Module Name
3e-636M CyberFence Cryptographic Module
Historical Reason
186-2 transition
Caveat
When operated in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions.
Approved Algorithms
AES |
Certs. #2060, #2078 and #2105 |
CVL |
Certs. #22, #87 and #169 |
DRBG |
Cert. #822 |
ECDSA |
Certs. #303 and #415 |
HMAC |
Certs. #1253 and #1259 |
KTS |
AES Cert. #2060 and HMAC Cert. #1253; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #1072 and #1278 |
SHS |
Certs. #1801 and #1807 |
Other Algorithms
Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)