Motorola GGM 8000 Gateway

FIPS1402CryptographicModuleNonProprietarySecurityPolicy

Version:1.18
Date:3/16/2016

Page1of25

 Table of Contents
1 Introduction....................................................................................................................4
1.1 HardwareandPhysicalCryptographicBoundary........................................................................6
1.2 ModesofOperation.....................................................................................................................7
2 CryptographicFunctionality............................................................................................8
2.1 CriticalSecurityParameters.......................................................................................................10
2.2 PublicKeys.................................................................................................................................12
3 Roles,AuthenticationandServices................................................................................13
3.1 AssumptionofRoles..................................................................................................................13
3.2 AuthenticationMethods............................................................................................................14
3.3 Services......................................................................................................................................14
4 Selftests.......................................................................................................................17
5 PhysicalSecurityPolicy..................................................................................................18
6 OperationalEnvironment..............................................................................................19
7 MitigationofOtherAttacksPolicy.................................................................................19
8 SecurityRulesandGuidance.........................................................................................19
9 ReferencesandDefinitions............................................................................................21
10 GGM8000GATEWAYTAMPEREVIDENCELABELINSTALLATIONINSTRUCTIONS...........22

Page2of25

 List of Tables
Table1CryptographicModuleConfigurations......................................................................................................4
Table2SecurityLevelofSecurityRequirements...................................................................................................4
Table3PortsandInterfaces...................................................................................................................................6
Table4ApprovedandCAVPValidatedCryptographicFunctions..........................................................................8
Table5NonApprovedbutAllowedCryptographicFunctions...............................................................................9
Table6ProtocolsAllowedinFIPSMode................................................................................................................9
Table7CriticalSecurityParameters(CSPs)..........................................................................................................10
Table8PublicKeys...............................................................................................................................................12
Table9RolesDescription.....................................................................................................................................13
Table10AuthenticatedServices..........................................................................................................................14
Table11UnauthenticatedServices......................................................................................................................15
Table12CSPAccessRightswithinServices..........................................................................................................16
Table13PowerUpSelftests................................................................................................................................17
Table14ConditionalSelftests.............................................................................................................................18
Table15References.............................................................................................................................................21
Table16AcronymsandDefinitions......................................................................................................................21

List of Figures
Figure1MotorolaGGM8000GatewaywithPorts................................................................................................6
Figure2ApplyingTamperEvidenceLabels1,2,and3toSecuretheGGM8000BaseUnit(BaseModuleand
BlankFillerPanelinExpansionModuleSlot............................................................................................................23

Page3of25

1 Introduction
ThisdocumentdefinestheSecurityPolicyfortheMotorolaGGM8000Gateway,hereafterdenotedtheModule.
The Module is a modular purposebuilt gateway that can easily be configured to support a variety of public
safetynetworkapplications.TheModulemeetsFIPS1402overallLevel2requirements.
Table1CryptographicModuleConfigurations

Module HWP/NandVersion FWVersion

1 GGM 8000 Base CLN1841ERevAB KS16.8.1.06
Unit
2 GGM 8000 AC CLN1850ARevG N/A
Power Supply
option
3 GGM 8000 DC CLN1849ARevH N/A
Power Supply
option
4 FIPSKit CLN8787A,Rev.B N/A

The Module is intended for use by US Federal agencies and other markets that require FIPS 1402 validated
network appliances. The Module is a multichip standalone embodiment; the cryptographic boundary is the
gatewaysenclosurewhichincludesallcomponents,andoneofthepowersupplyoptions(ACorDC)identified
inTable1.
TheFIPS1402securitylevelsfortheModuleareasfollows:
Table2SecurityLevelofSecurityRequirements

SecurityRequirement SecurityLevel
CryptographicModuleSpecification 2
CryptographicModulePortsandInterfaces 2
Roles,Services,andAuthentication 2
FiniteStateModel 2
PhysicalSecurity 2
OperationalEnvironment N/A
CryptographicKeyManagement 2
EMI/EMC 2
SelfTests 2
DesignAssurance 3
MitigationofOtherAttacks N/A

Page4of25

TheModuleimplementationiscompliantwith:
FIPS1402
FIPS197
SP80038A
SP80090A
FIPS1981
SP800135
FIPS1864
FIPS1804
SP80020

Page5of25

1.1 HardwareandPhysicalCryptographicBoundary
ThephysicalcryptographicboundaryoftheModuleisdepictedinFigure1.Inthephoto,thereisaslotthatcan
hold an optional expansion module for increased device connectivity. The optional expansion module is not
includedwithintheMotorolaGGM8000Gatewaycryptographicboundary.

AC Power Plug or DC Power Entry

Connectors on rear of chassis

T1/E1 Ports LEDs

Ethernet Ports

Backplane Interface (supports Expansion

Module not part of cryptographic
boundary)
Console Port

Figure1MotorolaGGM8000GatewaywithPorts

Table3PortsandInterfaces

Port Description LogicalInterfaceType

Ethernet(Qty.4) LAN ports that provide Controlin|Datain|Dataout|Statusout
connection to Ethernet
LANsusingeither10BASE
T, 100BASETX, or 1
GigabitEthernet
T1/E1(Qty.2) T1/E1 interfaces that Controlin|Datain|Dataout|Statusout
supportT1/E1CSU/DSU
Console(Qty.1) RS232interface Controlin|Statusout
Backplaneinterface Highspeed multifunction Controlin|Datain|Dataout|Statusout
serial interfaces that
Supports expansion
provide connection to
module containing
industrystandard V.35,
optionalinterfacecards Data Communications
(expansion module not Equipment (DCE) or Data
part of cryptographic TerminalEquipment(DTE)
boundary) serialdevices
ACpowerplug Power

Page6of25

Port Description LogicalInterfaceType

OR DC power entry External AC power input Power
connectors(Qty.1or2) port OR External DC
powerinputports
LEDs(Qty.7) ProvideModulestatusfor Statusout
trafficandmodulepower.

1.2 ModesofOperation
ThemodulesupportsbothanApprovedandnonApprovedmodeofoperation.ToenterFIPSmode,theCrypto
OfficermustfollowtheprocedureoutlinedinTable4below.Fordetailsonindividualgatewaycommands,use
the online help facility or review the Enterprise OS Software User Guide and the Enterprise OS Software
ReferenceGuide.
Step Description

1. CheckifFIPSmodeisenabledusingtheshowSYSFIPS command.IfFIPS= ON,gotonextstep.IfFIPS=OFF,

issueSETDSYSFIPS=ONcommand.

2. Configure the parameters for the IKE negotiations using the IKEProfile command. For FIPS mode, only the
following values are allowed: DiffieHellman Group (Group 14 required for 112bit key strength), Encryption
Algorithm(AESorTripleDES),HashAlgorithm(SHA),andAuthenticationMethod(PreSharedKey).

3. Electronicallyestablishviathelocalconsoleportthepresharedkey(PSK)tobeusedfortheIKEprotocolusing:
ADDCRYPTOFipsPreSharedKey<peer_ID><preshared_key><preshared_key>
ForFIPSmode,minimumkeylengthis14bytes.

4. If IPsec is used, configure IPsec transform lists using the ADD CRYPTO TransformLIst command. For FIPS
mode,onlythefollowingvaluesareallowed:EncryptionTransform(ESPTDES,orESPAES)andAuthentication
Transform(ESPSHA).

5. IfFRF.17isused,configureFRF.17transformlistsusingtheADDCRYPTOTransformLIstcommand.ForFIPS
mode,onlythefollowingvaluesareallowed:EncryptionTransform(FRFTDES,orFRFAES)andAuthentication
Transform(FRFSHA).

6. Foreachportforwhichencryptionisrequired,bindadynamicpolicytotheportsusing:
ADD[!<portlist>]CRYPTODynamicPOLicy<policy_name><priority>
<mode><selctrlist_name><xfrmlist_name>[<pfs>][<lifetime>][<preconnect>]
TobeinFIPSmode,theselectorlistandtransformlistnamesmustbedefinedasinprevioussteps.

7. IfPIMauthenticationisenabled,configureManualKeysetusingtheADDCRYPTOManKeySet command.For
FIPSmode,minimumauthenticationkeylengthis14bytes.

8. IfSNMPv3isenabled,configureauthenticationandencryptionpassphrasesforallSNMPuserswithAuthPriv
privileges.ForFIPSmode,minimumauthenticationpassphraselengthis14bytes.

9. IfSSHv2isenabled,generateRSA2048bitkeysusingGenSshKeyRSA2048.
10. Foreachportforwhichencryptionisrequired,enableencryptiononthatportusing:
SETDefault[!<portlist>]CRYPTOCONTrol=Enabled

Page7of25

 Step Description

11. DSAkeysmustnotbeusedinFIPSmode.
12. Use the Show SYS SwSignatureAlgorithm command to verify that firmware signing algorithm is set to
SHA2withRSA2048. If not use the SetD SYS SwSignAlgorithm = SHA2withRSA2048 command to change
signingalgorithm.

13. FIPS1402modeachieved.

2 CryptographicFunctionality
TheModuleimplementstheFIPSApprovedandNonApprovedbutAllowedcryptographicfunctionslistedinthe
table(s)below.
Table4ApprovedandCAVPValidatedCryptographicFunctions

Algorithm Description Cert#

AES(Hardware [FIPS197,SP80038A] 962
Implementation) Functions:Encryption,Decryption
Modes:ECB,CBC,CTR
Keysizes:128,256bits
AES(Firmware [FIPS197,SP80038A] 3547
Implementation) Functions:Encryption,Decryption
Modes:ECB,CBC,CFB128
Keysizes:128,192(CBConly),256bits(CBConly)
DRBG [SP80090A] 903
Functions:HashDRBG
SecurityStrengths:128bits
HMAC(Hardware [FIPS1981] 1487
Implementation) Functions:Generation,Verification
SHAsizes:SHA1
KeySize:160bits
HMAC(Firmware [FIPS1981] 2265,
Implementation) Functions:Generation,Verification 2266
SHAsizes:SHA1,SHA256
KeySize:minimum112bits
KDF,Existing [SP800135] 603,604,
Application Functions:SSHKDF,SNMPKDF,IKEv1KDF,IKEv2KDF 605
Specific(CVL)

Page8of25

Algorithm Description Cert#

RSA [FIPS1864,PKCS#1v2.1(PKCS1.5)] 1827
Functions:KeyGeneration,SignatureGeneration,SignatureVerification
Keysizes:1024(RSAVerifyonly),2048bits
SHA(Hardware [FIPS1804] 933
Implementation) Functions:MessageDigest
SHAsizes:SHA1

SHA(Firmware [FIPS1804] 2926

Implementation) Functions:DigitalSignatureGeneration,DigitalSignatureVerification,
nonDigitalSignatureApplications
SHAsizes:SHA1,SHA256
TripleDES(TDEA) [SP80020] 757
(Hardware Functions:Encryption,Decryption
Implementation)
Modes:TCBC

Keysizes:3key
TripleDES(TDEA) [SP80020] 1986
(Firmware Functions:Encryption,Decryption
Implementation)
Modes:TCBC

Keysizes:3key

Table5NonApprovedbutAllowedCryptographicFunctions

Algorithm Description
NonSP80056A [IGD.8]
CompliantDH DiffieHellman(keyagreement;keyestablishmentmethodologyprovides112bitsof
encryptionstrength)
NDRNG [AnnexC]
Hardware NonDeterministic RNG; minimum of 256 bits per access. The NDRNG
outputisusedtoseedtheFIPSApprovedDRBG.

Table6ProtocolsAllowedinFIPSMode

Protocol Description
IKEv1 [IGD.8andSP800135]
CipherSuites:OakleyGroup1,2,5and14DHkeyagreementwithPreSharedKey
authentication,AESorTripleDESCBCencryption,SHA1hashing,andHMACPRF

Page9of25

Protocol Description
IKEv2 [IGD.8andSP800135]
CipherSuites:OakleyGroup1,2,5and14DHkeyagreementwithPreSharedKey
authentication,AESorTripleDESCBCencryption,HMACSHA1integrityandPRF
SNMPv3 [IGD.8andSP800135]
AllowedonlywiththeSP800135SNMPKDFandAESencryption/decryption
SSHv2 [IGD.8andSP800135]
CipherSuites:RSA2048DHgroup14SHA1keytransport,AESCBCencryption,
HMACSHA1MAC
Note:theseprotocolshavenotbeenreviewedortestedbyCMVPorCAVP
NonApprovedCryptographicFunctionsforuseinnonApprovedmodeonly:
DES
TripleDES(2Key)
FIPS1862RSASignatureGeneration:4096bitkeyswithSHA2
MD5
HMACMD5
HMACSHA196
DSA1024bitforpublic/privatekeypairgenerationanddigitalsignatures(noncompliant)
RSA1024forkeytransportwithinSSHv2
NonapprovedSWRNG:Providesrandomnumbersfornetworkingfunctions(noncompliant)
DiffieHellmanGroup1,2and5

2.1 CriticalSecurityParameters
AllCSPsusedbytheModulearedescribedinthissection.AllusageoftheseCSPsbytheModule(includingall
CSPlifecyclestates)isdescribedintheservicesdetailedinSection4.
Table7CriticalSecurityParameters(CSPs)

CSP Description/Usage
KEK This is the master key that encrypts persistent CSPs stored within the
module.
KEKprotectedkeysincludePSKandpasswords.
EncryptionofkeysusesAES128ECB
IKEPresharedKeys UsedtoauthenticatepeertopeerduringIKEsession
SKEYID HMACSHA1 (minimum 112 bit key), used in IKE to provide for
authenticationofpeerrouter.
Generated for IKE Phase 1 by hashing preshared keys with
responder/receivernonce
SKEYID_d Phase1keyusedtoderivekeyingmaterialforIKESAs

Page10of25

CSP Description/Usage
SKEYID_a Keyusedforintegrityandauthenticationofthephase1exchange
SKEYID_e KeyusedforTripleDESorAESdataencryptionofphase1exchange
SKEYSEED SeedvalueisgeneratedfrominitiatorandrespondernoncevaluesandDH
presharedkey.UsedinIKEv2IKE_SA
SK_d KeyusedtoderivekeyingmaterialfortheCHILD_SAsestablishedwithIKEv2
IKE_SAs
SK_ai Keyusedbyinitiatorasakeytotheintegrityprotectionalgorithmfor
authenticatingthecomponentmessagesinIKEv2IKE_SA
SK_ar Keyusedbyresponderasakeytotheintegrityprotectionalgorithmfor
authenticatingthecomponentmessagesinIKEv2IKE_SA
SK_ei Keyusedbyinitiatorforencryptinganddecryptingallsubsequentexchanges
inIKEv2IKE_SA
SK_er Key used by responder for encrypting and decrypting all subsequent
exchangesinIKEv2IKE_SA
SK_pi KeyusedbyinitiatorwhengeneratinganAUTHpayloadinIKEv2IKE_SA
SK_pr KeyusedbyresponderwhengeneratinganAUTHpayloadinIKEv2IKE_SA
*EphemeralDHPhase1 GeneratedforIKEPhase1keyestablishment
privatekey(a)
*EphemeralDHPhase2 Phase2DiffieHellmanprivatekeysusedinPFSforkeyrenewal
privatekey(a)
*IPsecSessionKeys 128/192/256bit AESCBC and 168bit TripleDES keys are used to encrypt
andauthenticateIPsecESPpackets
FRF.17SessionKeys 168bit TripleDESCBC and 128/192/256bit AESCBC keys are used to
encryptandauthenticateFRF.17Mode2
*SSHRSAPrivateKey Keyusedtoauthenticateoneselftopeer
SSHSessionKeys 128bitAESCBCkeysareusedtoencryptandauthenticateSSHpackets
*SSHDHPrivateKey GeneratedforSSHkeyestablishment
SNMPv3Passphrases PassphrasesusedingenerationofSNMPv3sessionkeys
SNMPv3SessionKeys 128bitkeysusedtoencryptandauthenticateSNMPv3packets
RADIUSSecret Usedforauthenticationofpacketssent/receivedtoRADIUSServer,upto32
characters.
HashDRBGSeed InitialseedforFIPSApprovedDRBG
HashDRBGInternalState Internal state/context for FIPSApproved DRBG. The critical security
parametersarethevaluesVandC.

Page11of25

CSP Description/Usage
Passwords 7(to15)characterpasswordusedtoauthenticatetothemodule
CryptoOfficer
(SuperUser)
NetworkManager
Admin
User

2.2 PublicKeys
Table8PublicKeys

Key Description/Usage
RSAFirmwareLoadKey RSA2048bitkeyusedforfirmwareauthentication
SSHRSAKey (RSA2048bit)Distributedtopeer,usedforSSHauthentication
SSHKnownHostKeys (RSA1024and2048bit)Distributedtomodule,usedtoauthenticatepeer
IKEDHpublickey(g^a) (2048bit)GeneratedforIKEPhase1keyestablishment
IKE DH phase2 public (2048bit)Phase2DiffieHellmanpublickeysusedinPFSforkeyrenewal(if
(g^a)key configured)
SSHDHKey (2048bit)GeneratedforSSHkeyestablishment

Page12of25

3 Roles,AuthenticationandServices
3.1 AssumptionofRoles
The module supports seven distinct operator roles, Cryptographic Officer (Super User), Admin, Network
Manager, User, MotoAdmin, MotoMaster, and MotoInformA/B. The cryptographic module enforces the
separationofrolesusingRolebasedauthentication.
Table 9 lists all operator roles supported by the module. The Module supports concurrent operators. Each
operator has an independent session with the gateway, either though SSH or via the console. Once
authenticated to a role, each operator can access only those services for that role. In this way, separation is
maintainedbetweentheroleandservicesallowedforeachoperator.
Table9RolesDescription

RoleID RoleDescription AuthenticationType AuthenticationData

CryptoOfficer Theownerofthe Rolebasedoperator UsernameandPassword
(SuperUser) cryptographicmodulewith authentication.
fullaccesstoservicesof
themodule.
Network Anoperatorofthemodule Rolebasedoperator UsernameandPassword
Manager(NM) withalmostfullaccessto authentication.
servicesofthemodule.
Admin AnassistanttotheCrypto Rolebasedoperator UsernameandPassword
Officerthathasreadonly authentication.
accesstoasubsetof
moduleconfigurationand
statusindications.
User Auserofthemodulethat Rolebasedoperator UsernameandPassword
hasreadonlyaccesstoa authentication.
subsetofmodule
configurationandstatus
indications.
MotoAdmin ASNMPv3userwhocan Rolebasedoperator Passphrase
(MO) issueanycommandfrom authentication.
theSNMPV3User
Managermenu.
MotoMaster ASNMPv3userwhocan Rolebasedoperator Passphrase
(MM) changeitsown authentication.
passphrasesfromthe
SNMPV3UserManager
menu.
MotoInformA/B ASNMPv3userwho Rolebasedoperator Passphrase
(MI) receivesandtransmits authentication.
reliablemessagesover
SNMPv3.

