3 - physical security policy
DESCRIPTION
SRX-R220 Physical Security 1 –No direct physical access to the unencrypted signal path •SRX-R220 housed in secure enclosure •Physical access to projector controlled –Intrusion detection recorded 2 • Security level 1: –Tamper evident –Pick resistant locks • Security level 2: –Role based authentication • Security level 3: –Detecting and responding to attempts at direct physical access Current standard is FIPS 140-2 level 3 3TRANSCRIPT
1
SRX-R220 Physical Security
2
Physical Security
• SRX-R220 housed in secure enclosure• Physical access to projector controlled
– No direct physical access to the unencrypted signal path
• Side panels and door monitored by sensor switches– Intrusion detection recorded
3
FIPS
• Security level 1:– Tamper evident– Pick resistant locks
• Security level 2:– Role based authentication
• Security level 3:– Detecting and responding to attempts at direct
physical access
Current standard is FIPS 140-2 level 3
4
SRX-R220 meets security standard SPB-2 as demanded by DCI.
Physical Security Requirements SPB-2 ・ The enclosure cannot be opened without leaving permanently visible damage or triggering a tamper event. ・ Locks: with pick resistant locks ・ Screws and Fasteners
The attacker cannot insert a probe even if the attacker has opened any fasteners or removed any screws.
・ Plugs and Cables attachments must not provide a way that the attacker can access to the sensitive electronics.
・ The ventilation pathways must prevent line of sight access to any sensitive electronics.
5
CabinetPanels
Numbering: Lens side is 1. counter-clock-wise methodical 1F: L1-L6 M2F: M1-M4 2F: U1-U6
U1
M1
L1
U6U5 M2
L5 L6
M4
U4
M3
L4
U3U2
L2 L3
6
Outside appearance
External connector:RS232 and USB only.
Security lock:U2,U6,L1,L2 and L6
Two locks at U4 is not anti-picking type. For maintenance of lamp and axis adjustment by the operator.
7
Internal structure
AC inlet and terminal are inside of L1.
AC cable, Ethernet, Signal and Inter lock cable are fed here.
Ballast
Rack mount for system components
3-phase: terminals Single-phase: AC inlet
AC line filters
Power supply unit
Shield case (Main circuit board)
Lamp
Air filter
Duct for cooling SXRD
Igniter
Duct for cooling 1FFeed for LVDS cable (from MB to R220)
Circuit breaker block
Pull box for AC
Duct for ALT Signal cable
8
Security (2F)
How to take off 2F cabinet panels
1.Unlock U6.
U6 lock is effected U5 also.
If unlock then Tamper SW turned on.
2.Slide U6 to rear side and take off.
3.Slide U5 to front side and take off.
*Same for U2 and U3.
4.For access U1 and lens cover, Open U2 and U6 then access inside.
5.U4 is fixed by hinge. (No security)
Tamper SW is located barrier area
Fix screws for ceiling (take off side panel)
Fix screws for M2F (take off side panel)
9
Tamper SW & Lock (2F) #1
Edge of U3panel and Edge of Tamper SW
Locked (U2) Unlocked (U6)
For U2 and U6 locks, the cam push both tamper SW and edge of panel (U3, U5) when locked.
10
Tamper SW & Lock (2F) #2
Entrance of duct
Cabling route for U6 Tamper SW; the cable is routed inside of pillar >> fed to side of lighting unit >> join U2 Tamper SW cable >> go to security duct (shows red line of drawings)
11
Rack mount for system components
Shield case (Main circuit board)
LVDS route between Projector and MBLVDS cable is fed from MB (1st floor) to Shield case (2nd floor) via M2F.There is security solid metal duct for cable, because M2F cabinet panel is
made by punching metal.
Remove LVDS duct Normal construction
12
Security (M2F)
M2(Right side of M2F)
M2 panel is easy take off by operator because air filter maintenance.
You can find punching metal enclosure (barrier) if take off M2 panel.
You can find duct (barrier) if take off air filter.
Fix points of enclosure and duct are inside of U2 and U3 panel. (U2 and U3 are security panel.)
Fix point of M1 and M3 are inside of M4. If take off M1 and M3, you should take off U6 then U5 then M4.
Fix point of Enclosure and duct
Take off M2 panel Take off M2 panel and air filter
13
Security (1F)
How to take off 1F cabinet panels
Basically same as 2F
Unlock > Slide L2 > Slide L3
Tamper SW is located inside.
How to take off L4
After take off L2 and L3, slide left side (Rear view).
How to take off L1 (Take off individually)
Unlock upper side and un-latch lower side.Lock for L1
Tamper SW is located inside.Lock for L2
14
Tamper SW & Lock (1F)
Tamper SW (L1) :inside
Tamper SW (L1) :outside
L1 door can be opened separately (UL requirement). When unlock L1 door open this side (see above picture). Tamper SW sense L1 panel directly. SW cable is fed to FIS board.
For L2 and L6 Tamper SW cable are routed ceiling of 1F and fed to FIS board.
L2 and L6 locks are same construction of 2F. (Both push Tamper SW and L3,L5) SW cable are fed to FIS board . Then cable is fed from FIS board to nCipher card reader.
FIS board.
15
Security (When lamp door opened)
Security when U4 (lamp door) opened
You can not access circuit board area because there is barrier (show blue and red above figure).
Tamper SW is located secured area (inside of barrier).
Fix point for barrier are located front area (inside of barrier).
You can not access fix point of M3 via lamp door.
If take off M3 panel, you should take off M4 panel.
For M4 panel access, you should take off U5 and U6 panel.
Barrier (show blue and red) Fix point of M3 (doted circle)Tamper SW
Tamper SW