HP FIPS 140-2 User's Manual
Contents
1. NIC Network Interface Card NIST National Institute of Standards and Technology NTP Network Time Protocol PCI Peripheral Component Interconnect PRNG Pseudo Random Number Generator RFC Request for Comments RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SKM Secure Key Manager SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Socket Layer TLS Transport Layer Security UID Unit Identifier USB Universal Serial Bus VGA Video Graphics Array XML Extensible Markup Language HP StorageWorks Secure Key Manager 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety January 31 2008 Page 26 of 262. ANSI American National Standard Institute BIOS Basic Input Output System CA Certificate Authority CBC Cipher Block Chaining CLI Command Line Interface CMVP Cryptographic Module Validation Program CPU Central Processing Unit CRC Cyclic Redundancy Check CRL Certificate Revocation List CSP Critical Security Parameter DES DRNG Data Encryption Standard Deterministic Random Number Generator DSA Digital Signature Algorithm ECB Electronic Codebook EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard FTP File Transfer Protocol HDD HMAC Hard Drive Keyed Hash Message Authentication Code HP Hewlett Packard IDE Integrated Drive Electronics iLO Integrated Lights Out 1 0 Input Output IP Internet Protocol ISA Instruction Set Architecture KAT Known Answer Test KMS Key Management Service LDAP Lightweight Directory Access Protocol LED MAC Light Emitting Diode Message Authentication Code N A Not Applicable HP StorageWorks Secure Key Manager This document may be freely reproduced in its original entirety 2008 Hewlett Packard Company January 31 2008 Page 25 of 26 Security Policy version 1 0 Acronym Definition
3. The actual number of bits that need to be transmitted for one attempt is much greater than 80 We are considering the worst case scenario The processor used by the module has a working frequency of 3 0 gigabytes hence at most 60x3 0x10 bits of data can be transmitted in 60 seconds Since 80 bits are necessary for one attempt at most 60x3 0x10 80 2 25x10 attempts are possible in 60 seconds However there exist 2 possibilities 2 25x10 2 1 86x10 10 The probability of a successful certificate attempt in 60 seconds is considerably less than 107 Passwords in the module must consist of eight or more characters from the set of 90 human readable numeric alphabetic upper and lower case and special character symbols Excluding those combinations that do not meet password constraints see Section 2 7 1 Keys and CSPs the size of the password space is about 60 The probability of a successful random guess is 60 Since 10 60 a random attempt is very unlikely to succeed After six unsuccessful attempts the module will be locked down for 60 seconds i e at most six trials are possible HP StorageWorks Secure Key Manager Page 14 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 in 60 seconds Since 10 6x60 the probability of a successful password attempt in 60 seconds is considerably less than 107 2 4 6 Unau
4. Client bit DRNG during certificate memory verifies server first time signatures initialization KRsaPriv Server RSA private Generated by Never In non At operator Server key 1024 or 2048 ANSI X9 31 volatile delete or decrypts Pre bit DRNG during memory zeroize request MS Server first time generates initialization signatures CARsaPub Certificate Authority Generated by In plaintext In non At operator Verify CA CA RSA public key ANSI X9 31 volatile delete request signatures 1024 or 2048 bit DRNG during memory first time initialization CARsaPriv CA RSA private key Generated by never In non At operator Sign server 1024 or 2048 bit ANSI X9 31 volatile delete or certificates DRNG during memory zeroize request first time initialization Cluster Cluster Member Input in plaintext Never In volatile Upon session Verify Cluster Member RSA public key memory termination Member RsaPub 1024 or 2048 bit signatures TLS Ks TLS session AES or Derived from MS Never In volatile Upon session Encrypt and 3DES symmetric memory termination decrypt data key s TLS Khmac TLS session HMAC Derived from MS Never In volatile Upon session Authenticate key memory termination data Table 13 details all cipher suites supported by the TLS protocol implemented by the module The suite names in the first column match the definitions in RFC 2246 and RFC 4346 Table 13 Cipher Suites Supported by th
5. Physical Security Assurance of this document for more information 2 6 Operational Environment The operational environment requirements do not apply to the HP StorageWorks Secure Key Manager the module does not provide a general purpose operating system and only allows the updating of image components after checking an RSA signature on the new firmware image Crypto Officers can install a new firmware image on the SKM by downloading the image to the SKM This image is signed by an RSA private key which never enters the module The SKM verifies the signature on the new firmware image using the public key stored in the module If the verification passes the upgrade is allowed Otherwise the upgrade process fails and the old image is reused 2 7 Cryptographic Key Management 2 7 1 Keys and CSPs The SSH and TLS protocols employed by the FIPS mode of the module are security related Table 11 List of Cryptographic Keys Cryptographic Key Components and CSPs for SSH and Table 12 List of Cryptographic Keys Cryptographic Key Components and CSPs for TLS introduce cryptographic keys key components and CSPs involved in the two protocols respectively Table 11 List of Cryptographic Keys Cryptographic Key Components and CSPs for SSH Key Key Type Generation Input Output Storage Zeroization Use HP StorageWorks Secure Key Manager Page 15 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its origina
6. 0 2 Security Requirements for Cryptographic Modules specifies the U S and Canadian Governments requirements for cryptographic modules The following pages describe how HP s SKM meets these requirements and how to use the SKM in a mode of operation compliant with FIPS 140 2 This policy was prepared as part of the Level 2 FIPS 140 2 validation of the HP StorageWorks Secure Key Manager More information about FIPS 140 2 and the Cryptographic Module Validation Program CMVP is available at the website of the National Institute of Standards and Technology NIST http csrc nist gov groups STM cmvp index html In this document the HP StorageWorks Secure Key Manager is referred to as the SKM the module or the device 1 2 References This document deals only with the operations and capabilities of the module in the technical terms of a FIPS 140 2 cryptographic module security policy More information is available on the module from the following sources e The HP website http www hp com contains information on the full line of products from HP e The CMVP website http csrc nist gov groups STM cmvp index html contains contact information for answers to technical or sales related questions for the module HP StorageWorks Secure Key Manager Page 5 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 2 HP StorageWorks Secure Key
7. Manager 2 1 Overview HP provides a range of security products for banking the Internet and enterprise security applications These products use encryption technology often embedded in hardware to safeguard sensitive data such as financial transactions over private and public networks and to offload security processing from the server The HP StorageWorks Secure Key Manager is a hardened server that provides security policy and key management services to encrypting client devices and applications After enrollment clients such as storage systems application servers and databases make requests to the SKM for creation and management of cryptographic keys and related metadata Client applications can access the SKM via its Key Management Service KMS server Configuration and management can be performed via web administration Secure Shell SSH or serial console Status monitoring interfaces include a dedicated FIPS status interface a health check interface and Simple Network Management Protocol SNMP The deployment architecture of the HP StorageWorks Secure Key Manager is shown in Figure 1 below Web Server Application Server Database Storage System HP StorageWorks Secure Key Manager Figure 1 Deployment Architecture of the HP StorageWorks Secure Key Manager 2 2 Cryptographic Module Specification The HP StorageWorks Secure Key Manager is validated at FIPS 140 2 section levels shown in Table 1 Sec
8. RSA 1024 and 2048 bits for key transport Caveat The RSA 1024 and 2048 bit key wrapping and key establishment provide 80 and 112 bits of encryption strength respectively In the non FIPS mode of operation the module also implements DES MD5 RC4 and 512 and 768 bit RSA for signature generation and verification and key establishment 2 3 Module Interfaces FIPS 140 2 defines four logical interfaces e Data Input e Data Output e Control Input e Status Output The module features the following physical ports and LEDs Serial port RS232 DB9 Ethernet 10 100 1000 RJ 45 ports Network Interface Card NIC quantity 2 Mouse port PS 2 Keyboard port PS 2 Monitor port VGA DB15 Power input 115VAC LEDs six on the front panel and seven on the rear panel The logical interfaces and their physical port mappings are described in Table 2 Logical Interface and Physical Ports Mapping Table 2 Logical Interface and Physical Ports Mapping Logical Interface Physical Ports Data Input Keyboard serial Ethernet Data Output Monitor serial Ethernet Control Input Keyboard mouse serial Ethernet Status Output Monitor serial Ethernet LEDs There are no buttons or ports on the front panel There are six LEDs on the front panel See Figure 3 Front Panel LEDs HP StorageWorks Secure Key Manager Page 8 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its origin
9. Uy invent HP StorageWorks Secure Key Manager Hardware P N AJ087B Version 1 1 Firmware Version 1 1 FIPS 140 2 Security Policy Level 2 Validation Document Version 0 7 December 4 2008 O 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Table of Contents 1 INTRODUCTION c 5 1 1 PURPOSE enean IIR RIO NT We WT VN UNE 5 1 2 REEERENGES 5 5 necne da 5 2 HP STORAGEWORKS SECURE KEY MANAGER eeee ee ee eee eee enne sento eese ee seen Osee eene ee eaae eese en sesta 6 2 1 OVERVIEW a cal cda cla 6 2 2 CRYPTOGRAPHIC MODULE SPECIFICATION ocococcccccncncncnonononononononononononononononononononononononnnonononononononononincnnnnanananes 6 2 3 MODULE INTERFACES ROI ae Obi y 8 2 4 ROLES SERVICES AND AUTHENTICATION ooccoccccconononnnnnccnnonanonononcnnonnnnnnononocnononnononnncnnonnnnn nn nnncnconnnnonennncnnannnns 11 2 4 1 Crypto Officer Roles ire sete ia 11 2 4 2 EINA E aO AE EE EE E E EO EAE EE 12 2 4 3 FAP HU SCP R O AA EE EON S E A E a 13 2 4 4 Gluster Member Role coda 14 2 4 5 PAAA TITTEN 14 2 4 6 Unauthenticated Services N EE AE E E S D E AS 15 2 5 PHY SIGALSECURITY EEE E E E E EEE S ESES ES RI SEE DE EEE EEEE 15 2 6 OPERATIONAL ENVIRONMENT A a EET 15 2 7 CRYPTOGRAPHIC KEY MANAGEMENT ccoccccconcncncncncnononononononononononononononononononnnononnnonononnnnnnnnnnnononononononeninnnno
10. aie aE td 13 TABLES HP USER SERVICES ai eee her ex E E E EE a eE e Ee e E E a EEEE 13 TABLE 9 CLUSTER MEMBER SERVICES c cococonoconononononononononononononononononononono hehehe nono nono no nono nono no nono no nono no nono no nono no nene nnne nnn 14 TABLE 10 ROLES AND AUTHENTICATIONS cccococononononononononononononononononononononononono nono nono nono nono no nono no nono no nono no nono no nono nente nnn 14 TABLE 11 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR SSH 15 TABLE 12 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR TLS 16 TABLE 13 CIPHER SUITES SUPPORTED BY THE MODULE S TLS IMPLEMENTATION IN FIPS MODE 17 TABLE 14 OTHER CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS eee 17 TABLE 15 ACRONYMS coococococonononononononononononononononononononononane nene ne nene ne nene ne nene ne nene ne nene ne nene ne nene I ne nene ne nene ne sese sene sese serere iei 25 HP StorageWorks Secure Key Manager Page 4 of 26 O 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 1 Introduction 1 1 Purpose This document is a non proprietary Cryptographic Module Security Policy for the HP StorageWorks Secure Key Manager SKM from Hewlett Packard Company Federal Information Processing Standards FIPS 14
11. al entirety Security Policy version 1 0 January 31 2008 iy Storage Works Ps Security Key Manager sg A BE 4 b oorr Aer Legs Figure 3 Front Panel LEDs Descriptions of the LEDs are given in Table 3 Front Panel LED Definitions Table 3 Front Panel LED Definitions Item Description Status Green System is on Amber System is shut down but power is still applied Off Power cord is not attached power supply failure has occurred no power supplies are installed facility power is not available or disconnected power button cable Power On Standby button and system power LED Unit Identifier UID Blue Identification is activated button LED Off Identification is deactivated Green System health is normal Amber System health is degraded To identify the component in a degraded state refer to HP Systems Insight Display and LEDs Red System health is critical To identify the component in a critical state refer to HP Systems Insight Display and LEDs Off System health is normal when in standby mode 3 Internal health LED Green Power supply health is normal supply Amber Power redundancy failure occurred ppy Off Power supply health is normal when in standby mode External health LED power Green Network link exists Flashing green Network link and activity exist 5 NIC 1 link activity LED Off No link to network exists If po
12. atile Upon session Encrypt and 168 bit 3DES key agreement memory termination or decrypt data 128 192 256 bit when a new Ks is AES key generated after a certain timeout SSH SSH session 512 Diffie Hellman key Never In volatile Upon session Authenticate Khmac bit HMAC key agreement memory termination or data when a new Khmac is generated after a certain timeout Notice that SSH version 2 is explicitly accepted for use in FIPS mode according to section 7 1 of the NIST FIPS 140 2 Implementation Guidance Table 12 List of Cryptographic Keys Cryptographic Key Components and CSPs for TLS Generation Output Storage Zeroization MOS Input Pre MS TLS pre master Input in Never In volatile Upon session Derive MS secret encrypted form memory termination from client MS TLS master secret Derived from Pre Never In volatile Uponsession Derive TLS Ks MS using FIPS memory termination and TLS Approved key Khmac derivation function HP StorageWorks Secure Key Manager 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Page 16 of 26 Security Policy version 1 0 January 31 2008 Key Key Type pangs Output Storage Zeroization MON KRsaPub Server RSA public Generated by In plaintext In non At operator Client encrypts key 1024 or 2048 ANSI X9 31 a X509 volatile delete request Pre MS
13. de configuration by reading the High Security Configuration page The Crypto Officer must zeroize all keys when switching from the Approved FIPS mode of operation to the non FIPS mode and vice versa 3 3 Physical Security Assurance Serialized tamper evidence labels have been applied at four locations on the metal casing See Figure 8 Tamper Evidence Labels The tamper evidence labels have a special adhesive backing to adhere to the module s surface The tamper evidence labels have individual unique serial numbers They should be inspected periodically and compared to the previously recorded serial numbers to verify that fresh labels have not been applied to a tampered module HP StorageWorks Secure Key Manager Page 22 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Figure 8 Tamper Evidence Labels Figure 9 provides a better view of the positioning of the tamper evidence labels over the power supplies Figure 9 Tamper Evidence Labels over Power Supplies HP StorageWorks Secure Key Manager Page 23 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 3 4 Key and CSP Zeroization To zeroize all keys and CSPs in the module the Crypto Officer should execute reset factory settings zeroize command in the serial consol
