Comtech Mobile Datacom Corporation MTM-203 Satellite Mobile Transceiver (Commercial Firmware Version: C.3.7.Y, with Boot Code 2.3.E) FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation Document Version 1.7 Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 Phone: (240) 686-3300 Fax: (240) 686-3301 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Revision History Version Modification Date Description of Changes 0.1 2006-04-21 Initial draft. 0.2 2006-07-21 Updated section two and section three. 0.3 2006-07-26 Incorporated Quality Review feedback on document. Contents 0.4 2006-09-07 Minor updates. 0.5 2006-10-12 Updated the list of cryptographic keys, cryptographic key components, and Critical Security Parameters 0.6 2006-12-08 Added PRNG information 0.7 2006-12-20 Added role descriptions for Softload-user and Remote Administrator 0.8 2007-01-10 Added Softload Secret authentication information. 0.9 2007-01-12 Added algorithm certificate numbers. 1.0 2007-05-18 Added KEK functionality 1.1 2007-08-13 Added AES 1.2 2007-08-27 Clarified KEK operation and size of SK-2/SK-3. 1.3 2007_09_05 Clarification of clamshells. Specify which CSPs are exclusively Military and Commercial. Clarify that KEK is authentication, 1.4 2007-09-11 Removed Military references to return document to Commercial only. 1.5 2007-09-18 Clarified key entry formats, replaced `Ab Initialization' with `Ab Initio'. 1.6 2007-11-05 Changed software version to 3.7.Y, added boot version and boot code functionality. 1.7 2008-02-05 Changed Table 11 from "124-bit" to "128-bit" AES keys, changed figure 2 to remove the word 'three' when describing LEDs and changed description of Pin 20 from "Internal LED" to "LED D". Also updated CMVP website to new address and shrank size of photos to reduce document's file size. Comtech MTM-203 Satellite Mobile Transceiver Page 2 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Table of Contents 1 INTRODUCTION ...............................................................................................................................................5 1.1 PURPOSE .........................................................................................................................................................5 1.2 REFERENCES ...................................................................................................................................................5 1.3 DOCUMENT ORGANIZATION ...........................................................................................................................5 2 MTM-203 SATELLITE MOBILE TRANSCEIVER.......................................................................................6 2.1 OVERVIEW......................................................................................................................................................6 2.2 MODULE SPECIFICATION ................................................................................................................................6 2.3 MODULE INTERFACES ....................................................................................................................................7 2.4 ROLES AND SERVICES.....................................................................................................................................9 2.4.1 Normal Level User Role ......................................................................................................................10 2.4.2 Super-user Role ...................................................................................................................................11 2.4.3 Crypto-Officer Role .............................................................................................................................12 2.4.4 Softload-user and Remote Administrator Roles...................................................................................13 2.4.5 User Role .............................................................................................................................................14 2.4.6 Authentication Mechanism ..................................................................................................................14 2.5 PHYSICAL SECURITY ....................................................................................................................................15 2.6 OPERATIONAL ENVIRONMENT ......................................................................................................................16 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ..........................................................................................................17 2.8 SELF-TESTS ..................................................................................................................................................20 2.9 DESIGN ASSURANCE.....................................................................................................................................20 2.10 MITIGATION OF OTHER ATTACKS.................................................................................................................20 3 SECURE OPERATION....................................................................................................................................21 3.1 CRYPTO-OFFICER GUIDANCE .......................................................................................................................21 3.1.1 Initial Setup..........................................................................................................................................21 3.1.2 Management ........................................................................................................................................23 3.2 USER GUIDANCE ..........................................................................................................................................23 4 ACRONYMS......................................................................................................................................................24 Table of Figures FIGURE 1 ­ MTM-203 MOBILE SATELLITE TRANSCEIVER BLOCK DIAGRAM ................................................................6 FIGURE 2 - MTM-203 MOBILE SATELLITE TRANSCEIVER INTERFACES .........................................................................8 FIGURE 3 ­ MTM-203 SATELLITE TRANSCEIVER MECHANICAL VIEW ........................................................................16 FIGURE 4 - LEFT LABEL TOP VIEW ..............................................................................................................................21 FIGURE 5 - LEFT LABEL BOTTOM VIEW .......................................................................................................................22 FIGURE 6 - RIGHT LABEL TOP VIEW ............................................................................................................................22 FIGURE 7 - RIGHT LABEL BOTTOM VIEW .....................................................................................................................22 Table of Tables TABLE 1 ­ SECURITY LEVEL PER FIPS 140-2 SECTION ..................................................................................................7 TABLE 2 ­ CONNECTOR PIN FUNCTIONALITY ................................................................................................................8 TABLE 3 ­ FIPS 140-2 LOGICAL INTERFACES................................................................................................................9 TABLE 4 - LIST OF ROLES ...............................................................................................................................................9 TABLE 5 ­ MAPPING OF NORMAL LEVEL USER SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...........10 TABLE 6 ­ MAPPING OF SUPER-USER'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS .......................11 Comtech MTM-203 Satellite Mobile Transceiver Page 3 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 TABLE 7 ­ MAPPING OF CRYPTO OFFICER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS .....12 TABLE 87 - MAPPING OF SOFTLOAD-USER AND REMOTE ADMINISTRATOR'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...........................................................................................................................................13 TABLE 9 ­ MAPPING OF USER ROLE'S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ........................14 TABLE 10 ­ AUTHENTICATION MECHANISMS ..............................................................................................................15 TABLE 11 ­ LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS ..................................18 TABLE 12 ­ ACRONYMS ...............................................................................................................................................24 Comtech MTM-203 Satellite Mobile Transceiver Page 4 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the MTM-203 Satellite Mobile Transceiver from Comtech Mobile Datacom Corporation. This Security Policy describes how the MTM-203 Satellite Mobile Transceiver meets the security requirements of Federal Information Processing Standards (FIPS) 140-2 and describes how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 ­ Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) website at: http://csrc.nist.gov/groups/STM/cmvp/index.html The MTM-203 Satellite Mobile Transceiver is referred to in this document as: the MTM-203 transceiver, the transceiver, cryptographic module or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: · The Comtech website (http://www.comtechmobile.com) contains information on the full line of products from Comtech. · The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact information for answers to technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: · Vendor Evidence document · Finite State Machine document · Other supporting documentation as additional references With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Comtech and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Comtech. Comtech MTM-203 Satellite Mobile Transceiver Page 5 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 2 MTM-203 Satellite Mobile Transceiver 2.1 Overview Comtech Mobile Datacom offers secure, real-time packet data messaging and position reporting services using L- Band satellite networks. Comtech's technology allows government agencies to communicate accurately, securely, and in a timely manner with vehicles through mobile satellite communications. This end-to-end satellite-based solution includes earth stations located strategically around the world, leased satellite capacity, mobile terminals, and tailored software solutions that meet and support Comtech's clients' critical needs. Comtech Mobile Datacom has developed miniature L-band transceivers for streamlined messaging and real-time tracking systems. The miniature transceivers open doors to many new applications, such as covert devices and handheld units for the dismounted soldier - applications where weight and size limits are very important. The MTM-203 transceiver module represents a new generation in small-size, low power consumption transceivers for use in weight-restrictive environments. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-air communications. Low power consumption and efficient satellite communications technology make for a long- battery-life product under field conditions. This device allows dismounted users to maintain situational awareness and messaging connectivity worldwide with other mobile and terrestrial connected users. The miniature module operates over MSAT, INMARSAT, Thuraya, Artemis, ACeS, and OPTUS L-band satellite systems without reconfiguration. 2.2 Module Specification The transceiver is a hardware module with hard metal covers, which compromise the cryptographic boundary. A block diagram of the internal components of the cryptographic module is given in Figure 1 below, and the cryptographic boundary is depicted in this diagram. Modulator (D/A HPA Antenna Connector and up-converter) Connector Pin-out Baseband LNA and RF I/O (FPGA, FLASH, Synthesizer MUX and CPU) Connector Pin-out Down Conversion Power Supply and A/D Cryptographic Boundary Figure 1 ­ MTM-203 Mobile Satellite Transceiver Block Diagram The module contains a single Printed Circuit Board (PCB) with metal covers. The following is a list of the key circuit components for the PCB: 1. High Power Amplifier (HPA) ­ HPA amplifies Radio Frequency (RF) signals for output traffic. It is active only when the module is transmitting data. Comtech MTM-203 Satellite Mobile Transceiver Page 6 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 2. Modulator: Modulator receives outgoing data from Baseband and converts it into a RF signal during data transmission. 3. Baseband: Baseband contains the FLASH memory and the Central Processing Unit (CPU) of the module. This component of the PCB controls the module and performs transceiver functionalities. 4. Synthesizer: Synthesizer controls signal frequency of Down Conversion or Modulator for incoming or outgoing RF signals, respectively. This component communicates with Baseband to decide on frequency. 5. Low Noise Amplifier (LNA) and RF I/O Multiplexer (MUX): Receives RF signal from the Antenna Connector. 6. Down Conversion and Analog-to-Digital (A/D) Converter: Down conversion and A/D converts RF signal to Baseband signal. The MTM-203 Satellite Mobile Transceiver is a multi-chip standalone module that meets overall level 2 FIPS 140-2 requirements. The module is validated at the following FIPS 140-2 Section levels: Table 1 ­ Security Level per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 Electromagnetic Interference (EMI)/ 2 Electromagnetic Compatibility (EMC) 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 2.3 Module Interfaces The MTM-203 Transceiver module provides a single serial interface at Transistor-Transistor Logic (TTL) levels. Application Programming Interface (API) commands can be provided to the module using the serial interface or the antenna interfaces. The antenna interface consists of three coaxial connectors, o Left Hand circularly polarized (LHCP) antenna o Right Hand circularly polarized (RHCP) antenna o Global Positioning System (GPS) connection Two of these connectors deliver the received signal from either a left hand (LH) or right hand (RH) circularly polarized antenna to the corresponding LNA circuitry. All three interfaces only operate in half duplex mode and use the High Power Amplifier (HPA) to send the signal to the antenna. Only the transmit or the receive signal is present on this interface at any given time. The third connector is used to connect to the on-board Global Positioning Comtech MTM-203 Satellite Mobile Transceiver Page 7 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 System (GPS) device. The transceiver may be configured to automatically switch from LH to RH (or vice versa) by issuing the appropriate API command. Figure 2 - MTM-203 Mobile Satellite Transceiver Interfaces The module's physical interfaces are composed of Connector pins, Antenna Connectors, and Light Emitting Diodes (LEDs). Some of the Connector pins are used to provide serial data/control input and data/status output. The remaining active Connector pins are used to interface with an external power source. Functions of all active Connector pins are listed in Table 2. Antenna connectors are also used for data/control input or data/status output. The LEDs that are present on the module provide status concerning transmit or receive mode. Table 2 ­ Connector Pin Functionality Pin Pin Description 1 GND 2 Voltage from Battery (VBATT) 6.5 ­ 15 V 3 Ground (GND) 4 VBATT (6.5 ­ 15 V) 5 LED C 6 LED A 7 LED B 8 AUX_PWR CNTL 9 IGN_SENSE 10 MAIN CNTL (ON/OFF) ­ Must be pulled high (3.3V) for the module to turn on. 11 User Defined: 0­3 V, 8 mA, max, 3 V logic, 12 User Defined: 0­3 V, 8 mA, max, 3 V logic, 13 User Defined: 0­3 V, 8 mA, max, 3 V logic, 14 User Defined: 0­3 V, 8 mA, max, 3 V logic, Comtech MTM-203 Satellite Mobile Transceiver Page 8 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Pin Pin Description 17 SER DAT IN 18 SER DAT OUT 20 LED D 21 Power for GPS ­ 1.95-3.6V (40 µA max. at 3.3 V) The Antenna interfaces on the MTM-203 Transceiver consists of three coaxial connectors: two connectors for external CP antennas (J2 and J3 in Figure 2), and a third connector (J1 in Figure 2) for an external GPS antenna. · Antenna-LHCP (J3): Connector J3 feeds the LHCP LNA circuitry when in receive mode, and connects to the LHCP HPA circuitry when the unit is in transmit mode. · Antenna-RHCP (J2): Connector J2 feeds the RHCP LNA circuitry in the receive mode, and connects to the RHCP HPA circuitry when the module is in transmit mode. The RHCP LNA also feeds the internal GPS module as well as the J1 connector. · The third coaxial connector, J1, feeds the GPS signal to an external GPS module. The signal output from this connector is only available when the unit is in the receive mode. All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described in the following table: Table 3 ­ FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface MTM-203 Satellite Mobile Transceiver Port/Interface Data Input Pin 17, J2, J3 Data Output Pin18, J1, J2, J3 Control Input Pin 9, pin 10, pin11, pin 12, pin13, pin14, pin 17, J2, J3 Status Output Pin 8, pin11, pin 12, pin13, pin14, pin 18, LEDs Power Pin 1, pin 2, pin 3, pin 4, pin 21 2.4 Roles and Services The module supports role-based authentication. There are six roles in the module that operators may assume: Table 4 - List of Roles Role Interface Authentication Normal Level User Serial port Not authenticated. Super-User Serial port Super-User password. Crypto-Officer Serial port Crypto-Officer password. User Satellite Possession of correct identity and traffic TDES keys. connection Remote Administrator Satellite Possession of identity and traffic keys. connection Solftload User Satellite Possession of correct "softload secret" (9 bytes of random value used to derive a connection 192-bit TDES softload user key) The User role is assumed by operators who utilize the module's data transmitting functionalities. The Crypto- Officer, Super-user, Softload-user, and Remote Administrator roles are used to perform administrative services on the module, such as initialization, configuration, and monitoring of the module. The Normal level user is an unauthorized role who can perform only non-security relevant operation on the module. Normal level users cannot Comtech MTM-203 Satellite Mobile Transceiver Page 9 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 modify or view any Critical Security Parameters (CSPs). Users and Remote Administrators only access the module via the Antenna interface, whereas other roles access the module locally via the serial port. To access the module as Crypto-Officer or a Super-user, the operator must first access the module locally as a Normal level user, and then enter a password to log in as a Crypto-Officer or a Super-user. All roles except for the Softload User can `Execute' the Traffic and Identity keys to encrypt and decrypt messages. The Softload User and Remote Administrator can `Read' keys from and `Write' keys to the transceiver. 'Execute' means that the role can use a key to encrypt or decrypt a message, but the ability to 'Execute' does not provide access to the raw key material. 'Read' means that the role can view the raw key material. 'Write' means that the role can add, or replace, the raw key material. 2.4.1 Normal Level User Role The Normal level user is an unauthorized role which has access to the following non-security relevant services: Table 5 ­ Mapping of Normal Level user Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSPs and Module's Access Level API Modes Controls display of Command Status output -- command provided to the module over serial port General Shows module status Command Status output -- Information Identities and Shows identity list and Command and Status output -- Nodes associated data identity name Viewing Monitors message Command Status output -- Messages transaction Formatting a Formats payload data Command Status output -- Message Payload Message Formats Formats incoming or Command and data Status output -- outgoing messages Sending a Transmits a message Command and data Status output -- Message DSP Configures and monitors Command DSP configured and -- DSP setting status output Host Processor Configures and monitors Command Status output -- Host configuration to the EEPROM. GPS Configures and monitors Command DSP configured and -- GPS setting status output Digital I/O Sets up antenna Command Antenna configured -- configuration and status output Power Sets up auxiliary power and Command and power Status output -- `powersave' mode Emergency Sets emergency mode Command Status output -- Mode LED Tests LEDs Command Status output -- Comtech MTM-203 Satellite Mobile Transceiver Page 10 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Service Description Input Output CSPs and Module's Access Level Provisioning Provisions the module Command Module ready for -- service Diagnostics Diagnostic operations on the Command Status output -- module Send message Sends a message Network packet with Data transmitted Identity Key ­ data Execute Traffic Key ­ Execute Receive message Receives a message Network packet with Data received Identity Key ­ data Execute Traffic Key ­ Execute Erase firmware Used by boot code protocols Commands Status responses -- holding area prior to upload of new firmware to holding areas in non-volatile memory Write firmware Used by boot code protocols Commands and Status responses -- holding area to upload new firmware to firmware image data holding areas in non-volatile memory Verify firmware Used by boot code protocols Commands and Status responses -- holding area prior to request checksum checksum data test of holding areas in non- volatile memory 2.4.2 Super-user Role The Super-user is an authorized role with following privileges: Table 6 ­ Mapping of Super-user's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSPs and Module's Access Level General Setup Shows module status Command Status output -- Access Levels Changes access level Command and Change in access level Password ­ Read to Crypto-Officer or password Super user level Nodes and Monitors and sets Command and Status output -- Identities identity list and identity name associated data Sending a Message Transmits a message Command and data Status output -- DSP Configures and Command DSP configured and -- monitors DSP setting status output GPS Configures and Command DSP configured and -- monitors GPS setting status output Comtech MTM-203 Satellite Mobile Transceiver Page 11 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Service Description Input Output CSPs and Module's Access Level Power Sets up auxiliary Command and power Status output -- power and `powersave' modes Send message Sends a message Network packet with Data transmitted Identity Key ­ data Execute Traffic Key ­ Execute Receive message Receives a message Network packet with Data received Identity Key ­ data Execute Traffic Key ­ Execute 2.4.3 Crypto-Officer Role Descriptions of the services available to the Crypto-Officer role are provided in the table below. Table 7 ­ Mapping of Crypto Officer Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSPs and Module's Access Level Node and Identities Monitors and sets Command and Status output -- identity list and identity name associated data Access Levels Changes access level Command and Change in access Password ­ Read to Crypto-Officer or password level Super user level Enable Internal GPS Configures and Command DSP configured and -- monitors GPS setting status output Monitor Maps Manages and Command Status output -- monitors inbound and outbound network maps. Process CMDC Changes the Command Status output -- transceiver packet display mode. Set Transmit Adjusts the module's Command Status output -- transmit power level and DSP setting. Test cryptographic Tests TDES Command Status output -- algorithm encryption/decryption algorithm Send message Sends a message Network packet with Data transmitted Identity Key ­ data Execute Traffic Key ­ Execute Comtech MTM-203 Satellite Mobile Transceiver Page 12 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Service Description Input Output CSPs and Module's Access Level Receive message Receives a message Network packet with Data received Identity Key ­ data Execute Traffic Key ­ Execute 2.4.4 Softload-user and Remote Administrator Roles Softload-user and Remote Administrator users are authorized roles whose privileges are listed in Table 8. These two roles can also access all module management related commands defined for Crypto-Officer and Super user roles. Table 8 - Mapping of Softload-user and Remote Administrator's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSPs and Module's Access Level NC_ESTABLISH_KEY Adds keyset to the keyset tables Command and Keyset table Traffic key ­ SET key data changes Read/Write AB Initialization Key ­ Read/Write NC_ESTABLISH_ENC Adds the keyset to the keyset tables Command and Keyset table Traffic key ­ RYPTED_KEYSET key data changes Read/Write Ab Initio Key ­ Read/Write NC_ESTABLISH_NOD Builds incoming and outgoing maps in Command and Status output -- E non-volatile memory. node name NC_ADD_IDENTITY Establishes the maps to add a node as Command and Status output -- a destination identity within the data transceiver. NC_SET_DEFAULT_T Sets a node as the active default Command Status output -- O destination node. NC_SET_DEFAULT_F Sets a node as the active default source Command Status output -- ROM node. NC_SET_DEFAULT_T Sets the active source and destination Command Status output -- O_AND_FROM nodes appropriately NC_REMOVE_KEYSE Removes a keyset Command Status output -- T NC_REMOVE_NODE Removes a node from the maps Command Status output -- NC_REMOVE_IDENTI Removes a node from the identities Command Status output -- TY within the transceiver. NC_SET_ALL_RADIO Configures and monitors channel Command DSP -- _PARAMETERS configured and status output Comtech MTM-203 Satellite Mobile Transceiver Page 13 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Service Description Input Output CSPs and Module's Access Level NC_SET_OUTPUT_G Sets the transmit gain value to the Command Status output -- AIN_FACTOR value of the included parameter NC_SET_TX_AUTHO Sets the transceiver transmit Command Status output -- RIZATION_MASK authorization mask to the value of the included parameter NC_SET_CURRENT_ Sets the current beam transmit Command Status output -- AUTHORIZATION_M authorization mask to the value of the ASK included parameter NC_USE_CONFIGUR Configures and monitors DSP setting Command DSP -- ATION configured and status output NC_REMOVE_AB_INI Removes Ab Initio keys, maps and Command Ab Initio Key Ab Initio Key TIO identities from memory. removed ­ Read/Write NC_WRITE_DSP_FLA Writes the data to the appropriate Command and Status output -- SH location in Flash memory data NC_MT2011_COMPA Sets the compatibility flags to the Command Status output -- TIBILITY value Send message (Remote Sends a message Network Data Identity Key ­ Administrator only) packet with transmitted Execute data Traffic Key ­ Execute 2.4.5 User Role The User role has the ability to utilize the module's data transmitting functionalities via Antenna interface only. Descriptions of the services available to the Users are provided in the table below. Table 9 ­ Mapping of User Role's Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSPs and Module's Access Level Send message Sends a message Network packet with Data transmitted Identity Key ­ data Execute Traffic Key ­ Execute Receive message Receives a message Network packet with Data received Identity Key ­ data Execute Traffic Key ­ Execute 2.4.6 Authentication Mechanism The Crypto-Officers, Super-users, and Softload-users are able to access the module through directly connected console port. Users and Remote Administrators access the module only via the Antenna interface network and authenticate themselves with Traffic keys (AES or TDES keys). Crypto-Officer and Super-user authenticate themselves using passwords. Softload-users authenticate with a 192-bit TDES key derived from Softload Secret. Softload Secret is a 9 byte random value. Comtech MTM-203 Satellite Mobile Transceiver Page 14 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Table 10 ­ Authentication Mechanisms Authentication Type Strength Strength Within One Minute Passwords The minimum length of the password is six Because of the serial interface speed, the alphanumeric characters with any printable module can accept only 69,120 password symbols. Assuming only 94 characters with attempts in a minute. So the chance of repetition, the chance of a random attempt random success is 1 in (946/69,120) or 1 in falsely succeeding is 1 in (946 =) about 9,980,754. 689,869,781,056. TDES Keys The Softload-user authentication keys are 192 The processor speed means the module can bit TDES keys with 112 bits of security. go through 4.5*109 cycles per minute. If Users and Remotes Administrators can also each authentication attempt took only one authenticate with 192 bit TDES keys. The minute, the chance of random success would chance of a random attempt falsely be 1 in (2112/4.5*109) or 1 in 1.15 * 10^24. succeeding is 1 in (2112 =) 5.192296858 x1033. AES Keys Users and Remote Administrators can Due to the processor speed cite above, the authenticate with 128, 192 or 256 bit AES minimum chance of a random success in one keys. The chance of a random attempt falsely minute would be 1 in (2128/4.5*109) or about succeeding is 1 in (2128 = ) 3.402823669 x 1 in 7 * 1028. 1038, 1 in (2192 = ) 6.277101735 x 1057, and 1 in (2256 = ) 1.157920892 x 1077, respectively. Softload Secret Softload Secret is a 9 byte random value, the Again, due to processor speed, the chance of chance of a random attempt falsely random success in a minute would be a most succeeding is 1 in (272 =) 1 in (272/4.5*109) or 1.04*1012. 4,722,366,482,869,645,213,696. 2.5 Physical Security The MTM-203 Satellite Mobile Transceiver is a multi-chip standalone cryptographic module. The module is contained within a hard metal clamshell. The module's cover is resistant to probing and is opaque within the visible spectrum. Tamper-evident seals are placed on the cryptographic module so that the seal must be broken to attain physical access The cryptographic boundary is defined as encompassing the "top," "front," "left," "right," "rear," and "bottom" surfaces of two clamshell metal housing that are firmly held together with twelve screws. The metal housing exposes interfaces for the Control Connector, Antenna Connectors, and LEDs at front side. Comtech MTM-203 Satellite Mobile Transceiver Page 15 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Figure 3 ­ MTM-203 Satellite Transceiver Mechanical View The metal covers do not have any openings or ventilation holes. This module employs tamper-evident labels to detect the opening of the covers. The tamper-evident labels are applied by Comtech before providing the module to the Crypto-Officer, and the description of where these labels are located is described in the "Secure Operation" section of this document. The module conforms to the Electromagnetic Interference/ Electromagnetic Compatibility (EMI/EMC) requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, and Class A (for business use). 2.6 Operational Environment The operational environment requirements do not apply to the MTM-203 Satellite Mobile Transceiver, because the module does not provide a general-purpose operating system (OS) to the user. The OS is not externally accessible and only the module's custom written firmware provides a logical interface into the module. The module provides a method to update the firmware in the module with a new version. A HMAC-SHA-1 keyed hash is verified over the firmware update to ensure its integrity. Comtech MTM-203 Satellite Mobile Transceiver Page 16 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 2.7 Cryptographic Key Management The cryptographic module implements the following FIPS-approved algorithms: · Triple DES ­ CBC; 1 and 2 keying option; encrypt/decrypt (certificate #502) · SHA-1 Byte oriented (certificate #561) · HMAC SHA-1 ­ (certificate #245) · ANSI X9.31 Appendix A.2.4 PRNG ­ (certificate #271) · AES ­ 128, 192 and 256 bit keying, CBC, encrypt/decrypt (certificate #626) The cryptographic module implements the following non-FIPS-approved algorithms: · Digital Encryption Standard (DES) · Non-FIPS-approved RNG used to seed the FIPS approved PRNG Comtech MTM-203 Satellite Mobile Transceiver Page 17 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 The module supports the following critical security parameters: Table 11 ­ List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key Key Type Generation / Input Output Storage Zeroization Use Identity Key TDES 192-bit CBC Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts and decrypts key, or AES 128, 192 input in plaintext or plaintext session data or 256 bit CDB key ciphertext, depending upon user role Traffic Key TDES 192-bit CBC Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts and decrypts key, or AES 128, 192 input in plaintext or plaintext session data or 256 bit CDB key ciphertext, depending upon user role Ab Initio Keys TDES 192-bit CBC key Generated externally; Output in plaintext Stored in Flash in Erasing flash image Encrypts and decrypts hardcoded in Plaintext or hardcoded session data for unit application in application recovery. Softload Secret 9 bytes of random data Generated externally; Never output from Hard coded in Erasing flash image Derives key to encrypt (Note: communication hardcoded in module application firmware in and decrypt Softload encrypted with the application plaintext session data. Derived Softload Key is keys are considered as considered plaintext for authentication for FIPS purposes.) softload user. Password Crypto-Officer or Generated externally Never output from Stored in Flash in Erasing flash image Authenticates Crypto- Super-user password module plaintext Officer and Super-user Firmware Upgrade key 20 bytes HMAC key Generated externally; Never output from Hard coded in Erasing flash image Perform Integrity check hardcoded in module application firmware in for firmware upgrade application plaintext PRNG seed 8 bytes of seed Generated internally Never output from Resides in volatile Power cycle Seeds the FIPS module memory approved PRNG 2.7.1.1 Key Generation The module has a nonapproved RNG to gather entropy and seed the FIPS approved PRNG. The module does not generate any cryptographic keys internally. Comtech MTM-203 Satellite Mobile Transceiver Page 18 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 2.7.1.2 Key Storage The Firmware Upgrade Key is held in volatile memory only in plaintext during firmware upgrade. The Softload Secret and passwords are stored in flash memory in plaintext. The Ab Initio key is stored in Flash memory in plaintext form. The Identity keys and Traffic keys are stored in flash memory, in plaintext form. 2.7.1.3 Key Entry and Output All keys and CSPs that are entered into the module are electronically entered. Identity Keys, Traffic Keys, and Ab Initio Keys exit module in plaintext, no other keys or CSPs exit the module. Ab Initialization Keys are hardcoded in application. Identity Key and Traffic Keys can enter the module plaintext or in encrypted form. 2.7.1.4 Key Zeroization All keys and CSPs can be zeroized by erasing the flash image. The user can erase the flash image by either engaging a zeroize mechanism via the serial user interface, or by commands sent to the unit over the satellite connection. Comtech MTM-203 Satellite Mobile Transceiver Page 19 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 2.8 Self-Tests The MTM-203 Satellite Mobile Transceiver performs the following self-tests at power-up: · Software integrity check using Cyclic Redundancy Check (CRC)-32 checksum, on both Boot code and Host application code. · Known Answer Tests (KATs) o Triple-DES KAT o HMAC-SHA-1 KAT o PRNG KAT o AES KAT If any of the above self-tests fail, the module prints a failure indicator message on the serial port. Otherwise, a success indicator message is posted on the serial port. Failure of the Boot code software integrity check is indicated by a flashing pattern on the LEDs, as the serial interface has not been activated at that point. The MTM-203 Satellite Mobile Transceiver performs the following conditional self-tests: · Software update test using HMAC SHA-1 · Continuous RNG Test for FIPS approved PRNG and non-approved RNG Upon failing conditional self-tests, the module posts a message on the serial port. 2.9 Design Assurance The source code is primarily written in C. Some portions are written in assembler for performance reasons. Comtech uses Code Co-op version 4.6e to perform source code versioning and management and stores release notes within for versions of the firmware. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to provide configuration management for the MTM-203 Satellite Mobile Transceiver's FIPS documentation. This software provides access control, versioning, and logging. 2.10 Mitigation of Other Attacks The module does not mitigate other attacks. Comtech MTM-203 Satellite Mobile Transceiver Page 20 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 3 Secure Operation The MTM-203 Satellite Mobile Transceiver meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Crypto-Officer Guidance The module is available directly from Comtech Mobile Datacom Corporation and is shipped via a third party shipping company, such as FedEx or UPS. The module sealed with an anti-static bag is provided in a carton. The Crypto-Officer must inspect the box, packing materials, and module for signs of tamper, including damage to the box, packing materials, or the module itself. The Crypto-Officer (CO) is responsible for initial setup and maintenance to the FIPS mode of operation of the module. 3.1.1 Initial Setup The MTM-203 Satellite Mobile Transceiver comes to the CO in a compact, rugged, solid-state device with no moving parts. The following materials are needed to run the MTM-203 Satellite Mobile Transceiver: 1. Antenna 2. RS-422 serial cable 3. Interface from the Connector pin-outs to serial port 4. External Power Supply (40 uA max, 3.3V) 5. 20AWG wiring gauge Crypto-Officer receives the module with tamper evident labels on. The module requires two (2) a labels to detect any tampering. 1. One label is at the seam covering top and bottom surface of the clamshells at left side. Figure 4 - Left Label Top View Comtech MTM-203 Satellite Mobile Transceiver Page 21 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 Figure 5 - Left Label Bottom View 2. Another label is applied at the seam covering top and bottom surface of the clamshells at right side. Figure 6 - Right Label Top View Figure 7 - Right Label Bottom View Tamper evident labels usually become torn upon an attempt to remove them, and always either break into small pieces or become noticeably warped whenever a successful removal attempt is made. Thus, attempts at removal always show evidence of tampering. After confirming that there is no evidence of label damage that would indicate tampering with the module, the Crypto-Officer should run the power-on test. This procedure requires a terminal or computer running terminal emulation software set for 9600 baud with 8 bits, no parity, 1 stop bit, and no flow Comtech MTM-203 Satellite Mobile Transceiver Page 22 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 control. Initialization messages should appear on console port when an RS-422 serial cable with an RJ-45 male connector is connected to the terminal and with power turned on. Comtech ships the module fully provisioned. Provisioning establishes the profile of configuration commands inherent to the module. 3.1.2 Management The Crypto-Officer must ensure that the module is always operating in a FIPS-approved mode of operation. This can be achieved by ensuring the following: · Ensure via the "show version" command that the FIPS-Approved versions of the Boot Code and Commercial Firmware are loaded on the transceiver (see pg.1 of this document for the applicable version numbers). · Passwords must be at least six characters long. · To login over serial port as a Crypto-Officer or Superuser role, `superuser' command needs to be issued followed by a `enter' key, then password needs to be entered. · The module logs must be monitored. If suspicious log entries are noted, the Crypto-Officer should take the module off-line and investigate. · The tamper-evident labels must be regularly examined for signs of tampering (Figure 4, Figure 5, Figure 6, and Figure 7) to detect any opening of the covers. · `softload' should be used only via serial port. · The Crypto-Officer must ensure that only AES or Triple-DES keys are loaded into the module and used for encryption/decryption. DES keys must be explicitly disallowed. 3.2 User Guidance The end Users do not have the ability to configure sensitive information on the module. The User should be careful not to provide Traffic key information to other parties. Comtech MTM-203 Satellite Mobile Transceiver Page 23 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice. Non-Proprietary Security Policy, Version 1.7 February 5,2008 4 Acronyms Table 12 ­ Acronyms Acronym Definition A/D Analog to Digital Converter API Application Programming Interface CMVP Cryptographic Module Validation Program CO Crypto-Officer CPU Central Processing Unit CRC Cyclic Redundancy Check CSP Critical Security Parameter EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GPS Global Positioning System HMAC (Keyed-) Hash Message Authentication Code HPA High Power Amplifier KAT Known Answer Test LED Light Emitting Diode LH Left Hand LHCP Left-Hand Circularly Polarized LNA Low Noise Amplifier MUX Multiplexer NIST National Institute of Standards and Technology OS Operating System PCB Printed Circuit Board RF Radio Frequency RH Right Hand RHCP Right-Hand Circularly Polarized TTL Transistor-Transistor Logic VBATT Voltage from Battery VSS Visual Source Safe Comtech MTM-203 Satellite Mobile Transceiver Page 24 of 24 © 2007 Comtech Mobile Datacom Corporation ­ This document may be freely reproduced and distributed whole and intact including this copyright notice.