Dell AP-92, W- AP92, W-AP105, AP-175, AP-93, W-AP93, W-AP175, AP-105 manual Psk, Aes-Ccm

Page 42

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

WPA2 PSK	16-64	CO configured	Encrypted in	Used to derive
	character		flash using the	the PMK for
	shared secret		KEK; zeroized	802.11i mesh
	used to		by updating	connections
	authenticate		through	between APs
	mesh		administrative	and in
	connections		interface, or by	advanced
	and in		the ‘ap wipe	Remote AP
	remote AP		out flash’	connections;
	advanced		command.	programmed
	configuration			into AP by the
				controller over
				the IPSec
				session.

802.11i Pairwise Master	512-bit		In volatile	Used to derive
Key (PMK)	shared secret	Derived from WPA2	memory only;	802.11i
	used to	Derived from WPA2	zeroized on	Pairwise
	used to	PSK	zeroized on	Pairwise
	derive	PSK	reboot	Transient Key
	derive		reboot	Transient Key
	802.11i			(PTK)
	session keys

802.11i Pairwise Transient	512-bit	Derived during 802.11i	In volatile	All session
Key (PTK)	shared secret	4-way handshake	memory only;	encryption/dec
	from which		zeroized on	ryption keys
	Temporal		reboot	are derived
	Keys (TKs)			from the PTK
	are derived

802.11i	128-bit	Derived from PTK	In volatile	Used for
EAPOL MIC Key	shared secret		memory only;	integrity
EAPOL MIC Key	used to		zeroized on	validation in 4-
	used to		zeroized on	validation in 4-
	protect 4-		reboot	way
	way (key)			handshake
	handshake

802.11i EAPOL Encr Key	128-bit	Derived from PTK	In volatile	Used for
	shared secret		memory only;	confidentiality
	used to		zeroized on	in 4-way
	protect 4-		reboot	handshake
	way
	handshakes

802.11i data AES-CCM	128-bit AES-	Derived from PTK	Stored in	Used for
encryption/MIC key	CCM key		plaintext in	802.11i packet
			volatile	encryption and
			memory;	integrity
			zeroized on	verification
			reboot	(this is the
				CCMP or
				AES-CCM
				key)

42

Image 42

Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page AP-175 Series Aruba Dell Relationship Acronyms and AbbreviationsAP-105 Series Security Levels Physical SecurityROLES, Authentication and Services Introduction Aruba Dell RelationshipAcronyms and Abbreviations GHz IPSecPhysical Description Product OverviewAP-92 Aruba Part Number Dell Corresponding Part NumberAP-92 Indicator LEDs Label Function Action Status PWREnet AP-93 Label Function Action StatusAP-93 Indicator LEDs Label Function Action Status AP-105 Wireless Access Point AP-105 SeriesAP-105 Indicator LEDs Label Function Action Status AP-175 Wireless Access Point AP-175 SeriesPhysical Description AP-175 Indicator LEDs Label Function Action Status PositionPhysical Security Module ObjectivesSecurity Levels Applying TELs2 AP-92 TEL Placement AP-92 Tel placement front viewAruba AP-92 Tel placement right view 3 AP-93 TEL Placement Aruba AP-92 Tel placement bottom viewAruba AP-93 Tel placement left view 4 AP-105 TEL Placement Aruba AP-93 Tel placement top viewAruba AP-105 Tel placement left view 5 AP-175 TEL Placement Aruba AP-105 Tel placement bottom viewAruba AP-175 Tel placement back view Inspection/Testing of Physical Security Mechanisms Aruba AP-175 Tel placement top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceRoles, Authentication and Services Crypto Officer AuthenticationRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK WPA2 PSK ServicesCrypto Officer Services KEKPTK User ServicesPMK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure