Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3 FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 1.5 September 8, 2008 © Copyright 2007 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Table of Contents 1 INTRODUCTION.................................................................................................................. 3 1.1 PURPOSE ............................................................................................................................. 3 1.2 REFERENCES ....................................................................................................................... 3 1.3 TERMINOLOGY .....................................................................
1 Introduction 1.1 Purpose This document is the non-proprietary Cryptographic Module Security Policy for the Cisco 3825 Integrated Services Router with AIM-VPN/SSL-3 and 3845 Integrated Services Routers Routers with AIM-VPN/SSL-3 (Router Hardware Version: 3825 or 3845; Router Firmware Version: IOS 12.4 (15) T3; AIM-VPN/SSL-3 Hardware Version 1.0, Board Revision 01).
This document provides an overview of the routers and explains their secure configuration and operation. This introduction section is followed by Section 2, which details the general features and functionality of the router. Section 3 specifically addresses the required configuration for the FIPS-mode of operation.
2 Cisco 3825 and 3845 Routers Branch office networking requirements are dramatically evolving, driven by web and ecommerce applications to enhance productivity and merging the voice and data infrastructure to reduce costs. The Cisco 3825 and 3845 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements. This section describes the general features and functionality provided by the routers.
Figure 3 – 3825 Front Panel Physical Interfaces The Cisco 3825 router features a console port, auxiliary port, dual Universal Serial Bus (USB) ports, four high-speed WAN interface card (HWIC) slots, two10/100/1000 Gigabit Ethernet RJ45 ports, two Enhanced Network Module (ENM) slots, small form factor pluggable (SFP), redundant power supply (RPS) inlet, power inlet, and Compact Flash (CF) drive. The 3825 router has slots for AIM-VPN/SSL-3 cards1, and two Ethernet connections.
Name State Description System Solid Green Blinking Green Amber Off Green Amber Off Green Amber Off Green Off Normal System Operation. Booting or in ROM monitor (ROMMON) mode. Powered, but malfunctionaing. Router is not receiving power. Power supply present and enabled. Power supply present and off or with failure. Power supply not present. Indicates IP phone power supply present. Indicates IP phone power supply present. IP phone power supply not present. System running on RPS PSU.
Speed Link Solid Green Off Solid Green Off 100 Mbps 10 Mbps Ethernet link is established No link established Table 3 – Cisco 3825 Ethernet Indicators The physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in the following table: Router Physical Interface 10/100/1000 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slots SFP USB Ports 10/100/1000 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slots SFP USB Ports 10/100/1000 Ethernet LAN
2.2 The Cisco 3845 Cryptographic Module Physical Characteristics Figure 4 – The 3845 router case The 3845 router with on-board crypto enabled is a multiple-chip standalone cryptographic module. The router has a processing speed of 650MHz. Depending on configuration, either the installed AIM-VPN/SSL-3 module, the onboard Safenet chip or the IOS software is used for cryptographic operations. The cryptographic boundary of the module is the device’s case.
Figure 6 – Cisco 3845 Rear Panel Physical Interfaces The Cisco 3845 router features a console port, auxiliary port, dual Universal Serial Bus (USB) ports, four high-speed WAN interface card (HWIC) slots, two10/100/1000 Gigabit Ethernet RJ45 ports, four Enhanced Network Module (ENM) slots, small form factor pluggable (SFP), power inlets, and Compact Flash (CF) drive. The 3845 router has slots for AIM-VPN/SSL-3 cards2, and two Ethernet connections.
The following tables provide more detailed information conveyed by the LEDs on the front and rear panel of the router: Name State Description System Solid Green Blinking Green Amber Off Green Amber Off Green Amber Off Green Amber Off Green Amber Off Green Off Solid Green Blinking Green Off Green Amber Off Green Amber Off Green Amber Off Green Amber Off Green Amber Off Green Amber Off Normal System Operation. Booting or in ROM monitor (ROMMON) mode. Powered, but malfunctionaing.
Link SFP Solid Green Off Solid Green Off Ethernet link is established No link established SFP fiber link is established No link established Table 6 – Cisco 3845 Ethernet Indicators The physical interfaces are separated into the logical interfaces from FIPS 140-2 as described in the following table: Router Physical Interface 10/100/1000 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slots SFP USB Ports 10/100/1000 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slots SFP USB
2.3 Roles and Services Authentication in Cisco 3825 and 3845 is role-based. There are two main roles in the router that operators can assume: the Crypto Officer role and the User role. The administrator of the router assumes the Crypto Officer role in order to configure and maintain the router using Crypto Officer services, while the Users exercise only the basic User services. The module supports RADIUS and TACACS+ for authentication.
Define Rules and Filters Create packet Filters that are applied to User data streams on each interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based on characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction.
When using RSA based authentication, RSA key pair has modulus size of 1024 bit to 2048 bit, thus providing between 80 bits and 112 bits of strength. Assuming the low end of that range, an attacker would have a 1 in 280 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.
Figure 7 – 3825 – Opacity Shield Placement Figure 8 – 3845 – Opacity Shield Placement Once the router has been configured in to meet FIPS 140-2 Level 2 requirements, the router cannot be accessed without signs of tampering. To seal the system, apply serialized tamperevidence labels as follows: For Cisco 3825: 1. Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based cleaning pads are recommended for this purpose.
8. Tamper evidence labels H and I should be placed on the top and bottom of the opacity shield such that the one half of each label covers opacity shield and the other half covers the enclosure. 9. The labels completely cure within five minutes. Figures 9, 10 and 11 show the tamper evidence label placements for the 3825. Note that each diagram only shows certain label placement locations.
1. Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based cleaning pads are recommended for this purpose. The temperature of the router should be above 10°C. 2. Tamper evidence labels A and B should be placed so that one half of the label covers the front panel and the other half covers the enclosure. 3. Tamper evidence label C should be placed so that one half of the label covers the left upper and lower ENM modules and the other half covers the enclosure. 4.
Figure 14 - Cisco 3845 Tamper Evident Label Placement (Side Views) The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the router will damage the tamper evidence seals or the material of the module cover. Since the tamper evidence seals have non-repeated serial numbers, they can be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered.
AES Triple-DES SHA-1, SHA-256, SHA-512 HMAC-SHA-1 X9.31 PRNG RSA 795 683 794 436 456 379 Onboard Safenet Implementations AES Triple-DES SHA-1 HMAC-SHA-1 96 210 317 50 AIM Module Implementations AES Triple-DES SHA-1 HMAC-SHA-1 X9.31 PRNG RSA 173 275 258 39 83 382 The router is in the approved mode of operation only when FIPS 140-2 approved algorithms are used (except DH and RSA key transport which are allowed in the approved mode for key establishment despite being non-approved).
3. RSA digital signatures based authentication is used for IKE, with Diffie-Hellman Key agreement technique to derive AES or Triple-DES keys. 4. RSA encrypted nonces based authentication is used for IKE, with Diffie-Hellman Key agreement technique to derive AES or Triple-DES keys. 5. RSA key transport is used to derive the Triple-DES or AES keys during SSLv3.1/TLS handshake. The module supports commercially available Diffie-Hellman and RSA key transport for key establishment.
PRNG Seed X9.31 PRNG Seed Key X9.31 Diffie Hellman private exponent Diffie Hellman public key DH DRAM Automatically every 400 bytes, or turn off the router. DRAM Turn off the router. The private exponent used in Diffie-Hellman (DH) exchange as part of IKE. Zeroized after DH shared secret has been generated. The public key used in DiffieHellman (DH) exchange as part of IKE. Zeroized after the DH shared secret has been generated. Value derived from the shared secret within IKE exchange.
IKE RSA Authentication Public Key RSA RSA public key for IKE authentication. Generated or entered like any RSA key, set as IKE RSA Authentication Key with the “crypto keyring” or “ca trustpoint” command. RSA private key for IKE encrypted nonces. Generated like any RSA, with the “usage-keys” parameter included. RSA public key for IKE encrypted nonces. Generated like any RSA, with the “usage-keys” parameter included. The IPSec encryption key. Zeroized when IPSec session is terminated.
User password Shared Secret Enable password Shared Secret Enable secret Shared Secret RADIUS secret Shared Secret secret_1_0_0 TACACS+ secret Shared Secret TLS server private key TLS server public key TLS premaster secret RSA TLS Encryption Key TLS Integrity Key AES/TRIPLEDES RSA Shared Secret HMAC-SHA-1 The password of the User role. This password is zeroized by overwriting it with a new password. The plaintext password of the CO role.
Security Relevant Data Item PRNG Seed d r PRNG Seed Key d r Diffie Hellman private exponent r Diffie Hellman public key r skeyid r w d r w d r w d r w d r w d r w d r w d r w d r w d r skeyid_d r skeyid_a r skeyid_e r IKE session encrypt key r IKE session authentication key r ISAKMP preshared r IKE hash key r IKE RSA Authentication private Key © Copyright 2007 Cisco Systems, Inc.
IKE RSA Authentication Public Key IKE RSA Encrypted Nonce Private Key IKE RSA Encrypted Nonce Public Key r w d r w d r w d r w d r w d r r r IPSec encryption key r IPSec authentication key r Configuration encryption key Router authentication key 1 PPP authentication key Router authentication key 2 r w d r w d r w d r w d r w d r w r w r w r w d r w d r r w d r d r w d r SSH session key r w d r User password r w d r w d r w d r w d r Enable password Enable secret RADIUS secret secret
TLS pre-master secret r TLS Encryption Key r TLS Integrity Key r r w d r w d r w d Table 9 – Role and Service Access to CSP © Copyright 2007 Cisco Systems, Inc. 27 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
2.6 Self-Tests In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. All self-tests are implemented by the software.
2.6.
3 Secure Operation of the Cisco 3825 or 3845 router The Cisco 3825 and 3845 routers meet all the Level 2 requirements for FIPS 140-2. Follow the instructions provided below to place the module in FIPS-approved mode. Operating this router without maintaining the following settings will remove the module from the FIPS approved mode of operation. 3.1 Initial Setup 1. The Crypto Officer must apply tamper evidence labels as described in Section 2.4 of this document. 2.
must include at least one number and one letter. 3.3 IPSec Requirements and Cryptographic Algorithms 1. The only type of key management that is allowed in FIPS mode is Internet Key Exchange (IKE). 2. Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration: ah-sha-hmac esp-sha-hmac esp-Triple-DES esp-aes 3.
2. SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm. The Crypto officer must configure the module so that SSH uses only FIPSapproved algorithms. Note that all users must still authenticate after remote access is granted. © Copyright 2007 Cisco Systems, Inc. 32 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
CISCO EDITOR’S NOTE: You may now include all standard Cisco information included in all documentation produced by Cisco. Be sure that the following line is in the legal statements at the end of the document: By printing or making a copy of this document, the user agrees to use this information for product evaluation purposes only. Sale of this information in whole or in part is not authorized by Cisco Systems. © Copyright 2007 Cisco Systems, Inc.
