| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 2/9/2030 |
| Caveat | None |
| Vendor | Ultra Intelligence and Communications |
flowchart LR
%% Deterministic review-risk graph for Edge Security Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>IKEV<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Edge Security Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>IKEV<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Ultra Intelligence and Communications Edge Security Cryptographic Module
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Hardware | 6 |
| Table 3: Modes List and Description | 7 |
| Table 4: Approved Algorithms | 9 |
| Table 5: Vendor-Affirmed Algorithms | 9 |
| Table 6: Security Function Implementations | 12 |
| Table 7: Entropy Certificates | 14 |
| Table 8: Entropy Sources | 14 |
| Table 9: Ports and Interfaces | 15 |
| Table 10: Authentication Methods | 17 |
| Table 11: Roles | 17 |
| Table 12: Approved Services | 42 |
| Table 13: Mechanisms and Actions Required | 44 |
| Table 14: Storage Areas | 45 |
| Table 15: SSP Input-Output Methods | 46 |
| Table 16: SSP Zeroization Methods | 46 |
| Table 17: SSP Table 1 | 51 |
| Table 18: SSP Table 2 | 56 |
| Table 19: Pre-Operational Self-Tests | 56 |
| Table 20: Conditional Self-Tests | 59 |
| Table 21: Pre-Operational Periodic Information | 60 |
| Table 22: Conditional Periodic Information | 62 |
| Table 23: Error States | 62 |
This is a non-proprietary cryptographic module security policy for the Ultra Intelligence & Communications Edge Security Cryptographic Module with firmware version 1.0 (hereinafter called ESM or the Module). The module is validated at the FIPS 140-3 overall level 2.
Section Title Security Level
Overall Level 2 Table 1: Security Levels
Purpose and Use: The module primarily acts as a network boundary protection device by using IPsec VPN or VLAN encryption services. Furthermore, it employs firewall and industrial control protocol packet inspection to provide defense-in-depth capabilities to prevent malicious attacks. The module offers Web GUI management via HTTPS using TLS v1.2 or TLS v1.3. Module Type: Hardware Module Embodiment: MultiChipEmbed Module Characteristics: Cryptographic Boundary: The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case and shown in the figures below.
Figure 1: ESM Module Bottom J4 Connector (Ethernet Port 1) J3 Connector (Ethernet Port Figure 2: ESM Module Top
Tested Module Identification
The exposed electronic components (C16, R45, U11, C15, R46, R47, C18, C20, C21, C22, C23, C24, C27, R39, R40, R41, R44, R54 and TP4) in Figure 2 above are either capacitors or
resistors associated with the power supply circuitry. They are excluded from the physical security requirements as they are only power supply circuitry related (non-security relevant).
Modes List and Description: Mode Name Description Type Status Indicator Approved The module is only operated in Approved mode of Approved N/A Mode operation. Table 3: Modes List and Description The module is only operated in Approved mode of operation. The module doesn’t support nonapprove mode or non-complaint state mode.
Approved Algorithms: Algorithm CAVP Properties Reference Cert AES-CBC A3316 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CBC A3318 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CCM A3316 Key Length - 128, 192, 256 SP 800-38C AES-CCM A3318 Key Length - 128, 192, 256 SP 800-38C AES-ECB A3316 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM A3316 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 AES-GCM A3318 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 Counter DRBG A3316 Prediction Resistance - No, Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - No ECDSA A3316 Curve - P-256, P-384, P-521 FIPS 186-4 KeyGen Secret Generation Mode - Testing Candidates (FIPS186-4) ECDSA SigGen A3316 Component - No FIPS 186-4 (FIPS186-4) Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2512, SHA3-256, SHA3-384, SHA3-512
Algorithm CAVP Properties Reference Cert ECDSA SigVer A3316 Component - No FIPS 186-4 (FIPS186-4) Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2512, SHA3-256, SHA3-384, SHA3-512 HMAC-SHA-1 A3316 Key Length - Key Length: 128 FIPS 198-1 HMAC-SHA2- A3316 Key Length - Key Length: 128 FIPS 198-1 HMAC-SHA2- A3318 Key Length - Key Length: 128 FIPS 198-1 HMAC-SHA2- A3316 Key Length - Key Length: 192 FIPS 198-1 HMAC-SHA2- A3318 Key Length - Key Length: 192 FIPS 198-1 HMAC-SHA2- A3316 Key Length - Key Length: 256 FIPS 198-1 HMAC-SHA2- A3318 Key Length - Key Length: 256 FIPS 198-1 KAS-ECC-SSC A3316 Domain Parameter Generation Methods - P-256 SP 800-56A Sp800-56Ar3 Scheme - Rev. 3 ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A3316 Domain Parameter Generation Methods - FB, FC, SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, Rev. 3 MODP-2048 Scheme dhEphem KAS Role - initiator, responder KDF IKEv2 A3316 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 (CVL) Hellman Shared Secret Length: 224-8192 Rev. 1 Increment 8 Derived Keying Material Length - Derived Keying Material Length: 1024-16384 Increment 8, Derived Keying Material Length: 384-16384 Increment 8 Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512 KDF SNMP A3316 Password Length - Password Length: 64, 8192 SP 800-135 (CVL) Rev. 1 RSA KeyGen A3316 Key Generation Mode - B.3.3 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072 Primality Tests - Table C.2 Private Key Format - Standard RSA SigGen A3316 Signature Type - PKCS 1.5 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072 RSA SigVer A3316 Signature Type - PKCS 1.5 FIPS 186-4 (FIPS186-4) Modulo - 1024, 2048, 3072 Safe Primes A3316 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Key Generation ffdhe4096, ffdhe6144, MODP-2048 Rev. 3
Algorithm CAVP Properties Reference Cert SHA-1 A3316 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A3316 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A3318 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-384 A3316 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-384 A3318 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-512 A3316 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-512 A3318 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 TLS v1.2 KDF A3316 Hash Algorithm - SHA2-256, SHA2-384 SP 800-135 RFC7627 Rev. 1 (CVL) TLS v1.3 KDF A3316 HMAC Algorithm - SHA2-256, SHA2-384 SP 800-135 (CVL) KDF Running Modes - DHE, PSK, PSK-DHE Rev. 1 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key Ultra I&C The cryptographic module performs Type:Asymmetric OpenSSL Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms:
Name Type Description Properties Algorithms KAS-ECC- KAS-KeyGen KAS-ECC keypair Counter DRBG KeyGen generation KAS-FFC- KAS-KeyGen KAS-FFC keypair Counter DRBG KeyGen generation Safe Primes Key Generation TLS KAS KAS-135KDF KAS with TLSv1.2 Bit-strength KAS-ECC(ECC) KDF or TLSv1.3 KDF Caveat:providing SSC Sp800between 128 56Ar3 and 256 bits of TLS v1.2 KDF encryption RFC7627 strength TLS v1.3 KDF TLS-KTS (AES- KTS-Wrap KTS wrap with AES- Bit-strength AES-GCM GCM) GCM Caveat:providing between 128 and 256 bits of encryption strength TLS-KTS (AES KTS-Wrap KTS wrap with AES Bit-strength AES-CBC and HMAC) and HMAC Caveat:providing HMAC-SHA2between 128 256 and 256 bits of HMAC-SHA2encryption 384 strength HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 TLS RSA AsymKeyPair- RSA key gen RSA KeyGen KeyGen KeyGen (FIPS186-4) keysize: 2048, 3072 Counter DRBG TLS RSA DigSig- RSA SigGen RSA SigGen SigGen SigGen (FIPS186-4) Keysize: 2048, 3072 TLS RSA DigSig-SigVer RSA SigVer RSA SigVer SigVer (FIPS186-4) Keysize: 2048, 3072 IPSec/IKE KAS KAS-135KDF KAS with IKEv2 KDF Bit-strength KAS-ECC(ECC) Caveat:Providing SSC Sp800between 128
Name Type Description Properties Algorithms and 256 bits of 56Ar3 encryption KDF IKEv2 strength IPSec/IKE KAS KAS-135KDF KAS with IKEv2 KDF Bit-strength KAS-FFC-SSC (FFC) Caveat:Providing Sp800-56Ar3
encryption strength IPSec/IKE AsymKeyPair- ECDSA KeyGen ECDSA ECDSA KeyGen KeyGen KeyGen (FIPS186-4) Counter DRBG IPSec/IKE DigSig- ECDSA SigGen ECDSA ECDSA SigGen SigGen SigGen (FIPS186-4) IPSec/IKE DigSig-SigVer ECDSA SigVer ECDSA SigVer ECDSA SigVer (FIPS186-4) IPSec/IKE RSA AsymKeyPair- RSA KeyGen RSA KeyGen KeyGen KeyGen (FIPS186-4) Keysize: 2048, 3072 Counter DRBG IPSec/IKE RSA DigSig- RSA SigGen RSA SigGen SigGen SigGen (FIPS186-4) Keysize: 2048, 3072 IPSec/IKE RSA DigSig-SigVer RSA SigVer RSA SigVer SigVer (FIPS186-4) keysize: 2048, 3072 IPSec Session BC-Auth IPSec/IKEv2 session AES-CBC Encrypt/Decrypt BC-UnAuth protection AES-CCM AES-GCM AES-CBC AES-CCM AES-GCM IPSec Session MAC IPSec Session HMAC-SHA2Authentication Authentication 256 HMAC-SHA2HMAC-SHA2HMAC-SHA2HMAC-SHA2HMAC-SHA2SHA2-256
Name Type Description Properties Algorithms SHA2-384 SHA2-512 SHA2-256 SHA2-384 SHA2-512 SNMP Session BC-UnAuth SNMPv3 AES-CBC Encrypt/Decrypt Encryption/Decryption SNMP Session MAC SNMPv3 HMAC-SHA-1 Authentication authentication VLAN Session BC-Auth VLAN session AES-CBC Encrypt/Decrypt BC-UnAuth encryption/decryption AES-CCM AES-ECB VLAN Session MAC VLAN session HMAC-SHA-1 Authentication authentication HMAC-SHA2SHA-1 SHA2-256 Firmware Load AsymKeyPair- Firmware load test RSA SigVer KeyVer (FIPS186-4) keysize: 4096 SHA2-256 TLS Session BC-Auth TLSv1.2/v1.3 AES-CBC Encrypt/Decrypt BC-UnAuth Encryption/Decryption AES-GCM TLS Session MAC TLSv1.2/v1.3 session HMAC-SHA2Authentication authentication 256 HMAC-SHA2HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 TLS Keying KAS-135KDF TLS session keying TLS v1.2 KDF Materials materials, used to RFC7627 Development derive TLS session TLS v1.3 KDF keys IPSec/IKE KAS-135KDF IPSec/IKE session KDF IKEv2 Keying keying materials, Materials used to derive Development IPSec/IKE session keys SNMP Keying KAS-135KDF SNMP session keying KDF SNMP Materials materials, used to Development derive SNMP session keys DRBG Function DRBG DRBG generation Counter DRBG Table 6: Security Function Implementations
There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in section 2.5. Notes:
1.3 provides session resumption, but the resumption procedure derives new AES-GCM
encryption keys.
Cert Vendor Name Number E109 Ultra Intelligence & Communications Table 7: Entropy Certificates Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample Ultra I&C Edge Security Physical Marvel 9130 8 bits 6.682 SHA2-256 Module Entropy Source CPU (A3318) Table 8: Entropy Sources
The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90Ar1 CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H).
The module provides the following key/SSP establishment services in the approved mode of operation:
The module supports TLS 1.2/1.3, SNMPv3 and IPsec/IKEv2. The module also supports VLAN encryption. The encryption uses AES ECB/CBC with HMAC, or AES-CCM with key size of 128 or 256 bits. Please refer to SSPs Table for more information.
Physical Port Logical Data That Passes Interface(s) Ethernet Port 1, Data Input Data input into the module for all the services defined in Ethernet Port 2 Tables 8-11, including TLSv1.2, TLSv1.3, IPsec/IKEv2 and VLAN Encryption services data Ethernet Port 1, Data Output Data input into the module for all the services defined in Ethernet Port 2 Tables 8-11, including TLSv1.2, TLSv1.3, IPsec/IKEv2 and VLAN Encryption services data Ethernet Port 1, Control Control data input into the module for all the services Ethernet Port 2 Input defined in Tables 8-11, including TLSv1.2, TLSv1.3, and RESET PIN IPsec/IKEv2 and VLAN Encryption services data. RESET Pin is used to send the control signal to reset the module Ethernet Port 1, Status Status Information output from the module Ethernet Port 2 Output and GPIO status PIN Table 9: Ports and Interfaces
Method Description Security Strength Strength per Name Mechanism Each Minute Attempt Password- The minimum length Password The The probability of based is eight (8) characters Based probability successfully Authentication (94 possible that a random authenticating to the characters). The attempt will module within one probability that a succeed or a minute is 10/(94^8). random attempt will false Please refer to succeed or a false acceptance Description section acceptance will occur will occur is in this table for more is 1/(94^8) which is 1/(94^8). details less than 1/1,000,000. Please refer As the module to Description supports at most ten section in this failed attempts to table for more authenticate in a one- details minute period, the probability of successfully
Method Description Security Strength Strength per Name Mechanism Each Minute Attempt authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing
choose from in total. RSA-based The modules support RSA SigVer The the probability of Authentication RSA public-key based (FIPS186-4) probability successfully authentication (A3316) that a random authenticating to the mechanism using a attempt will module within a one minimum of RSA succeed is minute period is
provides 112 bits of Please refer 1,020,000/(2^112). security strength. The to Description Please refer to probability that a section in this Description section random attempt will table for more in this table for more succeed is 1/(2^112) details details which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000.
Method Description Security Strength Strength per Name Mechanism Each Minute Attempt ECDSA- The modules support ECDSA The the probability of based ECDSA public-key SigVer probability successfully Authentication based authentication (FIPS186-4) that a random authenticating to the mechanism using a (A3316) attempt will module within a one minimum of curve P- succeed is minute period is 256, which provides 1/(2^128) 17,000 * 60 =
strength. The than Please refer to probability that a 1/1,000,000. Description section random attempt will Please refer in this table for more succeed is 1/(2^128) to Description details which is less than section in this 1/1,000,000. For table for more multiple attacks during details a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. Table 10: Authentication Methods
Name Type Operator Type Authentication Methods 3e-Local Identity Crypto Officer Password-based Authentication 3e-CryptoOfficer Identity Crypto Officer Password-based Authentication 3e-Administrator Identity User Password-based Authentication End User Identity User RSA-based Authentication ECDSA-based Authentication Table 11: Roles
The module supports Identity-based authentication mechanism. Each entity is authenticated by the module upon initial access to the module. There are four roles supported by the module: 3eLocal (Role: Crypto Officer), 3e-CyrptoOfficer (Role: Crypto Officer), 3e-Administrator (Role: User) and End User (Role: User), as detailed below. 3e-Local: This role is defined as a Crypto Officer role and performs all security functions provided by the module. This role performs cryptographic initialization and management functions (e.g., module initialization, input/output of cryptographic keys, audit functions and Operator account management). 3e-Local Role is responsible for managing (creating, deleting) 3e-CryptoOfficer role and 3e-Administrator role. 3e-CryptoOfficer: This role is defined as a Crypto Officer role and inherits all 3e-Local privileges except the ability to create and manage users locally. 3e-Administrator: This role is defined as a User role performs general module configuration. No security management functions are available to the Administrator. The Administrator can also reboot the module if deemed necessary. The Administrator authenticates to the module using a username and password. All Administrators are identical, i.e., they have the same set of services available. End User: This role is defined as a User role and sets up VPN tunnel using IKEv2 to the module and send or receive data to and from the module. End User Role can only use the cryptographic service but cannot configure the device. The End User role is authenticated via its digital certificate and its knowledge of the corresponding private key. The module does not support concurrent operator service.
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Create Create N/A Command Status of None 3e-Local User User s to create the - 3e-Local Account Accounts the other completion Password: role’s of account W,Z account status - 3eCryptoOffic er Password: W,Z - 3eAdministrat or Password: W,Z Configure Command N/A Command Status of None 3e-Local Network s to s to the 3econfigure configure completion CryptoOffic the the of network er network network configurati 3eon status Administrat or
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Show Command N/A Command Module’s None 3e-Local Status used to used to operational 3eshow show status CryptoOffic Module’s Module’s er Status Status 3eAdministrat or Show Show N/A Command Module’s None 3e-Local Version module’s to show ID and 3eID and Module's versioning CryptoOffic versioning ID and information er information version 3eAdministrat or 3e-Local 3e-Local N/A 3e-Local Status of None 3e-Local Authenticat role authenticat the 3e- - 3e-Local ion authenticat ion request Local Password: ion authenticat W ion - 3e-Local Password: Z 3e- 3e- N/A 3e- Status of None 3eCryptoOffic CryptoOffic CryptoOffic the 3e- CryptoOffic er er role er CryptoOffic er Authenticat authenticat authenticat er - 3eion ion ion request authenticat CryptoOffic ion er Password: W,Z 3e- 3e- N/A 3e- Status of None 3eAdministrat Administrat Administrat the 3e- Administrat or or role or Administrat or Authenticat authenticat authenticat or - 3eion ion ion request authenticat Administrat ion or Password: W,Z End User End User N/A End User Status of None End User Authenticat role authenticat the End ion authenticat ion request User IPSec/IKE ion authenticat Pre-shared ion Secret: W,Z Perform Zeroize all N/A Command Status of None 3e-Local Zeroization SSPs to zeroize the SSPs - DRBG the module zeroization Entropy Input: Z - DRBG
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Seed: Z - DRBG Internal State V Value: Z - DRBG Key: Z - 3e-Local Password: Z - 3eCryptoOffic er Password: Z - 3eAdministrat or Password: Z - Firmware Load Test Key: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption Key: Z - TLS Authenticat ion Key: Z - IPsec/IKE DH Private Key: Z IPSec/IKE DH Public Key: Z IPSec/IKE Peer DH Public Key: Z IPSec/IKE DH Shared Secret: Z IPSec/IKE ECDH Private Key: Z IPSec/IKE ECDH Public Key: Z IPSec/IKE Peer ECDH Public Key: Z IPSec/IKE ECDH Shared Secret: Z IPSec/IKE ECDSA Private Key: Z IPSec/IKE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access ECDSA Public Key: Z IPSec/IKE RSA Private Key: Z IPSec/IKE RSA Public Key: Z IPSec/IKE Pre-shared Secret: Z SKEYSEE D: Z IPSec/IKE Encryption Key: Z IPSec/IKE Authenticat ion Key: Z - SNMPv3 Shared Secret: Z - SNMPv3 Encryption Key: Z - SNMPv3 Authenticat ion Key: Z - VLAN Encryption Key: Z - VLAN Authenticat ion Key: Z 3eCryptoOffic er - DRBG Entropy Input: Z - DRBG
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Seed: Z - DRBG Internal State V Value: Z - DRBG Key: Z - 3e-Local Password: Z - 3eCryptoOffic er Password: Z - 3eAdministrat or Password: Z - Firmware Load Test Key: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption Key: Z - TLS Authenticat ion Key: Z - IPsec/IKE DH Private Key: Z IPSec/IKE DH Public Key: Z IPSec/IKE Peer DH Public Key: Z IPSec/IKE DH Shared Secret: Z IPSec/IKE ECDH Private Key: Z IPSec/IKE ECDH Public Key: Z IPSec/IKE Peer ECDH Public Key: Z IPSec/IKE ECDH Shared Secret: Z IPSec/IKE ECDSA Private Key: Z IPSec/IKE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access ECDSA Public Key: Z IPSec/IKE RSA Private Key: Z IPSec/IKE RSA Public Key: Z IPSec/IKE Pre-shared Secret: Z SKEYSEE D: Z IPSec/IKE Encryption Key: Z IPSec/IKE Authenticat ion Key: Z - SNMPv3 Shared Secret: Z - SNMPv3 Encryption Key: Z - SNMPv3 Authenticat ion Key: Z - VLAN Encryption Key: Z - VLAN Authenticat ion Key: Z Perform Perform Self-Test Command Status of None 3e-Local Self-Test self-tests service to trigger the self- 3ecompletio self-tests tests CryptoOffic n status results er Firmware Perform Firmware Command Status of Firmware 3e-Local Update firmware update to trigger the Load - Firmware update service updated Load Test
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access completio firmware firmware Key: R,E n status update installation 3eCryptoOffic er - Firmware Load Test Key: R,E Configure Configure TLS Command Status of KAS-ECC- 3e-Local TLS TLS configurati s to the KeyGen - DRBG (v1.2/v1.3) (v1.2/v1.3) on configure completion TLS KAS Entropy Function Function completio TLS of TLS (ECC) Input: W,Z n status (v1.2/v1.3) (v1.2/v1.3) TLS-KTS - DRBG configurati (AES-GCM) Seed: W,Z on TLS-KTS - DRBG (AES and Internal HMAC) State V TLS RSA Value: W,Z KeyGen - DRBG TLS RSA Seed: W,Z SigGen - DRBG TLS RSA Internal SigVer State V TLS Session Value: W,Z Encrypt/Dec - DRBG rypt Key: W,Z TLS Session - TLS Authenticati ECDH on Private TLS Keying Key: W,Z Materials - TLS Developmen ECDH t Public Key: DRBG W,Z Function - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS RSA Private Key: W,Z - TLS RSA Public Key: W,Z - TLS
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Authenticat ion Key: W,Z 3eCryptoOffic er - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z - TLS ECDH Private Key: W,Z - TLS ECDH Public Key: W,Z - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS RSA Private
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: W,Z - TLS RSA Public Key: W,Z - TLS Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Authenticat ion Key: W,Z Configure Configure SNMPv3 Command Status of SNMP 3e-Local SNMPv3 SNMPv3 configurati s to the Session - SNMPv3 Function Function on configure completion Encrypt/Dec Shared completio SNMPv3 of rypt Secret: n status SNMPv3 SNMP W,Z configurati Session - SNMPv3 on Authenticati Encryption on Key: W,Z SNMP - SNMPv3 Keying Authenticat Materials ion Key: Developmen W,Z t 3eCryptoOffic er - SNMPv3 Shared Secret: W,Z - SNMPv3 Encryption Key: W,Z - SNMPv3 Authenticat ion Key: W,Z Configure Configure IPsec/IKE Command Status of KAS-ECC- 3e-Local IPsec/IKEv IPsec/IKEv v2 s to the KeyGen - IPsec/IKE
2 Function 2 Function configurati configure completion KAS-FFC- DH Private
on IPsec/IKEv of KeyGen Key: W,Z completio 2 IPsec/IKEv IPSec/IKE n status 2 KAS (ECC) IPSec/IKE configurati IPSec/IKE DH Public on KAS (FFC) Key: W,Z
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access IPSec/IKE ECDSA IPSec/IKE KeyGen Peer DH IPSec/IKE Public Key: ECDSA W,Z SigGen IPSec/IKE IPSec/IKE ECDSA DH Shared SigVer Secret: IPSec/IKE W,Z RSA KeyGen IPSec/IKE IPSec/IKE ECDH RSA SigGen Private IPSec/IKE Key: W,Z RSA SigVer IPSec IPSec/IKE Session ECDH Encrypt/Dec Public Key: rypt W,Z IPSec Session IPSec/IKE Authenticati Peer on ECDH IPSec/IKE Public Key: Keying W,Z Materials Developmen IPSec/IKE t ECDH DRBG Shared Function Secret: W,Z IPSec/IKE ECDSA Private Key: W,Z IPSec/IKE ECDSA Public Key: W,Z IPSec/IKE RSA Private Key: W,Z IPSec/IKE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access RSA Public Key: W,Z IPSec/IKE Pre-shared Secret: W,Z SKEYSEE D: W,Z IPSec/IKE Encryption Key: W,Z IPSec/IKE Authenticat ion Key: W,Z - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z 3eCryptoOffic er - IPsec/IKE DH Private Key: W,Z IPSec/IKE DH Public Key: W,Z IPSec/IKE Peer DH Public Key: W,Z IPSec/IKE DH Shared Secret:
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access W,Z IPSec/IKE ECDH Private Key: W,Z IPSec/IKE ECDH Public Key: W,Z IPSec/IKE Peer ECDH Public Key: W,Z IPSec/IKE ECDH Shared Secret: W,Z IPSec/IKE ECDSA Private Key: W,Z IPSec/IKE ECDSA Public Key: W,Z IPSec/IKE RSA Private Key: W,Z IPSec/IKE RSA Public Key: W,Z IPSec/IKE Pre-shared Secret: W,Z SKEYSEE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access D: W,Z IPSec/IKE Encryption Key: W,Z IPSec/IKE Authenticat ion Key: W,Z - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z Configure Configure VLAN Command Status of VLAN 3e-Local VLAN VLAN Encryptio s to the Session - VLAN Encryption Encryption n configure completion Encrypt/Dec Encryption configurati VLAN of VLAN rypt Key: W,Z on Encryption Encryption VLAN - VLAN completio configurati Session Encryption n status on Authenticati Key: W,Z on 3eCryptoOffic er - VLAN Encryption Key: W,Z - VLAN Encryption Key: W,Z Run TLS Run TLS TLSv1.2/1 Initiate Status of KAS-ECC- 3e-Local (v1.2/v1.3) (v1.2/v1.3) .3 service TLSv1.2 TLSv1.2 KeyGen - DRBG Function Function completio tunnel tunnel TLS KAS Entropy n status establishm establishm (ECC) Input: W,Z ent request ent TLS-KTS - DRBG (AES-GCM) Seed: W,Z TLS-KTS - DRBG (AES and Internal HMAC) State V TLS RSA Value: W,Z KeyGen - DRBG TLS RSA Seed: W,Z
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access SigGen - DRBG TLS RSA Internal SigVer State V TLS Session Value: W,Z Encrypt/Dec - DRBG rypt Key: W,Z TLS Session - TLS Authenticati ECDH on Private TLS Keying Key: W,Z Materials - TLS Developmen ECDH t Public Key: DRBG W,Z Function - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS RSA Private Key: W,Z - TLS RSA Public Key: W,Z - TLS Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Authenticat ion Key: W,Z 3eCryptoOffic er - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Internal State V Value: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z - TLS ECDH Private Key: W,Z - TLS ECDH Public Key: W,Z - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS RSA Private Key: W,Z - TLS RSA Public Key: W,Z - TLS Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Authenticat ion Key: W,Z 3eAdministrat or - DRBG
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z - TLS ECDH Private Key: W,Z - TLS ECDH Public Key: W,Z - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS RSA Private Key: W,Z - TLS RSA Public Key: W,Z - TLS Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Authenticat ion Key: W,Z Run Run SNMPv3 Initiate Status of SNMP 3e-Local SNMPv3 SNMPv3 service SNMPv3 SNMPv3 Session - SNMPv3 Function Function tunnel tunnel Encrypt/Dec Shared
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access completio establishm establishm rypt Secret: n status ent request ent SNMP W,Z Session - SNMPv3 Authenticati Encryption on Key: W,Z SNMP - SNMPv3 Keying Authenticat Materials ion Key: Developmen W,Z t 3eCryptoOffic er - SNMPv3 Shared Secret: W,Z - SNMPv3 Encryption Key: W,Z - SNMPv3 Authenticat ion Key: W,Z 3eAdministrat or - SNMPv3 Shared Secret: W,Z - SNMPv3 Encryption Key: W,Z - SNMPv3 Authenticat ion Key: W,Z Run Run IPsec/IKE Initiate Status of KAS-ECC- 3e-Local IPsec/IKEv IPsec/IKEv v2 service IPsec/IKEv IPSec/IKE KeyGen - IPsec/IKE
2 Function 2 Function completio 2 tunnel v2 tunnel KAS-FFC- DH Private
n status establishm establishm KeyGen Key: W,Z ent request ent IPSec/IKE KAS (ECC) IPSec/IKE IPSec/IKE DH Public KAS (FFC) Key: W,Z IPSec/IKE ECDSA IPSec/IKE KeyGen Peer DH IPSec/IKE Public Key:
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access ECDSA W,Z SigGen IPSec/IKE IPSec/IKE ECDSA DH Shared SigVer Secret: IPSec/IKE W,Z RSA KeyGen IPSec/IKE IPSec/IKE ECDH RSA SigGen Private IPSec/IKE Key: W,Z RSA SigVer IPSec IPSec/IKE Session ECDH Encrypt/Dec Public Key: rypt W,Z IPSec Session IPSec/IKE Authenticati Peer on ECDH IPSec/IKE Public Key: Keying W,Z Materials Developmen IPSec/IKE t ECDH DRBG Shared Function Secret: W,Z IPSec/IKE ECDSA Private Key: W,Z IPSec/IKE ECDSA Public Key: W,Z IPSec/IKE RSA Private Key: W,Z IPSec/IKE RSA Public Key: W,Z IPSec/IKE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Pre-shared Secret: W,Z SKEYSEE D: W,Z IPSec/IKE Encryption Key: W,Z IPSec/IKE Authenticat ion Key: W,Z - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z 3eCryptoOffic er - IPsec/IKE DH Private Key: W,Z IPSec/IKE DH Public Key: W,Z IPSec/IKE Peer DH Public Key: W,Z IPSec/IKE DH Shared Secret: W,Z IPSec/IKE ECDH
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Private Key: W,Z IPSec/IKE ECDH Public Key: W,Z IPSec/IKE Peer ECDH Public Key: W,Z IPSec/IKE ECDH Shared Secret: W,Z IPSec/IKE ECDSA Private Key: W,Z IPSec/IKE ECDSA Public Key: W,Z IPSec/IKE RSA Private Key: W,Z IPSec/IKE RSA Public Key: W,Z IPSec/IKE Pre-shared Secret: W,Z SKEYSEE D: W,Z IPSec/IKE Encryption
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: W,Z IPSec/IKE Authenticat ion Key: W,Z - DRBG Entropy Input: W,Z - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z 3eAdministrat or - IPsec/IKE DH Private Key: W,Z IPSec/IKE DH Public Key: W,Z IPSec/IKE Peer DH Public Key: W,Z IPSec/IKE DH Shared Secret: W,Z IPSec/IKE ECDH Private Key: W,Z IPSec/IKE ECDH Public Key: W,Z IPSec/IKE
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Peer ECDH Public Key: W,Z IPSec/IKE ECDH Shared Secret: W,Z IPSec/IKE ECDSA Private Key: W,Z IPSec/IKE ECDSA Public Key: W,Z IPSec/IKE RSA Private Key: W,Z IPSec/IKE RSA Public Key: W,Z IPSec/IKE Pre-shared Secret: W,Z SKEYSEE D: W,Z IPSec/IKE Encryption Key: W,Z IPSec/IKE Authenticat ion Key: W,Z - DRBG Entropy Input: W,Z
Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - DRBG Seed: W,Z - DRBG Internal State V Value: W,Z - DRBG Key: W,Z Run VLAN Run VLAN VLAN Initiate Status of VLAN 3e-Local Encryption Encryption Encryptio VLAN VLAN Session - VLAN n service Encryption Encryption Encrypt/Dec Encryption completio tunnel tunnel rypt Key: W,Z n status establishm establishm VLAN - VLAN ent request ent Session Encryption Authenticati Key: W,Z on 3eCryptoOffic er - VLAN Encryption Key: W,Z - VLAN Encryption Key: W,Z 3eAdministrat or - VLAN Encryption Key: W,Z - VLAN Encryption Key: W,Z Table 12: Approved Services
The module also supports the firmware load test by using RSA 4096 bits with SHA2-256 (RSA Cert. #A3316) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation.
The module supports Unauthenticated service, where the unauthenticated users can run the self-test service by power-cycling the module.
The module is provided in the form of binary executable code (Module’s binary file name?). To ensure the software security, the module is digitally signed with RSA 4096 bits with SHA2-256 (RSA Cert. #3316) during the Pre-Operational Self-Test. A Firmware Integrity Test Key (nonSSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA 4096 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the module would enter to an Error state with all crypto functionality inhibited.
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The authorized operator can initiate the firmware integrity test on-demand via Web GUI’s reboot command or power cycling.
Type of Operational Environment: Limited Not Applicable as the module is operated in a limited modifiable operational environments and the physical security (section 7) is level 2. The module’s Operational Environment is limited as the module implements the firmware load service to support necessary updates.
Mechanism Inspection Inspection Guidance Frequency Tamper 90 days Tamper evidence tapes should be checked for nicks and Evidence scratches that make the metal case visible through the nicked Seals or scratched seal. Tamper Evidence Label (TEL) may show any of the following as evidence of tampering or removal: TEL is not preset in the positions prescribed (as shown above); TEL has been cut; TEL is not stuck down well, or is loose; Selfdestruction of the TEL (broken bits or shreds) present as from
Mechanism Inspection Inspection Guidance Frequency an attempt of removal; Tracking numbers do not match those recorded. In addition, Please note that the TELs are not orderable. Please contact support@ultra-3eti.com for more information. Table 13: Mechanisms and Actions Required
Two tamper evidence labels (TELs) are applied at Vendor’s factory, one on each side of the module. TELs are not orderable. Please contact support@ultra-3eti.com for more information. Number: 2 Placement: Please refer to the TELs placement below.
Surface Preparation: N/A Operator Responsible for Securing Unused Seals: N/A Part Numbers: N/A 3e-CryptoOfficer is responsible for checking the integrity of the label by following the guidance listed above. In case of notification of tamper evidence, the 3e-CryptoOfficer shall not power on this module and shall contact 3eTI for factory repair. Any deviation of the TELs placement by unauthorized operators such as tearing, misconfiguration, removal, change, replacement or any other change in the TELs from its original configuration shall mean the module is no longer in the Approved mode of operation.
The module claims no non-invasive security techniques.
Storage Description Persistence Area Type Name RAM Volatile memory Dynamic Flash Non-Volatile memory Static Table 14: Storage Areas
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Module Public Module External Plaintext Automated Electroni Key Output (Outside c the Module’s Boundary ) Peer Public Key External Module Plaintext Automated Electroni Input (Outside c the Module’s Boundary ) Password/Secre External Module Encrypte Automated Electroni TLS-KTS t Input encrypted (Outside d c (AESby GCM the GCM)
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Module’s Boundary ) Password/Secre External Module Encrypte Automated Electroni TLS-KTS t Input encrypted (Outside d c (AES and by AES and the HMAC) HMAC Module’s Boundary ) VLAN SSPs External Module Encrypte Automated Electroni TLS-KTS Input via TLS- (Outside d c (AESKTS (GCM) the GCM) Module’s Boundary ) VLAN SSPs External Module Encrypte Automated Electroni TLS-KTS Input via TLS- (Outside d c (AES and KTS (AES and the HMAC) HMAC) Module’s Boundary ) Table 15: SSP Input-Output Methods
Zeroization Description Rationale Operator Method Initiation Zeroization CO issues zeroization The zeroization command will Module command service: "Factory Default" erase all SSPs stored in the RAM Reboot to zeroize all SSPs or in the Flash of the module. N/A Zeroization requirements SSPs used solely for self-test N/A are not applicable purposes in module's self-test need not meet zeroization requirements Table 16: SSP Zeroization Methods
Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h DRBG Used to 384 bits Entropy DRBG Entropy seed the - At least Inputs - Function Input DRBG 256 bits CSP DRBG Used 256 bits DRBG DRBG Seed DRBG - 256 Seed - CSP Function generation bits DRBG Used for 256 bits DRBG DRBG Internal DRBG - 256 Internal Function State V generation bits State V Value Value CSP DRBG Key Used for 256 bits DRBG Key DRBG DRBG - 256 - CSP Function generation bits 3e-Local Used for 8-30 Authenticati Password 3e-Local characte on Data authenticati rs - N/A CSP on 3e- Used for 8-30 Authenticati CryptoOffic 3e-Local characte on Data er authenticati rs - N/A CSP Password on 3e- Used for 8-30 Authenticati Administrat 3e- characte on Data or Administrat rs - N/A CSP Password or authenticati on Firmware Used for 4096 Public Key - Firmware Load Test firmware bits - PSP Load Key load test 152 bits TLS ECDH TLS ECDH Curves: Private Key KAS- TLS KAS Private Key private key P-256, - CSP ECC- (ECC) P-384, KeyGen P-512 128-256 bits TLS ECDH TLS ECDH Curves: Public Key - KAS-ECC- TLS KAS Public Key public key P-256, PSP KeyGen (ECC) P-384, P-512 128-256 bits TLS Peer Used to Curves: Public Key - TLS KAS ECDH derive TLS P-256, PSP (ECC) Public Key ECDH P-384,
Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h Shared P-512 Secret N/A TLS ECDH TLS ECDH Curves: Shared TLS KAS TLS KAS Shared shared P-256, Secret - (ECC) (ECC) Secret secret P-384, CSP P-512 128-256 bits TLS RSA Used for Modulus Private Key TLS RSA TLS RSA Private Key TLS peer : 2048 or - CSP KeyGen SigGen authenticati 3072 on bits -
TLS RSA Used for Modulus Public Key - TLS RSA TLS RSA Public Key TLS peer : 2048 or PSP KeyGen SigVer authenticati 3072 on bits -
TLS Master Used to 384 bits TLS Master TLS TLS Session Secret derive TLS - 384 Secret - Keying Encrypt/Decr Session bits CSP Materials ypt keys Developm TLS Session ent Authenticatio n TLS Used to 128-256 Encryption TLS TLS Session Encryption protect TLS bits - Key - CSP Keying Encrypt/Decr Key traffic 128-256 Materials ypt confidentiali bits Developm ty. ent TLS Used to at least Authenticati TLS TLS Session Authenticati protect 112 bits on Key - Keying Authenticatio on Key traffic - at least CSP Materials n confidentiali 112 bits Developm ty. ent IPsec/IKE Used to MODP- Private Key KAS- IPSec/IKE DH Private derive IKE 2048 - CSP FFC- KAS (FFC) Key DH Shared bits - KeyGen Secret 112 bits IPSec/IKE Used to MODP- Public Key - KAS-FFC- IPSec/IKE DH Public derive IKE 2048 PSP KeyGen KAS (FFC) Key DH Shared bits Secret 112 bits IPSec/IKE Used to MODP- Public Key - IPSec/IKE Peer DH derive IKE 2048 - PSP KAS (FFC) Public Key 112 bits
Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h DH Shared Secret IPSec/IKE Used to MODP- Shared IPSec/IKE IPSec/IKE DH Shared derive 2048 Secret - KAS (FFC) KAS (FFC) Secret IPSec/IKE bits - CSP Session 112 bits Encryption Key and IPSec/IKE Authenticati on Key IPSec/IKE Used to Curves: Private Key KAS- IPSec/IKE ECDH derive IKE P-256, - CSP ECC- KAS (ECC) Private Key ECDH P-384, KeyGen Shared P-521 Secret 128-256 bits IPSec/IKE Used to Curves: Public Key - KAS-ECC- IPSec/IKE ECDH derive IKE P-256, PSP KeyGen KAS (ECC) Public Key ECDH P-384, Shared P-512 Secret 128-256 bits IPSec/IKE Used to Curves: Public Key - IPSec/IKE Peer ECDH derive IKE P-256, PSP KAS (ECC) Public Key ECDH P-384, Shared P-521 Secret 128-256 bits IPSec/IKE Used to Curves: Shared IPSec/IKE IPSec/IKE ECDH derive IKE P-256, Secret - KAS KAS (ECC) Shared ECDH P-384, CSP (ECC) Secret Session P-521 Encryption 128-256 Key and bits IPSec/IKE Authenticati on Key IPSec/IKE Used for Curves: Private Key IPSec/IK IPSec/IKE ECDSA IPSec/IKE P-256, - CSP E ECDSA Private Key peer P-384, ECDSA SigGen authenticati P-512 - KeyGen on 128-256 bits IPSec/IKE Used for Curves: Public Key - KAS-ECC- IPSec/IKE ECDSA IPSec/IKE P-256, PSP KeyGen ECDSA Public Key peer P-384, SigVer
Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h authenticati P-512 on 128-256 bits IPSec/IKE Used for Modulus Private Key IPSec/IK IPSec/IKE RSA IPSec/IKE : 2048 or - CSP E RSA RSA SigGen Private Key peer 3072 KeyGen authenticati bits on 112 or
IPSec/IKE Used for Modulus Public Key - KAS-FFC- IPSec/IKE RSA Public IPSec/IKE : 2048 or PSP KeyGen RSA SigGen Key peer 3072 authenticati bits on 112 or
IPSec/IKE Used for 16-32 Shared Pre-shared IPSec/IKE bytes Secret Secret peer characte CSP authenticati rs - N/A on SKEYSEED Keying 160 bits Keying IPSec/IKE IPSec material - N/A Material - Keying Session used to CSP Materials Encrypt/Decr derive the Developm ypt IPSec/IKE ent IPSec Session Session Encryption Authenticatio Key and n IPSec/IKE Authenticati on Key IPSec/IKE Used to 128-256 Encryption IPSec/IKE IPSec Encryption secure bits - Key - CSP Keying Session Key IPSec/IKEv 128-256 Materials Encrypt/Decr
confidentiali ent ty IPSec/IKE Used to At least Authenticati IPSec/IKE IPSec Authenticati secure 112 bits on Key - Keying Session on Key IPSec/IKEv - At least CSP Materials Authenticatio
integrity ent SNMPv3 Used for 8-32 Authenticati Shared SNMPv3 characte on Secret Secret User rs - N/A CSP authenticati on
Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h SNMPv3 Used to 128 bits Encryption SNMP SNMP Encryption protect - 128 Key - CSP Keying Session Key SNMPv3 bits Materials Encrypt/Decr traffic Developm ypt confidentiali ent ty SNMPv3 Used to At least Authenticati SNMP SNMP Authenticati secure 112 bits on Key - Keying Session on Key SNMPv3 - At least CSP Materials Authenticatio traffic 112 bits Developm n integrity ent VLAN Used to 128 or Encryption VLAN Encryption protect 256 bits Key - CSP Session Key VLAN data - 128 or Encrypt/Decr privacy 256 bits ypt VLAN Used to At least Authenticati VLAN Authenticati protect 112 bits on Key - Session on Key VLAN data - At least CSP Authenticatio integrity 112 bits n Table 17: SSP Table 1 Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n DRBG RAM:Plaintext Until Zeroizatio DRBG Entropy Reboot n Seed:Used With Input command DRBG Internal State V Value:Used With DRBG Key:Used With DRBG Seed RAM:Plaintext Until Zeroizatio DRBG Entropy Reboot n Input:Used With command DRBG Internal State V Value:Used With DRBG Key:Used With DRBG RAM:Plaintext Until Zeroizatio DRBG Entropy Internal Reboot n Input:Used With State V command DRBG Value Seed:Used With DRBG Key:Used With DRBG Key RAM:Plaintext Until Zeroizatio DRBG Entropy Reboot n Input:Used With command DRBG Seed:Used With
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n DRBG Internal State V Value:Used With 3e-Local Password/Sec Flash:Encrypt Until Zeroizatio Password ret Input ed Reboot n encrypted by command GCM Password/Sec ret Input encrypted by AES and HMAC 3e- Password/Sec Flash:Encrypt Until Zeroizatio CryptoOffice ret Input ed Reboot n r Password encrypted by command GCM Password/Sec ret Input encrypted by AES and HMAC 3e- Password/Sec Flash:Encrypt Until Zeroizatio Administrato ret Input ed Reboot n r Password encrypted by command GCM Password/Sec ret Input encrypted by AES and HMAC Firmware Flash:Plaintex Until N/A Load Test t Reboot Key TLS ECDH RAM:Plaintext while TLS Zeroizatio TLS ECDH Public Private Key tunnel is n Key:Paired With on command TLS Peer ECDH Public Key:Used With TLS ECDH Module Public RAM:Plaintext while TLS Zeroizatio TLS ECDH Public Key Key Output tunnel is n Private on command Key:Paired With TLS Peer Peer Public RAM:Plaintext while TLS Zeroizatio TLS ECDH ECDH Key Input tunnel is n Private Key:Used Public Key on command With TLS ECDH RAM:Plaintext while TLS Zeroizatio TLS ECDH Shared tunnel is n Private Secret on command Key:Derived From TLS Peer ECDH
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n Public Key:Derived From TLS RSA Flash:Plaintex while TLS Zeroizatio TLS RSA Public Private Key t tunnel is n Key:Paired With on command TLS Peer RSA Public Key:Used With TLS RSA Module Public Flash:Plaintex while TLS Zeroizatio TLS RSA Private Public Key Key Output t tunnel is n Key:Paired With on command TLS Master RAM:Plaintext while TLS Zeroizatio TLS ECDH Secret tunnel is n Shared on command Secret:Derived From TLS RAM:Plaintext while TLS Zeroizatio TLS Encryption tunnel is n Authentication Key on command Key:Used With TLS RAM:Plaintext while TLS Zeroizatio TLS Encryption Authenticati tunnel is n Key:Used With on Key on command IPsec/IKE RAM:Plaintext while Zeroizatio IPSec/IKE DH DH Private IPSec/IKE n Public Key:Paired Key tunnel is command With on IPSec/IKE Module Public RAM:Plaintext while Zeroizatio IPsec/IKE DH DH Public Key Output IPSec/IKE n Private Key tunnel is command Key:Paired With on IPSec/IKE Peer Public RAM:Plaintext while Zeroizatio IPsec/IKE DH Peer DH Key Input IPSec/IKE n Private Key:Used Public Key tunnel is command With on IPSec/IKE RAM:Plaintext while Zeroizatio SKEYSEED:Deriv DH Shared IPSec/IKE n e to Secret tunnel is command on IPSec/IKE RAM:Plaintext while Zeroizatio IPSec/IKE ECDH ECDH IPSec/IKE n Public Key:Paired Private Key tunnel is command With on IPSec/IKE Peer ECDH Public Key:Used With IPSec/IKE Module Public RAM:Plaintext while Zeroizatio IPSec/IKE ECDH ECDH Key Output IPSec/IKE n Private Public Key tunnel is command Key:Paired With on
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n IPSec/IKE Peer Public RAM:Plaintext while Zeroizatio IPSec/IKE ECDH Peer ECDH Key Input IPSec/IKE n Private Key:Used Public Key tunnel is command With on IPSec/IKE RAM:Plaintext while Zeroizatio SKEYSEED:Used ECDH IPSec/IKE n With Shared tunnel is command IPSec/IKE Secret on Encryption Key:Derived to IPSec/IKE Authentication Key:Derived to IPSec/IKE Flash:Plaintex while Zeroizatio IPSec/IKE ECDSA t IPSec/IKE n ECDSA Public Private Key tunnel is command Key:Paired With on IPSec/IKE Peer ECDSA Public Key:Used With IPSec/IKE Module Public Flash:Plaintex while Zeroizatio IPSec/IKE ECDSA Key Output t IPSec/IKE n ECDSA Private Public Key tunnel is command Key:Paired With on IPSec/IKE Flash:Plaintex while Zeroizatio IPSec/IKE RSA RSA Private t IPSec/IKE n Public Key:Paired Key tunnel is command With on IPSec/IKE Module Public Flash:Plaintex while Zeroizatio IPSec/IKE RSA RSA Public Key Output t IPSec/IKE n Private Key tunnel is command Key:Paired With on IPSec/IKE Password/Sec Flash:Plaintex while Zeroizatio SKEYSEED:Deriv Pre-shared ret Input t IPSec/IKE n ed to Secret encrypted by v2 tunnel command GCM is on Password/Sec ret Input encrypted by AES and HMAC SKEYSEED RAM:Plaintext while Zeroizatio TLS ECDH IPSec/IKE n Shared v2 tunnel command Secret:Derived is on From IPSec/IKE DH Shared Secret:Derived From
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n IPSec/IKE RAM:Plaintext while Zeroizatio IPSec/IKE DH Encryption IPSec/IKE n Shared Key v2 tunnel command Secret:Derived is on From IPSec/IKE ECDH Shared Secret:Derived From IPSec/IKE RAM:Plaintext while Zeroizatio IPSec/IKE DH Authenticati IPSec/IKE n Shared on Key v2 tunnel command Secret:Derived is on From IPSec/IKE ECDH Shared Secret:Derived From SNMPv3 Password/Sec Flash:Plaintex while Zeroizatio SNMPv3 Shared ret Input t SNMPv3 n Encryption Secret encrypted by tunnel is command Key:Derive to GCM on SNMPv3 Password/Sec Authentication ret Input Key:Derive to encrypted by AES and HMAC SNMPv3 RAM:Plaintext while Zeroizatio SNMPv3 Shared Encryption SNMPv3 n Secret:Derived Key tunnel is command From on SNMPv3 Authentication Key:Used With SNMPv3 RAM:Plaintext while Zeroizatio SNMPv3 Shared Authenticati SNMPv3 n Secret:Derived on Key tunnel is command From on SNMPv3 Encryption Key:Used With VLAN VLAN SSPs Flash:Plaintex while Zeroizatio VLAN Encryption Input via TLS- t VLAN n Authentication Key KTS (GCM) tunnel is command Key:Used With VLAN SSPs on Input via TLSKTS (AES and HMAC) VLAN VLAN SSPs Flash:Plaintex while Zeroizatio VLAN Encryption Authenticati Input via TLS- t VLAN n Key:Used With on Key KTS (GCM) tunnel is command VLAN SSPs on
Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n Input via TLSKTS (AES and HMAC) Table 18: SSP Table 2
Algorithm or Test Test Test Indicator Details Test Properties Method Type RSA SigVer Modulus: 4096 KAT SW/FW Module is in Module conducts (FIPS186-4) bits with SHA2- Integrity normal state RSA SigVer KAT (A3316) 256 prior to firmware integrity test Table 19: Pre-Operational Self-Tests The module conducts the RSA 4096 modulus with SHA2-256 SigVer KAT prior to the integrity test is performed. The module also performs the following Cryptographic Algorithm Self-Tests (CASTs), which can be initiated by rebooting the module. All self-tests run without operator intervention. In the event that a self-test fails, the module will enter an error state until the issue is resolved. Upon self-test failure, the module will go into the SYS_HALT status. Entropy start-up tests per SP800-90B section 4.2 including Repetition Count Test and Adaptive Proportion Test are performed at device power-on and it will run continuously. Any entropy test failures will cause SYS_HALT.
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type AES-CBC 256 bits Known CAST Module is Encrypt Power up (A3316) Answer Test in normal (KAT) state AES-CBC 256 bits Known CAST Module is Decrypt Power up (A3316) Answer Test in normal (KAT) state AES-CCM 256 bits Known CAST Module is Authenticated Power up (A3316) Answer Test in normal Encryption (KAT) state
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type AES-CCM 256 bits Known CAST Module is Authenticated Power up (A3316) Answer Test in normal Decryption (KAT) state AES-GCM 256 bits Known CAST Module is Authenticated Power up (A3316) Answer Test in normal Encryption (KAT) state AES-GCM 256 bits Known CAST Module is Authenticated Power up (A3316) Answer Test in normal Decryption (KAT) state Counter AES-256 Known CAST Module is CTR_DRBG Power up DRBG Answer Test in normal Instantiate (A3316) (KAT) state Counter AES-256 Known CAST Module is CTR_DRBG Power up DRBG Answer Test in normal Generate (A3316) (KAT) state Counter AES-256 Known CAST Module is CTR_DRBG Power up DRBG Answer Test in normal Reseed (A3316) (KAT) state ECDSA P-256 with Known CAST Module is N/A Power up SigGen SHA2-256 Answer Test in normal (FIPS186- (KAT) state
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type RSA 2048 bits Known CAST Module is N/A Power up SigGen Answer Test in normal (FIPS186- (KAT) state
Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type HMAC- N/A Known CAST Module is N/A Power up SHA2-384 Answer Test in normal (A3318) (KAT) state HMAC- N/A Known CAST Module is N/A Power up SHA2-512 Answer Test in normal (A3318) (KAT) state SHA-1 N/A Known CAST Module is SHA-1 Power up (A3318) Answer Test in normal (KAT) state KAS P-256 with KAS-ECC PCT Module is N/A Before the (A3316) SHA2-256 Pairwise in normal first Consistency state operational Test (PCT) use KAS MODP- KAS-FFC PCT Module is N/A Before the (A3316) 2048 Pairwise in normal first Consistency state operational Test (PCT) use ECDSA P-256 with ECDSA PCT Module is ECDSA Before the KeyGen SHA2-256 Pairwise in normal first (FIPS186- Consistency state operational
256 (RSA Cert. #A3316) for the new validated firmware to be uploaded into the module. A
Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the
module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.
Algorithm or Test Method Test Type Period Periodic Test Method RSA SigVer KAT SW/FW Integrity Recommend Module Reboot (FIPS186-4) every 60 days (A3316) Table 21: Pre-Operational Periodic Information Algorithm or Test Method Test Type Period Periodic Test Method AES-CBC Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-CBC Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-CCM Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-CCM Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-GCM Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-GCM Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days Counter DRBG Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days Counter DRBG Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days Counter DRBG Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days ECDSA SigGen Known Answer CAST Recommend Module Reboot (FIPS186-4) Test (KAT) every 60 days (A3316) ECDSA SigVer Known Answer CAST Recommend Module Reboot (FIPS186-4) Test (KAT) every 60 days (A3316) KAS-ECC-SSC Known Answer CAST Recommend Module Reboot Sp800-56Ar3 Test (KAT) every 60 days (A3316) KAS-FFC-SSC Known Answer CAST Recommend ReModule Sp800-56Ar3 Test (KAT) every 60 days Reboot (A3316) HMAC-SHA-1 Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days HMAC-SHA2- Known Answer CAST Recommend Module Reboot
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- Known Answer CAST Recommend Module Reboot
HMAC-SHA2- Known Answer CAST Recommend Module Reboot
RSA SigGen Known Answer CAST Recommend Module Reboot (FIPS186-4) Test (KAT) every 60 days (A3316) RSA SigVer Known Answer CAST Recommend Module Reboot (FIPS186-4) Test (KAT) every 60 days (A3316) SHA-1 (A3316) Known Answer CAST Recommend Module Reboot Test (KAT) every 60 days KDF IKEv2 Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days KDF SNMP Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days TLS v1.2 KDF Known Answer CAST Recommend Module Reboot RFC7627 Test (KAT) every 60 days (A3316) TLS v1.3 KDF Known Answer CAST Recommend Module Reboot (A3316) Test (KAT) every 60 days AES-CBC Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days AES-CBC Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days AES-CCM Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days AES-CCM Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days AES-GCM Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days AES-GCM Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days HMAC-SHA-1 Known Answer CAST Recommend Module Reboot (A3318) Test (KAT) every 60 days HMAC-SHA2- Known Answer CAST Recommend Module Reboot
HMAC-SHA2- Known Answer CAST Recommend Module Reboot
HMAC-SHA2- Known Answer CAST Recommend Module Reboot
SHA-1 (A3318) Known Answer CAST Recommend Module Reboot Test (KAT) every 60 days KAS (A3316) KAS-ECC PCT N/A New KAS ECC Pairwise Keypair Consistency generation Test (PCT)
Algorithm or Test Method Test Type Period Periodic Test Method KAS (A3316) KAS-FFC PCT N/A New KAS FFC Pairwise Keypair Consistency generation Test (PCT) ECDSA KeyGen ECDSA Pairwise PCT N/A New ECDSA (FIPS186-4) Consistency Keypair (A3316) Test (PCT) generation RSA KeyGen RSA Pairwise PCT N/A New RSA (FIPS186-4) Consistency Keypair (A3316) Test (PCT) generation RSA SigVer Firmware Load SW/FW Load N/A N/A (FIPS186-4) Test (A3316) Table 22: Conditional Periodic Information The module performs on-demand self-tests initiated by the operator, by power cycling to the module. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests. In addition, the Crypto Officer shall perform the periodic test on demand no less than every 90 days to ensure all components are functioning correctly.
Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-tests Reboot the System State put into an error state failure module Halt Table 23: Error States If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the self-tests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the preoperational firmware integrity test and the conditional CASTs.
The module operates in the approved mode of operation at all times. The 3e-Local shall properly configure the module following the steps listed below:
No specific Administrator guidance.
No specific non-Administrator guidance.
Crypto Officer (3e-Local Role and 3e-CyrptoOfficer role) should follow the steps below for the secure destruction of the module: Note: This process will cause the module to no longer function after it has wiped all configurations and keys.
4. Module will begin zeroization process and wipe all security parameters and configurations
Not Applicable as the module does not claim mitigation of other attacks.