Cryptographic support, Able, Fips-v – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual

Page 45: Alidated, Ryptographic, Lgorithms, 2 cryptographic support

Advertising
background image

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 45 of 67

© 2008 Nortel Networks

6.1.2 Cryptographic Support

The TOE’s cryptographic functionality is provided by a FIPS 140-2-validated cryptographic module. All modules
have received either a Level 1 or Level 2 FIPS 140-2 validation. Table 8 below indicates the modules and the
validation levels achieved.

Table 8 - FIPS Validated Modules

Validation

Modules

FIPS 140-2 Certificate #

Hardware modules

FIPS 140-2 validated

at level 2

VPN Router 1750, 2700, 2750 and 5000 with Hardware

Accelerator

1068

VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security

Accelerator

1073

Nortel VPN Router 600, 1750, 2700, 2750 and 5000

1066

Hardware modules

FIPS 140-2 validated

at level 1

Nortel VPN Router 1010, 1050 and 1100

1067

Software module

being validated at

level 1 of FIPS 140-2:

VPN Client Software

1032

The TOE’s cryptographic module implements and utilizes the following FIPS-validated cryptographic algorithms:

Table 9 - FIPS-Validated Cryptographic Algorithms

Algorithm

Key Size(s) (bits)

Validated Against

FIPS Certificate #

3DES

168

FIPS 46-3

641, 642, 644

AES

128, 256

FIPS 197

718, 719, 721

RSA

5

1024, 2048

FIPS 186-2

338, 339

SHA-1

N/A

FIPS 180-2

738, 739, 740

HMAC-SHA-1

160

FIPS 198

6

387, 388, 389

The TOE generates RSA keys for signature generation and verification. During the key generation process, all weak
keys are discarded. The resultant strong RSA keys are used to perform key agreement and authentication in
accordance with the Diffie-Hellman and IKE protocols.

The TOE performs encryption and decryption using the 3DES and AES algorithms. The TOE implements the
HMAC-SHA-1 algorithm in order to perform data origin authentication and data integrity checks upon encrypted
packets entering the TOE. The TOE implements SHA-1 algorithm in order to perform data integrity checks upon
encrypted packets entering the TOE.

The TOE destroys keys when they are no longer needed by “zeroizing” them. Zeroization is performed by
overwriting the memory location containing the keys with zeros before marking the memory location as being free

5

Via the RSA BSAFE library.

6

FIPS 198 is equivalent to RFC 2104.

Advertising
This manual is related to the following products:

Nortel Network VPN Router and Client Workstation 7.11

Popular Brands
Popular manuals