Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

Similar documents
FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

FIPS Non-Proprietary Security Policy

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.

Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

Lexmark PrintCryption TM (Firmware Version 1.3.1)

This Security Policy describes how this module complies with the eleven sections of the Standard:

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Silent Circle Mobile Application Cryptographic Module

FIPS Non-Proprietary Security Policy. Cotap Cryptographic Module. Software Version 1.0. Document Version 1.4.

IOS Common Cryptographic Module (IC2M)

VMware, Inc. VMware Horizon JCE (Java Cryptographic Extension) Module

Cisco VPN 3002 Hardware Client Security Policy

FIPS Security Policy

Symantec Corporation

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

FEITIAN Technologies Company, LTD epass Token Hardware Version: FIPS Non-Proprietary Security Policy

Dell SonicWALL. NSA 220, NSA 220W and NSA 240. FIPS Non-Proprietary Security Policy

FIPS Security Policy

Dolby IMS-SM FIPS Level 2 Validation. Nonproprietary Security Policy Version: 4

Sony Security Module. Security Policy

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Imprivata FIPS Cryptographic Module Non-Proprietary Security Policy Version: 2.9 Date: August 10, 2016

Symantec Corporation Symantec Cryptographic Module Software Version: 1.1. FIPS Non-Proprietary Security Policy

Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013

Acme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018

FIPS Level 1 Validation March 31, 2011 Version 1.12

FIPS Non-Proprietary Security Policy. FIPS Security Level: 1 Document Version: 1.8

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Acme Packet 3820 and Acme Packet 4500

Dell Software, Inc. Dell SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA FIPS Non-Proprietary Security Policy

ProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy

CoSign Hardware version 7.0 Firmware version 5.2

FireEye CM Series: CM-4400, CM-7400, CM-9400

FireEye NX Series: NX-900, NX1400, NX-2400, NX-4400, NX4420, NX-7400, NX-7420, NX7500, NX-10000, NX-9450, NX10450

Comtech EF Data Corporation SLM-5650A TRANSEC Module Hardware Version: 1.2; Firmware Version: FIPS Non-Proprietary Security Policy

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

econet smart grid gateways: econet SL and econet MSA FIPS Security Policy

FIPS Security Policy

FIPS SECURITY POLICY FOR

EgoSecure GmbH. EgoSecure Full Disk Encryption (FDE) Cryptographic Module. FIPS Security Policy

Hitachi Virtual Storage Platform (VSP) Encryption Board. FIPS Non-Proprietary Cryptographic Module Security Policy

Cisco Systems 5760 Wireless LAN Controller

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

FIPS Non-Proprietary Security Policy. Acme Packet FIPS Level 2 Validation. Hardware Version: Firmware Version: E-CZ8.0.

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010

Hydra PC FIPS Sector-based Encryption Module Security Policy

Polycom, Inc. VSX 3000, VSX 5000, and VSX 7000s (Firmware version: ) FIPS Non-Proprietary Security Policy

AirMagnet SmartEdge Sensor A5200, A5205, A5220, and A5225 Security Policy

Route1 FIPS Cryptographic Module

Avaya, Inc. Secure Router 2330 Hardware Version: SR2330; Firmware Version: FIPS Non-Proprietary Security Policy

FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402

WatchKey USB Token Cryptographic Module Model Number: K6 Smart Card Chip: Z32L256D32U PCB: K003010A Firmware Version: 360C6702

Security Policy Document Version 3.3. Tropos Networks

Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module Security Policy

RSA BSAFE Crypto-C Micro Edition Security Policy

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

Samsung FIPS BC for Mobile Phone and Tablet FIPS Security Policy

1 INTRODUCTION CRYPTOGRAPHIC MODULE SPECIFICATION... 9

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 0.

Credant CmgCryptoLib Version 1.7 Credant Cryptographic Kernel Version 1.5 FIPS Non-Proprietary Security Policy, Version 1.7 Level 1 Validation

FIPS Non-Proprietary Security Policy

Barco ICMP FIPS Non-Proprietary Security Policy

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

Cryptographic Algorithm Validation Program:

RSA BSAFE Crypto-J JSAFE and JCE Software Module Security Policy Level 2 Roles, Services and Authentication

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1

Non-Proprietary Security Policy Version 1.1

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

STS Secure for Windows XP, Embedded XP Security Policy Document Version 1.4

FIPS Cryptographic Module Security Policy Entrust Authority Security Toolkit for the Java Platform

IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07. Security Policy

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy

SecureDoc Disk Encryption Cryptographic Engine

FIPS Security Policy UGS Teamcenter Cryptographic Module

Apple Inc. Apple OS X CoreCrypto Kernel Module, v5.0 FIPS Non-Proprietary Security Policy

Inside the World of Cryptographic Algorithm Validation Testing. Sharon Keller CAVP Program Manager NIST ICMC, May 2016

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: Winterson Road Linthicum, MD 21090

SafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY

Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017

Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)

Motorola PTP 800 Series CMU Cryptographic Module Security Policy

HP LTO-5 Tape Drive. FIPS Non-Proprietary Security Policy

WatchKey ProX USB Token Cryptographic Module Hardware Version: K023314A Firmware Version:

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 1 Roles, Authentication and Services

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 2 Roles, Authentication and Services

Introduction to FIPS ICMC Steve Weingart. Principal Consultant, CISA, CRISC, TX PI

NIST Cryptographic Toolkit

Blue Ridge Networks BorderGuard 4000/3140. FIPS Security Policy

Alcatel-Lucent. Alcatel-Lucent VPN Firewall Brick 50

Oracle Linux 7 OpenSSH Server Cryptographic Module

Oracle Linux 6 OpenSSH Server Cryptographic Module

SMPTE Standards Transition Issues for NIST/FIPS Requirements

IBM LTO Generation 6 Encrypting Tape Drive. FIPS Non-Proprietary Security Policy

Security Policy. 10 th March 2005

Transcription:

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.3 Hewlett-Packard Development Company, 3000 Hanover Street Palo Alto, CA 94394 Phone: (650) 857-1501 http://www.hp.com

TableofContents 1 INTRODUCTION... 3 1.1 PURPOSE...3 1.2 REFERENCES...3 1.3 DOCUMENT ORGANIZATION... 3 2 NSVLE... 4 2.1 OVERVIEW...4 2.2 MODULE SPECIFICATION... 5 2.2.1 Physical Cryptographic Boundary...5 2.2.2 Logical Cryptographic Boundary...6 2.3 MODULE INTERFACES... 8 2.4 ROLES AND SERVICES... 8 2.4.1 Crypto Officer Role... 9 2.4.2 User Role... 9 2.5 PHYSICAL SECURITY... 10 2.6 OPERATIONAL ENVIRONMENT... 10 2.7 CRYPTOGRAPHIC KEY MANAGEMENT... 10 2.8 SELF TESTS... 14 2.9 MITIGATION OF OTHER ATTACKS... 14 3 SECURE OPERATION... 15 3.1 INITIAL SETUP... 15 3.2 SECURE MANAGEMENT... 15 3.2.1 Initialization... 15 3.2.2 Assumptions... 15 4 ACRONYMS... 16 TableofFigures FIGURE 1 ARCHITECTURE OF NSVLE ENVIRONMENT... 4 FIGURE 2 BLOCK DIAGRAM OF AN HP PROLIANT SYSTEM... 6 FIGURE 3 NSVLE LOGICAL BOUNDARY... 7 FIGURE 4 NSVLE LOGICAL OPERATING ENVIRONMENT... 7 ListofTables TABLE 1 SECURITY LEVEL PER FIPS 140 2 SECTION... 5 TABLE 2 FIPS 140 2 LOGICAL INTERFACES... 8 TABLE 3 MAPPING OF CRYPTO OFFICER SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS... 9 TABLE 4 MAPPING OF USER SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS... 9 TABLE 5 FIPS APPROVED ALGORITHM IMPLEMENTATIONS... 10 TABLE 6 LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS... 12 TABLE 7 CRYPTOGRAPHIC MODULE PUBLIC KEYS... 13 TABLE 8 ACRONYMS... 16 HP NonStop Volume Level Encryption Page 2 of 17

1 Introduction 1.1 Purpose This is a non proprietary Cryptographic Module Security Policy for the NonStop Volume Level Encryption (NSVLE) from Hewlett-Packard Development Company, L.P. This Security Policy describes how the NonStop Volume Level Encryption meets the security requirements of FIPS 140 2 and how to run the module in a secure FIPS 140 2 mode. This policy was prepared as part of the Level 1 FIPS 140 2 validation of the module. FIPS 140 2 (Federal Information Processing Standards Publication 140 2 Security Requirements for Cryptographic Modules) details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140 2 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Communication Security Establishment Canada (CSEC): http://csrc.nist.gov/groups/stm/cmvp. The NonStop Volume Level Encryption is referred to in this document as NSVLE or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140 2 cryptographic module security policy. More information is available on the module from the following sources: The HP website (http://www.hp.com) contains information on the full line of products from HP. For any related questions regarding the NSVLE please contact HP. 1.3 Document Organization The Security Policy document is one document in a FIPS 140 2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence Document Finite State Model Other supporting documentation as additional references With the exception of this Non Proprietary Security Policy, the FIPS 140 2 Submission Package is proprietary to HP and is releasable only under appropriate non disclosure agreements. For access to these documents, please contact HP. HP NonStop Volume Level Encryption Page 3 of 17

2 NSVLE This section describes the NonStop Volume Level Encryption (NSVLE) module from HP. 2.1 Overview Hewlett Packard s NonStop technology has been leading the way for over three decades, providing reliable solutions for the most demanding enterprises. The NonStop platform is used in complex computing environments, where business critical applications need 24 x 7 availability, extreme scalability, and fault tolerance. NonStop plays an important role in major industries and markets, including finance, healthcare, telecommunications, manufacturing, retail, and government. HP NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure. NSVLE is intended to be used by systems with a NonStop infrastructure that include at a minimum the following components: HP Integrity NonStop NS Series or BladeSystem servers for application support HP Enterprise Secure Key Manager (ESKM) for FIPS-Approved key generation and retrieval (FIPS Validation Certificate#1922) HP Storage Cluster I/O Modules (CLIM) for connecting disk and tape media Storage devices such as SAS (Serial Attached SCSI 1 ) disks, StorageWorks XP Disk Arrays, and LTO 2 Generation 5 tape devices Within this infrastructure, NSVLE resides as a software module on each Storage CLIM and provides data at rest encryption for supported SAS and Fibre Channel connected storage devices. Figure 1 provides an illustration of the NonStop architecture. Figure 1 Architecture of NSVLE Environment 1 SCSI Small Computer System Interface 2 LTO Linear Tape-Open HP NonStop Volume Level Encryption Page 4 of 17

CLIMs, specifically Storage CLIMs in this document, are HP ProLiant class servers that act as adapters for disks and tapes, using advanced caching technology that speeds up processing. Communication between NonStop servers and CLIMs is done with a combination of the Maintenance LAN and ServerNet, the core interconnectivity technology for NonStop systems. The CLIMs are connected directly to the Enterprise LAN so that they can communicate with the key manager (ESKM) cluster. Interactions between the ESKM and CLIM must be authenticated using certificates and encrypted through TLS 3, so that the CLIM can securely receive keys from the ESKM. NSVLE provides both initial volume encryption and then subsequent ongoing encryption of data with key rotation, all the while keeping data online, even during write operations. Existing applications can read and write data normally while data is automatically encrypted and decrypted as it passes through the CLIM. The NonStop Volume Level Encryption is validated at the following FIPS 140 2 section levels: Table 1 Security Level Per FIPS 140 2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 8 EMI/EMC 4 1 9 Self tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 2.2 Module Specification The NonStop Volume Level Encryption is a software module with a multi chip standalone embodiment. The overall FIPS security level of the module is 1. The following sections will define the physical and logical boundaries of the NSVLE module. 2.2.1 Physical Cryptographic Boundary As a software cryptographic module, there are no physical protection mechanisms implemented. The module must rely on the physical characteristics of host systems, which were not tested as part of this FIPS 140 2 validation. NSVLE has been tested on the HP Storage CLIM hardware platform, which is a HP ProLiant class server. The physical boundary of the cryptographic module is the HP ProLiant chassis, which encloses the complete set of hardware and software, including the operating system and the module. See Figure 2 below for a block diagram of a ProLiant host system. 3 TLS Transport Layer Security 4 EMI/EMC Electromagnetic Interference / Electromagnetic Compatibility HP NonStop Volume Level Encryption Page 5 of 17

Figure 2 Block Diagram of an HP ProLiant System 2.2.2 Logical Cryptographic Boundary NSVLE is a software implementation, as shown in Figure 3, which resides on each CLIM and consists of three components: Kryptonmod Cryptographic engine (loadable kernel module) providing data encryption and decryption of disk data using the XTS 5 -AES 6 and AES-CBC 7 algorithms. ESKM client API 8 library ( l i b i c a p i ) Cryptographic engine providing Enterprise Secure Key Manager interface support to allow key generation, secure key retrieval, and secure communication with the ESKM appliance. An ESKM appliance is a FIPS-validated server that can create, store, and manage millions of encryption keys. KM 9 client application A client application that communicates with the NonStop Servers and external ESKM cluster node. KM client application interfaces with the ESKM client API library to request keys and key attributes from the ESKM appliance via a TLS session. Figure 4 shows a logical block diagram of the module executing in and interacting with CLIM host application software. 5 XTS XEX (XOR Encrypt XOR) Tweakable Block Cipher with Ciphertext Stealing 6 AES Advanced Encryption Standard 7 CBC Cipher Block Chaining 8 API Application programming interface 9 KM Key Manager HP NonStop Volume Level Encryption Page 6 of 17

Figure 3 NSVLE Logical Boundary Figure 4 NSVLE Logical Operating Environment HP NonStop Volume Level Encryption Page 7 of 17

2.3 Module Interfaces The module s logical interfaces exist in the software as both an API as well as a Command Line interface (CLI). Physically, ports and interfaces are considered to be those of the host server. The CLI, API, and physical interfaces can be categorized into following interfaces defined by FIPS 140 2: Data Input Interface Data Output Interface Data Control Interface Status Output Interface Power Interface A mapping of the FIPS 140 2 logical interfaces, the physical interfaces, and the module can be found in the following table: Table 2 FIPS 140 2 Logical Interfaces FIPS 140 2 Interface Physical Interface Logical Interface Data Input Data Output Control Input Status Output Mouse/Keyboard, Serial, USB, ServerNet, Fibre Channel, SAS/SATA, PCI, and DVD/CD drive Monitor, Serial, USB, ServerNet, Fibre Channel, SAS/SATA, PCI, and DVD/CD drive Mouse/Keyboard, Serial, ilo, and Network Monitor, Serial, USB, Network, ServerNet, Fibre Channel, SAS/SATA, and PCI Power Power ports Not Applicable Arguments for API calls that contain data to be used or processed by the module Arguments for API calls that contain module response data to be used or processed by the caller CLI, API Function calls and arguments that initiate and control the operation of the module Return values from API function calls, error messages 2.4 Roles and Services NSLVE does not perform authentication of any operators. It relies on the authentication mechanisms supported by the operating system on which it runs. The module supports the following roles: Crypto Officer (CO) and User. Both roles are implicitly assumed when services are executed. Note 1: The following definitions are used in Table 3 and Table 4 for CSP 10 and Type of Access. R Read: The plaintext CSP is read by the service. W Write: The CSP is established, generated, modified, or zeroized by the service. X Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Note 2: Input and Output parameters of an API call that are not specifically plaintext, ciphertext, or a CSP are NOT itemized in the Input and Output columns, since it is assumed that most API calls will have such parameters. 10 CSP Critical Security Parameter HP NonStop Volume Level Encryption Page 8 of 17

2.4.1 Crypto Officer Role The Crypto Officer role has the ability to utilize the module via the KM client application CLI. Descriptions of the services available to the Crypto Officer role are provided in the table below. Table 3 Mapping of Crypto Officer Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access Create Key Requests a new key from an ESKM CLI command parameters Success or error code KCBC W KXTS W Key Attribute Services Set or get key attributes of an existing key CLI command parameters Status No CSP access Clone Key Request ESKM to clone a preexisting key CLI command parameters Success or error code No CSP access Get Key Retrieves a key from the ESKM server and pass it to Kryptonmod CLI command parameters Success or error code, key KCBC W KXTS W 2.4.2 User Role The User role has the ability to use all services offered by the module s ESKM client API library and Kryptonmod software components. Descriptions of these services are provided in Table 4 below. Table 4 Mapping of User Services to Inputs, Outputs, CSPs, and Type of Access Service Description Input Output CSP and Type of Access Load Kryptonmod Key Container Services Decrypt Encrypt Export Generic Key Load Kryptonmod during boot Create, prepare, or delete an entry in Kryptonmod container table Decrypt data using specified key Encrypts data using specified key Exports a generic key from the cryptographic module. This key is not allowed to be directly used by the cryptographic module. Key Info Services Return the status, length, or algorithm type of a key None Status No CSP access API call parameters API call parameters, key, ciphertext API call parameters key, plaintext API call parameters API call parameters Status Plaintext Ciphertext Status, key Status No CSP access KCBC R, X KXTS R, X KCBC R, X KXTS R, X X No CSP access HP NonStop Volume Level Encryption Page 9 of 17

Service Description Input Output CSP and Type of Access Get Table Get Status Set Key Self Test Returns table sans keys or encryption context Returns the current module status (version, self test results, algorithm support) Populates Key Container with a key Perform encrypt/decrypt using test data 2.5 Physical Security None Status No CSP access None Status No CSP access API call parameters, key API call parameters Status Status KCBC W KXTS W No CSP access NonStop Volume Level Encryption is a software only module and does not include physical security mechanisms. Thus, the FIPS 140 2 requirements for physical security are not applicable. 2.6 Operational Environment The module was tested on an HP ProLiant DL380 Gen8 server with an Intel(R) Xeon(R) E5-2658 processor running the Debian Linux HPTE 12 Version 5.0.0 OS. For FIPS 140 2 compliance, this is considered to be a single user operating system. As such, all keys, intermediate values, and other CSPs remain only in the process space of the operator using the module. The operating system uses native management mechanisms to ensure that outside processes cannot access the process space used by the module. 2.7 Cryptographic Key Management The module implements the following FIPS Approved algorithms (Note: all algorithm implementations are in the ESKM client API library software component of NSVLE except for those specifically identified as belonging to the Kryptonmod component): Table 5 FIPS Approved Algorithm Implementations Algorithm Symmetric Key Algorithm Certificate Number OBJECT AES CBC 13 128 and 256-bit 2375 libicapi AES CBC 256-bit, XTS 256-bit 2376 kryptonmod Triple-DES 168 bit CBC 1486 libicapi Secure Hashing Algorithm (SHA) SHA-1 14, SHA-256 2047 libicapi Message Authentication Code (MAC) Function HMAC using SHA-1 1477 libicapi Deterministic Random Bit Generator (DRBG) 12 HPTE Hewlett-Packard Telco Extensions 13 CBC Cipher Block Chaining 14 Refer to NIST Special Publication 800-131A for guidance on transitions to the use of stronger cryptographic keys and robust algorithms HP NonStop Volume Level Encryption Page 10 of 17

Algorithm Certificate Number OBJECT SP800-90A, CTR DRBG using AES 256-bit 311 libicapi Asymmetric Key Algorithm RSA 16 (PKCS 15 #1.5) sign/verify: 2048, 3072, 4096-bit 1230 libicapi TLS Key derivation TLS KDF 228 libicapi The following non Approved algorithm implementations are supported by the module (note that these algorithms are allowed for use in the FIPS Approved mode of operation): a. RSA key wrapping (key establishment methodology provides between 112 and 150 bits of encryption strength) b. MD5 for use within the TLS Key Derivation Function (KDF) c. Non-Deterministic Random Number Generator (NDRNG) used to seed the approved DRBG 15 PKCS Public Key Cryptography Standards 16 Refer to NIST Special Publication 800-131A for guidance on transitions to the use of stronger cryptographic keys and robust algorithms HP NonStop Volume Level Encryption Page 11 of 17

The CSPs supported by the module are shown in the table below. Note: The Input and Output columns in Table 6 are in reference to the module s logical boundary. KCBC (AES CBC) Table 6 List of Cryptographic Keys, Cryptographic Key Components, and CSPs CSP CSP Type Use Generation / Input Output Storage Zeroization AES 256 bit key Kryptonmod symmetric encryption and decryption Enters encrypted Not output Plaintext in Delete Key Container service KXTS (XTS-AES) AES 256 bit key Kryptonmod symmetric encryption and decryption Enters encrypted Not output Plaintext in Delete Key Container service DRBG Seed DRBG seed material Used for SP 800-90A CTR_DRBG Generated internally Not output Plaintext in DRBG V DRBG internal state secret value Used for SP 800-90A CTR_DRBG Generated internally Not output Plaintext in DRBG key value DRBG internal state secret value (AES 256-bit key) Used for SP 800-90A CTR_DRBG Generated internally Not output Plaintext in TLS_PM (TLS Premaster Secret) 384 bit key material Derive the master secret during TLS session negotiation Enters encrypted or generated internally Exits encrypted Plaintext in TLS_M (TLS Master Secret) 384 bit key material Input into the session key creation process within TLS AES Key AES 256 bit key Symmetric encryption and decryption (e.g. during TLS session negotiation) TDES Key TDES 168 bit key Symmetric encryption and decryption(e.g. during TLS session negotiation) Generated internally Not output Plaintext in Generated internally Not output Plaintext in Generated internally Not output Plaintext in computer or API HP NonStop Volume Level Encryption Page 12 of 17 2011 Hewlett-Packard Development Company, L.P.

CSP CSP Type Use Generation / Input Output Storage Zeroization HMAC Key HMAC key Data authentication (e.g. during TLS session negotiation) Generated internally Not output Plaintext in Software Integrity Key HMAC key RSA Private Key 2048, 3072, or 4096 bit RSA private key Authenticate NSVLE during power on self test Used to authenticate or provide confidentiality to data (e.g. during TLS session negotiation) Not input or generated Not output Plaintext in Enters in plaintext Not output Plaintext in Not applicable per FIPS 140 2 Implementation Guidance Section 7.4 The public keys supported by the module are shown in the table below: Table 7 Cryptographic Module Public Keys Key Key Type Use Generation / Input Output Storage Zeroization RSA Public Key 2048, 3072, or 4096 bit RSA public key Used to authenticate or provide confidentiality to data (e.g. during TLS session negotiation) Enters in plaintext Not output Plaintext in HP NonStop Volume Level Encryption Page 13 of 17 2011 Hewlett-Packard Development Company, L.P.

2.8 Self Tests The NonStop Volume Level Encryption performs the following self tests at power up: Software integrity test using HMAC SHA 1 Known Answer Tests (KATs) o AES CBC 128 and 256 bit key encrypt/decrypt o XTS-AES 256 bit key encrypt/decrypt (kryptonmod) o AES-CBC 256 bit key encrypt/decrypt (kryptonmod) o Triple DES CBC 168 bit key encrypt/decrypt o SHA 1 o HMAC SHA 1 o HMAC SHA-256 1 o RSA signature generation/verification o SP 800-90A CTR_DRBG The NonStop Volume Level Encryption performs the following conditional self tests: Continuous DRBG test Continuous random number generator test on non-approved RNG 2.9 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140 2 Level 1 requirements for this validation. 1 The SHA-256 KAT is tested as part of the HMAC SHA-256 KAT. HP NonStop Volume Level Encryption Page 14 of 17 2011 Hewlett-Packard Development Company, L.P.

3 Secure Operation The NonStop Volume Level Encryption meets Level 1 requirements for FIPS 140 2. The sections below describe how to securely operate the module. 3.1 Initial Setup The CLIM s Debian Linux operating system is set for single user mode at the factory before it is delivered to the end user, who has no ability to make modifications. Therefore, from a FIPS 140 2 perspective, it is considered to be a single user operating system. The NSVLE software module is installed at the factory as part of the entire CLIM software component. The initial setup for NSVLE involves obtaining and installing a NSVLE license that will enable encryption on the CLIM, and then configuring the KM client application and other NonStop components, such as ESKM. 3.2 Secure Management The module always operates in FIPS Approved mode when used as specified within this Security Policy. This module can only operate in FIPS-Approved mode. The software can not be loaded in non FIPS- Approved mode. 3.2.1 Initialization In order to use NSVLE on a NonStop system with installed HP Storage CLIMs, the following security relevant tasks will need to be completed. Install the NSVLE license so that encryption can be enabled. See the NonStop Volume Level Encryption Guide for details. Create a client certificate for the CLIM and have it signed by the ESKM Certificate Authority. See the NonStop CLIM Installation and Configuration Guide for details. Install the signed client certificate on the CLIM. Configure CLIM/ESKM LAN connection. Configure ESKM server settings (e.g. enable TLS with client certificate authentication). See the HP Enterprise Secure Key Manager Users Guide for details. Configure the storage devices for encryption. The Crypto-Officer shall ensure that the ESKM client application module is launched using skm command with the loadkrypton argument. Failure to do this will result in the module not functioning. Verification of proper installation and start-up of the module can be verified by viewing the log file. The status message indicating successful start up and operation is, Krypton driver successfully loaded. This indicates that the module was started appropriately and has passed all FIPS power-on self-tests. The library will only use FIPS approved algorithms for cryptographic purposes when used as defined within this Security Policy. 3.2.2 Assumptions The module must be managed in accordance with all delivery, operation, and user guidance. To ensure the secure operation of the module, the following assumptions are made: Crypto Officers are non hostile, appropriately trained, and follow all administrative guidance. Crypto Officers will not modify any boot scripts which come preinstalled on the CLIM platforms. The module will be used only as specified within this FIPS 140-2 Security Policy document. HP NonStop Volume Level Encryption Page 15 of 17 2011 Hewlett-Packard Development Company, L.P.

4 Acronyms This section describes the acronyms. Acronym AES AMD ANSI API CBC CLI CLIM CMVP CO CSEC CSP DRBG EMC EMI ESKM FIPS HMAC HP HPTE ilo KAT KDF KM LTO MAC NIST NSVLE NVLAP OS PKCS PRNG Table 8 Acronyms Advanced Encryption Standard Advanced Micro Devices Definition American National Standards Institute Application Programming Interface Cipher Block Chaining Command Line Interface Cluster I/O Module Cryptographic Module Validation Program Crypto Officer Communications Security Establishment Canada Critical Security Parameter Deterministic Random Bit Generator Electromagnetic Compatibility Electromagnetic Interference Enterprise Secure Key Manager Federal Information Processing Standard (Keyed ) Hash Message Authentication Code Hewlett Packard Hewlett-Packard Telco Extensions Integrated Lights Out Management Processor Known Answer Test Key Derivation Function Key Manager Linear Tape-Open Message Authentication Code National Institute of Standards and Technology NonStop Volume Level Encryption National Voluntary Laboratory Accreditation Program Operating System Public Key Cryptography Standards Pseudo Random Number Generator HP NonStop Volume Level Encryption Page 16 of 17 2011 Hewlett-Packard Development Company, L.P.

Acronym RNG RSA SAS SATA SCSI SHA TCP TLS TDES XTS Random Number Generator Rivest, Shamir, and Adleman Serial Attached SCSI Definition Serial Advanced Technology Attachment Small Computer System Interface Secure Hash Algorithm Transmission Control Protocol Transport Layer Security Triple Data Encryption Standard XEX (XOR Encrypt XOR) Tweakable Block Cipher with Ciphertext Stealing HP NonStop Volume Level Encryption Page 17 of 17 2011 Hewlett-Packard Development Company, L.P.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback