All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Mediant Virtual Edition SBC and Cloud Edition SBC

Certificate#4908StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorAudioCodes Ltd.
High review priority  ·  no TCB surface named  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date12/2/2026
CaveatInterim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy
VendorAudioCodes Ltd.

Approved Algorithms (31)

AlgorithmACVP Cert
AES-CBCA2544
AES-CCMA2544
AES-CFB128A2544
AES-CTRA2544
AES-GCMA2544
Counter DRBGA2544
DSA KeyGen (FIPS186-4)A2544
ECDSA KeyGen (FIPS186-4)A2544
ECDSA KeyVer (FIPS186-4)A2544
ECDSA SigVer (FIPS186-4)A2544
HMAC-SHA-1A2544
HMAC-SHA2-256A2544
HMAC-SHA2-384A2544
KAS-ECC-SSC Sp800-56Ar3A2544
KAS-FFC-SSC Sp800-56Ar3A2544
KDF SNMPA2389
KDF SRTPA2389
KDF SSHA2389
RSA KeyGen (FIPS186-4)A2544
RSA SigGen (FIPS186-4)A2544
RSA SigVer (FIPS186-4)A2544
Safe Primes Key GenerationA2544
Safe Primes Key VerificationA2544
SHA-1A2544
SHA2-224A2544
SHA2-256A2544
SHA2-384A2544
SHA2-512A2544
SHA3-256A2390
TLS v1.2 KDF RFC7627A2389
TLS v1.3 KDFA2389

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Mediant Virtual Edition SBC and Cloud Edition SBC
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Upgrade</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Mediant Virtual Edition SBC and Cloud Edition SBC
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Upgrade</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

AudioCodes Ltd. Mediant Virtual Edition SBC and Cloud Edition SBC Software Version: 7.6 FIPS Security Level: 1 Document Version: 0.8 Prepared for: Prepared by: AudioCodes Ltd. Corsec Security, Inc.

1 Hayarden Street 12600 Fair Lakes Circle, Suite 210

Airport City, Lod 70151 Fairfax, VA 22033 Israel United States of America Phone: +972 3 976 4000 Phone: +1 703 267 6050 www.audiocodes.com www.corsec.com

Page 2

Abstract This is a non-proprietary Cryptographic Module Security Policy for the Mediant Virtual Edition SBC and Cloud Edition SBC (version: 7.6) from AudioCodes Ltd. (AudioCodes). This Security Policy describes how the Mediant Virtual Edition SBC and Cloud Edition SBC meet the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in an Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Mediant Virtual Edition SBC and Cloud Edition SBC represent two deployments of the same software image that differ only in the product labeling, which is defined by an initialization file parameter that is set by the vendor. Collectively, these deployments are referred to in this document as “Mediant VE and CE SBCs”, “SBCs” or “the module”. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1 – Security Levels7
Table 2 – Tested Operational Environments8
Table 3 – Vendor Affirmed Operational Environments8
Table 4 – Cryptographic Algorithm Sources9
Table 5 – Approved Algorithms9
Table 6 – Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed13
Table 7 – Ports and Interfaces16
Table 8 – Roles, Service Commands, Input and Output18
Table 9 – Approved Services21
Table 10 – SSPs32
Table 11 – Non-Deterministic Random Number Generation Specification39
Table 12 – Acronyms and Abbreviations48
Figure 1 – GPC Block Diagram14
Figure 2 – AudioCodes Mediant VE and CE SBCs Cryptographic Boundary15
Page 5

1. General AudioCodes Ltd. (hereafter referred to as AudioCodes) is a leading vendor of advanced networking and media processing solutions for the for the digital workplace. The AudioCodes Mediant family of Session Border Controllers (SBCs) offers a line of versatile IP1 communications platforms that connect VoIP2 and TDM3 networks, built on years of carrier-grade VoIP deployments and expertise. AudioCode’s SBCs provide the interoperability, security, and quality assurance that service providers need to connect their enterprise and residential customers reliably and securely to SIP4 trunk and hosted telephony services. The Mediant Virtual Edition SBC and Cloud Edition SBC each forms an effective demarcation point between a business’s VoIP network and the service provider’s SIP trunk, performing SIP protocol mediation and media handling (interoperability), and securing the enterprise VoIP network. It can function as a peering SBC, access SBC, or enterprise SBC. The AudioCodes Mediant Virtual Edition SBC and Cloud Edition SBC are software-based SBCs that may be installed in a virtual environment or hosted in a cloud computing environment. The SBCs provide proven performance, resiliency, and security featuring real-time encryption (VoIP signaling and media traffic), DSP 5 -based media transcoding, a flexible and intuitive SIP routing engine, and an integrated WebRTC gateway. Some of the network and security features provided by the SBCs include:

1 IP – Internet Protocol
2 VoIP – Voice Over Internet Protocol
3 TDM – Time-Division Multiplexing

SIP

6 B2BUA – Back-to-Back User Agent
7 PBX – Private Branch Exchange

UDP

9 TCP – Transport Control Protocol
10 TLS – Transport Layer Security
11 RTP – Real-time Transport Protocol

SRTP

13 SDES – Session Description Protocol Security Descriptions
14 DTLS – Datagram Transport Layer Security
15 NAT – Network Address Translation
16 VP8 – Video coding format developed by Google

ICE

18 RTCP – Real-Time Transport Control Protocol

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 6
19 DoS – Denial of Service
20 DoS/DDoS – Denial-of-Service/Distributed Denial-of-Service
21 HTTPS – Hypertext Transfer Protocol Secure
23 SFTP – SSH (or Secure) File Transfer Protocol
24 SNMP – Simple Network Management Protocol
25 VLAN – Virtual Local Area Network
26 OAMP – Operations, Administration, Maintenance, and Provisioning

MOS

28 PEM – Privacy Enhanced Mail

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 7

• RSA private key file – plaintext base64 encoded PEM format. These files contain the private key associated with the RSA public key in the X.509 certificate file. • Root certificate file (CA Public keys) – chains of X.509 certificates in plaintext base64 encoded PEM format. These are used to validate peer certificates and serve as a possible chain used for self-signed certificates to be sent to the peer. The Root certificate file contains public keys only; they do not contain the associated private keys. The module generates RSA keypairs and Certificate Signing Requests (CSRs). The CSR is signed with the module’s private key and then sent to a CA. The CA then signs the certificate and sends it back, where it is then installed for use. The module also generates self-signed certificates corresponding to the internally generated RSA keypairs. The module provides the option to import certain CSPs by loading a text-based file with a *.ini file extension (INI file) in encrypted form using the module’s Web Interface (over TLS) or CLI (over SSH). The module also supports an Automated Update mechanism whereby an INI file is downloaded from a server over HTTPS. The CSPs that may be imported through an INI file are indicated as such in Table 10 below. The Mediant Virtual Edition SBC and Cloud Edition SBC is validated at the FIPS 140-3 section levels shown in Table

  1. Table 1 – Security Levels ISO/IEC 24579 Section
  2. FIPS 140-3 Section Title Security Level [Number Below]
1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services, and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment 1
7 Physical Security N/A
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 1
10 Self-tests 1
11 Life-Cycle Assurance 1
12 Mitigation of Other Attacks N/A

The module has an overall security level of 1. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 8

2. Cryptographic Module Specification The Mediant VE and CE SBCs version 7.6 is a software cryptographic module with a multiple-chip standalone embodiment that meets overall Level 1 FIPS 140-3 requirements. The module is designed to operate within a modifiable operational environment and executes as a virtual appliance. The sections below describe the operational environments, algorithm implementations, module boundary, and modes of operation.

2.1 Operational Environments

The module was tested and found to be compliant with FIPS 140-3 requirements on the environments listed in Table 2. Table 2

1 VMware ESXi 7.0 w/custom HPE ProLiant DL360 Gen10 Intel Xeon Gold 6226R Without

Linux based on CentOS Stream 8 The cryptographic module maintains validation compliance when operating in a virtual machine (VM) with AudioCodes’ custom OS as the guest OS on any compatible GPC using one of the following hypervisors to provide the virtualization layer: Table 3

1 Linux KVM Any Compatible GPC
2 Microsoft Hyper-V Any Compatible GPC

Note that the host GPC may be deployed on-prem or in one of the following supported cloud computing environments:

2.2 Algorithm Implementations

The module employs the cryptographic algorithm implementations from the sources listed in Table 4 below. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 9

Table 4

29 SSH – Secure Shell

30 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

31 CVL – Component Validation List

RFC

33 TLS – Transport Layer Security

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 10

CAVP Cert30 Algorithm and Standard Mode / Method Description / Key Size(s) / Use / Function Key Strength(s) A2389 TLS v1.3 KDF KDF (TLS v1.3) SHA2-256, SHA2-384 Key Derivation CVL SP 800-135rev1 No part of the TLS protocol, RFC 8446 other than the KDF, has been tested by the CAVP and CMVP. AudioCodes Mediant Session Border Controller Entropy Library A2390 SHA3-256 SHA3-256 - Conditioning function for FIPS PUB 202 entropy AudioCodes Mediant Session Border Controller Cryptographic Library A2544 AES-CBC CBC 128, 256 Encryption/Decryption FIPS PUB 197 NIST SP 800-38A A2544 AES-CCM34 CCM 128, 256 Encryption/Decryption NIST SP 800-38C A2544 AES-CFB128 CFB128 128, 192, 256 Encryption/Decryption FIPS PUB 197 NIST SP 800-38A A2544 AES-CTR CTR 128, 256 Encryption/Decryption FIPS PUB 197 NIST SP 800-38A A2544 AES-GCM35 GCM 128, 256 Encryption/Decryption NIST SP 800- 38D A2544 Counter DRBG36 Counter-based 256-bit AES-CTR Deterministic random bit NIST SP 800-90Arev1 generation A2544 DSA37 KeyGen (FIPS186-4) DSA KeyGen 2048/256 Key Pair Generation FIPS PUB 186-4 A2544 ECDSA38 KeyGen (FIPS186-4) ECDSA KeyGen P-224, P-256, P-384, P-521 Key Pair Generation FIPS PUB 186-4 Secrets generation mode: Testing candidates A2544 ECDSA KeyVer (FIPS186-4) ECDSA KeyVer P-224, P-256, P-384, P-521 Public Key Verification FIPS PUB 186-4 A2544 ECDSA SigVer (FIPS186-4) ECDSA SigVer P-256 (SHA2-256) Digital Signature FIPS PUB 186-4 Verification A2544 HMAC-SHA-1 SHA-1 MAC: 32, 80, 160 Message Authentication FIPS PUB 198-1 Key Length: 160 The module also supports HMAC SHA-1-32 and HMAC SHA-1-80.

34 CCM – Counter with Cipher Block Chaining - Message Authentication Code
35 GCM – Galois Counter Mode
36 DRBG – Deterministic Random Bit Generator

DSA

38 ECDSA – Elliptic Curve Digital Signature Algorithm

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 11

CAVP Cert30 Algorithm and Standard Mode / Method Description / Key Size(s) / Use / Function Key Strength(s) A2544 HMAC-SHA2-256 SHA2-256 MAC: 256 Message Authentication FIPS PUB 198-1 Key Length: 256 A2544 HMAC-SHA2-384 SHA2-384 MAC: 384 Message Authentication FIPS PUB 198-1 Key Length: 384 A2544 KAS-ECC-SSC39 SP800-56Arev3 ephemeralUnified P-224, P-256, P-384, P-521 Shared Secret Computation NIST SP 800-56Arev3 A2544 KAS-FFC-SSC40 SP800-56Arev3 dhEphem FC (2048/256), ffdhe2048, Shared Secret Computation NIST SP 800-56Arev3 ffdhe3072, MODP-2048 A2544 RSA41 KeyGen (FIPS186-4) Key generation mode: 2048, 3072, 4096 Key Pair Generation FIPS PUB 186-4 B.3.3 A2544 RSA SigGen (FIPS186-4) PKCS#1 v1.5 2048, 3072, 4096 (SHA2- Digital Signature FIPS PUB 186-4 224, SHA2-256, SHA2-384, Generation SHA2-512) A2544 RSA SigVer (FIPS186-4) PKCS#1 v1.5 1024, 2048, 3072, 4096 Digital Signature FIPS PUB 186-4 (SHA2-224, SHA2-256, Verification SHA2-384, SHA2-512) A2544 SHA-1 SHA-1 Message Length: Message Digest FIPS PUB 180-4 0-65528 Increment 8 A2544 SHA2-224 SHA2-224 Message Length: Message Digest FIPS PUB 180-4 0-65528 Increment 8 A2544 SHA2-256 SHA2-256 Message Length: Message Digest FIPS PUB 180-4 0-65528 Increment 8 A2544 SHA2-384 SHA2-384 Message Length: Message Digest FIPS PUB 180-4 0-65528 Increment 8 A2544 SHA2-512 SHA2-512 Message Length: Message digest FIPS PUB 180-4 0-65528 Increment 8 A2544 Safe Primes Key Generation - ffdhe2048, fdhe3072, Key Generation NIST SP 800-56Arev3, MODP-2048 Appendix D A2544 Safe Primes Key Verification - ffdhe2048, fdhe3072, Key Verification NIST SP 800-56Arev3, MODP-2048 Appendix D Security Function Implementations (SFIs) AES-CBC KTS SP 800-38A, FIPS 198-1, 128, 192, and 256-bit keys Key Wrap/Unwrap A2544 NIST SP 800-38F and SP 800-38F. KTS providing between 128 (Encryption with message (key wrapping and and 256 bits of encryption authentication) HMAC unwrapping) per IG strength A2544 D.G. AES-CBC with HMAC (SHA1, SHA2-256, SHA2-384)

39 KAS-ECC-SSC

KAS-FFC-SSC

41 RSA – Rivest Shamir Adleman

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 12

CAVP Cert30 Algorithm and Standard Mode / Method Description / Key Size(s) / Use / Function Key Strength(s) AES-CCM KTS SP 800-38C and SP 800- 128 and 256-bit keys Key Wrap/Unwrap A2544 NIST SP 800-38F 38F. KTS (key wrapping providing 128 or 256 bits (Authenticated Encryption) and unwrapping) per IG of encryption strength D.G. AES-CFB128 KTS SP 800-38A, FIPS 198-1, 128, 192, and 256-bit keys Key Wrap/Unwrap A2544 NIST SP 800-38F and SP 800-38F. KTS providing between 128 (Encryption with message (key wrapping and and 256 bits of encryption authentication) HMAC unwrapping) per IG strength A2544 D.G. AES-CFB128 with HMAC (SHA-1, SHA2-256, SHA2384) AES-GCM KTS SP 800-38D and SP 800- 128 and 256-bit keys Key Wrap/Unwrap A2544 NIST SP 800-38F 38F. KTS (key wrapping providing 128 or 256 bits (Authenticated Encryption) and unwrapping) per IG of encryption strength D.G. KAS-ECC-SSC KAS42 SP 800-56Arev3. KAS- P-224, P-256, P-384, and Key Agreement A2544 NIST SP 800-56Arev3 ECC per IG D.F Scenario P-521 curves providing NIST SP 800-135rev1 2 path (2). between 112 and 256 bits KDF SSH of encryption strength. A2389 KAS-ECC-SSC KAS SP 800-56Arev3. KAS- P-224, P-256, P-384, and Key Agreement A2544 NIST SP 800-56Arev3 ECC per IG D.F Scenario P-521 curves providing NIST SP 800-135rev1 2 path (2). between 112 and 256 bits TLS v1.2 KDF RFC RFC 7627 of encryption strength. 7627 A2389 KAS-ECC-SSC KAS SP 800-56Arev3. KAS- P-224, P-256, P-384, and Key Agreement A2544 NIST SP 800-56Arev3 ECC per IG D.F Scenario P-521 curves providing NIST SP 800-135rev1 2 path (2). between 112 and 256 bits TLS v1.3 KDF RFC 8446 of encryption strength. A2389 KAS-FFC-SSC KAS SP 800-56Arev3. KAS- 2048-bit key providing Key agreement A2544 NIST SP 800-56Arev3 FFC per IG D.F Scenario 112 bits of encryption NIST SP 800-135rev1 2 path (2). strength. KDF SSH A2389 KAS- FFC -SSC KAS SP 800-56Arev3. KAS- 2048-bit key providing Key Agreement A2544 NIST SP 800-56Arev3 ECC per IG D.F Scenario 112 bits of encryption NIST SP 800-135rev1 2 path (2). strength. TLS v1.2 KDF RFC RFC 7627 7627 A2389 KAS- FFC -SSC KAS SP 800-56Arev3. KAS- 2048-bit key providing Key Agreement A2544 NIST SP 800-56Arev3 ECC per IG D.F Scenario 112 bits of encryption NIST SP 800-135rev1 2 path (2). strength. TLS v1.3 KDF RFC 8446 A2389 Entropy Source

42 KAS – Key Agreement Scheme

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 13

CAVP Cert30 Algorithm and Standard Mode / Method Description / Key Size(s) / Use / Function Key Strength(s) N/A ENT (NP) - - Entropy input for DRBG NIST SP 800-90B Vendor Affirmed Vendor CKG43 - - Cryptographic Key Affirmed NIST SP 800-133rev2 Generation The vendor affirms the following cryptographic security methods:

2.3 Cryptographic Boundary

As a virtual appliance, the cryptographic module has no physical characteristics, it makes use of the physical interfaces of the server upon which the virtual appliance is installed. Figure 1 below illustrates a block diagram of a typical GPC and the module’s physical perimeter.

43 CKG – Cryptographic Key Generation

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 14

Hardware Network DVD RAM Management Interface HDD Clock SCSI/SATA Generator Controller LEDs/LCD CPU Serial I/O Hub Audio Cache PCI/PCIe Slots USB BIOS Power Graphics PCI/PCIe Interface Controller Slots External Power Supply KEY: BIOS

Page 15

Virtual Machine Virtual Machine Virtual Machine Mediant VE/CE SBCs Application Application Custom Linux based on Guest OS Guest OS CentOS Stream 8 KEY: Cryptographic Boundary Vmware ESXi 7.0 Physical Perimeter Data Input Server Hardware Data Output Control Input CPU Memory Storage Ports Status Output System Calls Host Device Figure 2

2.4 Modes of Operation

The module supports the Approved mode of operation only. When installed, configured, and operated according to this Security Policy, the module does not support a non-Approved mode of operation. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 16

3. Cryptographic Module Interfaces FIPS 140-3 defines the following logical interfaces for cryptographic modules:

45 AC – Alternating Current

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 17

Physical Port Logical Interface Data That Passes Over Port/Interface Host platform serial port Virtual serial port Management traffic via CLI

Page 18

4. Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods.

4.1 Authorized Roles

The module supports two roles that operators may assume:

Page 19

Role Service Input Output CO Manage Certificates/Keypairs Command and Command response/ parameters Status output CO Configure TLS Contexts Command and Command response/ parameters Status output CO Perform On-Demand Self-Tests Command Command response/ Status output CO, User Show Status Command Command response/ Status output CO, User Show System Security Status Command Command response/ Status output CO, User View Syslog Command Command response/ Status output CO Zeroize Keys and CSPs Command Command response/ Status output CO Upgrade Image Command Command response/ Status output CO Load a .ini File and Perform Command Command response/ Status Automatic Updates output CO Save a .ini File of the Module’s Command Command response/ Status Configuration output CO Reset Command Command response/ Status output CO Establish TLS Session Command TLS session established User CO Establish SSH Session Command SSH session established User CO Configure SNMPv3 Users Command and Command response/ Status parameters output CO Establish SNMPv3 Session Command and SNMP session established parameters CO Establish SRTP Session Command and SRTP session established parameters CO Establish SFTP Session Command and SFTP session established parameters CO Restore Default Configuration Command Factory default settings restored N/A Perform Manual Zeroization Reboot/power cycle Status output host device N/A Perform Manual On-Demand Self- Reboot or power Status output Tests cycle host device N/A Authenticate Command Status output Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 20
4.2 Authentication

Each operator has their own account with a username and password which are used to authenticate to the module. Passwords are stored on non-volatile storage media (outside the module boundary but within the physical perimeter) in hashed form using SHA2-256. For SSH/SFTP, operators can also utilize RSA or ECDSA Public keys. Note that, while the module supports authentication mechanisms, no claims are being made with regards to compliance to the Level 2/3 role-based and identity-based authentication requirements since it is being certified at Level 1.

4.3 Externally Loaded Software

The module has the capability to load software in the form of a complete image replacement from an external source. As such a replacement will constitute a new module, only FIPS-validated software may be loaded to maintain the module’s validation. Services and functions provided by the newly loaded software image are not performed until the pre-operational self-tests have executed successfully via a power-on reset. All software images are digitally signed, and a conditional self-test (using an ECDSA signature verification with P-256 curve) is performed during the reset. If the signature test fails, the new software image is ignored and the previous-loaded software image remains current. SSP zeroization takes place prior to execution of the new image. The module’s versioning information is updated to reflect the addition/update of the newly loaded software.

4.4 Services

Descriptions of the services available to authenticated module operators are provided in Table 9 below. As allowed per section 2.4.C of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global mode indicator) and an implicit indication (via the successful completion of the service). Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 21

Table 9

Page 22

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator (Cert. A2544) Manage Generate CKG Entropy Input String CO Entropy Input String

46 CA – Certificate Authority

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 23

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Zeroize Keys Zeroize keys None All persistent CSPs CO All persistent CSPs

Page 24

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) KTS (AES-CCM) (Cert. A2544) KTS (AES-GCM) (Cert. A2544) KTS (AES-CBC/HMAC) (Cert. A2544) RSA SigGen (FIPS186-4) (Cert. A2544) RSA SigVer (FIPS186-4 (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) SHA-1 (Cert. A2544) SHA2-256 (Cert. A2544) SHA2-384 (Cert. A2544) SHA3 -256 (Cert. A2390) TLS v1.2 KDF RFC 7627 (Cert. A2389) TLS v1.3 KDF (Cert. A2389) Establish SSH Establish AES-CBC Entropy Input String CO, Entropy Input String

Page 25

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator KAS-ECC-SSC SP800-56Arev3 (Cert. A2544) KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) KDF SSH (Cert. A2389) KTS (AES-GCM) (Cert. A2544) KTS (AES-CBC/HMAC) (Cert. A2544) RSA SigGen (FIPS186-4) (Cert. A2544) RSA SigVer (FIPS186-4) (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) SHA-1 (Cert. A2544) SHA2-256 (Cert. A2544) SHA2-384 (Cert. A2544) SHA3-256 (Cert. A2390) Configure Configure AES-CFB128 SNMPv3 Authentication Password CO SNMPv3 Authentication Password

Page 26

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator KDF SNMP (Cert. A2389) KTS (AES-CFB128/HMAC) (Certs. A2544) SHA-1 (Cert. A2544) SHA2-256 (Cert. A2544) SHA2-384 (Cert. A2544) Establish Establish AES-CTR SRTP Master Key CO SRTP Master Key

Page 27

Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator KAS-FFC-SSC SP800-56Arev3 (Cert. A2544) KDF SSH (Cert. A2389) KTS (AES-GCM) (Cert. A2544) KTS (AES-CBC/HMAC) (Cert. A2544) RSA SigGen (FIPS186-4) (Cert. A2544) RSA SigVer(FIPS186-4) (Cert. A2544) Safe Primes Key Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) SHA-1 (Cert. A2544) SHA2-256 (Cert. A2544) SHA2-384 (Cert. A2544) SHA3-256 (Cert. A2390) Restore Restore None All persistent SSPs CO All persistent CSPs

Page 28

5. Software/Firmware Security The module software takes the form of a single software image that includes multiple files (configuration files, executable files, packages, and other associated files). The image is verified using an approved integrity technique implemented within the cryptographic module itself. The module implements an ECDSA P-256 (SHA2-256) digital signature verification for the integrity test of the software. The approved integrity technique consists of single ECDSA signature verification; failure of the integrity check will cause the module to enter a critical error state. The CO can initiate the pre-operational tests on demand by issuing a reset/reboot command over its management interfaces. Also, the module can be made to perform pre-operational self-tests by rebooting or power-cycling the module’s VM or host device (when using this method, the operator is not required to assume an authorized role). Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 29
  1. Operational Environment The module is designed to operate within a modifiable operational environment. The module was tested and found to be compliant with FIPS 140-3 requirements on the operational environment identified in Table
  2. The cryptographic module has control over its own SSPs. The process and memory management functionality of the guest OS and the hypervisor prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined interfaces. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on virtual storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes or operators. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.
Page 30

7. Physical Security The cryptographic module is software module and does not include physical security mechanisms. Therefore, per ISO/IEC 19790:2021 section 7.7.1, the requirements for physical security are not applicable. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 31

8. Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 32

9. Sensitive Security Parameter Management

9.1 Keys and SSPs

The module supports the keys and other SSPs listed in Table 10 below. Table 10

112 and 150 bits RSA SigVer Plaintext

(FIPS186-4) Imported in PEM file form on (Cert. A2544) format via CLI (over SSH) virtual in encrypted form flash/disk Exported in PEM file format over TLS or SSH in encrypted form RSA Private Key Between 112 and RSA SigGen Generated Imported in PEM file - Plaintext Soft Used for (CSP) 150 bits (FIPS186-4) internally via format via Web Interface form in reset/power certificate (Cert. A2544) approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual signing requests form RAM only) Plaintext Imported in PEM file form on format via CLI (over SSH) virtual in encrypted form flash/disk Exported in PEM file format over TLS or SSH in encrypted form RSA Public Key Between 112 and RSA SigVer Generated Imported in PEM file - Plaintext Soft Used for (PSP) 150 bits (FIPS186-4) internally via format via Web Interface form in reset/power certificate (Cert. A2544) approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual signing requests form RAM only) Plaintext Imported in PEM file form on format via CLI (over SSH) virtual in encrypted form flash/disk Exported in PEM file format over TLS or SSH in encrypted form The indicators provided by zeroization methods specified in this column are implicit as the normal, non-error, status output of the function performing zeroization. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 33

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys ECDSA Private Between 128 and ECDSA SigGen Generated Imported in PEM file - Plaintext Soft Used for Key (CSP) 256 bits (FIPS186-4) internally via format via Web Interface form in reset/power certificate (Cert. A2544) approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual signing requests form RAM only) Plaintext Imported in PEM file form on format via CLI (over SSH) virtual in encrypted form flash/disk Exported in PEM file format over TLS or SSH in encrypted form ECDSA Public Between 128 and ECDSA SigVer Generated Imported in PEM file - Plaintext Soft Used for Key (PSP) 256 bits (FIPS186-4) internally via format via Web Interface form in reset/power certificate (Cert. A2544) approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual signing requests form RAM only) Plaintext Imported in PEM file form on format via CLI (over SSH) virtual in encrypted form flash/disk Exported in PEM file format over TLS or SSH in encrypted form ECDH Private Between 128 and KAS-ECC-SSC Generated - - Plaintext Soft Computation of Key 256 bits SP800-56Arev3 internally via form in reset/power KAS-ECC-SSC (CSP) (Cert. A2544) approved DRBG virtual RAM cycle shared secrets during TLS/SSH key exchange ECDH Public Key Between 128 and KAS-ECC-SSC Generated Never imported - Plaintext Soft Computation of (PSP) 256 bits SP800-56Arev3 internally via form in reset/power KAS-ECC-SSC (Cert. A2544) approved DRBG Exported in plaintext form virtual RAM cycle shared secrets during TLS/SSH key exchange ECDH Peer Between 128 and KAS-ECC-SSC - Imported in plaintext - Plaintext Soft Computation of Public Key 256 bits SP800-56Arev3 form in reset/power KAS-ECC-SSC (PSP) (Cert. A2544) Never exported virtual RAM cycle shared secrets during TLS/SSH key exchange DH Private Key 112 bits KAS-FFC-SSC Generated - - Plaintext Soft Computation of (CSP) SP800-56Arev3 internally via form in reset/power KAS-FFC-SSC (Cert. A2544) approved DRBG virtual RAM cycle shared secrets during TLS/SSH Safe Primes Key key exchange Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) DH Public Key 112 bits KAS-FFC-SSC Generated Never imported - Plaintext Soft Computation of (PSP) SP800-56Arev3 internally via form in reset/power KAS-FFC-SSC (Cert. A2544) approved DRBG Exported in plaintext form virtual RAM cycle shared secrets during TLS/SSH Safe Primes Key key exchange Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 34

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys DH Peer Public 112 bits KAS-FFC-SSC - Imported in plaintext - Plaintext Soft Computation of Key SP800-56Arev3 form form in reset/power KAS-FFC-SSC (PSP) (Cert. A2544) virtual RAM cycle shared secrets Never exported during TLS/SSH Safe Primes Key key exchange Generation (Cert. A2544) Safe Primes Key Verification (Cert. A2544) SSH Private Key 112 or 128 bits RSA SigGen Generated Imported in PEM file - Plaintext Soft Authentication (CSP) (FIPS186-4) internally via format via Web Interface form in reset/power during SSH (Cert. A2544) Approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual session form RAM only); negotiation Plaintext zeroization Imported in PEM file form on command format via CLI (over SSH) virtual in encrypted form flash/disk Never exported SSH Public Key 112 or 128 bits RSA SigGen Generated Imported in PEM file - Plaintext Soft Authentication (PSP) (FIPS186-4) internally via format via Web Interface form in reset/power during SSH (Cert. A2544) Approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual session as part of CSR or form RAM only) negotiation self-signed Plaintext certificate Imported in PEM file form on generation format via CLI (over SSH) virtual in encrypted form flash/disk Imported by CO via CLI (over serial port) in plaintext Never exported SSH Session Key 128 and 256 bits AES-CBC Derived - - Plaintext Soft Encryption and (CSP) (Cert. A2544) internally via form in reset/power decryption of SSH KDF virtual RAM cycle SSH session AES-GCM packets (Cert. A2544) Wrapping of KTS (AES-GCM) keying material (Cert. A2544) (when keys are part of the KTS (AES- payload) CBC/HMAC) (Cert. A2544) SSH Between 160 and HMAC-SHA-1 Derived - - Plaintext Soft Authentication Authentication 384 bits (Cert. A2544) internally via form in reset/power of SSH session Key SSH KDF virtual RAM cycle packets (CSP) HMAC-SHA2-256 (Cert. A2544) Wrapping of keying material HMAC-SHA2-384 (when keys are (Cert. A2544) part of the payload) Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 35