Page13of25


3.2 AuthenticationMethods
UsernameandPassword
Passwords are alphanumeric strings consisting of 7 to 15 characters chosen from the 94 standard keyboard
characters.Theprobabilitythatarandomattemptwillsucceedorafalseacceptancewilloccuris1/94^7which
islessthan1/1,000,000.Afterthreeconsecutiveunsuccessfulloginattempts,anoperatorislockedoutfortwo
minutes, ensuring that that the probability is less than one in 100,000 per minute, that random multiple
attemptswillsucceedorafalseacceptancewilloccur.
Passphrase
Each SNMPv3 user has its own pair of encryption and authentication passphrases. The SNMPv3 user
authentication or encryption passphrase must be 864 characters long and may contain uppercase and
lowercase alphabetic characters (AZ) and (az); numeric characters (09); and any of the following special
characters(!%&()*+,./:;<=>?).
Theprobabilitythatarandomattemptwillsucceedorafalseacceptancewilloccuris1/81^8whichislessthan
1/1,000,000.Afterthree consecutive unsuccessfulloginattempts,theoperatorislocked outfortwo minutes.
The resulting probability of successfully authenticating to the module within one minute through random
attemptsis3/81^8,whichislessthan1/100,000.

3.3 Services
AllservicesimplementedbytheModulearelistedinthetablesbelow.Eachservicedescriptionalsodescribesall
usageofCSPsbytheservice.
Table10AuthenticatedServices

Service Description CO NM Admin User MO MM MI

FirmwareUpdate Load firmware images digitally X X
signed by RSA (2048 bit)
algorithm
KeyEntry EnterPreSharedKeys(PSK) X X
User Add/Deleteandmanageoperator X X
Management passwords
Reboot Forcethemoduletopowercycle X X
viaacommand
Zeroization ActivelydestroyallplaintextCSPs X X
andkeys
Crypto Configure IPsec and FRF.17 X X
Configuration services
IKE Key establishment utilizing the X X
IKEprotocol
IPSec Tunnel IPsecprotocol X X
Establishment

Page14of25

Service Description CO NM Admin User MO MM MI

FRF.17 Tunnel FrameRelayPrivacyProtocol X X
Establishment
Alternating Provide some services with X X
Bypass cryptographic processing and
some services without
cryptographicprocessing
SSHv2 Forremoteaccesstothegateway X X
Network Configurenetworkingcapabilities X X
Configuration
SNMPv3 Network management, including X X X X X
trapsandconfiguration
EnablePorts Applyasecuritypolicytoaport X X
FileSystem Accessfilesystem X X
Authenticated Provide status to an X X X X
ShowStatus authenticatedoperator
AccessControl ProvideaccesscontrolforCrypto X X X X
Officer, Network Manager,
Admin,andUser

Table11UnauthenticatedServices

Service Description
Unauthenticated Show Provide the status of the cryptographic module the status is shown using
Status theLEDsonthefrontpanel
PowerupSelftests ExecutethesuiteofselftestsrequiredbyFIPS1402duringpowerup

AllServicesavailableinFIPSApprovedmodearealsoavailableinFIPSNonApprovedmode.TheApprovedmode
isdefinedbythecorrectconfiguration.
Table 12 defines the relationship between access to CSPs and the different module services. The modes of
accessshowninthetablearedefinedas:
G=Generate:ThemodulegeneratestheCSP.
R=Read:ThemodulereadstheCSP.Thereadaccessistypicallyperformedbeforethemoduleusesthe
CSP.
E=Execute:ThemoduleexecutesusingtheCSP.
W=Write:ThemodulewritestheCSP.ThewriteaccessistypicallyperformedafteraCSPisimported
intothemodule,whenthemodulegeneratesaCSP,orwhenthemoduleoverwritesanexistingCSP.
Z=Zeroize:ThemodulezeroizestheCSP.

Page15of25

 Table12CSPAccessRightswithinServices

tunnel

tunnel

Show
NetworkConfiguration
CryptoConfiguration

AlternatingBypass
UserManagement
FirmwareUpdate

AccessControl
Authenticated
establishment

establishment

EnablePorts

FileSystem
Zeroization
Keyentry

SNMPv3
Reboot
FRF.17

Status
SSHv2
IPsec
CSP

IKE

KEK E E Z GE

IKEPresharedKey W E Z RW EW E

EG Z Z
SKEYID

SKEYID_d EG Z

EG Z
SKEYID_a
EG Z
SKEYID_e
EG Z Z
SKEYSEED

SK_d EG Z

SK_ai EG Z

SK_ar EG Z

SK_ei EG Z

SK_er EG Z

SK_pi EG Z

SK_pr EG Z

EphemeralDHPhase EG Z
1privatekey(a)

EphemeralDHPhase EG Z
2privatekey(a)

EG E Z
IPsecSessionKeys

Page16of25


FRF.17SessionKeys EG E Z

SSHRSAPrivateKey EG Z EG

EG Z
SSHSessionKeys

SSHDHPrivateKey EG Z

EW Z E
Passwords

RADIUSSecret Z EW

SNMPv3Passphrase EW Z E

SNMPv3SessionKeys EGZ

EG Z
DRBGSeed
EG Z
DRBGInternalState

4 Selftests
EachtimetheModuleispoweredupitteststhatthecryptographicalgorithmsstilloperatecorrectlyandthat
sensitive data have not been damaged. Power up selftests are available on demand by power cycling the
module.
On power up or reset, the Module performs the selftests described in Table 13 below. All KATs must be
completed successfully prior to any other use of cryptography by the Module. If one of the KATs fails, the
Moduleenterstheerrorstate.KATfailureisindicatedbytheEncryptionLEDbeingunlitwhentestfails.Deviceis
notabletopowerupifselftestfails.
Table13PowerUpSelftests

TestTarget Description
Firmware 16bitCRCperformedoverallcodeinflash
Integrity
AES(Hardware KATs:Encryption,Decryption
implementation) Modes:CBC
Keysizes:128bits
AES(Firmware KATs:Encryption,Decryption
implementation) Modes:ECB,CBC
Keysizes:128,192,256bits
DRBG KATs:HASHDRBG
SecurityStrengths:256bits
HMAC KATs:Generation,Verification
(Hardware SHAsizes:SHA1
implementation) IncludeshardwareSHA1KAT
HMAC KATs:Generation,Verification
(Firmware SHAsizes:SHA1
implementation)

Page17of25

TestTarget Description
RSA KATs:SignatureGeneration,SignatureVerification
Keysizes:2048bits
SHA KATs:SHA1,SHA256
TripleDES KATs:Encryption,Decryption
(Hardware Modes:TCBC,
implementation) Keysizes:3key

TripleDES KATs:Encryption,Decryption
(Firmware Modes:TCBC,
implementation) Keysizes:3key

Table14ConditionalSelftests

TestTarget Description
NDRNG NDRNG Continuous Test performed when a random value is requested from the
NDRNG.
DRBG DRBGContinuousTestperformedwhenarandomvalueisrequestedfromtheDRBG.
FirmwareLoad RSA2048signatureverificationperformedwhenfirmwareisloaded.
RSAPairwise Pairwiseconsistencytestforpublicandprivatekeygeneration(RSA)
Consistency
DRBGHealth PerformedconditionallyperSP80090Section11.3.RequiredperIGC.1.
Checks
BypassTest BypassTestperformedwhentheserviceAlternatingBypassiscalled.

5 PhysicalSecurityPolicy
The Motorola GGM 8000 Gateway is composed of industry standard productiongrade components. To meet
FIPS1402Level2requirements,theMotorolaGGM8000Gatewaymusthavethethree(thereisa4thsealthat
isoptional)tamperevidentsealsappliedasdescribedinSection10.ItistheresponsibilityoftheCryptoOfficer
tomaintainthetamperseals.Thesealsshouldbeinspectedforevidenceoftampereverythree(3)months.If
evidenceoftamperhasbeenidentified,themoduleshouldbeconsideredcompromisedandCustomerService
should be contacted for further instructions. The tamper evident seals shall be installed for the module to
operateinaFIPSApprovedmodeofoperation.PleaseseeSection10forspecificinstructionsoninstallationof
thetamperlabels.

Note:AFIPSlabelkitcanbeorderedbyusingpartnumberCLN8787A,Rev.B.

Page18of25

6 OperationalEnvironment
The Moduleisdesignated asalimited operationalenvironment under the FIPS1402definitions.The Module
includesafirmwareloadservicetosupportnecessaryupdates.Newfirmwareversionswithinthescopeofthis
validationmustbevalidatedthroughtheFIPS1402CMVP.Anyotherfirmwareloadedintothismoduleisoutof
thescopeofthisvalidationandrequireaseparateFIPS1402validation.

7 MitigationofOtherAttacksPolicy
TheMotorolaGGM8000Gatewayhasnotbeendesignedtomitigateagainstotherattacksoutsidethescopeof
FIPS1402.

8 SecurityRulesandGuidance
The Module design corresponds to the Module security rules. This section documents the security rules
enforced by the cryptographic module to implement the security requirements of this FIPS 1402 Level 2
module.
1. The Motorola GGM 8000 Gateway provides seven distinct operator roles: CryptoOfficer (Super User),
Admin, Network Manager, User, MotoAdmin, MotoMaster, and MotoInformA/B. The CryptoOfficer role
usestheSuperUseraccount.
2. Themoduleshallproviderolebasedauthentication.
3. Themoduleshallclearpreviousauthenticationsonpowercycle.
4. When the module has not been placed in a valid role, the operator shall not have access to any
cryptographicservices.
5. The operator shall be capable of commanding the module to perform the power up selftests by cycling
powerorresettingthemodule.
6. Powerupselftestsdonotrequireanyoperatoraction.
7. Dataoutputshallbeinhibitedduringkeygeneration,selftests,zeroization,anderrorstates.
8. StatusinformationdoesnotcontainCSPsorsensitivedatathatifmisusedcouldleadtoacompromiseofthe
module.
9. TherearenorestrictionsonwhichkeysorCSPsarezeroizedbythezeroizationservice.
10. Themoduledoesnotsupportamaintenanceinterfaceorrole.
11. Themoduledoesnotsupportmanualkeyentry.
12. Themoduledoesnothaveanyexternalinput/outputdevicesusedforentry/outputofdata.
13. ThemoduledoesnotenteroroutputplaintextCSPs.
14. Themoduledoesnotoutputintermediatekeyvalues.

Themoduleisdistributedtoauthorizedoperatorswrappedinplasticwithinstructionsonhowtosecurelyinstall
themodule.Oninitialinstallation,performthefollowingsteps:

Page19of25

 1. Poweronthemoduleandverifysuccessfulcompletionofpowerupselftestsfromconsoleportor
inspectionoflogfile.Thefollowingmessagewillappearontheconsoleinterface:poweronselftests
passed.
2. AuthenticatetothemoduleusingthedefaultoperatoractingastheCryptoOfficerwiththedefault
passwordandusername.
3. VerifythattheHardwareandFirmwareP/NsandversionnumbersofthemodulearetheFIPSApproved
versions.
4. ChangetheCryptoOfficerandUserpasswordsusingtheSysPassWordcommand.
5. InitializetheKeyEncryptionKey(KEK)withtheKEKGeneratecommand.Accountpasswordsandcertain
keysarepersistentacrossrebootsandareencryptedwiththeKeyEncryptionKey(KEK).Thiskeycanbe
reinitializedatanytime.
6. ConfigurethemoduleasdescribedinSection1.2.
Themodulesupportsaminimumpasswordlengthof7charactersandamaximumlengthof15characters.The
CryptoOfficer controls the minimum password length through the PwMinLength parameter: SETDefault SYS
PwMinLength=<length>,where<length>specifiestheminimumlength.
TheZeroizationServiceshouldalsobeinvokedtozeroizeallCSPspriortoremovingagatewayfromservicefor
repair.

Page20of25

9 ReferencesandDefinitions
ThefollowingstandardsarereferredtointhisSecurityPolicy.
Table15References

Abbreviation FullSpecificationName
[FIPS1402] SecurityRequirementsforCryptographicModules,May25,2001
[SP800131A] Transitions:RecommendationforTransitioningtheUseofCryptographicAlgorithms
andKeyLengths,January2011

Table16AcronymsandDefinitions

Acronym Definition
AES AdvancedEncryptionStandard
CBC CipherBlockChaining
CLI CommandLineInterface
CSP CriticalSecurityParameter
DRBG DeterministicRandomBitGenerator
DH DiffieHellman
FRF FrameRelayForum
FRF.17 FrameRelayPrivacyImplementationAgreement
FRPP FrameRelayPrivacyProtocol
HMAC HashMessageAuthenticationCode
IKE InternetKeyExchange
IP InternetProtocol
IPsec InternetProtocolSecurity
KAT KnownAnswerTest
KDF KeyDerivationFunction
KEK KeyEncryptingKey
MNR MotorolaNetworkRouter
OSPF OpenShortestPathFirst
PFS PerfectForwardSecrecy
PIM ProtocolIndependentMulticast
RNG RandomNumberGenerator
SHA SecureHashAlgorithm

Page21of25

Acronym Definition
SSH SecureShell
SNMP SimpleNetworkManagementProtocol
Tanapa Thepartnumberthatisbuiltandstockedforcustomerorders

10 GGM8000GATEWAYTAMPEREVIDENCELABELINSTALLATIONINSTRUCTIONS

FollowthesestepstoinstalltamperevidencelabelsontheGGM8000gateway:

The surface to which the labels will be attached must be at a temperature of at least +10C (+50F), and the
surfacemustbecleananddry.Cleananygrease,dirt,oil,oradhesiveresiduefromtheareastowhichthelabels
aretobeattachedbeforeapplyingthetamperevidencelabels.Ifyouarereplacingtamperevidencelabels(after
arepair,forexample),removetheoldlabelsandanyadhesiveresiduewithisopropylalcohol(99%concentration)
priortoapplyingthenewlabels.
1. Wipethesurfacecleanwithisopropylalcohol(99%concentration)toremovesurface
contaminants.Pleasenotethatusingasolutionwithanisopropylalcoholconcentrationlessthan
99%isnotacceptable.

2. Donotallowexcessalcoholtoairdry.Useacleanpapertowelorcottonclothtocompletely
removeanyexcessalcohol,therebyremovinganyresidualcontaminants.

3. Applytamperevidencelabels1,2,and3(optional)tosecuretheGGM8000basemoduleand
blankfillerpanelonthefrontofthechassis.

Donotpushlabels1,2,and3allthewayupunderthetopcoveroverhangortuckthelabelsintothe
gapbetweenthefrontpanelandthetopcoveroverhang.AsshowninDetailAinFigure2thelabels
shouldcomeoutatapproximatelya45degreeanglefromwheretheyareaffixedtothefrontpanel
towheretheywraparoundandoverthetopcover.
a. RemovetheKraftlinerfromthebackoflabel1andattachthelabelasillustratedinFigure
2(GGM8000baseunit(basemoduleandblankfillerpanel))Centerthesilverportionof
thelabelbetweentherightmostcoolingholeandtheEncrypt,Run,Load,andTestLEDs,
withtheMotorolalogoonthelabellinedupwiththetopoftheLoadLED.Startingfrom
theshortedgeofthelabelthatispositionedonthefrontpanel,affixthelabelbyapplying
pressurewhilepushingthelabelupthefrontpanelandontothetopcover.

b. RemovetheKraftlinerfromthebackoflabel2andattachthelabelasillustratedinFigure
2(GGM8000baseunit(basemoduleandblankfillerpanel)).PositiontheMotorolalogo
edgeofthelabeldirectlyabovethetopedgeofconnector5Bwiththeleftedgeofthe
clearportionofthelabelalignedwiththeedgeofthethumbscrew.Startingfromtheshort
edgeofthelabelthatispositionedonthefrontpanel,affixthelabelbyapplyingpressure
whilepushingthelabelupthefrontpanelandontothetopcover.

Note:Label3isoptionalandisnotrequiredforaFIPSapprovedconfiguration.The
additionaltamperevidencelabelprovidesadditionaltamperevidencebeyondthe
modulecryptographicboundary.

c. RemovetheKraftlinerfromthebackoflabel3andattachthelabelasillustratedin

Page22of25

 Figure2.

Position the label approximately in the middle of the blank panel with the perforation
between theT andtheOaligned withtheedgeofthetop cover. Starting from the
short edgeof thelabel that ispositionedon the frontpanel,affixthelabelbyapplying
pressurewhilepushingthelabelupthefrontpanelandontothetopcover.

d. Rubthelabelsonthefrontandtopofthechassisfortwo(2)secondstoensurethatthe
labelshaveadhered.

Figure2ApplyingTamperEvidenceLabels1,2,and3toSecuretheGGM8000BaseUnit
(BaseModuleandBlankFillerPanelinExpansionModuleSlot
If labels 1, 2, and 3 are applied
correctly, the perforation between the
T and the O aligns with the edge of
the cover

See
SeeDET AIL AA
DETAIL
Do NOT tuck
the label
under the top
cover
overhang

DETAIL A

Page23of25

 Edge of silver portion

Label 3 Label22
Label Label 1 of label

Edge ofoflabel
label with with
aligns
aligns
top edge of connector 5B Edge of clear portion
top edge of connector "5B" of label
Edge of clear Edge of label
portion of label
aligns with edge
of thumbscrew

Page24of25

4. Applytamperevidencelabel4tosecuretheGGM8000powersupplymoduleontherearofthe
chassis.

Note:TheseinstructionsapplytoaGGM8000equippedwitheitheranACoraDCpowersupply
module.

a. RemovetheKraftlinerfromthebackofthelabelandpositionthelabelasillustrated
inFigure2.

Note:Figure2illustratesthelabelplacementfortheACpowersupplymodule.Thelabel
placementfortheDCpowersupplymoduleisthesame.

PositiontheMotorolalogoedgeof thelabeldirectlyabovethe mounting screw,with
therightedgeofthesilverportionofthelabelalignedwiththerightedgeofthepower
supplymodule.Startingfromtheshortedgeofthelabelthatispositionedontherear
panel,affixthelabelbyapplyingpressurewhilepushingthelabeluptherearpaneland
ontothetopcover.

b. Rubthelabelonthetopandrearofthechassisfor2secondstoensurethatthelabel
hasadhered.

5. Securetheunitinarestrictedarea.

6. Allowtheappliedlabelstocureforatleast4hours;donottouchthelabelsduringthistime.

IfyouneedtoreapplythetamperevidencelabelstotheGGM8000,repeatsteps16.

Page25of25