulations Governing Licensing and Use of Frequencies in the 4940-4990 MHz Range, Federal Communications Commission CFR 47, Parts 15- Regulations Governing Use of Frequencies in the 5470-5725 and 5725-5850 MHz Range. Compliance with these regulations meets FIPS Level 3 requirements for EMI/EMC. Self-Tests 2.8 Power-up Self-Tests The RDL-3000 and Elte-MT perform the following self-tests at power-up: Firmware integrity check using an Error Detection Code (16 bit CRC19) • AES Encryption KAT20 (Firmware) • AES Decryption KAT (Firmware) • AES Encryption KAT (Hardware) • AES Decryption KAT (Hardware) • DSA Signature Generation PCT21 using 2048-bit key • DSA Signature Verification PCT using 1024, 2048-bit keys • ECDSA Signature Generation PCT using P-384 curves • ECDSA Signature Verification PCT using P-384 curves • 18 CFR – Code of Federal Regulations 19 CRC – Cyclic Redundancy Check 20 KAT – Known Answer Test 21 PCT – Pairwise Consistency Test © 2016. Redline Communications Inc. 16 HMAC KAT (SHA-1, SHA-256, SHA-384) • SHS KAT (SHA-1, SHA-256, SHA-384) • NIST SP 800-90A Hash Based DRBG KAT • RSA Signature Generation KAT using 2048-bit key • RSA Signature Verification KAT using 1024, 2048-bit keys • If any of the power-up tests fail, the module enters into a critical error state. An error message is logged in the System Log and highlighted in both the GUI and CLI for the Crypto-Officer to review. A CO must perform actions to clear the error state. Conditional Self-Tests The RDL-3000 and Elte-MT also perform the following conditional self-tests: Continuous Random Number Generator Test (CRNGT) for the SP 800-90A Hash_Based_DRBG CRNGT for the Non-Deterministic Random Number Generator (NDRNG) ECDSA PCT for key pair generation DSA PCT for key pair generation Firmware Load Test using RSA Signature Verification Critical Function Tests The RDL-3000 and eLTE-MT also perform the following critical function self-tests: SP 800-90A Hash_Based_DRBG Instantiate Health Test • SP 800-90A Hash_Based_DRBG Generate Health Test • SP 800-90A Hash_Based_DRBG Reseed Health Test • Mitigation of Other Attacks 2.9 In a FIPS Mode of operation, the module does not claim to mitigate any additional attacks. Secure Operation 3.0 The RDL-3000 and Elte-MT meet the Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. Crypto-Officer Guidance 3.1 The Crypto-Officer is responsible for the initialization and management of the module. Please view the RDL-3000 and Elte-MT User Manual for additional information on configuring and maintaining the module. The Crypto-Officer can receive the module from the vendor via trusted delivery couriers © 2016. Redline Communications Inc. 17 including UPS, FedEx, and Roadway. The Crypto-Officer can also arrange for pick up directly from Redline. Upon receipt of the module the Crypto-Officer should check the package for any irregular tears or openings. Upon opening the package the Crypto-Officer should inspect the tamper-evident labels which cover the screws at each side of the module. If the Crypto-Officer suspects tampering, he/she should immediately contact Redline. Initialization The Crypto-Officer is responsible for the Initialization of the module through the Web Interface or CLI. Please refer to the RDL-3000 Family User Manual for information on accessing the system’s management interfaces. The Crypto-Officer must login to the module using the default username and password. Once initial authentication has completed, the Crypto-Officer must setup all Crypto-Officer and User accounts passwords (eight characters minimum) and verify via the System Configuration window that the module has the appropriate licensing installed. Once properly licensed, the module will enable the activation of Secure Mode. If Secure Mode is disabled, the Crypto-Officer can enable it by performing the following steps: 1. Change the default Crypto-Officer password and default User password Set Secure Mode to Enabled 2. 3. This will cause the module to disable any non-FIPS compliant interfaces and algorithms 4. Reboot When in Secure Mode (assuming the proper licensing is installed), if the module is running the latest FIPS-certified firmware and all algorithmic self-tests have passed, the module will be operating in FIPS Mode. This will be indicated by a FIPS flag (specifically, the word “Secured”) in the CLI and GUI banners, as well as a FIPS Certification field in the module’s status page. The Crypto-Officer must ensure that the module’s cryptographic keys and CSPs are reinitialized any time the module’s Secure Mode operational status is uncertain (e.g. upon first delivery of the module, or after Secure Mode has been disabled for any reason). This is done using the “zeroize” and “load certs” services listed in table 3. This operation should be done in a secure and trusted environment. If Secure Mode has been enabled, but FIPS Mode is not indicated, the CO should verify: • That the module is running a specifically FIPS-certified version of firmware • That the module has licensing installed which has FIPS-certification activated Management The Crypto-Officer is able to configure and monitor the module via the Web Interface over TLS and CLI over SSH. The Crypto-Officer should check the System Status and System Logs frequently for errors. If the same errors reoccur or the module ceases to function normally, then Redline customer support should be contacted. © 2016. Redline Communications Inc. 18 User Guidance 3.2 The User role is able to access the module over the Ethernet port and perform basic services including: viewing general system status information and changing their own password. A list of commands available to the User role is found in Table 4. © 2016. Redline Communications Inc. 19 Acronyms 4.0 This section defines the acronyms used throughout this document. Table 8 – Acronyms Acronym Definition AES Advanced Encryption Standard ASCII American Standard Code for Information Interchange CAT Category CBC Cipher-Block Chaining CCM Counter with CBC-MAC CFB Cipher Feedback CFR Code of Federal Regulations CLI Command Line Interface CM Configuration Management CMVP Cryptographic Module Validation Program CO Crypto-Officer CRC Cyclic Redundancy Check CSE Communications Security Establishment CSP Critical Security Parameter CTR Counter (“CTR Mode”) DC Direct Current DES Digital Encryption Standard DH Diffie-Hellman DRBG Deterministic Random Bit Generator DSA Digital Signature Algorithm ECB Electronic Codebook EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communications Commission FIPS Federal Information Processing Standard GHz Gigahertz GUI Graphical User Interface HMAC (Keyed-) Hash Message Authentication Code HTTP Hypertext Transfer Protocol HTTPS Secure Hypertext Transfer Protocol © 2016. Redline Communications Inc. 20 Acronym Definition ID Identification IP Internet Protocol KAT Known Answer Test MAC Message Authentication Code Mbps Megabits per second MHz Megahertz Ms Milliseconds NIST National Institute of Standards and Technology OFDM Orthogonal Frequency-Division Multiplexing OS Operating System PKCS Public Key Cryptography Standard PMP Point-to-Multipoint POE Power Over Ethernet PTP Point-to-Point RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Socket Layer TLS Transport Layer Security © 2016. Redline Communications Inc. 21