Dell AP-175, W- AP92, W-AP105, AP-92, AP-93, W-AP93, W-AP175, AP-105 manual Gmk, Gtk

Page 43

 

 

 

STORAGE

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

ZEROIZATI

 

 

 

 

ON

 

 

 

 

 

 

802.11i Group Master Key

256-bit

Generated from approved

Stored in

Used to derive

(GMK)

secret used

RNG

plaintext in

Group

 

to derive

 

volatile

Transient Key

 

GTK

 

memory;

(GTK)

 

 

 

zeroized on

 

 

 

 

reboot

 

 

 

 

 

 

802.11i Group Transient

256-bit

Internally derived by AP

Stored in

Used to derive

Key (GTK)

shared secret

which assumes

plaintext in

multicast

 

used to

“authenticator” role in

volatile

cryptographic

 

derive group

handshake

memory;

keys

 

(multicast)

 

zeroized on

 

 

encryption

 

reboot

 

 

and integrity

 

 

 

 

keys

 

 

 

 

 

 

 

 

802.11i Group AES-CCM

128-bit

Derived from 802.11

Stored in

Used to protect

Data Encryption/MIC Key

AES-CCM

group key handshake

plaintext in

multicast

 

key derived

 

volatile

message

 

from GTK

 

memory;

confidentiality

 

 

 

zeroized on

and integrity

 

 

 

reboot

(AES-CCM)

 

 

 

 

 

RSA private Key

1024/2048-

Generated on the AP

Stored in and

Used for

 

bit RSA

(remains in AP at all

protected by

IKEv1/IKEv2

 

private key

times)

AP’s non-

authentication

 

 

 

volatile

when AP is

 

 

 

memory.

authenticating

 

 

 

zeroized by the

using

 

 

 

‘ap wipe out

certificate

 

 

 

flash’

based

 

 

 

command

authentication

 

 

 

 

 

43

Image 43
Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsAP-105 Series AP-175 SeriesROLES, Authentication and Services Aruba Dell Relationship IntroductionAcronyms and Abbreviations IPSec GHzAruba Part Number Dell Corresponding Part Number Product OverviewAP-92 Physical DescriptionPWR AP-92 Indicator LEDs Label Function Action StatusEnet Label Function Action Status AP-93AP-93 Indicator LEDs Label Function Action Status AP-105 Series AP-105 Wireless Access PointAP-105 Indicator LEDs Label Function Action Status AP-175 Series AP-175 Wireless Access PointPhysical Description Function Action Status Position AP-175 Indicator LEDs LabelApplying TELs Module ObjectivesSecurity Levels Physical SecurityAP-92 Tel placement front view 2 AP-92 TEL PlacementAruba AP-92 Tel placement right view Aruba AP-92 Tel placement bottom view 3 AP-93 TEL PlacementAruba AP-93 Tel placement left view Aruba AP-93 Tel placement top view 4 AP-105 TEL PlacementAruba AP-105 Tel placement left view Aruba AP-105 Tel placement bottom view 5 AP-175 TEL PlacementAruba AP-175 Tel placement back view Aruba AP-175 Tel placement top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesCrypto Officer Authentication Roles, Authentication and ServicesRoles Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK KEK ServicesCrypto Officer Services WPA2 PSKEapol MIC User ServicesPMK PTKUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure