DOCSLIB.ORG

Security Target for Mercury Systems ASURRE-Stor Solid State Self

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Target for Mercury Systems ASURRE-Stor Solid State Self Security Target for Mercury Systems ASURRE-StorTM Solid State Self- Encrypting Drive Version: 1.1 2020-2-06 Prepared For: Mercury Systems, Inc. 3601 E University Dr Phoenix, AZ 85034 Prepared By: Devin Becker UL Verification Services Inc. Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drive Notices: ©2020 Mercury Systems, Inc. All rights reserved. All other brand names are trademarks, registered trademarks, or service marks of their respective companies or organizations It is prohibited to copy, reproduce or retransmit the information contained within this documentation without the express written permission of Mercury Systems, Inc., 3601 E University Dr., Phoenix, AZ 85034. Document Change Log Version Date Author Changes 1.0 1/8/2020 Devin Becker Original Document 1.1 2/06/2020 Devin Becker Updated to address ECR comments Page 2 of 40 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drive Table of Contents 1. Security Target (ST) Introduction ........................................................................................ 6 1.1 Security Target Reference ........................................................................................... 6 1.2 Target of Evaluation Reference.................................................................................... 6 1.3 Target of Evaluation Overview ..................................................................................... 7 1.3.1 TOE Product Type ................................................................................................ 7 1.3.2 TOE Usage ........................................................................................................... 7 1.3.3 TOE Major Security Features Summary ................................................................ 7 1.3.4 TOE IT environment hardware/software/firmware requirements............................ 7 1.4 Target of Evaluation Description .................................................................................. 7 1.4.1 Target of Evaluation Physical Boundaries ............................................................. 7 1.4.2 Target of Evaluation Logical Boundaries .................................................................... 8 1.4.3 TOE Description ................................................................................................... 8 1.5 Notation, Formatting, and Conventions ........................................................................ 9 2. Conformance Claims .........................................................................................................11 2.1 Common Criteria Conformance Claims .......................................................................11 2.2 Conformance to Protection Profiles .............................................................................11 2.3 Conformance to Security Packages ............................................................................11 2.4 Conformance Claims Rationale...................................................................................11 3. Security Problem Definition ................................................................................................13 3.1 Threats .......................................................................................................................13 3.2 Organizational Security Policies ..................................................................................14 3.3 Assumptions ...............................................................................................................14 4. Security Objectives ............................................................................................................17 4.1 Security Objectives for the Operational Environment ..................................................17 5. Extended Components Definition .......................................................................................18 5.1 Extended Security Functional Requirements Definitions .............................................18 5.2 Extended Security Assurance Requirements Definitions .............................................18 6. Security Requirements .......................................................................................................19 6.1 Security Functional Requirements ..............................................................................19 6.1.1 Class FCS: Cryptographic Support ......................................................................20 6.1.2 Class FDP: User Data Protection .........................................................................24 6.1.3 Class FMT: Security Management .......................................................................24 6.1.4 Class FPT: Protection of the TSF .........................................................................25 6.2 Security Assurance Requirements ..............................................................................27 6.2.1 Extended Security Assurance Requirements .......................................................27 Page 3 of 40 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drive 7. TOE Summary Specification ..............................................................................................28 7.1 Cryptographic Support ................................................................................................28 7.1.1 Cryptographic Key Generation and Derivation .....................................................28 7.1.2 Cryptographic Key and Key Material Destruction .................................................30 7.1.3 Cryptographic Operations ....................................................................................31 7.2 User Data Protection ...................................................................................................32 7.2.1 Protection of Data on Disk ...................................................................................32 7.3 Security Management .................................................................................................33 7.3.1 Specification of Management Functions ...............................................................33 7.3.2 Security Roles ......................................................................................................34 7.4 Protection of the TSF ..................................................................................................34 7.4.1 Protection of Key and Key Material ......................................................................34 7.4.2 Power Saving States ............................................................................................34 7.4.3 Trusted Update ....................................................................................................34 7.4.4 TSF Testing .........................................................................................................35 8. Terms and Definitions ........................................................................................................37 9. References ........................................................................................................................40 Page 4 of 40 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drive Table 1: FIPS Approved Cryptographic Algorithms .................................................................... 9 Table 2: Applied Technical Decisions ........................................................................................11 Table 3: Threats ........................................................................................................................13 Table 4: Assumptions................................................................................................................14 Table 5: Security Objectives for the Operational Environment ...................................................17 Table 6: Security Functional Requirements ...............................................................................19 Table 7: Assurance Requirements ............................................................................................27 Table 8: Cryptographic Key Table – Mode 1 .............................................................................30 Table 9: Cryptographic Key Table – Mode 6 .............................................................................31 Table 10: Cryptographic Operations ..........................................................................................31 Table 11: Self-tests ...................................................................................................................35 Table 12: Conditional self-tests .................................................................................................35 Table 13: cPP Glossary ............................................................................................................37 Table 14: CC Abbreviations and Acronyms ...............................................................................38 Table 15: TOE Guidance Documentation ..................................................................................40 Table 16: Common Criteria v3.1 References ............................................................................40 Table 17: Supporting Documentation ........................................................................................40 Page 5 of 40 Security Target for Mercury Systems ASURRE-StorTM
Load more

Recommended publications
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
    [Show full text]
  • Cryptography Using Steganography: New Algorithms and Applications
    Technological University Dublin ARROW@TU Dublin Articles School of Electrical and Electronic Engineering 2011 Cryptography Using Steganography: New Algorithms and Applications Jonathan Blackledge Technological University Dublin, [email protected] Follow this and additional works at: https://arrow.tudublin.ie/engscheleart2 Part of the Dynamic Systems Commons, and the Theory and Algorithms Commons Recommended Citation Blackledge, J. (2011) Cryptography and Steganography: New Algorithms and Applications. Lecture Notes, Centre for Advanced Studies, Warsaw University of Technology, Warsaw, 2011. doi:10.21427/D7ZS63 This Article is brought to you for free and open access by the School of Electrical and Electronic Engineering at ARROW@TU Dublin. It has been accepted for inclusion in Articles by an authorized administrator of ARROW@TU Dublin. For more information, please contact [email protected], [email protected], [email protected]. This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License Cryptography and Steganography: New Algorithms and Applications Prof. Dr. Jonathan Blackledge Science Foundation Ireland Stokes Professor School of Electrical Engineering Systems Dublin Institute of Technology Distinguished Professor Centre for Advanced Studies Warsaw University of Technology http://eleceng.dit.ie/blackledge http://jmblackledge.web.officelive.com [email protected] [email protected] Editor: Stanislaw Janeczko Technical editors: Malgorzata Zielinska, Anna Zubrowska General layout and cover design: Emilia Bojanczyk c Centre for Advanced Studies, Warsaw University of Technology, Warsaw 2011 For additional information on this series, visit the CAS Publications Website at http://www.csz.pw.edu.pl/index.php/en/publications ISBN: 978-83-61993-01-83 Pinted in Poland Preface Developing methods for ensuring the secure exchange of information is one of the oldest occupations in history.
    [Show full text]
  • Mercury Series Industrial Wimax Networking Mercury 900 & Mercury 3650
    Digital Energy MDS Mercury Series Industrial WiMAX Networking Mercury 900 & Mercury 3650 LAN Extension | Mobile and Fixed Long Range WiMAX Technology MDS Mercury is a highly secure, industrial-grade WiMAX platform for mission critical, industrial and • Up to 9 Mbps, (800 kbps for mobile parked) public safety applications, including AMI, SCADA, Distributed Automation devices, video, Voice over • Time-Division Duplexing (TDD) synchronization Internet Protocol, mobile data, and Intranet applications. With aggregate Ethernet throughput up to for deterministic deployments 9 Mbps (or 800 kbps for nomadic mobile deployments), and a choice of frequencies, MDS Mercury • Seamless, automatic adaptive modulation for has the capacity, service prioritization, and deployment flexibility to facilitate your immediate and optimized throughput long-term requirements. Key Benefits Industrially Hardened • WiMAX technology for high speed, long range point-to-multipoint communications • Operation in extreme temperatures from -300C to +700C • Prevents unauthorized network access and secures data as it’s transmitted over the air • Class I, Div 2 hazardous location approved • Rugged solution for operation in extreme temperature ranges and hazardous locations • IEEE-1613 compliant for operation in electric • Reduces required infrastructure and simplifies deployment and maintenance substation environments (standard remotes only) • Supports existing PLCs and RTUs with comprehensive serial protocol support • Rugged aluminum chassis tested to military • Optional second
    [Show full text]
  • Symbol Quest Now Live
    Symbol Quest Now Live Submitted by Greg on Tue, 2009-09-08 16:17 y The Lost Symbol TheLostSymbol.com now has a challenge live and ready to play, in which you must identify 33 symbols correctly (symbolic itself of the 33 degrees in Scottish Rite Freemasonry) in order to hear a short message from Dan Brown himself. You must get to all 33 with *no* errors, even though it seems to give you three strikes. If you're stuck, or just a bit lazy, click on 'Read More' for my solutions, and to find out what Dan Brown says at the end: -------------- Here are the solutions. You'll have to Google the symbols themselves if you don't know what I'm referring to with my answers. The numbers are the order I got the questions in, but they are random for each new challenger: 1. Sounds like a resident in the Garden of Eden: "Atom" (Adam) 2. Without End: "Infinity" 3. Hood ornament for Emil Jellinek's daughter: "Mercedes" 4. An age in the hair of broadway: "Aquarius" 5. Iesous Christos Theou Yios Soter: "Ichthys" (Christian Fish symbol) 6. The fork of Zeus's Younger Brother: "Trident of Neptune" 7. Opposing yet unified. "Yin and Yang" 8. Proofreader's mark from Latin "delere": "Delete proofreading symbol" (squiggle with loop at top right) 9. Kafka, Poe, or Khepri Embodied: "Scarab" (Egyptian Dung beetle) 10. Robert Langdon's favorite symbol: "Ankh" 11. Who uses this symbol? "World Health Organization (WHO" 12. Greek Goddess of Triumph: "Nike" 13. Alpha's antithesis: "Omega" 14.
    [Show full text]
  • Scamp Iv, Lecture V; History of the Invention And
    REF ID:A38396 r I LECTURE V HISTORY OF THE INVENTION AND DEVELOHllENT OF CIPHER DEVICES AND MACHI.NF.$. Three or four years ago I was asked to give a lecture before the Communica- tions-Electronics Division of the Air University, USAF, on the subject of communications security (COMSEC). About that time there was 'hP r "o:s..ui.i.ered into our ears over the radio a slogan concerned wi+~ ~oile traffic safety rules • ..... ThE" o1iugta.n." was: "Don't learn your traffic laws by accident!" I thought the slogan useful. as the title of my talk but l modified it a little: "Don't learn your COMSEC laws by accident•" I began my talk by reading Webster's definition of the word accident. I know, of course, that this group here today is not concerned particularly with COMSEC duties of any sort. But the definition of the word accident will nevertheless be of interest 11l connection with what will be said in a moment or two, so I'll read Webster's definition if you'll bear with me. Webster: "Acc:ulent" - literally, a be:talling. ~ '\ a. An event that takes place without one's foresight or expectation, ) '\;r an undesigned, sudden, and unexpected event. @'pp roved for Release by NSA on 10-10-2013 pursuantto E .0. 1352a REF ID:A38396 b Hence, often, an undesigned and unforeseen occurrence of an afflictive or unfortunate character, a llll.Shap resulting in injury to a person or damage to a thing, a casualty, as to die by an accident Having defined the word, I'll now proceed by relating an interesting, minor, but nevertheless quite important episode of the war in the Pacific Theatre during WWII, and I will introduce the acrount of that episode by saying that: During the W'lr, the President of the United States, Chief of' Sta.ff of the Ar1ff3' 1 the Commander-in-Chief' of the U.S.
    [Show full text]
  • Security Target Mercury Epassport V2.20
    Security Target Mercury ePassport v2.20 Revision: 3.5 CC Document Please read the Important Notice and Warnings at the end of this document 3.5 www.infineon.com 2020-07-15 Table of Contents 1.3.1 TOE definition.....................................................................................................................................3 1.3.2 TOE operational usage.......................................................................................................................4 1.3.3 TOE major security features ..............................................................................................................4 1.4.1 Component overview.........................................................................................................................4 1.4.2 Logical Scope of the TOE ...................................................................................................................7 1.4.3 Physical Scope of the TOE .................................................................................................................7 1.4.4 Interfaces of the TOE..........................................................................................................................7 1.4.5 Lifecycle and Delivery ........................................................................................................................7 6.2.1 Class FCS: Cryptographic Support...................................................................................................15 6.2.2 Class FMT Security Management.....................................................................................................15
    [Show full text]
  • 41774259081336
    eclassifi ed and a roved for release b NSA on 06-11-2014 ursuant to E .0. 1352 • ' 1"0P :s~enr - SECURI'l'Y INfl~ON SECT!ON A. U. S. COW,fiJNICATION SECURITY ~ PART I. LITERAL CIPHER MACHINm 1 • Machines Requiring No External Source of Power a. AFSAM D17 A small keyboard-operated, tape-printing literal cipher machine designed for use where electrical poi.·ier is not available. • Operates pneumatically at approxi.ma tely 15 to 20 words per minute, all power being supplied by the depression of the keyboard keys. Crypto-uni t is a reciprocal permuting maze consisting of ten 26- point rotors and a reflector. Eight of the rotors step in a single interrupted "COM" cascade. Two of the rotors and the reflector are settable, but do not step. All rotors are identically "wired" and their order in the maze is not changed. All rotors have rotatable alphabet rings and seven of the stepping rotors have settable pin- pattern rings for motion control. Size and Weight: 8" x 8" x 4"; 10 lbs. :pevelopment Status: The first engineering model developed by a cormnercial contractor has been completed and will be de­ livered to NSA by 1 Sept. 1953. 1 'POP 9EOR£'i' • b~ AFSAM D21 The AFSAM D21 is a manually operated, tape-printing, literal cipher device using a five level one-time key tape. It is intended to replace one-time pads in some limited applications. The oase, printing irechanism, and the bar drum of the M-209 are used; the key wheels are replaced by a tape reader.
    [Show full text]
  • Big Iron Lessons, Part 5: Introduction to Cryptography, from Egypt Through Enigma Page 1 of 10
    Big iron lessons, Part 5: Introduction to cryptography, from Egypt through Enigma Page 1 of 10 Big iron lessons, Part 5: Introduction to cryptography, from Egypt through Enigma Why embedding encryption is not easy, or "TKU YHLNGZSMP HKQFDWPCHD DL TUV FTCV" Sam Siewert ( [email protected] ), Adjunct Professor, University of Colorado Summary: When is an enigma not an enigma? When it is deciphered. Learn how to make your own paper enigma encoder, then peruse the source code that duplicates its action to understand its simple yet ingenious inner workings -- as well as the basics of good cryptography. Finally, accept the challenge to crack a simple transposition cipher, because all great encryption architects must first master the art of cryptanalysis. View more content in this series Date: 26 Jul 2005 Level: Introductory Activity: 473 views Comments: 0 ( Add comments ) Average rating (based on 52 votes) If you design systems that require end-to-end encryption or encrypted segments with stored or transported data, you should never underestimate the difficulty of fielding a truly secure, cost- effective, high-performance system. Embedding encryption in devices like automated teller machines, or credit card and point-of-sale systems can be tricky given the significant resource limitations and the vulnerability of these systems, which are often placed in public environments. The National Institute of Standards and Technology (NIST) has defined the FIPS (Federal Information Processing Standards) 140, 140-1, and, most recently, 140-2 standards, to ensure that public encryption for commerce is reasonably secure -- tamper proof, not vulnerable to cryptanalysis attacks over short periods of time, but still amenable to practical implementations.
    [Show full text]
  • Platform Integration Guide
    Platform Integration Guide 01.28.2013 Platform Integration Guide PCI/PA-DSS and Card Data Security Mercury is a long-standing, validated Level One Service Provider, listed on Visa’s Global Registry of validated Service Providers, http://www.visa.com/splisting/, and MasterCard's SDP Program (Site Data Protection) of compliant Service providers http://www.mastercard.com/us/company/en/docs/SP_Post_List_2012.pdf; Mercury is audited quarterly to maintain the highest level of platform security and compliance. All payment applications processing with Mercury adhere to PA-DSS/PCI-DSS compliance standards. Mercury is an industry leader in Card Data Security and maintains long-standing partnerships with trusted PA- QSAs. Mercury’s professional staff offers assistance in understanding the PA-DSS Validation/Certification process. Integrating to PA-DSS/PCI Security Standards from the onset assures a preferred combination of compliance integrity and market advantage. Integration Support Services Knowledgeable, dedicated team of developer support representatives. MercuryDev.Net: A fully-functional development testing environment that emulates the MercuryPay platform with real-time reporting logs. Platform-specific Credit, Debit, EBT, FSA and gift test cards and partial approval test trigger cards. Comprehensive Developer Portal (currently being redesigned) to access to SDK documentation, Sample Codes, and compliance information and certification scripts. MercuryPay Platform Products and Programs The MercuryShield™ suite of compliant security products: TranSentry™, Mercury's PA-DSS validated integrated compliant middleware solution; a set of .NET libraries built into an integrator’s POS and then confirmed compliant by an internal review. Point-to-Point Encryption (P2PE/E2E) used in conjunction with peripheral device manufactures to encrypt card data at the point of entry which can then only be decrypted by Mercury’s secure server network.
    [Show full text]
  • Crypto Glossary in .PDF
    Ritter's Crypto Glossary and Dictionary of Technical Cryptography Technical Cryptographic Terms Explained Laugh at deceptive claims! Learn why cryptography cannot be guaranteed! See Cryptography's Hall of Shame!: Crypto Controversies A Ciphers By Ritter Page Terry Ritter 2007 August 16 Copyright 1995 to 2007 Terry Ritter. All Rights Reserved. For a basic introduction to cryptography, see "Learning About Cryptography" @: http://www.ciphersbyritter.com/LEARNING.HTM. Please feel free to send comments and suggestions for improvement to: [email protected] (you may need to copy and paste the address into a web email reader). You may wish to help support this work by patronizing "Ritter's Crypto Bookshop" at: http://www.ciphersbyritter.com/BOOKSHOP.HTM. Index 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Or use the browser facility "Edit / Find on this page" to search for particular terms. Major Topics • I ntroduction • Arg umentation: adduction, fallacies, extraordinary claims, hypothesis, proof, scientific method, scientific model, scientific publication, Socratic Method, sophistry, term of art • Cr ypto Controversies: AES, BB&S, bijective compression, block cipher definitions, CBC first block problem, cryptanalysis, data compression, distinguisher, Dynamic Transposition, entropy, huge block cipher advantages, Kerckhoffs' requirements, known plaintext, multiple encryption, old wives' tale, one time pad, proof, randomness testing, really random, risk, scalable, snake oil, software patent, strength, term of art, threat model,
    [Show full text]
  • Table of Contents
    Cryptex Magazine: Cryptex Hunt 2019 Solution Guide Table of Contents Cryptex Magazine Cover ................................................................................................................. 2 Jigsaw + Start Code ...................................................................................................................... 3 Colorize Your Cryptex .................................................................................................................... 4 From the Editor ............................................................................................................................. 5 Editor Photo .................................................................................................................................. 6 The Tale of Ord ............................................................................................................................. 7 Feedback and Reviews ................................................................................................................... 8 Conundrum ................................................................................................................................... 9 Lexicon Green ............................................................................................................................. 10 Cryptexes In The Wild ................................................................................................................. 11 Puzzle Connection ......................................................................................................................
    [Show full text]
  • Rose Mary Sheldon
    1 The Friedman Collection: An Analytical Guide Rose Mary Sheldon 2 In Memoriam David Atlee Phillips ―It‘s a dirty job, but somebody has to do it.‖ 3 Preface and Grateful Acknowledgements No project of this size could be attempted or completed without the help of many other people. First and foremost I must thank Brian Shaw, President of the George C. Marshall Foundation and Paul B. Barron, Director of the Library and Archives for their permission to publish the collection. The staff of the Library, both past and present, was exceedingly helpful in getting the materials to me, especially JoAnn Hartog and Anne Wells, who arranged to have items delivered to the reading room before the Friedman Room itself was open to researchers. Peggy Dillard, now Director of the Woodrow Wilson Library in Staunton, Virginia, granted me unfettered access to the Friedman Collection and facilitated this publication in many ways. I thank my secretary Deneise Shafer for helping with the data input stage and helping to prepare the manuscript. Judy Rogers edited the final manuscript and the accuracy of the text is due entirely to her. Paul B. Barron, in particular, has understood the importance of getting this guide online and out to the interested public. A printed manuscript would not only have been too long to publish, but also too cumbersome to use, not to mention the time it would have taken to index the work. Now, researchers can simply scan the complete catalogue for topics of interest. We plan to update the work if corrections need to be made or if missing items are found.
    [Show full text]