Manuals / Polycom / Communications / Conference Phone

Polycom VSX 7000s manual Physical Security, Operational Environment, Cryptographic Key Management

Models: VSX 5000

1 23
Download 23 pages 1.71 Kb
Page 17
Image 17
1.4.3Authentication

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

Service

Secured call on IP network

Secured call on ISDN

Description

Placing secured call on IP network via LAN port

Placing secured call on ISDN via BRI/PRI port

Input

Command and calling information

Command and calling information

Output

Connection established

Connection established

CSP and Access Control

Diffie-Hellman key pairs – Read

IP Encryption Key – Read/Write

Diffie-Hellman key pairs – Read

ISDN Encryption Key

– Read/Write

1.4.3Authentication

The modules were not tested for role-based or identity-based authentication requirement as level 1 modules. However, the modules authenticate Crypto-Officer with x.509 certificate during TLS handshake. The users do not authenticate themselves to the module.

1.5 Physical Security

The VSX 3000, VSX 5000, and VSX 7000s are multi-chip standalone cryptographic modules. The modules’ hardware is composed of production-grade components and the modules are entirely enclosed in solid metal cases. These cases enclose all of the modules’ internal components and serve as the cryptographic boundaries for the modules.

The VSX systems were tested and found conformant to the Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use).

1.6 Operational Environment

The operational environment requirements do not apply to the VSX 3000, VSX 5000, and VSX 7000s. The modules do not provide a general purpose Operating System (OS) and only allow the updating of image components after checking a Digital Signature Algorithm (DSA) signature on new software images.

1.7 Cryptographic Key Management

The VSX modules implement the following FIPS-approved algorithms:

AES (CBC, OFB) - key sizes 128, 192, 256 (Cert #431)

FIPS 186-2 Appendix 3.1 PRNG (Cert #224)

Secure Hashing Algorithm (SHA-1) – Byte oriented (Cert #50 1)

TDES (CBC) 1, 2, 3 keying options (Cert #460)

DSA (verify) 1024 bits (Cert #178)

Additionally, the module utilizes the following non-FIPS-approved algorithm implementation:

Diffie-Hellman (key agreement, key establishment methodology provides 80-bits of encryption strength)

RSA (key wrapping, key establishment methodology provides 80-bits of encryption strength)

Hardware Random Number Generator (RNG) – for seeding the FI PS-approved deterministic RNG

The module supports the following critical security parameters:

Table 9 - List of Cryptographic Keys, Cryptographic Key Components, and CSPs

Key

Key Type

Generation /

 

 

Input

 

 

 

Polycom VSX 3000, VSX 5000, and VSX 7000s

Output

Storage

Zeroization

Use

Page 17 of 23

© 2007 Polycom, Inc. - This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 16 Page 18
Page 17
Image 17
Polycom VSX 7000s, VSX 5000 manual Physical Security, Operational Environment, Cryptographic Key Management, Authentication
Page 16 Page 18