manualshive.com logo in svg

Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a..., Руководство пользователя

Энтерпрайз SAS 12G TCG SEDs PM1633a от Samsung - это безопасное хранилище данных для вашего бизнеса. Скачайте бесплатное руководство по эксплуатации на manualshive.com, чтобы изучить все возможности этого продукта. Улучшите защиту вашей информации с помощью этого прочного и надежного устройства.

Поделиться
Скачать
background image

                 Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series Security Policy

 

 

 

This non-proprietary Security Policy may only be copied in its entirety without alterations including this statement.  Samsung copyright 2016. 

 

Page 8 of 19 

Approved Algorithms 

The cryptographic module supports the following Approved algorithms for secure 
data storage: 

 

CAVP 

Cert. 

Algorithm 

Standard 

Mode / 

Method 

Key Lengths, 

Curves or Moduli 

Use 

617 

AES 

FIPS 197 

SP 800-38A 

ECB 

256-bit 

Data Encryption / 

Decryption 

 

Note: AES-ECB is 

only utilized as the 

pre-requisite for 

DRBG #121; no 

other modes or key 

sizes are used and it 

is not otherwise 

exposed in this 

implementation 

whatsoever.

 

3213 

AES 

FIPS 197 

SP 800-38E 

XTS 

256-bit 

Data Encryption / 

Decryption 

 

Note: AES-ECB is 

the pre-requisite for 

AES-XTS; AES-ECB 

alone is NOT 

supported by the 

cryptographic 

module in FIPS 

Mode.

 

121 

DRBG 

SP 800-90A 

Revision 1 

CTR_ DRBG 

AES-256 

Deterministic 

Random Bit 

Generation

 

932 

ECDSA 

FIPS 186-4 

SigVer 

P-224 

Digital Signature 

Verification 

3382 

SHS 

FIPS 180-4 

SHA-256 

 

Message Digest 

Exhibit 6 - Samsung SAS 12G TCG Enterprise SSC SED PM1633a Series 
Approved Algorithms. 

 
NOTE 1: The cryptographic module implements LSI Corporation’s LSI-CS 
DRBG in its original entirety without alteration. (I.e. there have been no 
changes to the cryptographic algorithm boundary whatsoever).  Testing was 
carried out by LSI in a Synopsys VCS simulation environment; additional 
algorithm validation testing in not required as per FIPS 140-2 IG G.11 
 
NOTE 2: This module supports AES-XTS which is only approved for 
storage applications. 
 

Содержание SAS 12G TCG Enterprise SSC SEDs PM1633a...

Страница 1: ...in its entirety without alterations including this statement Samsung Copyright 2016 Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series FIPS 140 2 Security Policy Document Revision 1 0 H W Version MZILS7T6HMLS 000H9 and MZILS15THMLS 000H9 F W Version 3P00 ...

Страница 2: ...tement Samsung copyright 2016 Page 2 of 19 Table of Contents Introduction 4 Cryptographic Boundary 4 Security Level Specification 7 Approved Algorithms 8 Non Approved Algorithms 9 Physical Ports and Logical Interfaces 9 Identification and Authentication Policy 12 Access Control Policy 14 Unauthenticated Services 17 Physical Security Policy 18 Mitigation of Other Attacks Policy 19 ...

Страница 3: ...Series Security Policy This non proprietary Security Policy may only be copied in its entirety without alterations including this statement Samsung copyright 2016 Page 3 of 19 Revision History Author s Version Updates SeungJae Lee 1 0 Initial Version ...

Страница 4: ... user data via cryptographic erase Module Name Hardware Version Firmware Version Drive Capacity Samsung SAS 12G TCG Enterprise SSC SED PM1633a MZILS7T6HMLS 000H9 3P00 7 6TB MZILS15THMLS 000H9 3P00 15 2TB Exhibit 1 Versions of Samsung SAS 12G TCG Enterprise SSC SED PM1633a Series Cryptographic Boundary The following photographs show the cryptographic module s top and bottom views The multiple chip ...

Страница 5: ...y be copied in its entirety without alterations including this statement Samsung copyright 2016 Page 5 of 19 Exhibit 2 Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series Cryptographic Boundary From top to bottom Left to right top side bottom side front side back side left side and right side ...

Страница 6: ...SAS 12G TLC MLC SSD Controller Sub CTRL Falconet Controller SAMSUNG Sub Controller SAS I F Serial Attached SCSI Interface CPU Central Processing Unit ARM based DRAM I F Dynamic Random Access Memory Interface ECC Error Correcting Code NAND I F NAND Flash Interface PMIC Power Management Integrated Circuit ROM Read only Memory DRAM Dynamic Random Access Memory NAND NAND Flash Memory LBA Logical Block...

Страница 7: ...ht 2016 Page 7 of 19 Security Level Specification Security Requirements Area Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N A Cryptographic Key Management 2 EMI EMC 3 Self tests 2 Design Assurance 2 Mitigation of Other Attacks N A Exhibit 5 Security Level T...

Страница 8: ...E XTS 256 bit Data Encryption Decryption Note AES ECB is the pre requisite for AES XTS AES ECB alone is NOT supported by the cryptographic module in FIPS Mode 121 DRBG SP 800 90A Revision 1 CTR_ DRBG AES 256 Deterministic Random Bit Generation 932 ECDSA FIPS 186 4 SigVer P 224 Digital Signature Verification 3382 SHS FIPS 180 4 SHA 256 Message Digest Exhibit 6 Samsung SAS 12G TCG Enterprise SSC SED...

Страница 9: ...ryptographic module supports the following non Approved but allowed algorithms Algorithm Caveat Use NDRNG Non deterministic Random Number Generator only used for generating seed materials for the Approved DRBG Exhibit 7 Samsung SAS 12G TCG Enterprise SSC SED PM1633a Series non Approved but allowed algorithms Physical Ports and Logical Interfaces Physical Port Logical Interface SAS Connector Data I...

Страница 10: ...on is equivalent to the version s listed in this document via SCSI Inquiry command o Step3 Take the drive s ownership Change SID s PIN by setting a new PIN Change EraseMaster s PIN by setting a new PIN Erase Method on each LBA Range to rekey the encryption key Change BandMaster0 7 s PIN by setting new PINs Configure the LBA Range s by setting ReadLockEnabled and WriteLockEnabled columns to True Do...

Страница 11: ...raphic module returns an error code 0x91 via the status output Cryptographic services and data output are explicitly inhibited when in the error state The cryptographic module satisfies the requirements of FIPS 140 2 IG A 9 i e key_1 key_2 The module generates at a minimum 256 bits of entropy for use in key generation Power on Self tests Algorithm Test AES Encrypt KAT and Decrypt KAT for AES 256 X...

Страница 12: ...ed with the probability of 1 248 or lower Each authentication attempt takes at least 133ms and the number of attempts is limited to TryLimit which is set to 5 in manufacturing time Since the module takes at least 8 seconds to be ready after power on and 5 authentication failures require a power cycle it takes 8665ms for every 5th authentication attempt Therefore the probability of multiple random ...

Страница 13: ...Authentication Mechanism Strength of Mechanism Password Min 6 bytes Max 32 bytes Authentication Probability of 1 248 in a single random attempt Probability of 35 248 in multiple random attempts in a minute ECDSA Signature Verification Probability of 1 2112 in a single random attempt Probability of 60 1000 2000 2112 in multiple random attempts in a minute Exhibit 11 Strengths of Authentication Mech...

Страница 14: ...eed Generation via NDRNG Storage N A Zeroization via Initialization service and Zeroize service DRBG Entropy Input String Generation via NDRNG Storage N A Zeroization via Initialization service and Zeroize service CO Password Generation N A Storage Plaintext in DRAM and Flash Zeroization via Initialization service and Zeroize service User Password Generation N A Storage Plaintext in DRAM and Flash...

Страница 15: ...ations including this statement Samsung copyright 2016 Page 15 of 19 The cryptographic module contains the following Public Key Public Keys Generation Storage and Zeroization Methods FW Verification Key ECDSA Public Key Generation N A Storage Plaintext in Flash Zeroization N A Exhibit 13 Public Keys and details on Generation Storage and Zeroization Methods ...

Страница 16: ...itialization DRBG Internal State DRBG Seed DRBG Entropy Input String CO Password MEK Z G R Z G R Z G R Z W Z G Enable Disable FW Download Service N A N A Drive Extended Status N A N A Erase an LBA Range s Password MEK DRBG Internal State DRBG Seed DRBG Entropy Input String MEK User Password Z G R Z G R Z G R Z G Z W Zeroize DRBG Internal State DRBG Seed DRBG Entropy Input String CO Password User P...

Страница 17: ...pe s of Access R Read Z Zeroize G Generate Cryptographic Officer User and FW Loader Zeroize DRBG Internal State DRBG Seed DRBG Entropy Input String Password MEK Z Z Z Z Z Cryptographic Officer User and FW Loader Get Random Number DRBG Internal State DRBG Seed DRBG Entropy Input String Z G R Z G R Z G R Cryptographic Officer User and FW Loader Get MSID N A N A Cryptographic Officer User and FW Load...

Страница 18: ...is easily detected when the top and bottom cases are detached 2 tamper evident labels are applied over both top and bottom cases of the module at the factory The tamper evident labels are not removed and reapplied without tamper evidence The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained Physical Security Mechanisms ...

Страница 19: ...s including this statement Samsung copyright 2016 Page 19 of 19 Exhibit 17 Signs of Tamper Mitigation of Other Attacks Policy The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140 2 Other Attacks Mitigation Mechanism Specific Limitations N A N A N A Exhibit 18 Mitigation of Other Attacks FIPS 140 2 Table C6 ...

Отзывы:

Нет отзывов

Похожие инструкции для SAS 12G TCG Enterprise SSC SEDs PM1633a...

Samsung AllShare Cast Dongle Quick Start Manual preview
AllShare Cast Dongle
Бренд: Samsung Страницы: 2
D-Link DSL-2750U Setup preview
DSL-2750U
Бренд: D-Link Страницы: 14
Broadcom Brocade X6-8 Director Hardware Installation Manual preview
Brocade X6-8 Director
Бренд: Broadcom Страницы: 207
MF DIGITAL DIRECTOR PRO series Operator'S Manual preview
DIRECTOR PRO series
Бренд: MF DIGITAL Страницы: 79
UfiSpace S9600-64X Hardware Installation Manual preview
S9600-64X
Бренд: UfiSpace Страницы: 35
Point of View SmartTV 210 User Manual preview
SmartTV 210
Бренд: Point of View Страницы: 13
Lutron Electronics Smart Bridge Quick Start Manual preview
Smart Bridge
Бренд: Lutron Electronics Страницы: 4
A4Tech RH-10 User Manual preview
RH-10
Бренд: A4Tech Страницы: 8
Dataprobe iBoot-Exp Manual preview
iBoot-Exp
Бренд: Dataprobe Страницы: 5
KonNad SinoCon C2000-C2-SHK0401-BB1 User Manual preview
SinoCon C2000-C2-SHK0401-BB1
Бренд: KonNad Страницы: 12
Dahua NVR41-4KS2 Series User Manual preview
NVR41-4KS2 Series
Бренд: Dahua Страницы: 452
Ubiquiti airMAX NanoBridge M NBM3 Quick Start Manual preview
airMAX NanoBridge M NBM3
Бренд: Ubiquiti Страницы: 24
Tripp Lite SmartRack SR25UBEXP Specifications preview
SmartRack SR25UBEXP
Бренд: Tripp Lite Страницы: 4
Cypress Semiconductor CY7C1410JV18 Specification Sheet preview
CY7C1410JV18
Бренд: Cypress Semiconductor Страницы: 26
Digital Equipment ChannelWorks Network Installer Manual preview
ChannelWorks
Бренд: Digital Equipment Страницы: 90
PowerLogix PowerForce G4 '47 Installation Instructions Manual preview
PowerForce G4 '47
Бренд: PowerLogix Страницы: 12
Alphacool HDX Pro Air Manual preview
HDX Pro Air
Бренд: Alphacool Страницы: 3
Radionics D6600 NetCom System Manual preview
D6600 NetCom
Бренд: Radionics Страницы: 100

Бренды по названию

Популярные бренды

Загрузить еще бренды