Polycom VSX 5000, VSX 3000, VSX 7000s manual Key Generation, Key Input/Output

Page 18

Non-Proprietary Security Policy, Version 1.0

 

 

 

June 15, 2007

 

 

 

 

 

 

 

Key

Key Type

Generation /

Output

Storage

Zeroization

Use

 

 

Input

 

 

 

 

x.509 certificate

1024 bits RSA

Generated

Output in

Stored in Flash

Erasing the flash

Authenticates the

(RSA Public

public key

externally, input

plaintext

in plaintext

image

module during

key)

 

in plaintext

 

 

 

TLS handshake

 

 

 

 

 

 

 

RSA Private key

1024 bits RSA

Generated

Never exits the

Stored in Flash

Erasing the flash

Authenticates the

 

private key

externally, input

module

in plaintext

image

module during

 

 

in plaintext

 

 

 

TLS handshake

 

 

 

 

 

 

 

Diffie-Hellman

1024 bits

Generated

Output in

Stored in

Zerorized on

Establishes a

public key

public key

internally

plaintext

volatile

reboot.

session key (IP or

 

 

 

 

memory

 

ISDN Encryption

 

 

 

 

 

 

Key) during

 

 

 

 

 

 

H.323 negotiation

 

 

 

 

 

 

 

Diffie-Hellman

1024 bits

Generated

Never exits the

Stored in

Zerorized on

Establishes a

private key

private key

internally

module

volatile

reboot.

session key (IP or

 

 

 

 

memory

 

ISDN Encryption

 

 

 

 

 

 

Key) during

 

 

 

 

 

 

H.323 negotiation

 

 

 

 

 

 

 

Integrity Check

1024 bits DSA

Generated

Never exits the

Stored in Flash

Erasing the flash

Checks integrity

Key

Public key

externally,

module

in plaintext

image

of the software at

 

 

inputted in

 

 

 

power-up of the

 

 

plaintext

 

 

 

module

 

 

 

 

 

 

 

Session Key

192 bits TDES

Generated

Exits in

Held in volatile

Zerorized on

Encrypts TLS

 

CBC key

internally during

encrypted form

memory in

reboot.

traffic

 

 

TLS handshake

(RSA key

plaintext.

 

 

 

 

 

transport)

 

 

 

 

 

 

 

 

 

 

IP Encryption

128 bits AES

Generated

Never exits the

Held in volatile

Zerorized on

Encrypts IP calls

Key

CBC key

internally during

module

memory in

reboot.

 

 

 

Diffie-Hellman

 

plaintext.

 

 

 

 

key agreement

 

 

 

 

 

 

 

 

 

 

 

ISDN

128, 192, 256

Generated

Never exits the

Held in volatile

Zerorized on

Encrypts ISDN

Encryption Key

bits AES OFB

internally during

module

memory in

reboot.

calls

 

keys

Diffie-Hellman

 

plaintext.

 

 

 

 

key agreement

 

 

 

 

 

 

 

 

 

 

 

PRNG seed

20 bytes of

Internally

Never exits the

Held in volatile

Zerorized on

Produce FIPS

 

seed value

generated

module

memory only in

reboot

approved random

 

 

 

 

plaintext.

 

number

 

 

 

 

 

 

 

1.7.1Key Generation

The modules generate symmetric keys and FIPS-approved PRNG seeds internally. The symmetric keys (Session Key, IP Encryption Key, and ISDN Encryption Key) and Diffie-Hellman key pair are generated using a FIPS- approved 186-2 Appendix 3.1 algorithm. Twenty bytes of hardware generated noise is used to create a PRNG seed, and RSA key pair is generated externally and input into the module in plaintext.

1.7.2Key Input/Output

Rivest, Shamir, Adleman (RSA) key pair is generated externally and input to the modules in plaintext. The RSA private key and DH private key never exit the module, while the public keys are output in plaintext. The Session key exits the module in encrypted form during TLS handshakes (protected within RSA key transport). The IP Encryption Key and ISDN Encryption Key are never output from the module. Other CSPs and keys, such as the Integrity Check Key and PRNG seed are never output from the modules.

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 18 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 17 Page 19
Image 18
Page 17 Page 19
Contents Level 1 Validation Document Version Polycom, IncCorsec Security, Inc Revision History Polycom VSX 3000, VSX 5000, and VSX 7000sPage 2Table of Contents Table of FiguresTable of Tables CSPS, and Access Control References IntroductionPurpose Document OrganizationModule Specifications VSX 3000, VSX 5000, and VSX 7000sOverview VSX 7000s Module Interfaces Security Level Per Fips 140-2 SectionVSX 3000 Connector Panel VSX 5000 Back Panel Non-Proprietary Security Policy, Version VSX 7000e Back Panel VSX 7000s Back Panel Non-Proprietary Security Policy, Version VSX 8000 Back Panel Roles and Services Crypto-Officer RoleUser Role Operational Environment AuthenticationPhysical Security Cryptographic Key ManagementKey Generation Key Input/OutputKey Storage Self-TestsDesign Assurance Key ZeroizationInitialization Secure OperationCrypto-Officer Guidance ManagementLED/Power Button Light Description User GuidanceModel Description Modules’ Status PRI Network Interface LEDs BRI Network Interface LEDsLED Status Status Description 35/RS-449/RS-530 Network Interface LEDsAcronyms Acronyms

VSX 7000s, VSX 3000, VSX 5000 specifications

The Polycom VSX series comprises several high-quality video conferencing systems, notably the VSX 3000, VSX 7000s, and VSX 5000. Each model is designed to enhance communication in various settings, offering unique features, technologies, and characteristics tailored to meet diverse user needs.

The Polycom VSX 3000 is a compact, all-in-one video conferencing system ideal for smaller meeting rooms or personal offices. It features a sleek design with an integrated 15-inch LCD display, which provides an immersive visual experience. The VSX 3000 supports a maximum resolution of 640x480 at 30 frames per second, ensuring clear video quality. The system includes a built-in camera with 85-degree field of view, allowing for effective communication among participants. The VSX 3000 supports H.323 and SIP protocols, ensuring compatibility with various networks and systems. Additionally, it incorporates Polycom's Lost Packet Recovery technology, optimizing video quality even in challenging network conditions.

In contrast, the Polycom VSX 7000s is designed for more extensive video conferencing setups. This system features a modular design, allowing users to customize their setups with additional cameras, microphones, and displays. The VSX 7000s supports a higher resolution of up to 1024x768 pixels, providing more detailed visuals. One of the standout features of this model is its ability to integrate with content-sharing applications, enabling users to share documents and presentations seamlessly during meetings. The VSX 7000s also boasts advanced audio features, including StereoSurround technology, which enhances the auditory experience by providing spatial audio that mimics face-to-face interactions.

Lastly, the Polycom VSX 5000 is a versatile video conferencing solution that caters to mid-to-large conference rooms. It offers high-definition video quality with a resolution of up to 1280x720, ensuring clear and crisp visuals. The system supports multiple video outputs, allowing users to connect to various displays. The VSX 5000 is equipped with the advanced Polycom Content Management system, facilitating easy control of shared content and applications during meetings. With its versatile connectivity options, the VSX 5000 is capable of connecting to various video conferencing networks, enhancing its usability across different platforms.

In summary, the Polycom VSX series offers a range of video conferencing solutions that cater to varying needs, from compact setups for small offices with the VSX 3000 to versatile solutions for larger meeting environments with the VSX 7000s and VSX 5000. Each model integrates advanced technologies and features designed to ensure clear video, robust audio, and seamless connectivity, making them ideal choices for enhancing communication and collaboration in today's digital world.
Top Page Image Contents