Ribcage 1100 and 2800 BACKBONE SECURITY.COM, INC. FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Date: 6/4/2004 Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 1 of 11 Title: FIPS 140-2 Non Proprietary Security Policy Table of Contents 1. Introduction................................................................................................................. 3 2. Abbreviations and Definitions ................................................................................... 4 3. Identification and Authentication Policy .................................................................. 4 Ribcage Roles and Authentication ............................................................................. 4 4. Access Control Policy ................................................................................................. 5 Crypto Officer Services Provided by Ribcage ........................................................... 5 User Services Provided by Ribcage........................................................................... 7 Module Ports and Interfaces...................................................................................... 7 Cryptographic Keys and CSPs of Ribcage ................................................................ 8 Cryptographic Algorithms of Ribcage ....................................................................... 9 5. Physical Security Policy............................................................................................ 10 Physical Security Mechanisms................................................................................. 10 6. Mitigation of Other Attacks Policy ......................................................................... 11 7. Self-Tests.................................................................................................................... 11 8. FIPS Initialization and FIPS-140 Mode Operational Policy................................. 11 Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 2 of 11 Title: FIPS 140-2 Non Proprietary Security Policy 1. Introduction This is a non-proprietary FIPS PUB 140-2 Security Policy for the Ribcage 1100, software revision 2.2 FIPS, hardware revision 3.0 and Ribcage 2800, software revision 2.2 FIPS, hardware revision 3.0. The Ribcage 1100 and Ribcage 2800 are multiple-chip standalone cryptographic modules, which meet security FIPS 140-2 Level 2 requirements. The cryptographic boundary of the Ribcage 1100 and Ribcage 2800 is the metal enclosure of the unit. The Ribcage 1100 and Ribcage 2800 are functionally identical, and differ only in speed and performance. For purposes of this document, both devices will be collectively referred to as the "Ribcage" or the "module". More information on the Ribcage is available from the Backbone Security.com website at http://www.backbonesecurity.com This Security Policy describes how the Ribcage meets the Level 2 security requirements as specified in FIPS PUB 140-2. Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 3 of 11 Title: FIPS 140-2 Non Proprietary Security Policy 2. Abbreviations and Definitions 3DES ­ Triple DES (Data Encryption Standard) AES ­ Advanced Encryption Standard CLI ­ Command Line Interface CRC32 ­ Cyclic Redundancy Check (32-bit) CSP ­ Critical Security Parameter DES ­ Data Encryption Standard ESP ­ Encapsulating Security Payload FIPS ­ Federal Information Processing Standard HMAC ­ Hashed Message Authentication Code IPSec ­ Internet Protocol Security PKCS ­ Public Key Cryptography Standards PRNG ­ Pseudo-Random Number Generator PUB ­ Publication RSA ­ Rivest, Shamir, Adleman SHA ­ Secure Hash Algorithm SSH ­ Secure Shell 3. Identification and Authentication Policy Ribcage Roles and Authentication The Ribcage supports two authorized roles for operators: a User role and a Crypto Officer role. All roles in the module use role-based authentication. Initial Crypto Officer authentication to the module is controlled by a factory default password. The User role is represented by data streams that are authenticated on a per-packet basis. For data arriving on the private network side, the source and destination IP addresses of each packet are compared with the enabled channels as configured by the Crypto Officer. For data arriving on the public network side, the IPSec-secured packets are authenticated using HMAC-SHA-1 and then are compared with the configured channel list. The Crypto Officer role allows an operator to perform administrative functions such as initialize the module, input or generate cryptographic keys and CSPs, and perform auditing. Crypto Officer functionality is provided via the Ribcage Command Line Interface (CLI) either through SSH or through a serial console connection. The Crypto Officer role is protected with a password that must be entered whenever an operator wants to assume the role of Crypto Officer. To remain in FIPS mode (see Section 8), the Crypto Officer password must have a length of at least six printable ASCII characters, and must not be a dictionary word. The Ribcage will notify the operator if an attempt is made to choose a new password which violates these rules. Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 4 of 11 Title: FIPS 140-2 Non Proprietary Security Policy 4. Access Control Policy The Ribcage allows access to Crypto-Officer functionality, and subsequently read/write access to the keys and CSPs in the device, via the Ribcage Command Line Interface (CLI) through SSH or a serial console connection. An operator must authenticate to the Crypto Officer role to use the CLI. The User role of the Ribcage provides access to the IPSec services of the module through the Ethernet ports. Crypto Officer Services Provided by Ribcage Services Description Input Output Keys/CSPs Access Login An operator can authenticate to the "root" account Crypto Read CO Crypto Officer role. name and CO Officer role password password authentication Encryption/ Crypto Officer data is encrypted and SSH and CO CLI prompt Read/write Decryption decrypted using 3DES as defined by authentication PRNG seed the SSH protocol when accessing data key, and all Crypto Officer services through the SSH keys and Ethernet ports. key parameters Define The Crypto Officer can define the Commands and Application of Security rules for encrypted traffic flow in configuration configuration Policy and addition to general system files settings System configuration. Configuration Set/Unset The Crypto Officer can configure "fips enable" Configuration FIPS Mode the unit to operate in FIPS mode. or "fips of FIPS mode disable" CLI commands Show Status The Crypto Officer can have the "fips FIPS status of module report back its FIPS-related showstatus" module status. CLI command Zeroize Keys The Crypto Officer can have the "fips Zeroization of Delete all keys module zeroize all cryptographic zeroize" CLI all keys and and CSPs keys and CSPs (except the CO command CSPs password ­ see Change Password). Self Tests The Crypto Officer can initiate self- "fips Status of self- tests and view the results. selftest" CLI tests command Help The Crypto Officer can get general "help" CLI A listing off help or help on a specific CLI command all available command CLI command or context- specific help Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 5 of 11 Title: FIPS 140-2 Non Proprietary Security Policy Services Description Input Output Keys/CSPs Access Change The Crypto Officer can change the "passwd" CLI CO password Delete old CO Password CO password command changed password and write new CO password System The Crypto Officer can configure "ethconfig" Results of Network the network adapters and network "gateway" and CLI Configuration settings for the module. "iface" CLI commands commands Edit Edit raw configuration data of "editconf" Editing Configuration module CLI command interface for File configuration file Apply The Crypto Officer can have the "rcparse" CLI Results of Settings module parse its configuration file command CLI command and apply all settings. Modify IPSec The Crypto Officer can modify the "vpn" CLI Results of Read/write Subsystem IPSec subsystem by adding command CLI command PRNG seed connections, removing connections, key, IPSec IKE and listing live or listening keys, shared- connections secrets and client RSA public keys. Write IPSec ESP keys Start/Stop/ The Crypto Officer can start, stop, or "start", Results of Restart restart services running on the "stop", or CLI Services module "restart" CLI commands commands Network The Crypto Officer can run various "ping", Results of Utilities network utilities to check for "traceroute", CLI network connectivity and "route", commands configuration of networking "firewall" CLI commands Log The Crypto Officer can perform "log" CLI Results of Read/delete Maintenance various maintenance operations on command CLI command system logs the log files, such as viewing and clearing Reset Unit to The Crypto Officer can reset the "resetribcage Results of Delete all keys Factory- module to its factory-default settings " command CLI command and CSPs Default Settings Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 6 of 11 Title: FIPS 140-2 Non Proprietary Security Policy Services Description Input Output Keys/CSPs Access Shutdown The Crypto Office can shut the "poweroff" The module Module module down. CLI command begins the shutdown process Restart The Crypto Officer can restart the "reboot" CLI The module module module command begins the reboot process User Services Provided by Ribcage Services Description Input Output Keys/CSPs Access IPSec Data sent by a User is secured as IPSec inputs IPSec outputs Read IPSec defined by the IPSec standard using and data and data ESP keys 3DES or AES encryption/decryption (HMAC and and HMAC-SHA1 authentication. secret keys) Module Ports and Interfaces Physical Port Logical Interface "Public" Ethernet Port Data Input, Data Output "Private" Ethernet Port Data Input, Data Output, Control Input, Status Output Serial "Console" Port Control Input, Status Output Front Panel Green LED Status Output (Module Power) Front Panel Yellow LEDs Status Output (Ethernet Port Activity) Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 7 of 11 Title: FIPS 140-2 Non Proprietary Security Policy Cryptographic Keys and CSPs of Ribcage The Ribcage uses the following cryptographic keys and other CSPs: Key or CSP Description Source/Storage IPSec RSA Key Pair The Ribcage uses an RSA key pair for Internally generated and stored authentication during the IKE protocol. on hard disk IPSec Diffie Hellman The Ribcage uses Diffie Hellman for key Internally generated and stored Key Parameters agreement during the IKE protocol. on system SDRAM SSH RSA Key Pair The Ribcage uses an RSA key pair for Internally generated and stored authentication during the SSH protocol. on hard disk SSH Diffie Hellman The Ribcage uses Diffie Hellman for key Internally generated and stored Key Parameters agreement during the SSH protocol. on system SDRAM Client RSA Public The Ribcage can input the RSA public keys Electronically input and stored Keys of IPSec clients for authentication during on hard disk the IKE protocol. IPSec Shared-Secrets The Ribcage can input "shared-secrets" Electronically input and stored (passphrases) for authentication during the on hard disk IKE protocol. IPSec Secret Keys The Ribcage uses secret keys (AES or Diffie Hellman key agreement 3DES) for data confidentiality during the and stored on system SDRAM IPSec IKE and ESP protocols. IPSec HMAC Keys The Ribcage uses HMAC keys (HMAC- Diffie Hellman key agreement SHA-1) for data integrity during the IPSec and stored on system SDRAM IKE and ESP protocols. SSH Secret Keys The Ribcage uses secret keys (3DES) for Diffie Hellman key agreement data confidentiality during the SSH and stored on system SDRAM protocol. SSH HMAC Keys The Ribcage uses HMAC keys (HMAC- Diffie Hellman key agreement SHA-1) for data integrity during the SSH and stored on system SDRAM protocol. PRNG seed key The Ribcage uses the PRNG specified in Internally generated and stored FIPS 186-2, Appendix 3.2. on hard disk Crypto Officer The Ribcage's Crypto Officer role is Manually or electronically input Password protected by a password. and stored on hard disk Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 8 of 11 Title: FIPS 140-2 Non Proprietary Security Policy Cryptographic Algorithms of Ribcage The Ribcage supports the following FIPS-approved algorithms: 3DES (FIPS 46-3) ­ Certificate Number 208 AES (FIPS 197) ­ Certificate Number 94 SHA-1 (FIPS 180-2) ­ Certificate Number 184 HMAC-SHA-1 (FIPS 198) ­ Certificate Number 184, vendor affirmed RSA ­ PKCS#1, vendor affirmed The Ribcage also supports the use of the Diffie-Hellman key agreement algorithm in FIPS mode. The Ribcage contains the following algorithms which cannot be used in FIPS mode: HMAC-SHA-256 HMAC-SHA-512 HMAC-MD5 Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 9 of 11 Title: FIPS 140-2 Non Proprietary Security Policy 5. Physical Security Policy Physical Security Mechanisms The Ribcage is a multi-chip standalone module. The module consists of production-grade components, which include standard passivation techniques. The Ribcage is encased in a metal enclosure, which is fastened together by screws. There are two tamper-evident seals applied to opposite sides of the removable cover, which will indicate whether the enclosure has been opened. Close-up of tamper-evident seal Top-view of Ribcage indicating locations of seals. Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 10 of 11 Title: FIPS 140-2 Non Proprietary Security Policy 6. Mitigation of Other Attacks Policy The Ribcage does not specifically mitigate any other attacks. 7. Self-Tests The Ribcage performs the following self-tests on startup or on-demand if requested by the Crypto Officer: · 3DES Known Answer Test · AES Known Answer Test · HMAC-SHA-1 and RSA Known Answer Test · PRNG Known Answer Test · CRC32 File Integrity Test In addition, an RSA pair-wise consistency test is performed whenever an RSA key pair is generated, and the PRNG implements a continuous RNG test which runs as random data is generated. 8. FIPS Initialization and FIPS Mode Operational Policy To ensure that the Ribcage hardware has not been tampered with, the tamper- evident seals should be inspected periodically. See pictures in "Physical Security Policy" section for specific locations of seals. When initializing the Ribcage for FIPS-compliant operational use, the Crypto Officer shall place the module into FIPS mode. To check the status of FIPS mode, the "fips showstatus" CLI command is used. If not enabled, FIPS mode is set by invoking the "fips enable" CLI command. The Crypto Officer shall change the default Crypto Officer password to a new FIPS-compliant password which meets all password rules (see Section 3) ­ the password must be at least six printable ASCII characters and must not be a dictionary word. To operate the Ribcage in FIPS mode, the Crypto Officer shall also: Select the 3DES or AES algorithm for IPSec services Select the HMAC-SHA-1 algorithm for IPSec services Contact: Marc Kurtz Date Last Document Number: Rev #:2 Page: Filename: RC0001 - Ribcage FIPS 140 2 Security Policy_August Modified: RC0001 12.doc 8/13/2004 11 of 11 Title: FIPS 140-2 Non Proprietary Security Policy