| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 2/25/2030 |
| Caveat | When installed, initialized and configured as specified in section 11.2 of the Security Policy. The tamper evident seals installed as indicated in section 7.1.2 of the Security Policy. |
| Vendor | Ultra Intelligence & Communications |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4734 |
| AES-CBC | A4734 |
| AES-CFB128 | A4734 |
| AES-GCM | A4734 |
| ECDSA KeyGen (FIPS186-4) | A4734 |
| ECDSA KeyVer (FIPS186-4) | A4734 |
| Hash DRBG | A4734 |
| HMAC-SHA-1 | A4734 |
| HMAC-SHA-1 | A4734 |
| HMAC-SHA2-256 | A4155 |
| HMAC-SHA2-256 | A4734 |
| HMAC-SHA2-384 | A4734 |
| KAS-ECC-SSC Sp800-56Ar3 | A4734 |
| KDF SNMP | A4734 |
| PBKDF | A4734 |
| SHA-1 | A4155 |
| SHA-1 | A4734 |
| SHA-1 | A4738 |
| SHA2-256 | A4734 |
| SHA2-256 | A4734 |
| SHA2-256 | A4734 |
| SHA2-384 | A4734 |
| TLS v1.2 KDF RFC7627 | A4734 |
| TLS v1.3 KDF | A4734 |
flowchart LR
%% Deterministic review-risk graph for AN/KRC-6 (ATCS-BBU)
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Upgrade</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>self-test<br/>Status Output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>uboot</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for AN/KRC-6 (ATCS-BBU)
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Upgrade</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>self-test<br/>Status Output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>uboot</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Ultra Intelligence & Communications. AN/KRC-6 (ATCS-BBU) Non-Proprietary FIPS 140-3 Cryptographic Module Security Policy Hardware Version: AN/KRC-6(v)1 Firmware Version: 1.1.1 Document Version 2.2 February 2025 Document prepared by www.lightshipsec.com AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Contents AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Tables AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Figures Figure 1
Ultra Intelligence & Communications.
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
The Module has an overall security level of 2. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 2. Cryptographic Module Specification The Base Band Unit (BBU) hereafter referred to as the "Module", is a multiband, point-to-point (PTP), point-tomultipoint (PMP) and Mesh radio system capable of providing at-the-halt communications across multiple echelons and on-the-move access capability. The system offers up to 400 Mbps throughput and operational flexibility. The Module operates as a component of the larger Amphibious Tactical Communications System (ATCS). The Module can also be referred to as the ATCS BBU. Each module can communicate wirelessly with other devices using up to two waveforms. Each waveform can be configured for the local RF channel frequencies, polarization and topology (LBH, NBH or UNW). The Module operates in VHF (RF band 3+) The Module offers encrypted digital communications over the TLS protocols, and management via SNMPv3 using HMAC-SHA-1 and AES-CFB-128. The Module can manage multiple VLANs. Each VLAN can be configured to be either encrypted or non-encrypted (see 4.7 Bypass Capability). The Module is classified as a hardware module with a multiple-chip standalone embodiment and is designed to operate within a non-modifiable operational environment.
The module's logical and physical boundaries are defined by the outer casing. This boundary encompasses the complete set of hardware and firmware components. Figure 1
Ultra Intelligence & Communications. The block diagram below illustrates the principle physical components of the module. Figure 2
The Module was tested in the configuration listed below and was found to be compliant with FIPS 140-3 requirements. Table 2
The last four digits of the Module's firmware version listed in the Tester Configurations table above, is the build number of the firmware that was tested by the CSTL. From time to time, Ultra may recompile the module to address non-security relevant bug fixes, vulnerabilities or upon client request. For builds that preserve the same version: 1.1.1, Ultra affirms continued compliance with the FIPS 140-3 standard, but these builds will not have been tested by the CSTL. A security relevant change would be reflected in the version of the module, for example: 1.1.2. Any firmware version of the module other than 1.1.1 is outside the scope of this security policy. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
The Module implements the following algorithms: Table 3
Ultra Intelligence & Communications. A4735 SHS SHA2-256 - Hashing [FIPS-180-4] Hardware Acceleration (Freescale QorIQ P2020) A4738 AES CBC 128, 256 Encryption, decryption [FIPS 197] [SP 800-38A] A4738 HMAC SHA-1 128 Message [FIPS 198-1] authentication A4738 SHS SHA-1 - Hashing [FIPS-180-4] Ultra IC Kernel A4155 SHS SHA-1 - Entropy Conditioning [FIPS-180-4] Uboot Bootloader A4736 SHS SHA2-256 - Hashing [FIPS-180-4] AES-GCM is only used as part of TLS 1.2 GCM cipher suite. The module constructs the IV internally in compliance with IG C.H technique 1a. The IV is sourced entirely from the module's DRBG. The counter portion of the IV is set by the module within its cryptographic boundary. Per RFC 5246, when the nonce explicit part of the IV exhausts the maximum number of possible values for a given session key, the module will trigger a handshake to establish a new encryption key. No parts of the TLS v1.2/v1.3, and SNMP protocols, other than the KDF, have been tested by the CAVP or CMVP. KAS-ECC-SSC is only used in the context of a key agreement schemes. The module's use of KAS-ECC-SSC is compliant with FIPS 140-3 IG D.F.
The module does not implement any allowed algorithms, with or without security claimed.
The Module can only operate in the Approved mode. There are no Non-Approved Algorithms.
The Module supports one mode of operation: Approved. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 3. Cryptographic Module Interfaces The following table lists the module's port and interfaces, both physical and logical. Table 4
Data Output Outgoing network traffic Status Output Status of the Module Management port (Ethernet) Data Input Traffic encryption and authentication keys, management input data Data Output Management output data Control Input Commands to operate the Module Status Output Status of the Module Power LED Status Output Status of Module power supply Power port Power Input None Power switch Control Input None RF Coupler Data Input Analog data received from RFUs. May or may not be encrypted Data Output Analog data sent to RFUs. May or may not be encrypted Status LED 1 Status Output Status of waveform 1 Status LED 2 Status Output Status of waveform 2 Status LED C Status Output Status of connectivity with other components in the ATCS Status LED S Status Output Status of Module Zeroisation button Control Input Command to invoke zeroisation and/or resetting The Module acts as the manager of other hardware devices within the ATCS system. The module can issue control commands to the Dehydrator Unit (DU), the two Radio Frequency Units (RFU) and the Power Distribution Unit (PDU). However, none of these devices are classified as 'cryptographic modules'. Therefore, for the purposes of FIPS compliance: the Module does not support a control output interface. The physical enclosure of the Module includes the additional 'LAN3' and 'BBU-Link' ports. These ports exist for a future version of the Module. In this version, these ports are not provisioned and are non-functional. When the Module is performing self-tests, or is in an error state, the data output interface is disabled. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 4. Roles, Services and Authentication The module's operations are managed by authorized users. Each user's account is assigned one of the following roles: Crypto Officer (CO) Referred to as the "Admin" role in Ultra documentation, users assigned this role are responsible for module configuration, which includes passwords, keys and certificates. The Crypto Officer has access to all services offered by the module. Detailed Crypto Officer responsibilities are described in section 11.1
The Module supports concurrent users. Up to 10 users may be logged concurrently. The memory and process management features of the operating system maintain separation of users and corresponding services. Table 5
Ultra Intelligence & Communications. Crypto Officer Enter traffic encryption key Traffic encryption Key Status All roles Get state of encryption on RF Command Status interfaces All roles HTTPS Key Agreement Command TLS messages All roles Login Existing Password Status All roles Logout Command Status Crypto Officer, Operator Reboot (Via GUI) Command Status Crypto Officer Reset settings Command Status Crypto Officer, Operator System Self-test Command Status All roles SNMP Login SNMP Authentication key Internal ATCS network configuration and status Crypto Officer, Operator SNMP Editing Command Status All roles SNMP Viewing Command Status All roles Traffic authentication Traffic authentication key, Status, validation ruling Traffic data, Traffic MACs All roles Traffic decryption Traffic encryption key, Plaintext traffic data Encrypted traffic data All roles Traffic encryption Traffic encryption key, Encrypted traffic data Plaintext traffic data All roles Traffic MAC generation Traffic authentication key, Traffic MACs Traffic data Crypto Officer, Operator Upgrade firmware Firmware image Status All roles View status Command Status Crypto Officer, Operator View log Command Status All roles View information Command Status Crypto Officer Zeroise (via GUI) Command Status All roles Zeroise (via button) Command Status AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
The Module supports role-based authentication using account names and passwords. Passwords are stored as keys using the Module's implementation of PBKDF with SHA2-256 as the PRF. The module uses an iteration count of 1,000. Table 6
The Module's authentication mechanism has been designed to meet the following objectives:
Each user is authenticated using a password. Passwords must contain:
The following table lists the approved services available to Module operators. Table 7
Ultra Intelligence & Communications. Service Description Approved Keys and/or SSPs Roles Access rights to Indicator Security Keys and/or Functions SSPs Enable bypass mode Configure the RF HMAC-SHA2-256 Configuration CO, E Implicit interface with a integrity key OP nonencrypted VLAN Enter traffic encryption Enter keys for - Traffic encryption CO W key traffic Key encryption Enter traffic Enter keys for - Traffic CO W authentication key traffic authentication Key authentication Get state of encryption Allows to view - - CO, OP, - on RF interfaces the MON configuration of the encrypted or nonencrypted VLAN on an RF interface HTTPS Key Agreement Establish keys KAS-ECC-SSC TLS session key, CO, OP, GER Implicit for secure CVL (TLS 1.2 / TLS session MON communications 1.3) authentication ECDSA.KeyGen key, ECDH Public key, ECDSA.KeyVer ECDH Private key, TLS pre-Master secret, TLS Master secret, DRBG V value Login Used to log in to PBKDF CO password key, CO, OP, R Implicit the module User password key MON Logout Logout of the - - CO, OP, - module MON Reboot (via GUI) Reboot the - All SSPs stored in CO, OP Z module RAM System Self-test Run hardware - - CO - diagnostic tests SNMP Login Access MIBs SNMP KDF SNMP CO, OP, R Implicit data Authentication key MON SNMP editing Edit MIB data AES-CFB-128 SNMP privacy key CO, OP E Implicit SNMP viewing View MIB data AES-CFB-128 SNMP privacy key CO, OP, E Implicit MON Traffic authentication Authenticate HMAC-SHA-1 Traffic CO, OP, E Implicit network traffic authentication key MON Traffic decryption Decrypt network AES-CBC Traffic encryption CO, OP, E Implicit traffic key MON AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Service Description Approved Keys and/or SSPs Roles Access rights to Indicator Security Keys and/or Functions SSPs Traffic encryption Encrypt network AES-CBC Traffic encryption CO, OP, E Implicit traffic key MON Traffic MAC generation Generated MAC HMAC-SHA-1 Traffic CO, OP, E Implicit for network authentication key MON traffic authentication Upgrade Firmware Upload new HMAC-SHA2-256 Configuration CO, OP E Implicit validated integrity key firmware View Status Shows system, - - CO, OP, - VLAN, RF and MON waveform statistics View Log Shows the - - CO, OP - system log View Information Shows general - - CO, OP, - system MON identification and configuration Zeroise Zeroise all SSPs - All SSPs CO Z Implicit (via GUI) Zeroize Zeroise all SSPs - All SSPs CO, OP, Z Implicit (via button) MON Note: The module operates exclusively in the approved mode using approved security functions. The use of an approved security function is indicated implicitly by the completion of the corresponding service. Access rights are indicated using the following notation:
The Module does not implement any non-approved services. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
The Module supports a bypass capability. Each of the two Waveforms supported by the Module can be linked to one of the VLANs managed by the Module. Each VLAN can be configured to be either encrypted or non-encrypted (bypass). The Module can simultaneously output data in either a cryptographically protected or non-protected form
Ultra Intelligence & Communications. 5. Software Security The module's firmware is comprised of two components: the bootloader and the firmware image. This latter component contains all firmware executed by the modem and ethernet controller. The integrity of both components is checked during the boot sequence by the module's bootloader. The following three tests are performed:
The Module supports the upgrading of the firmware image component. Firmware upgrades can be performed by a user assigned the Operator or Crypto Officer role. Upgrades are performed through the GUI of the management laptop. Only firmware authenticated by Ultra can be loaded into the Module. See section 10.3 Firmware Load Test for a description of how the Module verifies the authenticity of firmware upgrades. If the module is unable to verify the authenticity of the firmware an error is raised (see 10.5 Error Handling). If the new firmware is determined to be authentic, the Module transfers the new firmware to non-volatile memory and invokes a reboot. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 6. Operational Environment This section is not applicable. A cryptographic module that has a physical security rating above 1, has no operational environment requirements. The Module provides the following operational environments: Table 8
Ultra Intelligence & Communications. 7. Physical Security The module is enclosed in a production-grade weatherproof aluminum alloy case that is opaque to the visible spectrum, which defines the cryptographic boundary of the module. There are no openings (slits and/or holes) in the enclosure to give any visual or physical access to internal components. The module is classified as having a multi-chip standalone embodiment.
The module's enclosure is sealed using four (4) tamper evident seals, that prevent the enclosure from being opened without signs of tampering. The tamper evident seals shall be properly installed for the module to operate in the approved mode of operation. The part number for ordering tamper evident seals is 612-990311-402. 7.1.1. Storage Tamper evidence seals should be stored in a climate-controlled facility, that can maintain a maximum temperature of 90°F (32°C) and a relative humidity between 35% to 90%. Stored in this manner, the seals will remain viable for a minimum of 1 year. Cooler temperatures extend the shelf life. The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident seals. 7.1.2. Application If the tamper evident seals have not been pre-applied by Ultra, the Crypto Officer is responsible for their application. The locations of the tamper evident seals are shown in Figure 3
Ultra Intelligence & Communications.
Ultra Intelligence & Communications. 8. Non-invasive Security This section is not applicable. There are currently no approved non-invasive mitigation metrics defined at the time of writing. (Ref: ISO/IEC 19790:2012 Annex F) AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 9. SSP Management The Module manages the SSPs, and keys listed in the following two tables. Table 10
Ultra Intelligence & Communications. Key / SSP Strength Security Generation Import Establish Storage Zeroisation Use & related Name / Type Function and /Export ment keys Cert. Number TLS Master 48 bytes KAS-ECC-SSC - - using SP Plaintext Rebooting Used in TLS Secret (A4734) 800- 135 in RAM connections to (CSP) KDF TLS derive the
TLS Session 128, AES-GCM Internally - - Plaintext Rebooting Data encryption Key 256 (A4734, A4738) generated in RAM for TLS sessions (CSP) and derived using TLS protocol TLS Session 256 Internally - - Plaintext Rebooting Data Authenticatio HMAC-SHA2-256 generated in RAM authentication n Key (A4734) and derived for TLS sessions (CSP) using TLS protocol Traffic 160 HMAC-SHA-1 - Electronic - Plaintext Zeroisation Configure authentication (A4734) ally in Flash service Hashing Keys key imported for traffic data (CSP) through encryption manage ment GUI Traffic 128, AES-CBC (A4734) - Electronic - Plaintext Zeroisation Configure Keys Encryption 256 ally in Flash service for traffic data Key imported encryption (CSP) through manage ment GUI User password 256 PBKDF, SHA2- From user - - Plaintext Zeroisation Authentication key 256 (A4734) password in Flash service (CSP) A static ECDSA public/private key pair exists in the module firmware, but these keys are only used for testing the implementation of ECDSA. The module does not use these keys operationally.
SSPs stored in volatile memory (RAM) are zeroized by powering down or rebooting the Module. SSPs stored in non-volatile memory (Flash) can be zeroized using either of the following two methods:
The Module does not implement any algorithms / keys that will transition from approved to non-approved before the validation expires. The Module's digital signature, block cipher, hashing and key establishment algorithms are compliant to the requirements of CNSA 1.0.
The following entropy sources are available to the module and have been tested to NIST SP800-90B. Table 11
Ultra Intelligence & Communications. 10. Self-tests The Module performs both pre-operational and conditional self-tests. Once invoked, the Module will perform no functions or services until the self-test(s) has been completed.
Pre-operational self-tests are performed automatically after the Module has been powered up. No action from the operator is required. In its pre-operational state, the Module performs the Cryptographic Algorithm Self-Test (CAST) that is required for the subsequent firmware integrity test. Once the integrity test has passed, the Module performs a suite of cryptographic algorithm tests pre-operationally. All tests must be passed for the Module to transition to an operational state. If any test fails, the Module transitions to an error state (see section 10.5 Error Handling). While the pre-operational self-tests are being performed, the data output interface is inhibited. The module performs the following pre-operational self-tests: Table 12
Pre-operational self-tests can be invoked on-demand by rebooting the module.
Conditional self-tests are performed by the Module during operation when specific conditions occur. The Module performs the following conditional self-tests: Table 13
Ultra Intelligence & Communications. Hash_DRBG SHA2-256 KAT Instantiate, Generate, Reseed health tests On power up KAS-ECC-SSC P-256 KAT Shared secret calculation On power up ECDSA SHA2-256 PCT SigGen and SigVer On generation of ECDH key pair PBKDF SHA2-256 KAT Derive master key: 384, 400 and 512 bits On power up TLS 1.2 KDF SHA2-256 KAT - On power up TLS 1.3 KDF SHA2-256 KAT - On power up SNMP KDF SHA-1 KAT - On power up Firmware HMAC-SHA2-256 - - On firmware upgrade Hash_DRBG - CHT verify that the output of the DRBG is not On instantiate, generate and the same as the previous value reseed - - RCT Verify that the noise source has not gotten On power up, and each time stuck on a single value entropy is requested (every 10ms) - - APT Verify that no value is occurring more On power up, and frequently than expected over any group Continuously (every 10ms) of512 consecutive samples Bypass HMAC-SHA2-256 KAT Verify the integrity of the configuration file On power up Ethernet Controller (WolfSSL) HMAC SHA2-256 KAT - On power up SHS SHA2-256 KAT - On power up Hardware Acceleration AES CBC KAT Encrypt and decrypt, 128 and 256-bit keys On power up HMAC SHA-1 KAT - On power up SHS SHA-1 KAT Message lengths: 8, 16, 128, 256, 360, 384 On power up bits Ultra IC Kernel SHS SHA-1 KAT - On power up UBoot Bootloader SHS SHA2-256 KAT - On power up Upon failure of the conditional bypass self-test, the module will transition to the soft error state. The failure of any other self-test will induce a transition to the hard error state. The Crypto Officer will be required to take the actions described in section 10.5 Error Handling. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Upon receiving a firmware upgrade request, the Module invokes its firmware load test. This test entails the Module computing the expected MAC of the new firmware image using HMAC-SHA2-256 and its embedded configuration integrity key. This MAC is compared to the MAC of the firmware image received. If the MACs match, the Module accepts the new firmware and copies it into the non-volatile memory.
Each Waveform can be connected to either an encrypted data path or a non-encrypted data path. The configuration of each Waveform is stored in a single configuration file for the entire module. Whenever the user makes any change to the configuration of the module, this file is updated and the module calculates a new message authentication code (MAC) of the entire configuration file, using HMAC-SHA2-256 and the configuration integrity key. The new configuration file MAC is stored in a non-volatile memory location. During the boot process, the module performs both a pre-operational bypass self-test and a conditional bypass self-test. The conditional test is performed first. This test involves calculating a MAC of the existing configuration file and comparing it to the previously calculated MAC. The bypass test fails if the MACs do not match. When this occurs, the module raises a configuration alarm and transitions into a soft error state where cryptographic and traffic operations are inhibited. The user must invoke the "Reset settings" service to clear the error condition. The pre-operational test involves assigning each Waveform to the non-encrypted data path followed by the encrypted data path. For each assignment, a test packet is sent through the module's transfer switch and hardware encryption engine. The module then checks the transmitted packet counts for each Waveform. If the counts are not what is expected, the test fails causing the Module to transition to the hard error state.
If the bypass self-test fails, the module enters the "soft error state". If any other self-test fails, the module enters the "hard error state". When the module enters any error state it automatically stops transmitting by shutting off the waveform interfaces. This is to ensure any data output via the data output interface is inhibited. The user can recover from the soft error state by invoking the "Reset settings" service (see section 10.4 Bypass self-test). To recover from a hard error state, the Module must be power cycled. In either case, an error message is logged in the module System Log. A service status is shown for the Crypto Officer through the WebGUI for review. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 11. Life-cycle Assurance The following sections describe how to install, configure, operate and eventually dispose of the Module. Additional information and recommended replacement Modules can be found on Ultra's website or by contacting customer service at 514 855 6363.
The Crypto Officer is responsible for the initialization, configuration, and management of the Module. The Crypto Officer can receive the Module from the vendor via trusted delivery courier including but not limited to DHL, UPS, and FedEx. The Crypto Officer can also arrange for pick up directly from Ultra. Upon receipt of the Module, the Crypto Officer should check the package for any irregular tears or openings. Upon opening the package, the Crypto Officer should inspect the tamper-evident seals. If there is suspicion of tampering, the Crypto Officer shall contact Ultra immediately.
The Crypto Officer is responsible for the initialization of the module through the Web Interface. The Crypto Officer must login to the module using the default username "CryptoOfficer" and password "CryptoOfficer11!". Once first-time authentication has been completed, the Crypto Officer is forced to create a new password respecting the password restrictions enforced by the Module as defined in section 4.4 . The following steps are required to enable the secure operation of the Module:
The Crypto Officer can configure and monitor the Module via the secure Web-based GUI. The Crypto Officer should check the System Status and System Logs frequently for errors. If the Module ceases to function normally, contact Ultra customer support. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
The Module's web-based interface and configuration options available to a user assigned the Operator or Monitor profile are a subset of the interface and configuration options available to the Crypto Officer. Refer to Section 11.1
The internal components of the Module cannot be replaced on the field. In case of hardware malfunction or defect, the Crypto Officer shall:
There are no known CVEs with this module.
The Module is expected to last for the duration of the validation certificate. If the validation certificate has expired and no new validated firmware upgrade has been made available, the Module is considered void and must no longer be used. The Crypto Officer must arrange for disposal of the module hardware in accordance with regulation: DFARS 252.245-7005 Reporting, Reutilization, and Disposal. https://www.acquisition.gov/dfars/part-252-solicitation-provisions-and-contract-clauses#DFARS_252.245-7004 AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. 12. Mitigation of Attacks The module does not claim mitigation of attacks. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Acronyms Acronym Meaning Acronym Meaning AES Advanced Encryption Standard KAT Known Answer Test API Application Programming Interface MAC Message Authentication Code APT Adaptive Proportion Test MIB Management Information Base CAST Cryptographic Algorithm Self-Test MON Monitor CAVP Cryptographic Algorithm Validation Program NIST National Institute of Standards and Technology CBC Cipher Block Chaining NTP Network Time Protocol CCCS Canadian Centre for Cyber Security OE Operational Environment CHT Continuous Health Test OP Operator CMVP Cryptographic Module Validation Program OS Operating System CO Crypto-Officer PBKDF Password Based Key Derivation Function CPU Central Processing Unit PCT Pair-Wise Consistency Test CSP Critical Security Parameter PKCS Public Key Certificate / Cryptography CSTL Cryptographic and Security Testing Standard Laboratory POST Pre-Operational Self-Test DH Diffie-Hellman PRF Pseudorandom Function DRBG Deterministic Random Bit Generator PSP Public Security Parameter EC DH Elliptic Curve Diffie-Hellman RBG Random Bit Generator ECC Elliptic Curve Cryptography RCT Repetition Count Test ECC CDH ECC Cofactor Diffie-Hellman SHA Secure Hash Algorithm ECDSA Elliptic Curve Digital Signature Algorithm SNMP Simple Network Management Protocol FIPS Federal Information Processing Standard SP Security Policy or Special Publication GCM Galois Counter Mode SSH Secure Shell GUI Graphical User Interface SSL Secure Sockets Layer HMAC Hash-Based Message Authentication Code SSP Sensitive Security Parameter IEC International Electrotechnical Commission TLS Transport Layer Security ISO International Organization for Standardization KAS Key-Agreement Scheme AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.
Ultra Intelligence & Communications. Document History Version Date Author Description
1.3 1 Jun 2023 Brent Hyde Ultra styles added. Self-tests updated based on source code
1.9 25 Aug 2023 Brent Hyde Added PBKDF and ECDSA, other minor tweaks
1.10 22 Sep 2023 Brent Hyde Bypass testing updates. Adding bootloader integrity test and
1.11 16 Nov 2023 Brent Hyde Module photo added, control output interface removed, authentication
changed to role-based, bootloader integrity finalized, processor names adjusted for consistency with ACVP, tamper seal placement defined, bypass testing finalized, end-of-life finalized, unused acronyms removed.
1.12 27 Nov 2023 Brent Hyde ECDSA keys removed. Version numbers added. CAVP certs added.
1.14 20 Dec 2023 James Ramage Entropy section completed, ECDH peer key removed.
1.15 22 Dec 2023 Brent Hyde Addressing QA observations, physical security inspection reformatted as
a table. AN/KRC-6 (ATCS-BBU) © 2025 Ultra Intelligence & Communications This document may be reproduced and distributed only in its entirety, without modification.