Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series Security Policy
This non-proprietary Security Policy may only be copied in its entirety without alterations including this statement. Samsung copyright 2016.
Page 12 of 19
Identification and Authentication Policy
The following table defines the roles, type of authentication, and associated
authenticated data types supported by the cryptographic module:
Role
Authentication Data
CO Role
Password
User Role
Password
FW Loader
ECDSA
Exhibit 10 - Roles and Required Identification and Authentication
(FIPS 140-2 Table C1).
The authentication mechanism allows 6-byte length or longer Password, where
each byte can be any of 0x00 to 0xFF, for every Cryptographic Officer and User
role supported by the module, which means a single random attempt can succeed
with the probability of 1/2
48
or lower.
Each authentication attempt takes at least 133ms and the number of attempts is
limited to TryLimit, which is set to 5 in manufacturing time. Since the module
takes at least 8 seconds to be ready after power-on and 5 authentication failures
require a power-cycle, it takes 8665ms for every 5th authentication attempt.
Therefore, the probability of multiple random attempts to succeed in one minute is
35 / 2
48
, which is much less than the FIPS 140-2 requirement 1/100,000.
The authentication mechanism for FW Loader role is ECDSA P-224 with SHA256
digital signature verification, which means a single random attempt, can succeed
with the probability of 1/2
112
.
Each authentication attempt takes at least 2 seconds, which enforces the maximum
number of attempts to be no more than (60*1000)/2000 in one minute. Therefore,
the probability of multiple random attempts to succeed in one minute is
{(60*1000)/2000}/2
112
, which is much less than the FIPS 140-2 requirement
1/100,000.
