Dell AP-135, AP-134, W-AP135, W-AP134 manual Crypto Officer Services, WPA2 PSK, Kek

Page 25

4.2 Services

The module provides various services depending on role. These are described below.

4.2.1 Crypto Officer Services

The CO role in each of FIPS modes defined in section 3.3 has the same services

Service

Description

CSPs Accessed (see section 6

 

 

below for complete description of

 

 

CSPs)

 

 

 

 

 

FIPS mode enable/disable

The CO selects/de-selects FIPS

None.

 

 

mode as a configuration option.

 

 

 

 

 

 

Key Management

The CO can configure/modify the

IKEv1/IKEv2 shared

 

IKEv1/IKEv2 shared secret (The

 

secret

 

RSA private key is protected by

WPA2 PSK

 

non-volatile memory and cannot

 

 

 

 

be modified) and the WPA2 PSK

KEK

 

(used in advanced Remote AP

 

 

 

configuration). Also, the CO/User

 

 

 

implicitly uses the KEK to

 

 

 

read/write configuration to non-

 

 

 

volatile memory.

 

 

 

 

 

Remotely reboot module

The CO can remotely trigger a

KEK is accessed when

 

reboot

configuration is read during

 

 

reboot. The firmware verification

 

 

key and firmware verification CA

 

 

key are accessed to validate

 

 

firmware prior to boot.

 

 

 

Self-test triggered by CO/User

The CO can trigger a

KEK is accessed when

reboot

programmatic reset leading to

configuration is read during

 

self-test and initialization

reboot. The firmware verification

 

 

key and firmware verification CA

 

 

key are accessed to validate

 

 

firmware prior to boot.

 

 

 

Update module firmware

The CO can trigger a module

The firmware verification key

 

firmware update

and firmware verification CA key

 

 

are accessed to validate firmware

 

 

prior to writing to flash.

 

 

 

 

Configure non-security related

CO can configure various

None.

 

module parameters

operational parameters that do not

 

 

 

relate to security

 

 

 

 

 

 

25

Image 25
Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsModes of Operation Operational Environment Logical InterfacesServices Aruba Dell Relationship IntroductionAcronyms and Abbreviations CPSecSHA AP-134 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-134 Indicator LEDs Label Function Action StatusENET0 ENET1AP-135 AP-135 Indicator LEDs Label Function Action Status Security Levels Module ObjectivesPhysical Security Applying TELsAP-134 Front view 2 AP-134 TEL PlacementAP-134 Top View 3 AP-135 TEL PlacementAP-135 Front view AP-135 Top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interface Module Physical Interface Logical InterfacesCrypto Officer Authentication Roles, Authentication and ServicesRoles Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure