TriCipher, Inc. TriCipher Armored Credential SystemTM (Hardware Version: 1000; 2000; Firmware Version: 3.1) FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Version 0.09 January 31, 2007 © 2007 TRICIPHER This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. INTRODUCTION......................................................................................................... 3 1.1 PURPOSE ................................................................................................................. 3 1.2 REFERENCES ........................................................................................................... 3 1.3 DOCUMENT ORGANIZATION........................................................................................ 3 2. TRICIPHER ARMORED CREDENTIAL SYSTEM...................................................... 5 2.1 OVERVIEW................................................................................................................ 5 2.2 TACS SPECIFICATION ............................................................................................... 9 2.3 TACS INTERFACES ................................................................................................... 9 2.4 ROLES AND SERVICES ............................................................................................. 12 2.4.1 Crypto Officer Role (Identification and Authentication, Access Control)......... 12 2.4.2 User Role (Identification and Authentication, Access Control) ....................... 18 2.4.3 Authentication Mechanisms (Identification and Authentication, Access Control) 19 2.5 PHYSICAL SECURITY ............................................................................................... 20 2.6 OPERATIONAL ENVIRONMENT................................................................................... 22 2.7 CRYPTOGRAPHIC KEY MANAGEMENT........................................................................ 23 2.8 SELF-TESTS ........................................................................................................... 31 2.9 DESIGN ASSURANCE ............................................................................................... 32 2.10 MITIGATION OF OTHER ATTACKS ............................................................................ 32 3. SECURE OPERATION ............................................................................................. 33 3.1 CRYPTO-OFFICER GUIDANCE................................................................................... 33 3.1.1 Initial setup ..................................................................................................... 33 3.1.2 Initialization..................................................................................................... 35 3.1.3 Management .................................................................................................. 44 3.1.4 Zeroization...................................................................................................... 45 3.2 USER GUIDANCE ..................................................................................................... 46 4. ACRONYMS ............................................................................................................. 47 © 2007 TRICIPHER www.TriCipher.com Page 2 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 1. Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the TriCipher Armored Credential SystemTM (TACS) from TriCipher, Inc. This Security Policy describes how the TACS 1000 and 2000 firmware version 3.1, build 255 meets the security requirements of FIPS 140-2 and how to run the TACS in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the TACS. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/cryptval/. The TACS 1000 and 2000 are referred to in this document as TACS, the Appliance, or the modules. 1.2 References This document deals only with operations and capabilities of the TACS in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The TriCipher website (http://www.tricipher.com) contains information on the full line of products from TriCipher. · The CMVP website (http://csrc.nist.gov/cryptval) contains contact information for answers to technical- or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to TriCipher. With © 2007 TRICIPHER www.TriCipher.com Page 3 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to TriCipher and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact TriCipher. © 2007 TRICIPHER www.TriCipher.com Page 4 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 2. TRICIPHER ARMORED CREDENTIAL SYSTEM 2.1 Overview Businesses and government agencies need a way to protect identity information and to perform secure authentication, and the TriCipher Armored Credential System provides the solution. Weak authentication, and inadequately protected identity data in on-line services are resulting in increasing instances of fraud. Organizations suffer reputational and financial losses and consumers loose confidence in on-line services. Organized criminal activity has just about started to move on-line, but is growing very fast. New attack vectors such as phishing have rapidly gained prominence in a matter of a few months. It is impossible to predict the nature of attack activity in 2006, let alone in 2007, 2008, and so on. Enterprises are faced with uncertainty about the nature of real cyberattacks, yet must make funding decisions today on how to improve their existing authentication infrastructure. Therefore solutions that allow adjustment of credential strength as needed are gaining prominence. Most organizations require high-grade multi-factor authentication for their high-end users, yet few can justify the high cost for all their users. Flexible multi-factor authentication enables organizations to issue the appropriate grade of credential for each user class from a single reusable infrastructure, and make adjustments as needed. The TriCipher Armored Credential SystemTM (TACS) provides a single platform that can issue and support a flexible range of credentials from a single infrastructure. The only system of its kind, the TACS Vault can be used to issue authentication credentials of many different types and can also serve as a vault for identity data (or encryption keys), providing a comprehensive solution to the problems of weak authentication and inadequately encrypted identity data. The TriCipher Armored Credential System (TACS) contains the TACS ID Vault hardware. The complete system consists of the following components: TACS ID Vault, Distributed Management, Distributed Deployment, and TACS Tools consisting of the Management Tool, User Administration Tool, Certificate Authority Utility and TACS ID Tool. The TACS ID Tool is an application installed on the user's computer workstation. © 2007 TRICIPHER www.TriCipher.com Page 5 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Both keys needed to sign Another Private User's Credential is permanently split Key for User Personal into two, separate private keys Stored in TACS Private Key Vault The above diagram illustrates Tricipher's non-Approved 3-key RSA algorithm. Using the 3-key RSA algorithm, the TACS splits the user's RSA private key in two parts. One part of the key is stored on the TACS Vault and never leaves it, and the other part is created on the user's local machine using a password chosen by the user (In contrast, conventional RSA uses a single private key known only to the user.) The original RSA private key is destroyed. The TACS keeps no record of the user's portion of the private key, and the user has no knowledge of the TACS portion