14. e Module s TLS Implementation in FIPS Mode Suite Name Authentication Key Symmetric Transport Cryptography TLS RSA WITH AES 256 CBC SHA RSA RSA AES 256 bit SHA 1 TLS RSA WITH AES 128 CBC SHA RSA RSA AES 128 bit SHA 1 TLS RSA WITH 3DES EDE CBC SHA RSA RSA 3DES 168 bit SHA 1 Other CSPs are tabulated in Table 14 Table 14 Other Cryptographic Keys Cryptographic Key Components and CSPs Key Key Type Generation Input HP StorageWorks Secure Key Manager Output Storage O 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Zeroization Use Page 17 of 26 Security Policy version 1 0 Generation January 31 2008 Key Key Type Input Output Storage Zeroization Use Client AES 128 1920r Generated by Via TLS in Encrypted in Per client s Encrypt key 256 bit AES ANSI X9 31 encrypted form non volatile request or zeroize plaintexts decrypt key DRNG encrypted with memory request ciphertexts TLS Ks per client s request Client 3DES key Generated by Via TLS in Encrypted in Per client s Encrypt 3DES key ANSI X9 31 encrypted form non volatile request or zeroize plaintexts decrypt DRNG encrypted with memory request ciphertexts TLS Ks per client s request Client RSA RSA public Generated by Via TLS in Encrypted in At operator delete Sign public keys k
15. e interface Notice that for security reasons the command cannot be initiated from the SSH interface When switching between different modes of operations FIPS and non FIPS the Crypto Officer must zeroize all CSPs 3 5 Error State The module has two error states a Soft Error state and a Fatal Error state When a power up self test fails the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module will enter the Soft Error state The module can recover from the Fatal Error state if power is cycled or if the SKM is rebooted An HP User can reset the module when it is in the Fatal Error State No other services are available in the Fatal Error state The module can recover from the Soft Error state if power is cycled With the exception of the firmware upgrade integrity test and Diffie Hellman primitive test the only service that is available in the Soft Error state is the FIPS status output via port 9081 default A User can connect to port 9081 and find the error message indicating the failure of FIPS self tests Access to port 9081 does not require authentication HP StorageWorks Secure Key Manager Page 24 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 Acronyms Acronym Definition 3DES Table 15 Acronyms Triple Data Encryption Standard AES Advanced Encryption Standard
16. est on ANSI X9 31 DRNG Continuous random number generator test on non Approved RNG Firmware upgrade integrity test Diffie Hellman primitive test The module has two error states a Soft Error state and a Fatal Error state When one or more power up self tests fail the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module enters the Soft Error state See Section 3 of this document for more information 2 9 Mitigation of Other Attacks This section is not applicable No claim is made that the module mitigates against any attacks beyond the FIPS 140 2 Level 2 requirements for this validation HP StorageWorks Secure Key Manager Page 20 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 3 Secure Operation The HP StorageWorks Secure Key Manager meets Level 2 requirements for FIPS 140 2 The sections below describe how to place and keep the module in the FIPS mode of operation 3 1 Initial Setup The device should be unpacked and inspected according to the User Guide The User Guide also contains installation and configuration instructions maintenance information safety tips and other information The device itself must be affixed with tamper evident labels that are included in the packaging See Figure 8 Tamper Evidence Labels for locations of tamper evidence labels 3 2 I
17. ete sese sese se terere iS 22 FIGURE 7 FIPS COMPLIANCE IN WEB ADMINISTRATION NTERFACE coooonocononononononononononononononononononononononononononononononono 22 FIGURE 8 TAMPER EVIDENCE LABELS eee eene hehehe hehehe nene no nono no o tos nono no nono no nono nononenenenononons 23 FIGURE 9 TAMPER EVIDENCE LABELS OVER POWER SUPPLIES eese nennen nnne nnn 23 HP StorageWorks Secure Key Manager Page 3 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Table of Tables TABLE 1 SECURITY LEVEL PER FIPS 140 2 SECTION eese eene nennen rennen nennen nnne nn 6 TABLE 2 LOGICAL INTERFACE AND PHYSICAL PORTS MAPPING coconononononononononononononononononononononononononononononononononononononono 8 TABLE 3 FRONT PANEL LED DEFINITIONS eere eene hehehe tenere nere EEEE EEEE nene EEEE EEEE Ee nennen nennen 9 TABLE 4 REAR PANEL COMPONENTS DESCRIPTIONS ccooococonononononononononononononononononononononononononononono nene no nennen n nennen nennen 10 TABLE 5 REAR PANEL LED DEFINITIONS eee eene hehehe tenere nene no nono no nono no nono nennen nen nn nnn 11 TABLE 6 CRYPTO OFFICER SERVICES ccoococononononononononononononononononononononononononono into nono no nono ne none no nono no nono no nono ne nono no nene nanononons 11 TABLE USER SERVICES noer eree e Ee E
18. ey ANSI X9 31 encrypted form non volatile messages verify DRNG encrypted with memory signatures TLS Ks per client s request Client RSA RSA private Generated by Via TLS in Encrypted in Per client s Sign keys keys ANSI X9 31 encrypted form non volatile request or zeroize messages verify DRNG encrypted with memory request signatures TLS Ks per client s request Client HMAC keys Generated by Via TLS in Encrypted in Per client s Compute keyed HMAC keys ANSI X9 31 encrypted form non volatile request or zeroize MACs DRNG encrypted with memory request TLS Ks per client s request Client X 509 Input in Via TLS in In non volatile Per client s Encrypt certificate certificate ciphertext encrypted form memory request or by data verify over TLS encrypted with zeroize request signatures TLS Ks per client s request Crypto Character Input in Never In non volatile At operator delete Authenticate Officer string plaintext memory or by zeroize Crypto Officer passwords request User Character Input in Never In non volatile At operator delete Authenticate passwords string plaintext memory or by zeroize User request Cluster Character Input in Never In non volatile At operator delete When a device Member string ciphertext memory or zeroize request attempts to password over TLS become a Cluster Member HP User 2048 bit RSA Input in Never In non volatile At installation of a Authenticate HP RSA public public k
19. ey plaintext at memory patch or new User key factory firmware Cluster key Character Input in Never In non volatile At operator delete Authenticate string ciphertext memory or by zeroize Cluster Member over TLS request Firmware 1024 bit RSA Input in Never In non volatile When new Used in firmware upgrade public key plaintext at memory firmware upgrade upgrade integrity key factory key is input test HP StorageWorks Secure Key Manager 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Page 18 of 26 Security Policy version 1 0 January 31 2008 Generation Key Key Type Input Output Storage Zeroization Use Log signing 1024 bit RSA Generated by Never In non volatile When new log Sign logs and keys public and ANSI X9 31 memory signing keys are verify signature private keys DRNG at first generated on on logs time demand by initialization Crypto Officer ANSI X9 31 DRNG seed Generated by Never In non volatile When module is Initialize ANSI DRNG non Approved memory powered off X9 31 DRNG seed RNG PKEK 256 bit AES Generated by In encrypted In non volatile At operator delete Encrypt client key ANSI X9 31 form for backup memory or by zeroize keys DRNG purposes only request 2 7 2 Key Generation The module uses an ANSI X9 31 DRNG with 2 key 3DES to generate cryptographic keys This DRNG is a FIPS 140 2 a
20. ge all client keys that are stored within the module This includes the generation storage export only public keys import and zeroization of keys Manage all clusters that are defined within the module This includes the creation joining and removal of a cluster from the module Client keys write read delete PKEK write read delete Cluster Member passwords write delete Manage services Manage all services supported by the module This includes the starting and stopping of all services None Manage operators Create modify or delete module operators Crypto Officers and Users Crypto Officer passwords write delete User passwords write delete Manage certificates Create import revoke certificates KRsaPub write read delete KRsaPriv write read delete CARsaPub write read delete CARsaPriv write read delete Client RSA public keys read Reset factory settings Rollback to the default firmware shipped with the module All keys CSPs delete Restore default Delete the current configuration file and None configuration restores the default configuration settings Restore configuration Restore a previously backed up configuration None file file Backup configuration Back up a configuration file None file Zeroize all keys CSPs Zeroize all keys and CSPs in the module All keys and CSPs delete 2 4 2 User R
21. hat can connect to this SKM and access cluster services See Table 9 Cluster Member Services The keys and CSPs in the rightmost column correspond to the keys and CSPs introduced in Section 2 7 1 Table 9 Cluster Member Services Service Description Keys CSPs Authenticate Cluster Authenticate to SKM via TLS Cluster Member passwords Member read Cluster key read Cluster Member RsaPub read Receive Configuration Update the module s configuration settings None File Zeroize Key Delete a specific key Cluster key delete Backup Configuration Back up a configuration file None File 2 4 5 Authentication The module performs identity based authentication for the four roles Two authentication schemes are used authentication with certificate in TLS and authentication with password See Table 10 Roles and Authentications for a detailed description Table 10 Roles and Authentications Role Authentication Crypto Officer Username and password with optional digital certificate User Username and password and or digital certificate HP User Digital certificate Cluster Member Digital certificate over TLS The 1024 bit RSA signature on a digital certificate provides 80 bits of security There are 2 possibilities The probability of a successful random guess is 2 Since 10 2 a random attempt is very unlikely to succeed At least 80 bits of data must be transmitted for one attempt
22. l entirety Security Policy version 1 0 January 31 2008 Key Key Type Generation Input Output Storage Zeroization Use DH 1024 bit Diffie Generated by ANSI In In volatile Upon session Negotiate SSH public Hellman public X9 31 DRNG during plaintext memory termination Ks and SSH param parameters session initialization Khmac DH 1024 bit Diffie Generated by ANSI Never In volatile Upon session Negotiate SSH private Hellman private X9 31 DRNG during memory termination Ks and SSH param parameters session initialization Khmac Kdsa 1024 bit DSA Generated by ANSI In In non volatile At operator delete Verify the public public keys X9 31 DRNG during plaintext memory or zeroize request signature of the first time initialization servers message Kdsa 1024 bit DSA Generated by ANSI Never In non volatile At operator delete Sign the private private keys X9 31 DRNG during memory or zeroize request server s first time initialization message Krsa 1024 bit RSA Generated by ANSI In In non volatile At operator delete Verify the public public keys X9 31 DRNG during plaintext memory or zeroize request signature of the first time initialization server s message Krsa 1024 bit RSA Generated by ANSI Never In non volatile At operator delete Sign the private private keys X9 31 DRNG during memory or zeroize request server s first time initialization message SSH Ks SSH session Diffie Hellman key Never In vol
23. nanos 15 2 7 1 Keys and CSPS esine 15 2 7 2 Key Generation m DE 19 2 7 3 VAN PEO veias 19 2 8 SEE a rata 19 2 9 MITIGATION OF OTHER A TAS toas 20 3 SECURE OPERATION RR 21 3 1 AT ad a oes 21 3 2 INITIALIZATION AND CONFIGURATION o ocococcccncncncnonononononononononononononononononononononononononononononnnnnnnonnnnnonononininininons 21 3 2 1 First Lime TRAZA TO socia 21 3 2 2 FIPS Mode Configuration ated aaa aereas 21 3 3 PHYSICAL SECURITY ASSURANCE 0 a aiii 22 3 4 KEY AND CSEZEROIZATION a a Or eg Wa e TERR CETERI 24 3 5 ERROR STATE Iudae rece avete e OBEN TET EUR 24 XO ULL AAA II srin 25 HP StorageWorks Secure Key Manager Page 2 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Table of Figures FIGURE 1 DEPLOYMENT ARCHITECTURE OF THE HP STORAGEWORKS SECURE KEY MANAGER m 6 FIGURE 2 BLOCK DIAGRAM OF SKM eeeeeeeeeeeeeene nennen n nnn nnn nnn ann n nnns u psu p n a app pn ap ppp p p Nes ie Eek 7 FIGURE 3 2 FRONT PANEL EBDS e A ii 9 FIGURE 4 REAR PANEL COMPONENTS eerie nennen ene n inen inane nene no nono no nono no nono no nono no nono ne nene nennen trennen 10 FIGURE REARPANELLDEDS 55n eene eene ae erede espere 10 FIGURE 6 FIPS COMPLIANCE IN CLI esee nennen rettet tenete no conoce nene sete s
24. nd line interface such as SSH or serial console the Crypto Officer should use the fips compliant command to enable the FIPS mode of operation This will alter various server settings as described above See Figure 6 FIPS Compliance in CLI The fips server command is used for the FIPS status server configuration The show fips status command returns the current FIPS mode configuration HP StorageWorks Secure Key Manager Page 21 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 labhp config fips compliant This device is now FIPS compliant labhp config fips server Enable FIPS Status Server y Available IP addresses 1 All 2 192 168 0 202 Local IP 1 2 1 Local Port 9081 labhp config show fips status FIPS Compliant Yes Figure 6 FIPS Compliance in CLI In the web administration interface the Crypto Officer should use the High Security Configuration page to enable and disable FIPS compliance To enable the Approved FIPS mode of operation click on the Set FIPS Compliant button See Figure 7 FIPS Compliance in Web Administration Interface This will alter various server settings as described above FIPS Compliance Is FIPS Compliant No Set FIPS Compliant Figure 7 FIPS Compliance in Web Administration Interface In the web administration interface the User can review the FIPS mo
25. nitialization and Configuration 3 2 1 First Time Initialization When the module is turned on for the first time it will prompt the operator for a password for a default Crypto Officer The module cannot proceed to the next state until the operator provides a password that conforms to the password policy described in Section 2 7 1 The default username associated with the entered password is admin During the first time initialization the operator must configure minimum settings for the module to operate correctly The operator will be prompted to configure the following settings via the serial interface Date Time Time zone IP Address Netmask Hostname Gateway Management Port 3 2 2 FIPS Mode Configuration In order to comply with FIPS 140 2 Level 2 requirements the following functionality must be disabled on the SKM Global keys File Transfer Protocol FTP for importing certificates and downloading and restoring backup files Lightweight Directory Access Protocol LDAP authentication Use of the following algorithms RC4 MD5 DES RSA 512 RSA 768 SSL 3 0 Hot swappable drive capability RSA encryption and decryption operations note however that RSA encryption and decryption associated with TLS handshakes and Sign and Sign Verify are permitted These functions need not be disabled individually There are two approaches to configuring the module such that it works in the Approved FIPS mode of operation Through a comma
26. ole The User role is associated with external applications or clients that connect to the KMS via its XML interface Users in this role may exercise services such as key generation and management based on configured or predefined permissions See Table 7 User Services for details The keys and CSPs in the rightmost column correspond to the keys and CSPs introduced in Section 2 7 1 HP StorageWorks Secure Key Manager Page 12 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 Service Authenticate to SKM Table 7 User Services Description Authenticate to SKM with a username and the associated password January 31 2008 Keys CSPs User passwords read Generate key Generate a cryptographic key Client keys write PKEK write Modify key meta data Change the key owner or update add delete the custom attributes None Delete key Delete a cryptographic key Client keys delete PKEK delete Query key meta data Output key names and meta data that the User is allowed to access Client keys read PKEK read Import key Import key Client keys write PKEK write Export key Export a cryptographic key Client keys read PKEK read Export Certificate Export a certificate Client certificate read Clone Key Clone an existing key under a different ke
27. pproved DRNG as specified in Annex C to FIPS PUB 140 2 2 7 3 Key CSP Zeroization All ephemeral keys are stored in volatile memory in plaintext Ephemeral keys are zeroized when they are no longer used Other keys and CSPs are stored in non volatile memory with client keys being stored in encrypted form To zeroize all keys and CSPs in the module the Crypto Officer should execute the reset factory settings zeroize command at the serial console interface For security reasons this command is available only through the serial console 2 8 Self Tests The device implements two types of self tests power up self tests and conditional self tests Power up self tests include the following tests Firmware integrity tests Known Answer Test KAT on 3DES KAT on AES KAT on SHA 1 KAT on SHA 256 KAT on SHA 384 KAT on SHA 512 KAT on HMAC SHA 1 KAT on HMAC SHA 256 KAT on ANSI X9 31 DRNG KAT on Diffie Hellman KAT on SSH Key Derivation Function KAT on RSA signature generation and verification Pairwise consistency test on DSA signature generation and verification Conditional self tests include the following tests HP StorageWorks Secure Key Manager Page 19 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Pairwise consistency test for new DSA keys Pairwise consistency test for new RSA keys Continuous random number generator t
28. rated in Figure 5 Rear Panel LEDs CT TT jdm TC ta owe Figure 5 Rear Panel LEDs HP StorageWorks Secure Key Manager Page 10 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Descriptions of LEDs on the rear panel are given in Table 5 Rear Panel LED Definitions Table 5 Rear Panel LED Definitions Item Description Status Green Activity exists 10100 1000 MIS T Activity Flashing green Activity exists PER Off No activity exists 2 10 100 1000 NIC 1 link Green Link exists LED Off No link exists s Green Activity exists 3 i 000 NIC 2 activity Flashing green Activity exists Off No activity exists 4 10 100 1000 NIC 2 link Green Link exists LED Off 2 No link exists 5 UID LED Blue Identification is activated Off 2 Identification is deactivated Green Normal 6 Power supply 2 LED Off System is off or power supply has failed Green Normal f Power supply 1 LED Off System is off or power supply has failed 2 4 Roles Services and Authentication The module supports four authorized roles Crypto Officer User HP User Cluster Member All roles require identity based authentication 2 4 1 Crypto Officer Role The Crypto Officer accesses the module via the Web Management Console and or the Command Line Interface CLI This role p
29. rovides all services that are necessary for the secure management of the module Table 6 shows the services for the Crypto Officer role under the FIPS mode of operation The purpose of each service is shown in the first column Service and the corresponding function is described in the second column Description The keys and Critical Security Parameters CSPs in the rightmost column correspond to the keys and CSPs introduced in Section 2 7 1 Table 6 Crypto Officer Services Service Description Keys CSPs Authenticate to SKM Authenticate to SKM with a username and Crypto Officer passwords read the associated password TLS SSH keys read HP StorageWorks Secure Key Manager Page 11 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 Service Perform first time initialization Description Configure the module when it is used for the first time January 31 2008 Keys CSPs Crypto Officer admin password write Kdsa public private write Krsa private write Krsa private write Log signing RSA key write Log signature verification RSA key write KRsaPub write KRsaPriv write Upgrade firmware Upgrade firmware firmware must be FIPS validated Firmware upgrade key read Configure FIPS mode Enable disable FIPS mode None Manage keys Manage clusters Mana
30. thenticated Services The following services do not require authentication SNMP statistics FIPS status services Health check services Network Time Protocol NTP services Initiation of self tests by rebooting the SKM Negotiation of the XML protocol version for communications with the KMS SNMP is used only for sending statistical information SNMP traps FIPS status and health check are status report services unrelated to security or cryptography NTP is a date time synchronization service that does not involve keys or CSPs Initiation of self tests and negotiation of the XML protocol version do not involve keys or CSPs 2 5 Physical Security The module was tested and found conformant to the EMI EMC requirements specified by Title 47 of the Code of Federal Regulations Part 15 Subpart B Unintentional Radiators Digital Devices Class A that is for business use The HP StorageWorks Secure Key Manager is a multi chip standalone cryptographic module The entire contents of the module including all hardware software firmware and data are enclosed in a metal case The case is opaque and must be sealed using tamper evident labels in order to prevent the case cover from being removed without signs of tampering All circuits in the module are coated with commercial standard passivation Once the module has been configured to meet FIPS 140 2 Level 2 requirements the module cannot be accessed without signs of tampering See Section 3 3
31. tronic Codebook ECB and Cipher Block Chaining CBC modes certificate 653 Triple Data Encryption Standard 3DES encryption and decryption 112 and 168 bits in ECB and CBC modes certificate 604 Secure Hash Algorithm SHA 1 SHA 256 SHA 384 SHA 512 certificate 847 Keyed Hash Message Authentication Code HMAC SHA 1 and HMAC SHA 256 certificate 470 Rivest Shamir and Adleman RSA American National Standard Institute ANSI X9 31 key generation signature generation and signature verification 1024 and 2048 bits certificate 302 HP StorageWorks Secure Key Manager Page 7 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 e Digital Signature Algorithm DSA PQG generation key generation signature generation and signature verification 1024 bits certificate 244 e ANSI X9 31 Appendix A 2 4 with 2 key 3DES Deterministic Random Number Generator DRNG certificate 375 e Diffie Hellman key agreement SP 800 56A vendor affirmed key establishment methodology provides 80 bits of encryption strength In the FIPS mode of operation the module implements the following non approved algorithms e A non approved Random Number Generator RNG to seed the ANSI X9 31 DRNG e The following commercially available protocols for key establishment o Transport Layer Security TLS 1 0 Secure Socket Layer SSL 3 1 protocol using
32. urity Level per FIPS 140 2 Section Table 1 Security Level per FIPS 140 2 Section Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 2 3 Roles Services and Authentication 3 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N A 7 Cryptographic Key Management 2 8 EMI EMC 9 Self Tests 2 HP StorageWorks Secure Key Manager Page 6 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Section Section Title Level 10 Design Assurance 2 11 Mitigation of Other Attacks N A The block diagram of the module is given in Figure 2 Block Diagram of SKM The cryptographic boundary is clearly shown in the figure Memory Central Processing Unit CPU a ad Crypto Bound ary System VGA DB15 Networking Controller Graphics Hard Onve HDD PCHISAADE Hard Drive Accelerator HDD Keyboard BIOS Super O Mouse Controller PS 2 Mouse Port Power Ports PS 2 Keyboard Port AAA A o ee ee ee Figure 2 Block Diagram of SKM In the FIPS mode of operation the module implements the following Approved algorithms Advanced Encryption Standard AES encryption and decryption 128 192 and 256 bits in Elec
33. wer is off the front panel LED is not active View the LEDs on the RJ 45 connector for status by referring to the rear panel LEDs Green Network link exists Flashing green Network link and activity exist 6 NIC 2 link activity LED Off No link to network exists If power is off the front panel LED is not active View the LEDs on the RJ 45 connector for status by referring to the rear panel LEDs The components on the rear panel are illustrated in Figure 4 Rear Panel Components HP StorageWorks Secure Key Manager Page 9 of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Figure 4 Rear Panel Components Descriptions of components on the rear panel are given in Table 4 Rear Panel Components Descriptions Table 4 Rear Panel Components Descriptions Item Definition PCI Express expansion slot 1 Blocked PCI Express expansion slot 2 Blocked Power supply bay 2 Power supply bay 1 NIC connector 1 Ethernet NIC connector 2 Ethernet Keyboard connector Mouse connector o o0 NI DO AJAJ OJN Video connector ai o Serial connector Universal Serial Bus USB connector 1 Blocked 12 USB connector 2 Blocked 13 Integrated Lights Out iLO 2 NIC connector Blocked The seven LEDs on the rear panel are illust
34. y name Client keys write read PKEK write read Generate random number Generate a random number ANSI X9 31 DRNG seed write read delete Manage operators Only users with administration permission can create modify or delete module operators User passwords write delete 2 4 3 HP User Role The HP User role can reset the module to an uninitialized state in the event that all Crypto Officer passwords are lost or when a self test permanently fails See Table 8 HP User Services The keys and CSPs in the rightmost column correspond to the keys and CSPs introduced in Section 2 7 1 Table 8 HP User Services Service Description Keys CSPs Authenticate to the module Authenticate to SKM with a signed token HP User RSA public key read Reset factory settings Rollback to the default firmware shipped with the module All keys CSPs delete Restore default None configuration Delete the current configuration file and restores the default configuration settings HP StorageWorks Secure Key Manager Page 13 of 26 O 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Security Policy version 1 0 January 31 2008 Service Description Keys CSPs Zeroize all keys CSPs Zeroize all keys CSPs in the module All keys CSPs delete 2 4 4 Cluster Member Role The Cluster Member role is associated with other SKMs t
Download Pdf Manuals
Related Search