Nortel Networks 7.11 Network Router User Manual

Open as PDF

of 67

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 45 of 67

6.1.2 Cryptographic Support

The TOE’s cryptographic functionality is provided by a FIPS 140-2-validated cryptographic module. All modules

have received either a Level 1 or Level 2 FIPS 140-2 validation. Table 8 below indicates the modules and the

validation levels achieved.

Table 8 - FIPS Validated Modules

Validation

Modules

FIPS 140-2 Certificate #

Hardware modules

FIPS 140-2 validated

at level 2

VPN Router 1750, 2700, 2750 and 5000 with Hardware

Accelerator

1068

VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security

Accelerator

1073

Nortel VPN Router 600, 1750, 2700, 2750 and 5000

1066

Hardware modules

FIPS 140-2 validated

at level 1

Nortel VPN Router 1010, 1050 and 1100

1067

Software module

being validated at

level 1 of FIPS 140-2:

VPN Client Software

1032

The TOE’s cryptographic module implements and utilizes the following FIPS-validated cryptographic algorithms:

Table 9 - FIPS-Validated Cryptographic Algorithms

Algorithm

Key Size(s) (bits)

Validated Against

FIPS Certificate #

3DES

168

FIPS 46-3

641, 642, 644

AES

128, 256

FIPS 197

718, 719, 721

RSA

1024, 2048

FIPS 186-2

338, 339

SHA-1

N/A

FIPS 180-2

738, 739, 740

HMAC-SHA-1

160

FIPS 198

387, 388, 389

The TOE generates RSA keys for signature generation and verification. During the key generation process, all weak

keys are discarded. The resultant strong RSA keys are used to perform key agreement and authentication in

accordance with the Diffie-Hellman and IKE protocols.

The TOE performs encryption and decryption using the 3DES and AES algorithms. The TOE implements the

HMAC-SHA-1 algorithm in order to perform data origin authentication and data integrity checks upon encrypted

packets entering the TOE. The TOE implements SHA-1 algorithm in order to perform data integrity checks upon

encrypted packets entering the TOE.

The TOE destroys keys when they are no longer needed by “zeroizing” them. Zeroization is performed by

overwriting the memory location containing the keys with zeros before marking the memory location as being free

Via the RSA BSAFE library.

FIPS 198 is equivalent to RFC 2104.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Nortel Networks 7.11 Network Router User Manual