Advanced Configurable Cryptographic Environment (ACCE) v1.8 FIPS 1402 Security Policy iss 5 Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Table of Contents 1. Introduction.....................................................................................................................................3 1.1. Scope....................................................................................................................................3 1.2. Overview and Cryptographic Boundary................................................................................3 1.3. Module Security Requirements.............................................................................................4 1.4. Module Ports & Interfaces....................................................................................................5 2. FIPS and nonFIPS Operation........................................................................................................6 2.1. Algorithms.............................................................................................................................6 2.2. Key Generation.....................................................................................................................7 2.2.1. Key Generation Detail...................................................................................................7 2.2.2. Random Number Continuous Self Tests......................................................................7 2.2.3. Non FIPSmode Key Generation..................................................................................7 2.3. Self Tests..............................................................................................................................8 2.3.1. Firmware Load Test......................................................................................................8 3. Physical Security............................................................................................................................9 3.1. Introduction...........................................................................................................................9 3.2. Physical Security Rules........................................................................................................9 4. Identity Based Authentication........................................................................................................10 4.1. Single User..........................................................................................................................10 4.2. User/Crypto Officer Authentication.....................................................................................10 4.3. Creating a User or Crypto Officer.......................................................................................10 4.4. Strength of Authentication Mechanism...............................................................................10 5. Roles and Services......................................................................................................................12 5.1. Roles...................................................................................................................................12 5.1.1. Operator......................................................................................................................12 5.1.2. User............................................................................................................................12 5.1.3. Crypto Officer..............................................................................................................13 5.2. Services and Critical Security Parameter (CSP) Access....................................................13 5.2.1. CSP Definition.............................................................................................................13 5.2.2. Services and Access..................................................................................................13 6. Maintenance.................................................................................................................................16 6.1. Firmware Upgrade...............................................................................................................16 Appendix A. Operator Guidance.............................................................................................17 Copyright © 2008 AEP Systems Technologies Ltd. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 3 of 20 1. Introduction 1.1. Scope This document is the FIPS PUB 1402 Security Policy for the AEP ACCE 2 v1.8. It covers the following as used in the AEP Keyper Model 9720 Professional and the AEP Keyper Model 9720 Enterprise: Hardware 2730G2 Firmware 011126 v1.8 1.2. Overview and Cryptographic Boundary The AEP ACCE 2 v1.8 (see front cover picture) is a single user, multichip embedded cryptomodule. The FIPS PUB 1402 cryptographic boundary is the metal case containing the entire AEP ACCE 2 v1.8. Like its successful predecessors, the ACCE and ACCEL3 modules, the AEP ACCE 2 v1.8 exists to provide cryptographic services to applications running on behalf of its user which communicate with it via a standard 10/100 Base T Ethernet interface using IP protocols. To implement these services, the module additionally requires a suitable power supply, Smart Card reader, digital display device, keypad and line drivers. The AEP ACCE 2 v1.8 is usually sold embedded within a standalone "network appliance" Hardware Security Module [HSM] type product such as the AEP Keyper Model 9720 (below). The AEP Keyper HSM is typically used wherever secure storage and generation of cryptographic keys are required, especially where high performance cryptographic acceleration is desired. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 4 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 1.3. Module Security Requirements The module meets the overall requirements applicable to Level 4 Security for FIPS 1402 Security Requirements Section Level Cryptographic Module Specification 4 Cryptographic Module Ports and Interfaces. 4 Roles, Services and Authentication 4 Finite State Model 4 Physical Security (MultipleChip Embedded) 4 Operational Environment N/A Cryptographic Key Management 4 Electromagnetic Interference/Electromagnetic 4 Compatibility (EMI/EMC) SelfTests 4 Design Assurance 4 Mitigation of Other Attacks N/A1 Cryptographic Module Security Policy 4 1 Although no specific resistance to other attacks is claimed (or has been tested), it should be noted that the module includes a number of active electronic devices and will typically be executing a number of processes in parallel in response to any requested cryptographic operation. This makes it difficult for an attacker to carry out timing or power analysis attacks as the "effective noise level" is high. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 5 of 20 1.4. Module Ports & Interfaces The module has dedicated, separate physical connections for power (dedicated connections), tamper2, key backup and recovery (Smart Card), control interface (keypad & display), audit (serial port) and user data (Ethernet). All connections to the module are via a 100way ribbon cable. The following table describes the relationship between the physical connections available via this ribbon cable and their logical interfaces. (The module has no other electrical connections.) Logical Interface Data Type Physical Interface Data Input interface User Data Ethernet (shared with user logical Data Output Interface) Authentication Data Smart Card. CO Data (Key Recovery) Smart Card. Data Output interface User Data Ethernet Authentication Data (New User Smart Card Creation) CO Data (Key Backup) Smart Card Control Input interface CO & Operation functions Front panel key pad User Commands Ethernet Status Output LED, LCD, Serial interface Power Interface Various 5V and similar inputs ­ dedicated power supply appropriately safety &EMC certified for destination country required (supplied as standard with the product). Mapping Physical and Logical Interfaces The User Data (Ethernet) connection can accept data (for an encrypt or sign operation) or output (for a decrypt operation) plaintext, encrypted keys (when enabled) and ciphertext data (output of a decrypt operation). Logical distinctions between plaintext, encrypted keys and ciphertext are made in the Application Programming Interface (API). The key backup and recovery port (Smart Card) is also used to authenticate users and crypto officers. As these are separate processes (a crypto officer must authenticate before he can utilize key backup or recovery functions) they are logically distinct. 2 Most tamper signals (e.g., temperature, physical penetration, etc.) are detected within the module ­ but the module provides external connections that can be used to externally force a tamper response. These are provided so that products incorporating the module can implement features such as "emergency erase all" pushbuttons, etc. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 6 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 2. FIPS and nonFIPS Operation The AEP ACCE 2 v1.8 supports "FIPS Mode" and "nonFIPS mode" operation. When in FIPS mode, only FIPS approved cryptographic algorithm and key generation mechanisms are available. NonFIPS mode is a functional superset of FIPS mode with additional cryptographic algorithms and nonFIPS approved key derivation mechanisms available. Keys generated by nonFIPS derivations cannot be used when operating in FIPS mode. The operator interface can be queried to confirm if the module is operating in FIPS or nonFIPS mode. In the AEP Keyper Model 9720, this is displayed on the LCD front panel display in response to an operator menu function. 2.1. Algorithms Algorithms can be used in FIPS mode except where indicated. Keys cannot wrap stronger keys i.e. 128 bit AES keys cannot be used to wrap 192 bit AES keys. Algorithm Certificates Key/modulus/exponent Sizes Notes DSA #243 512 to 1024 bit modulus inclusive (in 64 FIPS certified PRIME; PQG(gen); bit steps). KEYGEN(Y); SIG(gen); SIG(ver); MOD (ALL) RSA #297 1024 to 4096 bit (in 32 bit steps) with PKCS#1, X9.31 (FIPS mode) and without CRT. Public exponents of ISO 9796, X.509 & Encryption (non 3, 17 and 65537. FIPS mode) DiffieHellman 512 to 4096 bit modulus. Private key of Non FIPS mode only3 between 160 bits and the modulus X9.42 (ephemeral and static) not length (PKCS#3) (ephemeral/static not supported. relevant). SHA1 #681 Bytes SHA2 #681 224, 256, 384 and 512 bit in bytes DES ECB (e/d), CBC (e/d), MAC. Non FIPS mode only3 TDES #599 TECB(e/d; KO 1,2,3); TCBC(e/d; KO 1,2,3) TDESMAC #599 AES #648 128, 192, 256 bit. ECB CBC pRNG #369 FIPS 1862 Appendix 3.1 based pRNG continually reseeded by hardware Random Noise Source. MD5 Bytes Non FIPS mode only3 3 Attempts to access nonFIPS operations while in FIPSmode fail and error code 0x1400 (K_MECHANISM_NOT_AVAILABLE) is returned. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 7 of 20 2.2. Key Generation The module features a FIPSapproved (certificate #369) pseudo random number generator (PRNG) based on SHA1. This PRNG is used to produce random numeric values for cryptographic keys, for random vectors where required by a padding technique and in response to the API utility function "randomgenerate". All user keys generated by the module rely on this PRNG, thus all user keys generated while in "FIPS mode" are "FIPS keys". 2.2.1. Key Generation Detail The PRNG is itself seeded by a built in electronic circuit which utilizes a random noise source. This circuit develops 32 bits of "hardware entropy" every 64 milliseconds ­ and this is used to reseed the PRNG at that frequency. Symmetric keys are generated by utilizing the output of the PRNG and setting appropriate padding where required by the intended algorithm. Finally, all Asymmetric key pairs generated are subject to a pairwise consistency test (a trial "sign/verify"). 2.2.2. Random Number Continuous Self Tests Both the PRNG and the hardware source entropy source used to continually seed it are continually tested as specified by FIPS PUB 1402 section 4.9.2 paragraph 1. If a failure occurs, the AEP ACCE 2 v1.8 will report an error whenever a "get random" or "key generation" operation is made and the operation will fail. 2.2.3. Non FIPSmode Key Generation Non FIPS mode also support commercial Key derivation mechanisms. Keys derived via these mechanisms are not "FIPS keys" and are not available when operating in FIPS mode. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 8 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 2.3. Self Tests At power up and at reset (reset ­ and hence self testing can be demanded by operator action), all hardware and firmware components necessary for correct operation are selftested. This self testing is carried out on the principle of "test before use" and hence the test ordering is: 1. Components necessary for minimal selftest environment: CPU cache. CPU register set. CPU time base ("decrementer") Read/Write memory. 2. Components necessary for full self testing: Read Only Memory. Internal interface devices. Secure Key Store. Cryptographic accelerator circuit test. 3. Application firmware: Integrity check (utilizing TDES MAC function). 4. Cryptographic Algorithms: AES, TDES, DSA, RSA, SHA_1 and SHA2 known answer tests. Algorithms implemented in firmware (SHA1, PRNG) known answer test. Any failure will cause the module to halt and display an error status message via the serial port. If the failure occurs in any of the components identified in '1. Components necessary for minimal selftest environment:' it is possible that no message will be output as the fault may be so severe as to prevent this operating. All cryptographic operations (including user and crypto officer log in) are inhibited if any self tests fail. 2.3.1. Firmware Load Test The module can accept field updates to its internal firmware. These updates are digitally signed using the RSA algorithm and verified by a public key which is built into the module during factory commissioning. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 9 of 20 3. Physical Security 3.1. Introduction The AEP ACCE 2 v1.8 is an embedded module validated as meeting the requirements of FIPS PUB 1402 level 4. Essentially this means that any physical attempt to access the module's Critical Security Parameters (CSPs) will result in those parameters being actively erased (zeroized). This protection is achieved by the construction of the module. All electronic elements are surrounded by a tamperdetecting envelope within an opaque resin coating and an outer metal case. Attempts to physically access the cryptographic processor and/or associated devices (including cutting, chemically dissolving, heating, cooling or modulating power supplies) cause the module to halt and to zeroize all CSPs. 3.2. Physical Security Rules The AEP ACCE 2 v1.8 will detect and respond to (by erasing keys) all types of physical, electrical and environmental attacks that are envisaged by the FIPS 1402 standard. No operator inspections, etc. are required for secure operation; the module will stop operating in the event of a tamper event. (It is important, however, to regard any and all instances of unexpected "tamper events" as serious and possibly an indication of an attack.) For reliable operation it is necessary that the permanent power supply to the module is maintained. Removal of this power supply will cause a "positive tamper" event and the module will need to be returned to AEP for repair. In the AEP Keyper Model 9720, this permanent power supply is provided by an internal battery ­ the AEP ACCE 2 v1.8 warns if the supply voltage drops significantly and this is an indication that that battery should be replaced. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 10 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 4. Identity Based Authentication 4.1. Single User The AEP ACCE 2 v1.8 supports multiple users but only one may have an active session at any time. 4.2. User/Crypto Officer Authentication The AEP ACCE 2 v1.8 user authentication mechanism uses a Gemplus MPCOS compatible Smart Card reader/writer connected to the appropriate interface. A User requires One Smart Card in order to identify and authenticate him (her) self. A Crypto Officer requires a Matched Pair of Smart Cards in order to authenticate him (her) self. (The requirement for a Matched Pair of Smart Cards allows customers to operate a "4 eyes" policy where two people are required to work together (with one Smart Card of a set each) in order to access Crypto Officer Functions.) 