Dell AP-92, W- AP92, W-AP105, AP-175, AP-93, W-AP93, W-AP175, AP-105 manual Psk, Aes-Ccm

Page 42

 

 

 

STORAGE

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

ZEROIZATI

 

 

 

 

ON

 

 

 

 

 

 

WPA2 PSK

16-64

CO configured

Encrypted in

Used to derive

 

character

 

flash using the

the PMK for

 

shared secret

 

KEK; zeroized

802.11i mesh

 

used to

 

by updating

connections

 

authenticate

 

through

between APs

 

mesh

 

administrative

and in

 

connections

 

interface, or by

advanced

 

and in

 

the ‘ap wipe

Remote AP

 

remote AP

 

out flash’

connections;

 

advanced

 

command.

programmed

 

configuration

 

 

into AP by the

 

 

 

 

controller over

 

 

 

 

the IPSec

 

 

 

 

session.

 

 

 

 

 

802.11i Pairwise Master

512-bit

 

In volatile

Used to derive

Key (PMK)

shared secret

Derived from WPA2

memory only;

802.11i

 

used to

zeroized on

Pairwise

 

PSK

 

derive

reboot

Transient Key

 

 

 

802.11i

 

 

(PTK)

 

session keys

 

 

 

 

 

 

 

 

802.11i Pairwise Transient

512-bit

Derived during 802.11i

In volatile

All session

Key (PTK)

shared secret

4-way handshake

memory only;

encryption/dec

 

from which

 

zeroized on

ryption keys

 

Temporal

 

reboot

are derived

 

Keys (TKs)

 

 

from the PTK

 

are derived

 

 

 

 

 

 

 

 

802.11i

128-bit

Derived from PTK

In volatile

Used for

EAPOL MIC Key

shared secret

 

memory only;

integrity

used to

 

zeroized on

validation in 4-

 

 

 

protect 4-

 

reboot

way

 

way (key)

 

 

handshake

 

handshake

 

 

 

 

 

 

 

 

802.11i EAPOL Encr Key

128-bit

Derived from PTK

In volatile

Used for

 

shared secret

 

memory only;

confidentiality

 

used to

 

zeroized on

in 4-way

 

protect 4-

 

reboot

handshake

 

way

 

 

 

 

handshakes

 

 

 

 

 

 

 

 

802.11i data AES-CCM

128-bit AES-

Derived from PTK

Stored in

Used for

encryption/MIC key

CCM key

 

plaintext in

802.11i packet

 

 

 

volatile

encryption and

 

 

 

memory;

integrity

 

 

 

zeroized on

verification

 

 

 

reboot

(this is the

 

 

 

 

CCMP or

 

 

 

 

AES-CCM

 

 

 

 

key)

 

 

 

 

 

42

Image 42
Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page AP-175 Series Aruba Dell Relationship Acronyms and AbbreviationsAP-105 Series Security Levels Physical SecurityROLES, Authentication and Services Introduction Aruba Dell RelationshipAcronyms and Abbreviations GHz IPSecPhysical Description Product OverviewAP-92 Aruba Part Number Dell Corresponding Part NumberAP-92 Indicator LEDs Label Function Action Status PWREnet AP-93 Label Function Action StatusAP-93 Indicator LEDs Label Function Action Status AP-105 Wireless Access Point AP-105 SeriesAP-105 Indicator LEDs Label Function Action Status AP-175 Wireless Access Point AP-175 SeriesPhysical Description AP-175 Indicator LEDs Label Function Action Status PositionPhysical Security Module ObjectivesSecurity Levels Applying TELs2 AP-92 TEL Placement AP-92 Tel placement front viewAruba AP-92 Tel placement right view 3 AP-93 TEL Placement Aruba AP-92 Tel placement bottom viewAruba AP-93 Tel placement left view 4 AP-105 TEL Placement Aruba AP-93 Tel placement top viewAruba AP-105 Tel placement left view 5 AP-175 TEL Placement Aruba AP-105 Tel placement bottom viewAruba AP-175 Tel placement back view Inspection/Testing of Physical Security Mechanisms Aruba AP-175 Tel placement top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceRoles, Authentication and Services Crypto Officer AuthenticationRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK WPA2 PSK ServicesCrypto Officer Services KEKPTK User ServicesPMK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure