Motorola S2500 User's Manual
Contents
1. The MNR S2500 router is composed of industry standard production grade components 11 Mitigation of Other Attacks Policy The module has not been designed to mitigate against other attacks outside the scope of FIPS 140 2 12 Definitions and Acronyms AES Advanced Encryption Standard CBC Cipher Block Chaining CLI Command Line Interface CSP Critical Security Parameter DH Diffie Hellman DRNG Deterministic Random Number Generator FRF Frame Relay Forum FRF 17 Frame Relay Privacy Implementation Agreement FRPP Frame Relay Privacy Protocol HMAC Hash Message Authentication Code IKE Internet Key Exchange IP Internet Protocol IPsec Internet Protocol Security KAT Known Answer Test KDF Key Derivation Function KEK Key Encrypting Key MNR Motorola Network Router OSPF Open Shortest Path First Q MOTOROLA Page 17 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 PFS Perfect Forward Secrecy RNG Random Number Generator SHA Secure Hash Algorithm SSH Secure Shell SNMP Simple Network Management Protocol Tanapa The part number that is built and stocked for customer orders Q MOTOROLA Page 182. 2500 is a multi chip standalone cryptographic module encased in a commercial grade metal case made of cold rolled steel The module cryptographic boundary is the routers enclosure which includes all components including the encryption module which is a separate part Figure 1 illustrates the cryptographic boundary of the MNR S2500 router In the photo blank plates cover slots that can hold optional network interface cards The FIPS validated firmware versions are XS 15 1 0 75 XS 15 1 0 76 XS 15 2 0 20 and XS 15 4 0 60 Configurations S2500 Base Unit 2500 Encryption Module FW Version P N Tanapa Revision P N Tanapa Revision Number Number ST2500B CLN1713E ST2516A CLN8262C XS 15 1 0 75 ST2500B CLN1713E ST2516A CLN8262C XS 15 1 0 76 ST2500B CLN1713E ST2516A CLN8262C XS 15 2 0 20 ST2500B CLN1713E ST2516A CLN8262C XS 15 4 0 60 Table 1 MNR S2500 Router Version Numbers Figure 1 MNR S2500 Router Cryptographic Module Boundary Q MOTOROLA Page 3 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 2 Security Level The cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140 2 Security Requirements Section Cryptographic Module Specification Module Ports and Interfaces Roles Services and Authentication Finite State Model Physical Security Operational Environment Cryptographic Key Management EMI EMC Self Tests
3. AA MOTOROLA Motorola Network Router MNR S2500 Security Policy Document Version 1 3 Revision Date 1 13 2009 Copyright Motorola Inc 2009 May be reproduced only in its original entirety without revision MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 TABLE OF CONTENTS 1 MODULE OVER NY LEW siccsssssccssstlecscesvessedssdstevessccsocavscdssusesvessnscecssescosstaseecs ese dee gen ds ee vee se eed sea gees bes enge ed sd Ge se sss 3 2 SECURITY LEVEL OE EE EE ssetecsesvsvensoenssedsesesssvsusbesosseseassedssecsuvesseeds coeesddessasssuusioosse 4 3 MODES OF OPERA TION vscsisssves cssusecsesvescsvasesssssusuesosbesvcsiseestossugacessseussasoeteesssusetessoss0sisesssescsucbedestbeseadesvescseusesstses 4 4 PORTS AND INTERFACES aicccsssssscccsosesesssssscssssseteossessecssoecesossvacecos eb sd se de doe ee ese ee ese ee sd ese does oe eg od se de Ge Ged ed eo dd 8 5 IDENTIFICATION AND AUTHENTICATION POLICY sscccssssscccssssccssssscccssscccssscccssssccccsssccesssseeseses 8 6 ACCESS CONTROL POLICY ss osse sesse does eds ed Eie see se de oe Goede Go Rg se og Ge ee og so EG eo Ed do oe des ede 10 AUTHENTICATED SERVICES wa seel ie gee see ed Ge ee A ee n EG dh ge be oe ee Ee ee Ee ES ee e 10 UNAUTHENTICATED SERVICES 4 EE ee Ee Bee es GER ER See eg Bee ese de ee GE ee Gee ee it e Ee EE EED ee ei ek 10 ROLES AND SERVICES E A BE Ee DE Ee eer ade See te eg bobs EE ED GE tee E taki te ci 11 DEFINITION OF
4. shared_key gt lt pre shared_key gt The PSK must be at least 80 bits in length with at least 80 bits of entropy 3 Configure Ipsec and FRF 17 selector lists using the command ADD CRYPTO SelectorLIst For FIPS mode the selector list must be configured to encrypt all packets on an encrypted port e g ADD CRYPTO SelectorLIst s1 1 Include ANY 0 0 0 0 0 0 0 0 0 0 4 If Ipsec is used configure Ipsec transform lists using the ADD CRYPTO TransformL Ist command For FIPS mode only the following values are allowed Encryption Transform ESP 3DES or ESP AES and Authentication Transform ESP SHA 5 If FRF 17 is used configure FRF 17 transform lists using the ADD CRYPTO TransformLIst command For FIPS mode only the following values are allowed Encryption Transform FRF 3DES or FRF AES and Authentication Transform FRF SHA 6 For each port for which encrypted is required bind a dynamic policy to the ports using ADD lt portlist gt CRYPTO DynamicPOLicy lt policy_name gt lt priority gt lt mode gt lt selctrlist_name gt lt xfrmlist_name gt lt pfs gt lt lifetime gt lt preconnect gt To be in FIPS mode the selector list and transform list names must be defined as in previous steps T For each port for which encryption is reguired enable encryption on that port using SETDefault lt portlist gt CRYPTO CONTrol Enabled 8 FIPS 140 2 mode achieved Table 3 FIPS Approved m
5. CRITICAL SECURITY PARAMETERS CSPS ees se ee ee se se ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee Re ee Ge ee ee ee Re ee ee ea 12 DEFINITION OF CSPS MODES OF ACCESS ees ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee ee 13 7 OPERATIONAL ENVIRONMENT sissies Ge sede ede de ee Soe de dee Gee Sie ees de Vos sedes e Nee sk Se Ge dee Ges Ge de ed Ges Ee eed 15 8 SECURITY RULES esses sd esse ede ds osse ee soe od esse ses ds ed dee Go Se de sd ees de de ede ok eds eds ei ee se Ge EG ob ed ises de sees eo ode de God ed se 15 9 CRYPTO OFFICER GUIDANCE i sels eer Ge de Gesk Geo ee Dee ee ee se Ge Ge Dek Gee SG Ge Ee NG oe Gee E Se ee gee ee see ds de Gede se 16 10 PHYSICAL SECURITY POLICY si essessss ss osse soes dogs eo od eo oog do os de de ee oe ede sesde de sedes se oe gees doe Go seekos ee does E Ee 17 PHYSICAL SECURITY MECHANISMS Ee oo n Ee ee EE Ge ve ee RE ce ee ee Re ee be Dee ee bee See ee Re ek oe ee ee dd 17 11 MITIGATION OF OTHER ATTACKS POLICY esse es ssse sees se se ee esse ee es se ee es se ee Ge Ge ee Ge Ge Ee ee Ge ee Ge Ge Ge 17 12 DEFINITIONS AND ACRONYMS esse sesse ees asses de de oe se geoes de Gee eo oe dd dode ee Go ERG oe Ge ee dee es Se ed Ge Ee see de 17 Q MOTOROLA Page 2 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 1 Module Overview The MNR 52500 router also referred to as the
6. Design Assurance Mitigation of Other Attacks Table 2 Module Security Level Specification 3 Modes of Operation Approved mode of operation In FIPS mode the cryptographic module supports the following FIPS Approved algorithms as follows Hardware Implementations a Triple DES CBC mode 112 or 168 bit for IPsec and FRF 17 encryption Cert 588 b AES CBC mode 128 192 256 bit for IPsec and FRF 17 encryption Cert 625 c HMAC SHA 1 for IPsec and FRF 17 authentication Cert 342 d SHA 1 for message hash Cert 693 Q MOTOROLA Page 4 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 Firmware Implementations a b g Triple DES CBC mode 112 and 168 bit for IKE and SSHv2 encryption Cert 581 AES CBC 128 192 256 bit ECB 128 and CFB 128 modes for IKE and SSHv2 encryption Cert 611 HMAC SHA 1 for IKE and SSHv2 authentication Cert 322 SHA 1 for message hash Cert 659 RSA v1 5 1024 bit for public private key pair generation and digital signatures Cert 283 DSA 1024 bit for public private key pair generation and digital signatures Cert 237 ANSI X9 31 Deterministic Random Number Generator DRNG Cert 349 The MNR 52500 router supports the commercially available IKE and Diffie Hellman protocols for key establishment IPsec ESP and FRF 17 protocols to provide data confidentiality using FIPS approved encryption and authentica
7. Ps stored within the module KEK protected keys include PSK and passwords Encryption of keys uses AES 128ECB IKE Preshared Keys Used to authenticate peer to peer during IKE session SKEYID Generated for IKE Phase 1 by hashing preshared keys with responder receiver nonce SKEYID_d Phase key used to derive keying material for IKE SAs SKEYID_a Key used for integrity and authentication of the phase 1 exchange SKEYID_e Key used for TDES or AES data encryption of phase 1 exchange Ephemeral DH Phase 1 Generated for IKE Phase 1 key establishment private key a Ephemeral DH Phase 2 private key a Phase 2 Diffie Hellman private keys used in PFS for key renewal IPSEC Session keys 128 192 256 bit AES CBC and 168 bit TDES keys are used to encrypt and authenticate IPSEC ESP packets FRF 17 Session Keys 168 bit TDES CBC and 128 192 256 bit AES CBC keys are used to encrypt and authenticate FRF 17 Mode 2 SSH RSA Private Key SSH DSA Private Key Key used to authenticate oneself to peer Key used to authenticate oneself to peer SSH Session Keys 168 bit TDES CBC and 128 192 256 bit AES CBC keys are used to encrypt and authenticate SSH packets SSH DH Private Key Generated for SSH key establishment RNG Seed Initial seed for FIPS approved deterministic RNG Network Manager Password Root 7 to 15 character password used to authenticate to the CO Role Crypto Officer User Admin 7 to 15 character pa
8. ate to access the router Multiple concurrent operators Each operator has an independent session with the router either though Telnet SSH or via the console Once authenticated to a role each operator can access only those services for that role In this way separation is maintained between the role and services allowed for each operator The definition of all supported roles is shown in Table 5 below Role Type ot See Authentication Data Description Authentication Crypto Officer Role based operator Username and Password The The owner of the cryptographic Super User authentication module stores user identity module with full access to services of information internally or if the module configured Network Role based operator Username and Password The A user of the cryptographic module Manager authentication module stores user identity with almost full access to services of information internally the module Admin Role based operator Username and Password The An assistant to the Crypto Officer authentication module stores user identity that has read only access to a subset information internally of module configuration and status indications User Role based operator Username and Password The A user of the cryptographic module authentication module stores user identity that has read only access to a subset information internally of module configuration and status indications Maintenanc
9. c selector lists 9 Crypto Officer Guidance On initial installation perform the following steps 1 Power on the module and verify successful completion of power up self tests from console port or inspection of log file Authenticate to the module using the default user acting as the Crypto Officer with the default password and username Verify that the Hardware and Firmware P Ns and version numbers of the module are the FIPS approved versions Change the Network Manager Crypto Officer and User passwords using the SysPassWord command Initialize the Key Encryption Key KEK with the KEKGenerate command Account passwords and certain keys are persistent across reboots and are encrypted with the Key Encryption Key KEK This key can be reinitialized at any time The module supports a minimum password length of 7 characters and a maximum length of 15 characters The Crypto Officer controls the minimum password length through the PwMinLength parameter SETDefault SYS PwMinLength lt length gt where lt length gt specifies the minimum length Before entering or exiting the Maintenance Role or non FIPS mode the operator shall use the Zeroization Service to zeroize all CSPs The Zeroization Service should also be invoked prior to removing a router from service for repair Q MOTOROLA Page 16 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 10 Physical Security Policy Physical Security Mechanisms
10. e None see comment N A Maintenance role can be entered via the external console port unauthenticated or via EOS software command requires Network Manager authentication Table 5 Roles and Required Identification and Authentication Authentication Mechanism Strength of Mechanism Username and Password The probability that a random attempt will succeed or a false acceptance will occur is 1 94 7 which is less than 1 1 000 000 Table 6 Strengths of Authentication Mechanisms Q MOTOROLA Page 9 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 6 Access Control Policy Authenticated Services Firmware Update load firmware images digitally signed by RSA 1024 bit algorithm Key Entry Enter Pre Shared Keys PSK User Management Add Delete and manage passwords operators Reboot force the module to power cycle via a command Zeroization actively destroy all plaintext CSPs and keys Crypto Configuration Configure IPsec and FRF 17 services IKE Key establishment utilizing the IKE protocol IPsec tunnel establishment IPsec protocol FRF 17 tunnel establishment Frame Relay Privacy Protocol SSHv2 for remote access to the router Network configuration Configure networking capabilities Enable Ports Apply a security policy to a port File System Access file system Authenticated Show status Provide status to an authenticated operator Access Control Provide access control for a
