Page History
...
Self-Tests- The
implements cryptographic algorithms using software firmware and hardware and the modules perform various self-tests (power-up self-test, conditional self-test, and critical function self-test) to verify their functionality and correctness. If any of the tests fail, the module goes into “Critical Error” state and it disables all access to cryptographic functions and Critical Security Parameters (CSPs). The management interfaces do not respond to any commands until the module is operational. The Crypto Officer must reboot the modules to clear the error and return to normal operational mode.Spacevars 0 product Note Self-tests are performed only when the system is running in FIPS 140-2 mode.
The various self-tests are as follows:- Power-Up self-tests- The
performs self-tests at power-up to verify the integrity of the firmware images and the correct operation of the FIPS-approved algorithm implementation in the modulesSpacevars 0 product - Conditional self-tests- The
implements Conditional conditional self-tests such as Continuous Random Number Generator Tests (CRNGT), RSA Pair-wise Consistency Tests, Firmware Load Tests, and so on.Spacevars 0 product - Critical function tests- The
implements the SP 800-90A CTR_DRBG as it's random number generator. The SP 800-90A specification requires that certain critical functions be tested conditionally to ensure the security of the DRBG. Therefore, the critical function tests are implemented by the cryptographic modules.Spacevars 0 product
- Power-Up self-tests- The
FIPS Finite State Model- The following diagram demonstrates the
states and state transitions that occur within theSpacevars 0 product
:Spacevars 0 product Note The ability to change the FIPS 140-2 mode is reserved only for users having Administrator permissions; Administrator is a role in the
that may be assigned to a Crypto Officer in a FIPS-compliant system.Spacevars 0 product
- Install/upgrade Software Integrity Check- Software updates or patches that are to be loaded onto the machine are automatically checked for integrity by validating Sonus provided
provided signature file for the particular package. (See install/upgrade guide). Failure in validation causes the installation/upgrade to be aborted.Spacevars 0 company TLS v1.1 and v1.2 support for EMA/PM and SIP/TLS- TLS v1.1 and v1.2 provide resistance to certain known attacks (e.g. the BEAST attack affecting TLS v1.0) against earlier TLS versions and offer additional cipher suites not supported with TLS v1.0.
Note Although TLS v1.0 and v1.2 are enabled by default, Sonus recommends
recommends disabling v1.0 (if possible) in favor of the more-secure TLS v1.2, if browser support (for EMA/PM) and SIP peer interoperability (for SIP/TLS) considerations permit.Spacevars 0 company
...
| Note | ||||
|---|---|---|---|---|
As per FIPS 140-2 standards, Critical Security Parameters (CSPs) cannot be transferred from non-FIPS to FIPS mode. So, after enabling FIPS mode, the Operator must install new TLS certificates for EMA/PM to be operational. Sonus
|
On the SBC main screen, go to Administration > Users and Application Management > Fips-140-2. The Fips-140-2 window is displayed.
...
| Parameter | Description | ||
|---|---|---|---|
Mode |
A fresh software install that discards all prior state is required to set the FIPS-140-2 mode to 'disabled'. The options are:
|
...
Overview
Content Tools