Dell AP-175, W- AP92, W-AP105, AP-92, AP-93, W-AP93, AP-105 Crypto Officer Services, WPA2 PSK, Kek

Page 35

4.2 Services

The module provides various services depending on role. These are described below.

4.2.1 Crypto Officer Services

The CO role in each of FIPS modes defined in section 3.3 has the same services

Service	Description	CSPs Accessed (see section 6
		below for complete description of
		CSPs)

FIPS mode enable/disable	The CO selects/de-selects FIPS	None.
	mode as a configuration option.

Key Management	The CO can configure/modify the	∙	IKEv1/IKEv2 shared
	IKEv1/IKEv2 shared secret (The		secret
	RSA private key is protected by	∙	WPA2 PSK
	non-volatile memory and cannot	∙	WPA2 PSK
	non-volatile memory and cannot
	be modified) and the WPA2 PSK	∙	KEK
	(used in advanced Remote AP
	configuration). Also, the CO/User
	implicitly uses the KEK to
	read/write configuration to non-
	volatile memory.

Remotely reboot module	The CO can remotely trigger a	KEK is accessed when
	reboot	configuration is read during
		reboot. The firmware verification
		key and firmware verification CA
		key are accessed to validate
		firmware prior to boot.

Self-test triggered by CO/User	The CO can trigger a	KEK is accessed when
reboot	programmatic reset leading to	configuration is read during
	self-test and initialization	reboot. The firmware verification
		key and firmware verification CA
		key are accessed to validate
		firmware prior to boot.

Update module firmware	The CO can trigger a module	The firmware verification key
	firmware update	and firmware verification CA key
		are accessed to validate firmware
		prior to writing to flash.

Configure non-security related	CO can configure various	None.
module parameters	operational parameters that do not
	relate to security

35

Image 35

Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsAP-105 Series AP-175 SeriesROLES, Authentication and Services Acronyms and Abbreviations IntroductionAruba Dell Relationship IPSec GHzAruba Part Number Dell Corresponding Part Number Product OverviewAP-92 Physical DescriptionEnet AP-92 Indicator LEDs Label Function Action StatusPWR Label Function Action Status AP-93AP-93 Indicator LEDs Label Function Action Status AP-105 Series AP-105 Wireless Access PointAP-105 Indicator LEDs Label Function Action Status AP-175 Series AP-175 Wireless Access PointPhysical Description Function Action Status Position AP-175 Indicator LEDs LabelApplying TELs Module ObjectivesSecurity Levels Physical SecurityAP-92 Tel placement front view 2 AP-92 TEL PlacementAruba AP-92 Tel placement right view Aruba AP-92 Tel placement bottom view 3 AP-93 TEL PlacementAruba AP-93 Tel placement left view Aruba AP-93 Tel placement top view 4 AP-105 TEL PlacementAruba AP-105 Tel placement left view Aruba AP-105 Tel placement bottom view 5 AP-175 TEL PlacementAruba AP-175 Tel placement back view Aruba AP-175 Tel placement top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesRoles Roles, Authentication and ServicesCrypto Officer Authentication Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK KEK ServicesCrypto Officer Services WPA2 PSKEapol MIC User ServicesPMK PTKUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure