Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E .

Module Validation LevelThe following table lists the level of validation for each area in the FIPS PUB 140-2.No.1234567891011OverallArea TitleLevelCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key managementElectromagnetic Interface/Electromagnetic CompatibilitySelf‐TestsDesign AssuranceMitigation of Other AttacksOverall module validation levelTable 2: Module Validation Level22322N/A2223N/A2Cryptographic BoundaryThe cryptographic boundary is defined as being the physical enclosure of the chassistogether with the respective opacity shields if applicable.All of the functionality described in this publication is provided by components withinthis cryptographic boundary. For Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst4507R E and Catalyst 4510R E, each module incorporates one or more supervisorblades and one or more linecards; for Catalyst C4500X-16SFP , Catalyst C4500X-F16SFP , Catalyst C4500X-32SFP , Catalyst C4500X-F-32SFP , Catalyst C4500X24X-ES, Catalyst C4500X-40X-ES and Catalyst C4500X-24X-IPB, each module is afixed configuration.Cryptographic Module Ports and InterfacesEach module provides a number of physical and logical interfaces to the device, and thephysical interfaces provided by the module are mapped to four FIPS 140-2 definedlogical interfaces: data input, data output, control input, and status output. The modulealso supports a power interface. The logical interfaces and their mapping are described inthe following tables:Physical InterfaceLogical Interface10/100/1000Mbps Ethernet ports10G SFP Ethernet portsConsole PortManagement Port10/100/1000Mbps Ethernet ports10G SFP Ethernet portsConsole PortData Input InterfaceData Output Interface8

Management Port10/100/1000Mbps Ethernet portsControl Input Interface10G SFP Ethernet portsConsole PortManagement Port10/100/1000Mbps Ethernet portsStatus Output Interface10G SFP Ethernet portsConsole PortManagement PortLEDsPower PlugPower InterfaceTable 3: Physical To Logical InterfacesNote: Two USB ports and Secure Digital slot on each module are disabled by TELs inFIPS modeRoles, Services, and AuthenticationAuthentication is identity-based. Each user is authenticated upon initial access to themodule. There are two roles in the Switch that operators may assume: the Crypto Officer(CO) role and the User role. The administrator of the Switch assumes the CO role inorder to configure and maintain the Switch using CO services, while the Users exercisesecurity services over the network. The module supports RADIUS for authentication.User RoleThe role assumed by users obtaining general security services. From a logical view, useractivity exists in the data-plane. Users access via network ports using CTS protocols.CTS uses 802.1X and EAP-FAST for authentication.CTS can use password based credentials – in such a case the user passwords must be atleast eight (8) characters long, including at least one letter and at least one numbercharacter, in length (enforced procedurally). If six (6) integers, one (1) special characterand one (1) alphabet are used without repetition for an eight (8) digit PIN, the probabilityof randomly guessing the correct sequence is one (1) in 251,596,800 (this calculation isbased on the assumption that the typical standard American QWERTY computerkeyboard has 10 Integer digits, 52 alphabetic characters, and 32 special charactersproviding 94 characters to choose from in total. The calculation should be 10 x 9 x 8 x 7x 6 x 5 x 32 x 52 251, 596, 800 ). Therefore, the associated probability of a successfulrandom attempt is approximately 1 in 251,596,800, which is less than 1 in 1,000,000required by FIPS 140-2.CTS can also use certificate credentials using RSA keys – in such a case the securitystrength is 112 bits, so an attacker would have a 1 in 2112 chance of a successfulauthentication which is much stronger than the one in a million chance required by FIPS140-2.9

CO RoleThe role assumed by an authorized CO connecting to the switch via CLI through theconsole port and performing management functions and module configuration. From alogical view, CO activity exists only in the control plane. IOS prompts the CO for theirusername and password, if the password is validated against the CO’s password in IOSmemory, the user is allowed entry to the IOS executive program. A CO can assignpermission to access the CO role to additional accounts, thereby creating additional COs.All CO passwords must be 8 characters up to 25 characters with a minimum of one letterand one number. If six (6) integers, one (1) special character and one (1) alphabet areused without repetition for an eight (8) digit PIN, the probability of randomly guessingthe correct sequence is one (1) in 251,596,800 (this calculation is based on theassumption that the typical standard American QWERTY computer keyboard has 10Integer digits, 52 alphabetic characters, and 32 special characters providing 94 charactersto choose from in total. The calculation should be 10 x 9 x 8 x 7 x 6 x 5 x 32 x 52 251,596, 800 ). Therefore, the associated probability of a successful random attempt isapproximately 1 in 251,596,800, which is less than 1 in 1,000,000 required by FIPS 1402.ServicesRoleUserAuthenticationMethodCTS, SSH, TLS, IPsecAuthenticationServicesStatus Functions: view state of interfaces, view state ofconnection, version of IOS currently running.Network Functions: connect to other network devices throughoutgoing telnet or PPP, and initiate diagnostic network services(for example, ping or mtrace).Terminal Functions: adjust the terminal session (that is, lockthe terminal and adjust flow control).Directory Services: display directory of files kept in flashmemory.CryptographicOfficerConsole loginPerform Self Tests: occurs upon system startup.Configure the switch: define network interfaces and settings,create command aliases, set the protocols the switch willsupport, enable interfaces and network services, set systemdate and time, and load authentication information.Define rules and filters: create packet filters that are applied touser data streams on each interface. Each filter consists of a setof rules, which define a set of packets to permit or deny basedon characteristics such as protocol ID, addresses, ports, TCPconnection establishment, or packet direction.Status functions: view the switch configuration, routing tables,and active sessions; view health, temperature, memory status,10

RoleAuthenticationMethodServicesvoltage, and packet statistics; review accounting logs, and viewphysical interface status.Manage the switch: log off users, shut down or reload theswitch, manually back up switch configurations, view completeconfigurations, manager user rights, and restore switchconfigurations.Set Encryption/Bypass ‐ Place module into Encryption orBypass state.Perform Self‐Tests ‐ Perform the FIPS 140 start‐up tests ondemand.UnauthenticatedZeroization: Delete all CSP dataShow status (viewing LEDs), passing traffic in bypass andpower‐cycling the device.Table 4: Module Roles/ServiceN/ACryptographic Key/CSP ManagementThe module securely administers both cryptographic keys and other critical securityparameters such as passwords. The tamper evidence seals provide physical protection forall keys. All keys are also protected by the password-protection on the CO role login, andcan be zeroized by the CO. All zeroization consists of overwriting the memory that storedthe key. Keys are exchanged and entered electronically. Persistent keys are entered bythe CO via the console port CLI, transient keys are generated or established and stored inDRAM.The module supports the following critical security parameters scriptionOriginStorageZeroizationMethodSP 800‐90CTR DRBG256‐bitsThis is the entropyfor SP 800‐90 RNG.Generated byinternal entropysourceDRAM(plaintext)power cycle thedeviceDRBG seed SP 800‐90CTR DRBG384‐bitsThis is the seed forSP 800‐90 RNG.Generated byentropy sourcevia theCTR DRBGderivationfunctionDRAM(plaintext)power cycle thedevice11

DRBG VSP 800‐90CTR DRBG128‐bitsInternal V value usedas part of SP800-90 CTR DRBGGenerated byentropy sourcevia theCTR DRBGderivationfunction. It isstored in DRAMwith plaintextform.DRAM(plaintext)power cycle thedeviceDRBG KeySP 800‐90CTR DRBG256‐bitsInternal Key valueused as part of SP800-90 CTR DRBGgenerated fromentropy sourcevia theCTR DRBGderivationfunctionDRAM(plaintext)power cycle thedeviceDiffie‐HellmanprivateexponentDH224 ‐ 379 bitsThe private exponent Generated using DRAMused in Diffie‐RNG(plaintext)Hellman (DH)exchange.Automaticallyafter tDH2048 – 4096bitsThe public exponentused in Diffie‐Hellman (DH)exchange.generated by the DRAMDiffie‐Hellman(plaintext)Key exchangeAutomaticallywhen sessionexpiresDiffie‐HellmansharedsecretDH2048 – 4096bitsShared secretgenerated by theDiffie‐Hellman KeyexchangeShared secretDRAMgenerated by the (plaintext)Diffie‐HellmanKey exchangeAutomaticallywhen sessionexpiresSecretPairwiseMasterKey (PMK)– 802.11x‐REV64 byte keyused to derivePTK which isused togenerate CTSsession MACandEncryptionkeys. Only thefirst 32 bytesare used byCTS.64 byte key used toderive PTK which isused to generateCTS session MAC andEncryption keys.Only the first 32bytes are used byCTS.ManuallyDRAMconfigured in(plaintext)CTS manualmode.Generated byACS and sent toAuthenticatorand generatedinternally bysupplicant in CTSdot1x mode.unconfigure thePMK in CTSmanual modeor unconfigurects dot1x in CTSdot1x mode.SessionKey ‐802.11x‐REVAES‐GCM128‐bitsUsed for bulkencryption of dataDerived by SAPDRAM(plaintext)Automaticallywhen sessionexpiresSAPPairwiseTransientKey (PTK)SharedSecret128‐bitConcatenation ofKCK and KEK.Concatenationof KCK and KEK.DRAM(plaintext)Automaticallywhen sessionexpires128‐bitUsed to encrypt SAPpayloads during SAPprotocolimplementations.Derived by SAPDRAM(plaintext)Automaticallywhen sessionexpiresSAP KeyAESEncryptionKey (KEK)12

SAP KeyHMAC‐Confirmati SHA‐1on Key(KCK)160‐bitUsed to protect SAPpayloads integrityduring SAP protocolimplementations.Derived by SAPDRAM(plaintext)Automaticallywhen sessionexpiresCTSpasswordSharedSecretUp to 256bytesThis is CTScredential. Used forCTS device toauthenticate itself.The maximum size is256 bytes.User configuredNVRAM(plaintext)Via thefollowing CLI,“clear ctscredentials”.CTS PACkeySecret256‐bitsCTS PAC is aGenerated andProtected Accesssent by ACS toCredential that isthe CTS devicemutually anduniquely sharedbetween the peerand ACS. It is used tosecure EAP‐FASTtunnel.NVRAM(plaintext)Via thefollowing CLI,“clear cts pacsSecureRADIUSKEKAES keywrap KEK256‐bits[pac] [keywrapencryption‐key secret message‐auth‐code‐key secret ][format {ascii hex}]key shared‐secret User configuredNVRAM(plaintext)Resetting orrebooting themoduleSecureRADIUSMACKAES key256‐bitswrap MACK[pac] [keywrapencryption‐key secret message‐auth‐code‐key secret ][format {ascii hex}]key shared‐secret User configuredNVRAM(plaintext)Resetting orrebooting themoduleSkeyidKeyed SHA‐ 160‐bits1Used to deriveskey d.Value derivedDRAMfrom the shared (plaintext)secret within IKEexchange.Zeroized whenIKE session isterminated.Automaticallyafter IKE sessionterminated.skeyid dKeyed SHA‐ 160‐bits1Derived as part ofthe IKE process.The IKE keyderivation keyfor non callyafter IKE sessionterminated.IKE session Triple‐encryption DES/AESkeyTriple‐DESThe IKE session(168‐bits)/AES encrypt key.(256‐bits)Generated byRNGDRAM(plaintext)Automaticallyafter IKE sessionterminated.IKE session SHA‐1authentica HMACtion key160‐bitsThe IKE sessionauthentication key.Generated aspart of IKEDRAM(plaintext)Automaticallyafter IKE sessionterminated.ISAKMPSecretpresharedAt least eightcharactersThe key used togenerate IKE skeyidConfigured byCONVRAM(plaintext)“# no cryptoisakmp key”13

during preshared‐keyauthentication. Thiskey can have twoforms based onwhether the key isrelated to thehostname or the IPaddress.IKE RSARSAAuthentication publicKey2048‐bitsRSA puplic key forIKE authentication.Generated orNVRAMentered with(plaintext)“crypto keyring”or “ca trust‐point”“# crypto keyzeroize rsa"IKE RSARSAAuthenticationprivateKey2048‐bitsRSA private key forIKE authentication.Generated orDRAMentered with(plaintext)“crypto keyring”or “ca trust‐point”“# crypto keyzeroize rsa"IPSecTriple‐encryption DES/AESkeyTriple‐DESThe IPSec encryption(168‐bits)/AES key. Zeroized when(256‐bits)IPSec session isterminated.Derived usingthe IKE hen IPSecsessionterminated.IPSecSHA‐1authentica HMACtion key160‐bitsThe IPSecauthentication key.The zeroization is thesame as above.Derived usingthe IKE hen IPSecsessionterminated.RSA2048‐bitsPrivate key used inSSH protocolcrypto keygenerate rsaNVRAM(plaintext)crypto keyzeroize rsaRSA public RSAkey (SSH)2048‐bitsPublic key used inSSH protocolcrypto keygenerate rsaDRAM(plaintext)crypto keyzeroize rsaRSAprivatekey (SSH)SSHsessionkeyTRIPLE‐DES 128, 192, 256/ AESbits (AES)168 bits(TRIPLE‐DES)This is the SSHEstablished using DRAMsession key. It is used DH/RSA(plaintext)to encrypt all SSHdata trafficstraversing betweenthe SSH client andSSH server.Zeroized whenSSH session isterminatedZeroized whenSSH session isterminatedSSHHMAC‐SHA‐1sessionauthentication key160‐bitsThis key is used toperform theauthenticationbetween the SSHclient and SSHserver.RSAprivatekey (TLS)2048 bitsIdentity certificatescrypto keyfor module itself and generate rsaalso used in TLSnegotiations. ThisCSP is used for bothSSL VPN and SIPGateway SignalingOver TLS Transport.RSA14Established using DRAMDH/RSA(plaintext)NVRAM(plaintext)crypto keyzeroize rsa

RSA public RSAkey (TLS)2048 bitsIdentity certificatescrypto keyfor module itself and generate rsaalso used in TLSnegotiations.DRAM(plaintext)crypto keyzeroize rsaTLS pre‐mastersecretSharedSecret384‐bitsShared secretcreated usingasymmetriccryptography fromwhich new HTTPSsession keys can becreated.Created as partof TLS sessionestablishmentDRAM(plaintext)Zeroized whenTLS session s/168‐bits/256‐bitsGenerated using theTLS protocol.Created as partof TLS sessionestablishmentDRAM(plaintext)Zeroized whenTLS session isterminatedVSL PMKSharedSecret256‐bitThe preshared keyused for VSSconnectionsUser configuredNVRAM(plaintext)clear switchvirtual pmkVSLsessionkeysAES‐GCM128‐bitUsed for bulkDerived fromencryption of data in VSL PMKthe event of failoverDRAM(plaintext)Automaticallywhen VSLsession expiresUserpasswordSharedSecretAt least eight Password of the user User configured(8) characters rolelong, includingat least oneletter and atleast onenumbercharacterNVRAM(plaintext)Set newpasswordEnablesecretSharedSecreteight (8)characterslongObfuscatedpassword of the COrole.User configuredNVRAM(plaintext)Set newpasswordRADIUSsecretSharedSecretAt least eight The RADIUS Shared(8) characters Secretlong, includingat least oneletter and atleast onenumbercharacterUser configuredNVRAM(plaintext)# no radius‐server keyTACACS secretSharedSecretAt least eight The TACACS shared User configured(8) characters secretlong, includingat least oneletter and atleast onenumbercharacterNVRAM(plaintext)# no tacacs‐server keyTable 5: CSP TableThe services accessing the CSPs, the type of access and which role accesses the CSPs arelisted below.15

RoleUser RoleCrypto‐Officer RoleServiceCritical Security ParametersNetwork FunctionsDRBG entropy input, DRBG seed, DRBG V, DRBG Key, KeyDH private exponent, DH shared secret, 802.11

documentation is proprietary to Cisco Systems, Inc. and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact . Figure 5: Catalyst 4500X-16SFP and Catalyst 4500X-F-16SFP Front-to-Back airflow Figure 6: Catalyst 4500X-32SFP and Catalyst