| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 12/26/2026 |
| Entropy | ENT (P) |
| Caveat | Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy |
| Vendor | Samsung Electronics Co., Ltd. |
| Hardware versions | MZILG960HCHQ-00AC9 [7, 8, 9], MZILG1T9HCJR-00AC9 [7, 8, 9], MZILG3T8HCLS-00AC9 [7, 8, 9], MZILG7T6HBLA-00AC9 [7, 8, 9], MZILG15THBLA-00AC9 [7, 8, 9], MZILG960HCHQ-00AD9 [3, 4], MZILG1T9HCJR-00AD9 [3, 4], MZILG3T8HCLS-00AD9 [3, 4], MZILG7T6HBLA-00AD9 [3, 4], MZILG3T8HCLS-00AG6 [15], MZILG3T8HCLS-00AG7 [14], MZILG3T8HCLS-00AVF [13], MZILG1T9HCJR-00AH9 [1, 2], MZILG3T8HCLS-00AH9 [1, 2], MZILG7T6HBLA-00AH9 [1, 2], MZILG15THBLA-00AH9 [1, 2], MZILG800HCHQ-00AC9 [10, 11, 12], MZILG1T6HCJR-00AC9 [10, 11, 12], MZILG3T2HCLS-00AC9 [10, 11, 12], MZILG800HCHQ-00AD9 [5, 6], MZILG1T6HCJR-00AD9 [5, 6], MZILG3T2HCLS-00AD9 [5, 6] |
| Algorithm | ACVP Cert |
|---|---|
| AES-XTS | A1767 |
| Counter DRBG | DRBG 2186 |
| RSA SigVer (FIPS186-4) | A1765 |
| SHA2-256 | A1766 |
| Requirement area | Level |
|---|---|
| Mitigation of Other Attacks | 2 |
flowchart LR
%% Deterministic review-risk graph for Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>3P00[1], 3P01[2], DXG0[3], DXG2[4], DZG0[5],…</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Update the firmware</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C6 clue;
class I1,I2,I3,I6 infer;
class R1,R2,R3,R6 risk;
class E1,E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>3P00[1], 3P01[2], DXG0[3], DXG2[4], DZG0[5],…</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Update the firmware</i><br/>src: securityPolicy.services"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2 clueHigh;
class C3,C6 clueLow;` Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series Document Version: 1.0 H/W Version: MZILG960HCHQ-00AC9, MZILG1T9HCJR-00AC9, MZILG3T8HCLS-00AC9, MZILG7T6HBLA-00AC9, MZILG15THBLA-00AC9, MZILG800HCHQ-00AC9, MZILG1T6HCJR-00AC9, MZILG3T2HCLS-00AC9, MZILG960HCHQ-00AD9, MZILG1T9HCJR-00AD9, MZILG3T8HCLS-00AD9, MZILG7T6HBLA-00AD9, MZILG800HCHQ-00AD9, MZILG1T6HCJR-00AD9, MZILG3T2HCLS-00AD9, MZILG3T8HCLS-00AG6, MZILG3T8HCLS-00AG7, MZILG3T8HCLS-00AVF, MZILG1T9HCJR-00AH9, MZILG3T8HCLS-00AH9, MZILG7T6HBLA-00AH9, MZILG15THBLA-00AH9 F/W Version: EXG0, EZG0, EXG5, EZG5, EXG6, EZG6, NA50, MS00, 3P00, 3P01, DXG0, DZG0, DXG2, DZG2 and LEB0
| Version | Changes |
|---|---|
| 1.0 | Initial version |
Revision History 1.0 Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| # | Section | Page |
|---|---|---|
| 1 | General | 4 |
| 1.1 | Scope | 4 |
| 1.2 | Acronyms | 4 |
| 1.3 | Security Levels | 4 |
| 2 | Cryptographic module specification | 5 |
| 2.1 | Hardware and Physical Perimeter | 5 |
| 2.2 | Firmware and Cryptographic Boundary | 6 |
| 2.3 | Version Information | 6 |
| 2.4 | Cryptographic Functionality | 7 |
| 2.4.1 | Approved Algorithm | 7 |
| 2.4.2 | Non-Approved Algorithm | 7 |
| 2.5 | Approved Mode of Operation | 7 |
| 3 | Cryptographic module interfaces | 8 |
| 4 | Roles, services, and authentication | 9 |
| 4.1 | Role | 9 |
| 4.2 | Approved service | 9 |
| 4.3 | Authentication | 11 |
| 5 | Software/Firmware security | 12 |
| 6 | Operational environment | 13 |
| 7 | Physical security | 14 |
| 8 | Non-invasive security | 15 |
| 9 | Sensitive security parameter management | 16 |
| 10 | Self-tests | 18 |
| 10.1 | Pre-operational Test | 18 |
| 10.2 | Conditional Test | 18 |
| 11 | Life-cycle assurance | 19 |
| 11.1 | C.Secure Installation | 19 |
| 11.2 | Operational Description of Module | 19 |
| 12 | Mitigation of other attacks | 20 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic module specification | 2 |
| 3 | 3 | Cryptographic module interfaces | 2 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 2 |
| 6 | 6 | Operational environment | N/A |
| 7 | 7 | Physical security | 2 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle assurance | 2 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Acronym | Description | ||
|---|---|---|---|
| CTRL | RGX Controller (SAMSUNG RGX SAS TLC/MLC SSD Controller) | ||
| DRAM I/F | Dynamic Random Access Memory Interface | ||
| LBA | Logical Block Address | ||
| MD/EE | Manual Distribution/Electronic Entry | ||
| MEK | Media Encryption Key | ||
| MSID | Manufactured SID (Security Identifier) | ||
| NAND I/F | NAND Flash Interface | ||
| NDRNG | Non-Deterministic Random Number Generator | ||
| PMIC | Power Management Integrated Circuit | ||
| ROM | Read Only Memory | ||
| SAS I/F | Serial Attached SCSI Interface | ||
| SED | Self-Encrypting Drive | ||
| SICOC | Self-Initiated Cryptographic Output Capability | ||
| SSC | Security Subsystem Class | ||
| SSP | Sensitive Security Parameter | ||
| TCG | Trusted Computing Group |
1.1. Scope herein after referred to as a “cryptographic module” or “module”, SSD (Solid State Drive), satisfies all applicable FIPS 1403 security level 2 requirements, supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES hardware engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase. 1.2. Acronyms Table
| Name | Model | Firmware Version | ||
|---|---|---|---|---|
| PM1653 | MZILG960HCHQ-00AC9 | 960GB | PM1653 | EXG0 EXG5 EXG6 |
| MZILG1T9HCJR-00AC9 | MZILG1T9HCJR-00AC9 | 1.9TB | ||
| MZILG3T8HCLS-00AC9 | MZILG3T8HCLS-00AC9 | 3.8TB | ||
| MZILG7T6HBLA-00AC9 | MZILG7T6HBLA-00AC9 | 7.6TB | ||
| MZILG15THBLA-00AC9 | MZILG15THBLA-00AC9 | 15TB | ||
| MZILG960HCHQ-00AD9 | MZILG960HCHQ-00AD9 | 960GB | DXG0 DXG2 | |
| MZILG1T9HCJR-00AD9 | MZILG1T9HCJR-00AD9 | 1.9TB | ||
| MZILG3T8HCLS-00AD9 | MZILG3T8HCLS-00AD9 | 3.8TB | ||
| MZILG7T6HBLA-00AD9 | MZILG7T6HBLA-00AD9 | 7.6TB | ||
| MZILG3T8HCLS-00AG6 | MZILG3T8HCLS-00AG6 | 3.8TB | NA50 | |
| MZILG3T8HCLS-00AG7 | MZILG3T8HCLS-00AG7 | 3.8TB | MS00 | |
| MZILG3T8HCLS-00AVF | MZILG3T8HCLS-00AVF | 3.8TB | LEB0 | |
| MZILG1T9HCJR-00AH9 | MZILG1T9HCJR-00AH9 | 1.9TB | 3P00 3P01 | |
| MZILG3T8HCLS-00AH9 | MZILG3T8HCLS-00AH9 | 3.8TB | ||
| MZILG7T6HBLA-00AH9 | MZILG7T6HBLA-00AH9 | 7.6TB | ||
| MZILG15THBLA-00AH9 | MZILG15THBLA-00AH9 | 15TB | ||
| PM1655 | MZILG800HCHQ-00AC9 | 800GB | PM1655 | EZG0 EZG5 EZG6 |
| MZILG1T6HCJR-00AC9 | MZILG1T6HCJR-00AC9 | 1.6TB | ||
| MZILG3T2HCLS-00AC9 | MZILG3T2HCLS-00AC9 | 3.2TB | ||
| MZILG800HCHQ-00AD9 | MZILG800HCHQ-00AD9 | 800GB | DZG0 DZG2 | |
| MZILG1T6HCJR-00AD9 | MZILG1T6HCJR-00AD9 | 1.6TB | ||
| MZILG3T2HCLS-00AD9 | MZILG3T2HCLS-00AD9 | 3.2TB |
2.2. Firmware and Cryptographic Boundary The PM1653/PM1655 series use a single chip controller with a SAS interface on the system side and Samsung NAND flash internally. The following figure depicts the Module operational environment. Figure
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Description/ Key Size(s)/ Key Strength(s) |
|---|---|---|---|---|---|
| AES / FIPS 197, SP 800-38E | A17671 | XTS | 256-bits | Data Encryption / Decryption | |
| CKG2/ SP800-133 Rev 2 | Vendor Affirmed | Section 4 Section 6.1 Section 6.3 | N/A | Symmetric Cryptographic Key Generation | |
| DRBG / SP 800-90A Rev. 1 | DRBG 2186 | CTR_DRBG (AES-256) | N/A | Deterministic Random Bit Generation | |
| RSA / FIPS 186-4 | A1765 | PKCS PSS | 3072-bits | Digital Signature Verification | |
| SHS / FIPS 180-4 | A1766 | SHA-256 | N/A | Message Digest | |
| ENT (P) / SP800-90B | E43 | N/A | N/A | ENT (P) provides a minimum of 256 bits of entropy for DRBG seed | |
| AES-XTS / FIPS 197, SP 800-38E | AES-XTS / FIPS 197, SP 800-38E | No Security Claimed; AES-XTS is only used for firmware decryption during ROM initialized. | Firmware Decryption | ||
| AES-CCM / FIPS 197, SP 800-38C | AES-CCM / FIPS 197, SP 800-38C | No Security Claimed; Non-approved algorithms here are only used for encrypting or obfuscating the CSP | Key Encryption and Decryption | ||
| PBKDF2 | PBKDF2 | Key Derivation | |||
| HMAC / SHA-256 (SHS Cert.# A1766) | HMAC / SHA-256 (SHS Cert.# A1766) | Key Derivation |
2.4. Cryptographic Functionality 2.4.1. The cryptographic module supports the following approved algorithms for secure data storage: N/A N/A N/A N/A N/A 2.4.2. Following algorithms are not intended to be used as a security function, and not used whatsoever to meet any FIPS 1403 requirements. These algorithms are not provided through a non-approved service to an operator. 2.5. The cryptographic module has only one mode of operation, which is the approved mode of operation. The operator is responsible for following the guidance outlined in section 12. The module shows the approved mode through validated version status by Show Status Service and in Table 8 via SCSI Inquiry command. AES-ECB is the pre-requisite for AES-XTS; AES-ECB alone is NOT supported by the cryptographic module in approved mode. CKG is applied to generate the MEK in compliance with sections 4, 6.1 and 6.3 of SP800-133. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| SAS Connector | SAS Connector | Data Input | plaintext data; signed data; authentication data |
| Data Output | Data Output | plaintext data; | |
| Control Input | Control Input | commands input logically via an API (e.g. for the software and firmware components of the cryptographic module); signals input logically or physically via one or more physical ports (e.g. for the hardware components of the cryptographic module); | |
| Status Output | Status Output | status information output logically via an API; signal outputs logically or physically via one or more physical ports; | |
| Power Input | Power Input | Power input |
Table 6. Ports and Interfaces Note: The module does not implement the Control Output Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | W | Z | G |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Change the Password. | Crypto Officer (CO) | CO Password | Status | ||||||||
| Set User Password | User | User Password | Status | ||||||||
| Lock/Unlock an LBA Range | CO and User | LBA Range | Status | ||||||||
| Erase an LBA Range’s Data | LBA Range | Status | |||||||||
| Update the firmware | Firmware Loader (FL)3 | Firmware Image | Status | ||||||||
| Change the Password. | Change CO password | CO | CO Password | SHA-256 | O | UID: AdminSP_SID_C_PIN / AdminSP_Admin1_C_PIN TCG Method: Set Result: TCG status code | O | O | |||
| Set User Password | Set User Password | User | User Password | SHA-256 | O | UID: LockingSP_Admin1~4_C_PIN / LockingSP_User1~9_C_PIN TCG Method: Set Result: TCG status code | O | O | |||
