The Xirrus Wi Fi Array XN4, XN8, XN12, XN16 Security Policy · Page 3 1. Module Overview The Xirrus Wi‐Fi Array (Models XN4, XN8, XN12 and XN16) are multi‐chip standalone cryptographic

Page1

TheXirrusWi‐FiArrayXN4,XN8,XN12,XN16

SecurityPolicyDocumentVersion1.0

Xirrus,Inc.

February15,2011

Copyright©Xirrus,Inc.2011.Maybereproducedonlyinitsoriginalentirety[withoutrevision].

Page2

TABLEOFCONTENTS

1.MODULEOVERVIEW .............................................................................................................................. 3

2.SECURITYLEVEL ..................................................................................................................................... 4

3.MODESOFOPERATION .......................................................................................................................... 4

4.IMPLEMENTINGFIPSSECURITY .......................................................................................................... 6

TOIMPLEMENTFIPS140‐2,LEVEL2USINGWMI(5.0VERSION) ................................................................... 6 TOCHECKIFANARRAYISINFIPSMODE: ....................................................................................................... 8 TOIMPLEMENTFIPS140‐2,LEVEL2USINGCLI(4.1AND5.0VERSION): ........................................................ 8

5.PORTSANDINTERFACES ...................................................................................................................... 9

6.IDENTIFICATIONANDAUTHENTICATIONPOLICY .......................................................................... 9

7.ACCESSCONTROLPOLICY ................................................................................................................... 10

ROLESANDSERVICES .................................................................................................................................. 10 DEFINITIONOFCRITICALSECURITYPARAMETERS(CSPS) ............................................................................. 11

8.OPERATIONALENVIRONMENT .......................................................................................................... 13

9.SECURITYRULES .................................................................................................................................. 13

10.PHYSICALSECURITYPOLICY ............................................................................................................ 15

PHYSICALSECURITYMECHANISMS ............................................................................................................... 15 OPERATORREQUIREDACTIONS ................................................................................................................... 15 OPERATORREQUIREDACTIONS ................................................................................................................... 15

11.MITIGATIONOFOTHERATTACKSPOLICY .................................................................................... 17

12.DEFINITIONSANDACRONYMS ........................................................................................................ 18

Page3

1.ModuleOverviewTheXirrusWi‐FiArray(ModelsXN4,XN8,XN12andXN16)aremulti‐chipstandalonecryptographicmodules.TheprimarypurposeforthisdeviceistoprovidedatasecurityforwirelessInternetProtocol(IP)traffic.

Figure1–ImageoftheXirrusWi‐FiArray

TheXirrusWi‐FiArraysallusethesamebasicdesign.Therearetwoformfactors,asmallonefor4radioarraysandalargeroneforeighttosixteenradioarrays.TheXN16modelsuse16radios,theXN12modelsuse12radios,theXN8modelsuse8radiosandtheXN4modelsuse4radios.TheXN8,XN12andXN16allusethesamePCB’swithdifferentbuildoptionsfornumberofradios.Thesamefirmwareisusedinallmodels.

Table1–PartNumberTable

Model PartNumber Version FirmwareXN16 190‐0111‐001 D 4.1and5.0XN12 190‐0128‐001 D 4.1and5.0XN8 190‐0110‐002 B 4.1and5.0XN4 190‐0109‐001 D 4.1and5.0

Page4

2.SecurityLevelThecryptographicmodulemeetstheoverallrequirementsapplicabletoLevel2securityofFIPS‐140‐2.

Table2‐ModuleSecurityLevelSpecification

SecurityRequirementsSection LevelCryptographicModuleSpecification 2ModulePortsandInterfaces 2Roles,ServicesandAuthentication 2FiniteStateModel 2PhysicalSecurity 2OperationalEnvironment N/ACryptographicKeyManagement 2EMI/EMC 2Self‐Tests 2DesignAssurance 2MitigationofOtherAttacks N/A

3.ModesofOperationApprovedmodeofoperation

InFIPSmode,thecryptographicmoduleonlysupportsFIPSApprovedalgorithmsasfollows:

AES(Cert.#1508;ECBandCBC128‐bit;encryption) AES(Cert.#1508;CCMmode) AES(Cert.#1515;CBC128and256bit) TDES(Cert.#1009) HMAC‐SHA‐1(Cert.#860) SHA‐1(Cert.#1325) RSA(Cert.#715) RNGbasedonANSIX9.31AppendixA.2.4usingAESAlgorithm(Cert.#800)

ThemoduleimplementsthefollowingNon‐ApprovedalgorithmsallowedforuseintheFIPSApprovedModeofOperation:

Non‐ApprovedRNG(/dev/urandom) MD5forTLSsessionkeyderivation RSA for key establishment (Key wrapping; Key establishment

methodologyprovides80bitsofencryptionstrength) Diffie‐Hellman for SSH key establishment (Key agreement; key

establishmentmethodologyprovides80bitsor112bitsofencryptionstrength)

Page5

RC4(consideredplaintext)

Non‐FIPSmodeofoperation

Innon‐FIPSmode,thecryptographicmoduleprovidesnon‐FIPSApprovedalgorithmsasfollows:

RC4forencryption/decryptioninTKIPandWEP

MD5

SoftwareRNG(/dev/urandom)

Page6

4.ImplementingFIPSSecurityWi‐FiArraysmaybeconfiguredtosatisfytherequirementsforLevel2ofFederalInformationProcessingStandard(FIPS)Publication140‐2.TheprocedureinthissectionlistssimplestepsthatmustbefollowedexactlytoimplementFIPS140‐2,Level2.Theprocedureincludesphysicalactions,andparametersthatmustbesetinWebManagementInterface(WMI)windowsintheSecuritysectionandinothersections.ToimplementFIPS140‐2,Level2usingWMI(5.0version)1. EnableHTTPSusingtheCLIifitisnotalreadyenabled,usingthefollowingcommand:

Xirrus_Wi‐Fi_Array(config)#httpson

ThisallowstheWebManagementInterfacetobeusedfortherestofthisprocedure.HTTPSisenabledonArraysbydefault.

2. SelecttheManagementControlfromtheSecuritywindow.

Figure10–SecurityManagementControlWindow

3. SetFIPS140‐2,Level2SecuritytoOn(Figure11).ClickApplyandthenOK

Page7

Figure11–SettingFIPsmodeOn

4. ClickSavethenOK.

Page8

Figure12–Saveconfiguration

TocheckifanArrayisinFIPSmode:

YoumaydeterminewhetherornottheArrayisrunninginFIPSmodebyverifyingthatthesettingsdescribedinthepreviousprocedureareineffect.ToimplementFIPS140‐2,Level2usingCLI(4.1and5.0version):

1. ThefollowingCLIcommandwillperformallofthesettingsrequiredtoputtheArrayinFIPSmode:

Xirrus_Wi‐Fi_Array(config)#fipson

ThiscommandremembersyourprevioussettingsforFIPS‐relatedattributes.Theywillberestoredifyouusethefipsoffcommand.Usethesavecommandtosavethesechangestoflashmemory.

2. UsethefipsoffcommandifyouwouldliketoreverttheFIPSsettingsbacktothevaluestheyhadbeforeyouenteredthefipsoncommand.

Xirrus_Wi‐Fi_Array(config)#fipsoff

Usethesavecommandtosavethesechangestoflashmemory.

Xirrus Xirrus Wi-Fi Array Security Policy Version 1.0 January 28, 2011

Page9

5.PortsandInterfacesThecryptographicmoduleprovidesthefollowingphysicalportsandlogicalinterfaces:

10/100EthernetPort:datainput,dataoutput,controlinput,statusoutputGigabitEthernetPort:datainput,dataoutput,controlinput,statusoutputSerialPort(RS232):datainput,dataoutput,controlinput,statusoutputTX/RXRadioPort:datainput,dataoutputLEDs:statusoutput(Ethernetstatus,Integratedaccesspointstatus,Arraystatus)Power:PowerInputPower:PowerprovidedbyPOE

6.IdentificationandAuthenticationPolicyAssumptionofroles

Thecryptographicmoduleshallsupporttwodistinctoperatorroles(UserandCryptoOfficer).TheCryptoOfficerroleshallbeperformedbytheAdministratormanagingthedevice,andtheUserroleshallbeperformedbythewirelessclientusingthedevicetosendandreceivedata.

Table3‐RolesandRequiredIdentificationandAuthentication

Role TypeofAuthentication AuthenticationDataCryptoOfficer Identity‐basedoperator

authenticationUsernameandPassword

User Rolebasedoperatorauthentication PSK

Model 10/100EthernetPort

GigabitEthernetPort

SerialPort(RS232)

TX/RXRadioPort

StatusLEDs

XN16 1 2 1 16 20XN12 1 2 1 12 16XN12 1 2 1 8 12XN4 N/A 1 1 4 6


Page10

Table4–StrengthsofAuthenticationMechanisms

AuthenticationMechanism StrengthofMechanismUsernameandPassword Passwordsareatleast5characterslong,

with94charactersavailable.Therefore,theprobabilitythatarandomattemptwillsucceedorafalseacceptancewilloccuris1/7,339,040,224whichislessthan1/1,000,000.Toexceed1in100,000probabilityofasuccessfulrandomattemptduringa1‐minuteperiod,73391(1233persecond)attemptswouldhavetobeexecuted.Thisisnotfeasiblefromastandpointofdevicecapabilities.

PSK 802.11iPre‐SharedKey(PSK)is32bytes(256bits)long,thereforethereare2256possibilitiesforaPSK.Thismeansthatexceeding1in100,000probabilityofasuccessfulrandomattemptduringa1‐minuteperiodisnotfeasiblefromadevicecapabilitiesstandpoint.

7.AccessControlPolicyRolesandServices

Table5–ServicesAuthorizedforRoles

Role AuthorizedServicesUser:ThisroleshallprovidealloftheservicesnecessaryforthesecuretransportofdataoverWi‐Fi.

802.11iwithPSK:Thisserviceallowsausertoauthenticateandsend/receivedatainasecuremannerusing802.11iPSKmode.

CryptoOfficer(CO):ThisrolemanagesthecryptographicmoduleinasecurefashionovertheCLIorWMI.

ManageConfiguration:ThisserviceallowsanadministratortochangeconfigurationsettingswithinthemodulesuchasestablishingSSIDs,modifyingusageofpower,turningradioson/off,andaddingnewusers.Additionally,itallowsanadministratortoperformthezeroizationprocess,toloadnewfirmwareintothe


Page11

moduleandtodisplaythemodule’scurrentconfigurationandstatus.

UnauthenticatedRole(UA)

ReadLEDstatus:StatusisprovidedbytheLEDsforinterpretation.

Initiateself‐test:Performedbypowercyclingthearray.

Table6‐SpecificationofServiceInputs&Outputs

Service ControlInput DataInput DataOutput StatusOutput802.11iwithPSK

Headerinfo. Data Data None

LEDStatus None None None RadioandArraypowerandconditionstatus

ManageConfiguration

Instructions ConfigurationData ConfigurationData

ConfigurationStatus

InitiateSelf‐Tests

Power None None Success/failFailurewillcausereboot

DefinitionofCriticalSecurityParameters(CSPs)

CSP DescriptionCryptoOfficerPassword Thisisanoperatordefinedpassword(atleast5characterslong)that

allowsanadministratortologintothemodule.ThepasswordisstoredonEEPROMasMD5one‐wayhash.Destroyedviamanageconfigurationservice.

802.11iPre‐SharedKey(PSK)andDerivedAESSessionKey:

Thesearekeysusedfor802.11iencryptionandintegrityaswellasUserauthentication.ThePSKisentereddirectlybyoperatorviaSSHorHTTPSandisstoredonEEPROMinRC4encryptedform(consideredplaintext).Destroyedviamanageconfigurationservice.

TLSSessionKeys TheseareAES(128or256bits)orTDES(128bits)keysandHMAC‐SHA‐1keysusedtosupportHTTPS.ThesearederivedfromthePre‐MasterSecret.Destroyedviamanageconfigurationservice.

TLSPre‐MasterSecret ThisKeyisusedtoderiveTLSSessionkeys.ItisestablishedbyRSAtransportduringtheTLShandshake.Destroyedviamanageconfigurationservice.

TLSPrivateKey RSAprivatekeyisusedtodecryptTLSpre‐MasterSecret.Destroyedviamanageconfigurationservice.

SSH2SessionKeys TheseareAES(128or256bits)orTDES(128bits)keysandHMAC‐SHA‐1keysusedtosupportSSH2Sessions.Thesearederivedfromthe


Page12

SSH2SharedSecret.Destroyedviamanageconfigurationservice.

SSH2SharedSecret ThisKeyisusedtoderiveSSH2Sessionkeys.ItisestablishedbyDiffie‐HellmanKeyAgreementduringtheSSH2negotiation.Destroyedviamanageconfigurationservice.

SSH2PrivateKey EphemeralDiffieHellmanprivatekeysusedtoestablishtheSSH2SharedSecret.Destroyedviamanageconfigurationservice.

RNGState Randomnumbergeneratorseedandseedkey.Destroyedviamanageconfigurationservice.

PublicKeys Description

SSH2PublicKeys EphemeralDiffie‐HellmanpublickeysusedtoestablishtheSSH2SharedSecret.

RSAPublickey PublickeyusedtoestablishTLSsession.


Page13

Table7–CSPAccessRightswithinRoles&Services

Roles Service CryptographicKeysandCSPsAccess

CO User UA

X 802.11iwithPSK Derive802.11iAESSessionKeyusing802.11iPSK.Encrypt/decryptdatatrafficusing802.11iAESSessionKey.

X ManageConfiguration LoginusingCryptoOfficer'spassword

Enter802.11iPSK

Enter/ChangeCryptoOfficerpasswordvalues.

'Zeroize'allplaintextCSPs.

UseTLSPrivateKey,Pre‐MasterSecretandSessionKeys

UseSSH2PrivateKey,SharedSecretandSessionKeys

X InitiateSelf‐tests None

X LEDStatus None

8.OperationalEnvironmentTheFIPS140‐2Area6OperationalEnvironmentrequirementsarenotapplicablebecausetheXirrusAccessPointdoesnotcontainamodifiableoperationalenvironment.

9.SecurityRulesTheXirrusAccessPoint’sdesigncorrespondstothecryptographicmodule’ssecurityrules.ThissectiondocumentsthesecurityrulesenforcedbythecryptographicmoduletoimplementthesecurityrequirementsofthisFIPS140‐2Level2module.

1. Thecryptographicmoduleshallprovidetwodistinctoperatorroles.ThesearetheUserroleandtheCryptoOfficerrole.

2. Thecryptographicmoduleshallproviderole‐basedauthentication.

3. Whenthemodulehasnotbeenplacedinavalidrole,theoperatorshallnothaveaccesstoanycryptographicservices.

4. Thecryptographicmoduleshallencrypt/decryptdatausingtheAESalgorithm.


Page14

5. Thecryptographicmoduleshallperformthefollowingtests:

A. PowerupSelf‐Tests:

1. Cryptographicalgorithmtests:

i. AESKnownAnswerTest

ii. TDESKnownAnswerTests

iii. RSAKnownAnswerTest

iv. RNGKnownAnswerTest

2. FirmwareIntegrityTest(HMAC‐SHA1)

B. ConditionalSelf‐Tests:i. ContinuoustestsforRNGandNon‐ApprovedRNG.ii. FirmwareLoadTest(HMAC‐SHA1)

6. Uponsuccessfulcompletionofselfteststhesystemstatusledwillbelitsolidgreen.IfaSelf‐testshouldfail,themoduleshallenteranerrorstateandprovideastatusoutputviathesystemLEDblinkingredandsystemmessaging.

7. Atanytimethecryptographicmoduleisinanidlestate,theoperatorshallbecapableofcommandingthemoduletoperformthepower‐upself‐test.

8. AllDataoutputshallbeinhibitedduringpower‐upselftestsanderrorstates.

9. StatusinformationshallnotcontainCSPsorsensitivedatathatifmisusedcouldleadtoacompromiseofthemodule.

10. ThemoduleshallsupporttheuseofApprovedandspecificallyAllowedalgorithmsintheApprovedmodeofoperation.

11. ThemoduleshallnotshareCSPsbetweenmodesofoperation.CSPsshallnotbemaintainedwhenenteringandexitingtheFIPSApprovedModeofOperation.

12. ThefollowingshallnotbesupportedintheFIPSApprovedModeofOperation

i. ManagementoverIAPsii. SNMPv1,v2andv3iii. SSH1iv. SSL2.0and3.0v. RADIUS(Internalandexternal)vi. Telnetvii. FTP,TFTPviii. HTTPix. WEPx. WPATKIPxi. WPAEAPxii. EntryofPSKaspassphrase

13. ThemoduleshallbeconfiguredasdefinedinthePhysicalsecuritysectionofthis

SecurityPolicy.Thetamperevidentsealsandsecuritystrapshallbeinstalledforthe


Page15

moduletooperateinaFIPSApprovedmodeofoperation.

10.PhysicalSecurityPolicyPhysicalSecurityMechanisms

Themulti‐chipstandalonecryptographicmoduleincludesthefollowingphysicalsecuritymechanisms:

Production‐gradecomponentsandproduction‐gradeopaqueenclosure

Tamperevidentseals.

