Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 22 of 50
Documentation shall include the design of the entropy source as a whole,
including the interaction of all entropy source components. It will describe the
operation of the entropy source to include how it works, how entropy is
produced, and how unprocessed (raw) data can be obtained from within the
entropy source for testing purposes. The documentation should walk through
the entropy source design indicating where the random comes from, where it is
passed next, any post-processing of the raw outputs (hash, XOR, etc.), if/where
it is stored, and finally, how it is output from the entropy source. Any
conditions placed on the process (e.g., blocking) should also be described in the
entropy source design. Diagrams and examples are encouraged.
This design must also include a description of the content of the security
boundary of the entropy source and a description of how the security boundary
ensures that an adversary outside the boundary cannot affect the entropy rate.
Entropy Justification
There should be a technical argument for where the unpredictability in the
source comes from and why there is confidence in the entropy source
exhibiting probabilistic behavior (an explanation of the probability distribution
and justification for that distribution given the particular source is one way to
describe this). This argument will include a description of the expected entropy
rate and explain how you ensure that sufficient entropy is going into the TOE
randomizer seeding process. This discussion will be part of a justification for
why the entropy source can be relied upon to produce bits with entropy.
Operating Conditions
Documentation will also include the range of operating conditions under which
the entropy source is expected to generate random data. It will clearly
describe the measures that have been taken in the system design to ensure the
entropy source continues to operate under those conditions. Similarly,
documentation shall describe the conditions under which the entropy source is
known to malfunction or become inconsistent. Methods used to detect failure
or degradation of the source shall be included.
Health Testing
More specifically, all entropy source health tests and their rationale will be
documented. This will include a description of the health tests, the rate and
conditions under which each health test is performed (e.g., at startup,
continuously, or on-demand), the expected results for each health test, and
rationale indicating why each test is believed to be appropriate for detecting
one or more failures in the entropy source.
The evaluator shall also perform the following tests, depending on the standard to which the RBG
conforms.
Implementations Conforming to FIPS 140-2, Annex C
The reference for the tests contained in this section is The Random Number Generator Validation
System (RNGVS) [RNGVS]. The evaluator shall conduct the following two tests. Note that the
'expected values' are produced by a reference implementation of the algorithm that is known to be
correct. Proof of correctness is left to each Scheme.