| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 12/2/2026 |
| Entropy | ENT (NP) |
| Caveat | Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy |
| Vendor | AudioCodes Ltd. |
| Hardware versions | Mediant 800 (P/N GGWC00001), Mediant 2600 (P/N GTPM00769), Mediant 4000B (P/N GTPM00894), Mediant 9080B (P/N GGWZ00047), and MediaPack 1288 (P/N GTPM01021) |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2391 |
| AES-CBC | A2544 |
| AES-CCM | A2544 |
| AES-CFB128 | A2391 |
| AES-CFB128 | A2544 |
| AES-CTR | A2391 |
| AES-CTR | A2544 |
| AES-GCM | A2544 |
| Counter DRBG | A2544 |
| DSA KeyGen (FIPS186-4) | A2544 |
| ECDSA KeyGen (FIPS186-4) | A2544 |
| ECDSA KeyVer (FIPS186-4) | A2544 |
| ECDSA SigVer (FIPS186-4) | A2544 |
| HMAC-SHA-1 | A2544 |
| HMAC-SHA2-256 | A2544 |
| HMAC-SHA2-384 | A2544 |
| KAS-ECC-SSC Sp800-56Ar3 | A2544 |
| KAS-FFC-SSC Sp800-56Ar3 | A2544 |
| KDF SNMP | A2389 |
| KDF SNMP | A2392 |
| KDF SRTP | A2389 |
| KDF SRTP | A2392 |
| KDF SSH | A2389 |
| KDF SSH | A2392 |
| RSA KeyGen (FIPS186-4) | A2544 |
| RSA SigGen (FIPS186-4) | A2391 |
| RSA SigGen (FIPS186-4) | A2544 |
| RSA SigVer (FIPS186-4) | A2391 |
| RSA SigVer (FIPS186-4) | A2544 |
| Safe Primes Key Generation | A2544 |
| Safe Primes Key Verification | A2544 |
| SHA-1 | A2391 |
| SHA-1 | A2544 |
| SHA2-224 | A2544 |
| SHA2-256 | A2391 |
| SHA2-256 | A2544 |
| SHA2-384 | A2544 |
| SHA2-512 | A2544 |
| SHA3-256 | A2390 |
| TLS v1.2 KDF RFC7627 | A2389 |
| TLS v1.2 KDF RFC7627 | A2392 |
| TLS v1.3 KDF | A2389 |
| TLS v1.3 KDF | A2392 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | 1 |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>7.6</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Upgrade Image<br/>Load License Key File</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Load License Key File<br/>Configure the SBC System<br/>Configure VOIP Network, Media and SIP Settings,…</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>RS-232 Serial Port<br/>USB<br/>RS-232 Serial Port (Micro-USB)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>7.6</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Upgrade Image<br/>Load License Key File</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Load License Key File<br/>Configure the SBC System<br/>Configure VOIP Network, Media and SIP Settings,…</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>RS-232 Serial Port<br/>USB<br/>RS-232 Serial Port (Micro-USB)</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;AudioCodes Ltd. Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway Hardware Models: Mediant 800 (P/N GGWC00001), Mediant 2600 (P/N GTPM00769), Mediant 4000B (P/N GTPM00894), Mediant 9080B (P/N GGWZ00047), and MediaPack 1288 (P/N GTPM01021) Firmware Version: 7.6 FIPS Security Level: 1 Document Version: 0.8 Prepared for: Prepared by: AudioCodes Ltd.
Airport City, Lod 70151 Israel Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +972 3 976 4000 www.audiocodes.com Phone: +1 703 267 6050 www.corsec.com
September 26, 2024 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway (firmware version: 7.6) from AudioCodes Ltd. (AudioCodes). This Security Policy describes how the Mediant SBCs and Media Gateways meet the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in an Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Mediant SBCs and Media Gateways are referred to in this document collectively as the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:
September 26, 2024 Table of Contents 1. 2. 2.1 2.2 2.3 2.4 3. 4. 4.1 4.2 4.3 4.4 5. 6. 7. 8. 9. 9.1 9.2
Appendix A. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 List of Tables List of Figures Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
1. September 26, 2024 General AudioCodes Ltd. (hereafter referred to as AudioCodes) is a leading vendor of advanced networking and media processing solutions for the digital workplace. The AudioCodes Mediant family of Session Border Controllers (SBCs) and Media Gateways (GWs) offer a line of versatile IP1 communications platforms that connect VoIP2 and TDM3 networks, built on years of carrier-grade VoIP deployments and expertise. AudioCodes’s SBCs and Media Gateway provide the interoperability, security and quality assurance that service providers need to connect their enterprise and residential customers reliably and securely to SIP4 trunk and hosted telephony services. The Mediant SBCs and Media Gateways form an effective demarcation point between a business’s VoIP network and the service provider’s SIP trunk, performing SIP protocol mediation and media handling (interoperability), and securing the enterprise VoIP network. They can function as a peering SBC, access SBC, or enterprise SBC.
TDM
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 Figure 3
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 transcoding, a flexible and intuitive SIP routing engine, and an integrated WebRTC gateway. Some of the network and security features provided by the SBCs include:
SDES
ICE
HTTPS
OAMP
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | 1 |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-Cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
September 26, 2024 • Web-based Graphical User Interface (GUI) called the Web Interface, which is accessible remotely via HTTPS over Ethernet management ports. • SNMPv3 operations, which are used for remote configuration and obtaining information about the module’s state and statistics. • INI Configuration file, which is a text-based file with .ini file extension containing configuration settings. This file may be loaded to the SBC using SNMPv3 or by using the CLI (over SSH) or Web Interface for automatic configuration/commissioning. These management interfaces provide authorized operators access to the module for configuration and management of all facets of the module’s operation, including system configuration, troubleshooting, security, and service provisioning. Using any of the management interfaces, an operator is able to monitor, configure, control, receive report events, and retrieve logs from the modules. To support TLS and SSH, the following types of RSA certificates may be imported to the module using the module’s Web Interface (over TLS) or CLI (over SSH): • X.509 certificate file – plaintext base64 encoded PEM29 format. These files contain public keys only, while the matching private key is contained in the associated RSA private key file. • RSA private key file – plaintext base64 encoded PEM format. These files contain the private key associated with the RSA public key in the X.509 certificate file. • Root certificate file (CA Public keys) – chains of X.509 certificates in plaintext base64 encoded PEM format. These are used to validate peer certificates and serve as a possible chain used for self-signed certificates to be sent to the peer. The Root certificate file contains public keys only; they do not contain the associated private keys. The module generates RSA keypairs and Certificate Signing Requests (CSRs). The CSR is signed with the module’s private key and then sent to a CA. The CA then signs the certificate and sends it back, where it is then installed for use. The module also generates self-signed certificates corresponding to the internally generated RSA keypairs. The module provides the option to import certain CSPs by loading a text-based file with a *.ini file extension (INI file) in encrypted form using the module’s Web Interface (over TLS) or CLI (over SSH). The module also supports an Automated Update mechanism whereby an INI file is downloaded from a server over HTTPS. The CSPs that may be imported through an INI file are indicated as such in Table
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 [Number Below] N/A N/A The module has an overall security level of 1. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| Mediant 800 | Mediant 800 | GGWC00001 | 7.6 | • CPU: Cavium OCTEON PLUS CN50XX • LAN Interfaces: 4 GE or 4 GE + 8 FE interfaces configured in 1+1 redundancy or as individual ports |
| Mediant 2600 | Mediant 2600 | GTPM00769 | 7.6 | • CPU: Cavium OCTEON II CN66XX • LAN Interfaces: 8 x 100/1000 Base-T Ethernet ports • Power: Dual AC power supplies |
| Mediant 4000B | Mediant 4000B | GTPM00894 | 7.6 | • CPU: Cavium OCTEON II CN66XX • LAN Interfaces: 8 x 100/1000 Base-T Ethernet ports • Power: Dual AC power supplies |
| Mediant 9080B | Mediant 9080B | GGWZ00047 | 7.6 | • CPU: Intel Xeon Gold 6226R • LAN Interfaces: 1Gb/10Gb Ethernet ports |
| MediaPack 1288 | MediaPack 1288 | GTPM01021 | 7.6 | • CPU: Cavium OCTEON PLUS CN50XX • LAN Interfaces; Dual Redundant 10/100/1000 Base-T Ethernet ports |
| Name | Security Function | Use | Version |
|---|---|---|---|
| AudioCodes Mediant Session Border Controller KDF Library | A2389 | Provides implementations for TLS, SNMP, SRTP, and SSH key derivation functions | 7.6 |
| AudioCodes Mediant Session Border Controller Entropy Library | A2390 | Provides SHA3 for entropy generation | 7.6 |
| AudioCodes Mediant Session Border Controller Cryptographic Accelerator Module | A2391 | Provides hardware-accelerated | 7.6 |
| AudioCodes Mediant Session Border Controller Cryptographic Accelerator KDF | A2392 | Provides hardware-accelerated implementations for TLS, SNMP, SRTP, and SSH key derivation functions | 7.6 |
| AudioCodes Mediant Session Border Controller Cryptographic Library | A2544 | Provides implementations for general-purpose cryptographic primitives | 7.6 |
2. September 26, 2024 The Mediant SBCs and Media Gateways represent a hardware module with a multi-chip standalone embodiment. The sections below describe the operational environments, algorithm implementations, module boundary, and modes of operation. 2.1 Operational Environments Table 2 below lists the module configuration(s) used for validation testing. Table 2
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| KDF31 SNMP CVL32 SP 800-135rev1 | A2389 | SNMP KDF | Password Length: 64-800 Increment 8 | Key Derivation No part of the SNMP protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| KDF SRTP CVL SP 800-135rev1 | A2389 | SRTP KDF | 128, 256 | Key Derivation No part of the SRTP protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| KDF SSH CVL SP 800-135rev1 | A2389 | SSH KDF | AES-128 (SHA-1, SHA2- 256) | Key Derivation No part of the SSH protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| TLS v1.2 KDF RFC33 7627 CVL SP 800-135rev1 RFC 7627 | A2389 | TLS34 v1.2 KDF | SHA2-256, SHA2-384, SHA2-512 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| TLS v1.3 KDF CVL SP 800-135rev1 RFC 8446 | A2389 | TLS v1.3 KDF | SHA2-256, SHA2-384 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| SHA3-256 FIPS PUB 202 | A2390 | SHA3-256 | Message Length: 0-65528 Increment 8 | Conditioning function for entropy |
| AES35-CBC36 FIPS PUB 197 NIST SP 800-38A | A2391 | CBC | 128, 256 | Encryption/Decryption |
| AES-CFB12837 FIPS PUB 197 NIST SP 800-38A | A2391 | CFB128 | 128, 192, 256 | Encryption/Decryption |
| AES-CTR38 FIPS PUB 197 NIST SP 800-38A | A2391 | CTR | 128, 256 | Encryption/Decryption |
| RSA SigGen (FIPS186-4) FIPS PUB 186-4 | A2391 | PKCS#1 v1.5 | 2048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Generation |
| RSA SigVer (FIPS186-4) FIPS PUB 186-4 | A2391 | PKCS#1 v1.5 | 1024, 2048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Verification |
| SHA-1 FIPS PUB 180-4 | A2391 | SHA-1 | Message Length: 0-65528 Increment 8 | Message Digest |
| SHA2-256 FIPS PUB 180-4 | A2391 | SHA2-256 | Message Length: 0-65528 Increment 8 | Message Digest |
| KDF SNMP CVL SP 800-135rev1 | A2392 | SNMP KDF | Password Length: 64-800 Increment 8 | Key Derivation No part of the SNMP protocol, other than the KDFs, have been tested by the CAVP and CMVP. |
| KDF SRTP CVL SP 800-135rev1 | A2392 | SRTP KDF | 128, 256 | Key Derivation No part of the SRTP protocol, other than the KDFs, have been tested by the CAVP and CMVP. |
| KDF SSH CVL SP 800-135rev1 | A2392 | SSH KDF | AES-128 (SHA-1, SHA2- 256) | Key Derivation No part of the SSH protocol, other than the KDFs, have been tested by the CAVP and CMVP. |
| TLS v1.2 KDF RFC 7627 CVL SP 800-135rev1 RFC 7627 | A2392 | TLS v1.2 KDF | SHA2-256, SHA2-384, SHA2-512 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| TLS v1.3 KDF CVL SP 800-135rev1 RFC 8446 | A2392 | TLS v1.3 KDF | SHA2-256, SHA2-384 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| AES-CBC FIPS PUB 197 NIST SP 800-38A | A2544 | CBC | 128, 256 | Encryption/Decryption |
| AES-CCM39 NIST SP 800-38C | A2544 | CCM | 128, 256 | Encryption/Decryption |
| AES-CFB128 FIPS PUB 197 NIST SP 800-38A | A2544 | CFB128 | 128, 192, 256 | Encryption/Decryption |
| AES-CTR FIPS PUB 197 NIST SP 800-38A | A2544 | CTR | 128, 256 | Encryption/Decryption |
| AES-GCM40 NIST SP 800- 38D | A2544 | GCM | 128, 256 | Encryption/Decryption |
| Counter DRBG41 NIST SP 800-90Arev1 | A2544 | Counter-based | 256-bit AES-CTR | Deterministic random bit generation |
| DSA42 KeyGen (FIPS186-4) FIPS PUB 186-4 | A2544 | DSA KeyGen | 2048/256 | Key Pair Generation |
| ECDSA43 KeyGen (FIPS186-4) FIPS PUB 186-4 | A2544 | ECDSA KeyGen | P-224, P-256, P-384, P-521 Secrets generation mode: Testing candidates | Key Pair Generation |
| ECDSA KeyVer (FIPS186-4) FIPS PUB 186-4 | A2544 | ECDSA KeyVer | P-224, P-256, P-384, P-521 | Public Key Verification |
| ECDSA SigVer (FIPS186-4) FIPS PUB 186-4 | A2544 | ECDSA SigVer | P-256 (SHA2-256) | Digital Signature Verification |
| HMAC-SHA-1 FIPS PUB 198-1 | A2544 | SHA-1 | MAC: 32, 80, 160 Key Length: 160 | Message Authentication The module also supports HMAC SHA-1-32 and HMAC SHA-1-80. |
| HMAC-SHA2-256 FIPS PUB 198-1 | A2544 | SHA2-256 | MAC: 256 Key Length: 256 | Message Authentication |
| HMAC-SHA2-384 FIPS PUB 198-1 | A2544 | SHA2-384 | MAC: 384 Key Length: 384 | Message Authentication |
| KAS-ECC-SSC44 SP800-56Arev3 NIST SP 800-56Arev3 | A2544 | ephemeralUnified | P-224, P-256, P-384, P-521 | Shared Secret Computation |
| KAS-FFC-SSC45 SP800-56Arev3 NIST SP 800-56Arev3 | A2544 | dhEphem | FC (2048/256), ffdhe2048, ffdhe3072, MODP-2048 | Shared Secret Computation |
| RSA46 KeyGen (FIPS186-4) FIPS PUB 186-4 | A2544 | RSA KeyGen | Key generation mode: B.3.3 2048, 3072, 4096 | Key Pair Generation |
| RSA SigGen (FIPS186-4) FIPS PUB 186-4 | A2544 | PKCS#1 v1.5 | 2048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Generation |
| RSA SigVer (FIPS186-4) FIPS PUB 186-4 | A2544 | PKCS#1 v1.5 | 1024, 2048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Verification |
| Safe Primes Key Generation NIST SP 800-56Arev3, Appendix D | A2544 | Safe Primes Key Generation | ffdhe2048, fdhe3072, | Key Generation |
| Safe Primes Key Verification NIST SP 800-56Arev3, Appendix D | A2544 | Safe Primes Key Verification | ffdhe2048, fdhe3072, | Key Verification |
| SHA-1 FIPS PUB 180-4 | A2544 | SHA | SHA-1 | Message Digest |
| SHA2-224 FIPS PUB 180-4 | A2544 | SHA2 | SHA2-224 | Message Digest |
| SHA2-256 FIPS PUB 180-4 | A2544 | SHA2 | SHA2-256 | Message Digest |
| SHA2-384 FIPS PUB 180-4 | A2544 | SHA2 | SHA2-384 | Message Digest |
| SHA2-512 FIPS PUB 180-4 | A2544 | SHA2 | SHA2-512 | Message digest |
| KTS NIST SP 800-38F | AES-CBC A2391 HMAC A2544 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strength | Key Wrap/Unwrap (Encryption with message authentication) AES-CBC with HMAC (SHA- 1, SHA2-256, SHA2-384) |
| KTS NIST SP 800-38F | AES-CBC A2544 HMAC A2544 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strength | Key Wrap/Unwrap (Encryption with message authentication) AES-CBC with HMAC (SHA- 1, SHA2-256, SHA2-384) |
| KTS47 NIST SP 800-38F | AES-CCM A2544 | SP 800-38C and SP 800- 38F. KTS (key wrapping and unwrapping) per IG D.G. | 128 and 256-bit keys providing 128 or 256 bits of encryption strength | Key Wrap/Unwrap (Authenticated Encryption) |
| KTS NIST SP 800-38F | AES-CFB128 A2391 HMAC A2544 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strength | Key Wrap/Unwrap (Encryption with message authentication) AES- CFB128 with HMAC (SHA-1, SHA2-256, SHA2- 384) |
| KTS NIST SP 800-38F | AES-CFB128 A2544 HMAC A2544 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys providing between 128 and 256 bits of encryption strength | Key Wrap/Unwrap (Encryption with message authentication) AES-CFB128 with HMAC (SHA-1, SHA2-256, SHA2- 384) |
| KTS NIST SP 800-38F | AES-GCM A2544 | SP 800-38D and SP 800- 38F. KTS (key wrapping and unwrapping) per IG D.G. | 128 and 256-bit keys providing 128 or 256 bits of encryption strength | Key Wrap/Unwrap (Authenticated Encryption) |
| KAS48 NIST SP 800-56Arev3 NIST SP 800-135rev1 | KAS-ECC-SSC A2544 KDF SSH A2389 A2392 | SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength. | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 7627 | KAS-ECC-SSC A2544 TLS v1.2 KDF RFC 7627 A2389 A2392 | SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength. | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446 | KAS-ECC-SSC A2544 TLS v1.3 KDF A2389 A2392 | SP 800-56Arev3. KAS- ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing between 112 and 256 bits of encryption strength. | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 | KAS-FFC-SSC A2544 KDF SSH A2389 A2392 | SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2). | 2048-bit key providing 112 bits of encryption strength. | Key agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 7627 | KAS-FFC-SSC A2544 TLS v1.2 KDF RFC 7627 A2389 A2392 | SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2). | 2048-bit key providing 112 bits of encryption strength. | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446 | KAS-FFC-SSC A2544 TLS v1.3 KDF A2389 A2392 | SP 800-56Arev3. KAS- FFC per IG D.F Scenario 2 path (2). | 2048-bit key providing 112 bits of encryption strength. | Key Agreement |
| ENT (NP) NIST SP 800-90B | N/A | Entropy input for DRBG | ||
| CKG49 NIST SP 800-133rev2 | Vendor Affirmed | Cryptographic Key Generation |
September 26, 2024 7.6 7.6 *The Crypto Accelerator and KDF Accelerator implementations are provided by the Cavium chip; they are not available on the Intelbased M9080. Validation certificates for each Approved security function are listed in Table 4. The module also includes implementations that are used solely to support self-tests; only the implementations in the table below are used by the module during operation. Table 4
30 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.
RFC
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
44 KAS-ECC-SSC
KAS-FFC-SSC
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
D.G. D.G. September 26, 2024 D.G. D.G. D.G. D.G. KTS
September 26, 2024 N/A The vendor affirms the following cryptographic security methods:
| Name | Use Function | Use / Function |
|---|---|---|
| RSA SigVer (FIPS 186-4) | Only allowed for non-security relevant use of unclaimed authentication mechanism with SSH and SFTP per IG 2.4.A, Scenario 2 | Non-legacy use of RSA Signature Verification: 1024 ≤ len(n) < 2048 (provides < 112 bits of security strength) |
September 26, 2024 Table 5
SAS
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| LEDs | LEDs | • Status output | Operational/system status information Refer to Mediant 800 Hardware Installation Manual |
| Telephony port interfaces | Telephony port interfaces | • Data input • Data output | Telephony traffic |
| Ethernet Ports (10/100/1000Base-T GbE) QTY: 12 | Ethernet Ports (10/100/1000Base-T GbE) QTY: 12 | • Data input • Data output • Control input • Status output | Management traffic; media and signaling traffic; operational/system status information; HA configuration |
| RS-232 Serial Port | RS-232 Serial Port | • Data input • Data output • Control input • Status output | Management traffic via CLI |
| Reset Pinhole Button | Reset Pinhole Button | Control Input | Button used to reset the module |
| USB | USB | N/A | Unused |
| LEDs | LEDs | • Status output | Operational/system status information Refer to Mediant 800 Hardware Installation Manual |
| Ethernet Ports (1000Base-T GbE) QTY: 8 | Ethernet Ports (1000Base-T GbE) QTY: 8 | • Data input • Data output • Control input • Status output | Data ports for management; media and signaling traffic; HA configuration |
| RS-232 Serial Port (Micro-USB) | RS-232 Serial Port (Micro-USB) | • Data input • Data output • Control input • Status output | Serial communication via the CLI |
| Reset Pinhole Button | Reset Pinhole Button | • Control input | N/A |
| LEDs | LEDs | • Status output | Operational/system status information Refer to Mediant 800 Hardware Installation Manual |
| USB 2.0 Port | USB 2.0 Port | • Data input • Control input | CLI management traffic (via USB-enabled keyboard) |
| USB 3.0 Port | USB 3.0 Port | • Data input • Control input | CLI management traffic (via USB-enabled keyboard) |
| Display Port | Display Port | • Data input • Status output | Analog video output port |
| iLO Service Port | iLO Service Port | N/A | Used for field service only |
| Slot 1: Quad 1-GbE copper ports QTY: 4 | Slot 1: Quad 1-GbE copper ports QTY: 4 | • Data input • Data output • Control input • Status output | Management traffic; media and signaling traffic |
| Slot 2: Quad 10-GbE SFP+ ports QTY: 4 | Slot 2: Quad 10-GbE SFP+ ports QTY: 4 | • Data input • Data output • Control input • Status output | Management traffic; media and signaling traffic |
| Slot 3 | Slot 3 | N/A | Unused slot |
| NIC Ports Unused (dust covered) | NIC Ports Unused (dust covered) | N/A | Unused NIC ports |
| Video (VGA) Port | Video (VGA) Port | • Data output • Status output | Analog video output |
| iLO Management Port | iLO Management Port | N/A | Used for field service only |
| Serial Port | Serial Port | • Data input • Data output • Control input • Status output | CLI management traffic (via serial-enabled input device) |
| USB 3.0 ports QTY: 2 | USB 3.0 ports QTY: 2 | • Data input • Control input | CLI management traffic (via USB-enabled keyboard) |
| 1 GbE copper ports | 1 GbE copper ports | • Data input • Data output • Control input • Status output | Management traffic; media and signaling traffic |
| 1 GbE copper ports QTY: 3 | 1 GbE copper ports QTY: 3 | • Data input • Data output | Media and signaling traffic |
| LEDs | LEDs | • Status output | Operational/system status information |
| Ethernet Ports (100/1000Base-T GbE) QTY: 2 | Ethernet Ports (100/1000Base-T GbE) QTY: 2 | • Data input • Data output • Control input • Status output | Management traffic; media and signaling traffic; operational/system status information; HA configuration |
| RS-232 Serial Port | RS-232 Serial Port | • Data input • Data output • Control input • Status output | CLI management traffic (via serial-enabled input device) |
| FXS53 Port Interfaces QTY: 72 | FXS53 Port Interfaces QTY: 72 | • Data input • Data output | Analog voice data; FXS data traffic |
| Reset Pinhole Button | Reset Pinhole Button | • Control input | N/A |
| USB | USB | N/A (unused) | N/A (unused) |
| Power Input | Power Input | • Power | N/A |
September 26, 2024 N/A The Mediant 2600 and Mediant 4000B include the physical ports and interfaces shown in Figure 8 and Figure
September 26, 2024 Figure 11
September 26, 2024
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Module Versioning Information | CO | None | Model and firmware version information |
| Commission the Module | CO | None | None |
| Load License Key File | CO | Command | Status output |
| Configure the SBC System | CO | Command and parameter | Command response/ Status output |
| Configure VOIP Network, Media and SIP Settings, and Routing Rules | CO | Command and parameters | Command response/ Status output |
| Manage Users | CO | Command and parameters | Command response/ Status output |
| Manage User Sessions | CO | Command and parameters | Command response/ Status output |
| Change Password | CO | Command and parameters | Command response/ Status output |
| Change Own Password | CO, User | Command and parameters | Command response/ Status output |
| Manage Certificates/Keypairs | CO | Command and parameters | Command response/ Status output |
| Configure TLS Contexts | CO | Command and parameters | Command response/ Status output |
| Perform On-Demand Self-Tests | CO | Command | Command response/ Status output |
| Show Status | CO, User | Command | Command response/ Status output |
| Show System Security Status | CO, User | Command | Command response/ Status output |
| View Syslog | CO, User | Command | Command response/ Status output |
| Zeroize Keys and CSPs | CO | Command | Command response/ Status output |
| Upgrade Image | CO | Command | Command response/ Status output |
| Load a .ini File and Perform Automatic Updates | CO | Command | Command response/ Status output |
| Save a .ini File of the Module’s Configuration | CO | Command | Command response/ Status output |
| Reset | CO | Command | Command response/ Status output |
| Establish TLS Session | CO, User | Command | TLS session established |
| Establish SSH Session | CO, User | Command | SSH session established |
| Configure SNMPv3 Users | CO | Command and parameters | Command response/ Status output |
| Establish SNMPv3 Session | CO | Command and parameters | SNMP session established |
| Establish SRTP Session | CO | Command and parameters | SRTP session established |
| Establish SFTP Session | CO | Command and parameters | SFTP session established |
| Restore Default Configuration | CO | Command | Factory default settings restored |
| Perform Manual Zeroization | N/A | Power cycling using power connectors, power button (Mediant 9080 SBC only) or reset pinhole button (Mediant 4000 SBC only) | Status output |
| Perform Manual On-Demand Self- Tests | N/A | Power cycling using power connectors, power button (Mediant 9080 SBC only) or reset pinhole button (Mediant 4000 SBC only) | Status output |
| Authenticate | N/A | Command | Status output |
4. September 26, 2024 Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods. 4.1 Authorized Roles The module supports two roles that operators may assume:
September 26, 2024 N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
4.2 September 26, 2024 N/A N/A Authentication Methods Each operator has their own account with a username and password, which are used to authenticate to the module. Passwords are stored on non-volatile storage media in hashed form using SHA2-256. For SSH/SFTP, operators can also utilize RSA or ECDSA Public keys. Note that, while the module supports authentication mechanisms, no claims are being made with regards to compliance to the Level 2/3 role-based and identity-based authentication requirements since it is being certified at Level 1. 4.3 Externally Loaded Firmware The module has the capability to load firmware in the form of a complete image replacement from an external source. As such a replacement will constitute a new module, only FIPS-validated firmware may be loaded to maintain the module’s validation. Services and functions provided by the newly loaded firmware image are not performed until the pre-operational self-tests have executed successfully via a power-on reset. All firmware images are digitally signed, and a conditional self-test (using an ECDSA signature verification with P-256 curve) is performed during the reset. If the signature test fails, the new firmware image is ignored and the previous-loaded firmware image remains current. SSP zeroization takes place prior to execution of the new image. The module’s versioning information is updated to reflect the addition/update of the newly loaded firmware. 4.4 Services Descriptions of the services available to the authorized roles are provided in Table 11 below. As allowed per section 2.4.C of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global Approved mode indicator) and an implicit indication (via the successful completion of the service). Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation: Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Show Module Versioning Information | Show the model and firmware version. | CO | None | None | N/A | N/A |
| Commission the Module | Commission the module by following the Security Policy guidelines | CO | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Load License Key File | Load a License Key file to change or upgrade features | CO | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Configure the SBC System | Configure IP address, Web Interface and CLI, LAN and WAN settings, and date and time; save and load configuration files; save and load CLI script files | CO User (view only) | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Configure VOIP Network, Media and SIP Settings, and Routing Rules | Configure IP network topology, media and SIP settings, and routing rules | CO User (view only) | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Manage Users | Create, edit, or delete user accounts; assign passwords and roles; import SSH public key | CO | SSH Public Key | SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544) | SSH Public Key – W | Global Indicator (“FIPS mode: Enabled”) |
| Manage User Sessions | Terminate specific user’s CLI session | CO | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Change Password | Modify CO or User account passwords | CO | None | SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544) | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Change Own Password | Modify existing login passwords | CO, User | None | SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544) | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Manage Certificates/K eypairs | Generate RSA/ECDSA keypairs for certificate signing requests, generate RSA private keys, load certificates and private keys via TLS/SSH | CO | Entropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value RSA Private Key RSA Public Key ECDSA Private Key ECDSA Public Key CA Public Key | CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) RSA KeyGen (FIPS186-4) (Certs. A2544, A2391) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391) SHA3-256 (Cert. A2390) | Entropy Input String – G/E DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E RSA Private Key – G RSA Public Key – G ECDSA Private Key – G ECDSA Public Key – G CA Public Key – W | Global Indicator (“FIPS mode: Enabled”) |
| Configure TLS Contexts | Define TLS version and cipher suites for management and data TLS connections | CO | None | None | None | Global Indicator (“FIPS mode: Enabled”) |
| Perform On- Demand Self- Tests | Perform on- demand self- tests | CO | Firmware Integrity Test Key | None | Firmware Integrity Test Key – E | Global Indicator (“FIPS mode: Enabled”) |
| Show Status | Show the system status, Ethernet status, alarms, user activity logs, system identification and configuration settings of the module | CO, User | None | None | None | N/A |
| Show System Security Status | Show the system security status: “FIPS Approved mode” | CO, User | None | None | None | N/A |
| View Syslog | View event status messages in the syslog | CO, User | None | None | None | Global Indicator (“FIPS mode: Enabled”) |
| Zeroize Keys and CSPs | Zeroize keys and CSPs | CO | All persistent CSPs | None | All persistent CSPs – Z | N/A |
| Upgrade Image | Load new firmware image | CO | Image Verification Key | ECDSA SigVer (FIPS186-4) (Cert. A2544) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Cert. A2544) | Image Verification Key – E | Global Indicator (“FIPS mode: Enabled”) |
| Load a .ini File and Perform Automatic Updates | Load the module’s configuration as a .ini file and perform automatic updates | CO | ECDSA Private Key ECDSA Public Key RSA Private Key RSA Public Key CA Public Key SSH Private Key SSH Public Key SNMPv3 Authentication Password SNMPv3 Privacy Password | None | ECDSA Private Key – W ECDSA Public Key – W RSA Private Key – W RSA Public Key – W CA Public Key – W SSH Private Key – W SSH Public Key – W SNMPv3 Authentication Password – W SNMPv3 Privacy Password – W | Global Indicator (“FIPS mode: Enabled”) |
| Save a .ini File of the Module’s Configuration | Save a .ini file of the module’s configuration | CO | None | None | N/A | Global Indicator (“FIPS mode: Enabled”) |
| Reset | Reset the module | CO | SSPs stored in RAM | None | SSPs stored in RAM – Z | Global Indicator (“FIPS mode: Enabled”) |
| Establish TLS Session | Establish web session using TLS protocol | CO, User | Entropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key DH Peer Public Key ECDH Public Key ECDH Private Key ECDH Peer Public Key TLS Private Key TLS Public Key TLS Pre-Master Secret TLS Master Secret TLS Session Key TLS Authentication Key | AES-CBC (Certs. A2544, A2391) AES-GCM (Certs. A2544, A2391) CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) | Entropy Input String – G/E DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R DH Private Key – G/E DH Peer Public Key – G/W/E ECDH Public Key – G/R ECDH Private Key – G/E ECDH Peer Public Key – G/W/E TLS Private Key – G/W/E TLS Public Key – G/W/R TLS Pre-Master Secret – G/R/E TLS Master Secret – G/E TLS Session Key – G/E TLS Authentication Key – G/E | Global Indicator (“FIPS mode: Enabled”) |
| Establish SSH Session | Establish remote session using SSH protocol | CO, User | Entropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key ECDH Public Key ECDH Private Key SSH Private Key SSH Public Key SSH Shared Secret SSH Session Key SSH Authentication Key | AES-CBC (Certs. A2544, A2391) CKG (Vendor Affirmed) DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) (N/A) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3 | Entropy Input String – G DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R/E DH Private Key – G/E ECDH Public Key – G/R/E ECDH Private Key – G/E SSH Private Key – G/W/E SSH Public Key – G/W/R SSH Shared Secret – G/E SSH Session Key – G/E SSH Authentication Key – G/E | Global Indicator (“FIPS mode: Enabled”) |
| Configure SNMPv3 Users | Configure SNMPv3 users | CO | SNMPv3 Authentication Password SNMPv3 Privacy Password SNMPv3 Privacy Key SNMPv3 Authentication Key | AES-CFB128 (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391) | SNMPv3 Authentication Password – W/E SNMPv3 Privacy Password – W/E SNMPv3 Session Key – W/E SNMPv3 Authentication Key – W/E | Global Indicator (“FIPS mode: Enabled”) |
| Establish SNMPv3 Session | Establish non- security- related monitoring session using SNMPv3 protocol | CO | SNMPv3 Authentication Password SNMPv3 Privacy Password SNMPv3 Authentication Key SNMPv3 Privacy Key | AES-CFB128 (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) | SNMPv3 Authentication Password – E SNMPv3 Privacy Password – E SNMPv3 Session Key – G/E SNMPv3 Privacy Key – G/E | Global Indicator (“FIPS mode: Enabled”) |
| Establish SRTP Session | Establish session using SRTP protocol | CO | SRTP Master Key SRTP Session Key SRTP Authentication Key | AES-CTR (Certs. A2544, A2391) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KDF SRTP (Certs. A2389, A2392) SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391) | SRTP Master Key – G/W SRTP Session Key – G/E SRTP Authentication Key – G/E | Global Indicator (“FIPS mode: Enabled”) |
| Establish SFTP Session | Establish session using SFTP protocol | CO | Entropy Input String DRBG Seed DRBG ‘Key’ Value DRBG ‘V’ Value DH Public Key DH Private Key DH Peer Public Key ECDH Public Key ECDH Private Key ECDH Peer Public Key SFTP Private Key SFTP Public Key SSH Shared Secret SSH Session Key SSH Authentication Key | AES-CBC (Certs. A2544, A2391) CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) DSA KeyGen (FIPS186-4) (Cert. A2544) ECDSA KeyGen (FIPS186-4) (Cert. A2544) ENT (NP) (N/A) HMAC-SHA-1 (Cert. A2544) HMAC-SHA2-256 (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) KAS (Certs. A2544, A2389, A2392) KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) | Entropy Input String – G DRBG Seed – G/E DRBG ‘Key’ Value – G/E DRBG ‘V’ Value – G/E DH Public Key – G/R/E DH Private Key – G/E DH Peer Public Key – G/W/E ECDH Public Key – G/R/E ECDH Private Key – G/E ECDH Peer Public Key – G/W/E SFTP Private Key – G/E SFTP Public Key – G/R SSH Shared Secret – G/E SSH Session Key – G/E SSH Authentication Key – G/E | Global Indicator (“FIPS mode: Enabled”) |
| Restore Default Configuration | Restore settings to factory defaults | CO | All persistent SSPs | None | All persistent CSPs – Z | Global Indicator (“FIPS mode: Enabled”) |
| Perform Manual Zeroization | Zeroize keys and CSPs | All ephemeral keys and CSPs | None | All ephemeral keys and CSPs – Z | N/A | |
| Perform Manual On- Demand Self- Tests | Perform power-up self- tests on demand | Firmware Integrity Test Key All ephemeral keys and CSPs | None | Firmware Integrity Test Key – E All ephemeral keys and CSPs – Z | N/A | |
| Authenticate | Use to log into the module | None | SHA-1 (Certs. A2544, A2391) SHA2-256 (Certs. A2544, A2391) SHA2-384 (Certs. A2544, A2391) | N/A | Global Indicator (“FIPS mode: Enabled”) |
September 26, 2024 N/A N/A N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 N/A N/A Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 (N/A) Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 Establish nonsecurityrelated Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 (N/A) Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 N/A Manual OnDemand SelfTests N/A N/A *Per FIPS 140-3 Implementation Guidance 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved security The module does not provide any non-Approved services. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
5. September 26, 2024 Software/Firmware Security The module firmware takes the form of a single firmware image that includes multiple files (configuration files, executable files, packages, and other associated files). The image is verified using an approved integrity technique implemented within the cryptographic module itself. The module implements an ECDSA P-256 (SHA2-256) digital signature verification for the integrity test of the firmware. The approved integrity technique consists of single ECDSA signature verification; failure of the integrity check will cause the module to enter a critical error state. The CO can initiate the pre-operational tests on demand by resetting or power-cycling the module (see section
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
6. September 26, 2024 Operational Environment The module employs a limited operational environment (as it is designed to accept only controlled firmware changes that successfully pass the software/firmware load test). The module does not provide a general-purpose operating system (OS). All services provided by the module are provided by the module’s firmware and external interfaces. The module’s processor executes the firmware on the tested configurations specified in section 2.1 of this document. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
