Nortel Networks 4500 FIPS Secure Operation of the Contivity Switch, Key Management, Self Tests

2.5Key Management

The switch securely administers both cryptographic keys and other critical security parameters such as User passwords. Ephemeral sessions keys are created during the negotiation of secure tunnels on behalf of Users who have successfully authenticated themselves to the switch with their user ID and password. These keys are created for protocols like MS-CHAP and ISAKMP which securely negotiate key exchange and then allow encryption services for PPTP, L2TP, and IPSec.

Keys are destroyed when the appropriate tunnel, SA, or session is terminated and are never archived or released from the device. User passwords can be destroyed by Crypto Officers, or by users overwriting their own passwords. All passwords are stored in the LDAP database in an encrypted format, and never released. They are used only for authentication in key exchange protocols, which each protect CSPs according to their protocol. (Crypto Officers should be aware that PAP transmits password information in the clear and should not be enabled before deciding local policy. See notes on PAP in the Managing the Contivity Extranet Switch (page 3-32).

2.6Self Tests

In order to prevent any secure data being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The Contivity Switch includes an array of self-tests which are run during startup and periodically during operations. The self-test run at power-up include a cryptographic known answer tests (KAT) on the FIPS-approved cryptographic algorithms (DES, 3DES) and on the message digest (SHA-1). Also performed at startup are software integrity tests using a DES MAC per FIPS 113 and a continuous random number generator test. Other test are run periodically or conditionally such as a software load test for upgrades using a DES MAC and the continuous random number generator test. In addition, there are checksum tests on the flash memory which are updated with flash changes.

If any of these self-test fail the switch will transition into an error state. Within the error state, all secure data transmission is halted and the switch outputs status information indicating the failure.

3 Secure Operation of the Contivity Switch

The Contivity Switch is a versatile machine; it can be run in a Normal Operating Mode or a FIPS Operating Mode. In FIPS operating mode, the switch meets all the Level 2 requirements for FIPS 140-1. In order to place the module in FIPS mode, click the “FIPS Enabled” button on the Services Available management screen and restart the module. A number of configuration settings are recommended when operating the Contivity Switch in a FIPS 140-1 compliant manner. Other changes are required in order to maintain compliance with FIPS 140-

1 requirements. These include the following: