Dell W- AP92, W-AP105, AP-92, AP-175, AP-93, W-AP93, W-AP175, AP-105 Critical Security Parameters, Hmac

Page 40

6

Critical Security Parameters

 

 

The following Critical Security Parameters (CSPs) are used by the module:

 

 

 

 

 

 

 

 

 

 

 

STORAGE

 

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

 

ZEROIZATI

 

 

 

 

 

ON

 

 

 

 

 

 

 

Key

Encryption Key

Triple-DES

Hard-coded

Stored in flash,

Encrypts

(KEK)

168-bits key

 

zeroized by the

IKEv1/IKEv2

 

 

 

 

‘ap wipe out

preshared keys

 

 

 

 

flash’

and

 

 

 

 

command.

configuration

 

 

 

 

 

parameters

 

 

 

 

 

IKEv1/IKEv2 Pre-shared

64 character

CO configured

Encrypted in

Module and

secret

 

preshared

 

flash using the

crypto officer

 

 

key

 

KEK; zeroized

authentication

 

 

 

 

by updating

during

 

 

 

 

through

IKEv1/IKEv2;

 

 

 

 

administrative

entered into

 

 

 

 

interface, or by

the module in

 

 

 

 

the ‘ap wipe

plaintext

 

 

 

 

out flash’

during

 

 

 

 

command.

initialization

 

 

 

 

 

and encrypted

 

 

 

 

 

over the IPSec

 

 

 

 

 

session

 

 

 

 

 

subsequently.

 

 

 

 

 

IPSec session encryption

168-bit

Established during

Stored in

Secure IPSec

keys

 

Triple-DES,

Diffie-Hellman key

plaintext in

traffic

 

 

or

agreement

volatile

 

 

 

128/192/256

 

memory;

 

 

 

bit AES

 

zeroized when

 

 

 

keys;

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

IPSec session

HMAC

Established during

Stored in

Secure IPSec

authentication keys

SHA-1 keys

Diffie-Hellman key

plaintext in

traffic

 

 

 

agreement

volatile

 

 

 

 

 

memory;

 

 

 

 

 

zeroized when

 

 

 

 

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

 

40

Image 40
Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page Aruba Dell Relationship Acronyms and Abbreviations AP-105 SeriesAP-175 Series Security Levels Physical SecurityROLES, Authentication and Services Aruba Dell Relationship IntroductionAcronyms and Abbreviations GHz IPSecProduct Overview AP-92Physical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-92 Indicator LEDs Label Function Action StatusEnet AP-93 Label Function Action StatusAP-93 Indicator LEDs Label Function Action Status AP-105 Wireless Access Point AP-105 SeriesAP-105 Indicator LEDs Label Function Action Status AP-175 Wireless Access Point AP-175 SeriesPhysical Description AP-175 Indicator LEDs Label Function Action Status PositionModule Objectives Security LevelsPhysical Security Applying TELs2 AP-92 TEL Placement AP-92 Tel placement front viewAruba AP-92 Tel placement right view 3 AP-93 TEL Placement Aruba AP-92 Tel placement bottom viewAruba AP-93 Tel placement left view 4 AP-105 TEL Placement Aruba AP-93 Tel placement top viewAruba AP-105 Tel placement left view 5 AP-175 TEL Placement Aruba AP-105 Tel placement bottom viewAruba AP-175 Tel placement back view Inspection/Testing of Physical Security Mechanisms Aruba AP-175 Tel placement top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceCrypto Officer Authentication Roles, Authentication and ServicesRoles User Authentication Wireless Client AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Services Crypto Officer ServicesWPA2 PSK KEKUser Services PMKPTK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure