SRX-R220 Physical Security
1
Physical Security • SRX-R220 housed in secure enclosure • Physical access to projector controlled – No direct physical access to the unencrypted signal path
• Side panels and door monitored by sensor switches – Intrusion detection recorded
2
FIPS Current standard is FIPS 140-2 level 3 • Security level 1: – Tamper evident – Pick resistant locks • Security level 2: – Role based authentication • Security level 3: – Detecting and responding to attempts at direct physical access
3
SRX-R220 meets security standard SPB-2 as demanded by DCI. Physical Security Requirements SPB-2 ・ The enclosure cannot be opened without leaving permanently visible damage or triggering a tamper event.
・ Locks: with pick resistant locks ・ Screws and Fasteners The attacker cannot insert a probe even if the attacker has opened any fasteners or removed any screws. ・ Plugs and Cables attachments must not provide a way that the attacker can access to the sensitive electronics. ・ The ventilation pathways must prevent line of sight access to any sensitive electronics. 4
Cabinet Panels
Numbering: Lens side is 1. counter-clock-wise methodical 1F: L1-L6 M2F: M1-M4 2F: U1-U6
U3
U2
U4
U6
U5
M2
U1 M3 M1 L4
L1
M4 L5
L2
L3
L6 5
Outside appearance
External connector: RS232 and USB only. Security lock: U2,U6,L1,L2 and L6 Two locks at U4 is not antipicking type. For maintenance of lamp and axis adjustment by the operator.
6
Internal structure
AC inlet and terminal are inside of L1. AC cable, Ethernet, Signal and Inter lock cable are fed here.
AC line filters 3-phase: terminals Lamp
Igniter
Single-phase: AC inlet
Shield case (Main circuit board)
Ballast
Rack mount for system components
Power supply unit Feed for LVDS cable (from MB to R220)
Pull box for AC
Duct for cooling SXRD
Air filter Duct for ALT Signal cable Duct for cooling 1F
7
Circuit breaker block
Security (2F) Fix screws for ceiling (take off side panel) Fix screws for M2F (take off side panel)
How to take off 2F cabinet panels 1.Unlock U6. U6 lock is effected U5 also. If unlock then Tamper SW turned on. 2.Slide U6 to rear side and take off. 3.Slide U5 to front side and take off. *Same for U2 and U3. 4.For access U1 and lens cover, Open U2 and U6 then access inside. 5.U4 is fixed by hinge. (No security)
Tamper SW is located barrier area
8
Tamper SW & Lock (2F) #1
Locked (U2)
Unlocked (U6)
For U2 and U6 locks, the cam push both tamper SW and edge of panel (U3, U5) when locked.
Edge of U3panel and Edge of Tamper SW
9
Tamper SW & Lock (2F) #2
Cabling route for U6 Tamper SW; the cable is routed inside of pillar >> fed to side of lighting unit >> join U2 Tamper SW cable >> go to security duct (shows red line of drawings)
Entrance of duct
10
LVDS route between Projector and MB Shield case (Main circuit board)
LVDS cable is fed from MB (1st floor) to Shield case (2nd floor) via M2F. There is security solid metal duct for cable, because M2F cabinet panel is made by punching metal.
Remove LVDS duct
Normal construction
Rack mount for system components
11
Security (M2F) Take off M2 panel
Take off M2 panel and air filter
M2(Right side of M2F) M2 panel is easy take off by operator because air filter maintenance. You can find punching metal enclosure (barrier) if take off M2 panel. You can find duct (barrier) if take off air filter. Fix points of enclosure and duct are inside of U2 and U3 panel. (U2 and U3 are security panel.) Fix point of M1 and M3 are inside of M4. If take off M1 and M3, you should take off U6 then U5 then M4.
Fix point of Enclosure and duct
12
Security (1F) Lock for L2
Tamper SW is located inside.
How to take off 1F cabinet panels Basically same as 2F Unlock > Slide L2 > Slide L3 Tamper SW is located inside. How to take off L4 After take off L2 and L3, slide left side (Rear view). How to take off L1 (Take off individually)
Lock for L1
Unlock upper side and un-latch lower side.
13
Tamper SW & Lock (1F) For L2 and L6 Tamper SW cable are routed ceiling of 1F and fed to FIS board. FIS board.
Tamper SW (L1) ďźš outside L1 door can be opened separately (UL requirement). When unlock L1 door open this side (see above picture). Tamper SW sense L1 panel directly. SW cable is fed to FIS board.
Tamper SW (L1) ďźš inside L2 and L6 locks are same construction of 2F. (Both push Tamper SW and L3,L5) SW cable are fed to FIS board . Then cable is fed from FIS board to nCipher card reader.
14
Security (When lamp door opened) Tamper SW
Barrier (show blue and red)
Fix point of M3 (doted circle)
Security when U4 (lamp door) opened You can not access circuit board area because there is barrier (show blue and red above figure). Tamper SW is located secured area (inside of barrier). Fix point for barrier are located front area (inside of barrier). You can not access fix point of M3 via lamp door. If take off M3 panel, you should take off M4 panel.
Tamper SW
For M4 panel access, you should take off U5 and U6 panel.
15