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys TLS Private Key Between 112 and RSA SigGen Generated Imported in PEM file - Plaintext Soft Authentication (CSP) 150 bits (FIPS186-4) internally via format via Web Interface form in reset/power during TLS (Cert. A2544) Approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual session form RAM only); negotiation Plaintext zeroization Imported in PEM file form on command format via CLI (over SSH) virtual in encrypted form flash/disk Imported by CO via CLI (over serial port) in plaintext form Never exported TLS Public Key Between 112 and RSA SigVer Generated Imported in PEM file - Plaintext Soft Authentication (PSP) 150 bits (FIPS186-4) internally via format via Web Interface form in reset/power during TLS (Cert. A2544) Approved DRBG (over TLS) in encrypted virtual RAM cycle (virtual session as part of CSR or form RAM only) negotiation self-signed Plaintext certificate Imported in PEM file form on generation format via CLI (over SSH) virtual in encrypted form flash/disk Never exported TLS Session Key 128 or 256 bits AES-CBC Derived - - Plaintext Soft Encryption and (CSP) (Cert. A2544) internally using form in reset/power decryption of the TLS Master virtual RAM cycle TLS session AES-CCM Secret via TLS packets (Cert. A2544) KDF Wrapping of AES-GCM keying material (Cert. A2544) (when keys are part of the KTS (AES-CCM) payload) (Cert. A2544) KTS (AES-GCM) (Cert. A2544) KTS (AESCBC/HMAC) (Cert. A2544) TLS Between 160 and HMAC-SHA-1 Derived - - Plaintext Soft Authentication Authentication 384 bits (Cert. A2544) internally using form in reset/power of TLS session Key the TLS Master virtual RAM cycle packets (CSP) HMAC-SHA2-256 Secret via TLS (Cert. A2544) KDF Wrapping of keying material HMAC-SHA2-384 (when keys are (Cert. A2544) part of the payload) KTS (AESCBC/HMAC) (Cert. A2544) SNMPv3 Privacy Between 128 and AES-CFB128 Derived Imported in PEM file - Plaintext Soft Encryption and Key 256 bits (Cert. A2544) internally using format via Web Interface form in reset/power decryption of (CSP) SNMP KDF (over TLS) in encrypted virtual RAM cycle SNMPv3 session form packets Imported in PEM file format via CLI (over SSH) in encrypted form Never exported Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 36

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys SNMPv3 Between 160 and HMAC-SHA-1 Derived Imported in PEM file - Plaintext Soft Authentication Authentication 384 bits (Cert. A2544) internally using format via Web Interface form in reset/power of SNMPv3 Key SNMP KDF (over TLS) in encrypted virtual RAM cycle session packets (CSP) HMAC-SHA2-256 form (Cert. A2544) Imported in PEM file HMAC-SHA2-384 format via CLI (over SSH) (Cert. A2544) in encrypted form Exported via TLS or SSH) in encrypted form SRTP Session 128 or 256 bits AES-CTR Derived - - Plaintext Soft Encryption and Key (Cert. A2544) internally using form in reset/power decryption of (CSP) SRTP Master Key virtual RAM cycle SRTP session via the SRTP KDF packets SRTP Between 160 and HMAC-SHA-1 Derived - - Plaintext Soft Authentication Authentication 384 bits (Cert. A2544) internally via form in reset/power of SRTP session Key SRTP KDF using virtual RAM cycle packets (CSP) HMAC-SHA2-256 SRTP Master Key (Cert. A2544) HMAC-SHA2-384 (Cert. A2544) SFTP Private Key Between 112 and RSA SigGen Generated Never imported - Plaintext Soft Authentication (CSP) 150 bits (FIPS186-4) internally via form in reset/power during SFTP (Cert. A2544) Approved DRBG Never exported virtual RAM cycle (virtual session RAM only); negotiation Plaintext zeroization form on command virtual flash/disk SFTP Public Key Between 112 and RSA SigVer Generated Never imported - Plaintext Soft Authentication (PSP) 150 bits (FIPS186-4) internally via form in reset/power during SFTP (Cert. A2544) Approved DRBG Exported in plaintext form virtual RAM cycle (virtual session as part of CSR or RAM only) negotiation self-signed Plaintext certificate form on generation virtual flash/disk Image 128 bits ECDSA SigVer Hardcoded in Never imported - Plaintext N/A Verification of Verification Key (FIPS186-4) the application form in new software (PSP) (Cert. A2544) binary Never exported virtual RAM upgrade image Plaintext form on virtual flash/disk Other SSPs SSH Shared Between 112 and KDF SSH Computed - - Plaintext Soft Input to SSH KDF Secret 256 bits (Cert. A2389) internally by form in reset/power for derivation of (CSP) KAS-ECC-SSC / virtual RAM cycle the SSH Session KAS-FFC-SSC Key and SSH Authentication Key TLS Pre-Master Between 112 and TLS v1.2 KDF RFC [for KAS-ECC- - - Plaintext Soft Input to KASSecret 256 bits 7627 SSC / KAS-FFC- form in reset/power FFC-SSC and (CSP) (Cert. A2389) SSC cipher virtual RAM cycle KAS-ECC-SSC for suites] computation of TLS v1.3 KDF Computed the TLS Master (Cert. A2389) internally by Secret KAS-ECC-SSC and KAS-FFC-SSC Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 37

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys TLS Master 384 bits TLS v1.2 KDF RFC Derived - - Plaintext Soft Input to TLS KDF Secret 7627 internally using form in reset/power for derivation of (CSP) (Cert. A2389) the TLS Pre- virtual RAM cycle the TLS Session Master Secret Key and TLS TLS v1.3 KDF via TLS KDF Authentication (Cert. A2389) Key SRTP Master Key 128 and 256 bits KDF SRTP [when module is [when module is calling - Plaintext Soft Input to SRTP (CSP) (Cert. A2389) calling side] side] Never imported; form in reset/power KDF for Generated Exported via SIP/TLS in virtual RAM cycle derivation of the internally via encrypted form SRTP Session Approved DRBG Key and SRTP [when module is Authentication answering side] Imported Key via SIP/TLS in encrypted form; Never exported Entropy Input 384 bits CKG Generated - - Plaintext End of DRBG Random number String (Vendor Affirmed) internally form in function, soft generation (CSP) virtual RAM reset/power SHA3-256 cycle (Cert. A2390) DRBG Seed 384 bits CKG Generated - - Plaintext Soft Random number (CSP) (Vendor Affirmed) internally using form in reset/power generation entropy input virtual RAM cycle Counter DRBG string (Cert. A2544) DRBG ‘Key’ 256 bits CKG Generated - - Plaintext Soft Random number Value (Vendor Affirmed) internally form in reset/power generation (CSP) virtual RAM cycle Counter DRBG (Cert. A2544) DRBG ‘V’ Value 128 bits CKG Generated - - Plaintext Soft Random number (CSP) (Vendor Affirmed) internally form in reset/power generation virtual RAM cycle Counter DRBG (Cert. A2544) SNMPv3 - KDF SNMP - Imported via Web - Plaintext Soft Used to derive Authentication (Cert. A2389) Interface (over TLS) in form in reset/power the SNMPv3 Password encrypted form virtual RAM cycle (virtual Authentication (CSP) RAM only) Key Imported via CLI (over SSH) in encrypted form The CO entering an allImported via CLI (over zero value serial port) in plaintext using the Web form Interface or CLI Imported in an INI file via Importing a Web Interface (over TLS) new .ini file in encrypted form with a zerovalue SNMPv3 Imported in an INI file via Authentication CLI (over SSH) in Password encrypted form Exported in an INI file via TLS or SSH in encrypted form Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 38

Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization47 Use & Related Name/Type and Cert. Number Keys SNMPv3 Privacy - KDF SNMP - Imported via Web - Plaintext Soft Used to derive Password (Cert. A2389) Interface (over TLS) in form in reset/power the SNMPv3 (CSP) encrypted form virtual RAM cycle (virtual Privacy Key RAM only) Imported via CLI (over SSH) in encrypted form The CO entering an allImported via CLI (over zero value serial port) in plaintext using the Web form Interface or CLI Imported in an INI file via Importing a Web Interface (over TLS) new .ini file in encrypted form with a zerovalue SNMPv3 Imported in an INI file via Privacy CLI (over SSH) in Password encrypted form Exported in an INI file via TLS or SSH in encrypted form AES GCM encryption is used in the context of several secure communications protocols. The module meets the (key/IV) pair uniqueness requirements from NIST SP 800-38D as follows:

1.3 protocol.

The mechanism for IV generation falls into scenario 5 in FIPS 140-3 IG C.H and is compliant with RFC 8446. Each session employs a “per-record nonce”, a 64-bit sequence number (or IV) maintained separately for reading and writing records. Each sequence number is set to 0 at the beginning of a connection and whenever the key is changed (the first record transmitted under a particular traffic key uses sequence number 0), and the appropriate sequence number is incremented by one after reading or writing each record. Because the size of sequence numbers is 64 bits, they should not wrap. If a sequence number needs to wrap, it is the responsibility of the module operator to either rekey or terminate the connection.

Page 39

the session, while the invocation counter is treated as a 64-bit integer and is incremented by one when performing an encryption of a new binary packet. If the invocation counter reaches its maximum value

264

264

the responsibility of the module operator to derive a new key and a new initial IV. The module also complies with the following RFCs:

9.2 RGB Entropy Sources

Table 11 below specifies the module’s entropy sources. Table 11

384 bits of entropy for seeding, the function is called four times and

returns 384 bits of entropy, thus exceeding the FIPS requirement of at least 112 bits of entropy. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 40

10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time a cryptographic module is powered on and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.

10.1 Pre-Operational Self-Tests

Pre-operational self-tests are executed automatically at module power-up without action from the module operator. The module performs the following pre-operational self-test(s):

10.2 Conditional Self-Tests

The module performs the following conditional self-tests:

48 KAT – Known Answer Test

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 41
10.3 Self-Test Failure Handling

Upon failure of a pre-operational self-test, conditional CAST, or conditional PCT , the module enters a “Fatal” error state, keys are zeroized, and the module is automatically reset, with reset reason of “FIPS Failure”. An error is written to syslog. All access to the cryptographic functionality and CSPs is disabled. All data outputs via data output interfaces are inhibited (with the exception of syslog status messages) and the management interfaces will not respond to any commands while the module is in this state. A successful reboot is needed to clear the error condition and return to a normal operational state. Upon failure of the conditional image verification test, the module enters a “Soft Error” state and with error status logged in syslog and the load process aborted. The error state is then automatically cleared, and the module resumes normal operation. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 42

11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

11.1 Secure Installation

The module is available as a file containing the virtual appliance image. The Crypto Officer is responsible for all initial setup activities, including configuring the virtual machine, installing the guest operating system, and installing the Mediant SBC application software. For detailed guidance regarding these activities, please see the AudioCodes Installation Manual, Mediant Virtual Edition (VE) SBC. To setup the module, the CO must follow the instructions found under the document entry “Installing Mediant VE SBC on VMware vSphere ESXi” for the Virtual Edition. Once the module is installed with network settings properly configured, the Crypto Officer must then enable Approved mode operation.

11.2 Initialization

The CO shall configure the module for Approved mode. operation This ensures that the system will use only Approved cryptographic algorithms and key strengths. To configure the module for operation in the Approved mode, the CO may use the CLI or the Web Interface. Please refer to the following documents for general information on the use of the module’s management interfaces:

Page 43
49 RADIUS – Remote Authentication Dial In User Service

Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 44
11.3 Startup

No additional startup steps are required to be performed by end-users.

11.4 Administrator Guidance

The Crypto Officer is responsible for initialization and security-relevant configuration and management of the module. Once installed, commissioned, and configured, the CO is responsible for maintaining the status of the module to ensure that it is running in its Approved mode. The Crypto Officer shall monitor the module’s status regularly. If any irregular activity is noticed, or the module is consistently reporting errors, customers should contact AudioCodes Customer Support. Please refer to section 11 for guidance that the Crypto Officer must follow for the module to be considered running in an Approved mode of operation.

11.4.1 Default Login Password

The module provides a default login password for first-time module access for the CO only. The CO is required to change the default login password as part of the initial configuration.

11.4.2 On-Demand Self-Tests

The pre-operational self-tests are automatically performed at power-up. The CO may initiate the pre-operational self-tests by issuing the reset command over the module’s management interfaces or power-cycling the host server or VM. Using the CLI, resetting the module is accomplished by issuing the reload now command. Using the Web interface, resetting the module is accomplished from the Maintenance Actions page (Setup menu -> Administration tab -> Maintenance folder -> Maintenance Actions) and clicking the <Reset> button on the toolbar.

11.4.3 Zeroization

There are many CSPs within the module’s cryptographic boundary including symmetric keys, private keys, public keys, and login password hashes. CSPs reside in virtual RAM, as well as on virtual storage media within the VM. All ephemeral keys used by the module are zeroized on reset and power cycle. Private keys and CSPs on the virtual machine’s flash and hard disk can be zeroized by using a CLI command. The public key used for the image verification test is stored in the virtual machine’s flash and hard disk and cannot be zeroized. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 45

Using the CLI, keys and CSPs are zeroized using the clear security-files command. Successful return from this command indicates the completion of the zeroization process. The SNMPv3 Authentication Password and SNMPv3 Privacy Password may be zeroized by the CO entering an allzero value using the Web Interface or CLI or importing a new .ini file with a zero value. Both methods will overwrite and zeroize these CSPs. Completion of the manual entry process or of the .ini file load process indicates the completion of the zeroization process.

11.4.4 Status and Versioning Information

On the first power up, the module is, by default, in an unconfigured operational state. During initial configuration and setup, the module is explicitly set to operate in the Approved mode of operation. Authorized operators can access the module via the CLI and determine the mode of the module.

11.4.5 Additional Administrator Guidance

The list below provides additional guidance for module administrators:

Page 46

write factory clear-keys-and-certs This can also be accomplished via the Software Upgrade wizard. When using the wizard, ensure that the “Use existing configuration” checkbox on the Load ini file wizard page is cleared and do not select a file to load. This will restore the module configuration back to factory default settings.

11.5 Non-Administrator Guidance

The User does not have the ability to configure sensitive information on the module, with the exception of their password. The User must be diligent to pick strong passwords and must not reveal their password to anyone. Additionally, the User should be careful to protect any secret or private keys in their possession. The following list provides additional policies below that must be followed by module operators:

Page 47

12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Therefore, per ISO/IEC 19790:2021 section 7.12, requirements for this section are not applicable. Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 48

Appendix A. Acronyms and Abbreviations Table 12 provides definitions for the acronyms and abbreviations used in this document. Table 12

Page 49

Term Definition ECDSA Elliptical Curve Digital Signature Algorithm EMC Electromagnetic Compatibility EMI Electromagnetic Interference FFC DH Finite Field Cryptography Diffie-Hellman FIPS Federal Information Processing Standard GbE Gigabit Ethernet Gbps Gigabits per second GCM Galois/Counter Mode GUI Graphical User Interface HA High Availability HDD Hard Disk Drive HMAC (Keyed-) Hash Message Authentication Code HTTPS Hypertext Transfer Protocol Secure ICE Interactive Connectivity Establishment IEEE Institute of Electrical and Electronics Engineers iLO Integrated Lights Out IP Internet Protocol IV Initialization Vector KAS Key Agreement Scheme KAS ECC SSC Key Agreement Scheme - Elliptical Curve Cryptography - Shared Secret Computation KAS FFC SSC Key Agreement Scheme - Finite Field Cryptography - Shared Secret Computation KAT Known Answer Test KDF Key Derivation Function LED Light Emitting Diode MAC Message Authentication Code Mbps Megabits per second MOS Mean Opinion Score N/A Not Applicable NAT Network Address Translation NIC Network Interface Card NIST National Institute of Standards and Technology NTP Network Time Protocol OAMP Operations, Administration, Maintenance, and Provisioning OS Operating System PBKDF2 Password-Based Key Derivation Function 2 PBX Private Branch Exchange Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 50

Term Definition PEM Privacy Enhanced Mail PKCS Public-Key Cryptography Standards PUB Publication QoE Quality of Experience QoS Quality of Service RADIUS Remote Authentication Dial In User Service RAM Random Access Memory RNG Random Number Generator RSA Rivest, Shamir, and Adleman RTCP Real-time Transport Control Protocol RTP Real-time Transport Protocol SAS Serial Attached Small Computer System Interface SBC Session Border Controller SDES Session Description Protocol Security Descriptions SDRAM Synchronous Dynamic Random Access Memory SFP Small Form-Factor Pluggable SFTP SSH (or Secure) File Transfer Protocol SHA Secure Hash Algorithm SHS Secure Hash Standard SIP Session Initiation Protocol SNMP Simple Network Management Protocol SP Special Publication SRTP Secure Real-Time Transport Protocol SSD Solid State Drive SSH Secure Shell TCP Transport Control Protocol TDM Time-Division Multiplexing TLS Transport Layer Security U Rack Unit UDP User Datagram Protocol U.S. United States USB Universal Serial Bus VGA Video Graphics Array VLAN Virtual Local Area Network VoIP Voice Over Internet Protocol Mediant Virtual Edition SBC and Cloud Edition SBC 7.6 ©2024 AudioCodes Ltd.

Page 51

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com