LOK-IT Technical Overview
LOK-IT Technical Overview
LOK-IT Technical Overview
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
S Y S T E M A T I C D E V E L O P M E N T G R O U P , L L C<br />
SECURING THE PHYSICAL DEVICE<br />
<strong>LOK</strong>-<strong>IT</strong> employs a series of measures to defend against physical tampering of the device<br />
and attempted unauthorized access to its contents.<br />
FIPS 140-2<br />
<strong>LOK</strong>-<strong>IT</strong> models SDG003FM and SDG004FP are configured to meet FIPS 140-2 Level 3.<br />
Both models have passed all CMVP requirements and are NIST listed (Certificate #1527).<br />
<strong>LOK</strong>-<strong>IT</strong> models SDG002P and SDG005M incorporate the same user authentication,<br />
encryption and epoxy coating as SDG003FM and SDG004FP but are not configured to meet<br />
FIPS 140-2 Level 3.<br />
Level 1: FIPS 140-2 Security Level 1 provides the lowest level of security. Basic security<br />
requirements are specified for a cryptographic module (e.g., at least one Approved<br />
algorithm or Approved security function shall be used). No specific physical security<br />
mechanisms are required in a Security Level 1 cryptographic module beyond the basic<br />
requirement for production-grade components.<br />
Level 2: FIPS 140-2 Security Level 2 improves upon the physical security mechanisms of<br />
a Security Level 1 cryptographic module by requiring features that show evidence of<br />
tampering, including tamper-evident coatings or seals that must be broken to attain<br />
physical access to the plaintext cryptographic keys and critical security parameters (CSPs)<br />
within the module, or pick-resistant locks on covers or doors to protect against<br />
unauthorized physical access.<br />
Level 3: In addition to the tamper-evident physical security mechanisms required at<br />
Security Level 2, FIPS 140-2 Security Level 3 attempts to prevent the intruder from<br />
gaining access to CSPs held within the cryptographic module. Physical security<br />
mechanisms required at Security Level 3 are intended to have a high probability of<br />
detecting and responding to attempts at physical access, use or modification of the<br />
cryptographic module. The physical security mechanisms may include the use of strong<br />
enclosures and tamper detection/response circuitry that zeroes all plaintext CSPs when the<br />
removable covers/doors of the cryptographic module are opened.<br />
Form<br />
SDG002P and SDG004FP utilize an ABS form. SDG003FM and SDG005M utilize an<br />
anodized aluminum form. Through the FIPS process SDG will implement a uniform bonding<br />
process for ABS casings on all models (FIPS and non FIPS approved) as well as qualifying<br />
a standard for the anodized aluminum form.<br />
Epoxy Potting<br />
Epoxy potting defeats unauthorized access to the internal components within the<br />
cryptographic boundary and provides evidence of such attempts. Attempted removal of<br />
the epoxy potting causes irreversible damage to the components within the cryptographic<br />
boundary, thereby rendering them useless.<br />
<strong>LOK</strong>-<strong>IT</strong> models SDG003FM and SDG004FP are designed to meet epoxy potting<br />
requirements for protection of the cryptographic module as specified by FIPS 140-2 Level<br />
Level 3. <strong>LOK</strong>-<strong>IT</strong> models SDG002P and SDG005M use the same epoxy potting techniques<br />
but are not configured to meet FIPS 140-2 Level 3.<br />
Security Controller<br />
Most secure UFD security systems store the encryption key on the flash media.<br />
Accordingly, if the flash is accessed by forcing open the drive, the key can be accessed as<br />
Page 11 of 11