7. September 26, 2024 Physical Security As a multi-chip standalone hardware module, the module includes an enclosure composed of hard, productiongrade, metal components necessary to meet FIPS 140-3 level 1 physical security requirements. The module enclosure completely encloses all of its internal components, and all integrated circuits are coated with commercial standard passivation. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
8. September 26, 2024 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Strength | Security Function | Generation | Storage | Import Export | Key/SSP Name/Type Keys | Zeroisation54 |
|---|---|---|---|---|---|---|---|
| Pre-operational verification of module’s firmware image | 128 bits | ECDSA SigVer (FIPS186-4) (Cert. A2544) | Hardcoded in the module image | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Firmware Integrity Test Key (not an SSP) | Not subject to zeroization requirements | |
| Verification of CA signatures | (ECDSA) Between 128 and 256 bits (RSA) Between 112 and 150 bits | ECDSA SigVer (FIPS186-4) (Cert. A2544) RSA SigVer (FIPS186-4) (Certs. A2544, A2391) | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted form | CA Public Key (CSP) | Soft reset/power cycle (RAM only) | |
| Used for certificate signing requests | Between 112 and 150 bits | RSA SigGen (FIPS186-4) (Certs. A2544, A2391) | Generated internally via approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted form | RSA Private Key (CSP) | Soft reset/power cycle (RAM only) |
| Used for certificate signing requests | Between 112 and 150 bits | RSA SigVer (FIPS186-4) (Certs. A2544, A2391) | Generated internally via approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted form | RSA Public Key (PSP) | Soft reset/power cycle (RAM only) |
| Used for certificate signing requests | Between 128 and 256 bits | ECDSA SigGen (FIPS186-4) (Cert. A2544) | Generated internally via approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted form | ECDSA Private Key (CSP) | Soft reset/power cycle (RAM only) |
| Used for certificate signing requests | Between 128 and 256 bits | ECDSA SigVer (FIPS186-4) (Cert. A2544) | Generated internally via approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported in PEM file format in encrypted form | ECDSA Public Key (PSP) | Soft reset/power cycle (RAM only) |
| Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchange | Between 128 and 256 bits | KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) | Generated internally via approved DRBG | Plaintext in RAM | ECDH Private Key (CSP) | Soft reset/power cycle | |
| Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchange | Between 128 and 256 bits | KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) | Generated internally via approved DRBG | Plaintext in RAM | ECDH Public Key (PSP) | Soft reset/power cycle | |
| Computation of KAS-ECC-SSC shared secrets during TLS/SSH key exchange | Between 128 and 256 bits | KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) | Plaintext in RAM | Imported in plaintext Never exported | ECDH Peer55 Public Key (PSP) | Soft reset/power cycle | |
| Computation of DH shared secrets during TLS/SSH key exchange | 112 bits | KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) | Generated internally via approved DRBG | Plaintext in RAM | DH Private Key (CSP) | Soft reset/power cycle | |
| Computation of DH shared secrets during TLS/SSH key exchange | 112 bits | KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) | Generated internally via approved DRBG | Plaintext in RAM | Never imported Exported in plaintext form | DH Public Key (PSP) | Soft reset/power cycle |
| Computation of DH shared secrets during TLS/SSH key exchange | 112 bits | KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) | Plaintext in RAM | Imported in plaintext Never exported | DH Peer Public Key (PSP) | Soft reset/power cycle | |
| Authentication during SSH session negotiation | 112 or 128 bits | RSA SigGen (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Never exported | SSH Private Key (CSP) | Soft reset/power cycle (RAM only); zeroization command |
| Authentication during SSH session negotiation | 112 or 128 bits | RSA SigGen (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG as part of CSR or self-signed certificate generation | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Imported by CO via CLI (over serial port) in plaintext Exported in plaintext form | SSH Public Key (PSP) | Soft reset/power cycle (RAM only) |
| Encryption and decryption of SSH session packets Wrapping of keying material (when keys are part of the payload) | 128 and 256 bits | AES-CBC (Certs. A2544, A2391) AES-GCM (Cert. A2544) KTS (AES-GCM) (Certs. A2544, A2391) KTS (AES- CBC/HMAC) (Certs. A2544, A2391) | Derived internally via SSH KDF | Plaintext in RAM | SSH Session Key (CSP) | Soft reset/power cycle | |
| Authentication of SSH session packets Wrapping of keying material (when keys are part of the payload) | Between 160 and 384 bits | HMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544) | Derived internally via SSH KDF | Plaintext in RAM | SSH Authentication Key (CSP) | Soft reset/power cycle | |
| Authentication during TLS session negotiation | Between 112 and 150 bits | RSA SigGen (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Imported by CO via CLI (over serial port) in plaintext form Never exported | TLS Private Key (CSP) | Soft reset/power cycle (RAM only); zeroization command |
| Authentication during TLS session negotiation | Between 112 and 150 bits | RSA SigVer (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG as part of CSR or self-signed certificate generation | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported via digital certificate in plaintext form | TLS Public Key (PSP) | Soft reset/power cycle (RAM only) |
| Encryption and decryption of TLS session packets Wrapping of keying material (when keys are part of the payload) | 128 or 256 bits | AES-CBC (Certs. A2544, A2391) AES-CCM (Cert. A2544) AES-GCM (Cert. A2544) KTS (AES-CCM) (Certs. A2544, A2391) KTS (AES-GCM) (Certs. A2544, A2391) KTS (AES- CBC/HMAC) (Certs. A2544, A2391) | Derived internally using the TLS Master Secret via TLS KDF | Plaintext in RAM | TLS Session Key (CSP) | Soft reset/power cycle | |
| Authentication of TLS session packets Wrapping of keying material (when keys are part of the payload) | Between 160 and 384 bits | HMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544) KTS (AES- CBC/HMAC) (Cert. A2544) | Derived internally using the TLS Master Secret via the TLS KDF | Plaintext in RAM | TLS Authentication Key (CSP) | Soft reset/power cycle | |
| Encryption and decryption of SNMPv3 session packets | Between 128 and 256 bits | AES-CFB128 (Certs. A2544, A2391) | Derived internally using SNMP KDF | Plaintext in RAM | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Never exported | SNMPv3 Privacy Key (CSP) | Soft reset/power cycle |
| Authentication of SNMPv3 session packets | Between 160 and 384 bits | HMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544) | Derived internally using SNMP KDF | Plaintext in RAM | Imported in PEM file format via Web Interface (over TLS) in encrypted form Imported in PEM file format via CLI (over SSH) in encrypted form Exported via TLS or SSH) in encrypted form | SNMPv3 Authentication Key (CSP) | Soft reset/power cycle |
| Encryption and decryption of SRTP session packets | 128 or 256 bits | AES-CTR (Certs. A2544, A2391) | Derived internally using SRTP Master Key via the SRTP KDF | Plaintext in RAM | SRTP Session Key (CSP) | Soft reset/power cycle | |
| Authentication of SRTP session packets | Between 160 and 384 bits | HMAC-SHA-1 (Cert. A2544) HMAC-SHA2- 256 (Cert. A2544) HMAC-SHA2- 384 (Cert. A2544) | Derived internally via SRTP KDF using SRTP Master Key | Plaintext in RAM | SRTP Authentication Key (CSP) | Soft reset/power cycle | |
| Authentication during SFTP session negotiation | Between 112 and 150 bits | RSA SigGen (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext on hard disk | SFTP Private Key (CSP) | Soft reset/power cycle (RAM only); zeroization command | |
| Authentication during SFTP session negotiation | Between 112 and 150 bits | RSA SigVer (FIPS186-4) (Certs. A2544, A2391) | Generated internally via Approved DRBG as part of CSR or self-signed certificate generation | [for all models] Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non-volatile flash [for the M9080] Plaintext on hard disk | Never imported Exported in plaintext form | SFTP Public Key (PSP) | Soft reset/power cycle (RAM only) |
| Verification of new firmware upgrade image | 128 bits | ECDSA SigVer (FIPS186-4) (Cert. A2544) | Hardcoded in the application binary | [for the 4000, 9080] Plaintext in RAM [for the 4000] Plaintext in non- volatile flash [for the 9080] Plaintext on hard disk | Image Verification Key (PSP) | N/A | |
| Input to SSH KDF for derivation of the SSH Session Key and SSH Authentication Key | Between 112 and 256 bits | KDF SSH (Certs. A2389, A2392) | Computed internally by KAS-ECC-SSC and KAS-FFC- SSC | Plaintext in RAM | SSH Shared Secret (CSP) | Soft reset/power cycle | |
| Input to KAS- ECC-SSC/KAS- FFC-SSC for computation of the TLS Master Secret | Between 112 and 256 bits | TLS v1.2 KDF RFC 7627 (Certs. A2389, A2392) TLS v1.3 KDF (Certs. A2389, A2392) | [for KAS-ECC- SSC / KAS-FFC- SSC cipher suites] Computed internally by KAS-ECC-SSC and KAS-FFC- SSC | Plaintext in RAM | TLS Pre- Master Secret (CSP) | Soft reset/power cycle | |
| Input to TLS KDF for derivation of the TLS Session Key and TLS Authentication Key | 384 bits | TLS v1.2 KDF RFC 7627 (Certs. A2389, A2392) TLS v1.3 KDF (Certs. A2389, A2392) | Derived internally via TLS KDF using the TLS Pre- Master Secret | Plaintext in RAM | TLS Master Secret (CSP) | Soft reset/power cycle | |
| Input to SRTP KDF for derivation of the SRTP Session Key and SRTP Authentication Key | 128 and 256 bits | KDF SRTP (Certs. A2389, A2392) | [when module is calling side] Generated internally via Approved DRBG | Plaintext in RAM | [when module is calling side] Never imported Exported via SIP/TLS in encrypted form [when module is answering side] Imported via SIP/TLS in encrypted form Never exported | SRTP Master Key (CSP) | Soft reset/power cycle |
| Random number generation | 384 bits | CKG (Vendor Affirmed) SHA3-256 (Cert. A2390) | Generated internally | Plaintext in RAM | Entropy Input String (CSP) | End of DRBG function, soft reset/power cycle | |
| Random number generation | 384 bits | CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) | Generated internally using entropy input string | Plaintext in RAM | DRBG Seed (CSP) | Soft reset/power cycle | |
| Random number generation | 256 bits | CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) | Generated internally | Plaintext in RAM | DRBG ‘Key’ Value (CSP) | Soft reset/power cycle | |
| Random number generation | 128 bits | CKG (Vendor Affirmed) Counter DRBG (Cert. A2544) | Generated internally | Plaintext in RAM | DRBG ‘V’ Value (CSP) | Soft reset/power cycle | |
| Used to derive the SNMPv3 Authentication Key | KDF SNMP (Certs. A2389, A2392) | Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non- volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported via Web Interface (over TLS) in encrypted form Imported via CLI (over SSH) in encrypted form Imported via CLI (over serial port) in plaintext form Imported in an INI file via Web Interface (over TLS) in encrypted form Imported in an INI file via CLI (over SSH) in encrypted form Exported in an INI file via TLS or SSH in encrypted form | SNMPv3 Authenticati on Password (CSP) | Soft reset/power cycle (RAM only) The CO entering an all-zero value using the Web Interface or CLI Importing a new .ini file with a zero- value SNMPv3 Authenticati on Password | ||
| Used to derive the SNMPv3 Privacy Key | KDF SNMP (Certs. A2389, A2392) | Plaintext in RAM [for the M4000, M2600, M800, MP1288] Plaintext in non- volatile flash [for the M9080] Plaintext in non- volatile hard disk | Imported via Web Interface (over TLS) in encrypted form Imported via CLI (over SSH) in encrypted form Imported via CLI (over serial port) in plaintext form Imported in an INI file via Web Interface (over TLS) in encrypted form Imported in an INI file via CLI (over SSH) in encrypted form Exported in an INI file via TLS or SSH in encrypted form | SNMPv3 Privacy Password (CSP) | Soft reset/power cycle (RAM only) The CO entering an all-zero value using the Web Interface or CLI Importing a new .ini file with a zero- value SNMPv3 Privacy Password |
September 26, 2024 9. Sensitive Security Parameter Management 9.1 The module supports the keys and other SSPs listed in Table 12 below. Table 12
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 HMAC-SHA2256 HMAC-SHA2384 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2384 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
HMAC-SHA2256 September 26, 2024 HMAC-SHA2384 TLS PreMaster Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 with a zerovalue Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 with a zerovalue AES GCM encryption is used in the context of several secure communications protocols. The module meets the (key/IV) pair uniqueness requirements from NIST SP 800-38D as follows:
The mechanism for IV generation falls into scenario 5 in FIPS 140-3 IG C.H and is compliant with RFC 8446. Each session employs a “per-record nonce”, a 64-bit sequence number (or IV) maintained separately for reading and writing records. Each sequence number is set to 0 at the beginning of a connection and whenever the key is changed (the first record transmitted under a particular traffic key uses sequence number 0), and the appropriate sequence number is incremented by one after reading or writing each record. Because the size of sequence numbers is 64 bits, they should not wrap. If a sequence number needs to wrap, it is the responsibility of the module operator to either rekey or terminate the connection.
| Name | Key Size | |
|---|---|---|
| Details | Minimum Number | Entropy Sources |
| of Bits of Entropy | of Bits of Entropy | |
| The min-entropy (per 4 bits of data) of the tests for each device was: • M800 = 3.548147 bits • M2600 = 3.562489 bits • M4000 = 3.481019 bits • M9080 = 3.507044 bits • MP1288 = 3.667660 bits As long as there is at least one bit of entropy per four bits of raw noise data, the entropy provided by each call to CPU Jitter entropy can be considered to contain full entropy. When the DRBG requests 384 bits of entropy for seeding, the function is called four times and returns 384 bits of entropy, thus exceeding the FIPS requirement of at least 112 bits of entropy. | 384 bits | CPU Time Jitter Based Non-Physical TRNG |
September 26, 2024 A new IV parameter is generated by the module for each AES GCM encryption. The IV consists of a 4-byte fixed field and an 8-byte invocation counter. The fixed field of the IV remains the same for the duration of the session, while the invocation counter is treated as a 64-bit integer and is incremented by one when performing an encryption of a new binary packet. If the invocation counter reaches its maximum value
264
264
the responsibility of the module operator to derive a new key and a new initial IV. The module also complies with the following RFCs:
September 26, 2024 10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is powered up and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s):
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:
Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
The module provides a default login password for first-time module access for the CO only. The CO is required to change the default login password as part of the initial configuration.
The pre-operational self-tests are automatically performed at power-up. The CO may initiate the pre-operational self-tests by issuing the reset command over the module’s management interfaces or power-cycling the module. Using the CLI, resetting the module is accomplished by issuing the reload now command. Using the Web interface, resetting the module is accomplished from the Maintenance Actions page (Setup menu -> Administration tab -> Maintenance folder -> Maintenance Actions) and clicking the <Reset> button on the toolbar.
There are many CSPs within the module’s cryptographic boundary including symmetric keys, private keys, public keys, and login password hashes. CSPs reside in multiple storage media including RAM, non-volatile flash, and hard disk. All ephemeral keys used by the module are zeroized on reset and power cycle. Private keys and CSPs on the non-volatile flash and hard disk of the module can be zeroized by using a CLI command. The public key used for the image verification test is stored in non-volatile flash and hard disk and cannot be zeroized. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
September 26, 2024 Using the CLI, keys and CSPs are zeroized using the clear security-files command. Successful return from this command indicates the completion of the zeroization process. The SNMPv3 Authentication Password and SNMPv3 Privacy Password, may be zeroized by the CO entering an allzero value using the Web Interface or CLI or importing a new .ini file with a zero value. Both methods will overwrite and zeroize these CSPs. Completion of the manual entry process or of the .ini file load process indicates the completion of the zeroization process.
On the first power up, the module is, by default, in an unconfigured operational state. During initial configuration and setup, the module is explicitly set to operate in the Approved mode of operation. An authorized operator can access the module via the CLI and determine the mode of the module.
The list below provides additional guidance for module administrators:
September 26, 2024 This can also be accomplished via the Software Upgrade wizard. When using the wizard, ensure that the “Use existing configuration” checkbox on the Load ini file wizard page is cleared and do not select a file to load. This will restore the module configuration back to factory default settings.
September 26, 2024 12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Therefore, per ISO/IEC 19790:2021 section 7.12, requirements for this section are not applicable. Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
| Name | Term | Definition |
|---|---|---|
| AC | AC | Alternating Current |
| ACL | ACL | Access Control List |
| AES | AES | Advanced Encryption Standard |
| ANSI | ANSI | American National Standards Institute |
| ASCII | ASCII | American Standard Code for Information Interchange |
| B2BUA | B2BUA | Back-to-Back User Agent |
| CA | CA | Certificate Authority |
| CBC | CBC | Cipher Block Chaining |
| CCCS | CCCS | Canadian Centre for Cyber Security |
| CFB | CFB | Cipher Feedback |
| CKG | CKG | Cryptographic Key Generation |
| CLI | CLI | Command Line Interface |
| CMVP | CMVP | Cryptographic Module Validation Program |
| CO | CO | Crypto Officer |
| CPU | CPU | Central Processing Unit |
| CSR | CSR | Certificate Signing Request |
| CTR | CTR | Counter |
| CVL | CVL | Component Validation List |
| DC | DC | Direct Current |
| DDOS | DDOS | Distributed Denial-of-Service |
| DES | DES | Data Encryption Standard |
| DOS | DOS | Denial-of-Service |
| DRBG | DRBG | Deterministic Random Bit Generator |
| DSA | DSA | Digital Signature Algorithm |
| DSP | DSP | Digital Signal Processing |
| DTLS | DTLS | Datagram Transport Layer Security |
| EC | EC | Elliptical Curve |
| ECC | ECC | Elliptical Curve Cryptography |
| ECC CDH | ECC CDH | ECC Cofactor Diffie Hellman |
| ECDSA | ECDSA | Elliptical Curve Digital Signature Algorithm |
| EMC | EMC | Electromagnetic Compatibility |
| EMI | EMI | Electromagnetic Interference |
| FIPS | FIPS | Federal Information Processing Standard |
| GbE | GbE | Gigabit Ethernet |
| Gbps | Gbps | Gigabits per second |
| GCM | GCM | Galois/Counter Mode |
| GUI | GUI | Graphical User Interface |
| HA | HA | High Availability |
| HDD | HDD | Hard Disk Drive |
| HMAC | HMAC | (Keyed-) Hash Message Authentication Code |
| HTTPS | HTTPS | Hypertext Transfer Protocol Secure |
| ICE | ICE | Interactive Connectivity Establishment |
| IEEE | IEEE | Institute of Electrical and Electronics Engineers |
| iLO | iLO | Integrated Lights Out |
| IP | IP | Internet Protocol |
| IV | IV | Initialization Vector |
| KAS | KAS | Key Agreement Scheme |
| KAT | KAT | Known Answer Test |
| KAS ECC SSC | KAS ECC SSC | Key Agreement Scheme - Elliptical Curve Cryptography - Shared Secret Computation |
| KAS FFC SSC | KAS FFC SSC | Key Agreement Scheme - Finite Field Cryptography - Shared Secret Computation |
| KDF | KDF | Key Derivation Function |
| LED | LED | Light Emitting Diode |
| MAC | MAC | Message Authentication Code |
| Mbps | Mbps | Megabits per second |
| MOS | MOS | Mean Opinion Score |
| N/A | N/A | Not Applicable |
| NAT | NAT | Network Address Translation |
| NIC | NIC | Network Interface Card |
| NIST | NIST | National Institute of Standards and Technology |
| NTP | NTP | Network Time Protocol |
| OAMP | OAMP | Operations, Administration, Maintenance, and Provisioning |
| OS | OS | Operating System |
| PBKDF2 | PBKDF2 | Password-Based Key Derivation Function 2 |
| PBX | PBX | Private Branch Exchange |
| PEM | PEM | Privacy Enhanced Mail |
| PKCS | PKCS | Public-Key Cryptography Standards |
| PUB | PUB | Publication |
| QoE | QoE | Quality of Experience |
| QoS | QoS | Quality of Service |
| RADIUS | RADIUS | Remote Authentication Dial In User Service |
| RAM | RAM | Random Access Memory |
| RNG | RNG | Random Number Generator |
| RSA | RSA | Rivest, Shamir, and Adleman |
| RTCP | RTCP | Real-time Transport Control Protocol |
| RTP | RTP | Real-time Transport Protocol |
| SAS | SAS | Serial Attached Small Computer System Interface |
| SBC | SBC | Session Border Controller |
| SDES | SDES | Session Description Protocol Security Descriptions |
| SDRAM | SDRAM | Synchronous Dynamic Random Access Memory |
| SFP | SFP | Small Form-Factor Pluggable |
| SFTP | SFTP | SSH (or Secure) File Transfer Protocol |
| SHA | SHA | Secure Hash Algorithm |
| SHS | SHS | Secure Hash Standard |
| SIP | SIP | Session Initiation Protocol |
| SNMP | SNMP | Simple Network Management Protocol |
| SP | SP | Special Publication |
| SRTP | SRTP | Secure Real-Time Transport Protocol |
| SSD | SSD | Solid State Drive |
| SSH | SSH | Secure Shell |
| TCP | TCP | Transport Control Protocol |
| TDM | TDM | Time-Division Multiplexing |
| TLS | TLS | Transport Layer Security |
| U | U | Rack Unit |
| UDP | UDP | User Datagram Protocol |
| U.S. | U.S. | United States |
| USB | USB | Universal Serial Bus |
| VGA | VGA | Video Graphics Array |
| VLAN | VLAN | Virtual Local Area Network |
| VoIP | VoIP | Voice Over Internet Protocol |
September 26, 2024 Appendix A. Acronyms and Abbreviations Table 14 provides definitions for the acronyms and abbreviations used in this document. Table 14
N/A September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
U U.S. September 26, 2024 Mediant SBCs and Media Gateways ©2024 AudioCodes Ltd.
Prepared by: Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com