HP FIPS 140-2 Supplementary Manual Download | Manualshive

Page: 12 / 26

background image

Security Policy, version 1.0

January 31, 2008

HP StorageWorks Secure Key Manager

Page

12

of 26

© 2008 Hewlett-Packard Company

This document may be freely reproduced in its original entirety.

Service

Description

Keys/CSPs

Perform first-time
initialization

Configure the module when it is used for the
first time

Crypto Officer (admin) password
– write;

Kdsa public/private – write;
Krsa private – write;

Krsa private – write;
Log signing RSA key – write;
Log signature verification RSA
key – write;

KRsaPub – write;

KRsaPriv – write.

Upgrade firmware

Upgrade firmware (firmware must be FIPS-
validated)

Firmware upgrade key – read

Configure FIPS mode

Enable/disable FIPS mode

None

Manage keys

Manage all client keys that are stored within
the module. This includes the generation,
storage, export (only public keys), import, and
zeroization of keys.

Client keys – write, read, delete;

PKEK – write, read, delete.

Manage clusters

Manage all clusters that are defined within
the module. This includes the creation,
joining, and removal of a cluster from the
module.

Cluster Member passwords –
write, delete

Manage services

Manage all services supported by the
module. This includes the starting and
stopping of all services.

None

Manage operators

Create, modify, or delete module operators
(Crypto Officers and Users).

Crypto Officer passwords –
write, delete; User passwords –
write, delete

Manage certificates

Create/import/revoke certificates

KRsaPub – write, read, delete;
KRsaPriv – write, read, delete;
CARsaPub – write, read, delete;
CARsaPriv – write, read, delete;

Client RSA public keys – read.

Reset factory settings

Rollback to the default firmware shipped with
the module

All keys/CSPs – delete

Restore default
configuration

Delete the current configuration file and
restores the default configuration settings

None

Restore configuration
file

Restore a previously backed up configuration
file

None

Backup configuration
file

Back up a configuration file

None

Zeroize all keys/CSPs

Zeroize all keys and CSPs in the module

All keys and CSPs – delete

2.4.2 User

Role

The User role is associated with external applications or clients that connect to the KMS via its XML interface.
Users in this role may exercise services—such as key generation and management—based on configured or
predefined permissions. See Table 7 – User Services for details. The keys and CSPs in the rightmost column
correspond to the keys and CSPs introduced in Section 2.7.1.

«
...
10
11
12
13
14
...
»

Summary of Contents for FIPS 140-2

Page 1: ...his document may be freely reproduced in its original entirety HP StorageWorks Secure Key Manager Hardware P N AJ087B Version 1 1 Firmware Version 1 1 FIPS 140 2 Security Policy Level 2 Validation Document Version 0 7 December 4 2008 ...

Page 2: ...Crypto Officer Role 11 2 4 2 User Role 12 2 4 3 HP User Role 13 2 4 4 Cluster Member Role 14 2 4 5 Authentication 14 2 4 6 Unauthenticated Services 15 2 5 PHYSICAL SECURITY 15 2 6 OPERATIONAL ENVIRONMENT 15 2 7 CRYPTOGRAPHIC KEY MANAGEMENT 15 2 7 1 Keys and CSPs 15 2 7 2 Key Generation 19 2 7 3 Key CSP Zeroization 19 2 8 SELF TESTS 19 2 9 MITIGATION OF OTHER ATTACKS 20 3 SECURE OPERATION 21 3 1 IN...

Page 3: ...f Figures FIGURE 1 DEPLOYMENT ARCHITECTURE OF THE HP STORAGEWORKS SECURE KEY MANAGER 6 FIGURE 2 BLOCK DIAGRAM OF SKM 7 FIGURE 3 FRONT PANEL LEDS 9 FIGURE 4 REAR PANEL COMPONENTS 10 FIGURE 5 REAR PANEL LEDS 10 FIGURE 6 FIPS COMPLIANCE IN CLI 22 FIGURE 7 FIPS COMPLIANCE IN WEB ADMINISTRATION INTERFACE 22 FIGURE 8 TAMPER EVIDENCE LABELS 23 FIGURE 9 TAMPER EVIDENCE LABELS OVER POWER SUPPLIES 23 ...

Page 4: ...ENTS DESCRIPTIONS 10 TABLE 5 REAR PANEL LED DEFINITIONS 11 TABLE 6 CRYPTO OFFICER SERVICES 11 TABLE 7 USER SERVICES 13 TABLE 8 HP USER SERVICES 13 TABLE 9 CLUSTER MEMBER SERVICES 14 TABLE 10 ROLES AND AUTHENTICATIONS 14 TABLE 11 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR SSH 15 TABLE 12 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR TLS 16 TABLE 13 C...

Page 5: ...red as part of the Level 2 FIPS 140 2 validation of the HP StorageWorks Secure Key Manager More information about FIPS 140 2 and the Cryptographic Module Validation Program CMVP is available at the website of the National Institute of Standards and Technology NIST http csrc nist gov groups STM cmvp index html In this document the HP StorageWorks Secure Key Manager is referred to as the SKM the mod...

Page 6: ... Client applications can access the SKM via its Key Management Service KMS server Configuration and management can be performed via web administration Secure Shell SSH or serial console Status monitoring interfaces include a dedicated FIPS status interface a health check interface and Simple Network Management Protocol SNMP The deployment architecture of the HP StorageWorks Secure Key Manager is s...

Page 7: ...on the module implements the following Approved algorithms Advanced Encryption Standard AES encryption and decryption 128 192 and 256 bits in Electronic Codebook ECB and Cipher Block Chaining CBC modes certificate 653 Triple Data Encryption Standard 3DES encryption and decryption 112 and 168 bits in ECB and CBC modes certificate 604 Secure Hash Algorithm SHA 1 SHA 256 SHA 384 SHA 512 certificate 8...

Page 8: ...apping and key establishment provide 80 and 112 bits of encryption strength respectively In the non FIPS mode of operation the module also implements DES MD5 RC4 and 512 and 768 bit RSA for signature generation and verification and key establishment 2 3 Module Interfaces FIPS 140 2 defines four logical interfaces Data Input Data Output Control Input Status Output The module features the following ...

Page 9: ... the component in a degraded state refer to HP Systems Insight Display and LEDs Red System health is critical To identify the component in a critical state refer to HP Systems Insight Display and LEDs Off System health is normal when in standby mode 4 External health LED power supply Green Power supply health is normal Amber Power redundancy failure occurred Off Power supply health is normal when ...

Page 10: ...ar Panel Components Descriptions Item Definition 1 PCI Express expansion slot 1 Blocked 2 PCI Express expansion slot 2 Blocked 3 Power supply bay 2 4 Power supply bay 1 5 NIC connector 1 Ethernet 6 NIC connector 2 Ethernet 7 Keyboard connector 8 Mouse connector 9 Video connector 10 Serial connector 11 Universal Serial Bus USB connector 1 Blocked 12 USB connector 2 Blocked 13 Integrated Lights Out ...

Page 11: ...iled 7 Power supply 1 LED Green Normal Off System is off or power supply has failed 2 4 Roles Services and Authentication The module supports four authorized roles Crypto Officer User HP User Cluster Member All roles require identity based authentication 2 4 1 Crypto Officer Role The Crypto Officer accesses the module via the Web Management Console and or the Command Line Interface CLI This role p...

Page 12: ...vices supported by the module This includes the starting and stopping of all services None Manage operators Create modify or delete module operators Crypto Officers and Users Crypto Officer passwords write delete User passwords write delete Manage certificates Create import revoke certificates KRsaPub write read delete KRsaPriv write read delete CARsaPub write read delete CARsaPriv write read dele...

Page 13: ...ertificate Client certificate read Clone Key Clone an existing key under a different key name Client keys write read PKEK write read Generate random number Generate a random number ANSI X9 31 DRNG seed write read delete Manage operators Only users with administration permission can create modify or delete module operators User passwords write delete 2 4 3 HP User Role The HP User role can reset th...

Page 14: ...gital certificate User Username and password and or digital certificate HP User Digital certificate Cluster Member Digital certificate over TLS The 1024 bit RSA signature on a digital certificate provides 80 bits of security There are 280 possibilities The probability of a successful random guess is 2 80 Since 10 6 2 80 a random attempt is very unlikely to succeed At least 80 bits of data must be ...

Page 15: ... using tamper evident labels in order to prevent the case cover from being removed without signs of tampering All circuits in the module are coated with commercial standard passivation Once the module has been configured to meet FIPS 140 2 Level 2 requirements the module cannot be accessed without signs of tampering See Section 3 3 Physical Security Assurance of this document for more information ...

Page 16: ... during first time initialization In plaintext In non volatile memory At operator delete or zeroize request Verify the signature of the server s message Krsa private 1024 bit RSA private keys Generated by ANSI X9 31 DRNG during first time initialization Never In non volatile memory At operator delete or zeroize request Sign the server s message SSH Ks SSH session 168 bit 3DES key 128 192 256 bit A...

Page 17: ...G during first time initialization never In non volatile memory At operator delete or zeroize request Sign server certificates Cluster Member RsaPub Cluster Member RSA public key 1024 or 2048 bit Input in plaintext Never In volatile memory Upon session termination Verify Cluster Member signatures TLS Ks TLS session AES or 3DES symmetric key s Derived from MS Never In volatile memory Upon session t...

Page 18: ...s Generated by ANSI X9 31 DRNG Via TLS in encrypted form encrypted with TLS Ks per client s request Encrypted in non volatile memory Per client s request or zeroize request Compute keyed MACs Client certificate X 509 certificate Input in ciphertext over TLS Via TLS in encrypted form encrypted with TLS Ks per client s request In non volatile memory Per client s request or by zeroize request Encrypt...

Page 19: ... DRNG is a FIPS 140 2 approved DRNG as specified in Annex C to FIPS PUB 140 2 2 7 3 Key CSP Zeroization All ephemeral keys are stored in volatile memory in plaintext Ephemeral keys are zeroized when they are no longer used Other keys and CSPs are stored in non volatile memory with client keys being stored in encrypted form To zeroize all keys and CSPs in the module the Crypto Officer should execut...

Page 20: ...Approved RNG Firmware upgrade integrity test Diffie Hellman primitive test The module has two error states a Soft Error state and a Fatal Error state When one or more power up self tests fail the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module enters the Soft Error state See Section 3 of this document for more information 2 9 Miti...

Page 21: ...t time initialization the operator must configure minimum settings for the module to operate correctly The operator will be prompted to configure the following settings via the serial interface Date Time Time zone IP Address Netmask Hostname Gateway Management Port 3 2 2 FIPS Mode Configuration In order to comply with FIPS 140 2 Level 2 requirements the following functionality must be disabled on ...

Page 22: ...liance in Web Administration Interface In the web administration interface the User can review the FIPS mode configuration by reading the High Security Configuration page The Crypto Officer must zeroize all keys when switching from the Approved FIPS mode of operation to the non FIPS mode and vice versa 3 3 Physical Security Assurance Serialized tamper evidence labels have been applied at four loca...

Page 23: ... of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Figure 8 Tamper Evidence Labels Figure 9 provides a better view of the positioning of the tamper evidence labels over the power supplies Figure 9 Tamper Evidence Labels over Power Supplies ...

Page 24: ...tal Error state When a power up self test fails the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module will enter the Soft Error state The module can recover from the Fatal Error state if power is cycled or if the SKM is rebooted An HP User can reset the module when it is in the Fatal Error State No other services are available in th...

Page 25: ... Cyclic Redundancy Check CRL Certificate Revocation List CSP Critical Security Parameter DES Data Encryption Standard DRNG Deterministic Random Number Generator DSA Digital Signature Algorithm ECB Electronic Codebook EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard FTP File Transfer Protocol HDD Hard Drive HMAC Keyed Hash Message Authe...

Page 26: ...ndards and Technology NTP Network Time Protocol PCI Peripheral Component Interconnect PRNG Pseudo Random Number Generator RFC Request for Comments RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SKM Secure Key Manager SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Socket Layer TLS Transport Layer Security UID Unit Identifier USB Universal Se...

Reviews:

No comments

Related manuals for FIPS 140-2

Brand: IBM Pages: 66

DiamondMax 17 160 ATA

Brand: Maxtor Pages: 64

Brand: Suncast Pages: 8

totalstorage 200

Brand: IBM Pages: 152

XCubeDAS XD5324D

Brand: Qsan Pages: 49

Brand: Accordance Systems Pages: 22

Brand: Yardmaster Pages: 23

AP-SRFD255AXXXXR-G

Brand: Apacer Technology Pages: 18

Brand: Buffalo Pages: 2

Pietas FlashPen

Brand: Hama Pages: 8

Brand: Sabio Pages: 2

Brand: NORBAIN Pages: 11

Brand: HOLZMANN MASCHINEN Pages: 51

Askham Tool Store

Brand: Garden Furniture Direct Pages: 5

Neutrino SK-2500

Brand: Akitio Pages: 8

Brand: Alpha ESS Pages: 58

Brand: Acomdata Pages: 21

Brand: Fantom Drives Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands