8 self-tests, 9 design assurance – Polycom VSX 3000 User Manual
Page 19
Non-Proprietary Security Policy, Version 1.0
June 15, 2007
Polycom VSX 3000, VSX 5000, and VSX 7000s
Page 19 of 23
© 2007 Polycom, Inc. -
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
1.7.3
Key Storage
The RSA public/private key pair and Integrity Check Key are stored in the modules’ flash drives in plaintext form.
The Session Key, IP Encryption Key, ISDN Encryption Key, DH public/private key pair, and PRNG seed are held
in volatile memory in plaintext.
1.7.4
Key Zeroization
The RSA key pair is zeroized by overwriting the flash image. The Session Key, IP Encryption Key, ISDN
Encryption Key, Diffie-Hellman (DH) private/public key pair and PRNG seed are available only temporarily in
volatile memory during video calls. These ephemeral keys and CSP are zeroized after the session is closed or
whenever power is cycled.
1.8 Self-Tests
The VSX 3000, VSX 5000, and VSX 7000s perform the following self-tests at power-up:
•
Software integrity check using a DSA signature verification
•
Known Answer Tests (KATs)
o
AES Known Answer Test (KAT)
o
Triple-DES KAT
o
RSA pairwise consistency check
o
FIPS 186-2 Appendix 3.1 PRNG KAT
The cryptographic modules also perform the following conditional self-tests:
•
Continuous RNG for FIPS 186-2 PRNG
•
Continuous RNG for non-approved RNG for entropy gathering
If any of the power-up self-test fails, the modules log the failure, and notification is provided to Crypto Officers
through serial traces. Security relevant module functionality is not provided until all self-tests are passed.
In case a self-test fails, the logged trace indicates which self-test failed, and the modules display a warning message
indicating the required reboot for the system. Since these messages are not available through the Secure Telnet
interface before all self-tests have passed, the messages are echoed to any connected monitor screen.
1.9 Design Assurance
Polycom uses automated Configuration Management (CM) of their source code modules, organizing source code
into separate version-controlled depots. Polycom uses Accurev’s TimeSafe® Configuration Management System to
perform automated source code control. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to
provide configuration management for the module’s FIPS documentation. This CM software and Polycom’s
process provides access control, versioning, and logging for all module source code and documentation.