4.3. Creating a User or Crypto Officer The AEP ACCE 2 v1.8 does not directly support "user creation"; it always creates Crypto Officers. The distinction between "users" and "crypto officers" is a procedural matter for customers as described below: The procedure creates a matched pair of cards that contain a unique ID number (the ID is unique to each card) and a unique 56 bit cryptographic secret. Later authentication of this new Crypto Officer requires both cards in this pair. However, either card on its own can be used to authenticate for the User Role. Thus to convert a Crypto Officer Card Set into a User Card, the customer simply destroys one of the matched pair of new Crypto Officer Cards. That card can then be used to activate a user session but ­ as its fraternal twin no longer exists ­ can never be used to activate Crypto Officer functions. 4.4. Strength of Authentication Mechanism In order to authenticate, a User must possess the appropriate 56 bit secret "key". This key is used to encrypt a random DES challenge the probability of a correct response to the random challenge is directly related to the key space i.e. 1:256. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 11 of 20 Using the supplied interface, a "brute force" attack on this key could be attempted once every 5 seconds ­ but a sufficiently skilled attacker could develop equipment capable of conforming to the front panel interface definition and therefore simulating operation of the front panel keys in response to prompts and replies to the random challenge more rapidly than a human operator could achieve. In that situation, the rate that challenges can be issued is limited by the sum of the time to generate a random challenge, the time to encrypt a response, the time to decrypt the response and the time to pass this data together with front panel menu data over a 9600 baud serial link. As the entire protocol involves at least 100 bytes of data, the attacker is limited to a maximum of 10 attacks per second by the line speed. Accordingly, the average time taken to discover the key is at least: 256 /2 * 0.1 seconds. (3.6 * 1015 seconds; 6 * 1013 minutes; slightly more than 115 million years) FIPS PUB 1402 requires a probability of less than 1 in 100,000 of false acceptance within one minute. As illustrated, the module significantly exceeds this. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 12 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 5. Roles and Services 5.1. Roles The AEP ACCE 2 v1.8 supports the following Roles: Role Authentication Type Authentication Data Operator None None4. User Identitybased Knowledge of an individual DES key ­ the module generates a random number and requires the result of a DES ECB encryption (Unique ID Number) of that number using that key. Crypto Identitybased Knowledge of a pair of DES keys ­ the module generates two Officer random numbers and requires the result of two individual DES (Unique ID Number) ECB encryptions of those numbers ­ one for each key. 5.1.1. Operator In addition to the authenticated roles of User and Crypto Officer mentioned in "4. Identity Based Authentication", the module supports a nonauthenticated "operator" role. The operator role only permits the modules IP address and port numbers to be viewed or altered, the firmware version numbers to be inspected and a hard reset to be initiated. The operator role cannot undertake any cryptographic operations or load or unload keys, etc. The operator role has no access to CSPs. 5.1.2. User All cryptographic functions (in both FIPS and nonFIPS modes) provided by the module require that an Authenticated User is "logged in". When a User logs in, (s)he "starts services". This enables the network API and all cryptographic functions and all user keys are available until the user either "stops services" ("logs out") or an operator executes a reset (or cycles the module power). When Starting Services, the user can choose either "FIPS mode" or "NonFIPS mode". "Non FIPS mode" is a functional superset of FIPS mode and enables nonFIPS approved cryptographic algorithms and key derivations. Once services are started, users can carry out all cryptographic functions, import and export protected5 keys (where enabled) over the network interface, generate keys (specifying if future export over the network interface is permitted) and random numbers, etc. 4 The module does not authenticate the operator role at all; a switch closure on an interface line to activate the operator interface. In the AEP Keyper Model 9720, this interface line is wired to a keyswitch. 5 i.e. encrypted keys Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 13 of 20 Users have no access to module CSPs. Users cannot access or modify the Storage or Image master keys, cannot access the Smart Card interface to backup or recover keys, etc. Users cannot create other User or Crypto Officer Smart Card sets. 5.1.3. Crypto Officer In addition to being able to act as a User (as the crypto officer can also "start services" if a user has not already done so), a Crypto Officer can access the Smart Card interface in order to perform master key backup6 or recovery and user key backup and recovery. The Crypto Officer can also disable all protected key import and export over the network interface, can create additional user and crypto officer Smart Card sets and erase all keys. "Erasing All" keys sets the module to "Initialized State" and revokes all User and Crypto Officer Smart Card sets. Once in initialized state, the module cannot be used until it is made operational again (by generating an initial set of Crypto Officer Smart Cards and deliberately "going operational"). 5.2. Services and Critical Security Parameter (CSP) Access 5.2.1. CSP Definition The following table describes the keys and CSP's stored or used by the module: CSP Name Description and /or Purpose Type of Key or CSP Storage Location IMK Protection of the SVK, SSMK Triple DES SKS7 (Image Master Key) & AAK SMK Protection of User Keys Triple DES SKS (Storage Master Key) AAK Authentication of Users & 128 bit secret random BBRAM, TDES (Authentication String) Crypto Officers value. encrypted by IMK. User Keys Encryption/Decryption, or Triple DES, AES, DSA, BBRAM, TDES Signatures RSA encrypted by SMK. SSMK Validation of firmware at power Triple DES BBRAM, TDES (Software Storage up or reset. encrypted by IMK. MAC key) SVK (Software Verify Firmware Downloaded 4096 RSA public key BBRAM, TDES Verification Key) to Module encrypted by IMK. TDES MAC Verify firmware integrity at DES MAC result Stored in FLASH at poweron end of firmware image. 5.2.2. Services and Access The table below summarizes the CSPs accessed by the various roles in utilizing the module's services. (Note all Operator services are available to Users. All User and Operator Services are available to Crypto Officers.): 6 key backup is not possible if it has been disabled during initialisation of the module ­ this is to support the digital signature laws of various European states. 7 The Secure Key Store (SKS) is a dedicated micro controller with its own internal memory that permanently monitors the tamper status of the module and zeroizes its contents (the SMK & IMK) if a tamper occurs. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 14 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 Role Services Notes Access (RWX) Operator Modify Network Although the operator can modify network W Parameters parameters they do not become effective until the next restart of the module and an authenticated user has logged in. Operator View Firmware R Version Operator View FIPS Mode R Operator Execute Self Tests X Operator View Audit Log R Operator View HSM Status R Dump User Log in. An authentication secret is derived from the AAK AAK X and the User ID values. User responds to a random challenge by DES encrypting it with his copy of this secret and returning the result. User Generate Key RSA, DSA, TDES, AES. User Key W User Sign RSA, DSA User Key X User Verify RSA, DSA User Key X User Encrypt/Decrypt TDES, AES User Key X User Key (un)wrap TDES, AES, RSA User Key X User Hash data SHA1, SHA2 X User Get Random pRNG (certificate #41) X Crypto Set module AAK AAK X Officer operational Crypto Permanently disable Must be set before making module operational. X Officer all key export (Also disables SMK backup/recovery.) Crypto Enable or disable X Officer key export via API Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 15 of 20 Crypto Enable or disable X Officer network setting configuration Crypto View key names and Dumps the HSM status and a list of stored key R Officer HSM status names out of the serial port Crypto Create New User / Creates new smart card sets containing new AAK X Officer Crypto Officer authentication secrets. Crypto Backup/Recover SMK (M of N components; La Grange interpolating SMK R/W Officer SMK Polynomial, one component per Smart Card, 2 of 4 to 9 of 9). SMK backup and recovery can be forbidden during initialization in order to confirm to the Digital Signature laws of some European states. Crypto Backup/Recover User keys are copied to or from the module internal User Keys Officer User Keys nonvolatile store to or from smart cards. (All user R/W keys stored within the module's non volatile store are encrypted with TDES under the SMK. Accordingly, all keys backed up to Smart Card are already encrypted with TDES under the SMK. Keys recovered from Smart Card must be encrypted by the module's current SMK or they cannot be decrypted and used by the module.) User Key backup and recovery can be forbidden during initialization in order to confirm to the Digital Signature laws of some European states, Crypto Zeroize All Keys Zeroize ALL CSPs (except IMK, SSMK & SVR). SMK, AAK & Officer Revokes all User and Crypto Officer Smart Cards. User Keys Returns module to "as delivered" state. X. (All zeroized) Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 16 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 6. Maintenance With the exception of firmware updating, no other user maintenance of an module is possible. If a fault develops (including faults indicated by the selftest system), the module must be removed from service. Repair of a module requires return to AEP Networks; no third party or site service is possible. Products based on module (for example, the AEP Keyper Model 9720) may potentially be repaired on the customer's site where the fault does not include module components (for example, Smart Card reader or display/keypad faults). Please note, AEP is not aware of any mechanism which can recover customer's keys from a module without either access to the Security Officer authentication Smart Cards or key backup Smart Cards. AEP is not able to assist customers in key recovery if such backups are not maintained. 6.1. Firmware Upgrade User supplied firmware cannot be loaded into the module as it must be digitally signed by AEP, but field updates to more recent firmware revisions are possible. AEP ACCE 2 v1.8's application firmware can be upgraded while on the module owner's site using the secure download process. Note: If "FIPSmode" operation of the module is required after firmware upgrade, the new firmware must be FIPS validated. The download process replaces the factorysupplied application with new software. This downloaded firmware is digitally signed by AEP Networks and may also be encrypted. Downloading requires a special AEP utility which runs on Microsoft Windows PCs. Customers with AEP support contracts can obtain both updates firmware and this utility from AEP support. If the AEP ACCE 2 v1.8 does not recognize the RSA digital signature applied to the update or if the downloaded firmware has an older version number than the firmware already loaded, it will reject the download and restart using its preupdate firmware: Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 17 of 20 Appendix A. Operator Guidance Introduction This section presents brief details of the installation, configuration and operation of a product based on the module including ensuring it is operated in FIPS mode should only be undertaken by suitably qualified and authorized personnel and in accordance with the instructions contained in the relevant product manuals. However, the main points that must be observed in order to operate this module in FIPS mode are: Inspection on Delivery All products based on the module are delivered in tamper evident packaging ­ only authorized personnel should remove the product from its packaging and they should satisfy themselves that the packaging has not been tampered with before doing so. If the packaging shows evidence of tampering, this must be regarded as suspicious. If the product containing the module features its own tamper evident features and or temperature limit indicators these should also be inspected. (AEP Keyper products have tamper evident seals and have devices that indicate temperature limits have been exceeded). Initialization Creating the First Crypto Officer On delivery the module should be in "Initialized State" ­ at this point it has no security data in it at all and the first thing that must be done is the creation of the first Security Officer [SO]. On initial switch on the module will carry out self tests and then display "Important Read Manual" on the product LCD display panel. Upon selecting 'ENT' the user is prompted to Issue Cards (the first menu option): "Initial 1126 >" "1. Issue Cards." or "Initial 0405 >" "1. Issue Cards." Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 18 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 At this point, press 1 on the product keypad and insert the first Smart Card of a 2 card "SO8" set. You will be asked to enter the Card's PIN9; enter 11223344). (You can change this Card PIN later.) After the first SO Card is initialized, you will be prompted to insert the second and to key in its PIN. (11223344.) When this card is also initialized, the creation of the first Crypto Officer is complete and you should proceed to "Go Operational" in order to complete the configuration and create any desired additional Crypto Officers and Users. "Going Operational" Now the first Crypto Officer exists, the module should be made operational by selection menu item 3, "Go Operational". The Crypto Officer will have to authenticate this command by inserting both SO cards and keying in their PINs as prompted. When Operational the Crypto Officer should change their PIN using the 'Change PINs' Crypto Officer menu option. Operational State Set Network Parameters The module is designed to be incorporated in a network appliance. Before it can be used the IP network parameters must be set so that it can operate in your system. Setting the network parameters is an operator service and does not require authentication. From the front panel menu select "1. Network", "1. Set", "1. and finally "1. IP Address". Key in a Class C IP address that is correct for your installation and press ENT to confirm it. If you wish you can also set the Network Net Mask via "1. Network", "1. Set", "1. and finally "2. Net Mask". Key in the relevant network mask and again press ENT to confirm. When the network parameters have been changed press the reset button for the changes to take effect. Start Services in FIPS mode From the front panel menu select "2. Security Officer". Insert a User or Crypto Officer Smart Card and enter its PIN when required. Remove the card when prompted. Select "4. Start Services". Confirm FIPS mode operation 8 Cards used to identify Users and Crypto Officers are both termed "Security Officer Cards" in product documentation. 9 The AEP ACCE 2 v1.8 does not utilize or interpret these PINs directly. The PINs are required by the Smart Cards. Their use is not validated as part of the AEP ACCE 2 v1.8 FIPS 1402 Level 4 validation. They supply additional "Systemlevel" security. Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. AEP ACCE 2 v1.8 FIPS 1402 Security Policy iss 5 Page 19 of 20 From the front panel menu select "1. Operator", "3. FIPS mode". The front panel display will now confirm the module is operating in FIPS mode by displaying "FIPS mode". Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified. Page 20 of 20 FIPS 1402 Security Policy iss 5 AEP ACCE 2 v1.8 Document Configuration Document details File Name: SecurityPolicy.doc Document Title: Advanced Configurable Cryptographic Environment (ACCE) v1.8 FIPS 1402 Security Policy iss 5 Document Revision No.: 5 Author: David Milller Approved By: David Miller Revision Date: 13th May 2008 Copyright © 2008 AEP Networks. This document may be reproduced and distributed providing such a reproduction is complete and unmodified.