All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway

Certificate#4907StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorAudioCodes Ltd.
Critical review priority  ·  exposes firmware-update authentication, debug/recovery interface  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date12/2/2026
EntropyENT (NP)
CaveatInterim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy
VendorAudioCodes Ltd.
Hardware versionsMediant 800 (P/N GGWC00001), Mediant 2600 (P/N GTPM00769), Mediant 4000B (P/N GTPM00894), Mediant 9080B (P/N GGWZ00047), and MediaPack 1288 (P/N GTPM01021)

Approved Algorithms (43)

AlgorithmACVP Cert
AES-CBCA2391
AES-CBCA2544
AES-CCMA2544
AES-CFB128A2391
AES-CFB128A2544
AES-CTRA2391
AES-CTRA2544
AES-GCMA2544
Counter DRBGA2544
DSA KeyGen (FIPS186-4)A2544
ECDSA KeyGen (FIPS186-4)A2544
ECDSA KeyVer (FIPS186-4)A2544
ECDSA SigVer (FIPS186-4)A2544
HMAC-SHA-1A2544
HMAC-SHA2-256A2544
HMAC-SHA2-384A2544
KAS-ECC-SSC Sp800-56Ar3A2544
KAS-FFC-SSC Sp800-56Ar3A2544
KDF SNMPA2389
KDF SNMPA2392
KDF SRTPA2389
KDF SRTPA2392
KDF SSHA2389
KDF SSHA2392
RSA KeyGen (FIPS186-4)A2544
RSA SigGen (FIPS186-4)A2391
RSA SigGen (FIPS186-4)A2544
RSA SigVer (FIPS186-4)A2391
RSA SigVer (FIPS186-4)A2544
Safe Primes Key GenerationA2544
Safe Primes Key VerificationA2544
SHA-1A2391
SHA-1A2544
SHA2-224A2544
SHA2-256A2391
SHA2-256A2544
SHA2-384A2544
SHA2-512A2544
SHA3-256A2390
TLS v1.2 KDF RFC7627A2389
TLS v1.2 KDF RFC7627A2392
TLS v1.3 KDFA2389
TLS v1.3 KDFA2392

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational Environment1
Physical Security1
Non-Invasive SecurityN/A
Sensitive Security Parameter Management1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>7.6</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Upgrade Image<br/>Load License Key File</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Load License Key File<br/>Configure the SBC System<br/>Configure VOIP Network, Media and SIP Settings,…</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>RS-232 Serial Port<br/>USB<br/>RS-232 Serial Port (Micro-USB)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>7.6</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Upgrade Image<br/>Load License Key File</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Load License Key File<br/>Configure the SBC System<br/>Configure VOIP Network, Media and SIP Settings,…</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>RS-232 Serial Port<br/>USB<br/>RS-232 Serial Port (Micro-USB)</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

AudioCodes Ltd. Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway Hardware Models: Mediant 800 (P/N GGWC00001), Mediant 2600 (P/N GTPM00769), Mediant 4000B (P/N GTPM00894), Mediant 9080B (P/N GGWZ00047), and MediaPack 1288 (P/N GTPM01021) Firmware Version: 7.6 FIPS Security Level: 1 Document Version: 0.8 Prepared for: Prepared by: AudioCodes Ltd.

1 Hayarden Street

Airport City, Lod 70151 Israel Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +972 3 976 4000 www.audiocodes.com Phone: +1 703 267 6050 www.corsec.com

Page 2

September 26, 2024 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway (firmware version: 7.6) from AudioCodes Ltd. (AudioCodes). This Security Policy describes how the Mediant SBCs and Media Gateways meet the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in an Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Mediant SBCs and Media Gateways are referred to in this document collectively as the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3

September 26, 2024 Table of Contents 1. 2. 2.1 2.2 2.3 2.4 3. 4. 4.1 4.2 4.3 4.4 5. 6. 7. 8. 9. 9.1 9.2

11.3 Startup 50

Appendix A. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 4

September 26, 2024 List of Tables List of Figures Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 5

1. September 26, 2024 General AudioCodes Ltd. (hereafter referred to as AudioCodes) is a leading vendor of advanced networking and media processing solutions for the digital workplace. The AudioCodes Mediant family of Session Border Controllers (SBCs) and Media Gateways (GWs) offer a line of versatile IP1 communications platforms that connect VoIP2 and TDM3 networks, built on years of carrier-grade VoIP deployments and expertise. AudioCodes’s SBCs and Media Gateway provide the interoperability, security and quality assurance that service providers need to connect their enterprise and residential customers reliably and securely to SIP4 trunk and hosted telephony services. The Mediant SBCs and Media Gateways form an effective demarcation point between a business’s VoIP network and the service provider’s SIP trunk, performing SIP protocol mediation and media handling (interoperability), and securing the enterprise VoIP network. They can function as a peering SBC, access SBC, or enterprise SBC.

1 IP – Internet Protocol
2 VoIP – Voice Over Internet Protocol

TDM

4 SIP – Session Initiation Protocol

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 6

September 26, 2024 Figure 3

6 DSP – Digital Signal Processing

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 7

September 26, 2024 transcoding, a flexible and intuitive SIP routing engine, and an integrated WebRTC gateway. Some of the network and security features provided by the SBCs include:

7 B2BUA – Back-to-Back User Agent
8 PBX – Private Branch Exchange
9 UDP – User Datagram Protocol
10 TCP – Transport Control Protocol
11 TLS – Transport Layer Security
12 RTP – Real-time Transport Protocol
13 SRTP – Secure Real-time Transport Protocol

SDES

16 NAT – Network Address Translation
17 VP8 – Video coding format developed by Google

ICE

19 RTCP – Real-Time Transport Control Protocol
20 DoS – Denial of Service
21 DoS/DDoS – Denial-of-Service/Distributed Denial-of-Service

HTTPS

23 SSH – Secure Shell
24 SFTP – SSH (or Secure) File Transfer Protocol
25 SNMP – Simple Network Management Protocol
26 VLAN – Virtual Local Area Network

OAMP

28 MOS – Mean Opinion Score

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 8
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical Security1
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A

September 26, 2024 • Web-based Graphical User Interface (GUI) called the Web Interface, which is accessible remotely via HTTPS over Ethernet management ports. • SNMPv3 operations, which are used for remote configuration and obtaining information about the module’s state and statistics. • INI Configuration file, which is a text-based file with .ini file extension containing configuration settings. This file may be loaded to the SBC using SNMPv3 or by using the CLI (over SSH) or Web Interface for automatic configuration/commissioning. These management interfaces provide authorized operators access to the module for configuration and management of all facets of the module’s operation, including system configuration, troubleshooting, security, and service provisioning. Using any of the management interfaces, an operator is able to monitor, configure, control, receive report events, and retrieve logs from the modules. To support TLS and SSH, the following types of RSA certificates may be imported to the module using the module’s Web Interface (over TLS) or CLI (over SSH): • X.509 certificate file – plaintext base64 encoded PEM29 format. These files contain public keys only, while the matching private key is contained in the associated RSA private key file. • RSA private key file – plaintext base64 encoded PEM format. These files contain the private key associated with the RSA public key in the X.509 certificate file. • Root certificate file (CA Public keys) – chains of X.509 certificates in plaintext base64 encoded PEM format. These are used to validate peer certificates and serve as a possible chain used for self-signed certificates to be sent to the peer. The Root certificate file contains public keys only; they do not contain the associated private keys. The module generates RSA keypairs and Certificate Signing Requests (CSRs). The CSR is signed with the module’s private key and then sent to a CA. The CA then signs the certificate and sends it back, where it is then installed for use. The module also generates self-signed certificates corresponding to the internally generated RSA keypairs. The module provides the option to import certain CSPs by loading a text-based file with a *.ini file extension (INI file) in encrypted form using the module’s Web Interface (over TLS) or CLI (over SSH). The module also supports an Automated Update mechanism whereby an INI file is downloaded from a server over HTTPS. The CSPs that may be imported through an INI file are indicated as such in Table

  1. The Mediant SBCs and Media Gateways are validated at the FIPS 140-3 section levels shown in Table
  2. Table 1 – Security Levels [Number Below]
29 PEM – Privacy Enhanced Mail

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 9

September 26, 2024 [Number Below] N/A N/A The module has an overall security level of 1. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 10
Module configuration
NameModelHardware VersionFirmware VersionFeatures
Mediant 800Mediant 800GGWC000017.6• CPU: Cavium OCTEON PLUS CN50XX • LAN Interfaces: 4 GE or 4 GE + 8 FE interfaces configured in 1+1 redundancy or as individual ports
Mediant 2600Mediant 2600GTPM007697.6• CPU: Cavium OCTEON II CN66XX • LAN Interfaces: 8 x 100/1000 Base-T Ethernet ports • Power: Dual AC power supplies
Mediant 4000BMediant 4000BGTPM008947.6• CPU: Cavium OCTEON II CN66XX • LAN Interfaces: 8 x 100/1000 Base-T Ethernet ports • Power: Dual AC power supplies
Mediant 9080BMediant 9080BGGWZ000477.6• CPU: Intel Xeon Gold 6226R • LAN Interfaces: 1Gb/10Gb Ethernet ports
MediaPack 1288MediaPack 1288GTPM010217.6• CPU: Cavium OCTEON PLUS CN50XX • LAN Interfaces; Dual Redundant 10/100/1000 Base-T Ethernet ports
Sensitive security parameter
NameSecurity FunctionUseVersion
AudioCodes Mediant Session Border Controller KDF LibraryA2389Provides implementations for TLS, SNMP, SRTP, and SSH key derivation functions7.6
AudioCodes Mediant Session Border Controller Entropy LibraryA2390Provides SHA3 for entropy generation7.6
AudioCodes Mediant Session Border Controller Cryptographic Accelerator ModuleA2391Provides hardware-accelerated7.6
AudioCodes Mediant Session Border Controller Cryptographic Accelerator KDFA2392Provides hardware-accelerated implementations for TLS, SNMP, SRTP, and SSH key derivation functions7.6
AudioCodes Mediant Session Border Controller Cryptographic LibraryA2544Provides implementations for general-purpose cryptographic primitives7.6

2. September 26, 2024 The Mediant SBCs and Media Gateways represent a hardware module with a multi-chip standalone embodiment. The sections below describe the operational environments, algorithm implementations, module boundary, and modes of operation. 2.1 Operational Environments Table 2 below lists the module configuration(s) used for validation testing. Table 2

Page 11
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
KDF31 SNMP CVL32 SP 800-135rev1A2389SNMP KDFPassword Length: 64-800 Increment 8Key Derivation No part of the SNMP protocol, other than the KDF, has been tested by the CAVP and CMVP.
KDF SRTP CVL SP 800-135rev1A2389SRTP KDF128, 256Key Derivation No part of the SRTP protocol, other than the KDF, has been tested by the CAVP and CMVP.
KDF SSH CVL SP 800-135rev1A2389SSH KDFAES-128 (SHA-1, SHA2- 256)Key Derivation No part of the SSH protocol, other than the KDF, has been tested by the CAVP and CMVP.
TLS v1.2 KDF RFC33 7627 CVL SP 800-135rev1 RFC 7627A2389TLS34 v1.2 KDFSHA2-256, SHA2-384, SHA2-512Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
TLS v1.3 KDF CVL SP 800-135rev1 RFC 8446A2389TLS v1.3 KDFSHA2-256, SHA2-384Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
SHA3-256 FIPS PUB 202A2390SHA3-256Message Length: 0-65528 Increment 8Conditioning function for entropy
AES35-CBC36 FIPS PUB 197 NIST SP 800-38AA2391CBC128, 256Encryption/Decryption
AES-CFB12837 FIPS PUB 197 NIST SP 800-38AA2391CFB128128, 192, 256Encryption/Decryption
AES-CTR38 FIPS PUB 197 NIST SP 800-38AA2391CTR128, 256Encryption/Decryption
RSA SigGen (FIPS186-4) FIPS PUB 186-4A2391PKCS#1 v1.52048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Generation
RSA SigVer (FIPS186-4) FIPS PUB 186-4A2391PKCS#1 v1.51024, 2048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Verification
SHA-1 FIPS PUB 180-4A2391SHA-1Message Length: 0-65528 Increment 8Message Digest
SHA2-256 FIPS PUB 180-4A2391SHA2-256Message Length: 0-65528 Increment 8Message Digest
KDF SNMP CVL SP 800-135rev1A2392SNMP KDFPassword Length: 64-800 Increment 8Key Derivation No part of the SNMP protocol, other than the KDFs, have been tested by the CAVP and CMVP.
KDF SRTP CVL SP 800-135rev1A2392SRTP KDF128, 256Key Derivation No part of the SRTP protocol, other than the KDFs, have been tested by the CAVP and CMVP.
KDF SSH CVL SP 800-135rev1A2392SSH KDFAES-128 (SHA-1, SHA2- 256)Key Derivation No part of the SSH protocol, other than the KDFs, have been tested by the CAVP and CMVP.
TLS v1.2 KDF RFC 7627 CVL SP 800-135rev1 RFC 7627A2392TLS v1.2 KDFSHA2-256, SHA2-384, SHA2-512Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
TLS v1.3 KDF CVL SP 800-135rev1 RFC 8446A2392TLS v1.3 KDFSHA2-256, SHA2-384Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
AES-CBC FIPS PUB 197 NIST SP 800-38AA2544CBC128, 256Encryption/Decryption
AES-CCM39 NIST SP 800-38CA2544CCM128, 256Encryption/Decryption
AES-CFB128 FIPS PUB 197 NIST SP 800-38AA2544CFB128128, 192, 256Encryption/Decryption
AES-CTR FIPS PUB 197 NIST SP 800-38AA2544CTR128, 256Encryption/Decryption
AES-GCM40 NIST SP 800- 38DA2544GCM128, 256Encryption/Decryption
Counter DRBG41 NIST SP 800-90Arev1A2544Counter-based256-bit AES-CTRDeterministic random bit generation
DSA42 KeyGen (FIPS186-4) FIPS PUB 186-4A2544DSA KeyGen2048/256Key Pair Generation
ECDSA43 KeyGen (FIPS186-4) FIPS PUB 186-4A2544ECDSA KeyGenP-224, P-256, P-384, P-521 Secrets generation mode: Testing candidatesKey Pair Generation
ECDSA KeyVer (FIPS186-4) FIPS PUB 186-4A2544ECDSA KeyVerP-224, P-256, P-384, P-521Public Key Verification
ECDSA SigVer (FIPS186-4) FIPS PUB 186-4A2544ECDSA SigVerP-256 (SHA2-256)Digital Signature Verification
HMAC-SHA-1 FIPS PUB 198-1A2544SHA-1MAC: 32, 80, 160 Key Length: 160Message Authentication The module also supports HMAC SHA-1-32 and HMAC SHA-1-80.
HMAC-SHA2-256 FIPS PUB 198-1A2544SHA2-256MAC: 256 Key Length: 256Message Authentication
HMAC-SHA2-384 FIPS PUB 198-1A2544SHA2-384MAC: 384 Key Length: 384Message Authentication
KAS-ECC-SSC44 SP800-56Arev3 NIST SP 800-56Arev3A2544ephemeralUnifiedP-224, P-256, P-384, P-521Shared Secret Computation
KAS-FFC-SSC45 SP800-56Arev3 NIST SP 800-56Arev3A2544dhEphemFC (2048/256), ffdhe2048, ffdhe3072, MODP-2048Shared Secret Computation
RSA46 KeyGen (FIPS186-4) FIPS PUB 186-4A2544RSA KeyGenKey generation mode: B.3.3 2048, 3072, 4096Key Pair Generation
RSA SigGen (FIPS186-4) FIPS PUB 186-4A2544PKCS#1 v1.52048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Generation
RSA SigVer (FIPS186-4) FIPS PUB 186-4A2544PKCS#1 v1.51024, 2048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2-512)Digital Signature Verification
Safe Primes Key Generation NIST SP 800-56Arev3, Appendix DA2544Safe Primes Key Generationffdhe2048, fdhe3072,Key Generation
Safe Primes Key Verification NIST SP 800-56Arev3, Appendix DA2544Safe Primes Key Verificationffdhe2048, fdhe3072,Key Verification
SHA-1 FIPS PUB 180-4A2544SHASHA-1Message Digest
SHA2-224 FIPS PUB 180-4A2544SHA2SHA2-224Message Digest
SHA2-256 FIPS PUB 180-4A2544SHA2SHA2-256Message Digest
SHA2-384 FIPS PUB 180-4A2544SHA2SHA2-384Message Digest
SHA2-512 FIPS PUB 180-4A2544SHA2SHA2-512Message digest
KTS NIST SP 800-38FAES-CBC A2391 HMAC A2544SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strengthKey Wrap/Unwrap (Encryption with message authentication) AES-CBC with HMAC (SHA- 1, SHA2-256, SHA2-384)
KTS NIST SP 800-38FAES-CBC A2544 HMAC A2544SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strengthKey Wrap/Unwrap (Encryption with message authentication) AES-CBC with HMAC (SHA- 1, SHA2-256, SHA2-384)
KTS47 NIST SP 800-38FAES-CCM A2544SP 800-38C and SP 800- 38F. KTS (key wrapping and unwrapping) per IG D.G.128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrap/Unwrap (Authenticated Encryption)
KTS NIST SP 800-38FAES-CFB128 A2391 HMAC A2544SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strengthKey Wrap/Unwrap (Encryption with message authentication) AES- CFB128 with HMAC (SHA-1, SHA2-256, SHA2- 384)
KTS NIST SP 800-38FAES-CFB128 A2544 HMAC A2544SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strengthKey Wrap/Unwrap (Encryption with message authentication) AES-CFB128 with HMAC (SHA-1, SHA2-256, SHA2- 384)
KTS NIST SP 800-38FAES-GCM A2544SP 800-38D and SP 800- 38F. KTS (key wrapping and unwrapping) per IG D.G.128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrap/Unwrap (Authenticated Encryption)
KAS48 NIST SP 800-56Arev3 NIST SP 800-135rev1KAS-ECC-SSC A2544 KDF SSH A2389 A2392SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength.Key Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 7627KAS-ECC-SSC A2544 TLS v1.2 KDF RFC 7627 A2389 A2392SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength.Key Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446KAS-ECC-SSC A2544 TLS v1.3 KDF A2389 A2392SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength.Key Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1KAS-FFC-SSC A2544 KDF SSH A2389 A2392SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strength.Key agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 7627KAS-FFC-SSC A2544 TLS v1.2 KDF RFC 7627 A2389 A2392SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strength.Key Agreement
KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446KAS-FFC-SSC A2544 TLS v1.3 KDF A2389 A2392SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strength.Key Agreement
ENT (NP) NIST SP 800-90BN/AEntropy input for DRBG
CKG49 NIST SP 800-133rev2Vendor AffirmedCryptographic Key Generation

September 26, 2024 7.6 7.6 *The Crypto Accelerator and KDF Accelerator implementations are provided by the Cavium chip; they are not available on the Intelbased M9080. Validation certificates for each Approved security function are listed in Table 4. The module also includes implementations that are used solely to support self-tests; only the implementations in the table below are used by the module during operation. Table 4

30 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

32 CVL – Component Validation List

RFC

34 TLS – Transport Layer Security

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 12
35 AES – Advanced Encryption Scheme
36 CBC – Cipher Book Chaining
38 CTR – Counter

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 13
39 CCM – Counter with Cipher Block Chaining - Message Authentication Code
41 DRBG – Deterministic Random Bit Generator
43 ECDSA – Elliptic Curve Digital Signature Algorithm

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 14

44 KAS-ECC-SSC

KAS-FFC-SSC

46 RSA – Rivest Shamir Adleman

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 15

D.G. D.G. September 26, 2024 D.G. D.G. D.G. D.G. KTS

Page 16

September 26, 2024 N/A The vendor affirms the following cryptographic security methods:

Page 17
Approved algorithm
NameUse FunctionUse / Function
RSA SigVer (FIPS 186-4)Only allowed for non-security relevant use of unclaimed authentication mechanism with SSH and SFTP per IG 2.4.A, Scenario 2Non-legacy use of RSA Signature Verification: 1024 ≤ len(n) < 2048 (provides < 112 bits of security strength)

September 26, 2024 Table 5

50 SSD – Solid State Drive

SAS

52 HDD – Hard Disk Drive

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 18
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
LEDsLEDs• Status outputOperational/system status information Refer to Mediant 800 Hardware Installation Manual
Telephony port interfacesTelephony port interfaces• Data input • Data outputTelephony traffic
Ethernet Ports (10/100/1000Base-T GbE) QTY: 12Ethernet Ports (10/100/1000Base-T GbE) QTY: 12• Data input • Data output • Control input • Status outputManagement traffic; media and signaling traffic; operational/system status information; HA configuration
RS-232 Serial PortRS-232 Serial Port• Data input • Data output • Control input • Status outputManagement traffic via CLI
Reset Pinhole ButtonReset Pinhole ButtonControl InputButton used to reset the module
USBUSBN/AUnused
LEDsLEDs• Status outputOperational/system status information Refer to Mediant 800 Hardware Installation Manual
Ethernet Ports (1000Base-T GbE) QTY: 8Ethernet Ports (1000Base-T GbE) QTY: 8• Data input • Data output • Control input • Status outputData ports for management; media and signaling traffic; HA configuration
RS-232 Serial Port (Micro-USB)RS-232 Serial Port (Micro-USB)• Data input • Data output • Control input • Status outputSerial communication via the CLI
Reset Pinhole ButtonReset Pinhole Button• Control inputN/A
LEDsLEDs• Status outputOperational/system status information Refer to Mediant 800 Hardware Installation Manual
USB 2.0 PortUSB 2.0 Port• Data input • Control inputCLI management traffic (via USB-enabled keyboard)
USB 3.0 PortUSB 3.0 Port• Data input • Control inputCLI management traffic (via USB-enabled keyboard)
Display PortDisplay Port• Data input • Status outputAnalog video output port
iLO Service PortiLO Service PortN/AUsed for field service only
Slot 1: Quad 1-GbE copper ports QTY: 4Slot 1: Quad 1-GbE copper ports QTY: 4• Data input • Data output • Control input • Status outputManagement traffic; media and signaling traffic
Slot 2: Quad 10-GbE SFP+ ports QTY: 4Slot 2: Quad 10-GbE SFP+ ports QTY: 4• Data input • Data output • Control input • Status outputManagement traffic; media and signaling traffic
Slot 3Slot 3N/AUnused slot
NIC Ports Unused (dust covered)NIC Ports Unused (dust covered)N/AUnused NIC ports
Video (VGA) PortVideo (VGA) Port• Data output • Status outputAnalog video output
iLO Management PortiLO Management PortN/AUsed for field service only
Serial PortSerial Port• Data input • Data output • Control input • Status outputCLI management traffic (via serial-enabled input device)
USB 3.0 ports QTY: 2USB 3.0 ports QTY: 2• Data input • Control inputCLI management traffic (via USB-enabled keyboard)
1 GbE copper ports1 GbE copper ports• Data input • Data output • Control input • Status outputManagement traffic; media and signaling traffic
1 GbE copper ports QTY: 31 GbE copper ports QTY: 3• Data input • Data outputMedia and signaling traffic
LEDsLEDs• Status outputOperational/system status information
Ethernet Ports (100/1000Base-T GbE) QTY: 2Ethernet Ports (100/1000Base-T GbE) QTY: 2• Data input • Data output • Control input • Status outputManagement traffic; media and signaling traffic; operational/system status information; HA configuration
RS-232 Serial PortRS-232 Serial Port• Data input • Data output • Control input • Status outputCLI management traffic (via serial-enabled input device)
FXS53 Port Interfaces QTY: 72FXS53 Port Interfaces QTY: 72• Data input • Data outputAnalog voice data; FXS data traffic
Reset Pinhole ButtonReset Pinhole Button• Control inputN/A
USBUSBN/A (unused)N/A (unused)
Power InputPower Input• PowerN/A
  1. September 26, 2024 Cryptographic Module Interfaces FIPS 140-3 defines the following logical interfaces for cryptographic modules: • • • • • Note that the module does not output control information, and thus has no specified control output interface. The Mediant 800 contains the physical ports and interfaces shown in Figure 6 and Figure
  2. Table 6 provides the mapping of the FIPS-defined interfaces and the module’s physical and logical interfaces for • • • • • • • • ©2024 AudioCodes Ltd.
Page 19

September 26, 2024 N/A The Mediant 2600 and Mediant 4000B include the physical ports and interfaces shown in Figure 8 and Figure

  1. Figure 8 – Mediant 2600/Mediant 4000B Front Ports and Interfaces Figure 9 – Mediant 2600/Mediant 4000B Rear Ports and Interfaces Table 7 provides the mapping of the FIPS-defined interfaces and the module’s physical and logical interfaces for Table 7 – Ports and Interfaces (Mediant 2600/Mediant 4000B) • • • • • • • • N/A The Mediant 9080B contains the physical ports and interfaces shown in Figure 10 and Figure
  2. Figure 10 – Mediant 9080B Front Ports and Interfaces ©2024 AudioCodes Ltd.
Page 20

September 26, 2024 Figure 11

Page 21

September 26, 2024

Page 22
53 FXS – Foreign Exchange Subscriber

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 23
Service
NameRolesInputOutput
Show Module Versioning InformationCONoneModel and firmware version information
Commission the ModuleCONoneNone
Load License Key FileCOCommandStatus output
Configure the SBC SystemCOCommand and parameterCommand response/ Status output
Configure VOIP Network, Media and SIP Settings, and Routing RulesCOCommand and parametersCommand response/ Status output
Manage UsersCOCommand and parametersCommand response/ Status output
Manage User SessionsCOCommand and parametersCommand response/ Status output
Change PasswordCOCommand and parametersCommand response/ Status output
Change Own PasswordCO, UserCommand and parametersCommand response/ Status output
Manage Certificates/KeypairsCOCommand and parametersCommand response/ Status output
Configure TLS ContextsCOCommand and parametersCommand response/ Status output
Perform On-Demand Self-TestsCOCommandCommand response/ Status output
Show StatusCO, UserCommandCommand response/ Status output
Show System Security StatusCO, UserCommandCommand response/ Status output
View SyslogCO, UserCommandCommand response/ Status output
Zeroize Keys and CSPsCOCommandCommand response/ Status output
Upgrade ImageCOCommandCommand response/ Status output
Load a .ini File and Perform Automatic UpdatesCOCommandCommand response/ Status output
Save a .ini File of the Module’s ConfigurationCOCommandCommand response/ Status output
ResetCOCommandCommand response/ Status output
Establish TLS SessionCO, UserCommandTLS session established
Establish SSH SessionCO, UserCommandSSH session established
Configure SNMPv3 UsersCOCommand and parametersCommand response/ Status output
Establish SNMPv3 SessionCOCommand and parametersSNMP session established
Establish SRTP SessionCOCommand and parametersSRTP session established
Establish SFTP SessionCOCommand and parametersSFTP session established
Restore Default ConfigurationCOCommandFactory default settings restored
Perform Manual ZeroizationN/APower cycling using power connectors, power button (Mediant 9080 SBC only) or reset pinhole button (Mediant 4000 SBC only)Status output
Perform Manual On-Demand Self- TestsN/APower cycling using power connectors, power button (Mediant 9080 SBC only) or reset pinhole button (Mediant 4000 SBC only)Status output
AuthenticateN/ACommandStatus output

4. September 26, 2024 Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods. 4.1 Authorized Roles The module supports two roles that operators may assume:

Page 24

September 26, 2024 N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 25

4.2 September 26, 2024 N/A N/A Authentication Methods Each operator has their own account with a username and password, which are used to authenticate to the module. Passwords are stored on non-volatile storage media in hashed form using SHA2-256. For SSH/SFTP, operators can also utilize RSA or ECDSA Public keys. Note that, while the module supports authentication mechanisms, no claims are being made with regards to compliance to the Level 2/3 role-based and identity-based authentication requirements since it is being certified at Level 1. 4.3 Externally Loaded Firmware The module has the capability to load firmware in the form of a complete image replacement from an external source. As such a replacement will constitute a new module, only FIPS-validated firmware may be loaded to maintain the module’s validation. Services and functions provided by the newly loaded firmware image are not performed until the pre-operational self-tests have executed successfully via a power-on reset. All firmware images are digitally signed, and a conditional self-test (using an ECDSA signature verification with P-256 curve) is performed during the reset. If the signature test fails, the new firmware image is ignored and the previous-loaded firmware image remains current. SSP zeroization takes place prior to execution of the new image. The module’s versioning information is updated to reflect the addition/update of the newly loaded firmware. 4.4 Services Descriptions of the services available to the authorized roles are provided in Table 11 below. As allowed per section 2.4.C of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global Approved mode indicator) and an implicit indication (via the successful completion of the service). Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation: Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 26
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show Module Versioning InformationShow the model and firmware version.CONoneNoneN/AN/A
Commission the ModuleCommission the module by following the Security Policy guidelinesCONoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
Load License Key FileLoad a License Key file to change or upgrade featuresCONoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
Configure the SBC SystemConfigure IP address, Web Interface and CLI, LAN and WAN settings, and date and time; save and load configuration files; save and load CLI script filesCO User (view only)NoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
Configure VOIP Network, Media and SIP Settings, and Routing RulesConfigure IP network topology, media and SIP settings, and routing rulesCO User (view only)NoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
Manage UsersCreate, edit, or delete user accounts; assign passwords and roles; import SSH public keyCOSSH Public KeySHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544)SSH Public Key – WGlobal Indicator (“FIPS mode: Enabled”)
Manage User SessionsTerminate specific user’s CLI sessionCONoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
Change PasswordModify CO or User account passwordsCONoneSHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544)N/AGlobal Indicator (“FIPS mode: Enabled”)
Change Own PasswordModify existing login passwordsCO, UserNoneSHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544)N/AGlobal Indicator (“FIPS mode: Enabled”)
Manage Certificates/K eypairsGenerate RSA/ECDSA keypairs for certificate signing requests, generate RSA private keys, load certificates and private keys via TLS/SSHCOEntropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value RSA Private Key RSA Public Key ECDSA Private Key ECDSA Public Key CA Public KeyCKG (Vendor Affirmed) Counter DRBG (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) RSA KeyGen (FIPS186-4) (Certs. A2544, A2391) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391) SHA3-256 (Cert. A2390)Entropy Input String – G/E DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E RSA Private Key – G RSA Public Key – G ECDSA Private Key – G ECDSA Public Key – G CA Public Key – WGlobal Indicator (“FIPS mode: Enabled”)
Configure TLS ContextsDefine TLS version and cipher suites for management and data TLS connectionsCONoneNoneNoneGlobal Indicator (“FIPS mode: Enabled”)
Perform On- Demand Self- TestsPerform on- demand self- testsCOFirmware Integrity Test KeyNoneFirmware Integrity Test Key – EGlobal Indicator (“FIPS mode: Enabled”)
Show StatusShow the system status, Ethernet status, alarms, user activity logs, system identification and configuration settings of the moduleCO, UserNoneNoneNoneN/A
Show System Security StatusShow the system security status: “FIPS Approved mode”CO, UserNoneNoneNoneN/A
View SyslogView event status messages in the syslogCO, UserNoneNoneNoneGlobal Indicator (“FIPS mode: Enabled”)
Zeroize Keys and CSPsZeroize keys and CSPsCOAll persistent CSPsNoneAll persistent CSPs – ZN/A
Upgrade ImageLoad new firmware imageCOImage Verification KeyECDSA SigVer (FIPS186-4) (Cert. A2544) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Cert. A2544)Image Verification Key – EGlobal Indicator (“FIPS mode: Enabled”)
Load a .ini File and Perform Automatic UpdatesLoad the module’s configuration as a .ini file and perform automatic updatesCOECDSA Private Key ECDSA Public Key RSA Private Key RSA Public Key CA Public Key SSH Private Key SSH Public Key SNMPv3 Authentication Password SNMPv3 Privacy PasswordNoneECDSA Private Key – W ECDSA Public Key – W RSA Private Key – W RSA Public Key – W CA Public Key – W SSH Private Key – W SSH Public Key – W SNMPv3 Authentication Password – W SNMPv3 Privacy Password – WGlobal Indicator (“FIPS mode: Enabled”)
Save a .ini File of the Module’s ConfigurationSave a .ini file of the module’s configurationCONoneNoneN/AGlobal Indicator (“FIPS mode: Enabled”)
ResetReset the moduleCOSSPs stored in RAMNoneSSPs stored in RAM – ZGlobal Indicator (“FIPS mode: Enabled”)
Establish TLS SessionEstablish web session using TLS protocolCO, UserEntropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key DH Peer Public Key ECDH Public Key ECDH Private Key ECDH Peer Public Key TLS Private Key TLS Public Key TLS Pre-Master Secret TLS Master Secret TLS Session Key TLS Authentication KeyAES-CBC (Certs. A2544, A2391) AES-GCM (Certs. A2544, A2391) CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) KAS-FFC-SSC SP800-56Arev3 (Cert. A2544)Entropy Input String – G/E DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R DH Private Key – G/E DH Peer Public Key – G/W/E ECDH Public Key – G/R ECDH Private Key – G/E ECDH Peer Public Key – G/W/E TLS Private Key – G/W/E TLS Public Key – G/W/R TLS Pre-Master Secret – G/R/E TLS Master Secret – G/E TLS Session Key – G/E TLS Authentication Key – G/EGlobal Indicator (“FIPS mode: Enabled”)
Establish SSH SessionEstablish remote session using SSH protocolCO, UserEntropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key ECDH Public Key ECDH Private Key SSH Private Key SSH Public Key SSH Shared Secret SSH Session Key SSH Authentication KeyAES-CBC (Certs. A2544, A2391) CKG (Vendor Affirmed) DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) (N/A) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3Entropy Input String – G DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R/E DH Private Key – G/E ECDH Public Key – G/R/E ECDH Private Key – G/E SSH Private Key – G/W/E SSH Public Key – G/W/R SSH Shared Secret – G/E SSH Session Key – G/E SSH Authentication Key – G/EGlobal Indicator (“FIPS mode: Enabled”)
Configure SNMPv3 UsersConfigure SNMPv3 usersCOSNMPv3 Authentication Password SNMPv3 Privacy Password SNMPv3 Privacy Key SNMPv3 Authentication KeyAES-CFB128 (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391)SNMPv3 Authentication Password – W/E SNMPv3 Privacy Password – W/E SNMPv3 Session Key – W/E SNMPv3 Authentication Key – W/EGlobal Indicator (“FIPS mode: Enabled”)
Establish SNMPv3 SessionEstablish non- security- related monitoring session using SNMPv3 protocolCOSNMPv3 Authentication Password SNMPv3 Privacy Password SNMPv3 Authentication Key SNMPv3 Privacy KeyAES-CFB128 (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544)SNMPv3 Authentication Password – E SNMPv3 Privacy Password – E SNMPv3 Session Key – G/E SNMPv3 Privacy Key – G/EGlobal Indicator (“FIPS mode: Enabled”)
Establish SRTP SessionEstablish session using SRTP protocolCOSRTP Master Key SRTP Session Key SRTP Authentication KeyAES-CTR (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KDF SRTP (Certs. A2389, A2392) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391)SRTP Master Key – G/W SRTP Session Key – G/E SRTP Authentication Key – G/EGlobal Indicator (“FIPS mode: Enabled”)
Establish SFTP SessionEstablish session using SFTP protocolCOEntropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key DH Peer Public Key ECDH Public Key ECDH Private Key ECDH Peer Public Key SFTP Private Key SFTP Public Key SSH Shared Secret SSH Session Key SSH Authentication KeyAES-CBC (Certs. A2544, A2391) CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) (N/A) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3 (Cert. A2544)Entropy Input String – G DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R/E DH Private Key – G/E DH Peer Public Key – G/W/E ECDH Public Key – G/R/E ECDH Private Key – G/E ECDH Peer Public Key – G/W/E SFTP Private Key – G/E SFTP Public Key – G/R SSH Shared Secret – G/E SSH Session Key – G/E SSH Authentication Key – G/EGlobal Indicator (“FIPS mode: Enabled”)
Restore Default ConfigurationRestore settings to factory defaultsCOAll persistent SSPsNoneAll persistent CSPs – ZGlobal Indicator (“FIPS mode: Enabled”)
Perform Manual ZeroizationZeroize keys and CSPsAll ephemeral keys and CSPsNoneAll ephemeral keys and CSPs – ZN/A
Perform Manual On- Demand Self- TestsPerform power-up self- tests on demandFirmware Integrity Test Key All ephemeral keys and CSPsNoneFirmware Integrity Test Key – E All ephemeral keys and CSPs – ZN/A
AuthenticateUse to log into the moduleNoneSHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391)N/AGlobal Indicator (“FIPS mode: Enabled”)
Page 27

September 26, 2024 N/A N/A N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 28

September 26, 2024 N/A N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 29

September 26, 2024 (N/A) Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 30

September 26, 2024 Establish nonsecurityrelated Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 31

September 26, 2024 (N/A) Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 32

September 26, 2024 N/A Manual OnDemand SelfTests N/A N/A *Per FIPS 140-3 Implementation Guidance 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved security The module does not provide any non-Approved services. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 33

5. September 26, 2024 Software/Firmware Security The module firmware takes the form of a single firmware image that includes multiple files (configuration files, executable files, packages, and other associated files). The image is verified using an approved integrity technique implemented within the cryptographic module itself. The module implements an ECDSA P-256 (SHA2-256) digital signature verification for the integrity test of the firmware. The approved integrity technique consists of single ECDSA signature verification; failure of the integrity check will cause the module to enter a critical error state. The CO can initiate the pre-operational tests on demand by resetting or power-cycling the module (see section

11.4.2 for details).

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 34

6. September 26, 2024 Operational Environment The module employs a limited operational environment (as it is designed to accept only controlled firmware changes that successfully pass the software/firmware load test). The module does not provide a general-purpose operating system (OS). All services provided by the module are provided by the module’s firmware and external interfaces. The module’s processor executes the firmware on the tested configurations specified in section 2.1 of this document. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 35

7. September 26, 2024 Physical Security As a multi-chip standalone hardware module, the module includes an enclosure composed of hard, productiongrade, metal components necessary to meet FIPS 140-3 level 1 physical security requirements. The module enclosure completely encloses all of its internal components, and all integrated circuits are coated with commercial standard passivation. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 36

8. September 26, 2024 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 37
Sensitive security parameter
NameStrengthSecurity FunctionGenerationStorageImport ExportKey/SSP Name/Type KeysZeroisation54
Pre-operational verification of module’s firmware image128 bitsECDSA SigVer (FIPS186-4) (Cert. A2544)Hardcoded in the module image[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskFirmware Integrity Test Key (not an SSP)Not subject to zeroization requirements
Verification of CA signatures(ECDSA) Between 128 and 256 bits (RSA) Between 112 and 150 bitsECDSA SigVer (FIPS186-4) (Cert. A2544) RSA SigVer (FIPS186-4) (Certs. A2544, A2391)[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted formCA Public Key (CSP)Soft reset/power cycle (RAM only)
Used for certificate signing requestsBetween 112 and 150 bitsRSA SigGen (FIPS186-4) (Certs. A2544, A2391)Generated internally via approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted formRSA Private Key (CSP)Soft reset/power cycle (RAM only)
Used for certificate signing requestsBetween 112 and 150 bitsRSA SigVer (FIPS186-4) (Certs. A2544, A2391)Generated internally via approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted formRSA Public Key (PSP)Soft reset/power cycle (RAM only)
Used for certificate signing requestsBetween 128 and 256 bitsECDSA SigGen (FIPS186-4) (Cert. A2544)Generated internally via approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted formECDSA Private Key (CSP)Soft reset/power cycle (RAM only)
Used for certificate signing requestsBetween 128 and 256 bitsECDSA SigVer (FIPS186-4) (Cert. A2544)Generated internally via approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted formECDSA Public Key (PSP)Soft reset/power cycle (RAM only)
Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchangeBetween 128 and 256 bitsKAS-ECC-SSC SP800-56Arev3 (Cert. A2544)Generated internally via approved DRBGPlaintext in RAMECDH Private Key (CSP)Soft reset/power cycle
Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchangeBetween 128 and 256 bitsKAS-ECC-SSC SP800-56Arev3 (Cert. A2544)Generated internally via approved DRBGPlaintext in RAMECDH Public Key (PSP)Soft reset/power cycle
Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchangeBetween 128 and 256 bitsKAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544)Plaintext in RAMImported in plaintext Never exportedECDH Peer55 Public Key (PSP)Soft reset/power cycle
Computation of DH shared secrets during TLS/SSH key exchange112 bitsKAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544)Generated internally via approved DRBGPlaintext in RAMDH Private Key (CSP)Soft reset/power cycle
Computation of DH shared secrets during TLS/SSH key exchange112 bitsKAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544)Generated internally via approved DRBGPlaintext in RAMNever imported Exported in plaintext formDH Public Key (PSP)Soft reset/power cycle
Computation of DH shared secrets during TLS/SSH key exchange112 bitsKAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544)Plaintext in RAMImported in plaintext Never exportedDH Peer Public Key (PSP)Soft reset/power cycle
Authentication during SSH session negotiation112 or 128 bitsRSA SigGen (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Never exportedSSH Private Key (CSP)Soft reset/power cycle (RAM only); zeroization command
Authentication during SSH session negotiation112 or 128 bitsRSA SigGen (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG as part of CSR or self-signed certificate generation[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Imported by CO via CLI (over serial port) in plaintext Exported in plaintext formSSH Public Key (PSP)Soft reset/power cycle (RAM only)
Encryption and decryption of SSH session packets Wrapping of keying material (when keys are part of the payload)128 and 256 bitsAES-CBC (Certs. A2544, A2391) AES-GCM (Cert. A2544) KTS (AES-GCM) (Certs. A2544, A2391) KTS (AES- CBC/HMAC) (Certs. A2544, A2391)Derived internally via SSH KDFPlaintext in RAMSSH Session Key (CSP)Soft reset/power cycle
Authentication of SSH session packets Wrapping of keying material (when keys are part of the payload)Between 160 and 384 bitsHMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544)Derived internally via SSH KDFPlaintext in RAMSSH Authentication Key (CSP)Soft reset/power cycle
Authentication during TLS session negotiationBetween 112 and 150 bitsRSA SigGen (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Imported by CO via CLI (over serial port) in plaintext form Never exportedTLS Private Key (CSP)Soft reset/power cycle (RAM only); zeroization command
Authentication during TLS session negotiationBetween 112 and 150 bitsRSA SigVer (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG as part of CSR or self-signed certificate generation[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard diskImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported via digital certificate in plaintext formTLS Public Key (PSP)Soft reset/power cycle (RAM only)
Encryption and decryption of TLS session packets Wrapping of keying material (when keys are part of the payload)128 or 256 bitsAES-CBC (Certs. A2544, A2391) AES-CCM (Cert. A2544) AES-GCM (Cert. A2544) KTS (AES-CCM) (Certs. A2544, A2391) KTS (AES-GCM) (Certs. A2544, A2391) KTS (AES- CBC/HMAC) (Certs. A2544, A2391)Derived internally using the TLS Master Secret via TLS KDFPlaintext in RAMTLS Session Key (CSP)Soft reset/power cycle
Authentication of TLS session packets Wrapping of keying material (when keys are part of the payload)Between 160 and 384 bitsHMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544) KTS (AES- CBC/HMAC) (Cert. A2544)Derived internally using the TLS Master Secret via the TLS KDFPlaintext in RAMTLS Authentication Key (CSP)Soft reset/power cycle
Encryption and decryption of SNMPv3 session packetsBetween 128 and 256 bitsAES-CFB128 (Certs. A2544, A2391)Derived internally using SNMP KDFPlaintext in RAMImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Never exportedSNMPv3 Privacy Key (CSP)Soft reset/power cycle
Authentication of SNMPv3 session packetsBetween 160 and 384 bitsHMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544)Derived internally using SNMP KDFPlaintext in RAMImported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported via TLS or SSH) in encrypted formSNMPv3 Authentication Key (CSP)Soft reset/power cycle
Encryption and decryption of SRTP session packets128 or 256 bitsAES-CTR (Certs. A2544, A2391)Derived internally using SRTP Master Key via the SRTP KDFPlaintext in RAMSRTP Session Key (CSP)Soft reset/power cycle
Authentication of SRTP session packetsBetween 160 and 384 bitsHMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544)Derived internally via SRTP KDF using SRTP Master KeyPlaintext in RAMSRTP Authentication Key (CSP)Soft reset/power cycle
Authentication during SFTP session negotiationBetween 112 and 150 bitsRSA SigGen (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext on hard diskSFTP Private Key (CSP)Soft reset/power cycle (RAM only); zeroization command
Authentication during SFTP session negotiationBetween 112 and 150 bitsRSA SigVer (FIPS186-4) (Certs. A2544, A2391)Generated internally via Approved DRBG as part of CSR or self-signed certificate generation[for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext on hard diskNever imported Exported in plaintext formSFTP Public Key (PSP)Soft reset/power cycle (RAM only)
Verification of new firmware upgrade image128 bitsECDSA SigVer (FIPS186-4) (Cert. A2544)Hardcoded in the application binary[for the 4000, 9080] Plaintext in RAM [for the 4000] Plaintext in non- volatile flash [for the 9080] Plaintext on hard diskImage Verification Key (PSP)N/A
Input to SSH KDF for derivation of the SSH Session Key and SSH Authentication KeyBetween 112 and 256 bitsKDF SSH (Certs. A2389, A2392)Computed internally by KAS-ECC-SSC and KAS-FFC- SSCPlaintext in RAMSSH Shared Secret (CSP)Soft reset/power cycle
Input to KAS- ECC-SSC/KAS- FFC-SSC for computation of the TLS Master SecretBetween 112 and 256 bitsTLS v1.2 KDF RFC 7627 (Certs. A2389, A2392) TLS v1.3 KDF (Certs. A2389, A2392)[for KAS-ECC- SSC / KAS-FFC- SSC cipher suites] Computed internally by KAS-ECC-SSC and KAS-FFC- SSCPlaintext in RAMTLS Pre- Master Secret (CSP)Soft reset/power cycle
Input to TLS KDF for derivation of the TLS Session Key and TLS Authentication Key384 bitsTLS v1.2 KDF RFC 7627 (Certs. A2389, A2392) TLS v1.3 KDF (Certs. A2389, A2392)Derived internally via TLS KDF using the TLS Pre- Master SecretPlaintext in RAMTLS Master Secret (CSP)Soft reset/power cycle
Input to SRTP KDF for derivation of the SRTP Session Key and SRTP Authentication Key128 and 256 bitsKDF SRTP (Certs. A2389, A2392)[when module is calling side] Generated internally via Approved DRBGPlaintext in RAM[when module is calling side] Never imported Exported via SIP/TLS in encrypted form [when module is answering side] Imported via SIP/TLS in encrypted form Never exportedSRTP Master Key (CSP)Soft reset/power cycle
Random number generation384 bitsCKG (Vendor Affirmed) SHA3-256 (Cert. A2390)Generated internallyPlaintext in RAMEntropy Input String (CSP)End of DRBG function, soft reset/power cycle
Random number generation384 bitsCKG (Vendor Affirmed) Counter DRBG (Cert. A2544)Generated internally using entropy input stringPlaintext in RAMDRBG Seed (CSP)Soft reset/power cycle
Random number generation256 bitsCKG (Vendor Affirmed) Counter DRBG (Cert. A2544)Generated internallyPlaintext in RAMDRBG ‘Key’ Value (CSP)Soft reset/power cycle
Random number generation128 bitsCKG (Vendor Affirmed) Counter DRBG (Cert. A2544)Generated internallyPlaintext in RAMDRBG ‘V’ Value (CSP)Soft reset/power cycle
Used to derive the SNMPv3 Authentication KeyKDF SNMP (Certs. A2389, A2392)Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non- volatile flash [for the M9080] Plaintext in non- volatile hard diskImported via Web Interface (over TLS) in encrypted form Imported via CLI (over SSH) in encrypted form Imported via CLI (over serial port) in plaintext form Imported in an INI file via Web Interface (over TLS) in encrypted form Imported in an INI file via CLI (over SSH) in encrypted form Exported in an INI file via TLS or SSH in encrypted formSNMPv3 Authenticati on Password (CSP)Soft reset/power cycle (RAM only) The CO entering an all-zero value using the Web Interface or CLI Importing a new .ini file with a zero- value SNMPv3 Authenticati on Password
Used to derive the SNMPv3 Privacy KeyKDF SNMP (Certs. A2389, A2392)Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non- volatile flash [for the M9080] Plaintext in non- volatile hard diskImported via Web Interface (over TLS) in encrypted form Imported via CLI (over SSH) in encrypted form Imported via CLI (over serial port) in plaintext form Imported in an INI file via Web Interface (over TLS) in encrypted form Imported in an INI file via CLI (over SSH) in encrypted form Exported in an INI file via TLS or SSH in encrypted formSNMPv3 Privacy Password (CSP)Soft reset/power cycle (RAM only) The CO entering an all-zero value using the Web Interface or CLI Importing a new .ini file with a zero- value SNMPv3 Privacy Password

September 26, 2024 9. Sensitive Security Parameter Management 9.1 The module supports the keys and other SSPs listed in Table 12 below. Table 12

Page 38
55 Peer refers to either a SIP User Agent or the management workstation.

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 39

September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 40

September 26, 2024 HMAC-SHA2256 HMAC-SHA2384 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 41

September 26, 2024 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2384 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 42

HMAC-SHA2256 September 26, 2024 HMAC-SHA2384 TLS PreMaster Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 43

September 26, 2024 with a zerovalue Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 44

September 26, 2024 with a zerovalue AES GCM encryption is used in the context of several secure communications protocols. The module meets the (key/IV) pair uniqueness requirements from NIST SP 800-38D as follows:

1.3 protocol.

The mechanism for IV generation falls into scenario 5 in FIPS 140-3 IG C.H and is compliant with RFC 8446. Each session employs a “per-record nonce”, a 64-bit sequence number (or IV) maintained separately for reading and writing records. Each sequence number is set to 0 at the beginning of a connection and whenever the key is changed (the first record transmitted under a particular traffic key uses sequence number 0), and the appropriate sequence number is incremented by one after reading or writing each record. Because the size of sequence numbers is 64 bits, they should not wrap. If a sequence number needs to wrap, it is the responsibility of the module operator to either rekey or terminate the connection.

Page 45
Approved algorithm
NameKey Size
DetailsMinimum NumberEntropy Sources
of Bits of Entropyof Bits of Entropy
The min-entropy (per 4 bits of data) of the tests for each device was: • M800 = 3.548147 bits • M2600 = 3.562489 bits • M4000 = 3.481019 bits • M9080 = 3.507044 bits • MP1288 = 3.667660 bits As long as there is at least one bit of entropy per four bits of raw noise data, the entropy provided by each call to CPU Jitter entropy can be considered to contain full entropy. When the DRBG requests 384 bits of entropy for seeding, the function is called four times and returns 384 bits of entropy, thus exceeding the FIPS requirement of at least 112 bits of entropy.384 bitsCPU Time Jitter Based Non-Physical TRNG

September 26, 2024 A new IV parameter is generated by the module for each AES GCM encryption. The IV consists of a 4-byte fixed field and an 8-byte invocation counter. The fixed field of the IV remains the same for the duration of the session, while the invocation counter is treated as a 64-bit integer and is incremented by one when performing an encryption of a new binary packet. If the invocation counter reaches its maximum value

264

264

the responsibility of the module operator to derive a new key and a new initial IV. The module also complies with the following RFCs:

Page 46

September 26, 2024 10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is powered up and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s):

56 KAT – Known Answer Test

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 47
57 KAT – Known Answer Test

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 48

September 26, 2024 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

Page 49
58 RADIUS – Remote Authentication Dial In User Service

Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 50
11.4.1 Default Login Password

The module provides a default login password for first-time module access for the CO only. The CO is required to change the default login password as part of the initial configuration.

11.4.2 On-Demand Self-Tests

The pre-operational self-tests are automatically performed at power-up. The CO may initiate the pre-operational self-tests by issuing the reset command over the module’s management interfaces or power-cycling the module. Using the CLI, resetting the module is accomplished by issuing the reload now command. Using the Web interface, resetting the module is accomplished from the Maintenance Actions page (Setup menu -> Administration tab -> Maintenance folder -> Maintenance Actions) and clicking the <Reset> button on the toolbar.

11.4.3 Zeroization

There are many CSPs within the module’s cryptographic boundary including symmetric keys, private keys, public keys, and login password hashes. CSPs reside in multiple storage media including RAM, non-volatile flash, and hard disk. All ephemeral keys used by the module are zeroized on reset and power cycle. Private keys and CSPs on the non-volatile flash and hard disk of the module can be zeroized by using a CLI command. The public key used for the image verification test is stored in non-volatile flash and hard disk and cannot be zeroized. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 51

September 26, 2024 Using the CLI, keys and CSPs are zeroized using the clear security-files command. Successful return from this command indicates the completion of the zeroization process. The SNMPv3 Authentication Password and SNMPv3 Privacy Password, may be zeroized by the CO entering an allzero value using the Web Interface or CLI or importing a new .ini file with a zero value. Both methods will overwrite and zeroize these CSPs. Completion of the manual entry process or of the .ini file load process indicates the completion of the zeroization process.

11.4.4 Status and Versioning Information

On the first power up, the module is, by default, in an unconfigured operational state. During initial configuration and setup, the module is explicitly set to operate in the Approved mode of operation. An authorized operator can access the module via the CLI and determine the mode of the module.

11.4.5 Additional Administrator Guidance

The list below provides additional guidance for module administrators:

Page 52

September 26, 2024 This can also be accomplished via the Software Upgrade wizard. When using the wizard, ensure that the “Use existing configuration” checkbox on the Load ini file wizard page is cleared and do not select a file to load. This will restore the module configuration back to factory default settings.

Page 53

September 26, 2024 12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Therefore, per ISO/IEC 19790:2021 section 7.12, requirements for this section are not applicable. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 54
Acronyms
NameTermDefinition
ACACAlternating Current
ACLACLAccess Control List
AESAESAdvanced Encryption Standard
ANSIANSIAmerican National Standards Institute
ASCIIASCIIAmerican Standard Code for Information Interchange
B2BUAB2BUABack-to-Back User Agent
CACACertificate Authority
CBCCBCCipher Block Chaining
CCCSCCCSCanadian Centre for Cyber Security
CFBCFBCipher Feedback
CKGCKGCryptographic Key Generation
CLICLICommand Line Interface
CMVPCMVPCryptographic Module Validation Program
COCOCrypto Officer
CPUCPUCentral Processing Unit
CSRCSRCertificate Signing Request
CTRCTRCounter
CVLCVLComponent Validation List
DCDCDirect Current
DDOSDDOSDistributed Denial-of-Service
DESDESData Encryption Standard
DOSDOSDenial-of-Service
DRBGDRBGDeterministic Random Bit Generator
DSADSADigital Signature Algorithm
DSPDSPDigital Signal Processing
DTLSDTLSDatagram Transport Layer Security
ECECElliptical Curve
ECCECCElliptical Curve Cryptography
ECC CDHECC CDHECC Cofactor Diffie Hellman
ECDSAECDSAElliptical Curve Digital Signature Algorithm
EMCEMCElectromagnetic Compatibility
EMIEMIElectromagnetic Interference
FIPSFIPSFederal Information Processing Standard
GbEGbEGigabit Ethernet
GbpsGbpsGigabits per second
GCMGCMGalois/Counter Mode
GUIGUIGraphical User Interface
HAHAHigh Availability
HDDHDDHard Disk Drive
HMACHMAC(Keyed-) Hash Message Authentication Code
HTTPSHTTPSHypertext Transfer Protocol Secure
ICEICEInteractive Connectivity Establishment
IEEEIEEEInstitute of Electrical and Electronics Engineers
iLOiLOIntegrated Lights Out
IPIPInternet Protocol
IVIVInitialization Vector
KASKASKey Agreement Scheme
KATKATKnown Answer Test
KAS ECC SSCKAS ECC SSCKey Agreement Scheme - Elliptical Curve Cryptography - Shared Secret Computation
KAS FFC SSCKAS FFC SSCKey Agreement Scheme - Finite Field Cryptography - Shared Secret Computation
KDFKDFKey Derivation Function
LEDLEDLight Emitting Diode
MACMACMessage Authentication Code
MbpsMbpsMegabits per second
MOSMOSMean Opinion Score
N/AN/ANot Applicable
NATNATNetwork Address Translation
NICNICNetwork Interface Card
NISTNISTNational Institute of Standards and Technology
NTPNTPNetwork Time Protocol
OAMPOAMPOperations, Administration, Maintenance, and Provisioning
OSOSOperating System
PBKDF2PBKDF2Password-Based Key Derivation Function 2
PBXPBXPrivate Branch Exchange
PEMPEMPrivacy Enhanced Mail
PKCSPKCSPublic-Key Cryptography Standards
PUBPUBPublication
QoEQoEQuality of Experience
QoSQoSQuality of Service
RADIUSRADIUSRemote Authentication Dial In User Service
RAMRAMRandom Access Memory
RNGRNGRandom Number Generator
RSARSARivest, Shamir, and Adleman
RTCPRTCPReal-time Transport Control Protocol
RTPRTPReal-time Transport Protocol
SASSASSerial Attached Small Computer System Interface
SBCSBCSession Border Controller
SDESSDESSession Description Protocol Security Descriptions
SDRAMSDRAMSynchronous Dynamic Random Access Memory
SFPSFPSmall Form-Factor Pluggable
SFTPSFTPSSH (or Secure) File Transfer Protocol
SHASHASecure Hash Algorithm
SHSSHSSecure Hash Standard
SIPSIPSession Initiation Protocol
SNMPSNMPSimple Network Management Protocol
SPSPSpecial Publication
SRTPSRTPSecure Real-Time Transport Protocol
SSDSSDSolid State Drive
SSHSSHSecure Shell
TCPTCPTransport Control Protocol
TDMTDMTime-Division Multiplexing
TLSTLSTransport Layer Security
UURack Unit
UDPUDPUser Datagram Protocol
U.S.U.S.United States
USBUSBUniversal Serial Bus
VGAVGAVideo Graphics Array
VLANVLANVirtual Local Area Network
VoIPVoIPVoice Over Internet Protocol

September 26, 2024 Appendix A. Acronyms and Abbreviations Table 14 provides definitions for the acronyms and abbreviations used in this document. Table 14

Page 55

N/A September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 56

U U.S. September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.

Page 57

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com

Referenced URLs