OperatorRequiredActions

Theoperatorisrecommendedtoperiodicallyinspecttamperevidentseals.

Table8–Inspection/TestingofPhysicalSecurityMechanisms

PhysicalSecurityMechanisms

RecommendedFrequencyofInspection/Test

Inspection/TestGuidanceDetails

TamperEvidentSeals 1months Instructionsfortherecommendedinspectionsarelocatedintheoperator’smanual.

OperatorRequiredActions

TheCryptographicOfficerisrequiredtoconfigureandperiodicallyinspectthecryptographicmodule.TamperevidentsealsandsecuritystrapsshallbeincontroloftheCryptographicOfficeratalltimes.

1. Applytwoseals,oneoneithersideoftheArrayabout180°apartfromeachother,as

indicatedinthefiguresbelow.

IMPORTANT: Beforeyouapplythetamper‐evidentseal,cleanthesurfaceareaofany

grease,dirt,oroil.Werecommendusingalcohol‐basedcleaningpadsforthis.EachsealmustbeappliedtostraddlebothsidesofanopeningsothatitwillshowifanattempthasbeenmadetoopentheArray.

Makesurethateachsealstraddlesaseam.


Page16

XN8,XN12,XN16–Eight(8)totalseals

XN8,XN12,XN16–Eight(8)totalseals

XN4–Two(2)totalsealsFigure7–Tamper‐evidentseallocations.

Locationindicatedbyarrowsandcoloredblocks

Tamperseallocationonseams.Two(2)seals,placedonoppositesides.

Tamperseallocationonseams.Two(2)seals,placedonoppositesides.

Tamperseallocationcoveringmountingplateopenings.

Tamperseallocationcoveringmountingplateopenings.Six(6)sealsplaced,Three(3)acrosseachopening.Placelabelsonmountingplatepriortomountingarraybody.


Page17

XN4andXN8,XN12,XN16‐seamlocation XN8,XN12,XN16Mountingplateopenings

Figure8–Tamper‐evidentsealappearance

2. Applythesuppliedtamper‐evidentsecuritystraptotheunitasindicatedinthefigurebelow.Eachmountingplateandarraybodycontainsasinglelockingtab.TheArraybodyismountedtothemountingplateandrotateduntilthemountingplateclicksintoplaceandthelockingtabsarealigned.Thesecuritystrapisthreadedthroughthealignedlockingtabsandthenpulledthroughthestraplockuntilfirmlyaffixed.Thesecuritystrapshouldbepulledtighttodisallowturningofthemountingplate.Tamperevidencemaybeindicatedbyabrokenstraporcrackedlockingtab.

XN4 XN8,XN12,XN16Figure9–Applythesecuritystrapasshownthroughlockingtab

11.MitigationofOtherAttacksPolicyThemodulehasnotbeendesignedtomitigateattacksthatareoutsideofthescopeofFIPS140‐2.

Table9–MitigationofOtherAttacks

OtherAttacks MitigationMechanism SpecificLimitationsN/A N/A N/A

StrapLock

LockingTab


Page18

12.DefinitionsandAcronymsAES AdvancedEncryptionStandardCBC CipherBlockChainingCCM CounterwithCBC‐MACCRC CyclicRedundancyCheckECB ElectronicCode‐BookFIPS FederalInformationProcessingStandardsHMAC Hash‐basedMessageAuthenticationCodeHTTP HypertextTransferProtocolIAP IntegratedAccessPointsLED LightEmittingDiodeMAC MessageAuthenticationCodeMD5 Message‐Digest#5PSK Pre‐SharedKeyRADIUS RemoteAuthenticationDialInUserServiceRC4 ARCFOURRNG RandomNumberGeneratorSHA SecureHashAlgorithmSNMP SimpleNetworkManagementProtocolSSH SecureShellSSL SecureSocketsLayerTDES Triple–DataEncryptionStandardTKIP TemporalKeyIntegrityProtocolTLS TransportLayerSecurityTX/RX Transmit/ReceiveWEP WiredEquivalentPrivacyWi‐Fi IEEE802.11WirelessNetworksWMI WebManagementInterfaceWPA Wi‐FiProtectedAccess

The Xirrus Wi Fi Array XN4, XN8, XN12, XN16 Security Policy · Page 3 1. Module Overview The Xirrus Wi‐Fi Array (Models XN4, XN8, XN12 and XN16) are multi‐chip standalone cryptographic

Documents