11. ees vo as JE El SES eek e ais 1 21 pate li eEe 2 6 Elg 5 Fa bla BBs Fs e EEE le o BS 8 ES Bal EZEZ 2 S ESES E R lt KEK R R R IKE Ee w A IE ar R SKEYID RW Z z SKEYID_d RW Z SKEYID_a RW Z SKEYID_e RW Z Ephemeral DH Phase 1 private RW Z key Ephemeral Phase ae a 2 DH private key IPSEC Session e li 7 Keys FRF 17 Session RW 2 7 Keys SSH RSA Private oy ae Key SSH DSA Private n zel ey Key SSH Session Keys RW Z SSH DH Private RW 7 Key Root Password RW Z User Admin RW Z User Accounts RW Z RNG Seed RW Z Table 10 Services to CSP Access mapping Q moToRoLA Page 14 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 7 Operational Environment The FIPS 140 2 Area 6 Operational Environment requirements are not applicable because the MNR 52500 router does not contain a modifiable operational environment 8 Security Rules The example cryptographic module s design corresponds to the example cryptographic module s security rules This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140 2 Level 1 module 1 The MNR S2500 router provides five distinct operator roles Crypto Officer SuperUser Admin Network Manager User and Maintenance The Crypto Officer role uses the root account 2 The MNR S2500 router encrypts message traffic using the AES o
12. entional output control input power to IP E amp M output Power Plug 1 Power input N A External Power input port LEDs 7 Status Output N A Provides LED status output Table 4 S2500 physical ports and logical interfaces 5 Identification and Authentication Policy Assumption of roles The MNR 52500 router supports five distinct operator roles Crypto Officer SuperUser Admin Network Manager User and Maintenance The first four roles require user authentication via user name and password when accessing the router via any interface The unauthenticated maintenance role is entered only via the router console port The MNR 52500 router enforces the separation of roles by providing specific services only to users who have been authenticated to a role with the required privilege to access those services The role based authentication capabilities will be described here although the role based authentication is not required to comply with Level 1 requirements An operator must enter a username and its password to log in Passwords are alphanumeric Q MOTOROLA Page 8 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 strings consisting of 7 to 15 characters chosen from the 94 standard keyboard characters Upon correct authentication the role is selected based on the username of the operator At the end of a session the operator must log out When a router power cycles sessions are terminated A user must reauthentic
13. ll operators Unauthenticated Services Unauthenticated Show status provide the status of the cryptographic module the status is shown using the LEDs on the front panel Power up Self tests execute the suite of self tests required by FIPS 140 2 during power up not requiring operator intervention Monitor Perform various hardware support services MOTOROLA Page 10 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 Roles and Services Service Crypto Officer SuperUser Maintenance User Admin Firmware Update Key Entry User Management IKE IPsec Tunnel Establishment FRF 17 Tunnel Establishment SSHv2 Reboot Zeroization Crypto Configuration Network Configuration Enable Ports File System Authenticated Show Status gt lt gt gt gt gt gt gt gt gt gt gt gt gt lt xX Network Manager pe mK pe pa mK OK PA PA PA mK ES Unauthenticated Show Status gt gt gt gt Power up Self Tests Monitor X X Access Control X X Table 7 Services to Roles mapping Q moToRoLA Page 11 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 Definition of Critical Security Parameters CSPs The following CSPs are contained within the module Key Description Usage KEK This is the master key that encrypts persistent CS
14. ode configuration To review the cryptographic configuration of the router use the following command MOTOROLA Page 6 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 SHOW CRYPTO CONFiguration This command shows a detailed summary of the cryptographic configuration and allows a user to verify that encryption is enabled on user determined ports and that only FIPS Approved algorithms are used for encryption and authentication Q MOTOROLA Page 7 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 4 Ports and Interfaces Table 4 below provides a listing of the physical ports and logical interfaces for the MNR S2500 router The MNR 52500 base unit provides a single 10 100 Mbps Ethernet interface and a console port The MNR 52500 router incorporates two I O slots for WAN and LAN connectivity and one slot for analog connectivity Physical Port Qty Logical interface definition Interface Card Comments Ethernet 1 Data input data output status Part of the 2500 Base LAN port that provides output control input system connection to Ethernet LANs using either 10BASE T or 100BASE TX Ethernet Console 1 Status output control input Part of the S2500 Base RS 232 interface system LAN WAN 0 lor Data input data output status Optional Ethernet and 2 output control input power WAN modules output Analog 0 1 Data input data output status Optional conv
15. r TDES algorithm 3 The MNR S2500 router performs the following tests A Power up Self Tests 1 Cryptographic algorithm tests Hardware Implementation a AES CBC Known Answer Test b TDES CBC Known Answer Test c HMAC SHA 1 Known Answer Test Includes SHA 1 KAT Firmware Implementation a AES CBC Known Answer Test b TDES CBC Known Answer Test c HMAC SHA 1 Known Answer Test Includes SHA 1 KAT d ANSI X9 31 DRNG Known Answer Test e RSA Known Answer Test f DSA Known Answer Test 2 Firmware Integrity Test 16 bit CRC Q MOTOROLA Page 15 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 B Conditional Self Tests a Continuous Random Number Generator RNG test on FIPS approved deterministic RNG and Hardware NDRNG b Firmware load test RSA signature verification of externally loaded code c Alternating bypass tests when enabling FRF 17 and IPsec encryption d Pair wise consistency test for public and private key establishment RSA and DSA e Manual key entry test 4 At any time the MNR S2500 router is in an idle state the operator can command the router to perform the power up self test by power cycling or rebooting the router 5 Data output is inhibited during key generation self tests zeroization and error states 6 Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module 7 The operator shall not modify any IPse
16. ssword used to authenticate to the User Role User Accounts 7 to 15 character password used to authenticate accounts created on the module MOTOROLA Table 8 Critical Security Parameters CSPs Page 12 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 Definition of Public Keys The following public keys are contained within the module Key Description Usage RSA Firmware Load Key Distributed to module for firmware authentication SSH RSA Key Distributed to peer used for SSH authentication SSH DSA Key Distributed to peer used for SSH authentication SSH Known Host Keys Distributed to module used to authenticate peer IKE DH public key g a Generated for IKE Phase 1 key establishment IKE DH phase 2 public g a Phase 2 Diffie Hellman public keys used in PFS for key renewal if key configured SSH DH Key Generated for SSH key establishment Table 9 Public Keys Definition of CSPs Modes of Access Table 10 defines the relationship between access to CSPs and the different module services The modes of access shown in the table are defined as follows e Read the data item is read from memory e Write the data item is written into memory e Zeroize the data item is actively overwritten Q MOTOROLA Page 13 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 el Bees elek IE B
17. tion algorithms and SSHv2 for secure remote access Allowed Algorithms Diffie Hellman allowed for key agreement per Annex D key agreement methodology provides 80 to 112 bits of encryption strength Hardware non deterministic RNG Provides seed for approved deterministic RNG MDS for hashing Provides interoperability within supported protocols HMAC MDS Non FIPS approved algorithms In a Non FIPS mode of operation the cryptographic module provides non FIPS Approved algorithms as follows Q MOTOROLA DES for encryption decryption Non approved SW RNG Diffie Hellman Group 1 768 bit Page 5 MNR S2500 Security Policy Version 1 3 Revision Date 1 13 2009 Entering FIPS Mode To enter FIPS mode the Crypto Officer must follow the procedure outlined in Table 3 below For details on individual router commands use the online help facility or review the Enterprise OS Software User Guide version 15 4 and the Enterprise OS Software Reference Guide version 15 4 Step Description 1 Configure the parameters for the IKE negotiations using the IKEProfile command For FIPS mode only the following values are allowed Diffie Hellman Group Group 2 or Group 5 Encryption Algorithm AES or 3DES Hash Algorithm SHA and Authentication Method PreSharedKey 2 Manually establish via the local console port the pre shared key PSK to be used for the IKE protocol using ADD CRYPTO FipsPreSharedKey lt peer_ID gt lt pre
Download Pdf Manuals
Related Search