| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/30/2026 |
| Caveat | Interim validation. When operated in approved mode. |
| Vendor | Nokia of America Corporation (Nokia) |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2415 |
| AES-CBC | A2538 |
| AES-CBC | A3369 |
| AES-CFB128 | A2502 |
| AES-CTR | A2537 |
| AES-CTR | A3369 |
| AES-CTR | AES 3844 |
| AES-ECB | A2537 |
| AES-ECB | A2539 |
| AES-ECB | A3369 |
| AES-ECB | AES 3844 |
| AES-GCM | A2539 |
| AES-GCM | A3369 |
| AES-GMAC | AES 3844 |
| Counter DRBG | A3369 |
| ECDSA KeyGen (FIPS186-4) | A3369 |
| ECDSA KeyVer (FIPS186-4) | A3369 |
| ECDSA SigGen (FIPS186-4) | A3369 |
| ECDSA SigVer (FIPS186-4) | A3369 |
| HMAC-SHA-1 | A2502 |
| HMAC-SHA2-256 | A2415 |
| HMAC-SHA2-256 | A2502 |
| HMAC-SHA2-256 | A2538 |
| HMAC-SHA2-256 | A3369 |
| HMAC-SHA2-384 | A3369 |
| HMAC-SHA2-512 | A3369 |
| KAS-ECC-SSC Sp800-56Ar3 | A3369 |
| KAS-FFC-SSC Sp800-56Ar3 | A3369 |
| KDF SNMP | A2502 |
| KDF SSH | A3369 |
| KDF TLS | A3369 |
| RSA KeyGen (FIPS186-4) | A3369 |
| RSA SigGen (FIPS186-4) | A3369 |
| RSA SigVer (FIPS186-4) | A3369 |
| Safe Primes Key Generation | A3369 |
| Safe Primes Key Verification | A3369 |
| SHA-1 | A2502 |
| SHA-1 | A3369 |
| SHA2-256 | A2415 |
| SHA2-256 | A2502 |
| SHA2-256 | A2538 |
| SHA2-256 | A3369 |
| SHA2-384 | A3369 |
| SHA2-512 | A3369 |
| SHA3-256 | A3310 |
flowchart LR
%% Deterministic review-risk graph for Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L)
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Upgrade<br/>Firmware Load<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-test<br/>unauthenticated<br/>Status Output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L)
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Upgrade<br/>Firmware Load<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-test<br/>unauthenticated<br/>Status Output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L) FIPS Security Level: 1 Document Version: 1.3 Last saved October 28, 2024 11:20
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Table of Contents
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy List of Tables List of Figures
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
This document describes the non-proprietary Cryptographic Module Security Policy for the Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L) for multishelf configurations. These are referenced in the document as PSS and PSI-8L. This security policy provides the details for configuring and running these products in a FIPS-140-3 mode of operation and describes how the module meets the level 1 requirements of FIPS 140-3. Please see the references section for a full list of FIPS 140-3 requirements. The security level of the individual areas is shown in the table below. ISO/IEC 24759 Section FIPS 140-3 Section Title Security Level 6.[Number Below]
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 3
5 Software/Firmware security 2
6 Operational environment 2
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
For the purposes of FIPS 140-3, the 1830 is designated as a multi-chip standalone hardware cryptographic module.
The following platforms were tested for running the module in approved mode. They all share the same CPU, the Marvell MV78460, which does not contain a Processor Algorithm Accelerator (PAA). Use of circuit packs not tested under this validation will invalidate the FIPS certification.
Model Hardware Firmware Distinguishing Version Features
1830 PSS- Chassis - WOM4V10GRA / n/a Card Holder
32EC2 - 8DG63979AA 1830PSS ECN Equipment Controller R23.3 Card 11QPEN4 - 8DG60996AA 10G Interface Card 8P20 - 3KC49240AA 10G Interface Card S13X100E - 8DG63988AA 100G Interface Card Filler Card - 8DG59418AA n/a Empty Slot Blank Security Label Kit - 8DG-6509- n/a Tamper Labels AAAA Table 2
Model Hardware Firmware Distinguishing Version Features
1830 PSS Chassis - WOMR300BRA / n/a Card Holder
16II 3KC48960AC 32EC2 - 8DG63979AA 1830PSS ECN Equipment Controller R23.3 Card 11QPEN4 - 8DG60996AA 10G Interface Card 8P20 - 3KC49240AA 10G Interface Card S13X100E - 8DG63988AA 100G Interface Card Filler Card - 8DG59418AA n/a Empty Slot Blank Security Label Kit - 8DG-6509- n/a Tamper Labels AAAA Table 3 - PSS-16II Cryptographic Module Test Configuration
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Model Hardware Firmware Distinguishing Version Features
1830 PSS- Chassis - WOMPU00CRA / n/a Card Holder
8EC2 - 3KC48820AA 1830PSS ECN Equipment Controller R23.3 Card 11QPEN4 - 8DG60996AA 10G Interface Card 8P20 - 3KC49240AA 10G Interface Card S13X100E - 8DG63988AA 100G Interface Card Filler Card - 8DG59418AA n/a Empty Slot Blank Security Label Kit - 8DG-6509- n/a Tamper Labels AAAA Table 4 - PSS-8 Cryptographic Module Test Configuration
Model Hardware Firmware Distinguishing Version Features
1830 PSS-24x Chassis - WOMP410CRB / n/a Card Holder
3KC50378AA CEC2 - 3KC50335AA 1830PSS ECN Equipment R23.3 Controller Card MFC24X - 3KC50330AA Multi-Function Card 2UC400E - 3KC60522AA 100G Interface Card Filler Card
Model Hardware Distinguishing Firmware Version Features
XCEC8
Model Hardware Firmware Version Distinguishing Features
1830 PSI-8L Chassis - 3KC90291AA n/a Card Holder
MEC2L - 3KC81775AC 1830PSS ECN R23.3 Equipment Controller Card PSILMFC - Multi-Function Card 3KC90213AA
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Filler Card - Empty Slot Blank 8DG59418AA Security Label Kit
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Nokia PSS-32/16II/8/24x PSI-8L SNMP-Engine CAVP Cert. Algorithm and Mode/Method Description / Use / Function Standard Key Size / Key Strength A2502 AES CFB128 Key Length: 256 Symmetric [FIPS 197] bits Encryption and [SP 800-38A] Decryption A2502 HMAC SHA-1, SHA2- Key Length: 160 Keyed Hash [FIPS 198-1] 256 bits, 256 bits A2502 CVL SNMP KDF - Key Derivation [SP 800-135 Rev Note: The 1] SNMP protocols have not been reviewed or tested by the CAVP and CMVP A2502 KTS SP 800-38A, Key Length: 256 Key [SP 800-38F FIPS 198-1, bits establishment Rev 1] and SP 800-38F. Key Strength: methodology KTS (key 256 bits provides 256 bits wrapping and of encryption unwrapping) strength) per IG D.G. A2502 SHS SHA-1, SHA- - Message Digest [FIPS 180-4] 256 Table 8 - Approved Algorithms (Nokia SNMP-Engine) The use of truncated HMAC-SHA-1-96 in SNMP protocol is compliant with IG.C.D. Nokia openSSL CAVP Cert. Algorithm and Mode/Method Description / Use / Function Standard Key Size / Key Strength A3369 AES CBC, CTR Key length: 128, Symmetric [FIPS 197] 256 bits Encryption and [SP 800-38A] Decryption A3369 AES ECB Key Length: Symmetric [FIPS 197] 128 bits Encryption and [SP 800-38A] Decryption Self-Test only A3369 AES GCM Key length: 128, Symmetric [SP 800-38D] 256 bits Encryption and Decryption Vendor Affirmed CKG - - Symmetric key [SP 800-133 generation Rev 1] Symmetric keys and generated seeds are
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy CAVP Cert. Algorithm and Mode/Method Description / Use / Function Standard Key Size / Key Strength produced using unmodified output from the Approved DRBG. A3369 CTR_DRBG AES-256 256 bits Random [SP800-90A] Derivation Number Function Enabled Generation No Prediction Resistance A3369 ECDSA Key Pair Curve: P-256, Asymmetric [FIPS 186-4] Generation (PKG) P-384, P-521 Key Generation A3369 ECDSA Public Key Curve: P-256, Asymmetric [FIPS 186-4] Validation (PKV) P-384, P-521 Public Key Verification A3369 ECDSA Signature Curve: P-256, Digital [FIPS 186-4] Generation P-384, P-521 Signature Verification A3369 ECDSA Signature Curve: P-256, Digital [FIPS 186-4] Verification P-384, P-521 Signature Verification A3369 HMAC SHA-256, SHA- Key Length: Keyed Hash [FIPS 198-1] 384, SHA-512 256 bits or greater A3369 KAS-SSC KAS-ECC-SSC: Domain Shared Secret [SP800-56A Scheme: Parameter Computation Rev 3] “Ephemeral Generation Unified” with Methods: ffdhe2048 selfcurve P-256, P- ffdhe2048, test only 384, P-521 MODP-4096, MODP-8192 KAS-FFC-SSC: Scheme: “dhEphem” and domain parameter generation methods “ffdhe2048, MODP-4096, MODP-8192” A3369 KAS KAS (ECC): KAS (KAS-SSC [SP800-56A P-256, P-384 Cert. #A3369, Rev 3] and P-521 CVL with SSH and Cert. #A3369) TLS v1.2 As per IG D.F KDF (SP800- Scenario 2 path 135rev1)
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy CAVP Cert. Algorithm and Mode/Method Description / Use / Function Standard Key Size / Key Strength (2), the CAVP KAS (FFC): testing is ffdhe2048, performed MODP-4096, in which case it and MODP- is split into (i)
with SSH computation of KDF (SP800- the shared 135rev1) secret, (ii) testing the key derivation function used in deriving the keying material as per SP800-
A3369 KTS AES Key Length: Key transport [SP 800-38F (unauthenticated 128, 256 bits (SSH, TLS) Rev 1] mode) with Key HMAC Key Strength: establishment 128, 256 bits methodology provides between 128 and 256 bits of encryption strength. A3369 KTS AES Key Length: Key Transport [SP 800-38F (authenticated 128, 256 bits (SSH, TLS) Rev 1] mode) Key Key Strength: establishment 128, 256 bits methodology provides between 128 and 256 bits of encryption strength. A3369 CVL SSH KDF, TLS Cipher: AES- Key Derivation [SP 800-135 KDF 128, AES-256 Rev 1] Hash Note: The SSH, Algorithm: TLS protocols SHA2-256, have not been SHA2-384, reviewed or tested SHA2-512 by the CAVP and CMVP TLS Version: v1.2 Hash
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy CAVP Cert. Algorithm and Mode/Method Description / Use / Function Standard Key Size / Key Strength Algorithm: SHA2-256, SHA2-384 A3369 RSA - Modulus: 2048, Asymmetric [FIPS 186-4] 3072, 4096 Key Generation A3369 RSA Signature Modulus: 2048, Digital [FIPS 186-4] Generation 3072, 4096 Signature (PKCS#1 v1.5) Generation A3369 RSA Signature Modulus: 1024, Digital [FIPS 186-4] Verification 2048, 3072, Signature (PKCS#1 v1.5) 4096 Verification A3369 RSA Signature Modulus: 4096 Digital [FIPS 186-4] Verification Signature (PKCS PSS) Verification Self-test only A3369 Safe Primes Key KeyGen for DH Safe Prime Key Generation Generation Groups: [SP 800-133 ffdhe2048, ffdhe2048 SelfRev 1] MODP-4096, test only MODP-8192 A3369 Safe Primes Key KeyVer for DH Safe Prime Key Verification Verification Groups: MODP[SP 800-133 4096, MODPRev 1] 8192 A3369 SHS SHA-1, SHA-256, N/A Message Digest [FIPS 180-4] SHA-384, SHATable 9 - Approved Algorithms (Nokia openSSL)
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Nokia Jitter Entropy (JENT) CAVP Algorithm Mode/Method Description / Key Size(s) Use / Function Cert and Standard /Key Strength(s) A3310 SHS SHA3-256 256 Message Digest [FIPS 180-4] Entropy Algorithm Mode/Method Description / Key Size(s) Use / Function Cert and Standard /Key Strength(s) E26 Entropy N/A N/A Random Number [SP800-90B] (Algorithms Generation covered by A3310) Table 10
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy CRYPOTN (Nokia 100G using Microsemi, S13X100E, 2UC400E) CAVP Algorithm Mode/Method Description / Key Use / Function Cert and Size(s) /Key Standard Strength(s) AES 3844 AES CTR Key length: 256 Symmetric Encryption and (S13X100E [FIPS 197] bits Decryption and [SP 8002UC400E) 38A] AES ECB Key length: 256 Symmetric Encryption [FIPS 197] Encryption bits [SP 800- only 38A] AES GMAC Key length: 256 Symmetric Encryption and [SP 800- bits Decryption 38D] A2415 AES CBC Key length: 256 Symmetric Encryption and (S13X100E), [FIPS 197] bits Decryption A2416 [SP 800(2UC400E) 38A] HMAC SHA2-256 256 bits Keyed Hash [FIPS 198-1] SHS SHA2-256 256 bits Message Digest [FIPS 180-4] Table 12 - Approved Algorithms (S13X100E, 2UC400E) CRYPOTN (Nokia 100G using Microsemi) uses HMAC-SHA256 (and the underlying SHA-256) for the authentication of the pack serial number, which is used to distinguish the two ends of the encryption section (certificate C1545). CRYPOTN (Nokia 100G using Microsemi) uses AES-256-CTR combined with AES-GMAC to form a proprietary authenticated encryption function (GMAC+CTR). The authentication key is derived from the encryption key in exactly the same way that AES-GCM does and also all calculations are done in a GCM like manner. The only difference is that the length of the authentication and cipher text fields are transposed. For CRYPOTN, the IV generation follows the rules of [FIPS 140-3 IG] section C.H (case 4): The probability that the proprietary GMAC+CTR authenticated encryption function ever will be invoked with the same IV and the same key on two (or more) distinct sets of input data shall be no greater than 2-32 for 1830 PSS S13X100E and 2UC400E. The following rules ensure that the construction of the IV, the keys and the Fixed Field used satisfy the above requirement. i.) By implementation, the Fixed Field for AtoZ direction is always different than the ZtoA direction. ii.) By implementation, the IV is composed of a Fixed Field and a running counter (Invocation Field) that starts at zero iii.) By implementation, authentication stops and new keys are required from the key management system if: a. The modules power is lost and then restored (which would cause the IV to be reset) b. Running counter reaches its maximum iv.) Therefore, since IV are only reused with different keys, as long as the probability of new keys being different than any previous used keys exceeds 2-32, then the concatenation of the keys with the IV will also exceed 2-32.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy v.) By Policy, the key management system (external to the module) always generates random 256-bit keys and the probability of the key manager ever generating the same key again shall be no greater than 2-32 during the system lifetime across all keys generated. vi.) By Policy, the key management system uses one newly generated key on one circuit per one key session time period. The key is used for both the AtoZ and the ZtoA directions of that circuit for that key session time period. Table 13 - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The 1830 PSS is a scalable, next-generation Dense Wave Division Multiplexer (DWDM) platform that supports data center aggregation for Ethernet, Fiber Channel (FC) and other protocols. Multiprotocol services can then be dynamically and flexibly transported over metro and long-haul spans, using Tunable and Reconfigurable Optical Add-Drop Multiplexers (T-ROADMs) for optical wavelengths. The 1830 PSS enables transparent L2 Ethernet or FC and L3 IP services over the optical link. The Nokia 1830 PSS-32 shelves provide increased network flexibility and operational automation through zero-touch, transparent photonic networking. Photonic networks use simplified and accelerated operations to transform wavelength division multiplexing (WDM) into true transport networking with advanced flexibility, performance, automation, and integration. Several Optical Add-Drop multiplexing (OADM) configurations are supported by components that provide optical filter routing, optical amplification, and support for interworking with optical signals originating on non-1830 PSS hardware. The Nokia 1830 PSS-32s are closely related shelves that compose the Nokia 1830 PSS-32 multi-service multi-reach solution. They are scalable optical transport platforms that implement a converged platform solution for multi-service DWDM metro-area, long-haul, and Optical Transport Network (OTN) switching, and leading-edge flexibility with next generation optical and OTN capabilities. Figure 1 - PSS-32 Shelf The Nokia 1830 PSS-32 Central Office Shelf provides a 32-slot primarily DWDM platform. The Nokia 1830 PSS-8 and PSS-16II are the new generation in the 1830 portfolio; it is future-oriented product to provide high capacity, high flexibility and high scalability. Integrated together with existing network management systems and engineering tools, both shelves provide operational automation through zero-touch, transparent photonic networking. These two new products are based on the platform that converges Lambda switching, OTN switching and packet switching in metro aggregation and core layers for service grooming and aggregation. Figure 2 - PSS-16II Shelf
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Figure 3 - PSS-8 Shelf The 1830 PSS-24x is designed to address multilayer, multiservice, optical network scale and efficiency by delivering an industry leading level of optical transport network (OTN) and Ethernet switching. Capable of supporting up to 48 Tbps of OTN/Ethernet switching capacity in a single rack, terabit capable card slots and low system power utilization, the 1830 PSS-24x takes OTN/Ethernet grooming and protection to the next level of scale required to support efficient 100G, 200G, 400G, 500G and beyond wavelength transport. Figure 4 - PSS-24x Shelf The 1830 PSS-8x is optimized for both metro aggregation and metro core switching applications in optical transport networks (OTNs). It provides the flexibility and efficiency required to support an evolution to higher capacity services, enabling continued revenue streams as customers demand more bandwidth and enterprises move toward 10G, 100G, 200G and 400G connectivity. With initial support for 1.6 Tb/s of electrical switching capacity and up to 4 Tb/s with latest switch fabric in a single 10RU shelf, 6.4 Tb/s per 300 mm rack the 1830 PSS-8x provides a small form factor high-capacity metro aggregation point. Figure 5 - PSS-8x Shelf
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
1830 PSI-8L is a scalable and modular shelf that provides a DataCenter form factor compatible option
to deploy Photonic Line configuration. As the industry has transitioned to data center-based applications, the shift has created a tremendous need for optical networks and bandwidth to interconnect data centers, as well as connect local data caching sites to their respective metro point-of-presence locations. While initial focus of data center solutions was on transponder shelves, need for flexibility and scalability of Photonic layer developed a need for appropriate photonic shelf. PSI-8L offers full compatibility to 1830 PSS current and future photonic cards. Figure 6 - PSI-8L Shelf The approved configurations of 1830 PSS must meet stringent Physical, Logical and Operational requirements that are more restrictive than typical telecom or data center deployments. This use of 1830 PSS includes many different multi-shelf configurations with many different circuit pack types. The approved configurations of 1830 PSS consist of secured single shelf entities equipped with equipment controller cards and other cards (like 11QPEN4, S13X100E, 2UC400E) that are coupled into a multishelf system. The multi-shelf system is controlled by a dedicated main shelf. The main shelf provides all the interfaces of the cryptographic boundary. Figure 7 - Multi-Shelf Configuration Each shelf type (PSS-32, PSS-16II, PSS-8, PSS-24x, PSS-8x and PSI-8L) can be used as main shelf or subtending shelf.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Figure 8 - 1830 PSS, 1830 PSI-8L Block Diagram
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
FIPS Configurations of 1830 PSS must meet stringent Physical, Logical and Operational requirements that are more restrictive than typical telecom or data center deployments. While the generalized use of
1830 PSS may normally include many different multi-shelf configurations with many different circuit
pack types, the approved mode configurations of 1830 PSS consist of physically secured single shelf entities equipped with equipment controller cards and 11QPEN4, S13X100E, 2UC400E cards. The cryptographic module is based on the encryption card 11QPEN4 and/or S13X100E or 2UC400E installed on a single shelf version of an 1830 PSS with an Equipment Controller (32EC2E, 8EC2E or CEC2). The cryptographic modules are intended to be deployed at both ends of a transmit/receive pair of external optical fibers between two data centers to provide encryption of 10GE, 8G/10GFC and ODU2 client traffic (for 11QPEN4) and 10x 10GE/ODU2, 2x 40GE or 100GE/ODU4 (for S13X100E) and 4x ODU4 (for 2UC400E) while in flight between data centers. Figure 9 - Network Configuration of 1830 PSS-32/16II/8/24x/8x, PSI-8L
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The module uses logical interfaces: Data Input, Data Output, Control Input, Status Output. The logical interface Control Output is not used by the module. The module does not output any command or control data used to control another module.
Physical port Logical interface Data that passes over port/interface PSS-32 User Panel (1) OAMP (1) OAMP interface Control Input – Status Output E1, E2 (2) (incl. LED) Inter-Shelf LAN Control Input – Status Output Craft (USB) (1) Craft Terminal Control Input – Status Output Craft (DB-9) (1) Craft Terminal Control Input – Status Output Equipment Controller 32EC2 (2) CIT (2) OAMP interface (local) Control Input – Status Output ES1, ES2 Inter-Shelf LAN Control Input – Status Output 11QPEN4 Encryption Card (up to
Figure 10 - PSS32 User Panel - front view Physical port Logical interface Data that passes over port/interface STATUS (1) NE status LED Status Output HOUSEKEEPING (1) Housekeeping n.a. (shelf internal) ALARM (1) Rack Alarm n.a. (shelf internal) CR/PROMPT (1) Critical Condition LED Status Output MJ/PROMPT (1) Major Condition LED Status Output MN/DEFRD (1) Minor Condition LED Status Output WARNING (1) Warning Condition LED Status Output ATTENDED (1) NE attended status LED Status Output ABNORMAL (1) NE attended status LED Status Output
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Physical port Logical interface Data that passes over port/interface OAMP (1) (incl. LED) OAMP (GbE) Control Input
Physical port Logical interface Data that passes over port/interface PSS-16II User Panel (1) OAMP (1) OAMP interface Control Input – Status Output E1, E2 (#10) (incl. LED) Inter-Shelf LAN Control Input – Status Output Craft (USB) (1) Craft Terminal Control Input – Status Output Craft (DB-9) (1) Craft Terminal Control Input – Status Output Equipment Controller 32EC2 (2) CIT (2) OAMP interface (local) Control Input – Status Output ES1, ES2 Inter-Shelf LAN Control Input – Status Output 11QPEN4 Encryption Card (up to
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Figure 11 - PSS-16II User Panel - Ports and Interfaces Physical port Logical interface Data that passes over port/interface LEDs Alarm Status (4) (#1) NE alarm status Status Output LED ATT (1) (#2) NE attended status Status Output LED STAT (1) (#3) NE status Status Output Shelf-ID Rotary H, L (2) (#4,5) Shelf-ID configuration Control Input CRAFT (#6) Type B USB interface Control Input
Physical port Logical interface Data that passes over port/interface PSS-8 Shelf Panel (1) OAMP (1) OAMP interface Control Input
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy 11QPEN4 Encryption Card (up to
Figure 12 - PSS-8 Shelf Panel
Physical port Logical interface Data that passes over port/interface MFC24X (1) STAT (1) NE status LED Status Output Shelf ID MSB, LSB (2) Shelf ID Rotary Dials Control Input Equipment Controller CEC2 (2) STAT (1) Card Status LED Status Output EPS (1) EPS LED Status Output Alarm cut off button Control Input (1) C, M, m, W (4) Alarm Condition LED Status Output AT (1) Attended LED Status Output AB (1) Abnormal LED Status Output (1) Type B USB interface Control Input
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy E1 (1) OAMP Management Control Input
Figure 13 - PSS-24x MFC24X - Ports and Interfaces Physical port Logical interface Data that passes over port/interface STAT (1) NE status LED Status Output Shelf ID MSB, LSB (2) Shelf ID Rotary Dials Control Input HK IN, HK OUT (2) Housekeeping n.a. (shelf internal) RA OUT, RL IN, RL OUT (3) Rack alarm, Rack Lamp n.a. (shelf internal) SENSOR IN (1) Interface to sensor card n.a. (shelf internal) Table 21 - MFC24x - Ports and Interfaces
Physical port Logical interface Data that passes over port/interface XMFC (1) STAT (1) NE status LED Status Output Shelf ID MSB, LSB (2) Shelf ID Rotary Dials Control Input Equipment Controller XCEC8 (up to 2) STAT (1) Card Status LED Status Output EPS (1) EPS LED Status Output Alarm cut off button Control Input (1) C (1) Critical Condition LED Status Output M (1) Major Condition LED Status Output m (1) Minor Condition LED Status Output
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy W (1) Warning Condition LED Status Output AT (1) Attended LED Status Output AB (1) Abnormal LED Status Output (1) Type B USB interface Control Input
Figure 14
Physical port Logical interface Data that passes over port/interface PSI-8L Chassis (1) STAT LED (1) Card status LED Status output OAMP (1) OAMP interface Control Input
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Filler Card (up to 4) n.a. n.a. No Interfaces Table 24
Figure 15
Figure 16 - PSI-8L PSILMFC - Ports and Interfaces Physical port Logical interface Data that passes over port/interface INV Inventory jack Port disabled. Not used in this release. CON (1) Serial Debug Control Input
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy MEC 1 LED (1) MEC 1 status LED Status output MEC 2 LED (1) MEC 2 status LED Status output Table 26 - PSI-8L PSILMFC - Ports and Interfaces
Figure 17 - 32EC2 - Ports and Interfaces Physical port Logical interface Data that passes over port/interface LED (#1) LED status Status Output LED (#2) LED EPS Status Output USB (#3) USB Control Input
Figure 18 - 8EC2 - Ports and Interfaces Physical port Logical interface Data that passes over port/interface LED (#1) LED status Status Output LED (#8) LED EPS Status Output CRAFT (#3) Craft Terminal Control Input
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Figure 19 - CEC2 - Ports and Interfaces Physical port Logical interface Data that passes over port/interface STAT (1) Card Status LED Status Output EPS (1) EPS LED Status Output Alarm cut off button Control Input (1) C (1) Critical Condition LED Status Output M (1) Major Condition LED Status Output m (1) Minor Condition LED Status Output W (1) Warning Condition LED Status Output AT (1) Attended LED Status Output AB (1) Abnormal LED Status Output (1) Type B USB interface Control Input
Figure 20
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy DLAN (1) Debug LAN Control Input
The 11QPEN4 has four pluggable client interfaces (C1, C2, C3, and C4), four pluggable line interfaces (L1, L2, L3 and L4) and four VOA sockets (VA1, VA2, VA3 and VA4) and a status LED as shown in Figure 10. The client and line interfaces are equipped with XFP transceivers. Each transceiver provides an optical fiber interface for receive and an optical fiber interface for transmit. Each line-client pair (L1-C1, L2-C2, L3-C3, L4-C4) provides an encrypted line port and the associated unencrypted client port. In the transmit direction, unencrypted data in the form of Fibre Channel, Ethernet or OTU2 signals enter a client port and are encrypted and then transmitted out the associated line port. In the receive direction, encrypted data is received on the Line Port and then decrypted and sent out the associated client port. The VOA sockets provide a means to optically attenuate the Line port signals- (They do not access or modify the content of the line port signals). Figure 21 - 11QPEN4 - Ports and Interfaces Physical port Logical interface Data that passes over port/interface LED (#1) LED status Status Output L1, L2, L3, L4 (4) (#2) Transmission Data Input
The S13X100E has
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Figure 22 - S13X100E - Ports and Interfaces Physical port Logical interface Data that passes over port/interface LED STAT LED status Status Output L1 (1) Line Interface Data Input
The 8P20 has
The 2UC400E has
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Figure 24
The MEC2L has no interfaces. All needed interfaces (e.g. for OAMP) are accessible at the PSI-8L Chassis or PSILMFC. Physical port Logical interface Data that passes over port/interface n.a. n.a. No interfaces Table 35
The Filler Card has no transmission functionality. Its main purpose is to guarantee the proper airflow for the cooling of the NE. Figure 25
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The module supports identity-based authentication and the module supports two roles:
Service Description Approved Keys Roles Access Indicator Security And/or rights Functions SSPs to keys and/or SSPs Admin related Services User Account Manage user accounts, N/A User Password (all accounts) Admin W Log entry, Management password complexity and user Command execution privileges via CLI, WebUI returns success interface indicator Change User Change the User password for N/A User Password Admin W Log entry, Password same account via CLI, Web Command execution UI interface returns success indicator SNMP Manage SNMPv3 AES-CFB128 SNMPv3 Passphrase Admin E, W Log entry, Configuration configurations via CLI, Keyed Hash SNMPv3 Authentication Key Command execution and Management WebUI interface Message SNMPv3 Privacy Key returns success Authentication indicator SNMPv3 Key Derivation KTS Secure Hash Key and Manage Keys and Certificates RSA/ECDSA Key TLS Public Key Admin G, E, R, Log entry, Certificate (including Trust Anchors) via Pair Generation TLS Private Key W Command execution Management CLI, WebUI interface KTS Secure Hash SSH Private Key returns success SSH Public Key indicator SNMP Certificate Fingerprint CA Public Key SSH User Public Key SFTP SSH User Private Key SFTP Server Public Host Key Commission the Commission the module by N/A None Admin N/A Log entry, Module following the Security Policy Command execution guidelines via CLI interface returns success indicator
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Service Description Approved Keys Roles Access Indicator Security And/or rights Functions SSPs to keys and/or SSPs Perform Self- Perform on-demand Power-up A3369, A2502, None Admin All Log entry tests Self Tests by power cycling A3310, A2537, ephemeral the cryptographic module A2538, A2539, keys/CSP A2415, A2416, AES s–Z 3844 Show Status Allows operator to view N/A None Admin N/A N/A status of the parameters associated with FIPSApproved mode via SNMPv3 and CLI interfaces Alarms Allows operator to view N/A None Admin N/A N/A Monitoring active alarms via SNMPv3 interfaces Events Allows the user to view all N/A None Admin N/A N/A Monitoring logged events associated with their permissions via SNMPv3 interfaces 11QPEN4 Allows the user to provision N/A None Admin N/A N/A Provision and configure the 11QPEN4 Equipment cards via SNMPv3 interface 11QPEN4 Allows the user to provision N/A None Admin N/A N/A Provision Facility and configure the facility information associated with 11QPEN4 cards via SNMPv3 interface S13X100E Allows the user to provision N/A None Admin N/A N/A Provision and configure the S13X100E Equipment cards via SNMPv3 interface S13X100E Allows the user to provision N/A None Admin N/A N/A Provision Facility and configure the facility information associated with S13X100E cards via SNMPv3 interface Zeroize Keys Zeroize keys and CSPs over N/A SNMPv3 Passphrase Admin Z Log entry, SNMPv3 and CLI interfaces SNMPv3 Authentication Key Command execution SNMPv3 Privacy Key returns success 11QPEN4 Session Encryption indicator Key 11QPEN4 Session KAT Key S13X100E Session Encryption Key S13X100E Session KAT Key Session initiation Initiate session with another AES Admin E Log entry, 11QPEN4 Session Encryption module using AES keys. Encryption/Decrypti Command execution Key on returns success Keyed Hash 11QPEN4 Session KAT Key indicator Message Authentication S13X100E Session Encryption Secure Hash and Authentication Key S13X100E Session Communication Authentication Key S13X100E Session KAT Key 2UC400E Session Encryption Key 2UC400E Session KAT Key Zeroize all SSPs Zeroize all SSPs over CLI N/A All SSPs Admin Z LED status indicator interface using Return-toFactory command Show version Show the version of the N/A None Admin N/A N/A module Establish TLS Establish TLS session AES-CBC, AES- CA Public Key Admin G, R, W, Log entry session GCM TLS Public Key E TLS session TLS Private Key completes
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Service Description Approved Keys Roles Access Indicator Security And/or rights Functions SSPs to keys and/or SSPs Encryption/Decrypti ECDH Private Key Component on ECDH Public Key Component Keyed Hash ECDH Peer Public Key Message Component Authentication TLS Pre-Master Secret RSA Digital TLS Master Secret Signature Generation TLS Session Key RSA Digital TLS Authentication Key Signature SNMPv3 Certificate Fingerprint Verification Database Encryption Key TLS 1.2 Key AES GCM IV Derivation DRBG Seed RSA Key Entropy Input String Generation DRBG ‘V’ KAS-ECC-SSC DRBG ‘Key’ Shared Secret Computation KTS Secure Hash Random Number Generation Establish SSH Establish SSH session AES-CTR, AES- DH Public Key Component Admin G, R, W, Log entry session GCM DH Private Key Component E SSH session Encryption/Decrypti ECDH Public Key Component completes on ECDH Private Key Component Keyed Hash SSH Private Key Message SSH Public Key Authentication SSH Shared Secret ECDSA Digital SSH Session Key Signature Generation SSH Authentication Key ECDSA Digital SSH User Public Key Signature SFTP SSH User Private Key Verification SFTP Server Public Host Key RSA Digital Database Encryption Key Signature Generation AES GCM IV RSA Digital DRBG Seed Signature Entropy Input String Verification DRBG ‘V’ Key Derivation DRBG ‘Key’ RSA/ECDSA Key Generation KAS-FCC-SSC Shared Secret Computation KAS-ECC-SSC Shared Secret Computation Secure Hash Random Number Generation Establish Perform actions over AES CFB128 SNMPv3 Authentication Key Admin W, E Log entry SNMPv3 SNMPv3 Encryption/Decrypti SNMPv3 on SNMPv3 Privacy Key session completes session Keyed Hash SNMP Certificate Fingerprint Message Authentication KTS SNMPv3 KDF Secure Hash Upgrade Load FIPS validated RSA Digital Firmware Load Authentication Admin E Log entry Application application firmware Signature Key Show version Firmware Verification confirmation Crypto related Services Change Crypto Change the Crypto password N/A Crypto Password Crypto W N/A Password for same account
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Service Description Approved Keys Roles Access Indicator Security And/or rights Functions SSPs to keys and/or SSPs Perform Self- Perform on-demand Power-up A3369, A2502, None Crypto All N/A tests Self Tests by power cycling A3310, A2537, ephemeral the cryptographic module A2538, A2539, keys/CSP A2415, A2416, AES s–Z 3844 Alarms Allows users to view active N/A None Crypto N/A N/A Monitoring alarms via SNMPv3 interfaces Events Allows the user to view all N/A None Crypto N/A N/A Monitoring logged events associated with their permissions via SNMPv3 interfaces 11QPEN4 Line Allows the crypto user to KTS 11QPEN4 Session KAT key Crypto W Log entry, Port WKAT provision and configure the (WKAT Authentication String) Command execution Provisioning WKAT via SNMPv3 interface returns success indicator 11QPEN4 Line Allows the crypto user to KTS 11QPEN4 Crypto W Log entry, Port Encryption provision and switch the Session Encryption Key Command execution Key Provisioning Encryption Key via SNMPv3 returns success interface indicator 11QPEN4 Line Allows the user to provision N/A None Crypto N/A N/A Port Encryption and configure the facility State information associated with Provisioning 11QPEN4 cards via SNMPv3 S13X100E Line Allows the crypto user to KTS S13X100E Session KAT key Crypto W Log entry, Port WKAT provision and configure the (WKAT Authentication String) Command execution Provisioning WKAT via SNMPv3 interface returns success indicator S13X100E Line Allows the crypto user to KTS S13X100E Crypto W Log entry, Port Encryption provision and switch the Session Encryption and Command execution Key Provisioning Encryption Key via SNMPv3 returns success Authentication Key interface indicator S13X100E Line Allows the user to provision N/A None Crypto N/A N/A Port Encryption and configure the facility State information associated with Provisioning S13X100E cards via SNMPv3 2UC400E Line Allows the crypto user to KTS 2UC400E Session KAT key Crypto W Log entry, Port WKAT provision and configure the (WKAT Authentication String) Command execution Provisioning WKAT via SNMPv3 interface returns success indicator 2UC400E Line Allows the crypto user to KTS 2UC400E Session Crypto W Log entry, Port Encryption provision and switch the Communication Command execution Key Provisioning Encryption Key via SNMPv3 returns success Authentication Key interface indicator 2UC400E Line Allows the user to provision N/A None Crypto N/A Log entry, Port Encryption and configure the facility Command execution State information associated with returns success Provisioning 2UC400E cards via SNMPv3 indicator Zeroize Keys Zeroize keys and CSPs over N/A SNMPv3 Passphrase Crypto Z Log entry, SNMPv3 interfaces SNMPv3 Authentication Key Command execution SNMPv3 Privacy Key returns success 11QPEN4 Session Encryption indicator Key 11QPEN4 Session KAT Key S13X100E Session Encryption Key S13X100E Session KAT Key Table 38 - Approved Services Access rights: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Role Authentication Method Authentication Strength Admin SNMPv3 Authentication 160 bit CLI/WebUI Authentication 160 bit Crypto SNMPv3 Authentication 160 bit CLI/WebUI Authentication 160 bit Table 39 - Roles and Authentication The cryptographic module only provides access to a user that assumes a role (Administrator or Crypto) and has a specific identity (username and a password). Users are required to follow password restrictions listed in the following table. Authentication Keyword / Password Strength of Mechanism Mechanism Rules SNMPv3 username and The keyword can be from 27 to The SNMP v3 Crypto user is created by the user keyword for 1830 SMS 32 characters, using upper- and manually at system turn-up. The keyword can be lower-case letters and numeric entered from 27 to 32 characters, upper and lower and NMS digits 0–9. letter case and numeric. There are 26 lower case The username should not be The keyword must be plus 26 upper case plus 10 digits for a total of 62 longer than 21 characters. generated by a key generator characters: with a minimum keyword length of 27, The username is a human (to guarantee the required the minimum combinations that are possible are readable string and no more randomness). 2,481E+48 or 62^27. The fastest network connection supported by the than 21 characters in length, module is 100 Mbps. Hence at most (100×10^6 × there are no additional 60 = 6 × 10^9) = 6,000,000,000 bits of data can be SNMPv3 standards for user transmitted in one minute. restrictions. Therefore, the probability that a random attempt will succeed or a false acceptance will occur in one minute is
minute) / 64 bits per keyword)), which is 1: 2,481E+48 possible keywords / 93,750,000 keywords per minute), which is 1: 2,646E+40, which is a smaller probability than 1:100,000 as required by FIPS 140-3. CLI username and Minimum password length is (26 lower case + 26 upper case + 10 digits + 14 password 12 characters. special characters) = 76 characters X a minimum There are 26 lower case plus password length of 12. Usernames are strings of 5 26 upper case plus 10 digits 7612 = 37,133,262,473,195,501,387,776 to 12 case-sensitive plus 14 special characters for a After a failed login attempt, the system delays the alphanumeric characters total of 76 characters. A next login prompt. With this delay, a maximum of where the first character is password is a case- sensitive 31 attempts can occur in one minute. Therefore, an alphabetic character. string of 12 to 32 alphanumeric the probability that a random attempt will succeed characters having at least one or a false acceptance will occur in one minute is 1: The following special of the following: 37,133,262,473,195,501,387,776 possible characters are also valid:
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy ! (exclamation mark) @ (at sign) $ (dollar sign) ” (double quotation mark) & (ampersand) ' (apostrophe) ( (left parenthesis) ) (right parenthesis) (asterisk) . (period) The first character of the password can be any alphabetic, numeric, or a valid special character. The New Password cannot be the same as or the reverse of the associated username and the password must not have three consecutive identical characters. Table 40 - Strengths of Authentication Mechanisms
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
A Nokia-Generic is the means to store software and firmware for a PSS-8/16II/32/24x/8x or PSI-8L system. The Nokia-Generic consists of a number of RPMs and each RPM contains a number of files.
Each RPM is protected in integrity and authentication (proof of origin) using a digital signature based on:
Each file is protected in integrity using an integrity check based on
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The operational environment is non-modifiable.
For the used Operating Systems and Hardware Platforms, please refer to chapter 2 “Cryptographic module specification”.
To put the 1830 PSS or 1830 PSI-8L into the secure mode of operation use the procedure described in the respective “Installation and System Turn-Up Guide”, in chapter “Security hardening guidelines for approved configurations” according to the following table: Tested Platform ITUG document to be used PSS-32 [PSS-32 ITUG] PSS-16II [PSS-16II ITUG] PSS-8 [PSS-8 ITUG] PSS-24x [PSS-24x ITUG] PSS-8x [PSS-8x ITUG] PSI-8L [PSI-8L ITUG] Table 41 - Operational Environment - document reference for secure mode of operation The steps needed to put the module in the secure mode of operation are shown in chapter 16.1.1 “Procedure: Provision for Approved Mode of Operation”.
When configured as specified in Section 16.1 of the Security Policy, the module supports only one mode of operation: the Approved mode.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Physical security is provided compliant to FIPS 140-3 security level 1.
The cryptographic boundary of the 1830 PSS shelves is
The multi-chip standalone cryptographic module includes the following physical security mechanisms:
The module claims no non-invasive security techniques.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
List of SSPs: Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type SNMPv3 Minimu N/A N/A Input in AD/EE Plaintext in Reboot; Derivation Passphrase m: 27 encrypted KTS volatile memory power- of charact form via cycle SNMPv3 ers, CLI or privacy and WebUI authenticati
32 Never on keys
SNMPv3 256- AES CFB128 N/A Never Derived Local database Zeroized Encrypting Privacy bits Encryption/ exits the internally cleartext when SNMPv3 Key Decryption module using SNMP SNMPv3 packets A2502 KDF passphras e is updated with a new one SNMPv3 160- Keyed-Hash N/A Never Derived Local database Zeroized Authenticat Authenticat 256 bits Message exits the internally cleartext when ing ion Key Authentication module using SNMP SNMPv3 SNMPv3 A2502 KDF passphras packets e is updated with a new one 11QPEN4 256- AES-CTR, AES- Imported Imported AD/EE Stored in write Zeroized Used to Session bits GCM across Encrypted, KTS only device on encrypt Encryption A2537, encrypted no Export registers in module traffic data Key A2539 SNMPv3 FPGA reset and (AES-256 link from key key) KM switches to new keys S13X100E 256- AES-CTR, AES- Imported Imported AD/EE Stored in write Zeroized Used to Session bits GMAC across Encrypted, KTS only device on encrypt Encryption AES 3844 encrypted no Export registers in module traffic data and SNMPv3 FPGA reset and Authenticat link from key ion Key KM switches (AES-256 to new key) keys 2UC400E 256- AES-CTR, AES- Imported Imported AD/EE Stored in write Zeroized Used to Session bits GMAC across Encrypted, KTS only device on encrypt Encryption AES 3844 encrypted no Export registers in module traffic data Key SNMPv3 FPGA reset and (AES-256 link from key key) KM switches to new keys 11QPEN4 N/A AES-ECB Imported Exits the AD/EE Stored within Zeroized Used to Session A2537, across module in KTS module in plain when new authenticat KAT key A2539 encrypted plaintext text in EC flash string is e traffic (WKAT SNMPv3 over memory and in entered or data Authenticat link from secured ASIC when connection ion String) KM SNMPv3 service is (Hexadecim link deleted al-AlphaNumericString)
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type S13X100E N/A AES-ECB Imported Exits the AD/EE Stored within Zeroized Used to Session AES 3844 across module in KTS module in plain when new authenticat KAT key encrypted plaintext text in EC flash string is e traffic (WKAT SNMPv3 over memory and in entered or data Authenticat link from secured ASIC when connection ion String) KM SNMPv3 service is (Hexadecim link deleted al-AlphaNumericString) 2UC400E N/A AES-ECB Imported Exits the AD/EE Stored within Zeroized Used to Session AES 3844 across module in KTS module in plain when new authenticat KAT key encrypted plaintext text in EC flash string is e traffic (WKAT SNMPv3 over memory and in entered or data Authenticat link from secured ASIC when connection ion String) KM SNMPv3 service is (Hexadecim link deleted al-AlphaNumericString) S13X100E 256- HMAC-SHA2- S13X100E No Import, N/A Stored AES-256 Zeroized Used to Session bits 256 Session no Export encrypted in on authenticat Communica A2415 Encryption module RAM module e (with tion and reset and HMACAuthenticat Authentica key SHA256) ion Key tion Key is switches information (AES-256 used to new exchanged key) keys between modules 2UC400E 256- HMAC-SHA2- 2UC400E No Import, N/A Stored AES-256 Zeroized Used to Session bits 256 Session no Export encrypted in on authenticat Communica A24156 Encryption module RAM module e (with tion Key is reset and HMACAuthenticat used key SHA256) ion Key switches information (AES-256 to new exchanged key) keys between modules User Minimu N/A Entered in Entered N/A Local database Zeroized Authenticat Passwords m: 12 module via Encrypted, plaintext when ion of charact CLI or no Export password Users ers Web UI is updated with a
32 new one
199 to-
Factory Comman d AES GCM 96-bit AES-GCM Generated Never N/A Plaintext in Reboot; IV for AES IV A3369 internally exits the volatile memory power- GCM module cycle DH Private 112- DH Shared Generated Never N/A Plaintext in Reboot; Generation Key 200 bits Secret internally exits the volatile memory power- of SSH Component Computation via module cycle; shared A3369 Approved session secrets DRBG terminatio n
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type DH Public 112- DH Shared [for the [for the N/A Plaintext in Reboot; Generation Key 200 bits Secret module] module] volatile memory power- of SSH Component Computation Generated Exits the cycle; shared A3369 internally module in session secrets via plaintext terminatio Approved form n DRBG [for a peer] Input in plaintext form, never exits the module ECDH 128- ECDH Shared Generated Never N/A Plaintext in Reboot; Generation Private Key 256 bits Secret internally exits the volatile memory power- of SSH and Component Computation via module cycle; TLS shared A3369 Approved session secrets DRBG terminatio n ECDH 128- ECDH Shared [for the [for the N/A Plaintext in Reboot; Generation Public Key 256 bits Secret module] module] volatile memory power- of SSH and Component Computation Generated Exits the cycle; TLS shared A3369 internally module in session secrets via plaintext terminatio Approved form n DRBG [for a peer] Input in plaintext form, never exits the module SSH User 112- ECDSA N/A Imported AD/EE Local database Zeroized Public key Public Key 150 bits Signature in Base64 KTS AES-128 when key authenticati (RSA) Verification encoded encrypted is updated on 128- RSA Signature (PEM) file with a (authorized
256 bits Verification format via new one key)
(ECDS A3369 WebUI or ReturnA) CLI toFactory command SFTP SSH 112- ECDSA N/A Imported AD/EE Local database Return- Public key User 150 bits Signature in Base64 KTS AES-128 to- authenticati Private Key (RSA) Generation encoded encrypted Factory on to SFTP 128- RSA Signature (PEM) file command server
256 bits Generation format via (Identity
(ECDS A3369 WebUI or key) A) CLI
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type SFTP 112- ECDSA N/A [for the AD/EE Local database Return- Authenticat Server 150 bits Signature module] KTS cleartext to- ion of Public Host (RSA) Verification Imported Factory SFTP Key 128- RSA Signature in Base64 command server
256 bits Verification encoded (known
(ECDS A3369 (PEM) file host key) A) format via WebUI or CLI [for a peer] Input in plaintext form as part of SSH session negotiation Never exits the module SSH 112- ECDSA/RSA Generated Never N/A Local database Return- Authenticat Private Key 150 bits Key Generation internally exits the AES-128 to- ion during (RSA) ECDSA via module encrypted Factory SSH 128- Signature Approved command session
256 bits Generation DRBG negotiation
(ECDS RSA Signature A) Generation A3369 SSH Public 112- ECDSA/RSA [for the [for the N/A Local database Return- Authenticat key 150 bits Key Generation module] module] AES-128 to- ion during (RSA) ECDSA Generated Exits the encrypted Factory SSH 128- Signature internally module in command session
256 bits Verification via plaintext negotiation
(ECDS RSA Signature Approved form A) Verification DRBG during A3369 SSH session negotiation Exported from module via CLI or WebUI (for install on client for host key authenticat ion) [for a peer] Input in plaintext form as part of SSH session negotiation Never exits the module
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type SSH Shared 112- KAS-FFC-SSC, N/A Never KAS-FFC- Plaintext in Reboot; Derivation Secret 200 bits KAS-ECC-SSC exits the SSC volatile memory power- of the SSH (FFC) Shared Secret module KAS-ECC- cycle; Session 128- Computation SSC session Key and
256 bits A3369 Shared terminatio SSH
(ECC) Secret n Authenticat Computatio ion Key n SSH 128- AES-CTR N/A Never SSH KDF Plaintext in Reboot; Encryption Session 256 bits AES-GCM exits the used to volatile memory power- and Key Encryption/Decr module derive cycle; decryption yption keying session of SSH A3369 material terminatio session n packets SSH 256- Keyed-Hash N/A Never SSH KDF Plaintext in Reboot; Authenticat Authenticat 512 bits Message exits the used to volatile memory power- ion of SSH ion Key Authentication module derive cycle; session A3369 keying session packets material terminatio n CA Public 112- RSA Signature Generated Imported AD/EE Local database Zeroized Verificatio Key 150 bits Verification externally in Base64 KTS AES-128 when n of CA A3369 encoded encrypted certificate signatures (PEM) file is updated format via with a WebUI or new one CLI ReturntoFactory command TLS Private 112- RSA Key Generated Never Local database Return- TLS Key 150 bits Generation/RSA internally exits the AES-128 to- authenticati Signature via module encrypted Factory on Generation Approved command A3369 DRBG TLS Public 112- RSA Key [for the [for the [for the module] Return- TLS Key 150 bits Generation/RSA module] module] Local database to- authenticati Signature Generated Exits the AES-128 Factory on Verification internally module in encrypted command 1024-bit A3369 via plaintext [for a peer] RSA public Approved form Plaintext in keys are DRBG [for a peer] volatile memory used for Input in signature plaintext verification form as only part of TLS session negotiation Never exits the module TLS Pre- 128- KAS-ECC-SSC N/A Never Derived Plaintext in Reboot; Derivation Master 256 bits Shared Secret exits the internally volatile memory power- of the TLS Secret Computation module via KAS- cycle; Master A3369 ECC-SSC upon Secret Shared completio Secret n of TLS Computatio Master n Secret computati on
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type TLS Master 128- KAS-ECC-SSC N/A Never Derived Plaintext in Reboot; Derivation Secret 256 bits Shared Secret exits the internally volatile memory power- of the TLS Computation module using the cycle; Session A3369 TLS Pre- session Key and Master terminatio TLS Secret via n Authenticat TLS KDF ion Key TLS 128, AES-CBC. AES- N/A Never Derived Plaintext in Reboot; Encryption Session 256 GCM exits the internally volatile memory power- and Key Encryption/ module using the cycle; decryption Decryption TLS Master session of TLS A3369 Secret via terminatio session TLS KDF n packets TLS 256- Keyed-Hash N/A Never Derived Plaintext in Reboot; Authenticat Authenticat 384 bits Message exits the internally volatile memory power- ion of TLS ion Key Authentication module using the cycle; session A3369 TLS Master session packets Secret via terminatio TLS KDF n DRBG 384 bits Random number Entropy Never N/A Plaintext in Reboot; Random Seed generation from ESV exits the volatile memory power- seed data A3369 (Cert module cycle drawn from #26) Nokia Jitter approved Entropy(JE platform NT) noise and used to source. seed an implementa tion of the NIST SP 80090Ar1 CTR (AES) DRBG. DRBG Key 256 bits Random number Internal Never N/A Plaintext in Reboot; 32 bytes 256-bit generation state exits the volatile memory power- AES key AES key A3369 generated module cycle stored in using the RAM. CTR_DRB Used in an G from implementa [SP800- tion of the 90Ar1]. NIST SP 800-90Ar1 CTR (AES) DRBG. DRBG V 128 bits Random number Internal Never N/A Plaintext in Reboot; Part of the generation state exits the volatile memory power- secret state A3369 generated module cycle of the using approved CTR_DRB DRBG. G from The value [SP800- is 90Ar1]. generated using the methods described in [SP80090Ar1].
