Nortel Networks 7.05, 7.11 manual Protection of the TOE Security Functions, Power-Up Self-Tests

functions. The VPN User has no access to administrative functions and may only authenticate to the Nortel VPN Router through the Nortel VPN Client in order to access the private network.

These roles determine a user’s level of access to security management functions provided by the TOE. These security management functions include management of all audit and event records, management of access control, and management of VPN and firewall functions. Each user assumes one role from the available roles.

Administrators manage TOE security functionality and change, query, modify, or delete security attributes via the management GUI. All requests for services from either the management GUI or the Nortel VPN Client are passed to the Nortel VPN Router, which mediates access control to those functions. The Nortel VPN Router makes the access control decision by comparing the user’s role and the privilege requirement for the type of request made.

As described in the Security Functional Policies, management and modification of secure values are restricted to ensure that only secure values are accepted for security attributes and that the default values used for initialization of the security attributes are not altered.

TOE Security Functional Requirements Satisfied: FMT_MOF.1(a), FMT_MOF.1(b), FMT_MSA.1(a), FMT_MSA.1(b), FMT_MSA.1(c), FMT_MSA.2, FMT_MSA.3(a), FMT_MSA.3(b), FMT_MSA.3(c), FMT_SMF.1, FMT_SMR.1.

6.1.6 Protection of the TOE Security Functions

The TOE’s FIPS 140-2 validated cryptographic module will offer its services only after all power-up self-tests (at power-up) and all conditional self-tests (when creation of an IPSec tunnel is requested) have passed; if these self- tests do not pass then the TOE enters an error state and logs the failure. All error states can be cleared by restarting the module. If the self-tests do pass, then an IPSec tunnel is established, thus activating all of the IPSec security features. The TOE runs continuous checks on the IPSec tunnel to detect replay attacks. If a replay attack is detected then the associated packets are immediately dropped.

The TOE performs the following Start-Up and Conditional Self-Tests in order to ensure the secure and proper operation of the TSF:

6.1.6.1Power-Up Self-Tests

FIPS 140-2 validated power-up self-tests are executed automatically when the module is started. The Start-Up Self- Tests performed by the TOE are described below:

Software Integrity Check: Verifies the integrity of the software binaries of the module using an HMAC- SHA-1 keyed hash.

AES Known Answer Test (KAT): Verifies the correct operation of the AES algorithm implementation.

3DES KAT: Verifies the correct operation of the Triple-DES algorithm implementation.

SHA-1 KAT: Verifies the correct operation of the SHA-1 algorithm implementation.

HMAC-SHA-1 KAT: Verifies the correct operation of the HMAC-SHA-1 algorithm implementation.

FIPS 186-2 Random Number Generator (RNG) KAT: Verifies the correct operation of the FIPS 186-2 RNG implementation.

Alternating Bypass Mode Test: Verifies the integrity of the module’s bypass capability (hard-coded in the filter driver).

6.1.6.2Conditional Self-Tests

FIPS 140-2 validated conditional self-tests are executed automatically when certain criteria or events occur. The TOE performs three conditional self-tests: a pair-wise consistency test each time the an RSA public/private key is generated, a continuous random number generator test each time the module produces random data, and a software load test for upgrades. The Conditional Self-Tests performed by the TOE are described below.

FIPS 186-2 Continuous RNG: Verifies that the Approved RNG is not failing to a constant value.