beautypg.com

8 self-tests, 9 design assurance – Polycom VSX 3000 User Manual

Page 19

background image

Non-Proprietary Security Policy, Version 1.0

June 15, 2007

Polycom VSX 3000, VSX 5000, and VSX 7000s

Page 19 of 23

© 2007 Polycom, Inc. -

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

1.7.3

Key Storage

The RSA public/private key pair and Integrity Check Key are stored in the modules’ flash drives in plaintext form.
The Session Key, IP Encryption Key, ISDN Encryption Key, DH public/private key pair, and PRNG seed are held
in volatile memory in plaintext.

1.7.4

Key Zeroization

The RSA key pair is zeroized by overwriting the flash image. The Session Key, IP Encryption Key, ISDN
Encryption Key, Diffie-Hellman (DH) private/public key pair and PRNG seed are available only temporarily in
volatile memory during video calls. These ephemeral keys and CSP are zeroized after the session is closed or
whenever power is cycled.

1.8 Self-Tests

The VSX 3000, VSX 5000, and VSX 7000s perform the following self-tests at power-up:

Software integrity check using a DSA signature verification

Known Answer Tests (KATs)

o

AES Known Answer Test (KAT)

o

Triple-DES KAT

o

RSA pairwise consistency check

o

FIPS 186-2 Appendix 3.1 PRNG KAT

The cryptographic modules also perform the following conditional self-tests:

Continuous RNG for FIPS 186-2 PRNG

Continuous RNG for non-approved RNG for entropy gathering

If any of the power-up self-test fails, the modules log the failure, and notification is provided to Crypto Officers
through serial traces. Security relevant module functionality is not provided until all self-tests are passed.
In case a self-test fails, the logged trace indicates which self-test failed, and the modules display a warning message
indicating the required reboot for the system. Since these messages are not available through the Secure Telnet
interface before all self-tests have passed, the messages are echoed to any connected monitor screen.

1.9 Design Assurance

Polycom uses automated Configuration Management (CM) of their source code modules, organizing source code
into separate version-controlled depots. Polycom uses Accurev’s TimeSafe® Configuration Management System to
perform automated source code control. Additionally, Microsoft Visual Source Safe (VSS) version 6.0 is used to
provide configuration management for the module’s FIPS documentation. This CM software and Polycom’s
process provides access control, versioning, and logging for all module source code and documentation.

This manual is related to the following products: