Dell W- AP92, W-AP105, AP-92, AP-175, AP-93, W-AP93, W-AP175, AP-105 Critical Security Parameters, Hmac

Page 40

6	Critical Security Parameters
The following Critical Security Parameters (CSPs) are used by the module:

				STORAGE
	CSP	CSP TYPE	GENERATION	And	USE
				ZEROIZATI
				ON

Key	Encryption Key	Triple-DES	Hard-coded	Stored in flash,	Encrypts
(KEK)		168-bits key		zeroized by the	IKEv1/IKEv2
				‘ap wipe out	preshared keys
				flash’	and
				command.	configuration
					parameters

IKEv1/IKEv2 Pre-shared		64 character	CO configured	Encrypted in	Module and
secret		preshared		flash using the	crypto officer
		key		KEK; zeroized	authentication
				by updating	during
				through	IKEv1/IKEv2;
				administrative	entered into
				interface, or by	the module in
				the ‘ap wipe	plaintext
				out flash’	during
				command.	initialization
					and encrypted
					over the IPSec
					session
					subsequently.

IPSec session encryption		168-bit	Established during	Stored in	Secure IPSec
keys		Triple-DES,	Diffie-Hellman key	plaintext in	traffic
		or	agreement	volatile
		128/192/256		memory;
		bit AES		zeroized when
		keys;		session is
				closed or
				system powers
				off

IPSec session		HMAC	Established during	Stored in	Secure IPSec
authentication keys		SHA-1 keys	Diffie-Hellman key	plaintext in	traffic
			agreement	volatile
				memory;
				zeroized when
				session is
				closed or
				system powers
				off

40

Image 40

Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page Aruba Dell Relationship Acronyms and Abbreviations AP-105 SeriesAP-175 Series Security Levels Physical SecurityROLES, Authentication and Services Aruba Dell Relationship IntroductionAcronyms and Abbreviations GHz IPSecProduct Overview AP-92Physical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-92 Indicator LEDs Label Function Action StatusEnet AP-93 Label Function Action StatusAP-93 Indicator LEDs Label Function Action Status AP-105 Wireless Access Point AP-105 SeriesAP-105 Indicator LEDs Label Function Action Status AP-175 Wireless Access Point AP-175 SeriesPhysical Description AP-175 Indicator LEDs Label Function Action Status PositionModule Objectives Security LevelsPhysical Security Applying TELs2 AP-92 TEL Placement AP-92 Tel placement front viewAruba AP-92 Tel placement right view 3 AP-93 TEL Placement Aruba AP-92 Tel placement bottom viewAruba AP-93 Tel placement left view 4 AP-105 TEL Placement Aruba AP-93 Tel placement top viewAruba AP-105 Tel placement left view 5 AP-175 TEL Placement Aruba AP-105 Tel placement bottom viewAruba AP-175 Tel placement back view Inspection/Testing of Physical Security Mechanisms Aruba AP-175 Tel placement top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceCrypto Officer Authentication Roles, Authentication and ServicesRoles User Authentication Wireless Client AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Services Crypto Officer ServicesWPA2 PSK KEKUser Services PMKPTK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure