Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients
This document is provided as is with no warranties whatsoever, including any warranty of merchantability, noninfringement fitness for any particular purpose, or any warranty otherwise arising out of any proposal, specification or sample Information in this document is provided in connection with Intel products. No license, express or implied, by estoppels or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel does not control or audit the design or implementation of 3rd party benchmarks or websites referenced in this document. Intel encourages all of its customers to visit the referenced websites or others where similar performance benchmarks are reported and confirm whether the referenced benchmarks are accurate and reflect performance of systems available for purchase. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. This document contains information on products in the design phase of development. Do not finalize a design with this information. Revised information will be published when the product is available. Verify with your local sales office that you have the latest datasheet before finalizing a design. Intel Centrino, Intel PRO/Wireless Network Hardware and Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Actual measurement results may vary depending on the specific hardware and software configuration of the computer system measured, the characteristics of those computer components not under direct measurement, variation in processor manufacturing processes, the benchmark utilized, the specific ambient conditions under which the measurement is taken, and other factors. All plans, features and dates are preliminary and subject to change without notice. * Third-party brands and names are the property of their respective owners. Copyright Intel Corporation 2006 FIPS Validated 140-2 is a Certification Mark of National Institute of Standards and Technology (NIST), which does not imply product endorsement by NIST, the U.S. or Canadian Governments. 2
Contents 1 Overview... 4 2 What is FIPS?... 4 3 Intel Centrino Mobile Technology... 4 3.1 Features and Benefits... 4 3.2 Total Cost of Ownership (TCO)... 6 4 Why Intel Centrino Mobile Technology Clients?... 6 3
1 Overview Private sector organizations wanting to do business with the U.S. Federal Government must use Federal Information Processing Standard (FIPS) validated network infrastructures and wireless clients to enable more secure use and communication for mobile devices and notebook computers utilizing Wi-Fi Alliance WPA2*/IEEE 802.11i* security. 2 What is FIPS? The Intel Centrino mobile technology client is FIPS compliant in security, interoperability, affordability and reliability. Intel PRO/Wireless Network Connection hardware is FIPS validated with the 3e Technologies International* (3eTI*) supplicant enabled solution. For more information on 3eTI FIPS certificate number 663, visit http://csrc.nist.gov/cryptval/140-1/140val-all.htm Federal agencies, industry and the public rely on cryptography to secure communications and protect information used in critical infrastructures, electronic commerce and other applications. The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules for the FIPS 140-1, 140-2 Security Requirements for Cryptographic Modules and other FIPS cryptography-based standards for protection of sensitive, unclassified data in the U.S. Government. FIPS also provides guidelines governing the design, implementation and deployment of these functions. Intel Centrino mobile technology clients are FIPS validated to deliver the compliance and requirements for achieving security, reliability, affordability, interoperability and assurance with FIPS 140-1 and 140-2 standards. 3 Intel Centrino Mobile Technology The Intel Centrino mobile technology client (hardware and software) with the 3eTI supplicant enabled solution is FIPS 140-2 certified solution that delivers increased security. The cryptographic libraries are tested and verified for the U.S. and Canadian governments, an important attribute for deploying mission-critical, highly secure mobile applications to the wide range of government organizations. The U.S. Department of Defense (DoD), Navy, Air Force, Marine Corps, Army, Coast Guard, National Guard, Reserves, Department of Homeland Security, National Institute of Justice, National Security Agency (NSA), Office of Government Policy, General Services Administrations (GSA), State Department, Department of Justice, Federal employees and contractors and most government entities use FIPS. Because of the robust security offered by FIPS-compliance, companies in financial services, healthcare, education and manufacturing are also incorporating FIPS into their wireless network infrastructures. 3.1 Features and Benefits Intel Centrino mobile technology clients accompanied with 3eTI developed 3e-010F-C-2 Cryptomodule* Software provide an optimal FIPS compliant solution. The Crypto Client is FIPS 140-2 validated as well as IEEE 802.11i-compliant and WPA2 certified. The Intel Centrino mobile technology client with the Crypto Client seamlessly works with 3 rd party vendor wireless access points for more secure wireless interoperability at an attractive price-point. The Crypto Client supports Microsoft Windows 2000* and Microsoft Windows XP* (Home and Professional Editions*) and provides IEEE 802.11a/b/g wireless access along with 4
enhanced protection through variety of cryptographic features that deliver a high level of security for wireless environments. 3eTI is a leading wireless infrastructure and application company. With its focus on the U.S. government market, 3eTI developed Crypto Client for Intel Centrino mobile technology 1. For more information about 3eTI refer to the link http://www.3eti.com/. Intel Centrino mobile technology clients meet the key requirements of new DoD and Federal WLAN Policies in order to protect IT investments with standard-based solutions. Intel/3eTI Solutions comply with DoD Wireless Security Requirements Key Requirement IEEE 802.11i EAP-TLS IEEE 802.x AES-CCM DoD PKI FIPS 140-2 Common Criteria Intel/3eTI Solutions 3eTI holds the first CCM certificate issued by NIST In evaluation for EAL 2+ (Evaluation Assurance Level) compliance 1 3e-010F-C-2 Cryptmodule* (Crypto Client Software) is FIPS-validated for Intel PRO/Wireless Network Connection 2200BG and Intel PRO/Wireless Network Connection 2915ABG. FIPS-140-2 validation for Intel PRO/Wireless Network Connection 3945ABG in progress. Intel Centrino wireless clients go beyond the DoD wireless policy baseline identified in the table by providing the following additional features and functionality: IEEE 802.11i (WPA2) baseline with additional 256-bit AES Security Layer 2 Security for Wireless Protection (separate from and independent of Layer 3 VPN design or architecture) DoD PKI (JITC certified) with password protection for multiple level authentication X.509 Certificates Availability of Custom DKE (Dynamic Key Exchange, per user, per session) Multiple location profiles Compatible with Virtual Private Networks (VPN) Site survey support FIPS 140-2 validated meets current and upcoming government security policy requirements. IEEE 802.11i and Wi-Fi Alliance WPA-2* compliance enables maximum security and interoperability with most WLAN infrastructures for most notebook computers with built-in Intel Centrino mobile technology without impacting application performance. They prevent cryptographic attacks as defined in FIPS 140-2 and can be used in non-fips environments, such as hot spots and home networks. 5
3.2 Total Cost of Ownership (TCO) FIPS 140-2 validated Intel Centrino mobile technology enables federal government agencies and the U.S. Department of Defense to purchase and deploy notebook computers based on Commercial Off-The-Shelf (COTS) technology. This provides the following key benefits: Government-Level Security: All Intel Centrino -based notebook computers meet government requirements for Wi-Fi security. Lower Acquisition Cost: Intel Centrino standards-based platforms are provided by multiple commercial vendors. Simpler Deployment: Users can connect wirelessly with Intel Centrino platforms without the need for proprietary client software. Standards-Based Interoperability: Intel Centrino mobile technology platforms are Wi-Fi ready; there is no need for vendor or model-specific Wi-Fi drivers. DoD Information Technology Security Certification and Accreditation Process (DITSCAP) establishes a standard DoD-wide process, set of activities, general tasks, and a management structure to certify and accredit Information Systems (IS) that maintain the information Assurance (IA) and security posture of the Defense Information Infrastructure (DII) throughout the life cycle of the system. Systems that include Intel Centrino clients are eligible for DITSCAP certification and for Sensitive But Unclassified (SBU) data communication using Non-Secure Internet Protocol Router Network (NIPERNET). The Intel Centrino mobile technology client is compliant with both DITSCAP and NIPERNET. 4 Why Intel Centrino Mobile Technology Clients? The latest Intel Core 2 Duo Processor coupled with Intel PRO/Wireless Hardware Connection hardware delivers greater performance with enhanced capabilities that include the following capabilities without compromising Wi-Fi security. Voice over Internet Protocol (VoIP) Includes VoIP enhancements to enable more secure VoIP over wireless networks Enhanced Battery Life Intel Intelligent Scanning Technology reduces power by controlling the frequency of scanning for access points and support for Power Save Protocol (PSP) enables five selectable power states, allowing the user to make their own power versus performance choices when in battery mode. Wake on WLAN Allows remote wake up of mobile clients to perform software and security updates Intel Active Management Technology (Intel AMT) Allows IT to discover, heal and protect network computing assets Flexibility Wireless Connectivity Intel PRO/Wireless Network Connection products supports IEEE 802.11a/b/g Robust Throughput Delivers up to 54 Mbps at 5 GHz (IEEE 802.11a) and 2.4 GHz (IEEE 802.11g) Bluetooth Coexistence Reduces interference with Bluetooth* devices using Intel Wireless Coexistence System technology 6