| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 4/15/2030 |
| Entropy | ENT (P) |
| Caveat | When operated in approved mode, installed, initialized and configured as specified in Section 11.3 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy. |
| Vendor | Ceragon Networks Ltd. |
| Hardware versions | [IP-20N with TEL P/N: BS-0341-2 and with components: IP-20 TCC-B2-XG-MC: N000082H003, IP-20 TCC-U: N000082H005, IP-20 RMC-B: N000082H004], [IP-20A with TEL P/N: BS-0341-2 and with components IP-20 TCC-B2-XG-MC: N000082H003, IP-20 TCC-U: N000082H005, IP-20 RMC-B: N000082H004], [IP-20G], [IP-20C], [IP-20S], [IP-20C-HP], [IP-50C], and [IP-50E (Rev. 6)] |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2755 |
| AES-CBC | A2758 |
| AES-CFB128 | A2758 |
| AES-CTR | A680 |
| AES-CTR | A2758 |
| AES-ECB | A2758 |
| AES-GCM | A2758 |
| AES-KW | A2758 |
| AES-OFB | AES 4014 |
| Counter DRBG | A2758 |
| DSA KeyGen (FIPS186-4) | A2758 |
| ECDSA KeyGen (FIPS186-4) | A2758 |
| ECDSA KeyVer (FIPS186-4) | A2758 |
| ECDSA SigGen (FIPS186-4) | A2758 |
| ECDSA SigVer (FIPS186-4) | A2758 |
| HMAC-SHA-1 | A2758 |
| HMAC-SHA2-256 | A2755 |
| HMAC-SHA2-256 | A2758 |
| HMAC-SHA2-384 | A2758 |
| HMAC-SHA2-512 | A2758 |
| KAS-ECC-SSC Sp800-56Ar3 | A2758 |
| KAS-FFC-SSC Sp800-56Ar3 | A2758 |
| KDF IKEv1 | A2756 |
| KDF SNMP | A2757 |
| KDF SSH | A2758 |
| RSA KeyGen (FIPS186-4) | A2758 |
| RSA SigGen (FIPS186-4) | A2758 |
| RSA SigVer (FIPS186-4) | A2758 |
| SHA-1 | A2758 |
| SHA2-256 | A2755 |
| SHA2-256 | A2758 |
| SHA2-384 | A2758 |
| SHA2-512 | A2758 |
| TLS v1.2 KDF RFC7627 | A2758 |
| TLS v1.3 KDF | A2758 |
| Requirement area | Level |
|---|---|
| Self-Tests | 2 |
flowchart LR
%% Deterministic review-risk graph for IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>Release 12.0.1</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Change Password</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>(1x) ACT LED (1x) RJ45 External Alarms</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>Release 12.0.1</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Change Password</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>(1x) ACT LED (1x) RJ45 External Alarms</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;Ceragon Networks IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E Firmware: 12.0.1 Hardware: IP-20N and IP-20A, with TEL P/N: BS-0341-2 and with components:
Rockville, MD 20850 www.acumensecurity.net
Ceragon Networks Ltd. assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein. Ceragon reserves the right to make changes to any products described herein to improve reliability, function, or design, and reserves the right to revise this document and to make changes from time to time in content hereof with no obligation to notify any person of revisions or changes. Ceragon does not assume any liability arising out of the application or use of any product, software, or circuit described herein; neither does it convey license under its patent rights or the rights of others. It is possible that this publication may contain references to, or information about Ceragon products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that Ceragon intends to announce such Ceragon products, programming, or services in your country. This document, Ceragon products, and 3rd Party software products described in this document may include or or other media. Laws in the United States and other countries preserve for Ceragon, its licensors, and other 3rd products described in this document may not be copied, reproduced, reverse engineered, distributed, merged or modified in any manner without the express written permission of Ceragon. Furthermore, the purchase of Ceragon products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, any except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of a product. Restrictions of the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without prior written permission of Ceragon. License Agreements The software described in this document is the property of Ceragon and its licensors. It is furnished by express license agreement only and may be used only in accordance with the terms of such an agreement. High Risk Materials Ceragon and its supplier(s) specifically disclaim any express or implied warranty of fitness for any high-risk activities or uses of its products including, but not limited to, the operation of nuclear facilities, aircraft navigation or aircraft communication systems, air traffic control, life support, or weapons systems (“High Risk Use”). Any High Risk is unauthorized, is made at your own risk and you shall be responsible for any and all losses, damage or claims arising out of any High-Risk Use. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| # | Section | Page |
|---|---|---|
| Purpose | 5 | |
| Document Organization | 5 | |
| 1 | General | 6 |
| 2 | Cryptographic Module Specification | 6 |
| 2.1 | Cryptographic Boundary | 6 |
| 2.2 | Modes of Operation | 10 |
| 2.3 | Cryptographic Algorithms | 10 |
| 3 | Cryptographic Module Interfaces | 20 |
| 4 | Roles, services, and authentication | 32 |
| 4.1 | Authorized Roles | 32 |
| 4.2 | Authentication Mechanisms | 34 |
| 4.3 | Services | 35 |
| 5 | Software/Firmware Security | 40 |
| 6 | Operational Environment | 41 |
| 7 | Physical Security | 41 |
| 8 | Non-invasive Security | 52 |
| 9 | Sensitive security parameter management | 53 |
| 9.1 | Generation | 62 |
| 9.2 | Import/Export | 62 |
| 9.3 | Storage | 62 |
| 9.4 | Zeroization Procedures | 62 |
| 10 | Self-tests | 63 |
| 10.1 | Pre-Operational Self-Tests | 63 |
| 10.2 | Conditional Self-Tests | 63 |
| 10.3 | Self-Tests Error Handling | 64 |
| 11 | Life-cycle assurance | 64 |
| 11.1 | Secure Operation | 65 |
| 11.2 | Installation | 65 |
| 11.3 | Initialization | 65 |
| 11.4 | Management | 67 |
| 11.4.1 | SSH Usage | 67 |
| 11.4.2 | TLS Usage | 67 |
| 11.5 | Maintenance | 68 |
| 12 | Mitigation of other attacks | 68 |
List of Figures Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
Introduction This is a non-proprietary FIPS 140-3 Security Policy for Ceragon Networks Ltd. and the following Ceragon Networks products: IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, and IP-50E. Below are the details of the certified products: Hardware Version #:
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic module specification | 2 |
| 3 | 3 | Cryptographic module interfaces | 2 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 2 |
| 6 | 6 | Operational environment | N/A |
| 7 | 7 | Physical security | 2 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle assurance | 2 |
| 12 | 12 | Mitigation of other attacks | N/A |
Figure 1
Figure 4
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| IP-20G | IP-20G | IP-20G | 12.0.1 | Fixed configuration IDU2. See Table 5 |
| IP-20C | IP-20C | IP-20C | 12.0.1 | Fixed configuration ODU3. See Table 6 |
| IP-20S | IP-20S | IP-20S | 12.0.1 | Fixed configuration ODU. See Table 7 |
| IP-20C-HP | IP-20C-HP | IP-20C-HP | 12.0.1 | Fixed configuration ODU. See Table 8 |
| IP-20N | IP-20N | IP-20N with TEL P/N: BS-0341-2 and with components: o IP-20 TCC-B2-XG-MC: N000082H003 o IP-20 TCC-U: N000082H005 o IP-20 RMC-B: N000082H004 | 12.0.1 | Modular IDU. • Single or dual TCC • Dual RMC-B • Dual Power supplies See Table 9, Table 10 and Table 11 |
| IP-20A | IP-20A | IP-20A with TEL P/N: BS-0341-2 and with components: o IP-20 TCC-B2-XG-MC: N000082H003 o IP-20 TCC-U: N000082H005 o IP-20 RMC-B: N000082H004 | 12.0.1 | Modular IDU. • Single or dual TCC • Dual RMC-B • Dual Power supplies See Table 9, Table 10 and Table 11 |
| IP-50C | IP-50C | IP-50C | 12.0.1 | Fixed configuration ODU. See Table 12 |
| IP-50E | IP-50E | IP-50E (Rev. 6) | 12.0.1 | Fixed configuration ODU. See Table 13 |
Figure 7
2 x FE Ethernet management interfaces, 2 x GbE optical interfaces, 2 x GbE electrical
interfaces, and 2 x dual mode electrical or cascading interfaces.
o o o
| Name | CAVP Cert | Mode Method | Key Size | Use Function | |
|---|---|---|---|---|---|
| A2758 | A2758 | CBC | Direction: Decrypt, Encrypt Key Length: 128, 256 | Used for control/ management plane encryption/ decryption | AES (FIPS 197) |
| ECB | ECB | Direction: Decrypt, Encrypt Key Length: 128, 256 | |||
| CTR | CTR | Direction: Decrypt, Encrypt Key Length: 128, 192, 256 Payload Length: 8-128 Increment 8 Incremental Counter Counter Tests Performed | |||
| CFB128 | CFB128 | Direction: Decrypt, Encrypt Key Length: 128 | |||
| GCM4 | GCM4 | Direction: Decrypt, Encrypt IV Generation: Internal IV Generation Mode: 8.2.1 Key Length: 128, 256 Tag Length: 32, 64, 96, 104, 112, 120, 128 IV Length: 96-1024 Increment 8 Payload Length: 8-65536 Increment 8 AAD Length: 0-65536 Increment 8 | |||
| KW | KW | Direction: Decrypt, Encrypt Cipher: Cipher, Inverse Key Length: 256 Payload Length: 128-524288 Increment 128 | |||
| SHS (FIPS 180-4) | SHA-1 SHA2-256 SHA2-384 SHA2-512 | Message Length: 0-65536 Increment 8 | Used for control/ management plane message digests. SHA-1 is permitted within SSH, TLS and IPSec protocols, and legacy signature verification only. | SHS (FIPS 180-4) | |
| HMAC | HMAC- SHA1 | MAC: 32-160 Increment 8 Key Length: 8- 524288 Increment 8 | Used for control/ management plane | HMAC |
d HMACSHA1 GCM IV generation tested in accordance with IG C.H, scenario 1 TLSv1.2 following RFCs 5516, 5246, 5288, and
5289 as well as SSH following RFCs 4251, 4252, 4253, 4254 and 5647. The IV is generated only for use with GCM
encryption within the protocol being used. The TLS cipher suites supported by the module are identified in section
11.4.2 of this document which are included in SP 800-52 Rev2 section 3.3.1. The module also internally generates
IVs for TLS 1.3 (RFC 8446) in accordance with scenario 5 in IG C.H. In the case the module’s power is lost and then restored, a new key for use with AES-GCM encryption/decryption is established. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Call | Description | Mode/Me thod | |
|---|---|---|---|---|
| (FIPS 198-1) | message authentication | MAC: 32-256 Increment 8 Key Length: 8- 524288 Increment 8 | (FIPS 198-1) | HMAC- SHA2-256 |
| HMAC- SHA2-384 | MAC: 32-384 Increment 8 Key Length: 8- 524288 Increment 8 | HMAC- SHA2-384 | ||
| HMAC- SHA2-512 | MAC: 32-512 Increment 8 Key Length: 8- 524288 Increment 8 | HMAC- SHA2-512 | ||
| DRBG (SP800- 90Arev1) | Used for control/ management plane random bit generation | Capabilities: Mode: AES-256 Derivation Function Enabled: Yes Additional Input: 0-256 Increment 256 Entropy Input: 2048 Increment 128 Nonce: 128 Personalization String Length: 0-256 Increment 256 Returned Bits: 256 | DRBG (SP800- 90Arev1) | CTR_DRBG |
| ECDSA (FIPS 186-4) | Used for control/ management plane key generation, signature generation, and signature verification | Capabilities: Curve: P-256 Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 Secret Generation Mode: Testing Candidates | ECDSA (FIPS 186-4) | KeyGen, KeyVer, SigGen, SigVer |
| DSA (FIPS 186-4) | Used for control/ management plane FCC key generation | Capabilities: L: 2048 N: 224 L: 2048 N: 256 L: 3072 N: 256 | DSA (FIPS 186-4) | KeyGen |
| RSA (FIPS 186-4) | Used for control/ management plane key generation, signature generation, and signature verification | Capabilities: Key Generation Mode: B.3.3 Properties: Modulo: 2048 Primality Tests: Table C.2 Properties: Modulo: 3072 Primality Tests: Table C.2 Properties: Modulo: 4096 Primality Tests: Table C.2 Info Generated By Server Public Exponent Mode: Random Private Key Format: Standard | RSA (FIPS 186-4) | KeyGen |
d HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 (SP80090Arev1) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Description | Mode/Me thod |
|---|---|---|
| SigGen | Capabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 2048 Salt Length: 28 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Properties: Modulo: 3072 Hash Pair: | SigGen |
| SigVer | Capabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: ANSI X9.31 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: | SigVer |
d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Call | Description | Mode/Me thod | |
|---|---|---|---|---|
| KTS-1 | Used for key transport on the data plane; key establishment methodology provides 256 bits of encryption strength | AES-256 in KW mode | KTS-1 | AES |
| KTS-2 | Used for key transport on the management plane within TLS and SSH; key establishment methodology provides 128 or 256 bits of encryption strength | AES-128 and AES-256 in GCM mode | KTS-2 | AES |
| KTS-3 | Used for key transport on the management plane within SSH; key establishment methodology provides between 128 and 256 bits of encryption strength | AES-128, AES-192 and AES-256 in CTR mode with HMAC SHA-1 | KTS-3 | AES HMAC |
| KTS-5 | Used for key transport on the management plane within TLS; key establishment methodology provides 128 or 256 bits of encryption strength | AES-128 and AES-256 in CBC mode with HMAC-SHA-1 or HMAC SHA-256 | KTS-5 | AES HMAC |
d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | ||
|---|---|---|---|---|---|---|
| CKG6 | Vendor- affirmed | SP800- 133rev2 | §4: Using the Output of a Random Bit Generator §5: Generation of Key Pairs for Asymmetric-Key Algorithms §6.1: The “Direct Generation” of Symmetric Keys §6.2: Derivation of Symmetric Keys | Symmetric key and asymmetric seed generation | ||
| KAS-1 | A2758 A2756 | Diffie-Hellman key establishment | KAS-FFC-SSC Cert. #A2758 with CVL Certs. | |||
| ffdhe2048, ffdhe3072 providing 112 and 128 bits of encryption strength | ffdhe2048, ffdhe3072 providing 112 and 128 bits of encryption strength | using KAS-FFC-SSC with SP 800-135 SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF | ||||
| KAS-2 | A2758 A2756 | KAS-ECC-SSC Cert. #A2758 with CVL Certs. #A2758, #A2756 and #A2757 P-256 providing 128 bits of encryption strength | Elliptic Curve Diffie- Hellman key establishment using KAS-ECC-SSC with SP 800-135 SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF | |||
| KDF IKEv1 CVL (SP800- 135-r1) | A2756 | KDF IKEv1 | Used for key derivation within IPsec Not implemented on Freescale P1021 or ARM based platforms | Capabilities: Authentication Method: Pre- | ||
| CVL (SP800- 135-r1) | A2757 | KDF SNMPv3 | Password Length: 64, 256 Engine ID: 3078313130663331626636303532333062 64, 3078333964653663643936303437353165 63 | Used for key derivation within management protocols | ||
| AES (FIPS 197) | A2755 | CBC | Direction: Decrypt, Encrypt Key Length: 256; tested but not used on Freescale P1012 or ARM based platforms | Used for data encryption/ decryption within IPsec | ||
| HMAC (FIPS 198-1) | HMAC- SHA2-256 | MAC: 128; Key Length: 256; tested but not used on Freescale P1012 or ARM based platforms | Used for message authentication within IPSec | |||
| SHS (FIPS 180-4) | SHA2-256 | Message Length: 0-51200 Increment 8; not used on Freescale P1012 or ARM based platforms | Used for message digests within IPsec | |||
| KTS-4 | AES HMAC | AES-256 in CBC mode with HMAC SHA-256 | Used for key transport on the management plane within IPsec; key establishment methodology provides 256 bits of encryption strength | |||
| AES (FIPS 197) | AES 4014 | OFB | Direction: Decrypt, Encrypt Key Length: 256 | Used for data plane encryption/ decryption (IP-20C, -20S, -20C-HP) | ||
| AES (FIPS 197) | A680 | CTR | Direction: Decrypt, Encrypt Key Length: 256 Payload Length: 128 Incremental Counter Counter Tests Performed | Used for data plane encryption/ decryption (IP-50C, -50E, -20G, -20A, - 20N) | ||
| ENT (P) | ENT (P) | Ring-oscillator noise source with no conditioning function Conformant to SP 800-90B and IG D.J and D.K. Min- entropy: 1.9 bits per byte | ||||
| RADIUS | MD5 |
Vendoraffirmed d KAS-FFCSSC (SP80056arev3) DiffieHellman KAS-ECCSSC (SP80056arev3) (SP800135-r1) SP800133rev2 Note that no parts of the SSH, SNMPv3, IKEv1 and TLS protocols, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) as per SP 800-133r2 (vendor affirmed). The resulting generated symmetric keys and the seed used in the asymmetric key generation are the unmodified output from an NIST SP 800-90A DRBG. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
d (SP800SNMPv3 HMACSHA2-256 Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | ||
|---|---|---|---|---|---|---|
| KTS-4 | AES HMAC | AES-256 in CBC mode with HMAC SHA-256 | Used for key transport on the management plane within IPsec; key establishment methodology provides 256 bits of encryption strength | |||
| AES (FIPS 197) | AES 4014 | OFB | Direction: Decrypt, Encrypt Key Length: 256 | Used for data plane encryption/ decryption (IP-20C, -20S, -20C-HP) | ||
| AES (FIPS 197) | A680 | CTR | Direction: Decrypt, Encrypt Key Length: 256 Payload Length: 128 Incremental Counter Counter Tests Performed | Used for data plane encryption/ decryption (IP-50C, -50E, -20G, -20A, - 20N) | ||
| ENT (P) | ENT (P) | Ring-oscillator noise source with no conditioning function Conformant to SP 800-90B and IG D.J and D.K. Min- entropy: 1.9 bits per byte | ||||
| RADIUS | MD5 |
d Table 3
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| (1x) FE Management Interfaces7 (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces | (1x) FE Management Interfaces7 (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (TNC, GbE, E1/DS1) |
| (1x) FE Management Interfaces (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces | (1x) FE Management Interfaces (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (TNC, GbE, E1/DS1) |
| (1x) Sync In/Out RJ-45 Interface (1x) RJ-45 Terminal Interface (1x) FE Management Interfaces | (1x) Sync In/Out RJ-45 Interface (1x) RJ-45 Terminal Interface (1x) FE Management Interfaces | Control Input | Clock signaling (Sync) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) |
| (1x) RJ-45 Terminal Interface (1x) FE Management Interfaces (1x) DB9 External Alarms LEDs | (1x) RJ-45 Terminal Interface (1x) FE Management Interfaces (1x) DB9 External Alarms LEDs | Status Output | Alarm signaling (DB9) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) |
| (1x) -48V DC Power Interface | (1x) -48V DC Power Interface | Power Input | N/A |
| (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) | (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports) |
| (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports | (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports) |
| (1x) Source Sharing (1x) RJ-45 Management Interface | (1x) Source Sharing (1x) RJ-45 Management Interface | Control Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Signaling (Source Sharing) |
| (1x) RSL Indication (1x) RJ-45 Management Interface | (1x) RSL Indication (1x) RJ-45 Management Interface | Status Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL) |
| (1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE) | (1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE) | Power Input | N/A |
| (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports | (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports) |
| (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports | (1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports) |
| (1x) RJ-45 Management Interface | (1x) RJ-45 Management Interface | Control Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) |
| (1x) RSL Indication (1x) RJ-45 Management Interface | (1x) RSL Indication (1x) RJ-45 Management Interface | Status Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL) |
| (1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE) | (1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE) | Power Input | N/A |
| (1x) RJ-45 Data Port (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports | (1x) RJ-45 Data Port (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45 Management) Data traffic (Data Ports, Antenna Ports) |
| (1x) RJ-45 Data Port (1x) RJ-45 Management Interface | (1x) RJ-45 Data Port (1x) RJ-45 Management Interface | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45 Management) |
| (2x) Data port (Electrical or Optical) (2x) Antenna Ports | (2x) Data port (Electrical or Optical) (2x) Antenna Ports | Data traffic (Data Ports, Antenna Ports) | |
| (1x) Source Sharing (1x) RJ-45 Management Interface | (1x) Source Sharing (1x) RJ-45 Management Interface | Control Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Signaling (Source Sharing) |
| (1x) RSL Indication (1x) RJ-45 Management Interface | (1x) RSL Indication (1x) RJ-45 Management Interface | Status Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL) |
| (1x) -48V DC Power Interface | (1x) -48V DC Power Interface | Power Input | N/A |
| (6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces | (6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces | Data Input | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Data traffic (GbE) |
| (6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces | (6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces | Data Output | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Data traffic (GbE) |
| (1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | (1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | Control Input | Clock signaling (Sync) TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Serial console (Terminal) Signaling (Synchronization) |
| (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | Status Output | Alarm signaling (DB9) TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) |
| (1x) ACT LED (1x) RJ45 External Alarms | (1x) ACT LED (1x) RJ45 External Alarms | Serial console (Terminal) Activity (LED) Alarm signaling (RJ45) | |
| (2x) GbE Optical Interfaces (2x) FE Management Interfaces8 (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces | (2x) GbE Optical Interfaces (2x) FE Management Interfaces8 (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (GbE) |
| (2x) GbE Optical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces | (2x) GbE Optical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (GbE) |
| (1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | (1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces | Control Input | Clock signaling (Sync) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) Signaling (Synchronization) |
| (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces (1x) ACT LED (1x) DB9 External Alarms | (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces (1x) ACT LED (1x) DB9 External Alarms | Status Output | Alarm signaling (DB9) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) Activity (LED) Alarm signaling (DB9) |
| (1x) TNC RFU Interface | (1x) TNC RFU Interface | Data Input | Data traffic |
| (1x) TNC RFU Interface | (1x) TNC RFU Interface | Data Output | Data traffic |
| (1x) TNC RFU Interface | (1x) TNC RFU Interface | Control Input | Data plane control signaling |
| (1x) ACT LED (1x) Link LED (1x) RFU LED | (1x) ACT LED (1x) Link LED (1x) RFU LED | Status Output | Activity |
| (1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | (1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | Data Input | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) Data traffic (Antenna ports, GbE) |
| (1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | (1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | Data Output | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) Data traffic (Antenna ports, GbE) |
| (1x) RJ-45 GbE Management Interface | (1x) RJ-45 GbE Management Interface | Control Input | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) |
| (1x) Source Sharing | (1x) Source Sharing | Signaling (Source Sharing) | |
| (1x) RJ-45 GbE Management Interface (1x) RSL Indication | (1x) RJ-45 GbE Management Interface (1x) RSL Indication | Status Output | TLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL) |
| (1x) -48V DC Power Interface | (1x) -48V DC Power Interface | Power Input | N/A |
| (1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | (1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | Data Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Data traffic (Antenna ports, GbE) |
| (1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | (1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports | Data Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Data traffic (Antenna ports, GbE) |
| (1x) RJ-45 GbE Management Interface (1x) Source Sharing (1x) Protection/XPIC | (1x) RJ-45 GbE Management Interface (1x) Source Sharing (1x) Protection/XPIC | Control Input | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Signaling (Source Sharing) |
| (1x) RJ-45 GbE Management Interface (1x) RSL Indication | (1x) RJ-45 GbE Management Interface (1x) RSL Indication | Status Output | TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) RSL signaling (RSL) |
| (1x) -48V DC Power Interface (1x) RJ-45 GbE Management Interface (PoE) | (1x) -48V DC Power Interface (1x) RJ-45 GbE Management Interface (PoE) | Power Input | N/A |
| WIFI Port | WIFI Port | N/A | This port is disabled |
the following diagrams/tables: Figure 8
N/A Table 5
N/A Table 6
Figure 10
Figure 11
N/A Table 8
Table 9
Table 10 –IP-20 TCC-B2-XG-MC: N000082H003 (IP-20N and IP-20A) Ports and Interfaces Figure 14
Figure 15
N/A Table 12
Figure 16
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Status | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Perform Self- Tests | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Change Password | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Transmit/Receive Data | User | Data plane packets | Data plane packets |
| Administrative access over SSH | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Administrative access over Web EMS | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| SNMPv3 | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Key Entry | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| IPSEC | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Zeroize | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Cycle Power | N/A | N/A | N/A |
| Status LED Output | N/A | N/A | LED Status |
| View Summaries | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Platform Management | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Fault Management | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Radio Configuration | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Ethernet Configuration | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Sync Settings | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| Utilities | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
| RBN | Crypto Officer | Web GUI forms, CLI commands | Web GUI status, CLI return messages |
N/A N/A Table 13
Perform SelfTests N/A N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | ||
|---|---|---|
| All passwords must be at least 8 characters and must include letters, numbers, and special characters. If (8) integers are used for an eight-digit password, the probability of randomly guessing the correct sequence is less than one (1) in 1,000,000 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 integer digits, 33 special characters, and 52 letter characters. The calculation should be 958 = 6,634,204,312,890,625). Therefore, the associated probability of a successful random attempt is less than 1 in 1,000,000. In order to successfully guess the sequence in one minute would require the ability to make over 110,570,071,881,510 guesses per second, which far exceeds the operational capabilities of the module. | CO | Password/Username |
| When using AES key-based authentication, the key has a size of 256-bits. Therefore, an attacker would have a 1 in | Users | AES-256 Master Key |
4.2 Authentication Mechanisms before being allowed access to services, which requires the assumption of an authorized role. The module employs the authentication methods described in the table below to authenticate Crypto-Officers and Unauthenticated users are only able to access the module LEDs and power cycle the module. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Show Status | Provides status of the module and module versioning | CO | N/A | N/A | N/A | N/A |
| Perform Self- Tests | Used to initiate on- demand self-tests (via power- cycle) | CO | N/A | N/A | N/A | N/A |
| Change Password | Update password with a new value | CO | Crypto Officer Password CO Password Hash | N/A | Crypto Officer Password (R/W) CO Password Hash (E) | N/A |
| Transmit/Receiv e Data | Encrypt/Dec rypt data passing through the module | User | Session Key Tx Session Key Rx Master Key | AES-OFB AES-ECB AES-CTR AES-KW | Session Key Tx (R/W/Z) Session Key Rx (R/W/Z) Master Key (R) | Admin status (enabled) |
| (Bypass mode when feature is not enabled) | (Bypass mode when feature is not enabled) | KTS (AES- KW) | ||||
| Administrative access over SSH | Secure remote command line appliance administrati on over an SSH tunnel. | CO | DRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC Diffie Hellman public key SSH Private Key SSH Public Key SSH Session Key SSH Integrity Key | AES-CTR HMAC KAS-ECC- SSC KAS-FFC- SSC KTS RSA SHS SSH KDF DRBG CKG DSA ECDSA | DRBG entropy input (R) DRBG Seed (R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman / EC Diffie Hellman private key (R/W/Z) Diffie Hellman / EC Diffie Hellman public key (R/W/Z) SSH Private Key (R/W) SSH Public Key (R/W) SSH Session Key (R/W/Z) SSH Integrity Key (R/W/Z) | Admin status (enabled) and session logs |
| Administrative access over Web EMS | Secure remote GUI appliance administrati on over a TLS tunnel. | CO | DRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC Diffie | AES-CBC AES-GCM HMAC KAS-ECC- SSC KAS-FFC- SSC KTS SHS RSA TLSv 1.2 KDF TLS v1.3 KDF DRBG CKG | DRBG entropy input (R) DRBG Seed (R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman / EC Diffie Hellman private key (R/W/Z) Diffie Hellman / EC Diffie Hellman public key (R/W/Z) TLS Private Key (R/W) TLS Public Key (R/W) | Admin status (enabled) and session logs |
| DSA ECDSA | Hellman public key TLS Private Key TLS Public Key TLS Pre-Master Secret TLS Master Secret TLS Session Encryption Key TLS Session Integrity Key | DSA ECDSA | TLS Pre-Master Secret (G/E/Z) TLS Master Secret (G/E/Z) TLS Session Encryption Key (G/E/Z) TLS Session Integrity Key (G/E/Z) | |||
| SNMPv3 | Secure remote SNMPv3- based system monitoring. | CO | SNMP Session Key SNMP Session Authentication Key SNMPv3 password | AES- CFB128 HMAC SHS SNMP KDF | SNMP Session Key (R/W/Z) SNMP Session Authentication Key (R/W/Z) SNMPv3 password (R/W/Z) | Admin status (enabled) and session logs |
| Key Entry | Enter key over managemen t interfaces | CO | Master Key | KTS | Master Key (R/W) | Admin status (enabled) and session logs |
| IPSec10 | Control plane traffic encryption using IKEv1 for key exchange (Self- initiated cryptograph ic output capability) | CO | IKE session encrypt key IKE session authentication key ISAKMP preshared key IPsec encryption key IPsec authentication key Diffie Hellman Shared Secret Diffie Hellman private key | AES-CBC HMAC SHS KTS KAS-FFC- SSC DSA IKEv1 KDF | IKE session encrypt key (R/W/Z) IKE session authentication key (R/W/Z) ISAKMP preshared key (R/W) IPsec encryption key (R/W/Z) IPsec authentication key (R/W/Z) Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman private key (R/W/Z) Diffie Hellman public key (R/W/Z) | Admin status (enabled) |
| Zeroize | Zeroize all CSPs | CO | All CSPs | N/A | All CSPs (Z) | Admin status (enabled) |
| Cycle Power | Reboot of module | N/A | DRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC Diffie Hellman public key SSH Session Key SSH Integrity Key SNMPv3 session key SNMPv3 session authentication key TLS Pre-Master Secret TLS Master Secret TLS Session Encryption Key TLS Session Integrity Key IKE session encrypt key | N/A | DRBG entropy input (Z) DRBG Seed (Z) DRBG V (Z) DRBG Key (Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (Z) Diffie Hellman / EC Diffie Hellman private key (Z) Diffie Hellman / EC Diffie Hellman public key (Z) SSH Session Key (Z) SSH Integrity Key (Z) SNMPv3 session key (Z) SNMPv3 session authentication key TLS Pre-Master Secret (Z) TLS Master Secret (Z) TLS Session Encryption Key (Z) TLS Session Integrity Key (Z) IKE session encrypt key (Z) IKE session authentication key (Z) IPsec encryption key (Z) IPsec authentication key (Z) Session Key Tx (Z) Session Key Rx (Z) | Console log |
| Status LED Output | View status via the modules’ LEDs | N/A | N/A | N/A | N/A | N/A |
| View Summaries | View unit summary information (Unit, Radio, Security) | CO | N/A | N/A | N/A | Admin status (enabled) |
| Platform Management | Shelf managemen t, unit configuratio n, interfaces, firmware settings, activation key, and statistics | CO | N/A | N/A | N/A | Admin status (enabled) |
| Fault Management | Alarm settings | CO | N/A | N/A | N/A | Admin status (enabled) |
| Radio Configuration | Radio interface settings (includes Bypass setting and status) | CO | N/A | N/A | N/A | Admin status (enabled) |
| Ethernet Configuration | Ethernet interface settings | CO | N/A | N/A | N/A | Admin status (enabled) |
| Sync Settings | Manage synchroniza tion | CO | N/A | N/A | N/A | Admin status (enabled) |
| Utilities | Generic utilities | CO | N/A | N/A | N/A | Admin status (enabled) |
| RBN | Bandwidth notification | CO | N/A | N/A | N/A | Admin status (enabled) |
| SNMPv1/v2c | Secure remote SNMPv1, v2c- based system monitoring. | CO | N/A | Admin status (disabled) | ||
| RADIUS | RADIUS authentication | MD5 | Admin status (disabled) | |||
| TACACS+ | TACACS+ authentication | MD5 | Admin status (disabled) | |||
| HTTP | Plaintext HTTP | N/A | Admin status (disabled) | |||
| Hot Standby | Hot Standby | N/A | Admin status (disabled) | |||
| Syslog | Audit log forwarding | N/A | Admin status (disabled) | |||
| NTP | Network Time Protocol servers | N/A | Admin status (disabled) | |||
| Telnet | Plaintext CLI access | N/A | Admin status (disabled) |
Table 15
KAS-ECCline KAS-ECCSSC KAS-FFCSSC s (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
SNMPv3based AESCFB128 (Selfinitiated KAS-FFCSSC s (G/E/Z) (G/E/Z) (G/E/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W) (R/W/Z) (R/W/Z) Only available on MIPS CPU based models Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
s N/A N/A N/A (Z) (Z) (Z) (Z) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
s N/A N/A N/A n, N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Sync Settings | Manage synchroniza tion | CO | N/A | N/A | N/A | Admin status (enabled) |
| Utilities | Generic utilities | CO | N/A | N/A | N/A | Admin status (enabled) |
| RBN | Bandwidth notification | CO | N/A | N/A | N/A | Admin status (enabled) |
| SNMPv1/v2c | Secure remote SNMPv1, v2c- based system monitoring. | CO | N/A | Admin status (disabled) | ||
| RADIUS | RADIUS authentication | MD5 | Admin status (disabled) | |||
| TACACS+ | TACACS+ authentication | MD5 | Admin status (disabled) | |||
| HTTP | Plaintext HTTP | N/A | Admin status (disabled) | |||
| Hot Standby | Hot Standby | N/A | Admin status (disabled) | |||
| Syslog | Audit log forwarding | N/A | Admin status (disabled) | |||
| NTP | Network Time Protocol servers | N/A | Admin status (disabled) | |||
| Telnet | Plaintext CLI access | N/A | Admin status (disabled) | |||
| Physical Security Mechanism | Recommended Frequency of | Inspection/Test Guidance | ||||
| Inspection/Test | Inspection/Test | Details | ||||
| Tamper Evidence Label | During regular physical maintenance operations. At least every six months. | Inspect the labels for obvious signs of damage/removal. Placement should be according to the figures below. |
N/A N/A N/A s N/A N/A N/A N/A N/A N/A Table 16
Figure 17
Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
Figure 18
Figure 19
Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
Figure 20
Figure 21
Figure 23
Figure 25
8. Non-invasive Security FIPS 140-3 Non-invasive Security requirements are not applicable. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
| Name | Key Size | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| DRBG A2758 | 256-bit | DRBG entropy input (CSP) | Generated using module entropy source | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use | Used for control/ management plane random bit generation | |||||||||||||
| DRBG A2758 | 256-bit | DRBG Seed (CSP) | Generated using SP 800-90Ar1 DRBG seed construction | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use | Seed used for DRBG instantiation and reseed | |||||||||||||
| DRBG A2758 | 256-bit | DRBG V (CSP) | SP 800- 90Ar1 DRBG Internal State | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use | Used for control/ management plane random bit generation | |||||||||||||
| DRBG A2758 | 256-bit | DRBG Key (CSP) | SP 800- 90Ar1 DRBG Internal State | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use | Used for control/ management plane random bit generation | |||||||||||||
| KAS-FFC-SSC 2048 bits | 112 and 128 bits | Diffie Hellman Shared Secret (CSP) | N/A | N/A | Established using SP 800- | Plaintext temporarily in RAM | Device power cycle or | Used for key transport on the management plane using Diffie-Hellman; key | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| and 3072 bits A2758 | 56Arev3 KAS-SSC | cleared after use Termination of protocol session | establishment methodology provides 112 and 128 bits of encryption strength | ||||||||||||||||||
| KAS-ECC- SSC P-256 A2758 | 128-bit | EC Diffie Hellman Shared Secret (CSP) | N/A | N/A | Established using SP 800- 56Arev3 KAS-SSC | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides 128 bits of encryption strength | |||||||||||||
| KAS-FFC-SSC 2048 bits and 3072 bits A2758; DSA A2758 | 112 and 128 bits | Diffie Hellman private key (CSP) | Generated according to SP 800- 56Arev3 | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key transport on the management plane using Diffie-Hellman; key establishment methodology provides 112 and 128 bits of encryption strength | |||||||||||||
| KAS-ECC- SSC P-256 A2758; ECDSA A2758 | 128-bit | EC Diffie Hellman private key (CSP) | Generated according to SP 800- 56Arev3 | N/A | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| KAS-FFC-SSC 2048 and 3072 bits A2758; DSA A2758 | 112 and 128 bits | Diffie Hellman public key (PSP) | Generated according to SP 800- 56Arev3 | Output in plaintext | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key transport on the management plane using Diffie-Hellman; key establishment methodology provides 112 and 128 bits of encryption strength | |||||||||||||
| KAS-ECC- SSC P-256 A2758; ECDSA A2758 | 128-bit | EC Diffie Hellman public key (PSP) | Generated according to SP 800- 56Arev3 | Output electronically in plaintext | N/A | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides 128 bits of encryption strength | |||||||||||||
| RSA 2048- bit A2758 | 112-bit | SSH Private Key (CSP) | Generated according to FIPS 186-4 | Entered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5 | N/A | Plaintext persistently in Flash | Zeroization command | Used for control and management plane authentication | |||||||||||||
| RSA 2048- bit A2758 | 112-bit | SSH Public Key (PSP) | Generated according to FIPS 186-4 | Output electronically in plaintext | N/A | Plaintext persistently in Flash | Zeroization command | Used for control and management plane authentication | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| AES-CTR (128, 192, 256), AES- GCM (128, 256), SSH KDF A2758 | 128, 192 or 256- bits | SSH Session Key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for control and management plane privacy | |||||||||||||
| HMAC, SSH KDF A2758 | 160, 256 or 512-bits | SSH Integrity Key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle Termination of protocol session | Used for message integrity check in the control and management plane | |||||||||||||
| SNMP KDF A2757 | Shared Secret, at least eight characters | SNMPv3 password (CSP) | N/A | Entered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5 | N/A | Plaintext persistently in Flash | Zeroization command | Used for key derivation within management protocols | |||||||||||||
| SNMP KDF A2757, AES CFB128 A2758 | 128-bit | SNMPv3 session key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for encryption/decryption within management protocols | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| SNMP KDF A2757, HMAC A2758 | 160-bit | SNMPv3 session authentication key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for message integrity check within management protocols | |||||||||||||
| RSA 2048- bit A2758 | 112-bit | TLS Private Key (CSP) | Generated according to FIPS 186-4 | N/A | N/A | Plaintext persistently in Flash | Zeroization command | Used for authentication within management protocols | |||||||||||||
| RSA 2048- bit A2758 | 112-bit | TLS Public Key (PSP) | Generated according to FIPS 186-4 | Output electronically in plaintext | N/A | Plaintext persistently in Flash | Zeroization command | Used for authentication within management protocols | |||||||||||||
| KAS-FFC- SSC, KAS-ECC- SSC A2758 | 384-bit | TLS Pre-Master Secret (CSP) | N/A | N/A | Established according to SP 800- 56Arev3 | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key derivation within the TLS management protocol | |||||||||||||
| TLS 1.2 KDF A2758 | 384-bit | TLS Master Secret (CSP) | N/A | N/A | Calculated as an element of the TLS 1.2 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for key derivation within the TLS management protocol. Derived from the TLS Pre- Master Secret | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| AES GCM, AES CBC A2758 TLS KDF A2758 | 128 or 256- bits | TLS Session Encryption Key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for encryption/decryption within management protocols | |||||||||||||
| HMAC SHA- 1, SHA2- 256, SHA2- 384 A2758 TLS KDF A2758 | 160, 256 or 384- bits | TLS Session Integrity Key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for message integrity check in the control and management plane | |||||||||||||
| AES CBC A2755, IKEv1 KDF A2756 | 256-bit | IKE session encrypt key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for encryption/decryption within IPsec | |||||||||||||
| HMAC A2755, IKEv1 KDF A2756 | 256-bit | IKE session authentication key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use | Used for message authentication within IPsec | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| IKEv1 KDF A2756 | Secret, 32 characters | ISAKMP preshared (CSP) | N/A | Entered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5 | N/A | Plaintext temporarily in RAM | Zeroization command | Used for key derivation within IPsec | |||||||||||||
| AES CBC 2755, IKEv1 KDF A2756 | 256-bit | IPsec encryption key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for encryption/decryption within IPsec | |||||||||||||
| HMAC, SHA2-256 A2755, IKEv1 KDF A2756 | 256-bit | IPsec authentication key (CSP) | N/A | N/A | Derived using SP 800- 135rev1 KDF | Plaintext temporarily in RAM | Device power cycle or cleared after use Termination of protocol session | Used for message authentication within IPsec | |||||||||||||
| AES CTR A680 or | 256-bit | Session key Tx (CSP) | Generated using DRBG | Electronically entered and output in | N/A | Plaintext temporarily in RAM | Device power cycle or | Used for encryption/decryption within data plane | |||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | ||||||||
| AES OFB 4014 | encrypted form via approved KTS-1 or KTS- 4 | cleared after use Data plane rekey | |||||||||||||||||||
| AES CTR A680 Or AES OFB 4014 | 256-bit | Session key Rx (CSP) | Generated using DRBG | Electronically entered and output in encrypted form via approved KTS-1 or KTS- 4 | N/A | Plaintext temporarily in RAM | Device power cycle Data plane rekey | Used for encryption/decryption within data plane | |||||||||||||
| AES KW AES ECB A2758 | 256-bit | Master key (CSP) | N/A | Electronically entered via KTS-2, KTS-3 or KTS-5 | N/A | Plaintext persistently in Flash | Zeroization command | Used for session key encryption for session key exchange between local and remote units | |||||||||||||
| N/A | 958 | Crypto Officer Password (CSP) | N/A | Electronically entered in encrypted form via approved KTS-2, KTS-3 or KTS-5 | N/A | SHA2-512 hash persistently in Flash | Zeroization command | Used for Crypto Officer login | |||||||||||||
| SHA2-512 A2758 | SHA2-512 | CO Password Hash | Generated upon | N/A | N/A | Persistently in Flash | Zeroization command | Used to verify Crypto Officer login |
9. Sensitive security parameter management N/A N/A N/A N/A N/A N/A N/A Use & related keys N/A Zeroisation N/A Storage N/A Establishment Import/Export Strength Key/SSP Name/Type Security Function and Cert. Number The following table identifies each of the Keys/SSPs associated with the modules:
N/A N/A 80056Arev3 SP 80056Arev3 N/A N/A SP 80056Arev3 N/A N/A 0.1 Use & related keys Zeroisation Storage Import/Export Generation Security Function and Cert. Number Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material
SP 80056Arev3 N/A SP 80056Arev3 N/A N/A RSA 2048bit N/A 0.1 Use & related keys Zeroisation Storage Import/Export Generation Security Function and Cert. Number Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material
N/A 800135rev1 N/A N/A N/A N/A N/A 800135rev1 N/A 800135rev1 0.1 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation or 256bits Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material
N/A 800135rev1 N/A N/A N/A N/A N/A RSA 2048bit RSA 2048bit KAS-FFCSSC, N/A N/A 0.1 SP 80056Arev3 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material
N/A 800135rev1 or 384bits N/A N/A 800135rev1 HMAC SHA1, SHA2256, SHA2384 N/A N/A 800135rev1 N/A N/A 800135rev1 0.1 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material
N/A 0.1 N/A N/A N/A 800135rev1 N/A N/A 800135rev1 N/A Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material
N/A N/A N/A 0.1 N/A Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Public Material
| P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| password creation |
Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type Table 19
| Name | Key Size | |
|---|---|---|
| Details | Minimum number of bits of | Entropy Sources |
| entropy | entropy | |
| Ring-oscillator noise source with no conditioning function. Conformant to SP 800-90B and IG D.J and D.K | The entropy source provides 2.79 | ENT (P) |
| bits of entropy per 8-bit sample. | bits of entropy per 8-bit sample. | |
| To achieve a security strength of | To achieve a security strength of | |
| 256 bits, the DBRG’s deviation | 256 bits, the DBRG’s deviation | |
| function will require a seed length | function will require a seed length | |
| of at least 138 samples. The DRBG | of at least 138 samples. The DRBG | |
| is seeded with 2048 bits (256 | is seeded with 2048 bits (256 | |
| samples) of data providing | samples) of data providing | |
| approximately 714 bits of entropy | approximately 714 bits of entropy | |
| which is sufficient for generating | which is sufficient for generating | |
| the largest module SSPs of a | the largest module SSPs of a | |
| maximum of 256 bits of security | maximum of 256 bits of security |
9.1 Generation The module generates symmetric and asymmetric keys in compliance with the requirements of the FIPS 140-3 standard. Specifically, symmetric keys are generated using output of the Approved SP 800-90A DRBG and in compliance with IG D.H. Asymmetric keys are generated as part applicable key generation standards. See Table 19 for additional details. 9.2 Import/Export All keys are entered into or output from the module in a secure manner. Specifically, the Session Keys are output from the module encrypted with an approved KTS using a Master Key with the AES-KW algorithm. Additionally, SSPs provisioned by an operator can be entered using an approved KTS employing AES-GCM or AES and HMAC within the SSH, TLS, or IPsec protocols. See Table 19 for additional details. 9.3 Storage SSPs are stored in plaintext in non-volatile and volatile memory. See Table 19 for additional details. 9.4 Zeroization Procedures SSPs stored in volatile memory are zeroized automatically when no longer needed. SSPs stored in nonvolatile memory are zeroized after repeated failure of the Pre-Operational Self-Tests or upon hardzeroization command issued. The zeroization will permanently erase SSPs stored in Flash by overwriting with zeroes. When zeroization occurs via power cycle or the zeroization command the module provides an indicator in the console log. When zeroization occurs via session termination the zeroization indicator is provided via session log. For CSPs that are zeroized after use, the indicator is that the service continues. If there is a zeroization error, the service in process will be terminated. See Table 19 for additional details. Table 20
11.1 Secure Operation When configured as per this section of the Security Policy, the module only runs in the Approved mode of operation, with the exception of the non-Approved Services identified in Table
- Select Quick Configuration > Security > Access Control. - In the Password change for first login field, select Yes. - In the Enforce password strength field, select Yes. 2. Configure failure login attempts for wrong passwords to 3 attempts (default value).
- In the Failure login attempts to block user field, select the number of failed login attempts (3) that will trigger blocking. 3. For radio encryption mode, configure Master Key and enable Payload Encryption.
Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
4. Enable SNMP v3 (default) and disable SNMPv1 and v2. Add SNMP users as appropriate following the password complexity requirements specified for CO operators in Section 4 above. Ensure that “AES” and “SHA” are selected for the privacy and authentication ciphers, respectively.
Select Quick Configuration > Security > Protocols. The Quick Configuration Security Protocols page opens (Figure 41). In the SNMP Admin field, select Enable to enable SNMP In the V1V2 Blocked field, select Yes to block SNMPv1 and SNMPv2 access so that only SNMPv3 access will be enabled. 5. Disable Telnet
Select Quick Configuration > Security > Protocols. In the Telnet Admin field, select Disable. Click Apply. 6. Disable HTTP and enable HTTPS
Select Quick Configuration > Security > Protocols. In the HTTP protocol field, select HTTPS 7. [Optional step] in case of External Protection configuration (relevant for IP-20G, IP-20C, IP-20S, IP-20CHP), enable Protection Admin and supply a pre-shared key. -
8. [Optional step] In case of TCC Redundancy (relevant for IP-20N, IP-20A), enable Protection Admin, and make sure TCC Protection switch mode is set to Cold Switch Over Note: Hot Switch Over (HSO) shall not be used in the Approved Mode Web GUI: Platform > Shelf Management > Main Card Redundancy (In the TCC Protection switch mode field, select Cold Switch Over) 9. Change the default CO password -
10. Enable Approved Admin configuration, i.e., set operation mode to ‘Approved mode’. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material
- 7.1 Enabling ‘Approved Mode’ Once the final step is performed the module will prompt the CO to reboot. Upon successful reboot the module will enter the Approved mode of operation. Once the module has been configured, the Approved mode status can be verified by selecting the Security Summary from the Web EMS main menu. The field for “FIPS Mode Admin” shows “enabled”. 11.4
Management Protocols such as Telnet, RADIUS, TACACS+, HTTP, SNMPv1, and SNMPv2, Syslog, Hot Standby, NTP are not approved for use in the Approved mode and shall remain disabled. When in FIPS 140-3 compliant mode, only the following algorithms are used for SSH and TLS communications.
When in the Approved mode, the module supports only the following symmetric encryption algorithm:
When in the Approved mode, only the following cipher suites are available for TLSv1.2 communications:
When in the Approved mode, only the following cipher suites are available for TLSv1.3 communications:
There are no specific maintenance actions required. 12. Mitigation of other attacks The module does not claim to mitigate any other attacks beyond those specified in FIPS 140-3. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material