Oracle StorageTek T10000D Manual
  1. Manuals
  2. Brands
  3. Oracle Manuals
  4. Storage
  5. StorageTek T10000D
  6. Manual

Oracle StorageTek T10000D Manual

Non-proprietary security policy
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Oracle StorageTek T10000D Tape Drive
FIPS 140-2 – Level 1 Validation
Non-Proprietary Security Policy
Hardware Part #: 7042136, 7314405
Firmware Version
RB411111
Security Policy Revision 0.12

Advertisement

Table of Contents
loading

Related Manuals for Oracle StorageTek T10000D

Summary of Contents for Oracle StorageTek T10000D

  • Page 1 Oracle StorageTek T10000D Tape Drive FIPS 140-2 – Level 1 Validation Non-Proprietary Security Policy Hardware Part #: 7042136, 7314405 Firmware Version RB411111 Security Policy Revision 0.12...
  • Page 2 Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice.

  • Page 3: Table Of Contents

    ONDITIONAL ESTS 2.9.4 ..................43 RITICAL UNCTIONS ESTS 2.10 M ..................43 ITIGATION OF THER TTACKS Page 3 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 4 9 – L ABLE IST OF RYPTOGRAPHIC RYPTOGRAPHIC OMPONENTS ) ..........33 ERMANENT NCRYPTION AND NCRYPTION NABLED ODES Page 4 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 5: Ryptographic Keys , Cryptographic

    ) ....................36 NCRYPTION ISABLED 11 – L ABLE IST OF RYPTOGRAPHIC RYPTOGRAPHIC OMPONENTS ) ..........................38 IXED Page 5 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 6: Introduction

    This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The StorageTek T10000D Tape Drive may also be referred to in this document as the Encrypting Tape Drive, the ETD , the crypto module, or the module.
  • Page 7  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Acumen Security under contract to Oracle. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Oracle and is releasable only under appropriate non-disclosure agreements.

  • Page 8: Storage Tek T10000D T

    This mode of operation provides a non FIPS-140-2 Approved method for encrypting the tape cartridge contents for customers who do not require FIPS 140 protected content. The StorageTek T10000D Tape Drive is featured in Figure 1 below. MB – Megabytes sec – Second AES –...

  • Page 9: Anager

    (OKM), which provides centralized key management. The OKM, an external system component, creates, stores, and manages the keys used for encryption and decryption of data stored in the tape cartridge used by the ETD. An Oracle Key Manager (formerly called the Key Management System or KMS) cluster consists...

  • Page 10: Figure 2 - Storage Tek

    Service Network Customer Network ELOM/ILOM Network Figure 2 – StorageTek T10000D Tape Drive Deployment Scenario Page 10 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 11: Module Specification

    2.2 Module Specification The StorageTek T10000D Tape Drive is validated at the FIPS 140-2 section levels shown in Table 1 for all FIPS-Approved modes of operation. Table 1 – Security Level per FIPS 140-2 Section Section Section Title Level Cryptographic Module Specification...

  • Page 12: Encryption Enabledm

    FIPS-Approved modes or the Mixed mode while operating the module in the Encryption Disabled Mode. DPKM – Data Path Key Management Page 12 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 13: Mixed Mode

    (Encryption Disabled Approved Mode Set-Up). 2.2.4 Mixed Mode The StorageTek T10000D Tape Drive is capable of operating in a Mixed mode of operation. The Mixed mode of operation is defined as a mode of operation that allows both FIPS approved and non-approved services. Mixed mode of operation supports the following approved services, SSH and firmware update.

  • Page 14: Figure 3 - Storage Tek

    It does not provide access to the interior of the module. Figure 3 - StorageTek T10000D Tape Drive (Front) Figure 4 shows the rear of the StorageTek T10000D Tape Drive. It provides the following physical interfaces: ...

  • Page 15: Figure 4 - Storage Tek

    Figure 4 - StorageTek T10000D Tape Drive (Rear) The bottom of the StorageTek T10000D Tape Drive (Figure 5) provides one additional physical interface; the Operator Panel Port. This port is used to provide general module status as well as additional control input access when the drive is rack-mounted.

  • Page 16: Figure 5 - Storage Tek

    Figure 5 – StorageTek T10000D Tape Drive (Bottom) Table 2 provides a mapping of all of the physical interfaces of the StorageTek T10000D Tape Drive listed above to their respective FIPS 140-2 Logical Interfaces. The functionality and logical interface mappings of these physical interfaces do not change between Approved modes.

  • Page 17: Table 2 - Mapping Of

    Table 2 – Mapping of FIPS 140-2 Logical Interfaces to StorageTek T10000D Tape Drive Physical Interfaces FIPS 140-2 Physical Interface Quantity Logical Interfaces Description Supported Provides the interface to the magnetic tape media, where the user data to be encrypted is written to, and where the data to be decrypted is read from.
  • Page 18 – Internet Small Computer System Interface RDMA – Remote Direct Memory Access SNMP – Simple Network Management Protocol Page 18 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 19: Tatus Information

    RFID located on the tape cartridge 2.3.2 StorageTek T10000D Tape Drive VOP Status Information The module outputs status information via the Ethernet Port to the VOP to provide a more detailed drive and encryption status to the operator. Drive statuses include whether the ETD has a tape, is online, or has encountered an error.

  • Page 20: Roles And Services

    2.4.1 Crypto-Officer Role The CO is in charge of the initial configuration of the StorageTek T10000D Tape Drive which includes placing the module into one of the modes of operations. A list of services available to the CO, and the Approved mode the service is available in, is provided in Table 3.

  • Page 21: Table 3 - Cryptographic

    Dump excludes DEPubKey, FSPubKey, and FSRootCert EEPROM – Electronically Erasable Programmable Read-Only Memory DRBG – Deterministic Random Bit Generator Page 21 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 22 Deletes currently stored Encryption Enabled Delete Perm Logs None permanent error logs Encryption Disabled Mixed Mode Page 22 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 23: User Role

    Approved mode of operation. 2.4.3 User Role The User of the StorageTek T10000D Tape Drive is the everyday user of the module. The User is responsible for importing the encryption and decryption keys when operating in one of the Approved modes with encryption enabled.

  • Page 24: Additionalo

    Table 5 lists the services available to operators not required to assume an authorized role. These services are available in all Approved modes of operation. Page 24 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 25: Physical Security

    Security Policy. These documents are freely available at http://docs.oracle.com. 2.5 Physical Security The StorageTek T10000D Tape Drive satisfies level 1 physical security requirements by being constructed of a hard, production-grade metal exterior. The module provides an opening, which is required for the insertion of media (tape cartridges).

  • Page 26: Cryptographic Key

    Permanent Encryption Approved Mode or Encryption Enabled Approved Mode. The cryptographic algorithms available in these Approved modes are listed inTable 6. Table 6 – FIPS-Approved Algorithms in StorageTek T10000D Tape Drive (Permanent Encryption and Encryption Enabled Modes) Certificate...
  • Page 27 CBC – Cipher Block Chaining SHA – Secure Hash Algorithm HMAC – (Keyed-) Message Authentication Code Page 27 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 28: Lgorithm Implementations

    Table 6. A list of cryptographic algorithms used by the module while operating in the Encryption Disabled Mode is provided as Table 7. Table 7 – FIPS-Approved Algorithms in StorageTek T10000D Tape Drive (Encryption Disabled Mode) Certificate...
  • Page 29 SSH CTR - Counter SHA – Secure Hash Algorithm PKCS – Public Key Cryptographic Standard Page 29 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 30: Nabled Cryptographic Aisabled Cryptographic Algorithm Implementations

    SP – Special Publication CTR - Counter SHA – Secure Hash Algorithm PKCS – Public Key Cryptographic Standard Page 30 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 31 DRBG. The NDRNG provides a minimum of 384-bits to the DRBG for use in key generation.  The module provides MD5 for use with TLS 1.0 protocol. Page 31 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 32 DRBG. The NDRNG provides a minimum of 384-bits to the DRBG for use in key generation.  The module provides MD5 for use with TLS 1.0 protocol. Page 32 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 33: Arameters

    Mode appliance during TLS session RAM – Random Access Memory FPGA – Field Programmable Gate Array Page 33 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 34 PRF (Pseudo Random Function) is based on a hash on the TLS_PM and nonces; Utilizes SHA-1 and MD5 (Message Digest 5) Page 34 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 35 EEPROM and RAM Switch Approved sent to OKM cluster (KWKPublicKey) TLS_ECK Mode CA – Certificate Authority Page 35 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 36: Encryptiond

    Table 10 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs (Encryption Disabled Mode) Key Type Generation / Input Output Storage Zeroization Page 36 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 37 ECDH or FFC via SSH_SK Switch Approved Public Key (per SSH DH Group 14 (112- Mode 2.0) bits) Page 37 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 38: Ritical Security Parameters

    Root Certificate Key Hardcoded into SSH_SK EEPROM and RAM certificates provided by (FSRootCert) module the new firmware image Page 38 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 39 Output encrypted via Plaintext in RAM Generate random DEKey Power cycle; values for the Switch Approved CTR_DRBG Mode Page 39 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 40 Plaintext in RAM Internal state value for value (integer) DEKey Power cycle; the CTR_DRBG Switch Approved Mode Page 40 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 41: Emi/Emc

    Approved mode. All test run without requiring operator intervention. 2.9.1 Integrity Tests An integrity test is the first operation performed by the StorageTek T10000D Tape Drive after power has been supplied. The module performs a 32-bit CRC on the firmware and hardware/FPGA images as its approved integrity technique.
  • Page 42 If the CRNGT fails on the second attempt, the dump file is discarded and the module will then reboot. The StorageTek T10000D Tape Drive performs a Pairwise Consistency Test on each Asymetric key pair (RSA and Elliptic Curve) generated in support of establishing a SSH session.
  • Page 43 SP 800-90A CTR DRBG. Critical functions tests are crucial for the proper and secure operation of the DRBG. These tests will ensure the DRBG always produces random information. The StorageTek T10000D Tape Drive performs the following critical function self-tests:  SP 800-90A DRBG Instantiate Test  SP 800-90A DRBG Generate Test ...

  • Page 44: Secure Operation

     Oracle Key Manager: Administration Guide (Part #: E41579-05; September 2015) Prior to setting up the StorageTek T10000D Tape Drive for first use, the CO shall use the instructions provided in these guides to install the latest versions of Oracle Key Manager and the Virtual Operator Panel onto a trusted system.
  • Page 45 After pressing the “Commit” button, the ETD will reboot to normal operation. 3.1.2 Encryption Disabled Approved Mode Set-Up The StorageTek T10000D Tape Drive is initially delivered to an Oracle customer with the Encryption Disabled Mode configured. Upon first receiving the ETD,...

  • Page 46: Mixed Mode Set

    Approved or Mixed modes. 3.1.5 Mixed Mode Set-Up The CO can place the StorageTek T10000D Tape Drive into the Mixed Mode after initially receiving the ETD. The CO shall perform the following steps: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2.

  • Page 47: Cryptographic O

    3.2 Cryptographic Officer Guidance (Normal Operation) This section assumes the StorageTek T10000D Tape Drive has been placed into one of the FIPS-Approved modes or the Mixed Mode. Instructions on how to place the drive into another mode are provided in this section. The CO is responsible for placing the ETD into one of the Approved modes of operation.

  • Page 48: Switching T Op

    This step is not needed if the drive is currently operating in the Encryption Disabled Mode Page 48 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 49: Switching T Om

    ETD using the “cust” account and issue the command “ecpt sshreset”. The drive will reboot. 3. Using the “Retrieve” menu in VOP, select “Delete Dumps”. Page 49 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

  • Page 50: Cronyms

    Public Key Cryptography Standards POST Power-On Self-Test Pseudo-Random Function Random Access Memory RFID Radio Frequency Identification Registered Jack Page 50 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.
  • Page 51 Secure Shell Transport Layer Security Tape Transport Interface UNKN Unknown Volts Alternating Current Virtual Operator Panel Page 51 of 51 © Copyright 2017 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright notice.

Table of Contents