All modules
CMVP Validated Module · FIPS 140-3 Security Policy

IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E

Certificate#5072StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCeragon Networks Ltd.
Medium review priority  ·  exposes debug/recovery interface, kernel crypto consumer  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date4/15/2030
EntropyENT (P)
CaveatWhen operated in approved mode, installed, initialized and configured as specified in Section 11.3 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.
VendorCeragon Networks Ltd.
Hardware versions[IP-20N with TEL P/N: BS-0341-2 and with components: IP-20 TCC-B2-XG-MC: N000082H003, IP-20 TCC-U: N000082H005, IP-20 RMC-B: N000082H004], [IP-20A with TEL P/N: BS-0341-2 and with components IP-20 TCC-B2-XG-MC: N000082H003, IP-20 TCC-U: N000082H005, IP-20 RMC-B: N000082H004], [IP-20G], [IP-20C], [IP-20S], [IP-20C-HP], [IP-50C], and [IP-50E (Rev. 6)]

Approved Algorithms (35)

AlgorithmACVP Cert
AES-CBCA2755
AES-CBCA2758
AES-CFB128A2758
AES-CTRA680
AES-CTRA2758
AES-ECBA2758
AES-GCMA2758
AES-KWA2758
AES-OFBAES 4014
Counter DRBGA2758
DSA KeyGen (FIPS186-4)A2758
ECDSA KeyGen (FIPS186-4)A2758
ECDSA KeyVer (FIPS186-4)A2758
ECDSA SigGen (FIPS186-4)A2758
ECDSA SigVer (FIPS186-4)A2758
HMAC-SHA-1A2758
HMAC-SHA2-256A2755
HMAC-SHA2-256A2758
HMAC-SHA2-384A2758
HMAC-SHA2-512A2758
KAS-ECC-SSC Sp800-56Ar3A2758
KAS-FFC-SSC Sp800-56Ar3A2758
KDF IKEv1A2756
KDF SNMPA2757
KDF SSHA2758
RSA KeyGen (FIPS186-4)A2758
RSA SigGen (FIPS186-4)A2758
RSA SigVer (FIPS186-4)A2758
SHA-1A2758
SHA2-256A2755
SHA2-256A2758
SHA2-384A2758
SHA2-512A2758
TLS v1.2 KDF RFC7627A2758
TLS v1.3 KDFA2758

Security Levels (Table 1)

Requirement areaLevel
Self-Tests2

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>Release 12.0.1</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Change Password</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>(1x) ACT LED (1x) RJ45 External Alarms</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>Release 12.0.1</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Change Password</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>(1x) ACT LED (1x) RJ45 External Alarms</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Ceragon Networks IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E Firmware: 12.0.1 Hardware: IP-20N and IP-20A, with TEL P/N: BS-0341-2 and with components:

2400 Research Blvd

Rockville, MD 20850 www.acumensecurity.net

Page 2

Ceragon Networks Ltd. assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein. Ceragon reserves the right to make changes to any products described herein to improve reliability, function, or design, and reserves the right to revise this document and to make changes from time to time in content hereof with no obligation to notify any person of revisions or changes. Ceragon does not assume any liability arising out of the application or use of any product, software, or circuit described herein; neither does it convey license under its patent rights or the rights of others. It is possible that this publication may contain references to, or information about Ceragon products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that Ceragon intends to announce such Ceragon products, programming, or services in your country. This document, Ceragon products, and 3rd Party software products described in this document may include or or other media. Laws in the United States and other countries preserve for Ceragon, its licensors, and other 3rd products described in this document may not be copied, reproduced, reverse engineered, distributed, merged or modified in any manner without the express written permission of Ceragon. Furthermore, the purchase of Ceragon products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, any except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of a product. Restrictions of the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without prior written permission of Ceragon. License Agreements The software described in this document is the property of Ceragon and its licensors. It is furnished by express license agreement only and may be used only in accordance with the terms of such an agreement. High Risk Materials Ceragon and its supplier(s) specifically disclaim any express or implied warranty of fitness for any high-risk activities or uses of its products including, but not limited to, the operation of nuclear facilities, aircraft navigation or aircraft communication systems, air traffic control, life support, or weapons systems (“High Risk Use”). Any High Risk is unauthorized, is made at your own risk and you shall be responsible for any and all losses, damage or claims arising out of any High-Risk Use. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 3
Table of Contents
#SectionPage
Purpose5
Document Organization5
1General6
2Cryptographic Module Specification6
2.1Cryptographic Boundary6
2.2Modes of Operation10
2.3Cryptographic Algorithms10
3Cryptographic Module Interfaces20
4Roles, services, and authentication32
4.1Authorized Roles32
4.2Authentication Mechanisms34
4.3Services35
5Software/Firmware Security40
6Operational Environment41
7Physical Security41
8Non-invasive Security52
9Sensitive security parameter management53
9.1Generation62
9.2Import/Export62
9.3Storage62
9.4Zeroization Procedures62
10Self-tests63
10.1Pre-Operational Self-Tests63
10.2Conditional Self-Tests63
10.3Self-Tests Error Handling64
11Life-cycle assurance64
11.1Secure Operation65
11.2Installation65
11.3Initialization65
11.4Management67
11.4.1SSH Usage67
11.4.2TLS Usage67
11.5Maintenance68
12Mitigation of other attacks68
Page 4

List of Figures Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 5

Introduction This is a non-proprietary FIPS 140-3 Security Policy for Ceragon Networks Ltd. and the following Ceragon Networks products: IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, and IP-50E. Below are the details of the certified products: Hardware Version #:

Page 6
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication2
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
  1. The Ceragon Networks IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C and IP-50E (the module) are multi-chip standalone hardware modules validated at FIPS 140-3 Security Level
  2. Specifically, the modules meet that following security levels for individual sections in FIPS 140-3 standard: N/A N/A N/A Table 1 - Security Levels
  3. The IP-20 and IP-50 series radios provide a service-centric microwave platform for HetNet1 hauling. The platform includes a full complement of wireless products that provide backhaul and fronthaul solutions. Powered by a software-defined engine and sharing a common operating system, IP-20 and IP-50 Release 12.0.1, the IP-20 and IP-50 platforms deliver ultra-high capacities while supporting any radio transmission technology, any network topology, and any deployment configuration. 2.1 Cryptographic Boundary The cryptographic boundary for the modules is defined as encompassing the "top," "front," "left," "right," and "bottom" surfaces of the case and all portions of the "backplane" of the case. The following figures provide a physical depiction of the cryptographic modules: Heterogenous Network Ceragon Networks Ltd. © 2025 Version 0.1 Public Material – May be reproduced only in its original entirety (without revision).
Page 7

Figure 1

Page 8

Figure 4

Page 9
Module configuration
NameModelHardware VersionFirmware VersionFeatures
IP-20GIP-20GIP-20G12.0.1Fixed configuration IDU2. See Table 5
IP-20CIP-20CIP-20C12.0.1Fixed configuration ODU3. See Table 6
IP-20SIP-20SIP-20S12.0.1Fixed configuration ODU. See Table 7
IP-20C-HPIP-20C-HPIP-20C-HP12.0.1Fixed configuration ODU. See Table 8
IP-20NIP-20NIP-20N with TEL P/N: BS-0341-2 and with components: o IP-20 TCC-B2-XG-MC: N000082H003 o IP-20 TCC-U: N000082H005 o IP-20 RMC-B: N000082H00412.0.1Modular IDU. • Single or dual TCC • Dual RMC-B • Dual Power supplies See Table 9, Table 10 and Table 11
IP-20AIP-20AIP-20A with TEL P/N: BS-0341-2 and with components: o IP-20 TCC-B2-XG-MC: N000082H003 o IP-20 TCC-U: N000082H005 o IP-20 RMC-B: N000082H00412.0.1Modular IDU. • Single or dual TCC • Dual RMC-B • Dual Power supplies See Table 9, Table 10 and Table 11
IP-50CIP-50CIP-50C12.0.1Fixed configuration ODU. See Table 12
IP-50EIP-50EIP-50E (Rev. 6)12.0.1Fixed configuration ODU. See Table 13

Figure 7

2 x FE Ethernet management interfaces, 2 x GbE optical interfaces, 2 x GbE electrical

interfaces, and 2 x dual mode electrical or cascading interfaces.

Page 10

o o o

Page 11
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
A2758A2758CBCDirection: Decrypt, Encrypt Key Length: 128, 256Used for control/ management plane encryption/ decryptionAES (FIPS 197)
ECBECBDirection: Decrypt, Encrypt Key Length: 128, 256
CTRCTRDirection: Decrypt, Encrypt Key Length: 128, 192, 256 Payload Length: 8-128 Increment 8 Incremental Counter Counter Tests Performed
CFB128CFB128Direction: Decrypt, Encrypt Key Length: 128
GCM4GCM4Direction: Decrypt, Encrypt IV Generation: Internal IV Generation Mode: 8.2.1 Key Length: 128, 256 Tag Length: 32, 64, 96, 104, 112, 120, 128 IV Length: 96-1024 Increment 8 Payload Length: 8-65536 Increment 8 AAD Length: 0-65536 Increment 8
KWKWDirection: Decrypt, Encrypt Cipher: Cipher, Inverse Key Length: 256 Payload Length: 128-524288 Increment 128
SHS (FIPS 180-4)SHA-1 SHA2-256 SHA2-384 SHA2-512Message Length: 0-65536 Increment 8Used for control/ management plane message digests. SHA-1 is permitted within SSH, TLS and IPSec protocols, and legacy signature verification only.SHS (FIPS 180-4)
HMACHMAC- SHA1MAC: 32-160 Increment 8 Key Length: 8- 524288 Increment 8Used for control/ management planeHMAC

d HMACSHA1 GCM IV generation tested in accordance with IG C.H, scenario 1 TLSv1.2 following RFCs 5516, 5246, 5288, and

5289 as well as SSH following RFCs 4251, 4252, 4253, 4254 and 5647. The IV is generated only for use with GCM

encryption within the protocol being used. The TLS cipher suites supported by the module are identified in section

11.4.2 of this document which are included in SP 800-52 Rev2 section 3.3.1. The module also internally generates

IVs for TLS 1.3 (RFC 8446) in accordance with scenario 5 in IG C.H. In the case the module’s power is lost and then restored, a new key for use with AES-GCM encryption/decryption is established. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 12
API call
NameCallDescriptionMode/Me thod
(FIPS 198-1)message authenticationMAC: 32-256 Increment 8 Key Length: 8- 524288 Increment 8(FIPS 198-1)HMAC- SHA2-256
HMAC- SHA2-384MAC: 32-384 Increment 8 Key Length: 8- 524288 Increment 8HMAC- SHA2-384
HMAC- SHA2-512MAC: 32-512 Increment 8 Key Length: 8- 524288 Increment 8HMAC- SHA2-512
DRBG (SP800- 90Arev1)Used for control/ management plane random bit generationCapabilities: Mode: AES-256 Derivation Function Enabled: Yes Additional Input: 0-256 Increment 256 Entropy Input: 2048 Increment 128 Nonce: 128 Personalization String Length: 0-256 Increment 256 Returned Bits: 256DRBG (SP800- 90Arev1)CTR_DRBG
ECDSA (FIPS 186-4)Used for control/ management plane key generation, signature generation, and signature verificationCapabilities: Curve: P-256 Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 Secret Generation Mode: Testing CandidatesECDSA (FIPS 186-4)KeyGen, KeyVer, SigGen, SigVer
DSA (FIPS 186-4)Used for control/ management plane FCC key generationCapabilities: L: 2048 N: 224 L: 2048 N: 256 L: 3072 N: 256DSA (FIPS 186-4)KeyGen
RSA (FIPS 186-4)Used for control/ management plane key generation, signature generation, and signature verificationCapabilities: Key Generation Mode: B.3.3 Properties: Modulo: 2048 Primality Tests: Table C.2 Properties: Modulo: 3072 Primality Tests: Table C.2 Properties: Modulo: 4096 Primality Tests: Table C.2 Info Generated By Server Public Exponent Mode: Random Private Key Format: StandardRSA (FIPS 186-4)KeyGen

d HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 (SP80090Arev1) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 13
API call
NameDescriptionMode/Me thod
SigGenCapabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 2048 Salt Length: 28 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Properties: Modulo: 3072 Hash Pair:SigGen
SigVerCapabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: ANSI X9.31 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair:SigVer

d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 14

d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 15

d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 16

d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 17
API call
NameCallDescriptionMode/Me thod
KTS-1Used for key transport on the data plane; key establishment methodology provides 256 bits of encryption strengthAES-256 in KW modeKTS-1AES
KTS-2Used for key transport on the management plane within TLS and SSH; key establishment methodology provides 128 or 256 bits of encryption strengthAES-128 and AES-256 in GCM modeKTS-2AES
KTS-3Used for key transport on the management plane within SSH; key establishment methodology provides between 128 and 256 bits of encryption strengthAES-128, AES-192 and AES-256 in CTR mode with HMAC SHA-1KTS-3AES HMAC
KTS-5Used for key transport on the management plane within TLS; key establishment methodology provides 128 or 256 bits of encryption strengthAES-128 and AES-256 in CBC mode with HMAC-SHA-1 or HMAC SHA-256KTS-5AES HMAC

d Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 18
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
CKG6Vendor- affirmedSP800- 133rev2§4: Using the Output of a Random Bit Generator §5: Generation of Key Pairs for Asymmetric-Key Algorithms §6.1: The “Direct Generation” of Symmetric Keys §6.2: Derivation of Symmetric KeysSymmetric key and asymmetric seed generation
KAS-1A2758 A2756Diffie-Hellman key establishmentKAS-FFC-SSC Cert. #A2758 with CVL Certs.
ffdhe2048, ffdhe3072 providing 112 and 128 bits of encryption strengthffdhe2048, ffdhe3072 providing 112 and 128 bits of encryption strengthusing KAS-FFC-SSC with SP 800-135 SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF
KAS-2A2758 A2756KAS-ECC-SSC Cert. #A2758 with CVL Certs. #A2758, #A2756 and #A2757 P-256 providing 128 bits of encryption strengthElliptic Curve Diffie- Hellman key establishment using KAS-ECC-SSC with SP 800-135 SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF
KDF IKEv1 CVL (SP800- 135-r1)A2756KDF IKEv1Used for key derivation within IPsec Not implemented on Freescale P1021 or ARM based platformsCapabilities: Authentication Method: Pre-
CVL (SP800- 135-r1)A2757KDF SNMPv3Password Length: 64, 256 Engine ID: 3078313130663331626636303532333062 64, 3078333964653663643936303437353165 63Used for key derivation within management protocols
AES (FIPS 197)A2755CBCDirection: Decrypt, Encrypt Key Length: 256; tested but not used on Freescale P1012 or ARM based platformsUsed for data encryption/ decryption within IPsec
HMAC (FIPS 198-1)HMAC- SHA2-256MAC: 128; Key Length: 256; tested but not used on Freescale P1012 or ARM based platformsUsed for message authentication within IPSec
SHS (FIPS 180-4)SHA2-256Message Length: 0-51200 Increment 8; not used on Freescale P1012 or ARM based platformsUsed for message digests within IPsec
KTS-4AES HMACAES-256 in CBC mode with HMAC SHA-256Used for key transport on the management plane within IPsec; key establishment methodology provides 256 bits of encryption strength
AES (FIPS 197)AES 4014OFBDirection: Decrypt, Encrypt Key Length: 256Used for data plane encryption/ decryption (IP-20C, -20S, -20C-HP)
AES (FIPS 197)A680CTRDirection: Decrypt, Encrypt Key Length: 256 Payload Length: 128 Incremental Counter Counter Tests PerformedUsed for data plane encryption/ decryption (IP-50C, -50E, -20G, -20A, - 20N)
ENT (P)ENT (P)Ring-oscillator noise source with no conditioning function Conformant to SP 800-90B and IG D.J and D.K. Min- entropy: 1.9 bits per byte
RADIUSMD5

Vendoraffirmed d KAS-FFCSSC (SP80056arev3) DiffieHellman KAS-ECCSSC (SP80056arev3) (SP800135-r1) SP800133rev2 Note that no parts of the SSH, SNMPv3, IKEv1 and TLS protocols, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) as per SP 800-133r2 (vendor affirmed). The resulting generated symmetric keys and the seed used in the asymmetric key generation are the unmodified output from an NIST SP 800-90A DRBG. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 19

d (SP800SNMPv3 HMACSHA2-256 Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 20
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
KTS-4AES HMACAES-256 in CBC mode with HMAC SHA-256Used for key transport on the management plane within IPsec; key establishment methodology provides 256 bits of encryption strength
AES (FIPS 197)AES 4014OFBDirection: Decrypt, Encrypt Key Length: 256Used for data plane encryption/ decryption (IP-20C, -20S, -20C-HP)
AES (FIPS 197)A680CTRDirection: Decrypt, Encrypt Key Length: 256 Payload Length: 128 Incremental Counter Counter Tests PerformedUsed for data plane encryption/ decryption (IP-50C, -50E, -20G, -20A, - 20N)
ENT (P)ENT (P)Ring-oscillator noise source with no conditioning function Conformant to SP 800-90B and IG D.J and D.K. Min- entropy: 1.9 bits per byte
RADIUSMD5

d Table 3

Page 21
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
(1x) FE Management Interfaces7 (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces(1x) FE Management Interfaces7 (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio InterfacesData InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (TNC, GbE, E1/DS1)
(1x) FE Management Interfaces (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio Interfaces(1x) FE Management Interfaces (2x) GbE Electrical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Optical Interfaces (16x) E1/DS1s (2x) TNC Radio InterfacesData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (TNC, GbE, E1/DS1)
(1x) Sync In/Out RJ-45 Interface (1x) RJ-45 Terminal Interface (1x) FE Management Interfaces(1x) Sync In/Out RJ-45 Interface (1x) RJ-45 Terminal Interface (1x) FE Management InterfacesControl InputClock signaling (Sync) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal)
(1x) RJ-45 Terminal Interface (1x) FE Management Interfaces (1x) DB9 External Alarms LEDs(1x) RJ-45 Terminal Interface (1x) FE Management Interfaces (1x) DB9 External Alarms LEDsStatus OutputAlarm signaling (DB9) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal)
(1x) -48V DC Power Interface(1x) -48V DC Power InterfacePower InputN/A
(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical)(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical)Data InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports)
(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna PortsData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports)
(1x) Source Sharing (1x) RJ-45 Management Interface(1x) Source Sharing (1x) RJ-45 Management InterfaceControl InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Signaling (Source Sharing)
(1x) RSL Indication (1x) RJ-45 Management Interface(1x) RSL Indication (1x) RJ-45 Management InterfaceStatus OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL)
(1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE)(1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE)Power InputN/A
(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna PortsData InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports)
(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna Ports(1x) RJ-45 Data Port (PoE) (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (1x) Antenna PortsData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Data traffic (Data Port, Antenna Ports)
(1x) RJ-45 Management Interface(1x) RJ-45 Management InterfaceControl InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45)
(1x) RSL Indication (1x) RJ-45 Management Interface(1x) RSL Indication (1x) RJ-45 Management InterfaceStatus OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL)
(1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE)(1x) -48V DC Power Interface (1x) RJ-45 Data Port (PoE)Power InputN/A
(1x) RJ-45 Data Port (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna Ports(1x) RJ-45 Data Port (1x) RJ-45 Management Interface (2x) Data port (Electrical or Optical) (2x) Antenna PortsData InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45 Management) Data traffic (Data Ports, Antenna Ports)
(1x) RJ-45 Data Port (1x) RJ-45 Management Interface(1x) RJ-45 Data Port (1x) RJ-45 Management InterfaceData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45 Management)
(2x) Data port (Electrical or Optical) (2x) Antenna Ports(2x) Data port (Electrical or Optical) (2x) Antenna PortsData traffic (Data Ports, Antenna Ports)
(1x) Source Sharing (1x) RJ-45 Management Interface(1x) Source Sharing (1x) RJ-45 Management InterfaceControl InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) Signaling (Source Sharing)
(1x) RSL Indication (1x) RJ-45 Management Interface(1x) RSL Indication (1x) RJ-45 Management InterfaceStatus OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL)
(1x) -48V DC Power Interface(1x) -48V DC Power InterfacePower InputN/A
(6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces(6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management InterfacesData InputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Data traffic (GbE)
(6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management Interfaces(6x) GbE Optical Interfaces (2x) Gbe Electrical Interfaces (2x) FE Management InterfacesData OutputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Data traffic (GbE)
(1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces(1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management InterfacesControl InputClock signaling (Sync) TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE) Serial console (Terminal) Signaling (Synchronization)
(1x) RJ-45 Terminal Interface (2x) FE Management Interfaces(1x) RJ-45 Terminal Interface (2x) FE Management InterfacesStatus OutputAlarm signaling (DB9) TLS v1.2/1.3, SSH, and SNMPv3 management traffic (FE)
(1x) ACT LED (1x) RJ45 External Alarms(1x) ACT LED (1x) RJ45 External AlarmsSerial console (Terminal) Activity (LED) Alarm signaling (RJ45)
(2x) GbE Optical Interfaces (2x) FE Management Interfaces8 (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces(2x) GbE Optical Interfaces (2x) FE Management Interfaces8 (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical InterfacesData InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (GbE)
(2x) GbE Optical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical Interfaces(2x) GbE Optical Interfaces (2x) Dual Mode GbE Electrical or Cascading (2x) GbE Electrical InterfacesData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Data traffic (GbE)
(1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management Interfaces(1x) Synchronization Interface (1x) RJ-45 Terminal Interface (2x) FE Management InterfacesControl InputClock signaling (Sync) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) Signaling (Synchronization)
(1x) RJ-45 Terminal Interface (2x) FE Management Interfaces (1x) ACT LED (1x) DB9 External Alarms(1x) RJ-45 Terminal Interface (2x) FE Management Interfaces (1x) ACT LED (1x) DB9 External AlarmsStatus OutputAlarm signaling (DB9) TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (FE) Serial console (Terminal) Activity (LED) Alarm signaling (DB9)
(1x) TNC RFU Interface(1x) TNC RFU InterfaceData InputData traffic
(1x) TNC RFU Interface(1x) TNC RFU InterfaceData OutputData traffic
(1x) TNC RFU Interface(1x) TNC RFU InterfaceControl InputData plane control signaling
(1x) ACT LED (1x) Link LED (1x) RFU LED(1x) ACT LED (1x) Link LED (1x) RFU LEDStatus OutputActivity
(1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports(1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna PortsData InputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) Data traffic (Antenna ports, GbE)
(1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports(1x) 1/2.5/10GbE Electrical Interface (1x) 1/2.5 GbE Electrical or Optical Interface (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna PortsData OutputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) Data traffic (Antenna ports, GbE)
(1x) RJ-45 GbE Management Interface(1x) RJ-45 GbE Management InterfaceControl InputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45)
(1x) Source Sharing(1x) Source SharingSignaling (Source Sharing)
(1x) RJ-45 GbE Management Interface (1x) RSL Indication(1x) RJ-45 GbE Management Interface (1x) RSL IndicationStatus OutputTLS v1.2/1.3, SSH, and SNMPv3 management traffic (RJ-45) RSL signaling (RSL)
(1x) -48V DC Power Interface(1x) -48V DC Power InterfacePower InputN/A
(1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports(1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna PortsData InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Data traffic (Antenna ports, GbE)
(1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports(1x) 1/2.5GbE Multiband Interface (1x) 4x1/10GbE or 1x40GbE Electrical or Optical Interface (1x) 1/10GbE Electrical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna PortsData OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Data traffic (Antenna ports, GbE)
(1x) RJ-45 GbE Management Interface (1x) Source Sharing (1x) Protection/XPIC(1x) RJ-45 GbE Management Interface (1x) Source Sharing (1x) Protection/XPICControl InputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) Signaling (Source Sharing)
(1x) RJ-45 GbE Management Interface (1x) RSL Indication(1x) RJ-45 GbE Management Interface (1x) RSL IndicationStatus OutputTLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (RJ-45) XPIC data (XPIC/IPsec) RSL signaling (RSL)
(1x) -48V DC Power Interface (1x) RJ-45 GbE Management Interface (PoE)(1x) -48V DC Power Interface (1x) RJ-45 GbE Management Interface (PoE)Power InputN/A
WIFI PortWIFI PortN/AThis port is disabled

the following diagrams/tables: Figure 8

Page 22

N/A Table 5

Page 23

N/A Table 6

Page 24

Figure 10

Page 25

Figure 11

Page 26

N/A Table 8

Page 27

Table 9

Page 28

Table 10 –IP-20 TCC-B2-XG-MC: N000082H003 (IP-20N and IP-20A) Ports and Interfaces Figure 14

Page 29

Figure 15

Page 30

N/A Table 12

Page 31

Figure 16

Page 32
Service
NameRolesInputOutput
Show StatusCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Perform Self- TestsCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Change PasswordCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Transmit/Receive DataUserData plane packetsData plane packets
Administrative access over SSHCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Administrative access over Web EMSCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
SNMPv3Crypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Key EntryCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
IPSECCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
ZeroizeCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Cycle PowerN/AN/AN/A
Status LED OutputN/AN/ALED Status
View SummariesCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Platform ManagementCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Fault ManagementCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Radio ConfigurationCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Ethernet ConfigurationCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
Sync SettingsCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
UtilitiesCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages
RBNCrypto OfficerWeb GUI forms, CLI commandsWeb GUI status, CLI return messages

N/A N/A Table 13

Page 33

Perform SelfTests N/A N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 34
Approved algorithm
Name
All passwords must be at least 8 characters and must include letters, numbers, and special characters. If (8) integers are used for an eight-digit password, the probability of randomly guessing the correct sequence is less than one (1) in 1,000,000 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 integer digits, 33 special characters, and 52 letter characters. The calculation should be 958 = 6,634,204,312,890,625). Therefore, the associated probability of a successful random attempt is less than 1 in 1,000,000. In order to successfully guess the sequence in one minute would require the ability to make over 110,570,071,881,510 guesses per second, which far exceeds the operational capabilities of the module.COPassword/Username
When using AES key-based authentication, the key has a size of 256-bits. Therefore, an attacker would have a 1 inUsersAES-256 Master Key

4.2 Authentication Mechanisms before being allowed access to services, which requires the assumption of an authorized role. The module employs the authentication methods described in the table below to authenticate Crypto-Officers and Unauthenticated users are only able to access the module LEDs and power cycle the module. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 35
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show StatusProvides status of the module and module versioningCON/AN/AN/AN/A
Perform Self- TestsUsed to initiate on- demand self-tests (via power- cycle)CON/AN/AN/AN/A
Change PasswordUpdate password with a new valueCOCrypto Officer Password CO Password HashN/ACrypto Officer Password (R/W) CO Password Hash (E)N/A
Transmit/Receiv e DataEncrypt/Dec rypt data passing through the moduleUserSession Key Tx Session Key Rx Master KeyAES-OFB AES-ECB AES-CTR AES-KWSession Key Tx (R/W/Z) Session Key Rx (R/W/Z) Master Key (R)Admin status (enabled)
(Bypass mode when feature is not enabled)(Bypass mode when feature is not enabled)KTS (AES- KW)
Administrative access over SSHSecure remote command line appliance administrati on over an SSH tunnel.CODRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC Diffie Hellman public key SSH Private Key SSH Public Key SSH Session Key SSH Integrity KeyAES-CTR HMAC KAS-ECC- SSC KAS-FFC- SSC KTS RSA SHS SSH KDF DRBG CKG DSA ECDSADRBG entropy input (R) DRBG Seed (R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman / EC Diffie Hellman private key (R/W/Z) Diffie Hellman / EC Diffie Hellman public key (R/W/Z) SSH Private Key (R/W) SSH Public Key (R/W) SSH Session Key (R/W/Z) SSH Integrity Key (R/W/Z)Admin status (enabled) and session logs
Administrative access over Web EMSSecure remote GUI appliance administrati on over a TLS tunnel.CODRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC DiffieAES-CBC AES-GCM HMAC KAS-ECC- SSC KAS-FFC- SSC KTS SHS RSA TLSv 1.2 KDF TLS v1.3 KDF DRBG CKGDRBG entropy input (R) DRBG Seed (R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman / EC Diffie Hellman private key (R/W/Z) Diffie Hellman / EC Diffie Hellman public key (R/W/Z) TLS Private Key (R/W) TLS Public Key (R/W)Admin status (enabled) and session logs
DSA ECDSAHellman public key TLS Private Key TLS Public Key TLS Pre-Master Secret TLS Master Secret TLS Session Encryption Key TLS Session Integrity KeyDSA ECDSATLS Pre-Master Secret (G/E/Z) TLS Master Secret (G/E/Z) TLS Session Encryption Key (G/E/Z) TLS Session Integrity Key (G/E/Z)
SNMPv3Secure remote SNMPv3- based system monitoring.COSNMP Session Key SNMP Session Authentication Key SNMPv3 passwordAES- CFB128 HMAC SHS SNMP KDFSNMP Session Key (R/W/Z) SNMP Session Authentication Key (R/W/Z) SNMPv3 password (R/W/Z)Admin status (enabled) and session logs
Key EntryEnter key over managemen t interfacesCOMaster KeyKTSMaster Key (R/W)Admin status (enabled) and session logs
IPSec10Control plane traffic encryption using IKEv1 for key exchange (Self- initiated cryptograph ic output capability)COIKE session encrypt key IKE session authentication key ISAKMP preshared key IPsec encryption key IPsec authentication key Diffie Hellman Shared Secret Diffie Hellman private keyAES-CBC HMAC SHS KTS KAS-FFC- SSC DSA IKEv1 KDFIKE session encrypt key (R/W/Z) IKE session authentication key (R/W/Z) ISAKMP preshared key (R/W) IPsec encryption key (R/W/Z) IPsec authentication key (R/W/Z) Diffie Hellman Shared Secret (R/W/Z) Diffie Hellman private key (R/W/Z) Diffie Hellman public key (R/W/Z)Admin status (enabled)
ZeroizeZeroize all CSPsCOAll CSPsN/AAll CSPs (Z)Admin status (enabled)
Cycle PowerReboot of moduleN/ADRBG entropy input DRBG Seed DRBG V DRBG Key Diffie-Hellman / EC Diffie Hellman Shared Secret Diffie Hellman / EC Diffie Hellman private key Diffie Hellman / EC Diffie Hellman public key SSH Session Key SSH Integrity Key SNMPv3 session key SNMPv3 session authentication key TLS Pre-Master Secret TLS Master Secret TLS Session Encryption Key TLS Session Integrity Key IKE session encrypt keyN/ADRBG entropy input (Z) DRBG Seed (Z) DRBG V (Z) DRBG Key (Z) Diffie-Hellman / EC Diffie Hellman Shared Secret (Z) Diffie Hellman / EC Diffie Hellman private key (Z) Diffie Hellman / EC Diffie Hellman public key (Z) SSH Session Key (Z) SSH Integrity Key (Z) SNMPv3 session key (Z) SNMPv3 session authentication key TLS Pre-Master Secret (Z) TLS Master Secret (Z) TLS Session Encryption Key (Z) TLS Session Integrity Key (Z) IKE session encrypt key (Z) IKE session authentication key (Z) IPsec encryption key (Z) IPsec authentication key (Z) Session Key Tx (Z) Session Key Rx (Z)Console log
Status LED OutputView status via the modules’ LEDsN/AN/AN/AN/AN/A
View SummariesView unit summary information (Unit, Radio, Security)CON/AN/AN/AAdmin status (enabled)
Platform ManagementShelf managemen t, unit configuratio n, interfaces, firmware settings, activation key, and statisticsCON/AN/AN/AAdmin status (enabled)
Fault ManagementAlarm settingsCON/AN/AN/AAdmin status (enabled)
Radio ConfigurationRadio interface settings (includes Bypass setting and status)CON/AN/AN/AAdmin status (enabled)
Ethernet ConfigurationEthernet interface settingsCON/AN/AN/AAdmin status (enabled)
Sync SettingsManage synchroniza tionCON/AN/AN/AAdmin status (enabled)
UtilitiesGeneric utilitiesCON/AN/AN/AAdmin status (enabled)
RBNBandwidth notificationCON/AN/AN/AAdmin status (enabled)
SNMPv1/v2cSecure remote SNMPv1, v2c- based system monitoring.CON/AAdmin status (disabled)
RADIUSRADIUS authenticationMD5Admin status (disabled)
TACACS+TACACS+ authenticationMD5Admin status (disabled)
HTTPPlaintext HTTPN/AAdmin status (disabled)
Hot StandbyHot StandbyN/AAdmin status (disabled)
SyslogAudit log forwardingN/AAdmin status (disabled)
NTPNetwork Time Protocol serversN/AAdmin status (disabled)
TelnetPlaintext CLI accessN/AAdmin status (disabled)

Table 15

Page 36

KAS-ECCline KAS-ECCSSC KAS-FFCSSC s (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 37

SNMPv3based AESCFB128 (Selfinitiated KAS-FFCSSC s (G/E/Z) (G/E/Z) (G/E/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W/Z) (R/W) (R/W/Z) (R/W/Z) Only available on MIPS CPU based models Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 38

s N/A N/A N/A (Z) (Z) (Z) (Z) Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 39

s N/A N/A N/A n, N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 40
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Sync SettingsManage synchroniza tionCON/AN/AN/AAdmin status (enabled)
UtilitiesGeneric utilitiesCON/AN/AN/AAdmin status (enabled)
RBNBandwidth notificationCON/AN/AN/AAdmin status (enabled)
SNMPv1/v2cSecure remote SNMPv1, v2c- based system monitoring.CON/AAdmin status (disabled)
RADIUSRADIUS authenticationMD5Admin status (disabled)
TACACS+TACACS+ authenticationMD5Admin status (disabled)
HTTPPlaintext HTTPN/AAdmin status (disabled)
Hot StandbyHot StandbyN/AAdmin status (disabled)
SyslogAudit log forwardingN/AAdmin status (disabled)
NTPNetwork Time Protocol serversN/AAdmin status (disabled)
TelnetPlaintext CLI accessN/AAdmin status (disabled)
Physical Security MechanismRecommended Frequency ofInspection/Test Guidance
Inspection/TestInspection/TestDetails
Tamper Evidence LabelDuring regular physical maintenance operations. At least every six months.Inspect the labels for obvious signs of damage/removal. Placement should be according to the figures below.

N/A N/A N/A s N/A N/A N/A N/A N/A N/A Table 16

Page 41
  1. Operational Environment FIPS 140-3 Operational Environment requirements are not applicable since the module is a hardware module with a limited operational environment. The module runs Release 12.0.1 which includes Wind River Linux 4.1.0 or 4.14 depending on the CPU architecture.
  2. The appliances have a multi-chip standalone embodiment. The appliances are contained in a hard metal chassis, which is defined as the cryptographic boundary of the module. The appliances’ chassis is opaque within the visible spectrum. The enclosure of the appliances have been designed to satisfy Level 2 physical security requirements. Each of the appliances needs Tamper Evidence Labels (TELs) to meet Security Level 2 requirements. These labels are installed (as seen in the respective model images) at the factory before delivery to the customer, for the IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-50C and IP-50 E. For IP-20N and IP-20A, the CO must place the twenty (20) TELs according to Figure 21-24 (below). The preparation instructions of the module prior to installation of the tamper seals are as follows: • Use caution to avoid touching the adhesive in such a way as to leave fingerprints and damage • The curing time (drying time) for the labels is at least sixty minutes. • The labels must be replaced whenever cards are added to or removed from the unit. Replacement labels can be ordered from Ceragon Networks, part number BS-0341-2. • When replacing a label, gently cut the label, replace the module, and apply a new label in place The extra tamper seals shall be in possession of the CO at all times. The CO shall observe any changes to the module such as reconfigurations where the tamper evident seals are removed or installed to ensure the security of the module is maintained during such changes and the module is returned to an Approved mode of operation. The Crypto Officer shall periodically (defined by organizational security policy, recommendation is once a month) monitor the state of all applied TELs for evidence of tampering. If tamper is detected, the CO must take the device out of commission, inspect it and if deemed safe, return it to the Approved state. Table 18 – Physical Security Inspection Guidelines Ceragon Networks Ltd. © 2025 Version 0.1 Public Material – May be reproduced only in its original entirety (without revision).
Page 42

Figure 17

Page 43

Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 44

Figure 18

Page 45

Figure 19

Page 46

Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 47

Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 48

Figure 20

Page 49

Figure 21

Page 50

Figure 23

Page 51

Figure 25

Page 52

8. Non-invasive Security FIPS 140-3 Non-invasive Security requirements are not applicable. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 53
Approved algorithm
NameKey Size
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
DRBG A2758256-bitDRBG entropy input (CSP)Generated using module entropy sourceN/AN/APlaintext temporarily in RAMDevice power cycle or cleared after useUsed for control/ management plane random bit generation
DRBG A2758256-bitDRBG Seed (CSP)Generated using SP 800-90Ar1 DRBG seed constructionN/AN/APlaintext temporarily in RAMDevice power cycle or cleared after useSeed used for DRBG instantiation and reseed
DRBG A2758256-bitDRBG V (CSP)SP 800- 90Ar1 DRBG Internal StateN/AN/APlaintext temporarily in RAMDevice power cycle or cleared after useUsed for control/ management plane random bit generation
DRBG A2758256-bitDRBG Key (CSP)SP 800- 90Ar1 DRBG Internal StateN/AN/APlaintext temporarily in RAMDevice power cycle or cleared after useUsed for control/ management plane random bit generation
KAS-FFC-SSC 2048 bits112 and 128 bitsDiffie Hellman Shared Secret (CSP)N/AN/AEstablished using SP 800-Plaintext temporarily in RAMDevice power cycle orUsed for key transport on the management plane using Diffie-Hellman; key
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
and 3072 bits A275856Arev3 KAS-SSCcleared after use Termination of protocol sessionestablishment methodology provides 112 and 128 bits of encryption strength
KAS-ECC- SSC P-256 A2758128-bitEC Diffie Hellman Shared Secret (CSP)N/AN/AEstablished using SP 800- 56Arev3 KAS-SSCPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides 128 bits of encryption strength
KAS-FFC-SSC 2048 bits and 3072 bits A2758; DSA A2758112 and 128 bitsDiffie Hellman private key (CSP)Generated according to SP 800- 56Arev3N/AN/APlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key transport on the management plane using Diffie-Hellman; key establishment methodology provides 112 and 128 bits of encryption strength
KAS-ECC- SSC P-256 A2758; ECDSA A2758128-bitEC Diffie Hellman private key (CSP)Generated according to SP 800- 56Arev3N/AN/APlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
KAS-FFC-SSC 2048 and 3072 bits A2758; DSA A2758112 and 128 bitsDiffie Hellman public key (PSP)Generated according to SP 800- 56Arev3Output in plaintextN/APlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key transport on the management plane using Diffie-Hellman; key establishment methodology provides 112 and 128 bits of encryption strength
KAS-ECC- SSC P-256 A2758; ECDSA A2758128-bitEC Diffie Hellman public key (PSP)Generated according to SP 800- 56Arev3Output electronically in plaintextN/APlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key transport on the management plane using Elliptic Curve Diffie- Hellman; key establishment methodology provides 128 bits of encryption strength
RSA 2048- bit A2758112-bitSSH Private Key (CSP)Generated according to FIPS 186-4Entered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5N/APlaintext persistently in FlashZeroization commandUsed for control and management plane authentication
RSA 2048- bit A2758112-bitSSH Public Key (PSP)Generated according to FIPS 186-4Output electronically in plaintextN/APlaintext persistently in FlashZeroization commandUsed for control and management plane authentication
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
AES-CTR (128, 192, 256), AES- GCM (128, 256), SSH KDF A2758128, 192 or 256- bitsSSH Session Key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for control and management plane privacy
HMAC, SSH KDF A2758160, 256 or 512-bitsSSH Integrity Key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle Termination of protocol sessionUsed for message integrity check in the control and management plane
SNMP KDF A2757Shared Secret, at least eight charactersSNMPv3 password (CSP)N/AEntered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5N/APlaintext persistently in FlashZeroization commandUsed for key derivation within management protocols
SNMP KDF A2757, AES CFB128 A2758128-bitSNMPv3 session key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for encryption/decryption within management protocols
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
SNMP KDF A2757, HMAC A2758160-bitSNMPv3 session authentication key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for message integrity check within management protocols
RSA 2048- bit A2758112-bitTLS Private Key (CSP)Generated according to FIPS 186-4N/AN/APlaintext persistently in FlashZeroization commandUsed for authentication within management protocols
RSA 2048- bit A2758112-bitTLS Public Key (PSP)Generated according to FIPS 186-4Output electronically in plaintextN/APlaintext persistently in FlashZeroization commandUsed for authentication within management protocols
KAS-FFC- SSC, KAS-ECC- SSC A2758384-bitTLS Pre-Master Secret (CSP)N/AN/AEstablished according to SP 800- 56Arev3Plaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key derivation within the TLS management protocol
TLS 1.2 KDF A2758384-bitTLS Master Secret (CSP)N/AN/ACalculated as an element of the TLS 1.2 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for key derivation within the TLS management protocol. Derived from the TLS Pre- Master Secret
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
AES GCM, AES CBC A2758 TLS KDF A2758128 or 256- bitsTLS Session Encryption Key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for encryption/decryption within management protocols
HMAC SHA- 1, SHA2- 256, SHA2- 384 A2758 TLS KDF A2758160, 256 or 384- bitsTLS Session Integrity Key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for message integrity check in the control and management plane
AES CBC A2755, IKEv1 KDF A2756256-bitIKE session encrypt key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for encryption/decryption within IPsec
HMAC A2755, IKEv1 KDF A2756256-bitIKE session authentication key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after useUsed for message authentication within IPsec
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
IKEv1 KDF A2756Secret, 32 charactersISAKMP preshared (CSP)N/AEntered electronically in encrypted form via approved KTS-2, KTS-3 or KTS-5N/APlaintext temporarily in RAMZeroization commandUsed for key derivation within IPsec
AES CBC 2755, IKEv1 KDF A2756256-bitIPsec encryption key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for encryption/decryption within IPsec
HMAC, SHA2-256 A2755, IKEv1 KDF A2756256-bitIPsec authentication key (CSP)N/AN/ADerived using SP 800- 135rev1 KDFPlaintext temporarily in RAMDevice power cycle or cleared after use Termination of protocol sessionUsed for message authentication within IPsec
AES CTR A680 or256-bitSession key Tx (CSP)Generated using DRBGElectronically entered and output inN/APlaintext temporarily in RAMDevice power cycle orUsed for encryption/decryption within data plane
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
AES OFB 4014encrypted form via approved KTS-1 or KTS- 4cleared after use Data plane rekey
AES CTR A680 Or AES OFB 4014256-bitSession key Rx (CSP)Generated using DRBGElectronically entered and output in encrypted form via approved KTS-1 or KTS- 4N/APlaintext temporarily in RAMDevice power cycle Data plane rekeyUsed for encryption/decryption within data plane
AES KW AES ECB A2758256-bitMaster key (CSP)N/AElectronically entered via KTS-2, KTS-3 or KTS-5N/APlaintext persistently in FlashZeroization commandUsed for session key encryption for session key exchange between local and remote units
N/A958Crypto Officer Password (CSP)N/AElectronically entered in encrypted form via approved KTS-2, KTS-3 or KTS-5N/ASHA2-512 hash persistently in FlashZeroization commandUsed for Crypto Officer login
SHA2-512 A2758SHA2-512CO Password HashGenerated uponN/AN/APersistently in FlashZeroization commandUsed to verify Crypto Officer login

9. Sensitive security parameter management N/A N/A N/A N/A N/A N/A N/A Use & related keys N/A Zeroisation N/A Storage N/A Establishment Import/Export Strength Key/SSP Name/Type Security Function and Cert. Number The following table identifies each of the Keys/SSPs associated with the modules:

Page 54

N/A N/A 80056Arev3 SP 80056Arev3 N/A N/A SP 80056Arev3 N/A N/A 0.1 Use & related keys Zeroisation Storage Import/Export Generation Security Function and Cert. Number Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material

Page 55

SP 80056Arev3 N/A SP 80056Arev3 N/A N/A RSA 2048bit N/A 0.1 Use & related keys Zeroisation Storage Import/Export Generation Security Function and Cert. Number Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material

Page 56

N/A 800135rev1 N/A N/A N/A N/A N/A 800135rev1 N/A 800135rev1 0.1 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation or 256bits Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material

Page 57

N/A 800135rev1 N/A N/A N/A N/A N/A RSA 2048bit RSA 2048bit KAS-FFCSSC, N/A N/A 0.1 SP 80056Arev3 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material

Page 58

N/A 800135rev1 or 384bits N/A N/A 800135rev1 HMAC SHA1, SHA2256, SHA2384 N/A N/A 800135rev1 N/A N/A 800135rev1 0.1 Use & related keys Establishment N/A Zeroisation Import/Export Storage Generation Strength Key/SSP Name/Type Security Function and Cert. Number Ceragon Networks Ltd. © 2025 Public Material

Page 59

N/A 0.1 N/A N/A N/A 800135rev1 N/A N/A 800135rev1 N/A Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type Ceragon Networks Ltd. © 2025 Public Material

Page 60

N/A N/A N/A 0.1 N/A Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type N/A N/A N/A N/A Ceragon Networks Ltd. © 2025 Public Material

Page 61
P S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
password creation

Use & related keys Zeroisation Storage Establishment Import/Export Generation Security Function and Cert. Number Strength Key/SSP Name/Type Table 19

Page 62
Approved algorithm
NameKey Size
DetailsMinimum number of bits ofEntropy Sources
entropyentropy
Ring-oscillator noise source with no conditioning function. Conformant to SP 800-90B and IG D.J and D.KThe entropy source provides 2.79ENT (P)
bits of entropy per 8-bit sample.bits of entropy per 8-bit sample.
To achieve a security strength ofTo achieve a security strength of
256 bits, the DBRG’s deviation256 bits, the DBRG’s deviation
function will require a seed lengthfunction will require a seed length
of at least 138 samples. The DRBGof at least 138 samples. The DRBG
is seeded with 2048 bits (256is seeded with 2048 bits (256
samples) of data providingsamples) of data providing
approximately 714 bits of entropyapproximately 714 bits of entropy
which is sufficient for generatingwhich is sufficient for generating
the largest module SSPs of athe largest module SSPs of a
maximum of 256 bits of securitymaximum of 256 bits of security

9.1 Generation The module generates symmetric and asymmetric keys in compliance with the requirements of the FIPS 140-3 standard. Specifically, symmetric keys are generated using output of the Approved SP 800-90A DRBG and in compliance with IG D.H. Asymmetric keys are generated as part applicable key generation standards. See Table 19 for additional details. 9.2 Import/Export All keys are entered into or output from the module in a secure manner. Specifically, the Session Keys are output from the module encrypted with an approved KTS using a Master Key with the AES-KW algorithm. Additionally, SSPs provisioned by an operator can be entered using an approved KTS employing AES-GCM or AES and HMAC within the SSH, TLS, or IPsec protocols. See Table 19 for additional details. 9.3 Storage SSPs are stored in plaintext in non-volatile and volatile memory. See Table 19 for additional details. 9.4 Zeroization Procedures SSPs stored in volatile memory are zeroized automatically when no longer needed. SSPs stored in nonvolatile memory are zeroized after repeated failure of the Pre-Operational Self-Tests or upon hardzeroization command issued. The zeroization will permanently erase SSPs stored in Flash by overwriting with zeroes. When zeroization occurs via power cycle or the zeroization command the module provides an indicator in the console log. When zeroization occurs via session termination the zeroization indicator is provided via session log. For CSPs that are zeroized after use, the indicator is that the service continues. If there is a zeroization error, the service in process will be terminated. See Table 19 for additional details. Table 20

Page 63
  1. Self-tests Self-tests are health checks that ensure that the cryptographic algorithms within the module are operating correctly. The self-tests identified in FIPS 140-3 broadly fall within two categories:
  2. Pre-Operational Self-Tests
  3. Conditional Self-Tests When the module is powered on, its power-up self-tests are executed without any operator intervention. CASTs are performed prior to first usage of an algorithm. The operator may run periodic self-tests by power-cycling the module. Conditional tests are performed when a specific condition is met, such as usage of the entropy source or generation of key-pair. 10.1 Pre-Operational Self-Tests The cryptographic module performs the following Pre-Operational Self-Tests on: o o 10.2 Firmware Integrity Test: 160-bit Error detection code (EDC) Pre-operational Bypass Test Conditional Self-Tests The HW-based entropy source is conditionally tested (when entropy is consumed by any of the FW components). Tests are APT and RCT (mentioned in the SP 800-90B document). The cryptographic module performs the following conditional self-tests: • Conditional Cryptographic Algorithm Self-Tests: o Management Security Algorithms Implementation (Firmware) (Cert. #A2758): o HMAC-SHA2-256 CAST o SHA-1 CAST o SHA2-512 CAST o AES-128 ECB Decrypt CAST o AES KeyWrap Encrypt CAST o AES KeyWrap Decrypt CAST o AES-256 GCM Encrypt CAST o RSA PKCS#1 Sign/Verify CASTs o ECDSA Sign/Verify CASTs o DH Shared Secret Computation CAST o ECDH Shared Secret Computation CAST o TLS 1.2 KDF CAST o TLS 1.3 KDF CAST o SSH KDF CAST o DRBG CAST o IKE KDF Implementation (Firmware) (Cert. #A2756): o IKE KDF CAST o SNMP KDF Implementation (Firmware) (Cert. #A2757): Ceragon Networks Ltd. © 2025 Version 0.1 Public Material – May be reproduced only in its original entirety (without revision).
Page 64
Page 65

11.1 Secure Operation When configured as per this section of the Security Policy, the module only runs in the Approved mode of operation, with the exception of the non-Approved Services identified in Table

  1. The non-Approved services described may make use of non-compliant cryptographic algorithms or plaintext data transfers. Use of these services is prohibited in an Approved mode of operation. The Crypto Officer is responsible for ensuring that any of the non-Approved Services (Table 17) in Section 4.3 are not used. Once the module is properly configured as outlined below, the non-Approved Services will not be available for use. 11.2 Installation The module hardware is shipped in sealed boxes to indicate tamper. Upon delivery, the recipient should inspect the package to verify that there has been no tampering. IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-50C, and IP-50E have a fixed configuration with TELs applied at factory. The Crypto Officer must verify at installation time that the TELs are affixed and intact. IP-20N, and IP-20A have variable configurations and the CO must verify that they are configured as per one of the approved configurations identified in Section 2.1, Table
  2. Moreover, the Crypto Officer must verify at installation time that the TELs are affixed and intact. The tamper evident seals installed as indicated in Section 7 are required for the module to be operated in the Approved mode of operation. Please refer to the figures in Section 7 of this document for the proper placement of TELs. 11.3 Initialization The CO must follow these steps to place the module in an Approved mode of operation. For the exact CLI command syntax or GUI instructions, please refer to the below referenced sections of the FIPS Security Configuration Guide for precise details.
  3. Enable Password Enforcement to enforce password strength.
7.10 Configuring Login and Password Settings

- Select Quick Configuration > Security > Access Control. - In the Password change for first login field, select Yes. - In the Enforce password strength field, select Yes. 2. Configure failure login attempts for wrong passwords to 3 attempts (default value).

7.10 Configuring Login and Password Settings

- In the Failure login attempts to block user field, select the number of failed login attempts (3) that will trigger blocking. 3. For radio encryption mode, configure Master Key and enable Payload Encryption.

7.5 Configuring AES-256 Payload Encryption

Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 66

4. Enable SNMP v3 (default) and disable SNMPv1 and v2. Add SNMP users as appropriate following the password complexity requirements specified for CO operators in Section 4 above. Ensure that “AES” and “SHA” are selected for the privacy and authentication ciphers, respectively.

7.9 Configuring SNMPv3

Select Quick Configuration > Security > Protocols. The Quick Configuration Security Protocols page opens (Figure 41). In the SNMP Admin field, select Enable to enable SNMP In the V1V2 Blocked field, select Yes to block SNMPv1 and SNMPv2 access so that only SNMPv3 access will be enabled. 5. Disable Telnet

7.8 Blocking Telnet Access

Select Quick Configuration > Security > Protocols. In the Telnet Admin field, select Disable. Click Apply. 6. Disable HTTP and enable HTTPS

7.7 Configuring HTTPS

Select Quick Configuration > Security > Protocols. In the HTTP protocol field, select HTTPS 7. [Optional step] in case of External Protection configuration (relevant for IP-20G, IP-20C, IP-20S, IP-20CHP), enable Protection Admin and supply a pre-shared key. -

8.1 Encrypting the Protection Link

8. [Optional step] In case of TCC Redundancy (relevant for IP-20N, IP-20A), enable Protection Admin, and make sure TCC Protection switch mode is set to Cold Switch Over Note: Hot Switch Over (HSO) shall not be used in the Approved Mode Web GUI: Platform > Shelf Management > Main Card Redundancy (In the TCC Protection switch mode field, select Cold Switch Over) 9. Change the default CO password -

3.4 Changing Your Password

10. Enable Approved Admin configuration, i.e., set operation mode to ‘Approved mode’. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Page 67

- 7.1 Enabling ‘Approved Mode’ Once the final step is performed the module will prompt the CO to reboot. Upon successful reboot the module will enter the Approved mode of operation. Once the module has been configured, the Approved mode status can be verified by selecting the Security Summary from the Web EMS main menu. The field for “FIPS Mode Admin” shows “enabled”. 11.4

6 Viewing the Security Parameters

Management Protocols such as Telnet, RADIUS, TACACS+, HTTP, SNMPv1, and SNMPv2, Syslog, Hot Standby, NTP are not approved for use in the Approved mode and shall remain disabled. When in FIPS 140-3 compliant mode, only the following algorithms are used for SSH and TLS communications.

11.4.1 SSH Usage

When in the Approved mode, the module supports only the following symmetric encryption algorithm:

11.4.2 TLS Usage

When in the Approved mode, only the following cipher suites are available for TLSv1.2 communications:

Page 68

When in the Approved mode, only the following cipher suites are available for TLSv1.3 communications:

11.5 Maintenance

There are no specific maintenance actions required. 12. Mitigation of other attacks The module does not claim to mitigate any other attacks beyond those specified in FIPS 140-3. Ceragon Networks Ltd. © 2025 Version 0.1 Public Material

Referenced URLs