| Lock/Unlock an LBA Range | Block or allow read (decrypt) / write (encrypt) of user data. | CO, User | MEK | AES-XTS | O | UID: Locking_GlobalRange / Locking_RangeNNNN TCG Method: Set Result: TCG status code | O | O | |||
| Erase an LBA Range’s Data | Erase user data by changing the data encryption key. | DRBG Internal State | CTR_ DRBG (AES-256) | O | UID: K_AES_256_GlobalRange_Key / K_AES_256_RangeNNNN_Key TCG Method: Erase Result: TCG status code | O | O | O | |||
| MEK | MEK | O | O | O | |||||||
| Update the firmware | Update the firmware | FL | Firmware Verification Key | RSA | O | WRITE BUFFER Command Result : Status Code |
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | W | Z | G |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Change the Password. | Crypto Officer (CO) | CO Password | Status | ||||||||
| Set User Password | User | User Password | Status | ||||||||
| Lock/Unlock an LBA Range | CO and User | LBA Range | Status | ||||||||
| Erase an LBA Range’s Data | LBA Range | Status | |||||||||
| Update the firmware | Firmware Loader (FL)3 | Firmware Image | Status | ||||||||
| Change the Password. | Change CO password | CO | CO Password | SHA-256 | O | UID: AdminSP_SID_C_PIN / AdminSP_Admin1_C_PIN TCG Method: Set Result: TCG status code | O | O | |||
| Set User Password | Set User Password | User | User Password | SHA-256 | O | UID: LockingSP_Admin1~4_C_PIN / LockingSP_User1~9_C_PIN TCG Method: Set Result: TCG status code | O | O | |||
| Lock/Unlock an LBA Range | Block or allow read (decrypt) / write (encrypt) of user data. | CO, User | MEK | AES-XTS | O | UID: Locking_GlobalRange / Locking_RangeNNNN TCG Method: Set Result: TCG status code | O | O | |||
| Erase an LBA Range’s Data | Erase user data by changing the data encryption key. | DRBG Internal State | CTR_ DRBG (AES-256) | O | UID: K_AES_256_GlobalRange_Key / K_AES_256_RangeNNNN_Key TCG Method: Erase Result: TCG status code | O | O | O | |||
| MEK | MEK | O | O | O | |||||||
| Update the firmware | Update the firmware | FL | Firmware Verification Key | RSA | O | WRITE BUFFER Command Result : Status Code |
Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | |||
|---|---|---|---|---|---|---|---|---|---|
| Show Status8 | Show the module status - FIPS fail mode | N/A | N/A | N/A | INQUIRY Command Result : Status Code | ||||
| Show Version9 | Show module version | N/A | N/A | SECURITY PROTOCOL IN 00h, 02h, 02h, 01h Result: Status Code | |||||
| Authentication | Authenticate the module | CO Password | SHA-256 | O | UID: AdminSP_SID / AdminSP_Admin1 / LockingSP_Admin1~4 / LockingSP_User1~9 TCG Method: Authenticate Result: TCG status code | ||||
| User Password | User Password | O | |||||||
| Get Random Number | Provide a random number generated by the CM. | DRBG Internal State | CTR_ DRBG (AES-256) | O | UID: ThisSP TCG Method: Random Result: TCG status code | O | |||
| IO Command10 | Read/Write user data | MEK | AES-XTS | O | WRITE / READ Command Result : Status Code | ||||
| Revert | Erase user data in all Range by changing the data | DRBG Internal State | CTR_ DRBG (AES-256) | O | UID: SPObj(AdminSP) TCG Method: Revert Result: TCG status code | O | |||
| MEK | MEK | O | O | O | |||||
| Sanitize | Erase user data by changing the data encryption key. | DRBG Internal State | CTR_ DRBG (AES-256) | O | SANITIZE Command Result : Status Code | O | O | O | |
| MEK | MEK | O | O | O |
The following table shows unauthenticated services. It is initially possible to use the services in following table without authentication. The operator can configure the setting that complied with Samsung SAS, TCG spec. e E W G Z N/A N/A N/A N/A O O O N/A O O O O O O O O O O O O O O Table
7 The module only supports approved services in an approved manner. The module uses implicit indicators through the result of the SCSI or
9 The cryptographic module shows the hardware version and firmware version through the ‘COMPLIANCE DESCRIPTOR HARDWARE VERSION’
and ‘COMPLIANCE DESCRIPTOR VERSION’ of FIPS 140 compliance descriptor Structure.
10 Through Step3 to Step4 in the Section 12.1, the procedure handled by EraseMaster (CO) enforces to configure SICOC functionality which
Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Role | Authentication Method | Authentication Strength |
|---|---|---|
| CO | Password (Min: 8 bytes, Max: 32 bytes) | Probability of 1/264 in a single random attempt. Probability of 80/264 in multiple random attempts in a minute. |
| User | ||
| FL | RSA signature verification | Probability of 1/2128 in a single random attempt. Probability of 6000/2128 in multiple random attempts in a minute. |
4.3. The module supports role-based authentication that requires authentication to assume for the authorization of each role. Table 10. Roles and Authentication The CO and User role requires password-based authentication, where each byte can be any of 0x00 to 0xFF. Each password authentication failure holds the cryptographic module for 750ms. This restricts the maximum attempts for a one-minute to less than 80 attempts (60,000ms/750ms) no matter how large Trylimit 11 is set. The FL role is implemented by RSA signature verification. The firmware signed by Samsung is authenticated by verifying the 3072-bit RSA signature which has 128 security strength in every power-on. Each signature verification attempt takes at least 10ms. This can be enforced with up to 6,000 attempts in a minute. Trylmit is maximum number of failed authentication attempts that are able to be made using password for each role. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
5. Software/Firmware security The cryptographic module implements the 482 bytes per 4KB error detection code and SHA-256 hash verification for firmware integrity test. The firmware integrity test is performed every power on reset. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
6. Operational environment The cryptographic module operates in a limited operational environment that is consist of the module’s firmware. This operational environment does not require any specific security rules, settings/configurations or restrictions to be set. The cryptographic module does not provide any general-purpose operating system to the operator. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Physical Security Mechanisms | Recommended Frequency of Inspection/Test | Inspection/Test Guidance Details |
|---|---|---|
| Production grade cases | As often as feasible | Inspect the entire perimeter for cracks, gouges, lack of screw(s) and other signs of tampering. Remove from service if tampering found. |
| Tamper-evident sealing labels | Inspect the sealing labels for scratches, gouges, cuts and other signs of tampering. Remove from service if tampering found. |
The following physical security mechanisms are implemented in the cryptographic module:
2 tamper-evident labels are applied over both top and bottom cases of the module at the Samsung manufacturing. The
tamper-evident labels cannot be removed and reapplied without remaining tamper evidence. The following table summarizes the actions required by the Crypto Officer Role to ensure that physical security is maintained: Figure 3. Module Seal Application Location Samsung Electronics Co., Ltd. SSD FIPS Security Policy
8. Non-invasive security Non-invasive security has not applicable for this cryptographic module. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | Key / SSP Name/ Type | Zeroisation |
|---|---|---|---|---|---|---|---|---|
| MEK | 256-bit | CTR_ DRBG (AES-256) / DRBG 2186 | SP 800-90A CTR_DRBG (AES-256) | N/A | N/A (HW IP internal) | N/A | DRBG Internal State12 | Power on Reset |
| MEK | 256-bit Nonce: 128-bit | CTR_ DRBG (AES-256) / DRBG 2186 | ENT (P) | N/A | N/A (HW IP internal) | N/A | DRBG Seed | Power on Reset |
| MEK | 256-bit | CTR_ DRBG (AES-256) / DRBG 2186 | ENT (P) | N/A | N/A (HW IP internal) | N/A | DRBG Entropy Input String | Power on Reset |
| N/A | Min. 64- bit | N/A | N/A | N/A | RAM | MD/EE | CO Password | Power on Reset |
| N/A | Min. 64- bit | N/A | N/A | N/A | RAM | MD/EE | User Password | Power on Reset |
| N/A | 128-bit | SHA-256 / A1766 | Hashed from Password as per SHA-256 | N/A | Flash | N/A | Hashed CO Authentica tion Data | Via “Change the Password” and Revert” service |
| N/A | 128-bit | SHA-256 / A1766 | Hashed from Password as per SHA-256 | N/A | Flash | N/A | Hashed User Authentica tion Data | Via “Set User Password” and Revert” service |
| N/A | 256-bit | CKG / AES-XTS / A1767 | SP800-133Rev2/ SP 800-90A CTR_DRBG (AES-256) | N/A | Plain Text in RAM, Flash | N/A | MEK | Via “Lock an LBA Range”, “Erase an LBA Range’s Data”, “Revert” and “Sanitize” service |
| Firmware load test | 128-bit | RSA / A1765 | N/A | N/A | HW SFR | Entered during manufact uring | Firmware Verification Key | Right after FW load test |
| Flash | Flash | N/A |
Samsung Electronics Co., Ltd. SSD FIPS Security Policy N/A N/A N/A N/A N/A N/A
| Name | Key Size | |
|---|---|---|
| Details | Minimum Number of Bits of Entropy | Entropy Sources |
| Provides entropy input and Nonce to construct Entropy source seed for CTR_DRBG The number of bits input/output to the derivation function are n =3072 and in n =384. out | - 0.2262 entropy per bit - Minimum of 256 bits of entropy for DRBG seed (total seed length of 384 bits). | Cert #E43 ENT (P) |
The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. nout=384. Table 13. Non-Deterministic Random Number Generation Specification Samsung Electronics Co., Ltd. SSD FIPS Security Policy
| Name | Algorithm Or Test | Test Type | Details |
|---|---|---|---|
| SHS | SHS | KAT | SHA-256 hash digest |
| DRBG | DRBG | KATs | SP 800-90A Section 11.3 Health Tests of CTR_DRBG (AES-256) |
| AES | AES | KAT | AES-256 XTS mode encryption and decryption |
| SHS | SHS | KAT | SHA-256 hash digest |
| RSA | RSA | KAT | RSA-3072 signature verification |
11. Life-cycle assurance The cryptographic module can operate in approved mode once shipped from the vendor's manufacturing site. The followings describe the security rules for secure installation and operation which the cryptographic module and Crypto Officer shall be enforced under FIPS 140-3 security level 2 compliant manner: 11.1. C.Secure Installation
| Other Attacks | Mitigation | Specific Limitations | |
|---|---|---|---|
| Mechanism | |||
| N/A | N/A | N/A |
The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. N/A N/A N/A Table 15. Mitigation of Other Attacks Samsung Electronics Co., Ltd. SSD FIPS Security Policy