Dell AP-135, AP-134, W-AP135, W-AP134 manual Crypto Officer Services, WPA2 PSK, Kek

Dell AP-135, W-AP135, W-AP134 manual 2 AP-134 TEL Placement, AP-134 Front view Dell W-AP135, W-AP134 manual 3 AP-135 TEL Placement, AP-134 Top View Dell W-AP135, AP-134, W-AP134 manual AP-135 Front view Dell W-AP134, AP-134, W-AP135 manual Inspection/Testing of Physical Security Mechanisms, AP-135 Top view Dell AP-134, AP-135, W-AP135, W-AP134 manual Modes of Operation, Configuring Remote AP Fips Mode Dell AP-135, AP-134, W-AP135, W-AP134 manual Enable Fips mode on the AP. This accomplished by going to Dell W-AP135, AP-134, AP-135, W-AP134 manual Configuring Remote Mesh Portal Fips Mode Dell W-AP134, AP-134, AP-135, W-AP135 manual Configuring Remote Mesh Point Fips Mode Dell AP-134, AP-135, W-AP135, W-AP134 manual Operational Environment, Verify that the module is in Fips mode Dell AP-135, AP-134, W-AP135, W-AP134 manual Logical Interfaces, Fips 140-2 Logical Interface Module Physical Interface Dell W-AP135, AP-134, AP-135, W-AP134 manual Roles, Authentication and Services, Crypto Officer Authentication Dell W-AP134, AP-134, AP-135 User Authentication, Wireless Client Authentication, Strength of Authentication Mechanisms
Dell AP-134, AP-135, W-AP135, W-AP134 manual WPA2-PSK
Dell AP-135, AP-134, W-AP135, W-AP134 manual Crypto Officer Services, WPA2 PSK, Kek
Dell W-AP135, AP-134, AP-135, W-AP134 manual User Services, Pmk, Ptk, Eapol MIC
Dell W-AP134, AP-134, AP-135, W-AP135 manual Wireless Client Services, Unauthenticated Services
Dell AP-134, AP-135, W-AP135, W-AP134 manual ∙ FTP ∙ Tftp ∙ NTP
Dell AP-135, AP-134, W-AP135, W-AP134 manual Cryptographic Algorithms, Non-FIPS Approved Algorithms
Dell W-AP135, AP-134, AP-135, W-AP134 manual Critical Security Parameters, Hmac
Dell W-AP134, AP-134, AP-135, W-AP135 manual Rng
Dell AP-134, AP-135, W-AP135, W-AP134 manual Psk, Aes-Ccm
Dell AP-135, AP-134, W-AP135, W-AP134 manual Gmk, Gtk
Dell W-AP135, AP-134, AP-135, W-AP134 manual Self Tests
Dell W-AP134, AP-134, AP-135, W-AP135 manual For an AES Atheros hardware Post failure
Page 25

4.2 Services

The module provides various services depending on role. These are described below.

4.2.1 Crypto Officer Services

The CO role in each of FIPS modes defined in section 3.3 has the same services

Service

Description

CSPs Accessed (see section 6

 

 

below for complete description of

 

 

CSPs)

 

 

 

 

 

FIPS mode enable/disable

The CO selects/de-selects FIPS

None.

 

 

mode as a configuration option.

 

 

 

 

 

 

Key Management

The CO can configure/modify the

IKEv1/IKEv2 shared

 

IKEv1/IKEv2 shared secret (The

 

secret

 

RSA private key is protected by

WPA2 PSK

 

non-volatile memory and cannot

 

 

 

 

be modified) and the WPA2 PSK

KEK

 

(used in advanced Remote AP

 

 

 

configuration). Also, the CO/User

 

 

 

implicitly uses the KEK to

 

 

 

read/write configuration to non-

 

 

 

volatile memory.

 

 

 

 

 

Remotely reboot module

The CO can remotely trigger a

KEK is accessed when

 

reboot

configuration is read during

 

 

reboot. The firmware verification

 

 

key and firmware verification CA

 

 

key are accessed to validate

 

 

firmware prior to boot.

 

 

 

Self-test triggered by CO/User

The CO can trigger a

KEK is accessed when

reboot

programmatic reset leading to

configuration is read during

 

self-test and initialization

reboot. The firmware verification

 

 

key and firmware verification CA

 

 

key are accessed to validate

 

 

firmware prior to boot.

 

 

 

Update module firmware

The CO can trigger a module

The firmware verification key

 

firmware update

and firmware verification CA key

 

 

are accessed to validate firmware

 

 

prior to writing to flash.

 

 

 

 

Configure non-security related

CO can configure various

None.

 

module parameters

operational parameters that do not

 

 

 

relate to security

 

 

 

 

 

 

25

Page 24 Page 26
Image 25
Page 24 Page 26
Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsModes of Operation Operational Environment Logical InterfacesServices Aruba Dell Relationship IntroductionAcronyms and Abbreviations CPSecSHA AP-134 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-134 Indicator LEDs Label Function Action StatusENET0 ENET1AP-135 AP-135 Indicator LEDs Label Function Action Status Security Levels Module ObjectivesPhysical Security Applying TELsAP-134 Front view 2 AP-134 TEL PlacementAP-134 Top View 3 AP-135 TEL PlacementAP-135 Front view AP-135 Top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interface Module Physical Interface Logical InterfacesCrypto Officer Authentication Roles, Authentication and ServicesRoles Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure
Top Page Image Contents