manualshive.com logo in svg

Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a..., Manual

Introducing the Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a... with top-notch security and high-performance storage capabilities. Unlock the full potential of your device with its user-friendly features and advanced technology. Easily download the comprehensive user manual for free from manualshive.com to fully understand and maximize its functionalities.

Share
Download
background image

                 Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series Security Policy

 

 

 

This non-proprietary Security Policy may only be copied in its entirety without alterations including this statement.  Samsung copyright 2016. 

 

Page 11 of 19 

 

The  cryptographic  module  shall  enforce  role-based  authentication  for 
security relevant services. 

 

The  cryptographic  module  shall  enforce  a  limited  operational  environment 
by the secure firmware load test using ECDSA P-224 with SHA-256. 

 

The  cryptographic  module  shall  provide  a  production-grade,  opaque,  and 
tamper-evident cryptographic boundary. 

 

The  cryptographic  module  enters  the  error  state  upon  failure  of  Self-tests. 
All commands from the Host (General Purpose Computer (GPC) outside the 
cryptographic boundary) are rejected in the error state and the cryptographic 
module  returns  an  error  code  (0x91)  via  the  status  output.  Cryptographic 
services and data output are explicitly inhibited when in the error state. 

 

The cryptographic module satisfies the requirements of FIPS 140-2 IG A.9 
(i.e. key_1 

 key_2) 

 

The  module  generates  at  a  minimum  256  bits  of  entropy  for  use  in  key 
generation. 

 

Power-on Self-tests 

Algorithm 

Test 

AES 

Encrypt KAT and Decrypt KAT for AES-256-XTS at power-on 

SHS 

KAT for SHA-256 at power-on 

DRBG 

KAT for CTR_DRBG at power-on 

ECDSA 

KAT  for  ECDSA  P-224  SHA-256  signature  verification  at 
power-on 

Exhibit 9 – Power-on Self-tests. 

 

 

F/W integrity check 

o

 

F/W  integrity  check  is  performed  by  using  212  bit  error  detection 
code at power-on 

 

Conditional Self-test 

o

 

Pairwise consistency: N/A 

o

 

Bypass Test: N/A 

o

 

Manual key entry test: N/A 

o

 

F/W load test 

 

F/W load test is performed by using ECDSA algorithm with P-
224 and SHA-256 

o

 

Continuous random number generator test on Approved DRBG 

o

 

Continuous random number generator test on NDRNG 

 

 

Summary of Contents for SAS 12G TCG Enterprise SSC SEDs PM1633a...

Page 1: ...in its entirety without alterations including this statement Samsung Copyright 2016 Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series FIPS 140 2 Security Policy Document Revision 1 0 H W Version MZILS7T6HMLS 000H9 and MZILS15THMLS 000H9 F W Version 3P00 ...

Page 2: ...tement Samsung copyright 2016 Page 2 of 19 Table of Contents Introduction 4 Cryptographic Boundary 4 Security Level Specification 7 Approved Algorithms 8 Non Approved Algorithms 9 Physical Ports and Logical Interfaces 9 Identification and Authentication Policy 12 Access Control Policy 14 Unauthenticated Services 17 Physical Security Policy 18 Mitigation of Other Attacks Policy 19 ...

Page 3: ...Series Security Policy This non proprietary Security Policy may only be copied in its entirety without alterations including this statement Samsung copyright 2016 Page 3 of 19 Revision History Author s Version Updates SeungJae Lee 1 0 Initial Version ...

Page 4: ... user data via cryptographic erase Module Name Hardware Version Firmware Version Drive Capacity Samsung SAS 12G TCG Enterprise SSC SED PM1633a MZILS7T6HMLS 000H9 3P00 7 6TB MZILS15THMLS 000H9 3P00 15 2TB Exhibit 1 Versions of Samsung SAS 12G TCG Enterprise SSC SED PM1633a Series Cryptographic Boundary The following photographs show the cryptographic module s top and bottom views The multiple chip ...

Page 5: ...y be copied in its entirety without alterations including this statement Samsung copyright 2016 Page 5 of 19 Exhibit 2 Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series Cryptographic Boundary From top to bottom Left to right top side bottom side front side back side left side and right side ...

Page 6: ...SAS 12G TLC MLC SSD Controller Sub CTRL Falconet Controller SAMSUNG Sub Controller SAS I F Serial Attached SCSI Interface CPU Central Processing Unit ARM based DRAM I F Dynamic Random Access Memory Interface ECC Error Correcting Code NAND I F NAND Flash Interface PMIC Power Management Integrated Circuit ROM Read only Memory DRAM Dynamic Random Access Memory NAND NAND Flash Memory LBA Logical Block...

Page 7: ...ht 2016 Page 7 of 19 Security Level Specification Security Requirements Area Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N A Cryptographic Key Management 2 EMI EMC 3 Self tests 2 Design Assurance 2 Mitigation of Other Attacks N A Exhibit 5 Security Level T...

Page 8: ...E XTS 256 bit Data Encryption Decryption Note AES ECB is the pre requisite for AES XTS AES ECB alone is NOT supported by the cryptographic module in FIPS Mode 121 DRBG SP 800 90A Revision 1 CTR_ DRBG AES 256 Deterministic Random Bit Generation 932 ECDSA FIPS 186 4 SigVer P 224 Digital Signature Verification 3382 SHS FIPS 180 4 SHA 256 Message Digest Exhibit 6 Samsung SAS 12G TCG Enterprise SSC SED...

Page 9: ...ryptographic module supports the following non Approved but allowed algorithms Algorithm Caveat Use NDRNG Non deterministic Random Number Generator only used for generating seed materials for the Approved DRBG Exhibit 7 Samsung SAS 12G TCG Enterprise SSC SED PM1633a Series non Approved but allowed algorithms Physical Ports and Logical Interfaces Physical Port Logical Interface SAS Connector Data I...

Page 10: ...on is equivalent to the version s listed in this document via SCSI Inquiry command o Step3 Take the drive s ownership Change SID s PIN by setting a new PIN Change EraseMaster s PIN by setting a new PIN Erase Method on each LBA Range to rekey the encryption key Change BandMaster0 7 s PIN by setting new PINs Configure the LBA Range s by setting ReadLockEnabled and WriteLockEnabled columns to True Do...

Page 11: ...raphic module returns an error code 0x91 via the status output Cryptographic services and data output are explicitly inhibited when in the error state The cryptographic module satisfies the requirements of FIPS 140 2 IG A 9 i e key_1 key_2 The module generates at a minimum 256 bits of entropy for use in key generation Power on Self tests Algorithm Test AES Encrypt KAT and Decrypt KAT for AES 256 X...

Page 12: ...ed with the probability of 1 248 or lower Each authentication attempt takes at least 133ms and the number of attempts is limited to TryLimit which is set to 5 in manufacturing time Since the module takes at least 8 seconds to be ready after power on and 5 authentication failures require a power cycle it takes 8665ms for every 5th authentication attempt Therefore the probability of multiple random ...

Page 13: ...Authentication Mechanism Strength of Mechanism Password Min 6 bytes Max 32 bytes Authentication Probability of 1 248 in a single random attempt Probability of 35 248 in multiple random attempts in a minute ECDSA Signature Verification Probability of 1 2112 in a single random attempt Probability of 60 1000 2000 2112 in multiple random attempts in a minute Exhibit 11 Strengths of Authentication Mech...

Page 14: ...eed Generation via NDRNG Storage N A Zeroization via Initialization service and Zeroize service DRBG Entropy Input String Generation via NDRNG Storage N A Zeroization via Initialization service and Zeroize service CO Password Generation N A Storage Plaintext in DRAM and Flash Zeroization via Initialization service and Zeroize service User Password Generation N A Storage Plaintext in DRAM and Flash...

Page 15: ...ations including this statement Samsung copyright 2016 Page 15 of 19 The cryptographic module contains the following Public Key Public Keys Generation Storage and Zeroization Methods FW Verification Key ECDSA Public Key Generation N A Storage Plaintext in Flash Zeroization N A Exhibit 13 Public Keys and details on Generation Storage and Zeroization Methods ...

Page 16: ...itialization DRBG Internal State DRBG Seed DRBG Entropy Input String CO Password MEK Z G R Z G R Z G R Z W Z G Enable Disable FW Download Service N A N A Drive Extended Status N A N A Erase an LBA Range s Password MEK DRBG Internal State DRBG Seed DRBG Entropy Input String MEK User Password Z G R Z G R Z G R Z G Z W Zeroize DRBG Internal State DRBG Seed DRBG Entropy Input String CO Password User P...

Page 17: ...pe s of Access R Read Z Zeroize G Generate Cryptographic Officer User and FW Loader Zeroize DRBG Internal State DRBG Seed DRBG Entropy Input String Password MEK Z Z Z Z Z Cryptographic Officer User and FW Loader Get Random Number DRBG Internal State DRBG Seed DRBG Entropy Input String Z G R Z G R Z G R Cryptographic Officer User and FW Loader Get MSID N A N A Cryptographic Officer User and FW Load...

Page 18: ...is easily detected when the top and bottom cases are detached 2 tamper evident labels are applied over both top and bottom cases of the module at the factory The tamper evident labels are not removed and reapplied without tamper evidence The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained Physical Security Mechanisms ...

Page 19: ...s including this statement Samsung copyright 2016 Page 19 of 19 Exhibit 17 Signs of Tamper Mitigation of Other Attacks Policy The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140 2 Other Attacks Mitigation Mechanism Specific Limitations N A N A N A Exhibit 18 Mitigation of Other Attacks FIPS 140 2 Table C6 ...

Reviews:

No comments

Related manuals for SAS 12G TCG Enterprise SSC SEDs PM1633a...

ETAS FETK-S2.1 User Manual preview
FETK-S2.1
Brand: ETAS Pages: 69
Profile LS901-E1 Instruction Manual preview
LS901-E1
Brand: Profile Pages: 6
Lorex LNR100 SERIES Instruction Manual preview
LNR100 SERIES
Brand: Lorex Pages: 186
AXIOMTEK tBOX330-870-FL Series Quick Installation Manual preview
tBOX330-870-FL Series
Brand: AXIOMTEK Pages: 2
Funkwerk TR 200 aw/ bw Operating Instructions preview
TR 200 aw/ bw
Brand: Funkwerk Pages: 2
Black Box JPM083A Manual preview
JPM083A
Brand: Black Box Pages: 9
ZALMAN CNPS6500B-AlCu User Manual preview
CNPS6500B-AlCu
Brand: ZALMAN Pages: 4
IEI Technology PUZZLE-IN003B User Manual preview
PUZZLE-IN003B
Brand: IEI Technology Pages: 86
Dahua Technology Lite N42B1P Series Quick Start Manual preview
Lite N42B1P Series
Brand: Dahua Technology Pages: 14
Adaptec AAA-130SA SERIES Installation And Hardware Manual preview
AAA-130SA SERIES
Brand: Adaptec Pages: 94
M86 Security M86 Web Filter User Manual preview
M86 Web Filter
Brand: M86 Security Pages: 309
IDT Digital Encoder Plus User Manual preview
Digital Encoder Plus
Brand: IDT Pages: 98
Supermicro Optane Persistent Memory 200 Series User Manual preview
Optane Persistent Memory 200 Series
Brand: Supermicro Pages: 54
Idis DR-6308P Quick Manual preview
DR-6308P
Brand: Idis Pages: 20
Ubiquiti UniFi LED ULED-AT Quick Start Manual preview
UniFi LED ULED-AT
Brand: Ubiquiti Pages: 16
Segger J-Link-OB-STM32F072-128KB User Manual preview
J-Link-OB-STM32F072-128KB
Brand: Segger Pages: 18
Seagate CHEETAH ST34501FC Product Manual preview
CHEETAH ST34501FC
Brand: Seagate Pages: 68
Omron NJ501-1300 User Manual preview
NJ501-1300
Brand: Omron Pages: 432

Brands by name

Popular brands

Load more brands