HP Hewlett Packard FIPS 140 2 User Manual

HP StorageWorks Secure Key Manager  
(Hardware P/N AJ087B, Version 1.1; Firmware Version:1.1)  
FIPS 140-2  
Security Policy  
Level 2 Validation  
Document Version 0.7  
December 4, 2008  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Table of Figures  
FIGURE 1 – DEPLOYMENT ARCHITECTURE OF THE HP STORAGEWORKS SECURE KEY MANAGER ................................6  
FIGURE 2 – BLOCK DIAGRAM OF SKM...........................................................................................................................7  
FIGURE 3 – FRONT PANEL LEDS ....................................................................................................................................9  
FIGURE 4 – REAR PANEL COMPONENTS .......................................................................................................................10  
FIGURE 5 – REAR PANEL LEDS....................................................................................................................................10  
FIGURE 6 – FIPS COMPLIANCE IN CLI .........................................................................................................................22  
FIGURE 7 – FIPS COMPLIANCE IN WEB ADMINISTRATION INTERFACE.........................................................................22  
FIGURE 8 – TAMPER-EVIDENCE LABELS ......................................................................................................................23  
FIGURE 9 – TAMPER-EVIDENCE LABELS OVER POWER SUPPLIES .................................................................................23  
HP StorageWorks Secure Key Manager  
Page 3 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Table of Tables  
TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION...................................................................................................6  
TABLE 2 – LOGICAL INTERFACE AND PHYSICAL PORTS MAPPING..................................................................................8  
TABLE 3 – FRONT PANEL LED DEFINITIONS ..................................................................................................................9  
TABLE 4 – REAR PANEL COMPONENTS DESCRIPTIONS.................................................................................................10  
TABLE 5 – REAR PANEL LED DEFINITIONS..................................................................................................................11  
TABLE 6 – CRYPTO OFFICER SERVICES ........................................................................................................................11  
TABLE 7 – USER SERVICES...........................................................................................................................................13  
TABLE 8 – HP USER SERVICES .....................................................................................................................................13  
TABLE 9 – CLUSTER MEMBER SERVICES......................................................................................................................14  
TABLE 10 – ROLES AND AUTHENTICATIONS ................................................................................................................14  
TABLE 11 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS FOR SSH....................15  
TABLE 12 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS FOR TLS....................16  
TABLE 13 – CIPHER SUITES SUPPORTED BY THE MODULES TLS IMPLEMENTATION IN FIPS MODE ...........................17  
TABLE 14 – OTHER CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS ...................................17  
TABLE 15 – ACRONYMS ...............................................................................................................................................25  
HP StorageWorks Secure Key Manager  
Page 4 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
1 Introduction  
1.1 Purpose  
This document is a non-proprietary Cryptographic Module Security Policy for the HP StorageWorks Secure Key  
Manager (SKM) from Hewlett-Packard Company. Federal Information Processing Standards (FIPS) 140-2, Security  
Requirements for Cryptographic Modules, specifies the U.S. and Canadian Governments’ requirements for  
cryptographic modules. The following pages describe how HP’s SKM meets these requirements and how to use the  
SKM in a mode of operation compliant with FIPS 140-2. This policy was prepared as part of the Level 2 FIPS 140-2  
validation of the HP StorageWorks Secure Key Manager.  
More information about FIPS 140-2 and the Cryptographic Module Validation Program (CMVP) is available at the  
website of the National Institute of Standards and Technology (NIST):  
In this document, the HP StorageWorks Secure Key Manager is referred to as the SKM, the module, or the device.  
1.2 References  
This document deals only with the operations and capabilities of the module in the technical terms of a FIPS 140-2  
cryptographic module security policy. More information is available on the module from the following sources:  
The HP website (http://www.hp.com) contains information on the full line of products from HP.  
The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contact information for  
answers to technical or sales-related questions for the module.  
HP StorageWorks Secure Key Manager  
Page 5 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
2 HP StorageWorks Secure Key Manager  
2.1 Overview  
HP provides a range of security products for banking, the Internet, and enterprise security applications. These  
products use encryption technology—often embedded in hardware—to safeguard sensitive data, such as financial  
transactions over private and public networks and to offload security processing from the server.  
The HP StorageWorks Secure Key Manager is a hardened server that provides security policy and key management  
services to encrypting client devices and applications. After enrollment, clients, such as storage systems, application  
servers and databases, make requests to the SKM for creation and management of cryptographic keys and related  
metadata.  
Client applications can access the SKM via its Key Management Service (KMS) server. Configuration and  
management can be performed via web administration, Secure Shell (SSH), or serial console. Status-monitoring  
interfaces include a dedicated FIPS status interface, a health check interface, and Simple Network Management  
Protocol (SNMP).  
The deployment architecture of the HP StorageWorks Secure Key Manager is shown in Figure 1 below.  
Web Server  
Application Server  
Database  
Storage System  
HP StorageWorks Secure Key Manager  
Figure 1 – Deployment Architecture of the HP StorageWorks Secure Key Manager  
2.2 Cryptographic Module Specification  
The HP StorageWorks Secure Key Manager is validated at FIPS 140-2 section levels shown in Table 1 – Security  
Level per FIPS 140-2 Section.  
Table 1 – Security Level per FIPS 140-2 Section  
Section  
Section Title  
Cryptographic Module Specification  
Cryptographic Module Ports and Interfaces  
Roles, Services, and Authentication  
Finite State Model  
Level  
1
2
3
4
5
6
7
8
9
3
2
3
2
Physical Security  
2
Operational Environment  
Cryptographic Key Management  
EMI/EMC  
N/A  
2
2
Self-Tests  
2
HP StorageWorks Secure Key Manager  
Page 6 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Section  
10  
Section Title  
Design Assurance  
Mitigation of Other Attacks  
Level  
2
11  
N/A  
The block diagram of the module is given in Figure 2 – Block Diagram of SKM. The cryptographic boundary is  
clearly shown in the figure.  
Figure 2 – Block Diagram of SKM  
In the FIPS mode of operation, the module implements the following Approved algorithms:  
Advanced Encryption Standard (AES) encryption and decryption: 128, 192, and 256 bits, in Electronic  
Codebook (ECB) and Cipher Block Chaining (CBC) modes (certificate # 653)  
Triple Data Encryption Standard (3DES) encryption and decryption: 112 and 168 bits, in ECB and CBC  
modes (certificate # 604)  
Secure Hash Algorithm (SHA)-1, SHA-256, SHA-384, SHA-512 (certificate # 847)  
Keyed-Hash Message Authentication Code (HMAC) SHA-1 and HMAC SHA-256 (certificate # 470)  
Rivest, Shamir, and Adleman (RSA) American National Standard Institute (ANSI) X9.31 key generation,  
signature generation, and signature verification: 1024 and 2048 bits (certificate # 302)  
HP StorageWorks Secure Key Manager  
Page 7 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Digital Signature Algorithm (DSA) PQG generation, key generation, signature generation, and signature  
verification: 1024 bits (certificate # 244)  
ANSI X9.31 Appendix A.2.4 with 2-key 3DES Deterministic Random Number Generator (DRNG)  
(certificate # 375)  
Diffie-Hellman key agreement (SP 800-56A, vendor affirmed; key establishment methodology provides 80  
bits of encryption strength)  
In the FIPS mode of operation, the module implements the following non-approved algorithms:  
A non-approved Random Number Generator (RNG) to seed the ANSI X9.31 DRNG  
The following commercially-available protocols for key establishment:  
o
Transport Layer Security (TLS) 1.0/ Secure Socket Layer (SSL) 3.1 protocol using RSA 1024 and  
2048 bits for key transport. Caveat: The RSA 1024- and 2048-bit key wrapping and key  
establishment provide 80 and 112 bits of encryption strength, respectively.  
In the non-FIPS mode of operation, the module also implements DES, MD5, RC4, and 512- and 768-bit RSA for  
signature generation and verification, and key establishment.  
2.3 Module Interfaces  
FIPS 140-2 defines four logical interfaces:  
Data Input  
Data Output  
Control Input  
Status Output  
The module features the following physical ports and LEDs:  
Serial port (RS232 DB9)  
Ethernet 10/100/1000 RJ-45 ports (Network Interface Card [NIC], quantity: 2)  
Mouse port (PS/2)  
Keyboard port (PS/2)  
Monitor port (VGA DB15)  
Power input (115VAC)  
LEDs (six on the front panel and seven on the rear panel)  
The logical interfaces and their physical port mappings are described in Table 2 – Logical Interface and Physical  
Ports Mapping.  
Table 2 – Logical Interface and Physical Ports Mapping  
Logical Interface  
Data Input  
Physical Ports  
Keyboard, serial, Ethernet  
Monitor, serial, Ethernet  
Data Output  
Control Input  
Status Output  
Keyboard, mouse, serial, Ethernet  
Monitor, serial, Ethernet, LEDs  
There are no buttons or ports on the front panel. There are six LEDs on the front panel. See Figure 3 – Front Panel  
LEDs.  
HP StorageWorks Secure Key Manager  
Page 8 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Figure 3 – Front Panel LEDs  
Descriptions of the LEDs are given in Table 3 – Front Panel LED Definitions.  
Table 3 – Front Panel LED Definitions  
Item  
Description  
Status  
Green = System is on.  
Amber = System is shut down, but power is still applied.  
Off = Power cord is not attached, power supply failure has  
occurred, no power supplies are installed, facility power is not  
available, or disconnected power button cable.  
Power On/Standby button  
and system power LED  
1
Unit Identifier (UID)  
button/LED  
Blue = Identification is activated.  
Off = Identification is deactivated.  
2
3
Green = System health is normal.  
Amber = System health is degraded. To identify the component in  
a degraded state, refer to “HP Systems Insight Display and LEDs”.  
Red = System health is critical. To identify the component in a  
critical state, refer to “HP Systems Insight Display and LEDs”.  
Off = System health is normal (when in standby mode).  
Internal health LED  
Green = Power supply health is normal.  
Amber = Power redundancy failure occurred.  
Off = Power supply health is normal when in standby mode.  
External health LED (power  
supply)  
4
5
Green = Network link exists.  
Flashing green = Network link and activity exist.  
Off = No link to network exists.  
If power is off, the front panel LED is not active. View the LEDs on  
the RJ-45 connector for status by referring to the rear panel LEDs.  
NIC 1 link/activity LED  
NIC 2 link/activity LED  
Green = Network link exists.  
Flashing green = Network link and activity exist.  
Off = No link to network exists.  
6
If power is off, the front panel LED is not active. View the LEDs on  
the RJ-45 connector for status by referring to the rear panel LEDs  
The components on the rear panel are illustrated in Figure 4 – Rear Panel Components.  
HP StorageWorks Secure Key Manager  
Page 9 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Figure 4 – Rear Panel Components  
Descriptions of components on the rear panel are given in Table 4 – Rear Panel Components Descriptions.  
Table 4 – Rear Panel Components Descriptions  
Item  
Definition  
PCI Express expansion slot 1 (Blocked)  
PCI Express expansion slot 2 (Blocked)  
Power supply bay 2  
1
2
3
4
5
Power supply bay 1  
NIC connector 1 (Ethernet)  
NIC connector 2 (Ethernet)  
Keyboard connector  
6
7
8
Mouse connector  
9
Video connector  
10  
11  
12  
13  
Serial connector  
Universal Serial Bus (USB) connector 1 (Blocked)  
USB connector 2 (Blocked)  
Integrated Lights-Out (iLO) 2 NIC connector (Blocked)  
The seven LEDs on the rear panel are illustrated in Figure 5 – Rear Panel LEDs.  
Figure 5 – Rear Panel LEDs  
HP StorageWorks Secure Key Manager  
Page 10 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Descriptions of LEDs on the rear panel are given in Table 5 – Rear Panel LED Definitions.  
Table 5 – Rear Panel LED Definitions  
Item  
Description  
Status  
Green = Activity exists.  
Flashing green = Activity exists.  
Off = No activity exists.  
10/100/1000 NIC 1 activity  
LED  
1
10/100/1000 NIC 1 link  
LED  
Green = Link exists.  
Off = No link exists.  
2
3
4
5
Green = Activity exists.  
Flashing green = Activity exists.  
Off = No activity exists.  
10/100/1000 NIC 2 activity  
LED  
10/100/1000 NIC 2 link  
LED  
Green = Link exists.  
Off = No link exists.  
Blue = Identification is activated.  
Off = Identification is deactivated.  
UID LED  
Green = Normal  
Off = System is off or power supply has failed  
6
7
Power supply 2 LED  
Power supply 1 LED  
Green = Normal  
Off = System is off or power supply has failed  
2.4 Roles, Services, and Authentication  
The module supports four authorized roles:  
Crypto Officer  
User  
HP User  
Cluster Member  
All roles require identity-based authentication.  
2.4.1 Crypto Officer Role  
The Crypto Officer accesses the module via the Web Management Console and/or the Command Line Interface  
(CLI). This role provides all services that are necessary for the secure management of the module. Table 6 shows the  
services for the Crypto Officer role under the FIPS mode of operation. The purpose of each service is shown in the  
first column (“Service”), and the corresponding function is described in the second column (“Description”). The  
keys and Critical Security Parameters (CSPs) in the rightmost column correspond to the keys and CSPs introduced  
in Section 2.7.1.  
Table 6 – Crypto Officer Services  
Service  
Description  
Keys/CSPs  
Authenticate to SKM  
Authenticate to SKM with a username and  
the associated password  
Crypto Officer passwords – read;  
TLS/SSH keys – read  
HP StorageWorks Secure Key Manager  
Page 11 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Service  
Description  
Keys/CSPs  
Perform first-time  
initialization  
Configure the module when it is used for the  
first time  
Crypto Officer (admin) password  
– write;  
Kdsa public/private – write;  
Krsa private – write;  
Krsa private – write;  
Log signing RSA key – write;  
Log signature verification RSA  
key – write;  
KRsaPub – write;  
KRsaPriv – write.  
Upgrade firmware  
Upgrade firmware (firmware must be FIPS-  
validated)  
Firmware upgrade key – read  
Configure FIPS mode  
Manage keys  
Enable/disable FIPS mode  
None  
Manage all client keys that are stored within  
the module. This includes the generation,  
storage, export (only public keys), import, and  
zeroization of keys.  
Client keys – write, read, delete;  
PKEK – write, read, delete.  
Manage clusters  
Manage all clusters that are defined within  
the module. This includes the creation,  
joining, and removal of a cluster from the  
module.  
Cluster Member passwords –  
write, delete  
Manage services  
Manage operators  
Manage certificates  
Manage all services supported by the  
module. This includes the starting and  
stopping of all services.  
None  
Create, modify, or delete module operators  
(Crypto Officers and Users).  
Crypto Officer passwords –  
write, delete; User passwords –  
write, delete  
Create/import/revoke certificates  
KRsaPub – write, read, delete;  
KRsaPriv – write, read, delete;  
CARsaPub – write, read, delete;  
CARsaPriv – write, read, delete;  
Client RSA public keys – read.  
Reset factory settings  
Rollback to the default firmware shipped with  
the module  
All keys/CSPs – delete  
Restore default  
configuration  
Delete the current configuration file and  
restores the default configuration settings  
None  
Restore configuration  
file  
Restore a previously backed up configuration  
file  
None  
Backup configuration  
file  
Back up a configuration file  
None  
Zeroize all keys/CSPs  
Zeroize all keys and CSPs in the module  
All keys and CSPs – delete  
2.4.2 User Role  
The User role is associated with external applications or clients that connect to the KMS via its XML interface.  
Users in this role may exercise services—such as key generation and management—based on configured or  
predefined permissions. See Table 7 – User Services for details. The keys and CSPs in the rightmost column  
correspond to the keys and CSPs introduced in Section 2.7.1.  
HP StorageWorks Secure Key Manager  
Page 12 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Table 7 – User Services  
Description  
Service  
Keys/CSPs  
Authenticate to SKM  
Authenticate to SKM with a username and the  
associated password  
User passwords – read  
Generate key  
Generate a cryptographic key  
Client keys – write;  
PKEK – write.  
Modify key meta data  
Delete key  
Change the key owner or update/add/delete  
the custom attributes  
None  
Delete a cryptographic key  
Client keys – delete;  
PKEK – delete.  
Query key meta data  
Import key  
Output key names and meta data that the  
User is allowed to access  
Client keys – read;  
PKEK – read.  
Import key  
Client keys – write;  
PKEK – write.  
Export key  
Export a cryptographic key  
Client keys – read;  
PKEK – read.  
Export Certificate  
Clone Key  
Export a certificate  
Client certificate – read  
Clone an existing key under a different key  
name  
Client keys – write, read;  
PKEK – write, read.  
Generate random  
number  
Generate a random number  
ANSI X9.31 DRNG seed – write,  
read, delete  
Manage operators  
Only users with administration permission can  
create, modify, or delete module operators  
User passwords – write, delete  
2.4.3 HP User Role  
The HP User role can reset the module to an uninitialized state in the event that all Crypto Officer passwords are  
lost, or when a self-test permanently fails. See Table 8 – HP User Services. The keys and CSPs in the rightmost  
column correspond to the keys and CSPs introduced in Section 2.7.1.  
Table 8 – HP User Services  
Service  
Description  
Keys/CSPs  
Authenticate to the  
module  
Authenticate to SKM with a signed token  
HP User RSA public key – read  
Reset factory settings  
Rollback to the default firmware shipped with  
the module  
All keys/CSPs – delete  
None  
Restore default  
configuration  
Delete the current configuration file and  
restores the default configuration settings  
HP StorageWorks Secure Key Manager  
Page 13 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Service  
Description  
Keys/CSPs  
All keys/CSPs – delete  
Zeroize all keys/CSPs  
Zeroize all keys/CSPs in the module  
2.4.4 Cluster Member Role  
The Cluster Member role is associated with other SKMs that can connect to this SKM and access cluster services.  
See Table 9 – Cluster Member Services. The keys and CSPs in the rightmost column correspond to the keys and  
CSPs introduced in Section 2.7.1.  
Table 9 – Cluster Member Services  
Service  
Description  
Keys/CSPs  
Authenticate Cluster  
Member  
Authenticate to SKM via TLS  
Cluster Member passwords –  
read; Cluster key – read; Cluster  
Member RsaPub – read  
Receive Configuration  
File  
Update the module’s configuration settings  
None  
Zeroize Key  
Delete a specific key  
Cluster key – delete  
None  
Backup Configuration  
File  
Back up a configuration file  
2.4.5 Authentication  
The module performs identity-based authentication for the four roles. Two authentication schemes are used:  
authentication with certificate in TLS and authentication with password. See Table 10 – Roles and Authentications  
for a detailed description.  
Table 10 – Roles and Authentications  
Role  
Authentication  
Crypto Officer  
User  
Username and password with optional digital certificate  
Username and password and/or digital certificate  
Digital certificate  
HP User  
Cluster Member  
Digital certificate over TLS  
The 1024-bit RSA signature on a digital certificate provides 80-bits of security. There are 280 possibilities. The  
probability of a successful random guess is 2-80. Since 10-6 » 2-80, a random attempt is very unlikely to succeed. At  
least 80 bits of data must be transmitted for one attempt. (The actual number of bits that need to be transmitted for  
one attempt is much greater than 80. We are considering the worst case scenario.) The processor used by the module  
has a working frequency of 3.0 gigabytes, hence, at most 60×3.0×109 bits of data can be transmitted in 60 seconds.  
Since 80 bits are necessary for one attempt, at most (60×3.0×109)/80 = 2.25×109 attempts are possible in 60 seconds.  
However, there exist 280 possibilities. (2.25×109)/280 = 1.86×10-15 « 10-5. The probability of a successful certificate  
attempt in 60 seconds is considerably less than 10-5.  
Passwords in the module must consist of eight or more characters from the set of 90 human-readable numeric,  
alphabetic (upper and lower case), and special character symbols. Excluding those combinations that do not meet  
password constraints (see Section 2.7.1 – Keys and CSPs), the size of the password space is about 608. The  
probability of a successful random guess is 60-8. Since 10-6 » 60-8, a random attempt is very unlikely to succeed.  
After six unsuccessful attempts, the module will be locked down for 60 seconds; i.e., at most six trials are possible  
HP StorageWorks Secure Key Manager  
Page 14 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
in 60 seconds. Since 10-5 » 6×60-8, the probability of a successful password attempt in 60 seconds is considerably  
less than 10-5.  
2.4.6 Unauthenticated Services  
The following services do not require authentication:  
SNMP statistics  
FIPS status services  
Health check services  
Network Time Protocol (NTP) services  
Initiation of self-tests by rebooting the SKM  
Negotiation of the XML protocol version for communications with the KMS  
SNMP is used only for sending statistical information (SNMP traps). FIPS status and health check are status-report  
services, unrelated to security or cryptography. NTP is a date/time synchronization service that does not involve  
keys or CSPs. Initiation of self-tests and negotiation of the XML protocol version do not involve keys or CSPs.  
2.5 Physical Security  
The module was tested and found conformant to the EMI/EMC requirements specified by Title 47 of the Code of  
Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (that is, for business  
use).  
The HP StorageWorks Secure Key Manager is a multi-chip standalone cryptographic module. The entire contents of  
the module, including all hardware, software, firmware, and data, are enclosed in a metal case. The case is opaque  
and must be sealed using tamper-evident labels in order to prevent the case cover from being removed without signs  
of tampering. All circuits in the module are coated with commercial standard passivation. Once the module has been  
configured to meet FIPS 140-2 Level 2 requirements, the module cannot be accessed without signs of tampering.  
See Section 3.3 – Physical Security Assurance of this document for more information.  
2.6 Operational Environment  
The operational environment requirements do not apply to the HP StorageWorks Secure Key Manager—the module  
does not provide a general purpose operating system and only allows the updating of image components after  
checking an RSA signature on the new firmware image. Crypto Officers can install a new firmware image on the  
SKM by downloading the image to the SKM. This image is signed by an RSA private key (which never enters the  
module). The SKM verifies the signature on the new firmware image using the public key stored in the module. If  
the verification passes, the upgrade is allowed. Otherwise the upgrade process fails and the old image is reused.  
2.7 Cryptographic Key Management  
2.7.1 Keys and CSPs  
The SSH and TLS protocols employed by the FIPS mode of the module are security-related. Table 11 – List of  
Cryptographic Keys, Cryptographic Key Components, and CSPs for SSH and Table 12 – List of Cryptographic  
Keys, Cryptographic Key Components, and CSPs for TLS, introduce cryptographic keys, key components, and  
CSPs involved in the two protocols, respectively.  
Table 11 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs for SSH  
Key  
Key Type  
Generation / Input  
Output  
Storage  
Zeroization  
Use  
HP StorageWorks Secure Key Manager  
Page 15 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Key  
DH  
public  
param  
Key Type  
Generation / Input  
Output  
In  
Storage  
In volatile  
Zeroization  
Use  
1024-bit Diffie-  
Hellman public  
parameters  
Generated by ANSI  
X9.31 DRNG during  
session initialization  
Upon session  
termination  
Negotiate SSH  
Ks and SSH  
Khmac  
plaintext memory  
DH  
private  
param  
1024-bit Diffie-  
Hellman private  
parameters  
Generated by ANSI  
X9.31 DRNG during  
session initialization  
Never  
In volatile  
memory  
Upon session  
termination  
Negotiate SSH  
Ks and SSH  
Khmac  
Kdsa  
public  
1024-bit DSA  
public keys  
Generated by ANSI  
X9.31 DRNG during  
first-time initialization  
In  
In non-volatile At operator delete Verify the  
plaintext memory  
or zeroize request signature of the  
server’s  
message.  
Kdsa  
private  
1024-bit DSA  
private keys  
Generated by ANSI  
X9.31 DRNG during  
first-time initialization  
Never  
In non-volatile At operator delete Sign the  
memory  
or zeroize request server’s  
message.  
Krsa  
public  
1024-bit RSA  
public keys  
Generated by ANSI  
X9.31 DRNG during  
first-time initialization  
In  
In non-volatile At operator delete Verify the  
plaintext memory  
or zeroize request signature of the  
server’s  
message.  
Krsa  
private  
1024-bit RSA  
private keys  
Generated by ANSI  
X9.31 DRNG during  
first-time initialization  
Never  
Never  
In non-volatile At operator delete Sign the  
memory  
or zeroize request server’s  
message.  
SSH Ks SSH session  
Diffie-Hellman key  
In volatile  
memory  
Upon session  
termination or  
Encrypt and  
decrypt data  
168-bit 3DES key, agreement  
128-, 192-, 256-bit  
AES key  
when a new Ks is  
generated (after a  
certain timeout)  
SSH  
Khmac  
SSH session 512- Diffie-Hellman key  
Never  
In volatile  
memory  
Upon session  
termination or  
when a new  
Authenticate  
data  
bit HMAC key  
agreement  
Khmac is  
generated (after a  
certain timeout)  
Notice that SSH version 2 is explicitly accepted for use in FIPS mode, according to section 7.1 of the NIST FIPS  
140-2 Implementation Guidance.  
Table 12 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs for TLS  
Generation /  
Key  
Pre-MS  
Key Type  
Output  
Never  
Storage  
Zeroization  
Use  
Input  
Input in  
encrypted form  
from client  
TLS pre-master  
secret  
In volatile  
memory  
Upon session  
termination  
Derive MS  
MS  
TLS master secret  
Derived from Pre- Never  
MS using FIPS  
Approved key  
derivation  
In volatile  
memory  
Upon session  
termination  
Derive TLS Ks  
and TLS  
Khmac  
function  
HP StorageWorks Secure Key Manager  
Page 16 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Generation /  
Input  
Key  
Key Type  
Server RSA public  
Output  
Storage  
Zeroization  
Use  
KRsaPub  
Generated by  
key (1024- or 2048- ANSI X9.31  
In plaintext In non-  
a X509 volatile  
certificate. memory  
At operator  
delete request Pre-MS. Client  
verifies server  
Client encrypts  
bit)  
DRNG during  
first-time  
signatures  
initialization  
KRsaPriv  
Server RSA private Generated by  
key (1024- or 2048- ANSI X9.31  
Never  
In non-  
volatile  
memory  
At operator  
delete or  
zeroize request MS. Server  
generates  
Server  
decrypts Pre-  
bit)  
DRNG during  
first-time  
initialization  
signatures  
CARsaPub  
CARsaPriv  
Certificate Authority Generated by  
(CA) RSA public key ANSI X9.31  
In plaintext In non-  
volatile  
At operator  
delete request signatures  
Verify CA  
(1024- or 2048-bit)  
DRNG during  
first-time  
memory  
initialization  
CA RSA private key Generated by  
never  
In non-  
volatile  
memory  
At operator  
delete or  
zeroize request  
Sign server  
certificates  
(1024- or 2048-bit)  
ANSI X9.31  
DRNG during  
first-time  
initialization  
Cluster  
Member  
RsaPub  
Cluster Member  
RSA public key  
(1024- or 2048-bit)  
Input in plaintext Never  
In volatile  
memory  
Upon session  
termination  
Verify Cluster  
Member  
signatures  
TLS Ks  
TLS session AES or Derived from MS Never  
3DES symmetric  
key(s)  
In volatile  
memory  
Upon session  
termination  
Encrypt and  
decrypt data  
TLS Khmac  
TLS session HMAC Derived from MS Never  
key  
In volatile  
memory  
Upon session  
termination  
Authenticate  
data  
Table 13 details all cipher suites supported by the TLS protocol implemented by the module. The suite names in the  
first column match the definitions in RFC 2246 and RFC 4346.  
Table 13 – Cipher Suites Supported by the Module’s TLS Implementation in FIPS Mode  
Key  
Symmetric  
Suite Name  
Authentication  
RSA  
Hash  
Transport Cryptography  
TLS_RSA_WITH_AES_256_CBC_SHA  
TLS_RSA_WITH_AES_128_CBC_SHA  
TLS_RSA_WITH_3DES_EDE_CBC_SHA  
RSA  
RSA  
RSA  
AES (256-bit) SHA-1  
AES (128-bit) SHA-1  
3DES (168-bit) SHA-1  
RSA  
RSA  
Other CSPs are tabulated in Table 14.  
Table 14 – Other Cryptographic Keys, Cryptographic Key Components, and CSPs  
Generation /  
Key  
Key Type  
Output  
Storage  
Zeroization  
Use  
Input  
HP StorageWorks Secure Key Manager  
Page 17 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Generation /  
Input  
Key  
Key Type  
Output  
Storage  
Zeroization  
Per client’s  
request or zeroize plaintexts/decrypt  
request  
Use  
Client AES 128, 192 or  
Generated by Via TLS in  
256-bit AES ANSI X9.31 encrypted form  
Encrypted in  
non-volatile  
memory  
Encrypt  
key  
key  
DRNG  
(encrypted with  
TLS Ks) per  
ciphertexts  
client’s request  
Client  
3DES key  
3DES key  
Generated by Via TLS in  
Encrypted in  
non-volatile  
memory  
Per client’s  
request or zeroize plaintexts/decrypt  
request ciphertexts  
Encrypt  
ANSI X9.31  
DRNG  
encrypted form  
(encrypted with  
TLS Ks) per  
client’s request  
Client RSA RSA public  
public keys key  
Generated by Via TLS in  
Encrypted in  
non-volatile  
memory  
At operator delete Sign  
messages/verify  
ANSI X9.31  
DRNG  
encrypted form  
(encrypted with  
TLS Ks) per  
signatures  
client’s request  
Client RSA RSA private Generated by Via TLS in  
Encrypted in  
non-volatile  
memory  
Per client’s  
request or zeroize messages/verify  
request  
Sign  
keys  
keys  
ANSI X9.31  
DRNG  
encrypted form  
(encrypted with  
TLS Ks) per  
signatures  
client’s request  
Client  
HMAC keys  
HMAC keys Generated by Via TLS in  
Encrypted in  
non-volatile  
memory  
Per client’s  
request or zeroize MACs  
request  
Compute keyed-  
ANSI X9.31  
DRNG  
encrypted form  
(encrypted with  
TLS Ks) per  
client’s request  
Client  
X.509  
Input in  
Via TLS in  
In non-volatile Per client’s  
Encrypt  
certificate  
certificate  
ciphertext  
over TLS  
encrypted form  
(encrypted with  
TLS Ks) per  
memory  
request or by  
zeroize request  
data/verify  
signatures  
client’s request  
Crypto  
Officer  
passwords  
Character  
string  
Input in  
plaintext  
Never  
Never  
Never  
In non-volatile At operator delete Authenticate  
memory  
or by zeroize  
request  
Crypto Officer  
User  
Character  
Input in  
plaintext  
In non-volatile At operator delete Authenticate  
passwords string  
memory  
or by zeroize  
request  
User  
Cluster  
Member  
password  
Character  
string  
Input in  
ciphertext  
over TLS  
In non-volatile At operator delete When a device  
memory  
or zeroize request attempts to  
become a  
Cluster Member  
HP User  
RSA public public key  
key  
2048-bit RSA Input in  
Never  
Never  
Never  
In non-volatile At installation of a Authenticate HP  
plaintext at  
factory  
memory  
patch or new  
firmware  
User  
Cluster key Character  
string  
Input in  
ciphertext  
over TLS  
In non-volatile At operator delete Authenticate  
memory  
or by zeroize  
request  
Cluster Member  
Firmware  
upgrade  
key  
1024-bit RSA Input in  
In non-volatile When new  
memory  
Used in firmware  
firmware upgrade upgrade integrity  
key is input test  
public key  
plaintext at  
factory  
HP StorageWorks Secure Key Manager  
Page 18 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Generation /  
Input  
Key  
Key Type  
Output  
Storage  
Zeroization  
Use  
Log signing 1024-bit RSA Generated by Never  
keys public and ANSI X9.31  
In non-volatile When new log  
Sign logs and  
verify signature  
on logs  
memory  
signing keys are  
generated on  
demand by  
private keys DRNG at first-  
time  
initialization  
Crypto Officer  
ANSI X9.31 DRNG seed Generated by Never  
In non-volatile When module is  
memory powered off  
Initialize ANSI  
X9.31 DRNG  
DRNG  
seed  
non-Approved  
RNG  
PKEK  
256-bit AES Generated by In encrypted  
In non-volatile At operator delete Encrypt client  
key  
ANSI X9.31  
DRNG  
form for backup memory  
purposes only  
or by zeroize  
request  
keys  
2.7.2 Key Generation  
The module uses an ANSI X9.31 DRNG with 2-key 3DES to generate cryptographic keys. This DRNG is a FIPS  
140-2 approved DRNG as specified in Annex C to FIPS PUB 140-2.  
2.7.3 Key/CSP Zeroization  
All ephemeral keys are stored in volatile memory in plaintext. Ephemeral keys are zeroized when they are no longer  
used. Other keys and CSPs are stored in non-volatile memory with client keys being stored in encrypted form.  
To zeroize all keys and CSPs in the module, the Crypto Officer should execute the reset factory settings  
zeroizecommand at the serial console interface. For security reasons, this command is available only through the  
serial console.  
2.8 Self-Tests  
The device implements two types of self-tests: power-up self-tests and conditional self-tests.  
Power-up self-tests include the following tests:  
Firmware integrity tests  
Known Answer Test (KAT) on 3DES  
KAT on AES  
KAT on SHA-1  
KAT on SHA-256  
KAT on SHA-384  
KAT on SHA-512  
KAT on HMAC SHA-1  
KAT on HMAC SHA-256  
KAT on ANSI X9.31 DRNG  
KAT on Diffie-Hellman  
KAT on SSH Key Derivation Function  
KAT on RSA signature generation and verification  
Pairwise consistency test on DSA signature generation and verification  
Conditional self-tests include the following tests:  
HP StorageWorks Secure Key Manager  
Page 19 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Pairwise consistency test for new DSA keys  
Pairwise consistency test for new RSA keys  
Continuous random number generator test on ANSI X9.31 DRNG  
Continuous random number generator test on non-Approved RNG  
Firmware upgrade integrity test  
Diffie-Hellman primitive test  
The module has two error states: a Soft Error state and a Fatal Error state. When one or more power-up self-tests  
fail, the module may enter either the Fatal Error state or the Soft Error State. When a conditional self-test fails, the  
module enters the Soft Error state. See Section 3 of this document for more information.  
2.9 Mitigation of Other Attacks  
This section is not applicable. No claim is made that the module mitigates against any attacks beyond the FIPS 140-  
2 Level 2 requirements for this validation.  
HP StorageWorks Secure Key Manager  
Page 20 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
3 Secure Operation  
The HP StorageWorks Secure Key Manager meets Level 2 requirements for FIPS 140-2. The sections below  
describe how to place and keep the module in the FIPS mode of operation.  
3.1 Initial Setup  
The device should be unpacked and inspected according to the User Guide. The User Guide also contains  
installation and configuration instructions, maintenance information, safety tips, and other information. The device  
itself must be affixed with tamper-evident labels that are included in the packaging. See Figure 8 – Tamper-  
Evidence Labels for locations of tamper-evidence labels.  
3.2 Initialization and Configuration  
3.2.1 First-Time Initialization  
When the module is turned on for the first time, it will prompt the operator for a password for a default Crypto  
Officer. The module cannot proceed to the next state until the operator provides a password that conforms to the  
password policy described in Section 2.7.1. The default username associated with the entered password is “admin”.  
During the first-time initialization, the operator must configure minimum settings for the module to operate  
correctly. The operator will be prompted to configure the following settings via the serial interface:  
Date, Time, Time zone  
IP Address/Netmask  
Hostname  
Gateway  
Management Port  
3.2.2 FIPS Mode Configuration  
In order to comply with FIPS 140-2 Level 2 requirements, the following functionality must be disabled on the SKM:  
Global keys  
File Transfer Protocol (FTP) for importing certificates and downloading and restoring backup files  
Lightweight Directory Access Protocol (LDAP) authentication  
Use of the following algorithms: RC4, MD5, DES, RSA-512, RSA-768  
SSL 3.0  
Hot-swappable drive capability  
RSA encryption and decryption operations (note, however, that RSA encryption and decryption associated  
with TLS handshakes and Sign and Sign Verify are permitted)  
These functions need not be disabled individually. There are two approaches to configuring the module such that it  
works in the Approved FIPS mode of operation:  
Through a command line interface, such as SSH or serial console, the Crypto Officer should use the fips  
compliantcommand to enable the FIPS mode of operation. This will alter various server settings as described  
above. See Figure 6 – FIPS Compliance in CLI. The fipsservercommand is used for the FIPS status server  
configuration. The showfipsstatus command returns the current FIPS mode configuration.  
HP StorageWorks Secure Key Manager  
Page 21 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Figure 6 – FIPS Compliance in CLI  
In the web administration interface, the Crypto Officer should use the “High Security Configuration” page to enable  
and disable FIPS compliance. To enable the Approved FIPS mode of operation, click on the “Set FIPS Compliant”  
button. See Figure 7 – FIPS Compliance in Web Administration Interface. This will alter various server settings as  
described above.  
Figure 7 – FIPS Compliance in Web Administration Interface  
In the web administration interface, the User can review the FIPS mode configuration by reading the “High Security  
Configuration” page.  
The Crypto Officer must zeroize all keys when switching from the Approved FIPS mode of operation to the non-  
FIPS mode and vice versa.  
3.3 Physical Security Assurance  
Serialized tamper-evidence labels have been applied at four locations on the metal casing. See Figure 8 – Tamper-  
Evidence Labels. The tamper-evidence labels have a special adhesive backing to adhere to the module’s surface.  
The tamper-evidence labels have individual, unique serial numbers. They should be inspected periodically and  
compared to the previously-recorded serial numbers to verify that fresh labels have not been applied to a tampered  
module.  
HP StorageWorks Secure Key Manager  
Page 22 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Figure 8 – Tamper-Evidence Labels  
Figure 9 provides a better view of the positioning of the tamper-evidence labels over the power supplies.  
Figure 9 – Tamper-Evidence Labels over Power Supplies  
HP StorageWorks Secure Key Manager  
Page 23 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
3.4 Key and CSP Zeroization  
To zeroize all keys and CSPs in the module, the Crypto Officer should execute reset factory settings  
zeroize command in the serial console interface. Notice that, for security reasons, the command cannot be  
initiated from the SSH interface.  
When switching between different modes of operations (FIPS and non-FIPS), the Crypto Officer must zeroize all  
CSPs.  
3.5 Error State  
The module has two error states: a Soft Error state and a Fatal Error state.  
When a power-up self-test fails, the module may enter either the Fatal Error state or the Soft Error State. When a  
conditional self-test fails, the module will enter the Soft Error state. The module can recover from the Fatal Error  
state if power is cycled or if the SKM is rebooted. An HP User can reset the module when it is in the Fatal Error  
State. No other services are available in the Fatal Error state. The module can recover from the Soft Error state if  
power is cycled. With the exception of the firmware upgrade integrity test and Diffie-Hellman primitive test, the  
only service that is available in the Soft Error state is the FIPS status output via port 9081 (default). A User can  
connect to port 9081 and find the error message indicating the failure of FIPS self-tests. Access to port 9081 does  
not require authentication.  
HP StorageWorks Secure Key Manager  
Page 24 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Acronyms  
Table 15 – Acronyms  
Acronym  
3DES  
AES  
ANSI  
BIOS  
CA  
Definition  
Triple Data Encryption Standard  
Advanced Encryption Standard  
American National Standard Institute  
Basic Input/Output System  
Certificate Authority  
CBC  
CLI  
Cipher Block Chaining  
Command Line Interface  
Cryptographic Module Validation Program  
Central Processing Unit  
CMVP  
CPU  
CRC  
CRL  
CSP  
DES  
DRNG  
DSA  
ECB  
EMC  
EMI  
Cyclic Redundancy Check  
Certificate Revocation List  
Critical Security Parameter  
Data Encryption Standard  
Deterministic Random Number Generator  
Digital Signature Algorithm  
Electronic Codebook  
Electromagnetic Compatibility  
Electromagnetic Interference  
Federal Information Processing Standard  
File Transfer Protocol  
FIPS  
FTP  
HDD  
HMAC  
HP  
Hard Drive  
Keyed-Hash Message Authentication Code  
Hewlett-Packard  
IDE  
Integrated Drive Electronics  
Integrated Lights-Out  
iLO  
I/O  
Input/Output  
IP  
Internet Protocol  
ISA  
Instruction Set Architecture  
Known Answer Test  
KAT  
KMS  
LDAP  
LED  
MAC  
N/A  
Key Management Service  
Lightweight Directory Access Protocol  
Light Emitting Diode  
Message Authentication Code  
Not Applicable  
HP StorageWorks Secure Key Manager  
Page 25 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  
Security Policy, version 1.0  
January 31, 2008  
Acronym  
NIC  
Definition  
Network Interface Card  
NIST  
NTP  
National Institute of Standards and Technology  
Network Time Protocol  
PCI  
Peripheral Component Interconnect  
Pseudo Random Number Generator  
Request for Comments  
PRNG  
RFC  
RNG  
RSA  
SHA  
SKM  
SNMP  
SSH  
SSL  
Random Number Generator  
Rivest, Shamir, and Adleman  
Secure Hash Algorithm  
Secure Key Manager  
Simple Network Management Protocol  
Secure Shell  
Secure Socket Layer  
TLS  
Transport Layer Security  
Unit Identifier  
UID  
USB  
VGA  
XML  
Universal Serial Bus  
Video Graphics Array  
Extensible Markup Language  
HP StorageWorks Secure Key Manager  
Page 26 of 26  
© 2008 Hewlett-Packard Company  
This document may be freely reproduced in its original entirety.  

Nokia 2323 User Manual
Musical Fidelity A55 User Manual
Melissa COFFEMAKER 245 069 User Manual
Maxtor OneTouch III Turbo Edition User Manual
Kidde 1276E User Manual
Braun Combimax KF 600 User Manual
Avaya 3616 User Manual
Audiovox MVX 850 User Manual
Addonics Technologies ST3HPMRXA User Manual
ABB GE GEH 5101 User Manual