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy Key/ Streng Security Generati Import Establish Storage Zeroisat Use & SSP th Function and on /Export ment ion related Name/ Cert. Number keys Type Entropy 256 bits Entropy Source Generated Never N/A Plaintext in Reboot; Random Input String for Random internally exits the volatile memory power- number number module cycle generation generation E26 Firmware N/A RSA Digital N/A N/A N/A Hardcoded/emb N/A Self-Test Load Signature edded in the Authenticat Verification application ion Key A3369 firmware image SNMP 256- Secure Hash N/A Imported AD/EE Local database Zeroized SNMPv3 Certificate 512 bits A3369 in hex KTS cleartext, when user Fingerprint format certificate certificate authenticati over CLI fingerprint only fingerprin on for or WebUI t is SNMP over updated TLS with a new one ReturntoFactory command Database 128-bit AES-CBC N/A N/A N/A Hardcoded/emb Return- Encryption Encryption A3369 edded in the to- of SSPs in Key application Factory local firmware image Comman database d Table 42 - SSPs Note: all SSPs are zeroized via the Return-to-Factory CLI command. Note: The AES-GCM IV is used in the TLS and SSH protocol. For TLS, the AES-GCM IV is internally generated deterministically in compliance with TLSv1.2 GCM cipher suites as specified in RFC 5288 and Section 8.2.1 of NIST SP 800-38D. Per RFC 5246, when the nonce_explicit part of the IV exhausts the maximum number of possible values for a given session key, the module will trigger a handshake to establish a new encryption key. The module is compatible with TLSv1.2 and supports acceptable GCM ciphersuites from Section 3.3.1 of SP 800- 52 Rev 2. For SSH, the AES GCM IV is constructed in compliance with the SSHv2 specification (RFCs 4252, 4253 and 5647) and only for use within the SSHv2 protocol.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy RBG entropy sources: Entropy sources Minimum number of bits of entropy Details 8EC2 256 JENT is used as entropy source 32EC2 256 JENT is used as entropy source CEC2 256 JENT is used as entropy source XCEC8 256 JENT is used as entropy source MEC2L 256 JENT is used as entropy source Table 43 - Non-Deterministic Random Number Generation Specification
The 1830 PSS-32/PSS-16II/PSS-8/24x and PSI-8L perform known answer tests and critical functions tests at power up. Test Description AES Encrypt KAT Encrypt Known answer test for AES-256 CFB-128. AES Decrypt KAT Decrypt Known answer test for AES-256 CFB-128. AES Encrypt FPGA KAT (11QPEN4 cards) Encrypt Known answer test for AES-256 CTR. AES Decrypt FPGA KAT (11QPEN4 cards) Decrypt Known answer test for AES-256 CTR. AES Encrypt ASIC KAT (S13X100E cards) Encrypt Known answer test for AES-256 GMAC. AES Decrypt ASIC KAT (S13X100E cards) Decrypt Known answer test for AES-256 GMAC. SHA KAT Known answer test for SHA-1 HMAC-SHA-1 KAT Known answer test for HMAC-SHA-1 HMAC-SHA256 KAT Known answer test for HMAC-SHA256 OpenSSL self-test (Nokia openSSL) Details see below Table 44 - Self-tests Pre-Operational Self-Tests
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy HMAC KATs with SHA-1, SHA2-256, SHA2-384, and SHA2-512 utilize (and thus test) the full functionality of the SHA-1, SHA2-256, SHA2-384, and SHA2-512 algorithms; therefore, no independent KATs for SHA-1, SHA2-256, SHA2-384, and SHA2-512 implementations are required. Conditional Self-Tests
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Nokia delivers the module both physically and electronically. The hardware is delivered physically via a trusted carrier. The box is sealed by PVC adhesive tape with identification labels. A tamper free tape is also applied. The box is then belted if required. The software and guidance documentation are retrieved electronically from a web site. Hardware and software items associated with the module are itemized by a unique Nokia Part Number (APN). In addition, each 1830 PSS or 1830 PSI-8L shelf can be ordered as a kit with the minimum required equipment for approved operation. The kit is also specified by a unique APN. Final versions of 1830 PSS customer documentation are posted on the Nokia Support portal, a Nokia Extranet site for internal users and external customers with entitlement. If a customer document is reissued, the re-issue is then posted on Nokia Support portal and the previous issue of the document removed.
The approved mode of operation has to be prepared by the Crypto Officer (Admin) by following the instructions in chapter 15 and chapter 16. If the module starts up successfully, then the module has passed all self-tests (described in chapter 10) and is operating in the approved mode of operation
When a zeroization of all SSPs is needed, because the module shall be decommissioned or taken out of the secured mode of operation, then the Return-to-Factory procedure can be used. Please note, that this erases also all Firmware and thus leads to a need to send the equipment back to the factory before the next use. For details refer to chapter 16.4.
The module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3 requirements.
AES Advanced Encryption Standard AGD Assurance Guidance Documents ALC Assurance Life Cycle ANSSI Agence Nationale de la Sécurité des Systèmes d'Information CIA Confidentiality, Integrity and Availability CC Common Criteria CIT Craft Interface Terminal CLI Command Line Interface COE Central Office Equipment CPE Customer Premises Equipment CT Commercial Temperature DWDM Dense Wavelength Division Multiplexing EC Equipment Controller FC Fibre Channel GE Gigabit Ethernet KAT Known Answer Test KM Key Manager NE Network Element NM Network Manager
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy NOC Network Operations Center OAMP Operations, Administration, Maintenance and Provisoning OTU Optical Transport Unit PP Protection Profile PSS Photonic Service Switch QPEN Quad Pluggable ENcryption RBAC Role Based Access Control RFS Remote File Server SFR Security Functional Requirement SNMP Simple Network Manager Protocol ST Security Target TOE Target of Evaluation T-ROADM Tunable-Reconfigurable Optical Add/Drop Mulitplexer TSF TOE Security Functions UID User Identifier VOA Variable Optical Attenuator VOIP Voice over Internet Protocol WKAT Well Known Answer Test XFP eXtended Form-factor Pluggable Table 45 - Acronyms
FIPS [FIPS 140-3] FIPS PUB 140-3, Security Requirements for Cryptographic Modules [FIPS 140-3 DTR] Derived Test Requirements for FIPS PUB 140-3, Security Requirements for Cryptographic Modules [FIPS 140-3 IG] Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program NIST [NIST800-38A] Recommendation for Block Cipher Modes of Operation: Methods and Techniques - NIST Special Publication 800-38A [NIST800-38D] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC - NIST Special Publication 800-38D [NIST800-38F] Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping - NIST Special Publication 800-38F
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
Installing tamper labels is not needed for FIPS 140-3 security level 1.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
This procedure describes how to configure the NE in order to comply with the Federal Information Processing Standards (FIPS) Publication 140-3 (Security Requirements for Cryptographic Modules), detailing the U.S and Canadian governments' requirements for cryptographic modules.
Important! Until the NE is secured by performing the steps described up to and including chapter Error! Reference source not found., it must not be connected to a LAN in order to avoid vulnerabilities. For approved configuration, the NE must run an ECN software load. When the NE is operational, the NE, along with the whole communication network, must be under restricted access. Internet access must be disabled, and access within the customer DCN must be restricted to selected systems, for example the NMS and computers of administrators. The Gateway NE (GNE) does have a rudimentary firewall, but the PSS network should also be protected from network attacks, such as Denial of Service attacks or rogue packets. This protection is typically implemented at the DCN router that connects to the GNE. Additionally, IPSec tunneling between the DCN router and the management system(s) is recommended.
The NE is properly installed and running: The NE is physically assembled, and the software is installed. The NE has booted and can be accessed via CIT.
Any equipment used to access the NE must be secured through the current state of the art security measures. This applies to computers that the 1830 PSS WebUI user interface or WS-NOC run on, but also, to the use of input devices for such computers. Note: A cordless mouse or keyboard cannot be considered secure. The OWASP (Open Web Application Security Project) community, among others, can provide the best practices in regard to this topic.
All communication from/to the Management System(s) can be secured using an IPSec tunnel. This is an additional security measure that is not required for most communication channels. The communication channels where this is mandatory, are explicitly shown in the respective chapters. Irrespective of the use of IPSec tunnel, secure protocols (SSH, SNMPv3, HTTPS, etc.) should be used to connect to the NE. The IPSec tunnel is set up between the management system(s) and a DCN router placed next to the NE. From the DCN router to the NE, there is no IPSec tunnel possible, so this physical connection must be physically secured. Note: The approved configuration allows secure communication protocols at the OAMP interface only.
Refer to the 1830 Photonic Service Switch (PSS) Release 22.12 Command Line Interface Guide for more detailed information regarding the CLI commands used in this chapter.
When the NE is connected to a DCN while the default user account passwords were not yet changed or ZTP enabled, and keys not set, the NE might be compromised. Required steps:
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy The following command resets the system: config admin factory-reset
Required steps must be executed using a locally connected Craft Interface Terminal (CIT) in order to avoid interference from DCN before the NE is secured.
NE keys and certificates must be generated. Required steps:
In section Error! Reference source not found., an SSL/TLS key was generated. Create a signed X.509v3 certificate for the NE based on this SSL/TLS key. Required steps: Create a signed X.509v3 certificate and load it onto the NE. Use the following commands:
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy config software server transfer load sslomscsr 6. Install downloaded certificate: config sslcert yes Be sure to install the NE root certificate on any clients connecting to the WebUI Note: Please refer to the User Provisioning Guide for more information.
In order to enforce secure (encrypted) protocols, the NE must be set to secure mode. Required step: 1. Set NE to secure mode via CLI: config admin ui mode encrypted
System security settings The following settings are required to help enforce better security. config admin session maxfailedlogins 5 config admin authentication local password minlength 12 config admin session timeout 15 config admin maxsession 1 config admin minwaitlogin 15 Default local accounts At the time of NE deployment, there are two default accounts: admin and service. admin: The admin account is used to initially configure the NE. This includes creation of additional accounts to manage the NE. service: The service account is used by Nokia service personnel to install the NE and perform maintenance activities. Required steps:
The following steps must be executed regardless if the NE is to be managed using SNMP or not. Accounts for SNMP are maintained by the NE. Internal accounts Important! The SNMP user accounts v3IntComDefUser is used for internal purposes. It must not be changed or removed. Default accounts At the time of NE deployment, there are two default accounts: v3DefaultUser and v3DftAdvUser. Required steps: 1. Disable default accounts: config admin snmpusers edit v3DftAdvUser status disabled config admin snmpusers edit v3DefaultUser status disabled Other predefined accounts If the NE was connected to a DCN before it was secured, other accounts might have been created.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy If other accounts than the default accounts are present, then those accounts must be deleted unless there is a clear and acceptable reason for them to be there. Required step:
The Open Agent provides the NETCONF/gRPC interface and is disabled by default. If the Open Agent is enabled, disable it. Required step: 1. If it was enabled, use the following command to disable Open Agent: config general openagent disabled
By default, ZTP is enabled. Disable ZTP mode. Required step: 1. Disable ZTP via an Admin CLI account: config admin ztp disable
Enable fips-squelching mode. Required step: 1. In CLI, enter: config general fips-squelching enable
Accounts for maintenance are maintained by the NE. Those accounts are to be distinguished from TL1/CLI/WebUI, SNMP, or GMPLS CP accounts. Default accounts At the time of NE deployment, there are two default accounts: maint1 and maint2. The default status is that they are disabled. Required steps:
The local serial console can be used for local maintenance actions. For the login the maint1 user
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy will be used. It is required that it is either managed by the autostate feature [see 16.1.1.28] or permanently disabled. To disable it, execute the following command: config admin system maint1 localdisableNote: If all management protocols at the OAMP interface and remote maintenance logins have failed or are disabled, then no maintenance access is possible anymore - neither remote nor local. If the local serial console is enabled, it will be notified by the standing condition MAINT-ALLOWEDLOCAL. The default severity is NR (not reported). It appears in the condition list and logs only. If the severity shall be increased to MJ (major), CR (critical) or WR (warning), then it is automatically present in the alarm list because the FIPS status of the NE is violated in case it is open.
The required steps described in the preceding sections of the security hardening guidelines were executed. This means that the NE is now hardened to a degree that it is safe to connect to a general network.
The next steps can be done using any management access type that has a secure connection. Configuration access via remote access is now safe, and you may connect to a LAN now. Note: The DCN is secured, using IP ACL throughout the DCN (see DCN Guide for concepts and instructions).
The NE must be in a secure network; see chapter 16.1.1.4. In addition, the communication channel in and out of the NE must be restricted.
Recommended steps: 1. Assign IP Address to OAMP port of TOE: config interface mfc shelf/slot/oamp <ip address for the TOE> config cn routes default add <ip address for DHCP server>
The following services should only be enabled if they are used. If they are not used, they should be disabled. The following services are covered by this document: NTP, Radius, TACACS+, SWNE, Installation from USB Stick, SFTP Client, OSPF, Syslog, SNMP Traps, GMPLS CP, ZTP.
To authenticate the NTP server(s), a key must be provisioned per NTP server used. Required steps:
For approved configuration, SWNE functionality must be disabled. NEs can be in a server or in a client role. Required step: Disable the SWNE functionality: 1. Execute the following command: config general ftpserver disable Note: In case of a software update, SWNE functionality must be enabled temporarily.
For approved configuration, use of USB ports is prohibited. The USB ports are therefore sealed and shall not be used.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The NE can be accessed via bluetooth using a bluetooth dongle. For approved configuration, access via bluetooth must be disabled. Required step: 1. Execute the following command to disable it:
1. Provision key-based authentication which supports mutual authentication for SFTP file transfers. The following file transfers support this:
config transferlog server protocol SFTP config transferlog server userid crypto prompted for <password> config transferlog server port 22 config transferlog path /home/crypto • • Syslog file transfer config admin transfersyslog server • System Trust anchor installation file transfer config keystore system trustanchor Note: The parameters are always the same, but the commands differ. The configuration must be done for all used services.
Required step: 1. Set the SNMP trap destination(s) for 1830 SMS. config snmpserver trapdest add <snmp-server-name> <ip address of server> 1500 3 v3 0 smsuser256
1. Use TLS 1.2: config admin security tls tls-system version max 1.2 config admin security tls tls-system version min 1.2 config admin security commit
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
The NE stores information in various log files. This log files should be periodically checked. Recommended step: 1. Check log files periodically for anomalies. Show logs all
A FIPS self-test can be initiated by power cycling the system. (This action will impact service until system fully boots up.) After starting, verify the status of the self-test. FIPSSFMISMATCH or AESFIPSFAILURE conditions must not appear. show condition
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
This procedure describes how to zeroize all SSPs to comply with the Federal Information Processing Standards (FIPS) Publication 140-3 (Security Requirements for Cryptographic Modules), detailing the U.S and Canadian governments' requirements for cryptographic modules.
All SSPs are zeroized when the module executes the command to return it to factory. Administrator privilege is needed to execute this command. Required steps: 1. initiate Return-to-Factory: config admin return-to-factory
Zeroizing all SSPs in the module takes some time, so the operator must wait for the internal steps to complete. The Zeroization process is considered completed once all controllers show their LED in Solid Red. Required steps: 1. Wait for all controller card LEDs to show solid red.
Nokia 1830 PSS/PSI-8L R23.3 FIPS 140-3 Security Policy
In additional to direct guidance provided in this security policy, additional detailed guidance is available to registered customers from Nokia documentation web site at documentation.nokia.com. Nokia Guidance [PSS-32 ITUG] 1830 Photonic Service Switch (PSS-32) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-TJZZA [PSS-16II ITUG] 1830 Photonic Service Switch (PSS-16II) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-SMZZA [PSS-8 ITUG] 1830 Photonic Service Switch (PSS-8) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-SLZZA [PSS-24x ITUG] 1830 Photonic Service Switch (PSS-24x) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-SJZZA [PSS-8x ITUG] 1830 Photonic Service Switch (PSS-8x) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-SKZZA [PSI-8L ITUG] 1830 Photonic Service Switch (PSI-4L/PSI-8L) Release 22.12 Installation and System Turn-Up Guide Issue Date: 2022/12/22 | Issue: 1 | Document: 3KC-71311-PBAA-TLZZA Note: the ITUG documents of R22.12 are valid for R23.3 as well.