R&S®SMBV100A
Vector Signal Generator
Instrument Security Procedures
(;ÚèÔ2)
1176.9070.02 ─ 02
Instrument Security Procedures
R&S®SMBV100A
1 Overview................................................................................................. 2
2 Instrument Models Covered..................................................................2
3 Security Terms and Definitions............................................................ 3
4 Types of Memory and Information Storage in the R&S SMBV.......... 3
5 Instrument Declassification.................................................................. 7
6 Special Considerations for USB Ports and LAN Services................. 9
1 Overview
Contents
Contents
In many cases, it is imperative that the R&S SMBV Vector Signal Generators are used
in a secured environment. Generally these highly secured environments do not allow
any test equipment to leave the area unless it can be proven that no user information
leaves with the test equipment. Security concerns can arise when devices need to
leave a secured area e.g. to be calibrated or serviced.
This document describes the types of memory and their usage in the R&S SMBV. It
provides a statement regarding the volatility of all memory types and specifies the
steps required to declassify an instrument through memory clearing or sanitization procedures. These sanitization procedures are designed for customers who need to meet
the requirements specified by the US Defense Security Service (DSS).
2 Instrument Models Covered
Table 2-1: Vector Signal Generator models
Product name Order number
R&S SMBV100A 1407.6004.02
The Vector Signal Generator base unit must be ordered together with one of the following frequency options:
●
R&S SMBV-B103
●
R&S SMBV-B106
2Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
3 Security Terms and Definitions
Security Terms and Definitions
Clearing:
As defined in Section 8-301a of DoD 5220.22-M, "National Industrial Security Program
Operating Manual (NISPOM)", clearing is the process of eradicating the data on media
so that the data can no longer be retrieved using the standard interfaces on the instrument. Hence, clearing is typically used when the instrument is to remain in an environment with an acceptable level of protection.
Sanitization:
As defined in Section 8-301b of DoD 5220.22-M, "National Industrial Security Program
Operating Manual (NISPOM)", sanitization is the process of removing or eradicating
stored data so that the data cannot be recovered using any known technology. Instrument sanitization is typically required when an instrument is moved from a secure to a
non-secure environment, such as when it is returned for service of calibration.
The memory sanitization procedures described in this document are designed for customers who need to meet the requirements specified by the US Defense Security Service (DSS). These requirements are specified in the "Clearing and Sanitization Matrix"
in Section 14.1.16 of the ISFO Process Manual for the Certification and Accreditation
of Classified Systems under the NISPOM.
Instrument declassification:
A term that refers to procedures that must be undertaken before an instrument can be
removed from a secure environment, such as is the case when the instrument is
returned for calibration. Declassification procedures include memory sanitization or
memory removal, or both. The declassification procedures described in this document
are designed to meet the requirements specified in DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)", Chapter 8.
4 Types of Memory and Information Storage
in the R&S SMBV
The Vector Signal Generator contains various memory components.
The following table provides an overview of the memory components that are part of
your instrument. For a detailed description regarding type, size, usage and location,
refer to the subsequent sections.
3Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Types of Memory and Information Storage in the R&S SMBV
Volatile Memory
Memory type Size Content Volatility User
Data
SDRAM (CPU
board)
EEPROM (RF module, processor module)
Smart card (processor module)
Flash (processor
board)
256 Mbyte Temporary information stor-
age for operating system
and instrument firmware
●
4 x
4 kbyte up
to 1 Mbyte
32 kbyte
256 Mbyte
Module-specific data:
– Serial number
– Revision
– Options
●
Calibration and correction data
●
Initial CPU configuration data
Hardware information:
●
Serial number
●
Product options
●
Operation time
●
Power-on count
●
Operating system
●
Instrument firmware
●
Internal adjustment
data
●
Initial CPU configuration data
●
User data, instrument
and password settings
Volatile Yes Turn off instru-
Non-volatile No None required
Non-volatile No None required
Non-volatile Yes "Sanitize internal
Sanitization procedure
ment power
(no user data)
(no user data)
memory" procedure
(see "Flash"
on page 5)
Optional Hard Disk
R&S SMBV-B92
(removable)
4.1 Volatile Memory
80 Gbyte
The volatile memory in the instrument does not have battery backup. It loses its contents as soon as power is removed from the instrument. The volatile memory is not a
security concern.
Removing power from this memory meets the memory sanitization requirements specified in the "Clearing and Sanitization Matrix" in Section 5.2.5.5.5 of the ISFO Process
Manual for the Certification and Accreditation of Classified Systems under the NISPOM.
SDRAM
The SDRAM on the CPU board has a size of 256 Mbyte and contains temporary information storage for operating system and instrument firmware. The SDRAM loses its
memory as soon as power is removed.
Sanitization procedure: Turn off instrument power
●
Instrument settings
●
ARB waveform data
Non-volatile Yes Remove Hard
Disk from instrument
4Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Types of Memory and Information Storage in the R&S SMBV
Non-Volatile Memory
4.2 Non-Volatile Memory
The R&S SMBV contains various non-volatile memories. Out of these, the internal
Flash memory contains user data as well as instrument configuration in its Journaling
Flash File System (JFFS) area. The Flash memory can be sanitized via "Sanitize internal memory" procedure. If the R&S SMBV is equipped with the optional Hard Disk,
containing user data, it can be physically removed from the R&S SMBV and left in the
secure area.
All non-volatile memories of the R&S SMBV are not a security concern.
EEPROM
The RF module as well as the processor module of the R&S SMBV Vector Signal Generator are equipped with in total four serial EEPROM devices with a size of 4 kbyte up
to 1 Mbyte. The EEPROMs contain module-specific data, calibration correction data
and initial processor configuration data. In addition, the current setting of the "Standby"
button is saved here in order to restart the instrument properly in case of power loss.
The EEPROM does not hold user data nor can the user access the EEPROM storage.
Sanitization procedure: None required (no user data)
Smart card
The processor module of the R&S SMBV Vector Signal Generator is equipped with a
smart card with a size of 32 kbyte. It contains information related to the installed hardware, such as instrument serial number, product options, operating time and power-on
cycle count. The smart card does not hold user data nor can the user access the storage.
Sanitization procedure: None required (no user data)
Flash
The single-chip Flash memory, located on the processor board, has a size of
256 Mbyte of storage. The Flash contains boot code, maintenance and recovery system, the operating system and instrument firmware. Furthermore user data, instrument
and password settings are stored here.
Figure 4-1: Logical sections of the Flash memory
The Flash memory is logically divided into three sections:
●
Boot code/OS kernel:
The 8 Mbyte memory section contains the boot code and the operating system kernel. This area is initialized during production and can be updated in case of firmware update. It cannot be accessed by the user and is not modified during instrument operation.
5Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Types of Memory and Information Storage in the R&S SMBV
Non-Volatile Memory
●
Recovery area:
The 64 Mbyte memory section contains recovery data which is used to restore the
factory instrument configuration if required. This area is initialized during production. It cannot be accessed by the user and is not modified during instrument operation.
●
Journaling Flash File System (JFFS):
The remaining memory section is controlled by a Journaling Flash File System
(JFFS). This area is shared between operating system files, instrument firmware
and user data. Operating system files and instrument firmware are encapsulated in
preconfigured, read-only squash FS file systems. Both cannot be modified during
instrument operation nor can they be modified in parts. During firmware update,
they are replaced in total.
In the remaining JFFS area the following information is stored:
– User data and instrument settings (automatically or manually saved instrument
setups)
– Passwords
– LAN and USB port enable/disable states
– Internal adjustment data
The R&S SMBV provides a sanitizing procedure that ensures that user data is irretrievably removed from the instrument.
Sanitization procedure: "Sanitize internal memory" procedure
To sanitize the internal Flash memory, press the rotary knob and hold it while switching
on the instrument. When the maintenance system appears, execute the "Sanitize internal memory" procedure.
After activating the sanitizing procedure, the following steps occur:
●
The file rootfs.squashfs (read-only, encapsulating operating system files) and
the file optfs (read-only, encapsulating instrument firmware) are temporarily
saved in SDRAM.
●
A full sector erase command as per manufacturer data sheet is applied to each
sector of the JFFS area. This explicitly includes sectors which might be declared as
defect.
●
Every addressable location of the JFFS area is overwritten by a single character.
●
Again, a full sector erase command as per manufacturer data sheet is applied to
each sector of the JFFS area, including defect sectors.
●
The JFFS is recreated and operating system files as well as instrument firmware
are restored.
●
Passwords are reset to factory values, USB and Ethernet interfaces are enabled.
The "Sanitize internal memory" procedure meets the memory sanitization requirements
specified in the "Clearing and Sanitization Matrix" in Section 14.1.16 of the ISFO "Manual for the Certification and Accreditation of Classified Systems under the NISPOM".
6Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Instrument Declassification
Optional Hard Disk R&S SMBV-B92
The R&S SMBV Vector Signal Generator can be equipped with a removable Hard
Disk. The option R&S SMBV-B10/-B10F requires the R&S SMBV-B92 option (removable Hard Disk).
The Hard Disk is used to store:
●
Instrument settings
●
ARB waveform data
The Hard Disk can hold user data and is non-volatile. Hence, user data is not erased
when power is removed from the instrument.
The removable Hard Disk (R&S SMBV-B92) can be removed from the Vector Signal
Generator to make sure that no user data is stored within the Vector Signal Generator.
Sanitization procedure: Remove Hard Disk from instrument
5 Instrument Declassification
Before you can remove the Vector Signal Generator from a secured area (for example
to perform service or calibration), all classified user data needs to be removed. You
can declassify the Vector Signal Generator as follows:
1. Turn off the Vector Signal Generator. This will sanitize the volatile memory.
2. To sanitize the internal Flash memory, press the rotary knob and hold it while
switching on the instrument again.
Note: Do not use the function "Initialize Hard Disk" for sanitizing. It is only intended
for setting up the Hard Disk.
After a few seconds, the screen of the maintenance system appears.
Now you have the option to save the instrument configuration including firmware
and user data (but without passwords) to a USB mass memory, for example a
memory stick. To perform this operation, it is recommended that you use a USB
hub and an external keyboard.
To save the instrument configuration, proceed as follows:
● Connect the USB hub and the keyboard to the instrument
● Connect the USB memory to the hub too.
● Execute "Backup internal memory to USB" and follow the instructions.
To protect user data, this operation requires that you know the security password.
● Wait until the operation is completed.
● Remove the USB memory and keep it in the secure area.
To sanitize the internal memory, perform the following steps:
● Execute "Sanitize internal memory".
● Wait until the operation is completed.
3. Turn off the Vector Signal Generator and disconnect the power plug.
7Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Instrument Declassification
4. If the R&S SMBV is equipped with the option R&S SMBV-B92, remove the classfied removable Hard Disk by performing the following steps:
● Locate the Hard Disk.
Figure 5-1: Location of the Hard Disk
● Unscrew the two knurled screws.
● Remove the Hard Disk on the rear panel of the R&S SMBV.
Following these steps removes all user data from the Vector Signal Generator. The
Vector Signal Generator can now leave the secured area.
These declassification procedures meet the needs of customers working in secured
areas.
Once the R&S SMBV is outside the secured area, installing a second non-classified
removable Hard Disk (without any user data) allows the R&S SMBV to function properly for service or other needs.
Prior to re-entering the secured area, remove the non-classified removable Hard Disk
(without the user data). When the R&S SMBV is back within the secured area, the original classified removable Hard Disk can be reinstalled.
●
To hold classified user data in secure areas, use the removable Hard Disk
(R&S SMBV-B92) which comes with the instrument.
●
To hold non-classified user data in non-secure areas, use a second removable
Hard Disk (R&S SMBV-B92).
After service and re-entering the secured area, you have the option to restore the
instrument configuration:
1. If the instrument is equipped with the option R&S SMBV-B92, reinstall the classified R&S SMBV-B92 Hard Disk.
2. Power on the instrument and wait until it is operational.
3. Plug in the memory stick containing the classified user data and instrument configuration and follow the instructions.
The procedure is exactly the same as a firmware update.
8Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
6 Special Considerations for USB Ports and
Special Considerations for USB Ports and LAN Services
Special Considerations for LAN Ports
Note that instrument passwords are not restored by this procedure and must be set
separately.
Validity of instrument calibration after declassification
The calibration makes sure that measurements comply to government standards.
Rohde & Schwarz recommends that you follow the calibration cycle suggested for your
instrument.
The EEPROM is the only memory type used to hold permanent adjustment values
required to maintain the validity of the R&S SMBV's calibration. Therefore, performing
the declassification procedure does not affect the validity of the instrument’s calibration.
LAN Services
There are special considerations for R&S SMBV USB ports and LAN services to avoid
unauthorized data access in a high-security location.
6.1 Special Considerations for USB Ports
USB ports can pose a security risk in high-security locations. Generally, this risk comes
from small USB pen drives, also known as memory sticks or key drives. They can be
easily concealed and can quickly read/write several Gbyte of data.
Disabling USB ports
You can disable the USB ports of the R&S SMBV in the setup dialog:
1. Select "Setup", "Security", "USB Storage" and then "Disable".
2. Enter the Security Password and confirm with "Accept".
When disabled, no USB storage device is accepted by the instrument. Other nonmemory USB devices (such as keyboards and mice) are not affected.
The enable/disable state of the USB port is stored on the Flash memory.
6.2 Special Considerations for LAN Ports
To protect the instrument against unauthorized data access in your high-security location, you can disable the LAN interface.
9Instrument Security Procedures 1176.9070.02 ─ 02
R&S®SMBV100A
Special Considerations for USB Ports and LAN Services
Disabling LAN ports
You can disable the LAN ports of the R&S SMBV in the setup dialog:
1. Select "Setup", "Security", "LAN Services" and disable "LAN Interface".
2. Enter the Security Password and confirm with "Accept".
When disabled, no LAN connection can be established with the instrument.
The enable/disable state of the LAN port is stored on the Flash memory.
For more information concerning the security features, refer to the R&S SMBV100A
Operating Manual.
© 2016 Rohde & Schwarz GmbH & Co. KG
Mühldorfstr. 15, 81671 München, Germany
Phone: +49 89 41 29 - 0
Fax: +49 89 41 29 12 164
Email: info@rohde-schwarz.com
Internet: www.rohde-schwarz.com
Subject to change – Data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of their owners.
Throughout this manual, products from Rohde & Schwarz are indicated without the ® symbol , e.g.
R&S®SMBV is indicated as R&S SMBV.
10Instrument Security Procedures 1176.9070.02 ─ 02
Loading...