manualshive.com logo in svg

HP FIPS 140-2, Supplementary Manual, Page: 14 / 26

Share
Download
HP FIPS 140-2 Supplementary Manual Download Page 14

Security Policy, version 1.0 

January 31, 2008 

 

HP StorageWorks Secure Key Manager 

Page 

14

 of 26 

© 2008 Hewlett-Packard Company 

This document may be freely reproduced in its original entirety. 

 

Service 

Description 

Keys/CSPs 

Zeroize all keys/CSPs 

Zeroize all keys/CSPs in the module 

All keys/CSPs – delete 

2.4.4 

Cluster Member Role 

The Cluster Member role is associated with other SKMs that can connect to this SKM and access cluster services. 
See Table 9 – Cluster Member Services. The keys and CSPs in the rightmost column correspond to the keys and 
CSPs introduced in Section 2.7.1. 

Table 9 – Cluster Member Services 

Service 

Description 

Keys/CSPs 

Authenticate Cluster 
Member 

Authenticate to SKM via TLS 

Cluster Member passwords – 
read; Cluster key – read; Cluster 
Member RsaPub – read 

Receive Configuration 
File 

Update the module’s configuration settings 

None 

Zeroize Key 

Delete a specific key 

Cluster key – delete 

Backup Configuration 
File 

Back up a configuration file 

None 

2.4.5 Authentication 

The module performs identity-based authentication for the four roles. Two authentication schemes are used: 
authentication with certificate in TLS and authentication with password. See Table 10 – Roles and Authentications 
for a detailed description. 

Table 10 – Roles and Authentications 

Role 

Authentication 

Crypto Officer 

Username and password with optional digital certificate 

User 

Username and password and/or digital certificate 

HP User 

Digital certificate  

Cluster Member 

Digital certificate over TLS 

The 1024-bit RSA signature on a digital certificate provides 80-bits of security. There are 2

80 

possibilities. The 

probability of a successful random guess is 2

-80

. Since 10

-6

 » 2

-80

, a random attempt is very unlikely to succeed. At 

least 80 bits of data must be transmitted for one attempt. (The actual number of bits that need to be transmitted for 
one attempt is much greater than 80. We are considering the worst case scenario.) The processor used by the module 
has a working frequency of 3.0 gigabytes, hence, at most 60×3.0×10

9

 bits of data can be transmitted in 60 seconds. 

Since 80 bits are necessary for one attempt, at most (60×3.0×10

9

)/80 = 2.25×10

9

 attempts are possible in 60 seconds. 

However, there exist 2

80

 possibilities. (2.25×10

9

)/2

80

 = 1.86×10

-15

 « 10

-5

. The probability of a successful certificate 

attempt in 60 seconds is considerably less than 10

-5

Passwords in the module must consist of eight or more characters from the set of 90 human-readable numeric, 
alphabetic (upper and lower case), and special character symbols. Excluding those combinations that do not meet 
password constraints (see Section 2.7.1 – Keys and CSPs), the size of the password space is about 60

8

. The 

probability of a successful random guess is 60

-8

. Since 10

-6

 » 60

-8

, a random attempt is very unlikely to succeed. 

After six unsuccessful attempts, the module will be locked down for 60 seconds; i.e., at most six trials are possible 

Summary of Contents for FIPS 140-2

Page 1: ...his document may be freely reproduced in its original entirety HP StorageWorks Secure Key Manager Hardware P N AJ087B Version 1 1 Firmware Version 1 1 FIPS 140 2 Security Policy Level 2 Validation Document Version 0 7 December 4 2008 ...

Page 2: ...Crypto Officer Role 11 2 4 2 User Role 12 2 4 3 HP User Role 13 2 4 4 Cluster Member Role 14 2 4 5 Authentication 14 2 4 6 Unauthenticated Services 15 2 5 PHYSICAL SECURITY 15 2 6 OPERATIONAL ENVIRONMENT 15 2 7 CRYPTOGRAPHIC KEY MANAGEMENT 15 2 7 1 Keys and CSPs 15 2 7 2 Key Generation 19 2 7 3 Key CSP Zeroization 19 2 8 SELF TESTS 19 2 9 MITIGATION OF OTHER ATTACKS 20 3 SECURE OPERATION 21 3 1 IN...

Page 3: ...f Figures FIGURE 1 DEPLOYMENT ARCHITECTURE OF THE HP STORAGEWORKS SECURE KEY MANAGER 6 FIGURE 2 BLOCK DIAGRAM OF SKM 7 FIGURE 3 FRONT PANEL LEDS 9 FIGURE 4 REAR PANEL COMPONENTS 10 FIGURE 5 REAR PANEL LEDS 10 FIGURE 6 FIPS COMPLIANCE IN CLI 22 FIGURE 7 FIPS COMPLIANCE IN WEB ADMINISTRATION INTERFACE 22 FIGURE 8 TAMPER EVIDENCE LABELS 23 FIGURE 9 TAMPER EVIDENCE LABELS OVER POWER SUPPLIES 23 ...

Page 4: ...ENTS DESCRIPTIONS 10 TABLE 5 REAR PANEL LED DEFINITIONS 11 TABLE 6 CRYPTO OFFICER SERVICES 11 TABLE 7 USER SERVICES 13 TABLE 8 HP USER SERVICES 13 TABLE 9 CLUSTER MEMBER SERVICES 14 TABLE 10 ROLES AND AUTHENTICATIONS 14 TABLE 11 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR SSH 15 TABLE 12 LIST OF CRYPTOGRAPHIC KEYS CRYPTOGRAPHIC KEY COMPONENTS AND CSPS FOR TLS 16 TABLE 13 C...

Page 5: ...red as part of the Level 2 FIPS 140 2 validation of the HP StorageWorks Secure Key Manager More information about FIPS 140 2 and the Cryptographic Module Validation Program CMVP is available at the website of the National Institute of Standards and Technology NIST http csrc nist gov groups STM cmvp index html In this document the HP StorageWorks Secure Key Manager is referred to as the SKM the mod...

Page 6: ... Client applications can access the SKM via its Key Management Service KMS server Configuration and management can be performed via web administration Secure Shell SSH or serial console Status monitoring interfaces include a dedicated FIPS status interface a health check interface and Simple Network Management Protocol SNMP The deployment architecture of the HP StorageWorks Secure Key Manager is s...

Page 7: ...on the module implements the following Approved algorithms Advanced Encryption Standard AES encryption and decryption 128 192 and 256 bits in Electronic Codebook ECB and Cipher Block Chaining CBC modes certificate 653 Triple Data Encryption Standard 3DES encryption and decryption 112 and 168 bits in ECB and CBC modes certificate 604 Secure Hash Algorithm SHA 1 SHA 256 SHA 384 SHA 512 certificate 8...

Page 8: ...apping and key establishment provide 80 and 112 bits of encryption strength respectively In the non FIPS mode of operation the module also implements DES MD5 RC4 and 512 and 768 bit RSA for signature generation and verification and key establishment 2 3 Module Interfaces FIPS 140 2 defines four logical interfaces Data Input Data Output Control Input Status Output The module features the following ...

Page 9: ... the component in a degraded state refer to HP Systems Insight Display and LEDs Red System health is critical To identify the component in a critical state refer to HP Systems Insight Display and LEDs Off System health is normal when in standby mode 4 External health LED power supply Green Power supply health is normal Amber Power redundancy failure occurred Off Power supply health is normal when ...

Page 10: ...ar Panel Components Descriptions Item Definition 1 PCI Express expansion slot 1 Blocked 2 PCI Express expansion slot 2 Blocked 3 Power supply bay 2 4 Power supply bay 1 5 NIC connector 1 Ethernet 6 NIC connector 2 Ethernet 7 Keyboard connector 8 Mouse connector 9 Video connector 10 Serial connector 11 Universal Serial Bus USB connector 1 Blocked 12 USB connector 2 Blocked 13 Integrated Lights Out ...

Page 11: ...iled 7 Power supply 1 LED Green Normal Off System is off or power supply has failed 2 4 Roles Services and Authentication The module supports four authorized roles Crypto Officer User HP User Cluster Member All roles require identity based authentication 2 4 1 Crypto Officer Role The Crypto Officer accesses the module via the Web Management Console and or the Command Line Interface CLI This role p...

Page 12: ...vices supported by the module This includes the starting and stopping of all services None Manage operators Create modify or delete module operators Crypto Officers and Users Crypto Officer passwords write delete User passwords write delete Manage certificates Create import revoke certificates KRsaPub write read delete KRsaPriv write read delete CARsaPub write read delete CARsaPriv write read dele...

Page 13: ...ertificate Client certificate read Clone Key Clone an existing key under a different key name Client keys write read PKEK write read Generate random number Generate a random number ANSI X9 31 DRNG seed write read delete Manage operators Only users with administration permission can create modify or delete module operators User passwords write delete 2 4 3 HP User Role The HP User role can reset th...

Page 14: ...gital certificate User Username and password and or digital certificate HP User Digital certificate Cluster Member Digital certificate over TLS The 1024 bit RSA signature on a digital certificate provides 80 bits of security There are 280 possibilities The probability of a successful random guess is 2 80 Since 10 6 2 80 a random attempt is very unlikely to succeed At least 80 bits of data must be ...

Page 15: ... using tamper evident labels in order to prevent the case cover from being removed without signs of tampering All circuits in the module are coated with commercial standard passivation Once the module has been configured to meet FIPS 140 2 Level 2 requirements the module cannot be accessed without signs of tampering See Section 3 3 Physical Security Assurance of this document for more information ...

Page 16: ... during first time initialization In plaintext In non volatile memory At operator delete or zeroize request Verify the signature of the server s message Krsa private 1024 bit RSA private keys Generated by ANSI X9 31 DRNG during first time initialization Never In non volatile memory At operator delete or zeroize request Sign the server s message SSH Ks SSH session 168 bit 3DES key 128 192 256 bit A...

Page 17: ...G during first time initialization never In non volatile memory At operator delete or zeroize request Sign server certificates Cluster Member RsaPub Cluster Member RSA public key 1024 or 2048 bit Input in plaintext Never In volatile memory Upon session termination Verify Cluster Member signatures TLS Ks TLS session AES or 3DES symmetric key s Derived from MS Never In volatile memory Upon session t...

Page 18: ...s Generated by ANSI X9 31 DRNG Via TLS in encrypted form encrypted with TLS Ks per client s request Encrypted in non volatile memory Per client s request or zeroize request Compute keyed MACs Client certificate X 509 certificate Input in ciphertext over TLS Via TLS in encrypted form encrypted with TLS Ks per client s request In non volatile memory Per client s request or by zeroize request Encrypt...

Page 19: ... DRNG is a FIPS 140 2 approved DRNG as specified in Annex C to FIPS PUB 140 2 2 7 3 Key CSP Zeroization All ephemeral keys are stored in volatile memory in plaintext Ephemeral keys are zeroized when they are no longer used Other keys and CSPs are stored in non volatile memory with client keys being stored in encrypted form To zeroize all keys and CSPs in the module the Crypto Officer should execut...

Page 20: ...Approved RNG Firmware upgrade integrity test Diffie Hellman primitive test The module has two error states a Soft Error state and a Fatal Error state When one or more power up self tests fail the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module enters the Soft Error state See Section 3 of this document for more information 2 9 Miti...

Page 21: ...t time initialization the operator must configure minimum settings for the module to operate correctly The operator will be prompted to configure the following settings via the serial interface Date Time Time zone IP Address Netmask Hostname Gateway Management Port 3 2 2 FIPS Mode Configuration In order to comply with FIPS 140 2 Level 2 requirements the following functionality must be disabled on ...

Page 22: ...liance in Web Administration Interface In the web administration interface the User can review the FIPS mode configuration by reading the High Security Configuration page The Crypto Officer must zeroize all keys when switching from the Approved FIPS mode of operation to the non FIPS mode and vice versa 3 3 Physical Security Assurance Serialized tamper evidence labels have been applied at four loca...

Page 23: ... of 26 2008 Hewlett Packard Company This document may be freely reproduced in its original entirety Figure 8 Tamper Evidence Labels Figure 9 provides a better view of the positioning of the tamper evidence labels over the power supplies Figure 9 Tamper Evidence Labels over Power Supplies ...

Page 24: ...tal Error state When a power up self test fails the module may enter either the Fatal Error state or the Soft Error State When a conditional self test fails the module will enter the Soft Error state The module can recover from the Fatal Error state if power is cycled or if the SKM is rebooted An HP User can reset the module when it is in the Fatal Error State No other services are available in th...

Page 25: ... Cyclic Redundancy Check CRL Certificate Revocation List CSP Critical Security Parameter DES Data Encryption Standard DRNG Deterministic Random Number Generator DSA Digital Signature Algorithm ECB Electronic Codebook EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard FTP File Transfer Protocol HDD Hard Drive HMAC Keyed Hash Message Authe...

Page 26: ...ndards and Technology NTP Network Time Protocol PCI Peripheral Component Interconnect PRNG Pseudo Random Number Generator RFC Request for Comments RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SKM Secure Key Manager SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Socket Layer TLS Transport Layer Security UID Unit Identifier USB Universal Se...

Reviews:

No comments