of the private key. Whenever the user is required to sign information, a partial signature is performed on the TACS, which is then completed on the user's local machine using the user's key, which is derived from his password. (This signature is different from the FIPS approved RSA digital signature used for TLS exchange.) However, the recipient need never know that the signature was computed using the TACS. Flexible multi-factor authentication is achieved by generating the user's personal private key from a variety of factors depending upon the credential strength. © 2007 TRICIPHER www.TriCipher.com Page 6 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy The authentication ladder shows TACS issued credentials in increasing order of strength as we go up the ladder. This flexibility is achieved due to the use of 3-key RSA as the underlying cryptographic engine for all forms of authentication. The authentication ladder can be broken down into two categories based on the amount of credentials provided by the user in order to authenticate themselves. The two categories are: Single Credential and Multi-Part Credentials. The simplest credential and only Single Credential is called Armored Passwords. Here, the user logs in as they always have, using a memorable password over SSL. A plug in at the web server computes a numeric "key" from the password, and then destroys the password. The password is never stored. The web server calls the TACS and authenticates using both the credential it created from the password and one stored on the TACS. No thief can crack a database of hashed passwords that doesn't exist. The password, though, should still be chosen to resist social guessing. While there is only one method of Single Credential there are several Multi-Part Credentials. Multi-Part Credentials can be divided into two categories of either 2 Factor or 3 Factor Credentials. 2 Factor Credentials consists of the following methods: Browser 2 Factor, PC 2 Factor, Portable 2 Factor, Armored Token 2 Factor, and Smart Card 2 Factor. As in Single Credentials, a 2 Factor Credential never stores the password. It can be seamless for the user, but does require a small piece of client side software, the TACS ID Tool. The Tool collects the user's id and password, then signs (encrypts) the password using a key stored on the PC in the Intel® TPM or Windows® Key Store or in a removable device. This removable device can consist of any of the methods mentioned above in the diagram such as a cookie or certificate in a © 2007 TRICIPHER www.TriCipher.com Page 7 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy browser, an armored token, a smart card, or some other portable device. This key is completely invisible to the user ­ to them; the login is completely familiar, only done through a special window. Once encrypted, the original password is destroyed, never stored. The Tool authenticates the user to the TACS which verifies that the user's credential is still valid, and then uses this authentication to prove the user's identity to the web server. 3 Factor Credentials works much the same as 2 Factor Credentials, except it requires a token that must be carried by the user. The user must plug in the token before logging on. When the TACS ID Tool signs the password, it does so with the key stored on the user's machine as well as the key from the token. In addition, the key in the token is regenerated after each use. If the token or its key is stolen and used, the user discovers the theft at the next logon and can reset their credentials. The types of Single Credential and Multi-Part Credentials are summarized in the following bulleted list. · Single Credential Armored Password · Multi-Part Credentials o 2 Factor Credentials Browser 2 Factor PC 2 Factor Portable 2 Factor Armored Token 2 Factor Smart Card 2 Factor o 3 Factor Credentials Armored Password + a key stored securely on the PC (Brower 2 Factor or PC 2 factor) + a removable token (Portable, Armored Token, or Smart Card 2 Factor) The TACS Vault itself is specially designed to afford a very high degree of assurance. It is protected using three layers of defenses: (i) it has a locked down, dedicated hardened OS, (ii) all system and user administration is strictly compartmentalized on least privilege, need to know, basis, and (iii) it uses FIPS 140-2 Level 2 rated cryptography. It is also highly scalable and fault tolerant, running as a set of 2 or 3 load-balanced and failover appliances. Finally it is a high assurance platform which can act as a secure storage facility to protect identity data such as credit card numbers. Enterprises can choose to either store identity data directly on the TACS Vault, or else can choose to encrypt data in place, and use the TACS Vault as a key management facility. The data is only available to authorized users after successful strong authentication. © 2007 TRICIPHER www.TriCipher.com Page 8 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 2.2 TACS Specification The TriCipher Armored Credential SystemTM (TACS) 1000 and 2000 are multi-chip standalone modules that meet overall level 2 FIPS 140-2 requirements. The TACS 1000 is a 2U rack-mountable server, and the TACS 2000 is a 5U rack-mountable server. Both have tamper-evident labels affixed to the case in order to provide evidence of any attempts to tamper with the module's hardware (placement of these labels is described in Section 3, Secure Operation). The cryptographic boundary is defined by the outer case of the modules that encloses the complete set of hardware and software components. Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 3 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 EMI/EMC 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A Table 1 ­ Security Level Per FIPS 140-2 Section 2.3 TACS Interfaces The modules' designs separate the physical ports into four logically distinct and isolated categories. They are: Data Input Data Output Control Input Status Output The modules' functionality is primarily accessed over the Ethernet ports. Operators log in via the Ethernet ports, accessing the module through an encrypted session. Other than tape backups for TACS 2000, all data input/output occurs over the Ethernet ports. The tape backup unit is an integral module device that connects internally via a SCSI interface. Data input/output are the packets utilizing the services provided by the module. These packets enter and exit the modules through the network ports. Control input consists of data entered into the modules through the network ports and the input for the power connector. © 2007 TRICIPHER www.TriCipher.com Page 9 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Status output consists of the status indicators displayed through the LEDs and log information output to the log servers. Additionally, the Crypto Officer has access to the user statistics. Front View of the TACS 1000 Physical Ports Rear View of the TACS 1000 Physical Ports © 2007 TRICIPHER www.TriCipher.com Page 10 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Front View of the TACS 2000 Physical Ports Rear View of the TACS 2000 Physical Ports © 2007 TRICIPHER www.TriCipher.com Page 11 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: TACS 1000 Physical TACS 2000 Physical FIPS 140-2 Logical Interface Interface Interface Network ports Network ports, Tape Data Input Interface drive Network ports Network ports, Tape Data Output Interface drive Network ports Network ports Control Input Interface Network ports, LEDs Network ports, LEDs Status Output Interface Power connector Power connector Power Interface Table 2 ­ FIPS 140-2 Logical Interfaces Note: Tamper-evident labels restrict access to the USB ports, SCSI ports, PS/2 ports (mouse and keyboard), serial ports, monitor port and CDROM drive for the modules in FIPS mode of operation. 2.4 Roles and Services The TACS supports identity-based authentication. There are two roles in the TACS (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and User role. 2.4.1 Crypto Officer Role (Identification and Authentication, Access Control) The Crypto-Officer role is used to configure and maintain the modules. By default, this role is divided into six distinct sub-roles. In order to assume any of the six Crypto-Officer roles, you enter the account (user name) and activation code (password) associated with the role. If the account and activation code are correct you will be logged in under that role and you will have the services associated with that role available to you. These six sub-roles are: 1. Super Manager: Initializes the module and supervises managerial roles 2. System Manager: Sets system parameters 3. Security Manager: Sets security parameters and Appliance time server 4. Super CSR: Supervises Consumer Service Representative roles 5. Create CSR: Supervises consumer or end-user accounts 6. Modify CSR: Maintains consumer or end-user accounts © 2007 TRICIPHER www.TriCipher.com Page 12 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Sections 2.4.1.1 ­ 2.4.1.6 detail the services available to the Crypto- Officer role, separated according to sub-role. In addition to these services, the Crypto-Office role has the ability to access all services available to the User role. 2.4.1.1 Super Manager The authenticated Super Manager has access to the following services: © 2007 TRICIPHER www.TriCipher.com Page 13 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP and Type of Access Initialization Initialize the module Command and Command Appliance RSA parameters response key pair ­ read/write CA public key ­ read/write Appliance SSL RSA key pair ­ read/write Role and Edit the role and record Command Command record definition response definition Zero out Destroys all data on the Command Command All - Write appliance appliance response data Appliance Generate and retrieve Command Command report appliance report response IP address Set the IP address for Command and Command manager and user parameters response accounts Mirror Configure mirror TACS Command and Command Mirror public key - appliance servers parameters response Read Recovery Recover from backup Command Command response Restart Restart appliance Command Command processes response Shutdown Shutdown or reboot the Command Command module response Update code Upload and install the Command Command Upgrade RSA updates response public key - Read Create Creates managerial Command and Command Operator accounts parameters response activation code - Write Read Read managerial account Command Command information response Modify Edit managerial account Command and Command information parameters response Suspend Locks managerial Command Command accounts response Unsuspend Unlocks managerial Command Command accounts response Revoke Revoke managerial Command Command Operator private accounts response key components - Write Reset Generate new activation Command Command Operator code for a revoked response activation code - account Read Delete Destroy managerial Command Command Operator RSA account and information response private key components - Write Table 3 ­ Crypto Officer Services, Descriptions, CSPs © 2007 TRICIPHER www.TriCipher.com Page 14 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 2.4.1.2 Security Manager The authenticated Security Manager has access to the following services: Service Description Input Output CSP and Type of Access Security Set the security Command and Command parameter parameters for the module parameters response Password Configure parameters for Command and Command management password management parameters response and authentication settings External CA Configure external CA to Command and Command sign operator certificates parameters response Certificate Configure the validity, Command and Command management hashing algorithm and parameters response extension for certificates Security Configure security setting Command Command Roam tether settings for the module response questions - Read User Get user status Command and Command Statistics parameters response 2.4.1.3 System Manager The authenticated System Manager has access to the following services: Service Description Input Output CSP and Type of Access System Set the system Command and Command parameter parameters for the module parameters response IP address Set the IP address for Command and Command manager and user parameters response accounts LDAP Configure LDAP server for Command and Command LDAP password - publishing certificates parameters response Write Logging Set syslog server for Command and Command logging parameters response SNMP Set SNMP for monitoring Command and Command SNMP password - the appliance parameters response Write Mirror Configure mirror TACS Command and Command appliance servers parameters response Backup Configure backup settings Command and Command parameters response 2.4.1.4 Super CSR The authenticated Super CSR has access to the following services: © 2007 TRICIPHER www.TriCipher.com Page 15 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP and Type of Access Create Create CSR accounts Command and Command Operator parameters response activation code - Write Read Read CSR accounts Command and Command parameters response Modify Modify CSR accounts Command and Command parameters response Suspend Suspend CSR accounts Command and Command parameters response Unsuspend Unsuspend CSR accounts Command and Command parameters response Revoke Revoke CSR accounts Command and Command Operator private parameters response key components - Write Reset Reset CSR accounts Command and Command Operator parameters response activation code - Read Delete Delete CSR accounts Command and Command Operator RSA parameters response private key components - Write 2.4.1.5 Create CSR The authenticated Create CSR has access to the following services: © 2007 TRICIPHER www.TriCipher.com Page 16 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP and Type of Access Create Create consumer Command and Command Operator accounts parameters response activation code - Write Modify Modify consumer accounts Command and Command parameters response Read Read consumer accounts Command and Command parameters response Suspend Suspend consumer Command and Command accounts parameters response Unsuspend Unsuspend consumer Command and Command accounts parameters response Revoke Revoke consumer Command and Command Operator private accounts parameters response key components - Write Reset Reset consumer accounts Command and Command Operator parameters response activation code - Read Delete Delete consumer accounts Command and Command Operator RSA parameters response private key components - Write Import a Import a batch file to Command and Command Operators batch file create multiple consumer parameters response activation code - accounts Read 2.4.1.6 Modify CSR The authenticated Modify CSR has access to the following services: © 2007 TRICIPHER www.TriCipher.com Page 17 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP and Type of Access Read Read consumer accounts Command and Command parameters response Modify Modify consumer accounts Command and Command parameters response Suspend Suspend consumer Command and Command accounts parameters response Unsuspend Unsuspend consumer Command and Command accounts parameters response Revoke Revoke consumer Command and Command Operator private accounts parameters response key components - Write Reset Reset consumer accounts Command and Command Operator parameters response activation code - Read Delete Delete consumer accounts Command and Command Operator RSA parameters response private key components - Write Import a Import a batch file to Command and Command Operators batch file create multiple consumer parameters response activation code - accounts Read 2.4.2 User Role (Identification and Authentication, Access Control) The User role accesses the end-user functionality of the module and does not have the ability to use any of the management functionality available to the Crypto-Officer. The services available to the User role include the ability to: © 2007 TRICIPHER www.TriCipher.com Page 18 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Service Description Input Output CSP and Type of Access Activate Activate account Command and Command Operator parameters response activation code - Read Login Authenticate the user role Command and Command Operator parameters response authentication components - Read Logout Logout the user Command Command TACS session response keys - Write Revoke Permanently revoke user Command and Command Operator private certificate parameters response key components - Write Change Change the user Command and Command password password parameters response Change Change the user profile Command and Command profile parameters response Get certificate Get user certificate Command and Command Operator public parameters response key - Read Logout and Logout and remove public Command Command TACS session delete certificate stored on the response keys ­ Write certificate operator PC Operator public key - Write Logout and Logout and remove tether Command Command Operator tether delete data stored on the response data ­ Write tethering operator PC credentials Register Register computer for Command and Command Operator tether tethering information parameters response data ­ Read Sign Sign and verify signatures Command and Command Operator parameters response authentication data ­ Read Decrypt Decrypt data Command and Command Operator parameters response authentication data ­ Read Table 4 ­ User Services, Descriptions, Inputs and Outputs 2.4.3 Authentication Mechanisms (Identification and Authentication, Access Control) The Crypto Officer can access the Appliance using the TACS Manager and TACS CSR Utility provided by TriCipher, or via a custom API application. The User can access the Appliance using the TACS Identity Protection Tool provided by TriCipher or via a custom API application. The Crypto Officer and User can only access the module over a TLS session. The operators authenticate via 3-Key RSA by signing the challenge sent by the TACS with the operator portion of the RSA private key component (which is constructed from a password, an optional tether key, and an optional two-factor key), and if present also with the Tether RSA private key and/or the Two Factor RSA private key. The TACS completes the signature with the TACS portion of the operator RSA private key component and verifies the challenge with the operator public key. © 2007 TRICIPHER www.TriCipher.com Page 19 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 3-Key RSA Authentication Strength Role Component Type Password Considering a case sensitive alphanumeric Crypto Officer, User password with repetition, the total possible combinations for the password are 62^6. The probability for a random attempt to succeed is 1:62^6 or 1:56800235584, and, since this authentication attempt is additionally piped over an encrypted session, it is not possible to perform enough authentication attempts to reduce the 1:62^6 chance per attempt to 1:100,000 over a minute. Tether, Two-factor key When the tether and/or two factor RSA keys Crypto Officer, User are used the authentication function is at least as strong as a 1024 bit RSA key. Using conservative estimates equating a 1024 bit RSA key to an 80 bit symmetric key, the probability for a random attempt to succeed is 1:2^80 or 1:1208925819614629174706176, and it is not possible for an operator to perform enough authentication attempts to reduce the 1:2^80 chance per attempt to 1:100,000 over a minute Table 5 ­ User Services, Descriptions, Inputs and Outputs 2.5 Physical Security TACS 1000 and 2000 are multi-chip standalone cryptographic modules enclosed in a hard, opaque metal case that completely encloses all of the internal components of the modules. There are only a limited set of vent holes provided in the case, and these are all obscured to prevent viewing of the internal components of the module. Tamper-evident labels are applied to the case of the 1000 and 2000 to provide physical evidence of attempts to remove the case or access any disabled ports of the modules. For instructions on the placement of the tamper evident refer to "Secure Operation" section below. The TACS 1000 and 2000 components are of production-grade quality and were tested and found conformant to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use). Figure 1 and Figure 2 below are pictures of the screens that are installed in the TACS at the factory, which are used to obscure the ventilation holes. © 2007 TRICIPHER www.TriCipher.com Page 20 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 1 - Back Screen Figure 2 - Side Screen Figure 3 and Figure 4 below show what the back and side of the TACS looks like with the screens installed. With the screens installed the inside of the TACS is obscured from view and probing tools. © 2007 TRICIPHER www.TriCipher.com Page 21 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 3 - Back Panel with Screen Figure 4 - Side Panel with Screen 2.6 Operational Environment The operational environment requirements do not apply to the TACS 1000 and 2000. The modules do not provide a general purpose operating system and only allow firmware updating using digitally signed TriCipher © 2007 TRICIPHER www.TriCipher.com Page 22 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy firmware updates. Additionally, only updates validated to FIPS 140-2 may be activated, as described in the Crypto-Officer Guidance below. 2.7 Cryptographic Key Management The TACS 1000 and 2000 implement the following FIPS-approved algorithms: · RSA (1024 bits) ­ RSA key generation, PKCS#1(sign/verify) (certificate 120)1 · Triple DES-CBC (168 bits) ­ FIPS 46-3 (certificate 413) · FIPS 186-2 PRNG ­ Appendix 3.1 of FIPS 186-2 [(x-Original); (SHA-1)] (certificate 170) · SHA-1 ­ FIPS 180-2 (certificate 430) · HMAC SHA-1 (key length: 24 bytes; MAC length 20 bytes) ­ FIPS 198 (certificate 159) Apart from the algorithms the module uses the following mechanisms in FIPS mode of operation: · TLS v1 for all the operator communication · SCP for backup and recovery (SSHv2) · SFTP for recovery (SSHv2) Additionally, the module utilizes the following non-FIPS-approved algorithm implementation: · RSA (key wrapping; key establishment methodology provides 80- bits of encryption strength) (not Approved but can be used in FIPS mode) · Operating System RNG ­ for seeding the FIPS-approved deterministic RNG (not Approved but can be used in FIPS mode) · PKCS #5 for password based key expansion (cannot be used in FIPS mode) · MD5 for TLS (cannot be used in FIPS mode) The module disables the following protocols when running in FIPS mode: · SSL V3.0 The module supports the following critical security parameters: 1 Key wrapping, key establishment methodology provides 80-bits of encryption strength. © 2007 TRICIPHER www.TriCipher.com Page 23 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Table 6 - TriCipher Detailed Key/CSP Table Key Key type Generation/Input Output Storage Zeroization Use Appliance RSA RSA key Generated internally Not output Stored on Zeroized by Sign Operator private key (1024 bits) using ANSI X9.31 from the disk generating a RSA public key RSA key generation TACS new key pair (in certificate) and during login protocol; or for authentication during mirror operation Appliance RSA RSA key Generated internally Output with Stored on Zeroized by Used by the Client public key (1024 bits) using ANSI X9.31 certificate disk generating a to verify appliance RSA key generation; chain or by new key pair signature and Input as signed digital CO operator certificate certificate during verification; or for initialization authenticating the mirror TACS CA public key RSA public Externally generated Output with Stored on Zeroized by Sign the key (1024 according to the certificate disk importing a Appliance public bits) generating CA's chain new CA key certificate procedures and input certificate into the TACS during initialization TLS RSA private RSA key Externally generated Not output Stored on Zeroized by Public key-based key (1024 bits) by a CA (e.g., from the disk importing new key exchange Verisign) and input TACS SSL certificate during TLS during initialization handshake TLS RSA public RSA key Externally generated Output Stored on Zeroized by Public key-based key (1024 bits) and input during during SSL disk importing new key exchange initialization handshake TLS certificate during TLS or by CO handshake TACS session keys 2 TDES keys Negotiated during Not output Stored on Zeroized when Secure TACS (R12) (168 bits), TACS session from the disk in SKD not needed or session traffic establishment TACS database when the 2 HMAC TACS is keys (192 powered down bytes) TLS session keys TDES keys Negotiated during Not output Volatile Zeroized when Further secure (168 bits) TLS session from the memory not needed or TACS session establishment TACS only when the traffic TACS is powered down Activation Code Alphanumeric Entered into TACS Output Stored on Zeroized when Used for string over an encrypted from the disk as hash the account is activating the (minimum of TACS session; TACS in SKD activated or Crypto Officer and 8 characters) when the database reset Users accounts or generated by the operator TACS when the account is operator account is reset reset © 2007 TRICIPHER www.TriCipher.com Page 24 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use Operator Password Alphanumeric Entered over a TLS N/A N/A Zeroized when Used for string session. the password generating the (minimum of is updated authentication data 8 characters) with a new one Tether RSA public RSA key Entered into TACS Not output Stored on Zeroized when Used for verifying key (1024 bits) over an encrypted from the disk in PKD the operator is the tether data TACS session TACS database revoked Tether RSA private RSA key If roam tether is If roam TDES Zeroized when Used for key (1024 bits) enabled then tether tether is encrypted the operator is generating the components are enables components revoked authentication data entered into the tether of key pair TACS over an components are stored in encrypted TACS are output PKD session during register protocol over an encrypted TACS session Roam Tether Alphanumeric Hardcoded in the If roam Stored on Zeroized when Used for verifying questions string TACS binaries tether is disk the Appliance the operator when enabled, is zeroized registering on a output new machine during operator key generation and register protocols Roam Tether secret Alphanumeric If roam is enabled Not output Stored on Zeroized when Used for verifying response string then it is created by from the disk the operator is the operator when the operator during TACS revoked registering on a activation and entered new machine over an encrypted TACS session if roam tether is enabled Two Factor private RSA key N/A N/A N/A. Stored N/A Used to generate key (1024 bits) outside the authentication data TACS for operators with two factor authentication Two Factor public RSA key If two-factor is Not output Stored in Zeroized when Used to key (1024 bits) enabled then it is from the the TACS the operator is authenticate generated externally TACS in PKD revoked or operators with two by the FIPS-validated when the factor Windows CSP or the password is authentication data FIPS-validated updated with a OpenSSL library (for new one UNIX systems) © 2007 TRICIPHER www.TriCipher.com Page 25 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use Entered into TACS over an encrypted TACS session Rolling private key RSA key If two-factor rolling is N/A N/A. Stored Zeroized when Used to encrypt (d_2F_rolling) (1024 bits) enabled then two- outside the a new rolling Two Factor factor rolling TACS key pair is private key on the components are generated on Client two factor entered into the each login device TACS over an encrypted TACS session Rolling public key RSA key If two-factor rolling is Not output Stored in Zeroized on Used to decrypt (e_2F_rolling) (1024 bits) enabled then it is from the the TACS each login by Two Factor generated externally TACS in PKD the operator or private key on the by the FIPS-validated when the Client two factor Windows CSP or the operator is device FIPS-validated revoked OpenSSL library (for UNIX systems)Entered into TACS over an encrypted TACS session Operator RSA RSA key Generated internally Output Stored on Zeroized when Used to verify public key (e) (1024 bits) using ANSI X 9.31 form the disk and the operator is RSA digital RSA key generation TACS optionally revoked or signatures when operator key when the in external password pair is generated on operator LDAP changed the TACS;or entered certificate database into the TACS over is requested an encrypted TACS and session when operator optionally key pair is generated to the by the Client external LDAP database Operator RSA RSA key Generated internally Not output Temporarily Zeroized after Used to generate private key (d) (1024 bits) using ANSI X 9.31 from the stored in generating Authentication RSA key generation TACS volatile Authentication key component2 when operator key when memory key (dauth2) and pair is generated on operator when component2 Persistence key the TACS key pair is operator (dauth2) and component2 generated key pair is Persistence (dpersistence2) on the generated key when operator key TACS; on the component2 pair is generated TACS (dpersistence2) on the TACS Or does not when operator enter the key pair is TACS generated on when the TACS operator key pair is © 2007 TRICIPHER www.TriCipher.com Page 26 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use generated on the Client Authentication key RSA 1024 bit Generated externally Not output Volatile Zeroized after Used to component1 private key and entered into from the memory computing the authenticate (dauth1) component TACS over an TACS only when Authentication operator encrypted TACS operator key session (PKCS5 of key pair is component2 authentication data generated when operator and salt) when by the key pair is "Authentication key TACS generated on component2 the TACS (dauth2)" is generated by the TACS; Or does not enter the TACS when "Authentication key component2 (dauth2)" is generated on the Client Authentication key RSA 1024 bit Calculated internally Not output Stored on Zeroized when Used to verify the component2 private key (dauth1 * dauth2 = d from the disk the operator is authentication of (dauth2) component mod n); TACS revoked the operator Or entered into the TACS over an encrypted TACS session when "Authentication key component2 (dauth2)" is generated by the Client Persistence key RSA 1024 bit Generated externally Not output Volatile Zeroized after Used to compute component1 private key and entered into from the memory computing the operator portion of (dpersistence1) component TACS over an TACS only when Persistence sign and decrypt encrypted TACS operator key data session (PKCS5 of key pair is component2 authentication data generated when operator and modified salt) on the key pair is when "Persistence TACS generated on key component2 the TACS (dpersistence2)" is generated by the TACS; Or does not enter the TACS when "Persistence key component2 (dpersistence2)" is generated on the Client © 2007 TRICIPHER www.TriCipher.com Page 27 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use Persistence key RSA 1024 bit Calculated internally Not output Stored on Zeroized when Used to compute component2 private key (dpersistence1 * from the disk the operator is TACS portion of (dpersistence2) component dpersistence2 = d TACS revoked sign and decrypt mod n); data Or entered into the TACS over an encrypted TACS session when "Persistence key component2 (dpersistence2)" is generated by the Client Login session RSA key Generated outside the N/A N/A N/A Used on the client private key (1024 bits) TACS and does not to extract (d_loginsession) enter the TACS persistence keys to complete the sign operation Login session public RSA key Generated externally Not output Stored on Zeroized when Used to encrypt key (e_loginsession) (1024 bits) and entered into from the disk in SKD no longer used persistence keys TACS over an TACS or the TACS for storage in encrypted TACS reboots volatile memory session on the client Kiosk RSA 1024 bit Generated externally Not output Volatile Zeroized after Used to Authentication key private key and entered into from the memory computing the authenticate component1 component TACS over an TACS only when Kiosk operator in kiosk (dauth1kiosk) encrypted TACS operator Authentication mode session (PKCS5 of key pair is key password and salt) generated component2 when "Kiosk by the when operator Authentication key TACS key pair is component2 generated by (dauth2kiosk)" is the TACS generated by the TACS; Or does not enter the TACS when "Kiosk Authentication key component2 (dauth2kiosk)" is generated on the Client Kiosk RSA 1024 bit Calculated internally Not output Stored on Zeroized when Used to verify the Authentication key private key (dauth1kiosk * from the disk the operator is authentication of component2 component dauth2kiosk = d mod TACS revoked the operator in (dauth2kiosk) n); kiosk mode Or entered into the TACS over an encrypted TACS session when "Kiosk © 2007 TRICIPHER www.TriCipher.com Page 28 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use Authentication key component2 (dauth2kiosk)" is generated by the Client Kiosk Persistence RSA 1024 bit Generated externally Not output Volatile Zeroized after Used to compute key component1 private key and entered into from the memory computing the operator portion of (dpersistence1kiosk) component TACS over an TACS when Kiosk sign and decrypt encrypted TACS operator Persistence data in kiosk mode session (PKCS5 of key pair is key password and generated component2 modified salt) when by the when operator "Kiosk Persistence TACS key pair is key component2 generated by (dpersistence2kiosk)" the TACS is generated by the TACS; Or does not enter the TACS when "Kiosk Persistence key component2 (dpersistence2kiosk)" is generated on the Client Kiosk Persistence RSA 1024 bit Calculated internally Not output Stored on Zeroized when Used to compute key component2 private key (dpersistence1kiosk * from the disk the operator is TACS portion of (dpersistence2kiosk) component dpersistence2kiosk = TACS revoked sign and decrypt d mod n); data in kiosk mode Or entered into the TACS over an encrypted TACS session when "Kiosk Persistence key component2 (dpersistence2kiosk)" is generated by the Client Symmetric session TDES (168 Generated externally Not output Volatile Zeroized when Used to encrypt key (R1) bits), and entered into the from the memory not used dpersistence1 TACS over TLS TACS only HMAC (192 session bits) Symmetric kiosk TDES (168 Generated externally Not output Volatile Zeroized when Used to encrypt session key (R1) bits), and entered into the from the memory not used dpersistence1kisok TACS over TLS TACS only HMAC (192 session bits) SCP session key TripleDES Negotiated during Not output Volatile Zeroized when Used to (168 bits) SSH session from the memory not used or the encrypt/MAC the establishment TACS only TACS is SCP sessions for powered down backup and (Not used in FIPS © 2007 TRICIPHER www.TriCipher.com Page 29 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Key Key type Generation/Input Output Storage Zeroization Use mode) recovery SFTP session key TripleDES Negotiated during Not output Volatile Zeroized when Used to (168 bits) SFTP session from the memory not used or the encrypt/MAC the establishment TACS only TACS is SFTP sessions for powered down recovery LDAP Password Alphanumeric Entered into the Not output Stored on Zeroized when Used for string TACS over an from the disk the password authentication (minimum of encrypted TACS TACS is updated during operator 8 session with a new one certificate access in LDAP SNMP Password Alphanumeric Entered into the Not output Stored on Zeroized when Used for string TACS over an from the disk the password authentication for (minimum of encrypted TACS TACS is updated SNMP services 8 session with a new one Backup key TripleDES Generated internally Encrypted Volatile Zeroized when Encrypt/decrypt (168 bits) by FIPS 186-2 PRNG with memory no longer used backup data Backup key only or backup data 2 is zeroized Backup key 2 TripleDES Generated internally Not output Stored on Zeroized when Encrypt/decrypt (168 bits) when the super from the disk in PKD no longer used backup key manager key pair is TACS or the CO generated by the password is TACS; changed or generated externally and entered into the TACS over an encrypted TACS session when super manager key pair is generated by the Client Firmware upgrade RSA public Externally generated Not output Non- Zeroized when Verify signatures key key (1024 predetermined value from the volatile the appliance on firmware bits) TACS memory zero-out is upgrades (hard drive performed ­ plaintext) in TACS binaries FIPS 186-2 PRNG SHA-1 hash Generated internally Not output Volatile Zeroized when Used by FIPS Seed of entropy from various entropy from the memory no longer used 186-2 PRNG sources TACS only FIPS 186-2 PRNG 160 bits Generated internally Not output Volatile Zeroized when Used by FIPS Seed key by gathering the from the memory no longer used 186-2 PRNG system entropy TACS only The modules use the FIPS Approved FIPS 186-2 PRNG to obtain the initial values used in the key establishment process. © 2007 TRICIPHER www.TriCipher.com Page 30 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 2.8 Self-Tests The TACS performs the following self-tests at power-up: · Firmware integrity check ­ The modules verify that their firmware has not been modified by verifying a SHA-1 hash over their firmware · Known Answer Tests (KATs) ­ The modules perform cryptographic algorithm tests at power-up to verify the correct operation of the following FIPS-approved algorithm implementations: o Triple-DES KAT o SHA-1 KAT o HMAC SHA-1 KAT o FIPS 186-2 PRNG KAT o RSA pairwise-consistency check The TACS performs the following conditional self-tests: · Continuous Random Number Generator Tests for FIPS 186-2 PRNG ­ This test is run upon generation of random data by the modules' FIPS 186-2 PRNG to detect failure to a constant value. · Continuous Random Number Generator Tests for seeding the FIPS 186-2 PRNG ­ This test is run upon generation of a seed for the modules' FIPS 186-2 PRNG to detect failure to a constant value. · RSA Pair-wise Consistency Tests (sign/verify) ­ This test is run upon generation of a new RSA key pair to verify the correct operation of the newly generated key pair. · Firmware load test ­ This test is run upon downloading an update for the modules firmware. A digital signature is verified over the firmware update to ensure the integrity of the firmware update. The power-up tests do not require any inputs from or actions by the operator. Power-up self tests occur when the module is powered up before the TACS provides any services. Power-up self-tests can be called on demand by the CO by power cycling or rebooting the module. The conditional self-tests are performed when the applicable security function or operation is invoked and do not require any additional inputs from or actions by the operator. Conditional self-tests can be executed by invoking the applicable security function or operation. © 2007 TRICIPHER www.TriCipher.com Page 31 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy If any of the power-up self-tests or the conditional self-tests fails, the module enters an error state and outputs an error indicator. The error indicator is in the form an output to the console interface stating that the load failed. The module fails to the error state and discontinues the loading operation. In this state the module does not provide any services. The module's power has to be recycled to clear the error. If the firmware upgrade test fails then the module deletes the downloaded firmware. The module will then revert to the previous version. 2.9 Design Assurance TriCipher uses CVS for configuration management of source code, hardware components and related documentation. The CVS system provides access control, versioning, and logging. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to provide configuration management for the TACS' FIPS documentation. This software provides access control, versioning, and logging. 2.10 Mitigation of Other Attacks This section is not applicable. The modules do not claim to mitigate any attacks beyond the FIPS 140-2 level 2 requirements for this validation. © 2007 TRICIPHER www.TriCipher.com Page 32 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 3. SECURE OPERATION The TACS 1000 and 2000 meet Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in the FIPS- approved mode of operation. 3.1 Crypto-Officer Guidance 3.1.1 Initial setup The TACS 1000 and 2000 are available from TriCipher through shipping using a bonded carrier. TriCipher provides the customer with the shipment package check list which includes a detailed list of the hardware components, release notes, Client software. The Crypto-Officer is responsible for inspecting the module and its packaging upon receipt for signs of tampering. If any sign of damage to the packaging or the module are found the Customer should contact the TriCipher sales support desk for assistance. The TACS 1000 and 2000 require that a fine mesh ventilation hole screen be installed in order for the TACS to operate in FIPS-approved mode. These screens are not user-servicable and must be installed at the factory by the TriCipher manufacturing team. The Crypto-Officer must apply tamper-evident labels to the TACS 1000 or 2000. The following steps detail the label application procedure: · TACS 1000 and 2000 Label Application Procedure: 1. Clean the areas of the module's chassis where the tamper- evident labels will be applied to remove any grease, dirt, etc. Alcohol-based cleaning pads are recommended for this purpose. Labels must be applied indoors in an ambient temperature of 55F to 85F. Ensure that the equipment has had sufficient time to adjust to the ambient temperature before applying the label. 2. Apply labels as depicted in Figures 1, 2 and 3 for TACS 1000 and Figures 4 and 5 for TACS 2000. 3. Record all the serial numbers of the labels applied to the system in a security log. 4. Allow a minimum of 12 hours for the labels to cure. 5. Do not expose the labels to outdoors conditions or to extreme temperatures (outside the range 55F to 85F). © 2007 TRICIPHER www.TriCipher.com Page 33 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 1: TACS 1000 tamper evident labels on the rear panel Figure 2: TACS 1000 tamper evident labels on the front top side Figure 3: TACS 1000 tamper evident labels on the front bottom side © 2007 TRICIPHER www.TriCipher.com Page 34 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 4: TACS 2000 tamper evident labels on the front panel Figure 5: TACS 2000 tamper evident labels on the rear panel 3.1.2 Initialization The Appliance ships with a default Crypto Officer account, the Super Manager, with its default password for this account. The Crypto Officer must complete the "TACS Initialization" process which consists of the following steps: 1. The Super Manager Account must be activated. 2. New appliance keys must be generated to replace the factory- installed appliance keys for the first unit. 3. New appliance keys must be generated to replace the factory- installed appliance keys for the second unit (if used, for a mirrored pair). © 2007 TRICIPHER www.TriCipher.com Page 35 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 4. New appliance keys must be generated to replace the factory- installed appliance keys for the third unit (if used, for a triad). 5. The Super Manager must set TLS Keys. 6. The Super Manager must add the root certificates for chaining. 7. The Super Manager must change his password (this resets his user keys), and generate a new certificate. Refer to the TACS Operation Guide by TriCipher for more information on the "TACS Initialization" process. The following additional configurations must be set by the Crypto Officer in order to put the Appliance into the FIPS mode of operation: The ability to use SSH to access the modules must be disabled. This can be accomplished by the following procedure: 1. Select Security Management -> Configuration and open the SSH tab (as depicted in Figure 6). 2. Uncheck the Secure Shell Enabled checkbox on the SSH tab. 3. Click OK. © 2007 TRICIPHER www.TriCipher.com Page 36 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 6 ­ Disable SSH All operator passwords must be a minimum of 8 characters in length. This option can be configured by the following procedure: 1. Select Security Management -> Configuration and open the Password Management tab (as depicted in figure 7). 2. Select Consumer in the drop-down menu for Interface to Change 3. Enter 8 for Minimum Length under Complexity. 4. Click OK 5. Select Security Management -> Configuration and open the Password Management tab (as depicted in figure 7). 6. Select Manager in the drop-down menu for Interface to Change © 2007 TRICIPHER www.TriCipher.com Page 37 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 7. Enter 8 for Minimum Length under Complexity. 8. Click OK Figure 7 ­ Setting Minimum Password Length for User and Crypto Officer All Certificate Hashing algorithm should to set to use SHA-1. This can be accomplished by the following procedure: 1. Select Security Management -> Configuration and open the Certificate Management tab (as depicted in figure 8). 2. Select Hashing Algorithm as SHA-1 on the Certificate Management tab 3. Click OK © 2007 TRICIPHER www.TriCipher.com Page 38 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 8 ­ Select Hashing Algorithm for use in Certificates All operators must be logged off at reboot and only TLS may be used to remotely access the module securely. These options can be configured by the following procedure: 1. Select Security Management -> Configuration and open the Additional Settings tab (as depicted in figure 9). 2. Check the Logoff all users at reboot and Use TLS instead of SSL for all Appliance SSL Communications checkbox on the Additional Settings tab. 3. Click OK © 2007 TRICIPHER www.TriCipher.com Page 39 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 9 ­ Select to Use TLS and Logoff Users on Reboot The Login, MirrorIn, OneShot, OneShotKiosk and Register protocols must use TLS to secure its communications. This can be configured by the following procedure: 1. Select Security Management Parameters to open the Security Parameters dialog (as depicted in Figure 10). 2. Scroll down to "Consumer Login SSL_Enabled" 3. Set Value to 1 in the drop down menu. 4. Repeat steps 2 and 3 for "Consumer LoginKiosk SSL_Enabled", "Consumer Oneshot SSL_Enabled" "Consumer OneshotKiosk SSL_Enabled" "Consumer Register SSL_Enabled" "Manager Login SSL_Enabled" "Manager LoginKiosk SSL_Enabled", "Manager © 2007 TRICIPHER www.TriCipher.com Page 40 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Oneshot SSL_Enabled" "Manager OneshotKiosk SSL_Enabled" "Manager Register SSL_Enabled" and "Manager MirrorIn SSL_Enable" 5. Click OK Figure 10 ­ Use TLS with Protocols Enable logging to a syslog server or TriCipher log server. This option can be configured by the following procedure: 1. Select System Management -> Configuration and open the Logging tab (as depicted in figure 11) 2. Check the Enable log server to be used and provide its IP address 3. Check Reset All Processes 4. Click OK © 2007 TRICIPHER www.TriCipher.com Page 41 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 11 ­ Logging Configuration The following additional configuration sets syslog logging: 1. Select System Management Parameters to open the Security Parameters dialog (as depicted in Figure 12) 2. Click on OK at the warning 3. Scroll through the list and ensure that all process that are supposed to use syslog have their "Log Device" parameter set to four (4), yellow arrow) 4. Set the "syslog facility" to be used for both appliance interfaces (Consumer/User and Manager/CO) a value of local0, (green arrow). © 2007 TRICIPHER www.TriCipher.com Page 42 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 12 ­ Syslog parameter configuration At this point, the module must be rebooted to enable all of the changes. Upon reboot, initialization of the module for FIPS is complete and the module is now configured securely. This can be accomplished by the following steps: 1. Select System Management Restart/Reboot to open the Appliance Restart/Reboot dialog (as depicted in Figure 13). 2. Select Shut Down Appliance 3. Click OK © 2007 TRICIPHER www.TriCipher.com Page 43 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Figure 13 ­ Reboot Appliance 3.1.3 Management The Crypto Officer must make sure that the configuration for the TACS is always maintained as detailed in the Initialization section above. RSA key pairs must be a minimum of 1024 bits in length. SHA-1 must be used as the hashing algorithm. All passwords and Activation Codes must be at least alphanumeric and at least 8 characters long (or more). Digital certificates generated with FIPS-approved algorithms may be utilized. The Crypto-Officer should periodically backup the configuration of the module. The Crypto-Officer must periodically check the module for signs of tampering, including unusual dents, scrapes, or damage to tamper-evident labels, and verify that the tamper-evident labels still have the proper serial numbers. Additionally, the Crypto-Officer should monitor the module's logs for strange activity. If indications of suspicious activity are found, the Crypto-Officer should immediately take the module offline and investigate. The module permits updates by the Crypto Officer. After downloading the update, the module verifies a RSA digital signature over the update to ensure that it is an unmodified TriCipher firmware update. However, the Crypto- Officer must also ensure that the update is validated to FIPS 140-2 or by checking the version and build of the firmware and verifying this has been validated to FIPS 140-2 or before activating the update. Since upgrading the © 2007 TRICIPHER www.TriCipher.com Page 44 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy module with a release that has not been validated to FIPS 140-2 will take the module out of FIPS mode, the Crypto-Officer must either zeroize the module (see Zeroization below) before activating the update or not proceed with activating the update. 3.1.4 Zeroization At the end of its life cycle or when taking the module out of FIPS mode, the module must be fully zeroized to protect CSPs. This can be accomplished through the following steps: 1. Select Security Management Zero-Out Appliance Data. A warning message will open (as depicted in Figure 14). 2. Enter Super Manager Password 3. Click Continue Figure 14 ­ Zero-Out Appliance Data This operation destroys all data on the appliance. All data are erased, all files deleted, all configuration information is lost, and the Appliance can no longer be used. The destruction operation will begin immediately and be completed several seconds after the Continue button is clicked. Shutdown of the device will take several minutes to complete after the keys have been destroyed. It is the Crypto-Officer's responsibility to ensure that zeroization has completed. If the Appliance is operating in a mirrored pair or mirrored triad configuration, this feature destroys only the unit that the Crypto Officer is currently logged into. To destroy the second unit or the third unit, the © 2007 TRICIPHER www.TriCipher.com Page 45 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy Crypto Officer must log into each unit separately and perform the zeroization process on each. 3.2 User Guidance The User does not have the ability to configure sensitive information on the TACS, with the exception of his password and CSPs generated on the Client side. The User must be diligent to pick strong passwords (8 characters or greater, a minimum of alphanumeric), and must not reveal his password to anyone. The CSPs generated by the Client should be generated using FIPS Approved algorithms. Additionally, the User should be careful to protect any CSPs in their possession. © 2007 TRICIPHER www.TriCipher.com Page 46 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TriCipher Armored Credential SystemTM FIPS 140-2 Non-Proprietary Security Policy 4. ACRONYMS ANSI American National Standards Institute API Application Programming Interface CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CVS Concurrent Versions System EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communication Commission FIPS Federal Information Processing Standard HMAC (Keyed-) Hash MAC KAT Known Answer Test LDAP Lightweight Directory Access Protocol LED Light Emitting Diode MAC Message Authentication Code NIST National Institute of Standards and Technology NVLAP National Voluntary Laboratory Accreditation Program OS Operating System PC Personal Computer RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SP Secure Platform SSH Secure SHell SSL Secure Socket Layer TCP Transmission Control Protocol TLS Transport Layer Security VSS Visual Source Safe © 2007 TRICIPHER www.TriCipher.com Page 47 of 47 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.